MACsec Engine
Overview
Comcores MACsec IP provides Ethernet Layer 2 Security for port authentication, data confidentiality and data integrity as standardized in IEEE 802.1AE. It protects components in Ethernet networks especially high-speed Ethernet used in cloud, data center, 5G, industrial and automotive. The MACsec IP is a fully compliant solution that provides line-rate encryption and supports VLAN-in-Clear.
The core is configurable to have multiple Security Entities, SecYs, in a single IP to support multiple Connectivity Associations per port for traffic differentiation, and is prepared for easy interfacing with Comcores or third-party MAC, PCS and TSN Switch IPs.
The MACsec Engine implements 64-bit AXI-S input and output data interfaces. It offers flexibility on integration with IEEE 1588 PTP Timestamping Unit (TSU). It additionally includes a software tool for MACsec Key Agreement Protocol IEEE 802.1X integration.
Learn more by reading our MACsec blog post, MACsec for Deterministic Ethernet whitepaper, O-RAN Fronthaul Security using MACsec whitepaper or watching our webinar on the MACsec IP.
Block Diagram
Key Features
Delivers Performance
- Compliance with IEEE Std 802.1AE-2018
- IEEE 802.1X MACsec Key Agreement
- Line-rate traffic encryption and decryption
Highly Configurable
- Supports 10G/25G data rates
- Multiple Connectivity Associations (SecYs) with Traffic Mapping Rules
- Multiple number of peers with 4 Security Associations (SA) per Transmit and Receive Secure Channels (SC)
Feature Rich
- AES-GCM-128 and AES-GCM-256 Cipher Suites
- VLAN-in-Clear
- Confidentiality Offset
- SW tool for MACsec Key Agreement Protocol IEEE 802.1X integration
- Controlled/Uncontrolled Port
Silicon Agnostic
- Designed in SystemVerilog and targeting both ASICs and FPGAs
Deliverables
The IP Core can be delivered in Source code or Encrypted format. The following deliverables will be provided with the IP Core license:
- Solid documentation, including User Manual and Release Note.
- Simulation Environment, including Simple Testbed, Test case and Test Script.
- Programming Register Specification.
- Timing Constraints in Synopsys SDC format.
- SW integration tool for IEEE 802.1X MACsec Key Agreement Protocol.
- Access to support system and direct support from Comcores Engineers.
- Synopsys SGDC Files (optional).
- Synopsys Lint, CDC and Waivers (optional).
MACsec Content
Related Products
What Comcores IP will do for you
Proven Quality
Solid process and predictability
Strong verification
Faster Time-to-Market
First in bringing out new solutions
Tremendous investments in research
Know-How
Long-term experience in communication protocols
Expert in executing digital design projects
25G Ethernet Subsystem is now available
Press Release Copenhagen, Denmark, May 19, 2021 - Comcores ApS, a fast-growing specialized supplier of Intellectual Property (IP) Cores, today announced the availability of Ethernet Subsystem solution, a silicon agnostic and easy-to-use integration of 10G/25G Ethernet MAC and PCS for Time-Aware Applications. The Ethernet Subsystem comes in different variations and can be delivered integrated with TimeStamping Unit, IEEE 1588 PTP Software Stack and later also with OMA Controller. The richly...
Delivering timing accuracy in 5G networks – IEEE 1588 PTP Whitepaper
WHITEPAPER - Delivering timing accuracy in 5G networks How IEEE 1588 PTP has evolved to meet the stringent time synchronization requirements of 5G In mobile networks, time synchronization has always been important. Each new generation of mobile networks has driven the need for increased precision and accuracy in synchronization standards and solutions. Nevertheless, 5G is different. 5G time synchronization requirements are the most demanding seen to date and have elevated the importance of...
Accelerate time-to-market with Ethernet TSN solutions using Comcores IP
WHITEPAPER - Accelerate time-to-market with Ethernet TSN solutions Accelerate time-to-market with reliable Ethernet TSN solutions using Comcores IP. Ever since its introduction in 1973, the Ethernet protocol has expanded and evolved to support every conceivable connectivity application. Ethernet is designed to be a non-deterministic packet-based network, but this also means that Ethernet cannot satisfy the needs of applications that require time-critical, fail-safe operation. These...