Media Access Control Security (MACSec) is an IEEE standards-based protocol for securing communication among the trusted components of an 802.1 LAN. MACSec provides protection against disruption of service, theft, and misuse of transmitted information (including network configuration information) by securing messages on the physical media.
CoMira’s MACSec IP implements the 802.1AE-2006 MACSec standard, as well as the 802.1AEbn-2011, 802.1AEbw-2013 amendments with additional support for the 802.1AEcg draft amendment. Using an inline time-division multiplexed cut-through architecture with a backpressure scheme similar to the UMAC, the multichannel CoMira MACSec IP is able to operate at the same core clock as the UMAC IP that is independent of the link speed and data flow.
Media Access Control Security (MACSec)
Overview
Key Features
- Up to four ports of concurrent traffic with an aggregate bandwidth of 100G are supported by one core (1x100G, 2x50G, 2x40G, 4x25G, 4x10G, 4x1G, 1x50G+2x25G)
- Line rate operation
- Flexible control/non-control port filtering
- Configurable number of Secure Channels (SCs) and Security Associations (SAs) per physical port
- Memory-based statistics counter implementation for area/gate savings
- Support for custom MACSec Ethertypes
- FIPS compliant GCM-AES-128, GCM-AES-256, GCM-AES-128-XPN, GCM-AES-256-XPN
- FCS regeneration on processed frames
- Configurable ability to select whether to strip SecTag, ICV, or both post-processing on Rx
- Support for a configurable number of VLAN tags preceding the SecTag in the MAC header
Block Diagram
Technical Specifications
Related IPs
- media access control (MAC) address filtering
- Multi-channel, multi-speed Ethernet universal media access control (MAC) and physical coding sublayer IP (UMAC)
- DO-254 Tri-Mode Ethernet Media Access Controller (TEMAC) 1.00a
- Gigabit Ethernet Media Access
- 10 Gigabit Ethernet Media Access Controller (10GEMAC)
- Tri-Mode Ethernet Media Access Controller (TEMAC)