Hardware

PDU Processors

LLP-04: 802.1AE/MACsec Link Encryptor

The IEEE has ratified the 802.1AE-2006 Media Access Control Security (MACsec) standard which offers connectionless user data confidentiality, frame data integrity, and data origin authenticity for LANs, metropolitan optical networks and other applications. The MACsec security design consists of a data plane protocol which protects frames traversing the network. A companion key agreement protocol is specified in IEEE 802.1X-REV (previously defined in 802.1af).

The data plane protocol defines the frame format for data encapsulation, encryption, and authentication using the high performance authenticating cipher GCM-AES. Elliptic’s LLP-04 is embedded in the data encapsulation/decapsulation module within the MAC Client to perform the tasks associated with the MACsec standard.

The LLP-04 supports full 802.1AE security processing on each frame, including SA lookup, transmit encapsulation, receive decapsulation, MACsec frame validation, implementation of the GCM-AES self-authenticating cipher and optionally MIB statistics collection.

Key Features:

• Flow through architecture
• Throughput - 4 Gbps to 20 Gbps per direction
• Low latency design
• Selectable latency minimum or constant over all frame sizes
• MACsec lookup engine
• GCM-AES fully compliant with NIST Special Publication 800-38D (the GCM standard) and FIPS PUB 197 (the AES standard)
• Build option for full-duplex, Rx-only, or Tx-only operation
• Configurable number of CAs (Connectivity Associations) from 1 to 16
• Configurable number of SCs (Secure Channels)
• Egress - 1 to 16
• Ingress - 1 to 256
• Configurable number of SCs for ingress with a range from 1 to 256
• Layer Management Interface (LMI) for management plane processor
• Secure frame generation and validation
• Support for dual-clock domain
• Support for jumbo frames
• MIB statistics gathering (optional)

Applications:

• Metropolitan Ethernet
• Routers
• Ethernet Switches
• Data Centers
• High-performance host adapters

Search