MACsec Engine | Silex Insight

MACsec Engine

Get in touch with us
Performance
Applications
Diagram
Product Sheet

The MACsec Engine, also known as Media Access Control Security, implements the latest IEEE 802.1AE specification, providing connectionless data integrity, data origin authenticity and confidentiality on OSI layer 2.

The scalable architecture provides low-latency, line rate acceleration of frame encapsulation, encryption and replay protection. The multi-channel structure makes the engine extremely suitable for use in switches, enabling per-port security with a single IP instantiation. Integration options with either performance or area-optimized AES-GCM IP cores enables a high level of scalability enabling unrivalled trade-off possibilities between throughput, area and latency.

At its very core, the MACsec Engine is completely technology-agnostic and can be integrated in a wide range of FPGA and ASIC technologies. On FPGA, the engine can use vendor-specific optimizations to reach very high throughput goals.

  • Low Latency
    Optional cut-through design helps reaching timing targets for latency-critical applications
  • Replay protection
    Offloading replay protection and packet number management reduces the strain on the CPU even more
  • No software intervention
    Can be implemented fully in hardware without any software intervention
  • Line rate acceleration
    Highly efficient cryptographic cores enable reaching line rate processing, even for 64 byte packets

EXTREME HIGH PERFORMANCE

0
Gbps (1.5Tbps)

Throughput

0
Gbps

FEATURES

  • Multi-channel support for link aggregation or FlexE
  • Scalable datapath width
  • Compliant with IEEE 802.1AE-2018
    • Supports AES-GCM-128/256
    • Extended Packet Numbering (optional)
    • Confidentiality Offset (optional)
  • Classification based on MAC, SCI, VLAN ID
  • Generic interface to TCAM
  • VLAN-in-the-clear mode
  • Bypass mode
  • Data interface: AMBA 4 AXI-Stream
  • Control interface: AMBA 4 APB
  • High throughput:
    • ASIC: 1.5Tbps
    • FPGA: 100 Gbps

Wide Area of Applications

The MACsec engine will bring the most efficient and flexible solution to your data processing needs, whatever technology and architecture you choose.

Environments in which the MACsec will prove an essential boost are:

MACsec is the foundation for any network security

There are three common network security protocol standards:

  • MACsec
    Regulating the traffic of frames between two physical machines, regulated by the MACsec protocol of layer 2.
  • IPsec
    Checking and ordering the routed packets, done by the IPsec protocol in layer 3.
  • TLS (SSL)
    Checking the authenticity of the incoming requests and setting up the encryption/decryption. This is the SSL/TLS handshaking of layer 5.
Open Systems Interconnection (OSI) networking reference model

As Layer 2 is where communication begins, security here builds the foundation for security for the entire network stack.

MACsec provides Layer 2 (the data link layer – OSI) security allowing it to safeguard network communications against a variety of attacks including intrusion, denial of service and eavesdropping. These attacks exploit vulnerabilities in the data line layer and often it will not be detected or prevented by higher layer security protocols. Therefore, MACsec provides the basis on which a network security architecture can be built.

⇧ Click diagram for full-size view ⇧
Download Product Sheet

Built For Your Specific Needs

The MACsec engine can be configured to reach the performance level required by your application, enabling efficient offloading of the main CPU.

CONFIGURABLE

Include features as needed

SCALABLE

Define performance and footprint depending on your needs

CUSTOMIZABLE

Adapt to your specific needs

Configurable

0%

Scalable

0%

Customizable

0%

FREE WHITE PAPER

HOW SMART HARDWARE CAN BOOST YOUR DATA CENTER

HIGH-PERFORMANCE IP BLOCKS OFFLOAD NETWORK AND SECURITY PROCESSING

 

 

  • Cloud computing is ramping up like never before. New host applications are routinely designed to serve millions of clients, and each of these clients expects high-speed service, minimal latency, and tight security.

    Learn more about the key components to boost your data center:

    • Record-breaking MACsec performance (up to 1.5Tbps)

  • • The fastest SSL/TLS handshaking engines in the industry

  •  • …and much more

FREE DOWNLOAD >
Pieter Simons
Combined with the explosion of cloud processing, the emerging 5G revolution, and new techniques such as virtualization, high performance is a must-have. In this environment, efficient cryptography accelerators are indispensable.
 
Our MACsec engine is developed accordingly which will benefit all our customers. Not only when it comes to speed, but also bring down their cost of ownership of their datacenter as more and more of the network and security processing can be offloaded to fast hardware.

 

Pieter Simons

-
R&D Director

Interested to know more about our MACsec engine?

Feel free to get in touch with us

 

PRODUCT SHEET

Download

Free White Paper Download