vESR virtual service routers

• Virtual solution
• Data routing
• Multiprotocol label switching (MPLS)
• Building a secure network (NAT, Firewall)
• Intrusion Detection and Prevention System (IPS/IDS)¹
• Filtering of network data by various criteria (including filtering by applications)
• Organization of secure network tunnels between different offices of a company
• Remote connection of staff members to an office
• Internet channel management and bandwidth allocation within an office using QoS
• Organization of redundant connection
• Subscriber termination, bandwidth shaping, IPoE BRAS*

vESR is a virtual service router designed for connection of small and middle-sized offices in enterprise networks. The functionality of firewall and router allows ensuring security with various Internet connection options. vESR supports advanced routing, WAN organization and network security functions.

---

* Available only with option vESR FREE. Support for other options will be implemented in future versions.

Remote Access VPN client

• PPTP/PPPoE/L2TP/OpenVPN/IPsec XAUTH

Remote Access VPN server

• L2TP/PPTP/OpenVPN/IPsec XAUTH

Site-to-site VPN

• IPsec: “policy-based” and “route-based” modes1
• DMVPN
• DES, 3DES, AES, Blowfish, Camellia encryption algorithms
• IKE MD5, SHA-1, SHA-2 message authentication

Tunneling

• IPoGRE, EoGRE
• IPIP
• L2TPv3
• LT (inter VRF routing)

L2 functions

• Packet switching (bridging)
• LAG/LACP (802.3ad)
• VLAN (802.1Q)
• Logical interfaces
• LLDP, LLDP MED
• MAC-based VLAN
• STP, RSTP

L3 functions (IPv4/IPv6)

• NAT, Static NAT, ALG
• Static routes
• RIPv2, RIPng, OSPFv2/v3, IS-IS, BGP dynamic protocols1
• Route filtering (prefix list)
• VRF
• GRE fragmentation (IPoGRE, EoGRE, MPLS over GRE)
• Policy Based Routing (PBR)
• BFD for BGP, OSPF, static routes

IP addressing management (IPv4/IPv6)

• Static IP addresses
• DHCP client
• DHCP Relay Option 82
• Embedded DHCP server, 43, 60, 61, 150 options support
• IP unnumbered
• DNS resolver

MPLS

• LDP
• L2VPN VPWS
• L2VPN VPLS Martini Mode
• L2VPN VPLS Kompella Mode
• L3VPN MP-BGP
• MPLS over GRE

IPoE BRAS2

• Subscriber termination
• User authentication by MAC or IP address
• Session accounting via NetFlow protocol
• White/black URL lists
• Quotas for traffic volume, session time, network applications
• HTTP/HTTPS Proxy
• HTTP/HTTPS Redirect

Network security functions

• Intrusion Prevention/Detection System (IPS/IDS)2
• Web filtering by URL, by content (cookies, ActiveX, JavaScript)
• Filtering based on L2/L3/L4 fields and applications
• Support for access control lists (ACL) based on L2/L3/L4 fields
• Zone-based firewall
• Protection against DoS/DDoS attacks and notification on them
• Logging of attacks and rule triggering events

Quality of Service (QoS)

• Up to 8 priority or weighted queues per port
• L2- and L3 traffic prioritization (802.1p (CoS), DSCP, IP Precedence (ToS))
• RED, GRED congestion avoidance algorithms
• Priority re-marking mechanisms
• Policy-map
• Bandwidth management (shaping)
• Hierarchical QоS
• Session labeling

Network reliability assurance means

• VRRP v2,v3
• WAN interfaces load balancing, data stream redirection, channel switching during QoS control
• Firewall sessions backup

Management and monitoring

• Support for standard and extended SNMP MIB, RMONv1
• Embedded Zabbix agent
• User authentication using local database via RADIUS, TACACS+, LDAP
• Protection against configuration errors, automatic configuration recovery
• Ability to restore the default factory configuration
• CLI
• Syslog
• System resource usage monitoring
• Ping, traceroute (IPv4/IPv6), packet information in the console output
• Firmware upgrade, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
• Support for NTP
• Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
• Local control via RS-232 console port
• Remote control via Telnet, SSH (IPv4/IPv6)
• Displaying information on services/processes
• Local/remote router configuration storage

Minimum system requirements3

• Processor:
  • x86-64 architecture, clock frequency of at least 1.8 GHz
  • Support for MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2 instructions (processor generation Intel Nehalem/AMD Barcelona CPU or higher)
    
• RAM - Not less than 3 GB
• Storage - Not less than 375 MB
• Hypervisors - VirtualBox 6.0, ESXi 6.7
• I/O:
  • Emulation - Intel E1000, Intel E1000E, VMXNET2, VMXNET3
  • Paravirtualization - VirtIO
  • PCI Pass-through - Intel XL710 Ethernet Controller (2x40/1x40/4x10/2x20/2x10/1x10), Intel X722 Ethernet Controller (2x10/4x10)

---

Functionality for firmware version 1.18.2.
1Corresponds to option vESR FREE. The full functionality is activated by a license.
2Available only with option vESR FREE. Support for other options will be implemented in future versions.
3The given requirements allow the installation of vESR and initial start-up with basic configuration.