You will receive on your e-mail all the news about the product, updating software and documentation!

Descriptions

esr_series_datasheet_1.4.4_en.pdf

Service gateway ESR-20

– Scalable solution for different fields of application
– Advanced command line interface for management
– Flexible services configuration
– Interfacing with the equipment of leading manufacturers
– Hardware acceleration of data processing
– High reliability and redundancy of critical parts

Functional area
ESR series routers are universal hardware platforms capable of performing a wide range of tasks related to network security.

ESR-20 is universal service routers designed according to the requirements of energy and oil and gas industries. The devices support advanced routing functions, geographically-distributed networks and network security functions.

Performance
The key elements of ESR routers are data processing hardware acceleration means that ensure a high level of performance. Hardware and software processing is distributed among the units of the device.

Typical tasks performed by ESR-20:
– Data routing
– Construction of secure network perimeter (NAT, Firewall)
– User access control
– Organization of secure network tunnels
– Construction of distributed private networks, integration of remote offices into single network
– Filtering of network data by various criteria
– Interaction with the existing customer network infrastruc-ture by the use of communicating channels types defined by industry standards - voice channels, leased and dial-up lines, E1 flows.

L2 functions
– Packet swtching (bridging)
– LAG/LACP (802.3ad)
– VLAN, Q-in-Q (802.1Q)
– Logical interfaces
– LLDP
– VLAN based MAC

L3 functions (IPv4/IPv6)
– NAT, Static NAT, ALG addresses translation
– Static routes
– Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
– Prefix-List
– VRF Lite
– Policy Based Routing (PBR)
– BFD for BGP, OSPF, static routes

IP addressing management (IPv4/IPv6)
– Static IP addresses
– DHCP client
– DHCP Relay Option 82
– Embedded DHCP server (options: 43, 60, 61, 150)
– DNS resolver
– IP unnumbered

Quality of Service (QoS)
– Up to 8 priority queues per port
– L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
– Queues overload management RED, GRED
– Port prioritizing, VLAN
– Resources of priority remarking
– Policy enforcement (policing)
– Bandwidth management (shaping)
– Hierarchical QоS
– Session marking

VPN tunnels
– L2TP - client and server modes
– PPTP - client and server modes
– PPPoE client
– OpenVPN server

Tunneling
– EoGRE, IPoGRE
– IPIP
– L2TPv3
– Logical Tunnel (inter VRF-lite routing)

Additional interfaces
– Remote console access to nearby equipment (AUX port)
– Operation with wired modems in Dial Up and Leased Line modes (connection of RS-232)
– Operation with 3G/LTE modems (connection of USB or RS-232)
– Support for PPP, ML-PPP via E1 G.703 interface (up to 4 interfaces when setting TopGate SFP modules)

Network reliability assurance means
– VRRP v2,v3
– Route tracking based on VRRP state
– WAN interfaces load balancing, data stream redirection, failover in case of evaluation of channel quality
– Firewall sessions backup

BRAS (IPoE)¹– User termination
– Bandwidth management
– Limiting by traffic amount, by session time or by network applications
– HTTP/HTTPS Proxy
– HTTP/HTTPS Redirect
– White/black URL lists
– Interaction with ААА, PCRF
– Additional user authentication by MAC address
– Session accounting via Netflow protocol

Network security functions
– Network interfaces zoning
– Zone isolation, Firewall, data filtering rules
– IPSec:

– Policy-based and route-based modes
– DES, 3DES, AES, Blowfish, Camelia encryption algorithms
– IKE MD5, SHA-1, SHA-2 logs authentication

– Support for access control lists on the base of MAC and IP addresses
– DoS/DDoS attacks defense and notification
– Traffic filtering by applications
– Web filtration by URL, by content (cookies, ActiveX, Javascript)

SLA supervision functions
– Eltex SLA
Estimation of communicating channels parameters:

– One-way delay/two-way delay
– One-way jitter/two-way jitter
– One-way packet-loss/two-way packet-loss
– Error index in packets
– Wrong sequence of packets delivery

– Wellink SLA (wiSLA)¹

Monitoring and control
– Management interfaces: CLI, SNMP
– In-built Zabbix agent
– Standard and enhanced SNMP MIB support
– Authentication via local user database by means of RADIUS, TACACS+, LDAP protocols
– Access level management
– Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to default settings
– System resources usage monitoring
– Service/processes information displaying
– Netflow v5/v9/v10 (URL statistics export for HTTP, host for HTTPS)
– Ping, traceroute (IPv4/IPv6), displaying information of packets in the console
– Syslog
– NTP
– Firmware update, including remote mode
– Upload and download of configuration via TFTP, SCP, FTP, SFTP
– Local control - console RS-232 (RJ-45)
– Remote control (IPv4/IPv6) - Telnet, SSH

The feature set is available in 1.5.1 firmware version

¹Activated by the license