Service gateway ESR-1500

Overview
Specifications
Modules and additional devices
Reviews
Key features
  • Scalable solution for different fields of application
  • Flexible service configuration
  • Interfacing with the equipment of leading manufacturers
  • Hardware acceleration of data processing
Functional area:
The family of ESR routers is a universal hardware platform capable of performing a wide range of tasks related to network security, data encryption, user termination etc. The product line includes models that can be used in networks of various sizes - from small enterprise networks to carrier networks and data centers.

Performance:
The key elements of ESR-1500 are data processing hardware acceleration means that ensure a high level of productivity.  Hardware and software processing is distributed among the units of the device.
Typical tasks performed by service routers:
  • Data routing
  • Construction of secure network perimeter (Firewall)
  • Network attacks prevention and monitoring (IPS/IDS)
  • Service quality monitoring (SLA)
  • Filtering of network data by various criteria (including filtering by applications)
  • Organization of secure network tunnels between different offices of a company
  • Remote connection of staff members to office
  • Management and distribution of Internet channel width within an office by using QoS
  • Organization of redundant connection (by means of wires or 3G/LTE modem)
  • User termination and bandwidth limiting – BRAS (IPoE)
Packet processor Broadcom XLP516
Interfaces
  • 4хCombo 10/100/1000BASE-T/1000BASE-X SPF
  • 4x10/100/1000BASE-T
  • 4x10GBASE-R SFP+/1000BASE-X
  • 1xConsole (RJ-45)
  • 2хUSB 2.0
Performance
  • Firewall/NAT/routing (1518B frames) - 13.1 Gbps, 1077 kpps
  • IPsec VPN (1456B frames) - 4.2 Gbps, 364 kpps
  • IPS/IDS 10k rules - 590 Mbps, 104 kpps
System features
  • VPN tunnels - 500
  • Static routes - 11k
  • Concurrent sessions - 512k
  • VLAN support - up to 4k VLANs in accordance with 802.1Q
  • BGP routes - 2.8M
  • OSPF routes - 500k
  • RIP routes - 10k
  • MAC address table - 128k
  • FIB size - 1,7M
  • VRF Lite - 32
Physical specifications and ambient parameters
  • Maximum power consumption - 125 W
  • Power supply:
    • 220 V AC +-20%, 50 Hz
    • -36..-72V DC
  • Up to two hot-swappable power units
  • Operating temperature - from -10 to +45 °С
  • Storage temperature - from -40 to +70 °С
  • Operating humidity - no more than 80%
  • Storage humidity - from 10% to 95%
  • Dimensions (mm) - 430х425х44
  • Weight - 7 kg
  • Average service life - 10 years

Plug-in interfaces
  • E1 TopGate SFP
Remote Access VPN clients
  • PPTP/PPPoE/L2TP/OpenVPN/IPsec XAUTH

Remote Access VPN server

  • L2TP/PPTP/OpenVPN/IPsec XAUTH
Site-to-site VPN
  • IPsec: «policy-based» and «route-based» modes
  • DMVPN
  • DES, 3DES, AES, Blowfish, Camellia encryption algorithms
  • IKE MD5, SHA-1, SHA-2 message authentication

Tunneling

  • IPoGRE, EoGRE
  • IPIP
  • L2TPv3
  • LT (inter VRF-lite routing)

L2 functions

  • Packet switching (bridging)
  • LAG/LACP (802.3ad)
  • VLAN support (802.1Q)
  • Logical interfaces
  • LLDP, LLDP MED
  • VLAN-based MAC

L3 functions (IPv4/IPv6)

  • NAT, Static NAT, ALG
  • Static routes
  • Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
  • Route filtering (prefix list)
  • VRF Lite
  • Policy Based Routing (PBR)
  • BFD for BGP, OSPF, static routes

Network security functions

  • Intrusion Detection/Prevention system (IPS/IDS)1
  • Web filtering by URL, by content (cookies, ActiveX, JavaScript)
  • Zone-based Firewall
  • Firewall filtering based on L2/L3/L4 fields and applications
  • Support for access control lists on the base of L2/L3/L4 fields
  • Protection from DoS/DDoS attacks and notification on them
  • Logging of attack and rule triggering events 

SLA control functions

  • Eltex SLA
  • Channel parameters evaluation:
    • Delay (one-way/two-way)
    • Jitter (one-way/two-way)
    • Packet loss (one-way/two-way)
    • Packet Error Rate
    • Out-of-order delivery
  • Wellink SLA (wiSLA)1

BRAS (IPoE)1

  • User termination
  • White/black URL lists
  • Quotas for traffic volume, session time, network applications
  • HTTP/HTTPS Proxy
  • HTTP/HTTPS Redirect
  • Session accounting via Netflow protocol
  • Interaction with ААА, PCRF
  • Bandwidth management by offices, SSIDs and user sessions
  • User authentication by MAC or IP address

IP addressing management (IPv4/IPv6)

  • Static IP addresses
  • DHCP client
  • DHCP Relay Option 82
  • Built-in DHCP server, support for options: 43, 60, 61, 150
  • DNS resolver
  • IP unnumbered

