Visible to Intel only — GUID: iei1654827440835
Ixiasoft
Visible to Intel only — GUID: iei1654827440835
Ixiasoft
5.1.6. Port and Crypto Channel Mapping
The following table shows the mapping between the MACsec IP Common/Controlled, SA, and crypto channel number. Both encryption and decryption Common/Controlled ports should use a different TID to reference to a different SA entry. For example, traffic on encryption Common/Controlled port 0 can use TID = 0 and traffic on decryption Common/Controlled port 0 should use another TID = 1. as the Crypto QHIP cannot handle interleaving encryption/decryption within the same stream.
Port (Identify through AXI-ST TID[5:0]) | SA (for each $port (0 .. (MAX_CRYPTO_CH/16 -1))) | Crypto Channel Number |
---|---|---|
Tx Port i (TID = $port mod MAX_TX_TID) | TX_LANE_SC0_SA0_*[$port] |
0 + ($port * 8) |
TX_LANE_SC0_SA1_*[$port] |
1 + ($port * 8) | |
TX_LANE_SC0_SA2_*[$port] |
2 + ($port * 8) | |
TX_LANE_SC1_SA3_*[$port] |
3 + ($port * 8) | |
TX_LANE_SC1_SA0_*[$port] |
4 + ($port * 8) | |
TX_LANE_SC1_SA1_*[$port] |
5 + ($port * 8) | |
TX_LANE_SC1_SA2_*[$port] |
6 + ($port * 8) | |
TX_LANE_SC1_SA3_*[$port] |
7 + ($port * 8) |
Port (Identify through AXI-ST TID[5:0]), RX request TID is after offset which starts at 0 | SA (for each $port (0 .. (MAX_CRYPTO_CH/16 -1))) | Crypto Channel Number |
---|---|---|
Rx Port i (TID = $port mod (MAX_CTRL_PORT - MAX_TX_TID) | RX_LANE_SC0_SA0_*[$port ] 0 |
0 + (MAX_CRYPTO_CH/2 + ($port * 8)) |
RX_LANE_SC0_SA1_*[$port ] | 1 + (MAX_CRYPTO_CH/2 + ($port * 8)) | |
RX_LANE_SC0_SA2_*[$port ] | 2 + (MAX_CRYPTO_CH/2 + ($port * 8)) | |
RX_LANE_SC0_SA3_*[$port ] | 3 + (MAX_CRYPTO_CH/2 + ($port * 8)) | |
RX_LANE_SC1_SA0_*[$port ] | 4 + (MAX_CRYPTO_CH/2 + ($port * 8)) | |
RX_LANE_SC1_SA1_*[$port ] | 5 + (MAX_CRYPTO_CH/2 + ($port * 8)) | |
RX_LANE_SC1_SA2_*[$port ] | 6 + (MAX_CRYPTO_CH/2 + ($port * 8)) | |
RX_LANE_SC1_SA3_*[$port ] | 7 + (MAX_CRYPTO_CH/2 + ($port * 8)) |
The SADB is organized per port up to a maximum of 64 ports. Each port is assigned with 2 Tx SCs (4 Tx SAs) and 2 Rx SCs (4 Rx SAs) and the lookup on the port SCs/SAs is done using a stream ID (AXI-ST TID) of the request. Since the Tx and Rx ports cannot share the same stream ID, half of the SAs are wasted. For example, Tx port requests cannot lookup on Rx SAs and Rx port requests cannot lookup on Tx SAs. RX back pressure is expected with UCP traffic.
To overcome this issue, an Rx port request stream ID is applied with an offset before the lookup is performed. The Rx port request stream ID always starts from 0 after applying the offset. The MAX_CRYPTO_CH specifying the maximum supported Crypto channel IDs by the MACsec IP is evenly distributed between the Tx and Rx ports. All Rx ports are further divided as MAX_CRYPTO_CH/2 channel IDs per Rx port. The Crypto channels assigned to each Tx port remains the same, which is 8.
Example 1:
- Channel ID assigned to Tx Ports – 0 – 512
- Channel ID assigned to Rx Ports – 512 - 1023
- 32 Tx ports stream ID = 0 – 31
- 32 Rx ports stream ID = 32 – 63
Before SA lookup, the 32 Rx port stream ID is deducted with MAX_TX_PORT (32). The final Rx port stream ID used for SA lookup is 0 – 31.
