1G to 50G Single-Port MACsec Engine with xMII interface and TSN support

The MACsec-IP-361 is a plug-and-play solution for adding MACsec on the xMII side of an Ethernet subsystem. It is ideally positioned for designs where the MAC function is tightly integrated with the system-side, for example DMA-MAC Ethernet controllers or switch core IP with integrated MAC modules.

With the MACsec-IP-361, silicon vendors can add line-rate MACsec function using the industry-standard interfaces and achieve seamless operation with an existing Ethernet controller subsystem.

MACsec solution for integration between MAC and PCS side supporting 1GbE to 50GbE rates with optional TSN support (including IEEE803.2br).

For MACsec function integrates the MACsec-IP-161 with all IEEE MACsec standards supported. Optional Cisco ClearTags.

Supplied with the Driver Development Kit to accelerate time to market. Rambus offers MACsec Toolkit for IEEE 802.1X key management

How the MACsec-IP-361 Works

The MACsec-IP-361 engine provides complete MACsec processing for a port. A port may process a single stream or an interleaved stream of IEEE802.3br fragments (if preemption support is included). It contains a flexible classifier with a table of programmable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec compliant statistics as additional non-standard counters.

The MACsec-IP-361 engine
The MACsec-IP-361 engine

The MACsec-IP-361 engine operates as a fixed delay component at the xMII side, preserving accuracy of PTP timestamping and TSN scheduling created by the TSN MAC subsystem. Its operation is transparent for non-packet related information that is sent over the xMII bus.

The target integration would be instantiating the MACsec-IP-361 between an Ethernet MAC and a PCS. The PCS function may reside in a different device, for example, in the PHY. For egress direction, the MAC must be programmed to reserve space for MACsec expansion for example by stretching the IPG or managing the packet rate accordingly.

MACsec Fundamentals White Paper

MACsec Fundamentals

For end-to-end security of data, it must be secured both when at rest (stored on a connected device) and when in motion (communicated between connected devices). For data at rest, a hardware root of trust anchored in silicon provides that foundation upon which all device security is built. Similarly, MACsec security anchored in hardware at the foundational communication layer (Layer 2) provides that basis of trust for data in motion over Ethernet-based networks.

Solution Offerings

Secure Networking Basics cover

Secure Networking Basics: MACsec, IPsec, and SSL/TLS/DTLS

The MACsec, IPsec and SSL/TLS/DTLS protocols are the primary means of securing data in motion (communicated between connected devices). These protocols can be anchored in hardware or implemented in software as part of an end-to-end security architecture. This white paper provides fundamental information on each of these protocols including their interrelationships and use cases.
Rambus logo