MACsec Intel® FPGA IP User Guide

ID 736108
Date 10/21/2022

A newer version of this document is available. Customers should click here to go to the newest version.

Document Table of Contents

6.3.4. Anti-Replay Protection

For packets identified to go through the Receive Rx lane, the Anti-Replay Protection check is performed on the packet. Upon successfully obtaining an SA from the SA lookup process, a comparison is made between the received packet number in the MACsec header versus the nextPN field in the SA. The packet is discarded if the Received PN < SA nextPN.

For Rx decryption, the next_pn and lowest acceptable pn updates only happen on the deframer where the request passes the secure frame verification check.

The Anti-Replay Protection check can be disabled through the REPLAYPROTECT parameter.