IEEE 802.1ae MACSEC IP Core for 40 Gbit Ethernet
The concept of the MACsec scheme is that nodes on a network form a set of trusted entities. Each node can receive both encrypted or plaintext messages, and the system policy can dictate how each is handled. Unlike protocols such as IPsec which are end-to-end and session based, the MACSEC decrypts and verifies each packet at every node. Packets that require routing to other trusted nodes in the system are then encrypted and forwarded.
The MACSEC core is a high performance pipelined implementation of IEEE standard 802.1ae. The core is built on Algotronix' AES-GCM-40G encryption IP core. The MACSEC core supports multiple 'virtual' MACSec SecYs on a single hardware encryptor which allows for a Multi-Access LAN as specified in section 11-8 of the standard. Each SecY has a single secure channel for transmit so unless multiple SecYs are supported an end point would use the same key to send packets to all the end-points it wished to communicate with. For example, if it wished to communicate with endpoints A and B then B would have access to the key used to encrypt messages for A. Multiple SecYs provide more control of security - for example a separate SecY could be used for node A and node B after and node B would no longer be provided with the key to decrypt messages intended for node A.
The Algotronix MACSEC core is supplied with a VHDL testbench which generates a sequence of test packets and compares the responses of the IP core to the output generated by a behavioral model of MACSEC. It is supplied as VHDL source code and can be configured using a number of VHDL generic parameters to select only those features which are required in order to conserve area. The MACSEC core provides both transmit and receive channels. The core is an easy to use fully synchronous design with a single clock and separate flow control on the transmit and receive channels. The core has been designed for efficiency in modern FPGAs and makes full use of FPGA specific features such as dual port memory blocks.
View IEEE 802.1ae MACSEC IP Core for 40 Gbit Ethernet full description to...
- see the entire IEEE 802.1ae MACSEC IP Core for 40 Gbit Ethernet datasheet
- get in contact with IEEE 802.1ae MACSEC IP Core for 40 Gbit Ethernet Supplier