MACsec Engine, 1G to 100G Single-Port

Overview

The MACsec-IP-160 is a versatile MACsec solution for silicon devices that require plug-and-play MACsec processing for an Ethernet port at full line rate. It provides classification, transformation and statistics for the IEEE0802.1AE standard MACsec. Additionally, it supports VLAN-in-clear use cases. The IP-160 is available in numerous configurations optimized for desired throughput range and number of secure connections. Supplied with software support, the MACsec-160 is the ideal solution for Ethernet PHYs, switches, automotive and 5G SoCs, broadband access chipsets and many other Ethernet-connected applications.

Complete and compliant MACsec Packet Engine with classification, transformation and statistics for rates from 1GbE to 100GbE. Widely adopted in the industry
All IEEE MACsec standards supported (including IEEE802.1AE-2018). Suitable for systems with IEEE1588 support
Supplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management

How the MACsec-IP-160 works

The MACsec-IP-160 engine provides complete MACsec processing for a port. It contains a flexible classifier with a table of programable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec-compliant statistics as additional non-standard counters. MACsec-IP-160 offers optional post-decryption consistency checking with a set of programmable rules.

The MACsec-IP-160 engine is a basis for building various use cases. Beside traditional point-to-point and point-to-multipoint use cases, it is also deployed in protecting carrier networks with bypass/drop/protect policy that is controlled per VLAN EVC.

The MACsec-IP-160 can be used in combination with external classifier and accepts secure channel pointer or packet bypass indication.

Key Features

  • Full line-rate throughput
    • Optimized for 1G, 10G, 25G, 50G, 100G rates
    • Lowest and fixed latency modes
  • Feature reach
    • Flexible classifier
    • IEEE 802.1AE-2018 compliance
    • VLAN-in-clear
    • FIPS certification support
    • Forward-looking hardware and software compatibility
    • Very efficient hardware-software interaction
  • Highly configurable
    • Numerous options for optimal area, throughput and features trade-off
  • Software and integration support
    • Rate-Control-IP-218 rate shaper
    • Driver Development Kit
    • IEEE 802.1X Toolkit
    • World-class support from Rambus MACsec experts
  • Packet Interface
    • Cut-through FIFO interface
    • 128-bit (1G to 50G), 512-bit (100G)
    • External classification inputs
    • SOP and EOP pass-through bus for side-band information
    • Lowest and fixed-latency modes
  • SA and classification scaling
    • SA (16 to 256)
    • Post-decryption consistency check (optional)
  • Control interface
    • Simple 32-bit interface
    • Interrupts
  • Protocol support
    • Full IEEE 802.1AE-2018 compliance
    • IEEE 802.1AE
    • IEEE 802.1AEbn
    • IEEE 802.1AEbw
    • IEEE 802.1AEcg
    • MACsec with up to 2x VLAN-in-clear
  • FIPS 140-2 CAVP ready
    • Support for basic AES and AES-GCM transformations.

Benefits

  • Complete HW/SW system.
  • Driver Development Kit.
  • High-speed MACsec Frame Engine
  • Silicon-proven implementation
  • Fast and easy to integrate into SoCs.
  • Flexible layered design.
  • Complete range of configurations.
  • World-class technical support.

Applications

  • Network appliances providing Enterprise Network Security at Layer-2 using MACsec,
  • End-station security solutions for laptops, PCs, printers and network servers.

Deliverables

  • Documentation
    • Hardware Reference and Programmer Manual
    • Integration Manual
    • Verification Specification
  • Synthesizable Verilog RTL source code
  • Self-checking RTL test bench, including test vectors and expected result vectors
  • Simulation scripts
  • Synthesis scripts
  • Many different configurations available:
    • EIP-160s (egress/ingress):
      • 16 SA (added with ingress 16 CC)
      • 190 - 220K gates
      • up to 710 MHz (max freq)
      • 8.8 bits/clk
    • EIP-160a (egress/ingress):
      • 16/32/64 SA (added with ingress 16/32/64 CC)
      • 395 - 575K gates
      • up to 800 MHz (max freq)
      • 36.6 bits/clk
    • EIP-160b (egress/ingress):
      • 16/64 SA (added with ingress 16/64 CC)
      • 490 - 655K gates
      • up to 800 MHz (max freq)
      • 64 bits/clk
    • EIP-160c (egress/ingress):
      • 16/64/128/256 SA (added with ingress 16/64/128/256 CC)
      • 610 - 1095K gates
      • up to 800 MHz (max freq)
      • 85.6 bits/clk
    • For more information about this product or the all the different configurations, please contact Rambus: https://www.rambus.com/contact/

    Technical Specifications

    Foundry, Node
    Any
    Maturity
    Silicon Proven
    Availability
    Now
×
Semiconductor IP