For data protection at line rate, Rambus offers a complete family of MACsec silicon IP solutions covering port rates from 1 to 800 Gbps, and applications ranging from copper PHY, high-performance SOCs, to high-end optical PHY and switch/router ASICs. The fully-featured IEEE 802.1X MACsec Toolkit software accelerates time to market when building an integrated system.
|Solution||Product Number||Product Brief||Description|
|800G Multi-Channel MACsec Engine||MACsec-IP-163/164||Multi-channel MACsec engine for rates from 100G to 800G with optional support of Cisco extensions, IPsec.|
|1G to 100G Single-Port MACsec Engine||MACsec-IP-160||Single-port MACsec engine for rates from 1G to 100G (multiple optimized configurations). Industry-proven solution for silicon devices that require plug-and-play MACsec processing for an Ethernet port at full line rate.|
|MACsec Toolkit||IEEE802.1X fully compliant and highly modular MACsec control plane software (EAP, MKA). Enables developers to quickly add complete MACsec support in network devices. Includes full C source code implementation of the control plane as well as reference implementation of the data plane for fast adoption of the technology.|
Data centers, cloud infrastructure, high-performance computing, and 4G/5G mobile networks are experiencing exponential data traffic growth. The need to prevent costly data breaches within the physical network infrastructure of routers, bridges and switches, as well as across a range of connected devices such as IP phones, PC’s, printers, and network servers is imperative.
The industry has responded with the rapid improvement of the Ethernet standard with the latest evolution being 800G Ethernet (800GBASE-R). Alongside new speed grades are requirements to support flexible bandwidth allocation for multiple channels (ports).
To protect high-speed network traffic, the industry is moving from application-level network security towards hardware-based Layer 2 security. The recommended security protocol is MACsec, an IEEE 802.1AE standard, which offers hop-to-hop link protection. MACsec is well suited to protect links across LAN and WAN networks. Only authorized devices access the network, and ethernet frames are integrity-and confidentiality-protected at line rate.
MACsec had been adopted to protect WAN links through excluding some of the network headers from the MACsec protection. Accordingly, the network nodes can inspect and modify these headers. With several additional enhancements, this allows MACsec to be fully transparent for intermediate devices. In some situations, IPsec ESP remains a choice, and its AES-GCM cipher option allows building a line-rate processing solution.
For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.