Security
MACsec Engines
For data protection at line rate, Rambus offers a complete family of MACsec silicon IP solutions covering port rates from 1 to 800 Gbps, and applications ranging from copper PHY, automotive SOC/PHY, high-performance SOCs, to high-end optical PHY and switch/router ASICs. The fully-featured IEEE 802.1X MACsec Toolkit software accelerates time to market when building an integrated system.
Contact| Solution | Product Number | Brief | Description |
|---|---|---|---|
| 100G to 800G Multi-Channel MACsec Engine with TDM interface | MACsec-IP-164 |  |
Multi-channel MACsec engine with TDM interface. Port rates from 100G to 800G with optional support of Cisco extensions and IPsec. |
| 1G to 50G Single-Port MACsec Engine with FIFO interface and TSN support | MACsec-IP-161 | |
Single-port MACsec engine with FIFO interface. Port rates from 1G to 50G (multiple optimized configurations) with optional support of TSN (incl. IEEE802.3br) and Cisco extensions. |
| 1G to 50G Single-Port MACsec Engine with xMII interface and TSN support | MACsec-IP-361 | |
Single-port MACsec engine with xMII (MII/GMII etc.) interface for plug-and-play integration in between MAC and PCS modules. Port rates from 1G to 50G (multiple optimized configurations) with optional support of TSN (incl. IEEE802.3br) and Cisco extensions. Embeds the MACsec-IP-161 core. |
| 1G to 100G Single-Port MACsec Engine with FIFO interface | MACsec-IP-160 | |
Single-port MACsec engine with FIFO interface. Port rates from 1G to 100G (multiple optimized configurations). Industry-proven solution for silicon devices that require plug-and-play MACsec processing for an Ethernet port at full line rate. |
| MACsec Toolkit | IEEE802.1X fully compliant and highly modular MACsec control plane software (EAP, MKA). Enables developers to quickly add complete MACsec support in network devices. Includes full C source code implementation of the control plane as well as reference implementation of the data plane for fast adoption of the technology. |
Data centers, cloud infrastructure, high-performance computing, and 4G/5G mobile networks are experiencing exponential data traffic growth. The need to prevent costly data breaches within the physical network infrastructure of routers, bridges and switches, as well as across a range of connected devices such as IP phones, PC’s, printers, and network servers is imperative.
The industry has responded with the rapid improvement of the Ethernet standard with the latest evolution being 800G Ethernet (800GBASE-R). Alongside new speed grades are requirements to support flexible bandwidth allocation for multiple channels (ports).
To protect high-speed network traffic, the industry is moving from application-level network security towards hardware-based Layer 2 security. The recommended security protocol is MACsec, an IEEE 802.1AE standard, which offers hop-to-hop link protection. MACsec is well suited to protect links across LAN and WAN networks. Only authorized devices access the network, and ethernet frames are integrity-and confidentiality-protected at line rate.
MACsec had been adopted to protect WAN links through excluding some of the network headers from the MACsec protection. Accordingly, the network nodes can inspect and modify these headers. With several additional enhancements, this allows MACsec to be fully transparent for intermediate devices. In some situations, IPsec ESP remains a choice, and its AES-GCM cipher option allows building a line-rate processing solution.
MACsec Fundamentals
For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.
Secure Networking Basics: MACsec, IPsec, and SSL/TLS/DTLS
The MACsec, IPsec and SSL/TLS/DTLS protocols are the primary means of securing data in motion (communicated between connected devices). These protocols can be anchored in hardware or implemented in software as part of an end-to-end security architecture. This white paper provides fundamental information on each of these protocols including their interrelationships and use cases.Resources
Videos
