Service gateway ESR-200

Overview
Specifications
Reviews
  • scaleable solution for different networks
  • impoved interface of command line for management
  • flexible service configuration
  • working with equipment of different vendors
  • hardware accelerated data
  • capability till 10 Gbps
  • L2/L3 function realization on hardware
  • reliability
  • reservation of critical nodes
The family of ESR routers are a universal hardware platform capable of performing a wide range of tasks related to network security. The lineup includes application-oriented models to be used in networks of various sizes - from small business networks to carrier networks and data centres.  
  

Typical tasks performed by service routers:

  • Providing NAT, Firewall services
  • Organization of secure network tunnels to combine different offices of companies (IPsec VPN)
  • Organization of remote access to local resources in enterprise networks (L2TP, PPTP)
  • Means for the gradual transition from IPv4 addressing to IPv6 (6to4, 4to6)
  • Filtering of network data by various criteria
  • Detection and prevention of network intrusion attempts, protection against data loss
  • Analysis of network traffic and network activity in relation to applications and users
  • Reservation of connections to networks of Internet-providers
  • A number of other tasks being constantly added to the list due to development of data networks and the emergence of new network services 
    These functions are combinable with traditional services. The devices have features of L2 switch and L3 router.

    Perfomance 

    The key elements of ESR-200 are data processing hardware acceleration equipment ensuring high levels of productivity. Hardware and software processing is distributed among the units of the device. 

    Performance

    • Firewall performance (large packets) - 2.4 / 200 Gbps / Kpps
    • Performance NAT (big packets) - 2.4 / 200 Gbps / Kpps
    • Performance IPsec VPN (big bags) - 0.7 / 61 Gbps / Kpps (aes128bit-sha1)
    • VPN tunnels - 200
    • Static routes - 11K
    • The number of concurrent sessions - 256K

    Interfaces

    • 4 Ethernet port 10/100/1000 Base-T
    • 4 Combo port 10/100/1000Base-T SFP + /1000 Base-X
    • 1 USB2.0 ports
    • 1 USB3.0 ports
    • Slot for SD-cards

    Specifications

    • RAM - up to 8 GB
    • Built-in Flash-memory - 1 GB
    • Power supply - 220V AC / 48V DC
    • Power consumption up to 75 watts

    Hardware Features

    • Hardware encryption acceleration
    • Hardware acceleration DPI

    Server VPN

    • L2TP
    • PPTP
    • OpenVPN

    Tunneling

    • GRE
    • IPIP
    • L2TPv3

    L2 functions

    • Packet switching (bridging)
    • STP, RSTP, MSTP 802.1d, 802.1Q
    • LAG/LACP 802.3ad
    • VLAN 802.1Q
    • Port Isolation
    • Private VLAN Edge (PVE)

    L3 functions (IPv4/IPv6)

    • SNAT, DNAT, Static NAT (IPv4 only) addresses translation
    • Static routes
    • Dynamic routing protocols RIPv2, OSPFv2, BGP, OSPFv3
    • VRF Lite
    • PBR
    • Prefix-List

    IP addressing management (IPv4/IPv6)

    • Static addresses
    • DHCP client, PPPoE client
    • Embedded DHCP server
    • DHCP Relay

    Quality of Service (QoS)

    • Up to 8 priority queues per port
    • L2 and L3 traffic prioritization (802.1p, DSCP, IP presedence)
    • Queues overload management RED, GRED
    • Port prioritizing , VLAN
    • Remarking of priorities resources
    • Policy enforcement (policing)
    • Bandwidth management (shaping)
    • Hierarchical QoS
    • Sessions marking

    Network reliability assurance support

    • Dual homing
    • VRRP
    • WAN interfaces load balancing, data stream redirection
    • High availability: connection reservation
    • Two devices stacking , configuration, on-line data, link redundancy

    Network security functions

    • Network interfaces zoning
    • Zone isolation, firewall, data filtering rules
    • IPSec
    • Encryption of connections (DES, 3DES, AES), Blowfish, Camellia
    • Logs authentication MD-5, SHA-1, SHA-2
    • Access Control List based on MAC, IP

    Monitoring and control:

    • Standard SNMP MIB support
    • Management of access level
    • Authentication on the local user database, RADIUS, TACACS+, LDAP
    • Protection against configuration errors, configuration recovery
    • Management Interfaces CLI
    • Syslog
    • Use of system resources monitor
    • ping, traceroute (Ipv4, Ipv6)
    • Upload and download configuration via TFTP
    • Online Software Updating, via USB -drive, SD card
    • Software updating, upload and download of configuration via TFTP, SCP, FTP
    • IP SLA Wellink (wiSLA) (continuos monitoring of VPN L2 and VPN L3)
    • NTP
    • Netflow v5/v9/v10
    • Local management - console RS-232
    • Remote management (Ipv4, Ipv6) - telnet, SSH

    Monitoring functions

    • Load testing of channel capacity: up to 150 Mbps
    • TWAMP: up to 100 tests at the same time
    • Reflector: TWAMP, UDP-Echo, L2
    • Services monitoring TCP: up to 100 tests at the same time
    • Services monitoring HTTP: up to 100 tests at the same time
    • DNS: up to 100 tests at the same time
    • Simultaneous controlled services amount: more than 100

    Physical characteristics and environment features

    • Power supply source: circuit of alternating current 220V+-20%,50 GHz
    • Power consumption less than 75 W
    • Weight less than 3,6 kg
    • Dimensions (WхHхD):310х46,3х240 mm
    • Temperature range from -10 to +45°С
    • Temperature range for storage from -40 to +70°С