Complete and compliant MACsec Packet Engine with classification, transformation and statistics for rates from 1GbE to 100GbE. Widely adopted in the industry
The MACsec-IP-160 engine provides complete MACsec processing for a port. It contains a flexible classifier with a table of programable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec-compliant statistics as additional non-standard counters. MACsec-IP-160 offers optional post-decryption consistency checking with a set of programmable rules.
The MACsec-IP-160 engine is a basis for building various use cases. Beside traditional point-to-point and point-to-multipoint use cases, it is also deployed in protecting carrier networks with bypass/drop/protect policy that is controlled per VLAN EVC.
The MACsec-IP-160 can be used in combination with external classifier and accepts secure channel pointer or packet bypass indication.
The MACsec-IP-160 engines offers flexibility on integration into the customer’s Ethernet subsystem. It can be used as a FIFO-like component, or a fixed-latency engine with a push interface.
Customers can implement MACsec processing with IEEE1588 timestamping in the Tx MAC (unencrypted PTP) as well as timestamping ahead of the MACsec (supporting both – encrypted and encrypted PTP).
To implement fixed-latency mode at egress direction, Rambus offers the Rate-Control-IP-218, a programmable module that shapes the traffic according to line rate and accounts the MACsec added header/trailer.
Full line-rate throughput
Software and integration support
SA and classification scaling
NIST CAVP compliance for FIPS 140-3 validation