1G to 100G Single-Port MACsec Engine

Overview

The MACsec-IP-160 is a versatile MACsec solution for silicon devices that require plug-and-play MACsec processing for an Ethernet port at full line rate. It provides classification, transformation and statistics for the IEEE0802.1AE standard MACsec. Additionally, it supports VLAN-in-clear use cases. The IP-160 is available in numerous configurations optimized for desired throughput range and number of secure connections. Supplied with software support, the MACsec-160 is the ideal solution for Ethernet PHYs, switches, automotive and 5G SoCs, broadband access chipsets and many other Ethernet-connected applications.

How the MACsec-IP-160 works

The MACsec-IP-160 engine provides complete MACsec processing for a port. It contains a flexible classifier with a table of programable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec-compliant statistics as additional non-standard counters. MACsec-IP-160 offers optional post-decryption consistency checking with a set of programmable rules.

The MACsec-IP-160 engine is a basis for building various use cases. Beside traditional point-to-point and point-to-multipoint use cases, it is also deployed in protecting carrier networks with bypass/drop/protect policy that is controlled per VLAN EVC.

The MACsec-IP-160 can be used in combination with external classifier and accepts secure channel pointer or packet bypass indication.

Integration

The MACsec-IP-160 engines offers flexibility on integration into the customer’s Ethernet subsystem. It can be used as a FIFO-like component, or a fixed-latency engine with a push interface.

Customers can implement MACsec processing with IEEE1588 timestamping in the Tx MAC (unencrypted PTP) as well as timestamping ahead of the MACsec (supporting both – encrypted and encrypted PTP).

To implement fixed-latency mode at egress direction, Rambus offers the Rate-Control-IP-218, a programmable module that shapes the traffic according to line rate and accounts the MACsec added header/trailer.

Key Features

Full line-rate throughput
- Optimized for 1G, 10G, 25G, 50G, 100G rates
- Lowest and fixed latency modes
Feature reach
- Flexible classifier
- IEEE 802.1AE-2018 compliance
- VLAN-in-clear
- FIPS certification support
- Forward-looking hardware and software compatibility
- Very efficient hardware-software interaction
Highly configurable
- Numerous options for optimal area, throughput and features trade-off
Software and integration support
- Rate-Control-IP-218 rate shaper
- Driver Development Kit
- IEEE 802.1X Toolkit
- World-class support from Rambus MACsec experts
Packet Interface
- Cut-through FIFO interface
- 128-bit (1G to 50G), 512-bit (100G)
- External classification inputs
- SOP and EOP pass-through bus for side-band information
- Lowest and fixed-latency modes
SA and classification scaling
- SA (16 to 256)
- Post-decryption consistency check (optional)
Control interface
- Simple 32-bit interface
- Interrupts
Protocol support
- Full IEEE 802.1AE-2018 compliance
- IEEE 802.1AE
- IEEE 802.1AEbn
- IEEE 802.1AEbw
- IEEE 802.1AEcg
- MACsec with up to 2x VLAN-in-clear
NIST CAVP compliance for FIPS 140-3 validation
- Support for basic AES and AES-GCM transformations

Benefits

Complete HW/SW system.
Driver Development Kit.
High-speed MACsec Frame Engine
Silicon-proven implementation
Fast and easy to integrate into SoCs.
Flexible layered design.
Complete range of configurations.
World-class technical support.

Block Diagram

Deliverables

Packages
- Silicon IP
- Driver Development Kit
Complete Documentation
- Hardware integration guide
- Hardware and software
- Reference manuals
- Programming guides
- IP-XACT Register description
Tools and Scripts
- Verilog for synthesis and simulation
- All scripts and support files needed for standard EDA tool flows
Integration Support
- Complete verification test bench
- Comprehensive set of test vectors

Technical Specifications

Request Info