1G to 50G Single-Port MACsec Engine with xMII interface and TSN support

The MACsec-IP-361 is a plug-and-play solution for adding MACsec on the xMII side of an Ethernet subsystem. It is ISO 26262 ASIL-B Ready certified and ideally positioned for designs where the MAC function is tightly integrated with the system-side, for example DMA-MAC Ethernet controllers or switch core IP with integrated MAC modules.

With the MACsec-IP-361, silicon vendors can add line-rate MACsec function using the industry-standard interfaces and achieve seamless operation with an existing Ethernet controller subsystem.

MACsec solution for integration between MAC and PCS side supporting 1GbE to 50GbE rates with optional TSN support (including IEEE803.2br).

For MACsec function integrates the MACsec-IP-161 with all IEEE MACsec standards supported. Optional Cisco ClearTags.

Supplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management

How the MACsec-IP-361 Works

The MACsec-IP-361 engine provides complete MACsec processing for a port. A port may process a single stream or an interleaved stream of IEEE802.3br fragments (if preemption support is included). It contains a flexible classifier with a table of programmable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec compliant statistics as additional non-standard counters.

The MACsec-IP-361 engine
The MACsec-IP-361 engine

The MACsec-IP-361 engine operates as a fixed delay component at the xMII side, preserving accuracy of PTP timestamping and TSN scheduling created by the TSN MAC subsystem. Its operation is transparent for non-packet related information that is sent over the xMII bus.

The target integration would be instantiating the MACsec-IP-361 between an Ethernet MAC and a PCS. The PCS function may reside in a different device, for example, in the PHY. For egress direction, the MAC must be programmed to reserve space for MACsec expansion for example by stretching the IPG or managing the packet rate accordingly.

Securing Automotive Ethernet with MACsec Silicon IP

Securing Automotive Ethernet with MACsec Silicon IP
In today’s cars, the Ethernet standard is the go-to solution for connecting zonal gateways to the central compute units that handle ADAS functionality. However, in-vehicle networks are vulnerable to a number of security threats, including eavesdropping, denial-of-service attacks, man-in-the middle attacks, and unauthorized access. This white paper explores how MACsec provides an effective solution to address the security challenges faced by automotive Ethernet networks and how Rambus MACsec IP solutions can be deployed across a range of use cases.

Solution Offerings

MACsec Fundamentals

MACsec Fundamentals White Paper

For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.

Rambus logo