6.3.1.3. Packet Discard

MACsec Intel® FPGA IP User Guide

Download PDF

ID 736108

Date 10/21/2022

Version

Public

A newer version of this document is available. Customers should click here to go to the newest version.

Visible to Intel only — GUID: fia1655257886529

Ixiasoft

View Details

Document Table of Contents

Document Table of Contents x

1. Introduction 2. Interface Overview 3. Parameters 4. Designing with the IP Core 5. MACsec Intel® FPGA IP Example Design 6. Functional Description 7. Configuration Registers for MACsec IP 8. Document Revision History for the MACsec Intel FPGA IP User Guide

1. Introduction x

1.1. Terminology 1.2. IP Core Overview 1.3. Release Information 1.4. Device Family Support 1.5. Device Speed Grade Support and Theoretical Throughput 1.6. Resource Utilization

1.2. IP Core Overview x

1.2.1. IP Description 1.2.2. IP Core Applications

1.2.2. IP Core Applications x

1.2.2.1. SmartNIC 1.2.2.2. Ethernet Bridge + Inline MACsec

2. Interface Overview x

2.1. Block Diagram 2.2. Interfaces 2.3. Clocking Domains

2.2. Interfaces x

2.2.1. IP Interface Signals 2.2.2. IP Interface Signal Timing Diagram/Waveforms 2.2.3. Clocks, Resets, and Interrupts

2.2.1. IP Interface Signals x

2.2.1.1. Common Port Mux Interface 2.2.1.2. Common Port Demux Interface 2.2.1.3. Controlled Port Mux Interface 2.2.1.4. Controlled Port Demux Interface 2.2.1.5. Uncontrolled Port RX Interface 2.2.1.6. Uncontrolled Port TX Interface 2.2.1.7. Crypto RX Interface 2.2.1.8. Crypto TX Interface 2.2.1.9. Management Interface 2.2.1.10. Decrypt Port Mux Management Interface 2.2.1.11. Decrypt Port Demux Management Interface 2.2.1.12. Encrypt Port Mux Management Interface 2.2.1.13. Encrypt Port Demux Management Interface 2.2.1.14. Crypto IP Management Bus

2.2.2. IP Interface Signal Timing Diagram/Waveforms x

2.2.2.1. Common Port Mux Interface Waveform 2.2.2.2. Common Port Demux Interface Waveform 2.2.2.3. Controlled Port Mux Interface Waveform 2.2.2.4. Controlled Port Demux Interface Waveform 2.2.2.5. Uncontrolled Port RX Interface Waveform 2.2.2.6. Uncontrolled Port TX Interface Waveform 2.2.2.7. Crypto RX Waveform 2.2.2.8. Crypto TX Waveform 2.2.2.9. MACsec Management Interface (Read) 2.2.2.10. MACsec Management Interface (Write)

3. Parameters x

3.1. MACsec Intel FPGA IP Parameter Settings

4. Designing with the IP Core x

4.1. Installing and Licensing Intel® FPGA IP Cores 4.2. Specifying the IP Core Parameters and Options 4.3. Generated File Structure 4.4. Reset Transactions 4.5. MACsec Software Initialization Sequence 4.6. MACsec Software Rekeying

4.1. Installing and Licensing Intel® FPGA IP Cores x

4.1.1. Intel® FPGA IP Evaluation Mode

5. MACsec Intel® FPGA IP Example Design x

5.1. Port Configurations 5.2. Multi Interface Buffering Muxing/Demuxing 5.3. 2x25 GbE (Encryption + Decryption) 5.4. Packet Generator/Checker 5.5. Clocking

6. Functional Description x

6.1. AXI-ST Common/Controlled/Uncontrolled Ports 6.2. Packet Parser and Classifier 6.3. SA Lookup and Update 6.4. Encryption Framer/DeFramer 6.5. Decryption Framer/Deframer 6.6. Packet Aggregator/Disaggregator 6.7. Cryptographic AES 6.8. Error Handling 6.9. Packet Statistics

6.1. AXI-ST Common/Controlled/Uncontrolled Ports x

6.1.1. AXI-ST Single Packet Mode 6.1.2. AXI-ST Multi Packet Mode 6.1.3. User Interface Data Streaming 6.1.4. AXI-ST Ready Latency 6.1.5. Port and Secure Channel Mapping 6.1.6. Port and Crypto Channel Mapping 6.1.7. Minimum Packet Size 6.1.8. Byte Ordering 6.1.9. Controlled/Uncontrolled Port Muxing

