MACsec Engine
The MACsec Engine implements the latest IEEE 802.1AE specification, providing connectionless data integrity, data origin authenticity and confidentiality on OSI layer 2.
The scalable architecture provides low-latency, line rate acceleration of frame encapsulation, encryption and replay protection. The multi-channel structure makes the engine extremely suitable for use in switches, enabling per-port security with a single IP instantiation. Integration options with either performance or area-optimized AES-GCM IP cores enables a high level of scalability enabling unrivalled trade-off possibilities between throughput, area and latency.
Implementation aspects
At its very core, the MACsec Engine is completely technology-agnostic and can be integrated in a wide range of FPGA and ASIC technologies. On FPGA, the engine can use vendor-specific optimizations to reach very high throughput goals.
Features
- ASIC and FPGA
- Multi-channel support for link aggregation or FlexE
- Throughput from 1 Gbps up to 800 Gbps
- 32 to 1024 bits datapath
- Compliant with IEEE 802.1AE-2018
– Supports AES-GCM-128/256
– Extended Packet Numbering (optional)
– Confidentiality Offset (optional) - Classification based on MAC, SCI, VLAN ID
- Generic interface to TCAM
- VLAN-in-the-clear mode
- Bypass mode
- Data interface: AMBA 4 AXI-Stream
- Control interface: AMBA 4 APB
Applications
- Cloud & data center interconnection
- Secure IP/MPLS (replace MPLS over GRE + IPsec)
- Secure IoT devices on LAN
- In-vehicle communication with Automotive Ethernet
Reference: BA451