Port | Stream ID | SADB SC/SA | Channel ID |
---|---|---|---|
Tx Port | 0 | TX_LANE_SC*_SA*_*[0] | 0 – 7, 256 - 263 |
Rx Port | 32 | RX_LANE_SC*_SA*_*[0,32] | 512 - 519, 768 – 774 |
Tx Port | 1 | TX_LANE_SC*_SA*_*[1] | 8 – 15, 264 - 271 |
Rx Port | 33 | RX_LANE_SC*_SA*_*[1,33] | 520 – 527, 775 - 783 |
: | |||
Tx Port | 31 | TX_LANE_SC*_SA*_*[31] | 248 – 255, 504 - 511 |
Rx Port | 63 | RX_LANE_SC*_SA*_*[31,63] | 760 - 767, 1016 – 1023 |
Below are examples of a few possible configurations:
- MAX_CTRL_PORT = 2, MAX_TX_TID = 1
- Ethernet Port 0 Rx > Port Mux (TID = 0) > MACSEC IP > Port Demux (TID = 0) > Ethernet Port 0 Tx
- MAX_CTRL_PORT = 2, MAX_TX_TID = 1
- Ethernet Port 0 Rx > Port Mux (TID = 0) > MACSEC IP > Port Demux (TID = 0) > Ethernet Port 0 Tx
- Ethernet Port 1 Rx > Port Mux (TID = 1) > MACSEC IP > Port Demux (TID = 1) > Ethernet Port 1 Tx
- MAX_CTRL_PORT = 4, MAX_TX_TID = 2
- Ethernet Port 0 Rx > Port Mux (TID = 0) > MACSEC IP > Port Demux (TID = 0) > Ethernet Port 0 Tx
- Ethernet Port 1 Rx > Port Mux (TID = 1) > MACSEC IP > Port Demux (TID = 1) > Ethernet Port 1 Tx
- Ethernet Port 2 Rx > Port Mux (TID = 2) > MACSEC IP > Port Demux (TID = 2) > Ethernet Port 2 Tx
- MAX_CTRL_PORT = 4, MAX_TX_TID = 2
- Ethernet Port 0 Rx > Port Mux (TID = 0) > MACSEC IP > Port Demux (TID = 0) > Ethernet Port 0 Tx
- Ethernet Port 1 Rx > Port Mux (TID = 1) > MACSEC IP > Port Demux (TID = 1) > Ethernet Port 1 Tx
- Ethernet Port 2 Rx > Port Mux (TID = 2) > MACSEC IP > Port Demux (TID = 2) > Ethernet Port 2 Tx
- Ethernet Port 3 Rx > Port Mux (TID = 3) > MACSEC IP > Port Demux (TID = 3) > Ethernet Port 3 Tx
- MAX_CTRL_PORT = 4, MAX_TX_TID = 3
- Ethernet Port 0 Rx > Port Mux (TID = 0) > MACSEC IP > Port Demux (TID = 0) > Ethernet Port 0 Tx
- Ethernet Port 1 Rx > Port Mux (TID = 1) > MACSEC IP > Port Demux (TID = 1) > Ethernet Port 1 Tx
- Ethernet Port 2 Rx > Port Mux (TID = 2) > MACSEC IP > Port Demux (TID = 2) > Ethernet Port 2 Tx
- Ethernet Port 3 Rx > Port Mux (TID = 3) > MACSEC IP > Port Demux (TID = 3) > Ethernet Port 3 Tx
- MAX_CTRL_PORT = 4, MAX_TX_TID = 2
- Ethernet Port 0 Rx > Port Mux (TID = 0) > MACSEC IP > Port Demux (TID = 0) > Ethernet Port 5 Tx
- Ethernet Port 1 Rx > Port Mux (TID = 1) > MACSEC IP > Port Demux (TID = 1) > Ethernet Port 6 Tx
- Ethernet Port 2 Rx > Port Mux (TID = 2) > MACSEC IP > Port Demux (TID = 2) > Ethernet Port 7 Tx
- Ethernet Port 3 Rx > Port Mux (TID = 3) > MACSEC IP > Port Demux (TID = 3) > Ethernet Port 8 Tx