6.1.3. User Interface Data Streaming x

6.1.3.1. Single Packet Mode Data Stream 6.1.3.2. Multi Packet Mode Data Stream

6.2. Packet Parser and Classifier x

6.2.1. Packet Parser 6.2.2. Packet Classifier

6.3. SA Lookup and Update x

6.3.1. Packet Actions 6.3.2. Packet Buffer 6.3.3. New Channel Assignment 6.3.4. Anti-Replay Protection

6.3.1. Packet Actions x

6.3.1.1. Packet Encrypt 6.3.1.2. Packet Decrypt 6.3.1.3. Packet Discard

6.3.1.3. Packet Discard x

6.3.1.3.1. PDU Validation

6.4. Encryption Framer/DeFramer x

6.4.1. Channel Allocation 6.4.2. Packet Framer 6.4.3. VLAN Tagging

6.4.2. Packet Framer x

6.4.2.1. Bypass Packet 6.4.2.2. Stream Interleaving

6.4.3. VLAN Tagging x

6.4.3.1. No VLAN Tag 6.4.3.2. VLAN Tag (Not in Clear) 6.4.3.3. VLAN Tag (Clear)

6.5. Decryption Framer/Deframer x

6.5.1. XPN Recovery 6.5.2. Replay Check Update 6.5.3. Packet Deframer

6.6. Packet Aggregator/Disaggregator x

6.6.1. Packet Aggregator 6.6.2. Packet Disaggregator

6.7. Cryptographic AES x

6.7.1. Register Address Ordering 6.7.2. Byte Order Swapping 6.7.3. Byte Ordering

6.8. Error Handling x

6.8.1. Packet Error Handling 6.8.2. Memory Blocks ECC Errors 6.8.3. Crypto Errors 6.8.4. System-Level Errors

1. Introduction

1.1. Terminology

1.2. IP Core Overview

1.2.1. IP Description

1.2.2. IP Core Applications

1.2.2.1. SmartNIC

1.2.2.2. Ethernet Bridge + Inline MACsec

1.3. Release Information

1.4. Device Family Support

1.5. Device Speed Grade Support and Theoretical Throughput

1.6. Resource Utilization

2. Interface Overview

2.1. Block Diagram

2.2. Interfaces

2.2.1. IP Interface Signals

2.2.1.1. Common Port Mux Interface

2.2.1.2. Common Port Demux Interface

2.2.1.3. Controlled Port Mux Interface

2.2.1.4. Controlled Port Demux Interface

2.2.1.5. Uncontrolled Port RX Interface

2.2.1.6. Uncontrolled Port TX Interface

2.2.1.7. Crypto RX Interface

2.2.1.8. Crypto TX Interface

2.2.1.9. Management Interface

2.2.1.10. Decrypt Port Mux Management Interface

2.2.1.11. Decrypt Port Demux Management Interface

2.2.1.12. Encrypt Port Mux Management Interface

2.2.1.13. Encrypt Port Demux Management Interface

2.2.1.14. Crypto IP Management Bus

2.2.2. IP Interface Signal Timing Diagram/Waveforms

2.2.2.1. Common Port Mux Interface Waveform

2.2.2.2. Common Port Demux Interface Waveform

2.2.2.3. Controlled Port Mux Interface Waveform

2.2.2.4. Controlled Port Demux Interface Waveform

2.2.2.5. Uncontrolled Port RX Interface Waveform

2.2.2.6. Uncontrolled Port TX Interface Waveform

2.2.2.7. Crypto RX Waveform

2.2.2.8. Crypto TX Waveform

2.2.2.9. MACsec Management Interface (Read)

2.2.2.10. MACsec Management Interface (Write)

2.2.3. Clocks, Resets, and Interrupts

2.3. Clocking Domains

3. Parameters

3.1. MACsec Intel FPGA IP Parameter Settings

4. Designing with the IP Core

4.1. Installing and Licensing Intel® FPGA IP Cores

4.1.1. Intel® FPGA IP Evaluation Mode

4.2. Specifying the IP Core Parameters and Options

4.3. Generated File Structure

4.4. Reset Transactions

4.5. MACsec Software Initialization Sequence

4.6. MACsec Software Rekeying

5. MACsec Intel® FPGA IP Example Design

5.1. Port Configurations

5.2. Multi Interface Buffering Muxing/Demuxing

5.3. 2x25 GbE (Encryption + Decryption)

