Subscribe
You will receive on your e-mail all the news about the product, updating software and documentation!
Service gateway ESR-3100
Overview
Specifications
Reviews
Typical tasks performed by service routers
Performance
The key elements of ESR service routers are data processing hardware acceleration means that ensure a high level of perfor- mance. Hardware and software processing is distributed among the units of the device.
Functional areapurpose
- Data routing
- Construction of secure network perimeter (Firewall)
- Intrusion prevention and detection (IPS/IDS)
- Service quality monitoring (SLA)
- Filtering of network data by various criteria (including filtering by applications)
- Organization of secure network tunnels between different offices of a company
- Remote connection of staff members to office
- Management and distribution of Internet channel width within an office by using QoS
- Organization of redundant connection (by means of wires or 3G/LTE modem)
- Subscriber termination and bandwidth limiting – BRAS (IPoE)
Performance
The key elements of ESR service routers are data processing hardware acceleration means that ensure a high level of perfor- mance. Hardware and software processing is distributed among the units of the device.
Functional areapurpose
- Scalable solution for different fields of application
- Flexible service configuration
- Interfacing with the equipment of leading manufacturers
- Hardware acceleration of data processing
Interfaces
Network security functions
- 1000BASE-X/10GBASE-R/25GBASE-R (LAN/WAN) - 12
- Console (RJ-45) - 1
- USB 3.0 - 1
- SD port - 1
- Firewall/NAT/routing (1518B frames) - 6.78 Gbps; 558k pps
- Firewall/NAT/routing (70B frames) - 330 Mbps; 558k pps
- IPsec VPN (1456B frames) - 1.07 Gbps; 92k pps
- IPS/IDS 10k rules - 467 Mbps; 107k pps
- MPLS (1518B frames)1
- VPN tunnels - 500
- Static routes - 11k
- Concurrent sessions - 512k
- VLAN support - up to 4k active VLANs in accordance with 802.1Q
- BGP routes - 5M
- OSPF routes - 500k
- RIP routes - 10k
- MAC table -2k entries per bridge
- FIB size - 1.7M
- VRF Lite - 32
- E1 TopGate SFP
- L2TP/PPTP/OpenVPN/IPsec XAUTH
- L2TP/PPTP/OpenVPN/IPsec XAUTH
- IPsec: “policy-based” and “route-based” modes
- DMVPN
- DES, 3DES, AES, Blowfish, Camellia encryption algorithms
- IKE MD5, SHA-1, SHA-2 message authentication
- IPoGRE, EoGRE
- IPIP
- L2TPv3
- LT (inter VRF-lite routing)
- Packet switching (bridging)
- LAG/LACP (802.3ad)
- VLAN support (802.1Q)
- Logical interfaces
- LLDP, LLDP MED
- MAC-based VLAN
- NAT, Static NAT, ALG
- Static routes
- Dynamic routing protocols RIPv2, OSPFv2/v3, IS-IS, BGP
- Route filtering (prefix list)
- VRF Lite
- Policy Based Routing (PBR)
- BFD for BGP, OSPF, static routes
- Subscriber termination
- White/black URL lists
- Quotas for traffic volume, session time, network applications
- HTTP/HTTPS Proxy
- HTTP/HTTPS Redirect
- Session accounting via Netflow protocol
- Interaction with ААА, PCRF servers
- Bandwidth management by offices, SSIDs and user sessions
- User authentication by MAC or IP address
Network security functions
- Intrusion Prevention/Detection system (IPS/IDS)2
- Interaction with Eltex Distribution Manager for obtaining licensable content — rule sets, distributed by Kaspersky SafeStream II1
- Web filtering by URL, by content (cookies, ActiveX, JavaScript)
- Zone-based Firewall
- Filtering based on L2/L3/L4 fields and applications
- Support for access control lists (ACL) based on L2/L3/L4 fields
- Protection against DoS/DDoS attacks and notification on them
- Logging of attack and rule triggering events
- Up to 8 priority queues per port
- L2 and L3 traffic prioritization (802.1p (CoS), DSCP, IP Precedence (ToS))
- RED, GRED congestion avoidance algorithms
- Precedence re-marking mechanisms
- Applying policies (policy-map)
- Bandwidth management (shaping)
- Hierarchical QоS
- Session marking
- Static IP addresses
- DHCP client
- DHCP Relay Option 82
- Embedded DHCP server, 43, 60, 61, 150 options support
- DNS resolver
- IP unnumbered
- VRRP v2,v3
- VRRP or SLA tracking
- Managing VRRP Profiles
- Managing PBR Profiles
- Interface Status Management
- Activation and deactivation of a static route
- Managing the AS-PATH attribute and preference in route map
- WAN interfaces load balancing, data stream redirection, channel switching during QoS control
- Firewall sessions backup
- Support for standard and extended SNMP MIB, RMONv1
- Embedded Zabbix agent
- Authentication methods: local, RADIUS, TACACS+, LDAP
- Protection against configuration errors
- Automatic configuration recovery), ability to restore the default factory configuration
- CLI
- Syslog
- System resource usage monitoring
- Ping, traceroute (IPv4/IPv6), packet information in the console output
- Firmware upgrade, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
- Support for NTP
- Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
- Local control via RS-232 console port (RJ-45)
- Remote control via Telnet, SSH (IPv4/IPv6)
- Displaying information on services/processes
- Local/remote router configuration storage
- Eltex SLA
- Channel parameters evaluation:
- Delay (one-way/two-way)
- Jitter (one-way/two-way)
- Packet loss (one-way/two-way)
- Packet Error Rate
- Out-of-order delivery
- LDP
- L2VPN VPWS
- L2VPN VPLS Martini Mode
- L2VPN VPLS Kompella Mode
- L3VPN MP-BGP
- Maximum power consumption - 123 W
- Maximum noise level - 70 dB
- Power supply:
- 100–240 V AC, 50–60 Hz;
- 36–72 V DC
- Up to two hot-swappable power modules
- Operating temperature - from -10 to +45 °С
- Storage temperature - from -40 to +70 °С
- Operating humidity - no more than 80%
- Storage humidity - from 10% to 95%
