At Rambus, we create cutting-edge semiconductor and IP products, providing industry-leading chips and silicon IP to make data faster and safer.
Multi-channel Ultra Ethernet TSS Complete Layer (UET-TSS-IP-369)
Complete solution for UET-TSS protocol with rates up to 1.6Tbps
In the data center environment, the servers, storage and AI/HPC clusters need to move confidential data quickly and securely. Traditionally, RDMA is used as a transport protocol along with the network security based on MACsec and IPsec ESP protocols. To improve efficiency of using Ethernet in AI/HPC systems, the Ultra Ethernet Consortium introduced the new, IP-based transport protocol (UET), along with a new security protocol (TSS), that uses concepts from IPsec and PSP to protect or isolate the traffic. The UET protocol is implemented in SmartNICs that are connected to front-end and scale-out (backend) networks. For line rate performance and lowest latency, the TSS layer shall be implemented fully in hardware, close to the Ethernet port.
Contact
Product BriefHow the UET-TSS-IP-369 Works
The UET-TSS-IP-369 (EIP-369) is an inline, high-performance, multi-channel packet engine that provides the complete TSS layer, bypass/drop and basic crypto processing at rates up to 1.6Tbps. The engine is designed for integration into the systems that require TSS processing for one or more ports. The engine is provided as separate ingress and egress data paths. The EIP-369 embeds the UET-TSS-IP-69 for the packet transformation.
It receives a packet with input parameters that select one of the possible operations:
- TSS: A complete TSS layer handling is performed. IP header location is parsed or received externally. At egress, SD index is received from the host, at ingress it is searched in the CAM. The SDKDB is stored in the local SRAM. If the TSS operation cannot be performed, the packet is marked for dropping. The result contains security checks and processing results. The TSS compliant statistics are counted.
- Authenticated Encryption mode: Basic AES-GCM/GMAC operation with byte-aligned data. Can be used to offload crypto operations for other protocols and run NIST CAVP vectors.
- Bypass/Drop: A packet is bypassed without or with drop signaling.
Secure Networking Basics: MACsec, IPsec, and SSL/TLS/DTLS
The MACsec, IPsec and SSL/TLS/DTLS protocols are the primary means of securing data in motion (communicated between connected devices). These protocols can be anchored in hardware or implemented in software as part of an end-to-end security architecture. This white paper provides fundamental information on each of these protocols including their interrelationships and use cases.
Solution Offerings
Packet Interfaces
- Single-segment TDM interface
- Bus width options: 1024-bit, 2048-bit
- Up to 64 channels (ports)
- Flexible bandwidth allocation
- Input parameters and results signals
- TSS pass/fail output
Control Interface
- AMBA APB3
- Interrupts
TSS Protocol Support
- L2/VLAN header parsing or external IP offset
- Native and UDP encapsulated TSS
- Up to 16k secure domains
NIST CAVP Ready
- Basic AES-GCM/ECB transformation mode for data path crypto certification
- Basic AES-CMAC/ECB test mode for KDF certification
Packages
- Silicon IP
- Driver Development Kit
Complete Documentation
- Hardware integration guide
- Hardware reference manual
- Programming guide
- IP-XACT Register description
Tools and Scripts
- System Verilog for synthesis and simulation
- All scripts and support files needed for standard EDA tool flows
Integration Support
- Verification test bench
- Comprehensive set of test vectors