5.4. Packet Generator/Checker

5.5. Clocking

6. Functional Description

6.1. AXI-ST Common/Controlled/Uncontrolled Ports

6.1.1. AXI-ST Single Packet Mode

6.1.2. AXI-ST Multi Packet Mode

6.1.3. User Interface Data Streaming

6.1.3.1. Single Packet Mode Data Stream

6.1.3.2. Multi Packet Mode Data Stream

6.1.4. AXI-ST Ready Latency

6.1.5. Port and Secure Channel Mapping

6.1.6. Port and Crypto Channel Mapping

6.1.7. Minimum Packet Size

6.1.8. Byte Ordering

6.1.9. Controlled/Uncontrolled Port Muxing

6.2. Packet Parser and Classifier

6.2.1. Packet Parser

6.2.2. Packet Classifier

6.3. SA Lookup and Update

6.3.1. Packet Actions

6.3.1.1. Packet Encrypt

6.3.1.2. Packet Decrypt

6.3.1.3. Packet Discard

6.3.1.3.1. PDU Validation

6.3.2. Packet Buffer

6.3.3. New Channel Assignment

6.3.4. Anti-Replay Protection

6.4. Encryption Framer/DeFramer

6.4.1. Channel Allocation

6.4.2. Packet Framer

6.4.2.1. Bypass Packet

6.4.2.2. Stream Interleaving

6.4.3. VLAN Tagging

6.4.3.1. No VLAN Tag

6.4.3.2. VLAN Tag (Not in Clear)

6.4.3.3. VLAN Tag (Clear)

6.5. Decryption Framer/Deframer

6.5.1. XPN Recovery

6.5.2. Replay Check Update

6.5.3. Packet Deframer

6.6. Packet Aggregator/Disaggregator

6.6.1. Packet Aggregator

6.6.2. Packet Disaggregator

6.7. Cryptographic AES

6.7.1. Register Address Ordering

6.7.2. Byte Order Swapping

6.7.3. Byte Ordering

6.8. Error Handling

6.8.1. Packet Error Handling

6.8.2. Memory Blocks ECC Errors

6.8.3. Crypto Errors

6.8.4. System-Level Errors

6.9. Packet Statistics

7. Configuration Registers for MACsec IP

8. Document Revision History for the MACsec Intel FPGA IP User Guide

Visible to Intel only — GUID: fia1655257886529

Ixiasoft

View Details

6.3.1.3. Packet Discard

There are a few conditions where packets are discarded and errors are logged into CSR.

If VALIDATEFRAMES = STRICT or SecTAG's C bit is set and unknown SCI or no valid SA is in use from SADB after lookup, error are logged into InPktsNoSAError CSR.

If VALIDATEFRAMES = STRICT and packets enter through decryption lane without MACsec header, error are logged into InPktsNoTag CSR.

If packets are received with the SecTAG E bit set and C bit clear, packets are discarded and not delivered to the Controlled port.

If VALIDATEFRAMES = STRICT or C bit is set and SC is unknown, received packets are discarded.

If VALIDATEFRAMES = STRICT or C bit is set and SA is unused, received packets are discarded.

If REPLAYPROTECT = ENABLE and the received packets PN is less than MIN_PN from the SA entry, received packets are discarded.

If protectFrames = 1 and there is no valid SA for transmit SC, packets to be protected are discarded.

If the transmitted packets size including SecTAG and ICV is > TX_MAX_PCKT_BYTES CSR, the packet is discarded.

When a packet is discarded, the TVALID of the packet is suppressed for every data byte until the cycle where TLAST is observed. The port/stream ID (TID) of the discarded packet is matched against the incoming packet data byte to avoid dropping packets from a different port/stream.

Section Content
PDU Validation

Level Two Title

Select Your Language

Using Intel.com Search

Quick Links

Recent Searches

Advanced Search

Only search in

MACsec Intel® FPGA IP User Guide

6.3.1.3. Packet Discard