IP Catalog > Security IP > Security Protocol Engine IP > MACsec Engine IP > 1.5Tbps MACsec Engine

1.5Tbps MACsec Engine

Overview

The Securyzr™ MACsec Engine, also known as Media Access Control Security, implements the latest IEEE 802.1AE specification, providing connectionless data integrity, data origin authenticity and confidentiality on OSI layer 2.

The scalable architecture provides low-latency, line rate acceleration of frame encapsulation, encryption and replay protection. The multi-channel structure makes the engine extremely suitable for use in switches, enabling per-port security with a single IP instantiation. Integration options with either performance or area-optimized AES-GCM IP cores enables a high level of scalability enabling unrivalled trade-off possibilities between throughput, area and latency.

At its very core, the MACsec Engine is completely technology-agnostic and can be integrated in a wide range of FPGA and ASIC technologies. On FPGA, the engine can use vendor-specific optimizations to reach very high throughput goals.

Key Features

  • Multi-channel support for link aggregation or FlexE                  
  • Generic interface to TCAM
  • Scalable datapath width    
  • VLAN-in-the-clear mode
  • Compliant with IEEE 802.1AE-2018
    • Supports AES-GCM-128/256
    • Extended Packet Numbering (optional)
    • Confidentiality Offset (optional)     
  • Bypass mode
  • Classification based on MAC, SCI, VLAN ID
  • Data interface: AMBA 4 AXI-Stream
  • Control interface: AMBA 4 APB
  • High throughput:
    • ASIC: 1.5Tbps
    • FPGA: 100 Gbps

Benefits

  • Low Latency: Optional cut-through design helps reaching timing targets for latency-critical applications
  • No software intervention: Can be implemented fully in hardware without any software intervention
  •  Replay protection: Offloading replay protection and packet number management reduces the strain on the CPU even more
  • Line rate acceleration: Highly efficient cryptographic cores enable reaching line rate processing, even for 64 byte packets

Block Diagram

1.5Tbps MACsec Engine Block Diagram

Applications

  • Cloud & data center interconnection
  • Secure IP/MPLS (replace MPLS over GRE + IPsec)
  • Secure IoT devices on LAN
  • In-vehicle communication with Automotive Ethernet

Deliverables

  • Netlist or RTL
  • Scripts for synthesis
  • Self-checking TestBench based on FIPS vectors
  • Documentation

Technical Specifications

Availability
Now
Request Info

Related IPs

×
Semiconductor IP