Security IP icon

Security

1G to 50G Single-Port MACsec Engine with TSN support

The MACsec-IP-161 is a versatile MACsec solution for silicon devices that require plug-and-play MACsec processing for an Ethernet port at full line rate. It provides classification, transformation and statistics for the IEEE802.1AE standard MACsec.

Additionally, it supports VLAN-in-clear use cases, IEEE802.3br preemption and Cisco ClearTags protocols. The IP-161 is available in numerous configurations optimized for desired throughput range, number of secure connections and features set. Supplied with software support, the MACsec-161 is the ideal solution for TSN Ethernet PHYs, switches, automotive, 5G SoCs and many other Ethernet-connected applications.

Complete and compliant MACsec Packet Engine for rates from 1GbE to 50GbE with TSN support (including IEEE803.2br).
All IEEE MACsec standards supported (incl. IEEE802.1AE-2018). Optional Cisco ClearTags.

Supplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management

How the MACsec-IP-161 works

The MACsec-IP-161 engine provides complete MACsec processing for a port. A port may process a single stream or an interleaved stream of IEEE802.3br fragments. It contains flexible classifier with a table of programable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec compliant statistics as additional non-standard counters. The MACsec-IP-161 engine is a basis for building various use cases. Beside traditional point-to-point and point-to-multipoint use cases, it is also deployed in protecting carrier networks with bypass/drop/protect policy that is controlled per VLAN EVC. The engine can be delivered with full Cisco ClearTags support that can be used in combination with preemption. The MACsec-IP-161 can be used in combination with external classifier and accepts secure channel pointer or packet bypass indication.
MACsec Fundamentals White Paper

MACsec Fundamentals

For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.

Solution Offerings

Secure Networking Basics cover

Secure Networking Basics: MACsec, IPsec, and SSL/TLS/DTLS

The MACsec, IPsec and SSL/TLS/DTLS protocols are the primary means of securing data in motion (communicated between connected devices). These protocols can be anchored in hardware or implemented in software as part of an end-to-end security architecture. This white paper provides fundamental information on each of these protocols including their interrelationships and use cases.