The IEEE802.1AE (MACsec) Processing Engine/L2 Security Engine implements the complete MACsec data plane functionality. It performs functions such as AES-GCM, Packet Classification & Filtering, SecTAG processing, Anti-Replay check, ICV verification, and MIB Statistics. The MACsec engine can process the MAC frames up to 10Gbps full-duplex throughput for all packet sizes. It is highly configurable and easy to integrate. The size of the core is around 400K gates for a 10Gbps configuration in 65 nm.
The IEEE802.1AE (MACsec) Processing Engine/L2 Security Engine implements MACsec data plane specification (Full 802.1AE standard compliant). MACsec is defined as per 802.1AE and 802.1AF standards. It is primarily used to safeguard communication between trusted components of the network infrastructure and to provide controlled access to the network.
802.1AE defines MAC layer traffic protection. It offers hop-by-hop link layer security based on symmetric key AES-GCM encryption and authentication. MACsec allows multiple security associations per physical port and protects the entire Ethernet frame including MAC DA (Destination Address) and MAC SA (Source Address) from being spoofed. The key negotiation is as per the 802.1AF which is an enhancement of 802.1x to provide symmetric key for MAC layer protection. 802.1AF is implemented in the software.
- Complete inline processing without software intervention in the datapath
- Up to 10Gbps full duplex Throughput & Low Latency with short packets
- Fully compliant with IEEE 802.1AE standard
- Configurable number of Secure Associations per port with double buffering of SA
- AES-GCM as defined by the IEEE standard support for Crypto and Authentication
- Decryption, ICV verification, and Anti-Replay check on Ingress
- Encryption and Authentication with ICV generation and insertion on Egress
- MACsec header (SecTAG) insertion and removal
- Supports hardware based packet classification
- MIB counter update as per the MACsec Standard
- Highly Configurable and Scalable
- Can be easily integrated into an existing datapath
- World class customer support
- Available in FPGA platform
- Low gate count
- Synthesizable Verilog RTL
- Architecture Specification
- Self-checking Testbench and Testcases
- ASIC/FPGA Synthesis Scripts
- Integration Manual
- Software Drivers