MACsec Intel® FPGA IP User Guide

Download PDF
ID 736108
Date 3/31/2024
Public
Document Table of Contents
Document Table of Contents x
1. Introduction 2. Interface Overview 3. Parameters 4. Designing with the IP Core 5. Functional Description 6. Configuration Registers for MACsec IP 7. MACsec Intel® FPGA IP Example Design 8. MACsec Intel FPGA IP User Guide Archives 9. Document Revision History for the MACsec Intel FPGA IP User Guide
1. Introduction x
1.1. Terminology 1.2. IP Core Overview 1.3. Release Information 1.4. Device Family Support 1.5. Device Speed Grade Support and Theoretical Throughput 1.6. Resource Utilization
1.2. IP Core Overview x
1.2.1. IP Description 1.2.2. IP Core Applications
1.2.2. IP Core Applications x
1.2.2.1. SmartNIC 1.2.2.2. Ethernet Bridge + Inline MACsec
2. Interface Overview x
2.1. Block Diagram 2.2. Interfaces 2.3. Clocking Domains
2.2. Interfaces x
2.2.1. IP Interface Signals 2.2.2. IP Interface Signal Timing Diagram/Waveforms 2.2.3. Clocks, Resets, and Interrupts
2.2.1. IP Interface Signals x
2.2.1.1. Common Port Mux Interface 2.2.1.2. Common Port Demux Interface 2.2.1.3. Controlled Port Mux Interface 2.2.1.4. Controlled Port Demux Interface 2.2.1.5. Uncontrolled Port RX Interface 2.2.1.6. Uncontrolled Port TX Interface 2.2.1.7. Management Interface 2.2.1.8. Decrypt Port Mux Management Interface 2.2.1.9. Decrypt Port Demux Management Interface 2.2.1.10. Encrypt Port Mux Management Interface 2.2.1.11. Encrypt Port Demux Management Interface 2.2.1.12. Crypto IP Management Bus 2.2.1.13. Miscellaneous Control Signals
2.2.2. IP Interface Signal Timing Diagram/Waveforms x
2.2.2.1. Common Port Mux Interface Waveform 2.2.2.2. Common Port Demux Interface Waveform 2.2.2.3. Controlled Port Mux Interface Waveform 2.2.2.4. Controlled Port Demux Interface Waveform 2.2.2.5. Uncontrolled Port RX Interface Waveform 2.2.2.6. Uncontrolled Port TX Interface Waveform 2.2.2.7. Crypto RX Waveform 2.2.2.8. Crypto TX Waveform 2.2.2.9. MACsec Management Interface (Read) 2.2.2.10. MACsec Management Interface (Write)
3. Parameters x
3.1. MACsec Intel FPGA IP Parameter Settings
4. Designing with the IP Core x
4.1. Installing and Licensing Intel® FPGA IP Cores 4.2. Specifying the IP Core Parameters and Options 4.3. Generated File Structure 4.4. Reset Transactions 4.5. MACsec Software Initialization Sequence
4.1. Installing and Licensing Intel® FPGA IP Cores x
4.1.1. Intel® FPGA IP Evaluation Mode
5. Functional Description x
5.1. AXI-ST Common/Controlled/Uncontrolled Ports 5.2. Packet Parser and Classifier 5.3. SA Lookup and Update 5.4. Encryption Framer/DeFramer 5.5. Decryption Framer/Deframer 5.6. Packet Aggregator/Disaggregator 5.7. Cryptographic AES 5.8. Error Handling 5.9. Packet Statistics
5.1. AXI-ST Common/Controlled/Uncontrolled Ports x
5.1.1. AXI-ST Single Packet Mode 5.1.2. AXI-ST Multi Packet Mode 5.1.3. User Interface Data Streaming 5.1.4. AXI-ST Ready Latency 5.1.5. Port and Secure Channel Mapping 5.1.6. Port and Crypto Channel Mapping 5.1.7. Minimum Packet Size 5.1.8. Byte Ordering 5.1.9. Controlled/Uncontrolled Port Muxing
5.1.3. User Interface Data Streaming x
5.1.3.1. Single Packet Mode Data Stream 5.1.3.2. Multi Packet Mode Data Stream
5.2. Packet Parser and Classifier x
5.2.1. Packet Parser 5.2.2. Packet Classifier
5.3. SA Lookup and Update x
5.3.1. Packet Actions 5.3.2. Packet Buffer 5.3.3. New Channel Assignment 5.3.4. Anti-Replay Protection
5.3.1. Packet Actions x
5.3.1.1. Packet Encrypt 5.3.1.2. Packet Decrypt 5.3.1.3. Packet Discard 5.3.1.4. PDU Validation
5.4. Encryption Framer/DeFramer x
5.4.1. Channel Allocation 5.4.2. Packet Framer 5.4.3. VLAN Tagging
5.4.2. Packet Framer x
5.4.2.1. Bypass Packet 5.4.2.2. Stream Interleaving
5.4.3. VLAN Tagging x
5.4.3.1. No VLAN Tag 5.4.3.2. VLAN Tag (Not in Clear) 5.4.3.3. VLAN Tag (Clear)
5.5. Decryption Framer/Deframer x
5.5.1. XPN Recovery 5.5.2. Replay Check Update 5.5.3. Packet Deframer
5.6. Packet Aggregator/Disaggregator x
5.6.1. Packet Aggregator 5.6.2. Packet Disaggregator
5.7. Cryptographic AES x
5.7.1. Register Address Ordering 5.7.2. Byte Order Swapping 5.7.3. Byte Ordering
5.8. Error Handling x
5.8.1. Packet Error Handling 5.8.2. Memory Blocks ECC Errors 5.8.3. Crypto Errors 5.8.4. System-Level Errors
7. MACsec Intel® FPGA IP Example Design x
7.1. Simulation Requirements 7.2. Steps to Run Simulation 7.3. Port Configurations 7.4. Multi Interface Buffering Muxing/Demuxing 7.5. 4x25 GbE (Encryption + Decryption) 7.6. Packet Generator/Checker 7.7. Clocking
1. Introduction
2. Interface Overview
3. Parameters
4. Designing with the IP Core
5. Functional Description
6. Configuration Registers for MACsec IP
7. MACsec Intel® FPGA IP Example Design
8. MACsec Intel FPGA IP User Guide Archives
9. Document Revision History for the MACsec Intel FPGA IP User Guide

