Hardware

PDU Processors

LLP-04: 802.1AE/MACsec PDU Processor

The IEEE has ratified the 802.1AE-2006 Media Access Control Security (MACsec) standard which offers connectionless user data confidentiality, frame data integrity, and data origin authenticity for LANs, metropolitan optical networks and other applications. The MACsec security design consists of a data plane protocol which protects frames traversing the network. A companion key agreement protocol is specified in IEEE 802.1X-REV (previously defined in 802.1af).

The data plane protocol defines the frame format for data encapsulation, encryption, and authenticity using the high performance authenticating cipher GCM-AES. Elliptic’s LLP-04 is embedded in the data encapsulation/decapsulation module within the MAC Client to perform the tasks associated with the MACsec standard.

Key Features:

• Flow through architecture
• Throughput - 4 Gbps to 20 Gbps per direction
• GCM-AES fully compliant with NIST Special Publication 800-38D (the GCM standard) and FIPS PUB 197 (the AES standard) to perform cryptographic operations
• Frame filtering and classification engine
• Build option for full-duplex, Rx-only, or Tx-only operation
• Configurable number of CAs (Connectivity Associations) from 1 to 16
• Configurable number of SCs (Secure Channels) for egress with a range of 1 to 16
• Configurable number of SCs for ingress with a range from 1 to 256
• Layer Management Interface (LMI) for management plane processor
• Secure frame generation for egress
• Secure frame validation and decryption (when enabled) for ingress
• Support for dual-clock domain
• Optional support for Management Information Base (MIB) statistic

Applications:

• Metropolitan Ethernet
• Routers
• Ethernet Switches
• Storage area networking
• High-performance host adapters

검색