Security IP icon

Security

800G Multi-Channel MACsec Engine

The MACsec-IP-163/164 is a MACsec engine developed specifically for high-speed, multi-rate and multi-port Ethernet devices. Its architecture provides an optimal solution for aggregate throughput ranging from 100G to 800G and beyond. The MACsec-IP-163/164 is ideal for deployment in data center, enterprise and carrier network applications, as well as network-attached high-performance computing.

Complete and fully compliant MACsec Packet Engine with classifier and transformation engines for rates of 100 to 800 Gbps, up to 64 channels, ready for FlexE
All IEEE MACsec standards supported (including IEEE802.1AE-2018). Optional inclusion of Cisco extensions, IPsec ESP AES-GCM protocol
Supplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management

Cloud computing and data center throughput requirements have driven Ethernet and OTN standards to 100G, 400G and now to 800G. These standards deploy multiple SerDes lanes with various rates, which require support for flexible bandwidth allocation for a varying number of channels (ports), depending on the target silicon.

How the MACsec-IP-163/164 works

The MACsec-IP-164 engine provides complete MACsec SecY frame processing for multiple channels (port). It supports multiple SecY (virtual ports) to realize protection for each individual virtual network running over the same physical port. It’s pooled classification and transformation resources allow optimal implementation of multi-port designs. The fat-pipe design allows aggregating multiple port to use the same MACsec SecY.

The MACsec-IP-163 is a virtual port matching classifier that works with the MACsec- IP-164 to form an autonomous MACsec processing data path. Alternatively, the MACsec-IP-164 can be used in combination with an external classifier or stand alone, depending on the use case.

MACsec Implementation with MACsec-IP-163/164
MACsec Implementation with MACsec-IP-163/164

The MACsec-IP-163/164 engine is delivered together with a widely adopted Driver Development Kit (DDK-164). To build a system-level solution, Rambus offers the MACsec Toolkit product that implements a complete IEEE 802.1X specification and has multiple features that facilitate development and testing of the MACsec compliant processing.

The MACsec-163/164 engine has been used by leading silicon and system vendors over multiple generations thanks to the engine’s software compatibility and proven history of API scalability.

MACsec Fundamentals White Paper

MACsec Fundamentals

For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.

Solution Offerings

Packet Interface

  • 800G in 7nm technology
  • 400G/600G in 16nm technology
  • 100G/200G in reduced area configurations
  • Cut-through TDM interface
  • Up to 64 channels (ports)
  • Flexible bandwidth allocation
  • FlexE ready
 

SA and Classification Scaling

  • Pooled SA (from few to many K entries)
  • TCAM internal/external
 

Control Interface

  • AMBA APB3
  • Interrupts (global and per-channel)
 

Default Protocol Support

  • Full IEEE 802.1AE-2018 compliance
    • IEEE 802.1AE
    • IEEE 802.1AEbn
    • IEEE 802.1AEbw
    • IEEE 802.1AEcg
  • MACsec with VLAN-in-clear
 

Optional Features

  • Cisco MACsec extensions
  • IPsec ESP with AEC-GCM
  • Other customer classifications
 

FIPS 140-2 CAVP ready

  • Support for basic AES and AEC-GCM transformations

Packages

  • Silicon IP
  • Driver Development Kit
 

Complete Documentation

  • Hardware integration guide
  • Hardware and software reference manuals
  • Programming guides
  • IP-XACT Register description

Integration Support

  • Complete verification test bench
  • Comprehensive set of test vectors
  • World-class support from MACsec experts
Secure Networking Basics cover

Secure Networking Basics: MACsec, IPsec, and SSL/TLS/DTLS

The MACsec, IPsec and SSL/TLS/DTLS protocols are the primary means of securing data in motion (communicated between connected devices). These protocols can be anchored in hardware or implemented in software as part of an end-to-end security architecture. This white paper provides fundamental information on each of these protocols including their interrelationships and use cases.

Upcoming Webinar: AI Requires Tailored DRAM Solutions