Security IP icon


MACsec Engines

For data protection at line rate, Rambus offers a complete family of MACsec silicon IP solutions covering port rates from 1 to 800 Gbps, and applications ranging from copper PHY, high-performance SOCs, to high-end optical PHY and switch/router ASICs. The fully-featured IEEE 802.1X MACsec Toolkit software accelerates time to market when building an integrated system.

SolutionProduct NumberBriefDescription
100G to 800G Multi-Channel MACsec EngineMACsec-IP-163/164Download Inside Secure MACsec-IP-163/164 Product BriefMulti-channel MACsec engine for rates from 100G to 800G with optional support of Cisco extensions, IPsec.
1G to 50G Single-Port MACsec Engine with TSN support MACsec-IP-161Download Inside Secure MACsec-IP-163/164 Product BriefSingle-port MACsec engine for rates from 1G to 50G (multiple optimized configurations) with optional support of TSN (incl. IEEE802.3br) and Cisco extensions.
1G to 100G Single-Port MACsec EngineMACsec-IP-160Download Inside Secure MACsec-IP-160 Product BriefSingle-port MACsec engine for rates from 1G to 100G (multiple optimized configurations). Industry-proven solution for silicon devices that require plug-and-play MACsec processing for an Ethernet port at full line rate.
MACsec ToolkitIEEE802.1X fully compliant and highly modular MACsec control plane software (EAP, MKA). Enables developers to quickly add complete MACsec support in network devices. Includes full C source code implementation of the control plane as well as reference implementation of the data plane for fast adoption of the technology.

Data centers, cloud infrastructure, high-performance computing, and 4G/5G mobile networks are experiencing exponential data traffic growth. The need to prevent costly data breaches within the physical network infrastructure of routers, bridges and switches, as well as across a range of connected devices such as IP phones, PC’s, printers, and network servers is imperative.

The industry has responded with the rapid improvement of the Ethernet standard with the latest evolution being 800G Ethernet (800GBASE-R). Alongside new speed grades are requirements to support flexible bandwidth allocation for multiple channels (ports).

To protect high-speed network traffic, the industry is moving from application-level network security towards hardware-based Layer 2 security. The recommended security protocol is MACsec, an IEEE 802.1AE standard, which offers hop-to-hop link protection. MACsec is well suited to protect links across LAN and WAN networks. Only authorized devices access the network, and ethernet frames are integrity-and confidentiality-protected at line rate.

MACsec had been adopted to protect WAN links through excluding some of the network headers from the MACsec protection. Accordingly, the network nodes can inspect and modify these headers. With several additional enhancements, this allows MACsec to be fully transparent for intermediate devices. In some situations, IPsec ESP remains a choice, and its AES-GCM cipher option allows building a line-rate processing solution.

MACsec Fundamentals White Paper

MACsec Fundamentals

For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.

Secure Networking Basics cover

Secure Networking Basics: MACsec, IPsec, and SSL/TLS/DTLS

The MACsec, IPsec and SSL/TLS/DTLS protocols are the primary means of securing data in motion (communicated between connected devices). These protocols can be anchored in hardware or implemented in software as part of an end-to-end security architecture. This white paper provides fundamental information on each of these protocols including their interrelationships and use cases.