The MAC-SEC-1G IP core implements a compact and configurable custom-hardware protocol engine for the IEEE 802.1AE (MACsec) standard. It supports all cipher suites provisioned by the MACsec standard and the VLAN-in-Clear improvement and is silicon- and performance-optimized for networks operating up to 1Gbps.
Featuring a configurable number of Security Associations (up to 64k), this protocol engine supports multiple security channels and can implement multiple Security Entities (SecYs). It operates in full duplex mode, at line speed per direction for 1000/100/10 Mbps connections. It does so by implementing a 32-bit wide data path, which provides adequate performance while minimizing silicon resources.
Designed for ease of integration, the MAC-SEC-1G core is a fully synchronous, single-clock domain design that uses standardized interfaces and can be optionally pre-integrated with companion cores available from CAST.
The control and status registers of the core are accessible via a generic 32-bit memory-mapped slave interface. Interface bridges delivered with the core can convert this generic host interface to a generic 8-bit memory-mapped interface or a 32-bit APB, AHB-Lite, Avalon-MM, or Wishbone interface. Packet data are input and output via AXI Stream interfaces with configurable data width, enabling direct connection to Ethernet MACs, PTP timestamping units, or other higher-layer protocol engines. Interface bridges and a DMA engine capable of driving the AXI Stream interfaces are available separately. They can be used in cases where moving data to and from the core is preferable over a memory-mapped bus. The core can be delivered pre-integrated with the Low-Latency Ethernet MAC or any Ethernet TSN cores available from CAST.
