1G to 100G Single-Port MACsec Engine

The MACsec-IP-160 is a versatile MACsec solution for silicon devices that require plug-and-play MACsec processing for an Ethernet port at full line rate. It provides classification, transformation and statistics for the IEEE0802.1AE standard MACsec. Additionally, it supports VLAN-in-clear use cases. The IP-160 is available in numerous configurations optimized for desired throughput range and number of secure connections. Supplied with software support, the MACsec-160 is the ideal solution for Ethernet PHYs, switches, automotive and 5G SoCs, broadband access chipsets and many other Ethernet-connected applications.

Complete and compliant MACsec Packet Engine with classification, transformation and statistics for rates from 1GbE to 100GbE. Widely adopted in the industry

All IEEE MACsec standards supported (including IEEE802.1AE-2018). Suitable for systems with IEEE1588 support
Supplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management

How the MACsec-IP-160 works

The MACsec-IP-160 engine provides complete MACsec processing for a port. It contains a flexible classifier with a table of programable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec-compliant statistics as additional non-standard counters. MACsec-IP-160 offers optional post-decryption consistency checking with a set of programmable rules.

Single-port 1G to 100G MACsec Using MACsec-IP-160 Engine
Single-port 1G to 100G MACsec Using MACsec-IP-160 Engine

The MACsec-IP-160 engine is a basis for building various use cases. Beside traditional point-to-point and point-to-multipoint use cases, it is also deployed in protecting carrier networks with bypass/drop/protect policy that is controlled per VLAN EVC. 

The MACsec-IP-160 can be used in combination with external classifier and accepts secure channel pointer or packet bypass indication.


The MACsec-IP-160 engines offers flexibility on integration into the customer’s Ethernet subsystem. It can be used as a FIFO-like component, or a fixed-latency engine with a push interface.

Customers can implement MACsec processing with IEEE1588 timestamping in the Tx MAC (unencrypted PTP) as well as timestamping ahead of the MACsec (supporting both – encrypted and encrypted PTP).

To implement fixed-latency mode at egress direction, Rambus offers the Rate-Control-IP-218, a programmable module that shapes the traffic according to line rate and accounts the MACsec added header/trailer.

MACsec Fundamentals White Paper

MACsec Fundamentals

For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.

Solution Offerings

Secure Networking Basics cover

Secure Networking Basics: MACsec, IPsec, and SSL/TLS/DTLS

The MACsec, IPsec and SSL/TLS/DTLS protocols are the primary means of securing data in motion (communicated between connected devices). These protocols can be anchored in hardware or implemented in software as part of an end-to-end security architecture. This white paper provides fundamental information on each of these protocols including their interrelationships and use cases.
Rambus logo