Quality of Service (QoS)

  • Up to 8 priority queues per port
  • L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
  • RED, GRED congestion avoidance algorithms
  • Precedence re-marking mechanisms
  • Applying policies (policy-map)
  • Bandwidth management (shaping)
  • Hierarchical QоS
  • Session tagging

Network reliability assurance means

  • VRRP v2,v3
  • Route tracking based on VRRP state
  • WAN interfaces load balancing, data stream redirection, channel switching during QoS control
  • Firewall sessions backup

Management and monitoring

  • Support for standard and extended SNMP MIB, RMONv1
  • Built-in Zabbix agent
  • User authentication through a local database via RADIUS, TACACS+, LDAP
  • Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to factory settings
  • CLI
  • Syslog support
  • System resources usage monitoring
  • Ping, traceroute (IPv4/IPv6), displaying information on packets in the console
  • Firmware update, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
  • NTP support
  • Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
  • Local control via RS-232 (RJ-45)
  • Remote control via Telnet, SSH (IPv4/IPv6)
  • Displaying information on services/processes
  • Local/remote router configuration storage

Functionality for firmware version 1.8.2

1Activated by the license

Additional modules (doesn't included in basic package)

PM350-48/12

PM350-48/12 power module, 35-75V DC, 500W

РМ350-220/12

РМ350-220/12 power module, 176-264V AC, 500W


 1 fiber

Part Number

 SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS3 / FH-SB5312CDS3

 SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL3 / FH-SB5312CDL3

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS20 / FH-SB5312CDS20

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL20 / FH-SB5312CDL20

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM, INDUSTRIAL

FH-SB3512IDS20 / FH-SB5312IDS20

 SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL40 / FH-SB5312CDL40

 SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS40 / FH-SB5312CDS40

 SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL80 / FH-SB5412CDL80

 SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM

FH-SB4512CDS80 / FH-SB5412CDS80

 SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL120 / FH-SB5412CDL120

 SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM

FH-SB4512CDS120 / FH-SB5412CDS120

 SFP 1.25 GE module 160 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL160 / FH-SB5412CDL160

 2 fibers

 SFP 1.25 GE module 550 m, MM, 2 fibers, 850 nm,  LC,  DDM

FH-S8512CDL05

 SFP 1.25 GE module 2 km, ММ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL2

 SFP 1.25 GE module 20 km, SМ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL20

SFP 1.25 GE module 40 km, SМ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL40

 SFP 1.25 GE module 80 km, SМ, 2 fibers, 1550 nm, LC, DDM

FH-S5512CDL80

 SFP 1.25 GE module 120 km, SМ, 2 fibers, 1550 nm, LC, DDM

FH-S5512CDL120

 SFP 1.25 GE module 160 km, SМ, 2 fibers, 1550 nm, LC, DDM   

FH-S5512CDL160

SFP+

 1 fiber

 SFP+ 10GE module 3 km, SM, 1 fiber, TX/RX 1290/1310 LC set, DDM

FH-SPB311TCDL3 / FH-SPB191TCDL3

 SFP+ 10GE module 20 km, SM, 1 fiber, TX/RX 1330/1270 LC set, DDM

FH-SPB231TCDL20 / FH-SPB321TCDL20

 SFP+ 10GE module 40 km, SM, 1 fiber, TX/RX 1330/1270 LC set, DDM

FH-SPB231TCDL40 / FH-SPB321TCDL40

 SFP+ 10GE module 60 km, SM, 1 fiber, TX/RX 1330/1270 LC set, DDM

FH-SPB231TCDL60 / FH-SPB321TCDL60

 SFP+ 10GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SPB451TCDL80 / FH-SPB541TCDL80

 SFP+ 10GE module 100 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SPB451TCDL100 / FH-SPB541TCDL100

 2 fibers

 SFP+ 10GE module, 0.3 km, MM, 2 fibers, 850 nm, LC, DDM

FH-SP851TCDL03

 SFP+ 10GE module, 20 km, SM, 2 fibers, 1310 nm, LC, DDM

FH-SP311TCDL20

 SFP+ 10GE module, 40 km, SM, 2 fibers, 1550 nm, LC, DDM

FH-SP551TCDL40

 SFP+ 10GE module, 80 km, SM, 2 fibers, 1550 nm, LC, DDM

FH-SP551TCDL80

 SFP+ 10GE module, 100 km, SM, 2 fibers, 1550 nm, LC, DDM

FH-SP551TCDL100

SFP/SFP+ transceivers with RJ-45 interface

 SFP transceiver of 10/100/1000 BASE-T 

FH-ST2

 SFP+ transceiver of 10GBASE-Т 

FH-10SFP-T

SFP+ Direct Attach Cable 

 SFP+ Direct attach cable, 10G, 1m

FH-DP1T30SS01

 SFP+ Direct attach cable, 10G, 2m

FH-DP1T30SS02

SFP+ Direct attach cable, 10G, 3m

FH-DP1T30SS03

SFP+ Direct attach cable, 10G, 5m

FH-DP1T30SS05