4.4. Reset Transactions

The whole MACsec IP is reset through subsystem_cold_rst_n assertion/deassertion. There are 2 additional resets, app_ip_lite_areset_n and app_ip_st_areset_n, which can be triggered to reset the CSR block and the remaining logic blocks respectively as shown in the figure below. The cold reset "rst_ack collector" collects the rst_ack_n status from all sub-blocks to assert (to low) or deassert (to high) the subsystem_cold_rst_ack_n accordingly.

During the subsystem cold reset assertion, the AXI-ST and AXI-Lite READY signals are deasserted to indicate that the respective interfaces are not ready to accept a transaction. The reset assertion propagates to AES Crypto IP through the aes_ip_add_rst_n signal. When the reset is deasserted, the Crypto IP signals are ready to accept request through the aes_app_ip_rst_ack_n signal assertion. The MACsec READY signals are then asserted after the MACsec IP and Crypto IP come out of reset and requests can be submitted to the IP.

The MACsec IP implements a software reset in a CSR register. The software resets the core logic, leaving the configuration registers unchanged. The MACsec IP is in the reset state as long as the CSR bit is set to 0. While in this state, no traffic is allowed in either MACsec IP direction.

If you assert the app_ip_st_areset_n, the MACsec SADB contents are not reset. All the data path and Crypto IP key storage are reset through this reset assertion. You are required to reprogram the key and the nextpn CSRs for Tx/Rx SC/SA in the MACsec IP to be operational. All other SC/SA fields can be reprogrammed as well if needed.

Resets can be used simultaneously and all resets are active-low level sensitive. The software reset is asserted whenever the cold_reset or Axi_lite and tready is high.

Figure 18. MACsec IP Reset Tree


Level Two Title