Service gateway ESR-1700

Overview
Specifications
Reviews
– Scalable solution for different fields of application
– Flexible services configuration
– Interfacing with the equipment of leading manufacturers
– Hardware acceleration of data processing 
    Functional area
    The family of ESR routers is a universal hardware platform capable of performing a wide range of tasks related to network security. The lineup includes models that can be used in networks of various sizes - from small business networks to carrier networks and data centers. 
     
    Performance 
    The key elements of ESR-1700 are data processing hardware acceleration means that ensure a high level of productivity.  Hardware and software processing is distributed among the units of the device.

    Typical tasks performed by service routers:
    • providing of NAT, Firewall services
    • routing
    • organization of secure network tunnels to combine different offices of companies (IPsec VPN)
    • organization of remote access to local resources on enterprise networks L2TP, PPTP, OpenVPN
    • filtering of network data by various criteria  

    Plug-in interfaces
    – USB 3G/4G/LTE modem

    VPN clients
    – PPTP
    – PPPoE

    VPN server
    – L2TP
    – PPTP
    – OpenVPN

    Tunneling
    – L2/L3 GRE
    – IPIP
    – L2TPv3
    – Logical Tunnel (inter VRF-lite routing)

    L2 functions
    – Packet switching (bridging)
    – STP, RSTP, MSTP 802.1d (only ESR-1000)
    – LAG/LACP (802.3ad)
    – VLAN (802.1Q)
    – Port Isolation (only ESR-1000, ESR-1200)
    – Private VLAN Edge (PVE) (only ESR-1000, ESR-1200)
    – Logical interfaces
    – LLDP
    – VLAN based MAC

    L3 functions (IPv4/IPv6)
    – NAT, Static NAT, ALG addresses translation
    – Static routes
    – Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
    – Prefix-List
    – VRF Lite
    – Policy Based Routing (PBR)
    – BFD for BGP, OSPF, static routes

    IP addressing management (IPv4/IPv6)
    – Static IP addresses
    – DHCP client
    – DHCP Relay Option 82
    – Embedded DHCP server (options: 43, 60, 61, 150)
    – DNS resolver

    Quality of Service (QoS)
    – Up to 8 priority queues per port
    – L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
    – Queues overload management RED, GRED
    – Port prioritizing, VLAN
    – Resources of priority remarking
    – Policy enforcement (policing)
    – Bandwidth management (shaping)
    – Hierarchical QоS
    – Session marking

    Network reliability assurance means
    – VRRP v2,v3
    – Route tracking based on VRRP state
    – WAN interfaces load balancing, data stream redirection, failover in case of evaluation of channel quality
    – Firewall sessions backup

    BRAS (IPoE)1
    – User termination
    – White/black URL lists
    – Limiting by traffic amount, by session time or by network applications
    – HTTP/HTTPS Proxy
    – HTTP/HTTPS Redirect
    – Session accounting via Netflow protocol
    – Interaction with ААА, PCRF
    – Bandwidth management by offices, SSID and user sessions
    – User authentication by MAC or IP address

    Network security functions
    – Network interfaces zoning
    – Zone isolation, Firewall, data filtering rules
    – IPSec:

    – Policy-based and route-based modes
    – DES, 3DES, AES, Blowfish, Camelia encryption algorithms
    – IKE MD5, SHA-1, SHA-2 logs authentication

    – Support for access control lists on the base of L2/L3 fields
    – DoS/DDoS attacks defense
    – Logging of attack events, rule triggering events
    – Traffic filtering by applications

    Monitoring and control
    – Standard SNMP MIB, RMONv1 support
    – Access level management
    – In-built Zabbix agent
    – Authentication via local user database by means of RADIUS, TACACS+, LDAP protocols
    – Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to default settings
    – CLI management interfaces
    – Syslog
    – System resources usage monitoring
    – Ping, traceroute (IPv4/IPv6), displaying information of packets in the console
    – Firmware update, upload and download of configuration via TFTP, SCP, FTP, SFTP
    – NTP
    – Netflow v5/v9/v10 (URL statistics export for HTTP, host for HTTPS)
    – Local control - console RS-232 (RJ-45)
    – Remote control (IPv4/IPv6) - Telnet, SSH
    – Service/processes information displaying Service quality monitoring functions (SLA)1
    – Integration with Wellink wiSLA
    – Load testing of channel capacity: up to 150 Mbps
    – TWAMP support: up to 100 simultaneous tests
    – Reflector: TWAMP, UDP-Echo, L2
    – Amount of simultaneously controlled services: minimum 100
    – TCP, HTTP, DNS services monitoring: up to 100 simultaneous tests


    The feature set is available in 1.4.1 firmware version
    1Activated by the license