Security IP icon

Security

MACsec Engines

For data protection at line rate, Rambus offers a complete family of MACsec silicon IP solutions covering port rates from 1 to 800 Gbps, and applications ranging from copper PHY, high-performance SOCs, to high-end optical PHY and switch/router ASICs. The fully-featured IEEE 802.1X MACsec Toolkit software accelerates time to market when building an integrated system.

SolutionProduct NumberProduct BriefDescription
800G Multi-Channel MACsec EngineMACsec-IP-163/164Download Inside Secure MACsec-IP-163/164 Product BriefMulti-channel MACsec engine for rates from 100 to 800 Gbps with optional support of Cisco extensions, IPsec.
100G Single-Channel MACsec EngineMACsec-IP-160Accelerate MACsec up to 100 Gbps. Serves single channel Ethernet designs. Supports all IEEE MACsec requirements
100G Single-Channel MACsec Engine for PHYsMACsec-IP-165Accelerate MACsec up to 100 Gbps. Serves single channel PHY designs. Supports all IEEE MACsec requirements
MACsec ToolkitEnables developers to quickly add complete MACsec support in network devices. Includes full C source code implementation of the control plane, especially the MACsec Key Agreement (MKA) protocol

Data centers, cloud infrastructure, high-performance computing, and 4G/5G mobile networks are experiencing exponential data traffic growth. The need to prevent costly data breaches within the physical network infrastructure of routers, bridges and switches, as well as across a range of connected devices such as IP phones, PC’s, printers, and network servers is imperative.

The industry has responded with the rapid improvement of the Ethernet standard with the latest evolution being 800G Ethernet (800GBASE-R). Alongside new speed grades are requirements to support flexible bandwidth allocation for multiple channels (ports).

To protect high-speed network traffic, the industry is moving from application-level network security towards hardware-based Layer 2 security. The recommended security protocol is MACsec, an IEEE 802.1AE standard, which offers hop-to-hop link protection. MACsec is well suited to protect links across LAN and WAN networks. Only authorized devices access the network, and ethernet frames are integrity-and confidentiality-protected at line rate.

MACsec had been adopted to protect WAN links through excluding some of the network headers from the MACsec protection. Accordingly, the network nodes can inspect and modify these headers. With several additional enhancements, this allows MACsec to be fully transparent for intermediate devices. In some situations, IPsec ESP remains a choice, and its AES-GCM cipher option allows building a line-rate processing solution.

MACsec Fundamentals White Paper

MACsec Fundamentals

For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.

Secure Networking Basics cover

Secure Networking Basics: MACsec, IPsec, and SSL/TLS/DTLS

The MACsec, IPsec and SSL/TLS/DTLS protocols are the primary means of securing data in motion (communicated between connected devices). These protocols can be anchored in hardware or implemented in software as part of an end-to-end security architecture. This white paper provides fundamental information on each of these protocols including their interrelationships and use cases.

Upcoming Webinar: AI Requires Tailored DRAM Solutions