IxNetwork MACsec Test Solution

IxNetwork MACsec Test Solution

Data Sheets

Data Security with MACsec

 

With increasing demand of data privacy and protection of critical business assets, security has become an important part of every network, including cloud, data center, 5G, and automotive. 

 

While there are different encryption technologies available for data protection, media access control security (MACsec) brings line-rate encryption throughput for high-speed Ethernet, which is critical for cloud and data center operation. It secures network components, ensuring confidentiality, and defending against potential threats. 

 

MACsec has become an important encryption technology that is shipped with next-generation chips, routers, and switches. Thorough validation of MACsec encryption functions, throughput, and key exchange and rotation is critical to ensure robust implementation and smooth deployment.

 

Keysight now offers the industry's first MACsec test solution for high-speed Ethernet to help with early validation in MACsec design and implementation.  

 

MACsec Overview

 

MACsec 802.1AE is an industry-standard security technology that secures a point-to-point link between directly connected nodes. It operates at the link layer and protects layer 2 and above content. MACsec provides line-rate encryption regardless of packet size, and scales linearly compared to IPsec.

 

MACsec offers the following key services that can protect against most security threats, including denial of service, intrusion, man-in-the-middle, playback attacks, and passive wiretapping:

 

• Data confidentiality — cipher-based encryption of user data

• Data integrity — through the ICV

• Replay protection — by using packet number and window mechanism

 

With its line-rate encryption throughput, strong encryption protection, lower overhead, and transparency to higher-layer applications, MACsec has become an ideal encryption technology suitable for data center and cloud services that have adopted high-speed Ethernet to meet increased bandwidth demand.

 

Keysight’s MACsec Test Solution

 

Keysight now offers the industry's first MACsec test solution for high-speed Ethernet. It enables MACsec validation from hardware design, software stack implementation, to system integration with full coverage of various MACsec functions. Customer can now benchmark MACsec performance under a realistic traffic mix of cloud and data center workloads, guarantee service continuity during key rotation, and ensure stability under various negative conditions.

 

In addition, Keysight also provides a software based MACsec solution with essential capability to help MACsec validation for lower Ethernet speed in other industries, including 5G, Automotive, and Industrial Ethernet.

 

Highlights

 

• Line-rate 100G/200G/400G MACsec traffic encryption and decryption to stress decryption engine

• Dynamic MKA key negotiation or static SAK provision

• Vary frame sizes with fixed, increment, random and IMIX pattern from 64 bytes to 16K bytes 

• Control plane protocol messages in either encryption or clear text

• VLAN in clear text for provider bridged network

• Dynamic rekeys to validate no packet drop during rekey

• Mode of operation: ‘Integrity (ICV) only’ or ‘integrity + encryption’ 

• Full automation support with Python, REST, and other APIs for continuous validation