At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.
MACsec-IP-161:
MACsec Single-port Engine
Complete MACsec solution for single-port Ethernet with rates from 1G to 50 G and TSN support
The MACsec-IP-161 engine is an evolution of an industry proven Rambus MACsec-IP-160 that adds processing of IEEE802.3br preemption and Cisco ClearTags protocols. The engine is available in throughput/area optimized configuration to cover the Ethernet rates of 1G/2.5G, 10G/25G, 25G/50G.
The MACsec-IP-161 engine is a fully compliant MACsec solution and supports VLAN-in-clear cases. It has all necessary functionality for autonomously protect a full port or multiple VLAN-based EVC and count all required statistics. Flexible hardware and software interfaces allow different types of system integration, specifically around IEEE1588, IEEE802.3br that is important for 5G, industrial and automotive applications.
The MACsec-IP-161 transform engine’s cryptographic functions are FIPS-certification ready, supporting AES-ECB, AES-CTR, AES-GCM/GMAC transformations.
The MACsec-IP-161 engine is delivered with a widely adopted Driver Development Kit. To build a system-level solution, Rambus offers the MACsec Toolkit product that implements a complete IEEE 802.1X specification and has multiple features that facilitate development and testing of the MACsec compliant processing.
Contact
Product BriefSupplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management
How the MACsec-IP-161 works
The MACsec-IP-161 engine provides complete MACsec processing for a port. A port may process a single stream or an interleaved stream of IEEE802.3br fragments. It contains flexible classifier with a table of programable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec compliant statistics as additional non-standard counters.
The MACsec-IP-161 engine is a basis for building various use cases. Beside traditional point-to-point and point-to-multipoint use cases, it is also deployed in protecting carrier networks with bypass/drop/protect policy that is controlled per VLAN EVC. The engine can be delivered with full Cisco ClearTags support that can be used in combination with preemption.
The MACsec-IP-161 can be used in combination with external classifier and accepts secure channel pointer or packet bypass indication.
MACsec Fundamentals
For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.Solution Offerings
Packet Interface
- Cut-through FIFO interface with frame interleaving for IEEE802.3br
- 128-bit wide
- External classification inputs
- SOP and EOP pass-through bus for side-band information
- Lowest and fixed-latency modes
SA and classification scaling
- SA (16 to 256)
- TCAM rules (16 to 512)
Control Interface
- Simple 32-bit interface
- Interrupts
Protocol Support
- Full IEEE 802.1AE-2018 compliance
- IEEE 802.1AE
- IEEE 802.1AEbn
- IEEE 802.1AEbw
- IEEE 802.1AEcg
- MACsec with up to 4x VLAN-in-clear
NIST CAVP Compliance for FIPS 140-3 Validation
- Basic AES-ECB/CTR/AES-GCM transformations
Packages
- Silicon IP
- Driver Development Kit
Complete Documentation
- Hardware integration guide
- Hardware and software reference manuals
- Programming guides
- IP-XACT Register description
Tools and Scripts
- Verilog for synthesis and simulation
- All scripts and support files needed for standard EDA tool flows
Verification Support
- Complete verification test bench
- Comprehensive test vectors
Integration Support
- Complete verification test bench
- Comprehensive set of test vectors
