Login »
LLP-06: Ultra Low Latency 802.1AE/MACsec PDU Processor
The IEEE has ratified the 802.1AE-2006 Media Access Control Security (MACsec) standard which offers connectionless user data confidentiality, frame data integrity, and data origin authenticity for LANs, metropolitan optical networks and other applications. The MACsec security design consists of a data plane protocol which protects frames traversing the network.
The LLP-06 offers the industry’s lowest constant latency MACsec PDU processing solution and is interoperable with Layer-1 devices (PHYs) and Layer-2 devices (Ethernet switches). The data plane protocol defines the frame format for data encapsulation, encryption, and authentication using the GCM-AES high performance authenticating cipher. Elliptic’s LLP-06 is embedded in the data encapsulation -decapsulation module within the MAC Client to perform the tasks associated with the MACsec standard.
The IEEE 802.1AE protocol requires a dedicated hardware security engine inserted into the data path of the MAC. The goal of the security design is to offer a solution which meets the performance and latency required for frames traversing the interface at a reasonable gate count. This was the design criteria for the LLP-06. The Ultra Low Latency (ULL) MACsec PDU processor supports full 802.1AE security processing on each frame, including transmit encapsulation, receive decapsulation, MACsec frame validation, an implementation of the GCM-AES self-authenticating cipher and an optional MIB statistics gathering block.
The LLP-06 size and performance characteristics are highly dependent on the configuration selected. For example, a 10 Gbps @ 312.5 MHz full duplex MACsec PDU processor offers a latency of less than 70 ns per direction. This configuration occupies 375 k gates not including memories.
- Features
-
- Lowest latency in the industry
- Constant latency over all frame sizes
- Flow through architecture
- Throughput of up to 20 Gbps per direction
- Ultra low latency GCM-AES, fully compliant with NIST Special Publication 800-38D (the GCM standard) and FIPS PUB 197 (the AES standard)
- Build option for full-duplex, Rx-only, or Tx-only operation
- Programmable Confidentiality Offset (up to 127 Bytes)
- Configurable number of Connectivity Associations (CAs) from 1 to 16
- Configurable number of Security Associations (SAs)
- Egress 2 to 32
- Ingress 2 to 512
- Layer Management Interface (LMI) for management plane processor
- Secure frame generation and validation
- Support for jumbo frames
- MIB statistics gathering (optional)
- Benefits
-
- Silicon proven
- Highly integrated
- SoC/ASIC developers and embedded system OEMs benefit from
- Reduced time to market
- Reduced risk
- Highly tuned solutions for performance, power and size
- IP developed by industry experts through a structured and rigorous development and verification program
- Applications
-
- PHY devices
- Metropolitan Ethernet
- Routers
- Ethernet Switches
- Data Centers
- High-performance host adapters
- Downloads
-
- Product Brief: LLP-06 Ultra Low Latency 802.1AE/MACsec PDU Processor
Featured Products
CLP-630: Multi-Packet Manager Security EngineA highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.
