You will receive on your e-mail all the news about the product, updating software and documentation!

Descriptions

esr_series_datasheet_1.4.4_en.pdf

Service gateway ESR-21

– Scalable solution for different fields of application
– Advanced command line interface for management
– Flexible services configuration
– Interfacing with the equipment of leading manufacturers
– Hardware acceleration of data processing
– High reliability and redundancy of critical parts

Functional area
ESR series routers are universal hardware platforms capable of performing a wide range of tasks related to network security.

ESR-21 is universal service routers designed according to the requirements of energy and oil and gas industries. The devices support advanced routing functions, geographically-distributed networks and network security functions.

Distinguishing feature of ESR-21 is availability of additional RS-232 ports that can be used for value added features realization - remote console access to nearby equipment (AUX mode), connection of wired and GSM modems to the router.

Performance
The key elements of ESR routers are data processing hardware acceleration means that ensure a high level of performance. Hardware and software processing is distributed among the units of the device.

Typical tasks performed by ESR-21:
– Data routing
– Construction of secure network perimeter (NAT, Firewall)
– User access control
– Organization of secure network tunnels
– Construction of distributed private networks, integration of remote offices into single network
– Filtering of network data by various criteria
– Interaction with the existing customer network infrastruc-ture by the use of communicating channels types defined by industry standards - voice channels, leased and dial-up lines, E1 flows.

L2 functions
– Packet swtching (bridging)
– LAG/LACP (802.3ad)
– VLAN, Q-in-Q (802.1Q)
– Logical interfaces
– LLDP
– VLAN based MAC

L3 functions (IPv4/IPv6)
– NAT, Static NAT, ALG addresses translation
– Static routes
– Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
– Prefix-List
– VRF Lite
– Policy Based Routing (PBR)
– BFD for BGP, OSPF, static routes

IP addressing management (IPv4/IPv6)
– Static IP addresses
– DHCP client
– DHCP Relay Option 82
– Embedded DHCP server (options: 43, 60, 61, 150)
– DNS resolver
– IP unnumbered

Quality of Service (QoS)
– Up to 8 priority queues per port
– L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
– Queues overload management RED, GRED
– Port prioritizing, VLAN
– Resources of priority remarking
– Policy enforcement (policing)
– Bandwidth management (shaping)
– Hierarchical QоS
– Session marking

VPN tunnels
– L2TP - client and server modes
– PPTP - client and server modes
– PPPoE client
– OpenVPN server

Tunneling
– EoGRE, IPoGRE
– IPIP
– L2TPv3
– Logical Tunnel (inter VRF-lite routing)

Additional interfaces
– Remote console access to nearby equipment (AUX port)
– Operation with wired modems in Dial Up and Leased Line modes (connection of RS-232)
– Operation with 3G/LTE modems (connection of USB or RS-232)
– Support for PPP, ML-PPP via E1 G.703 interface (up to 4 interfaces when setting TopGate SFP modules)

Network reliability assurance means
– VRRP v2,v3
– Route tracking based on VRRP state
– WAN interfaces load balancing, data stream redirection, failover in case of evaluation of channel quality
– Firewall sessions backup

BRAS (IPoE)¹– User termination
– Bandwidth management
– Limiting by traffic amount, by session time or by network applications
– HTTP/HTTPS Proxy
– HTTP/HTTPS Redirect
– White/black URL lists
– Interaction with ААА, PCRF
– Additional user authentication by MAC address
– Session accounting via Netflow protocol

Network security functions
– Network interfaces zoning
– Zone isolation, Firewall, data filtering rules
– IPSec:

– Policy-based and route-based modes
– DES, 3DES, AES, Blowfish, Camelia encryption algorithms
– IKE MD5, SHA-1, SHA-2 logs authentication

– Support for access control lists on the base of MAC and IP addresses
– DoS/DDoS attacks defense and notification
– Traffic filtering by applications
– Web filtration by URL, by content (cookies, ActiveX, Javascript)

SLA supervision functions
– Eltex SLA
Estimation of communicating channels parameters:

– One-way delay/two-way delay
– One-way jitter/two-way jitter
– One-way packet-loss/two-way packet-loss
– Error index in packets
– Wrong sequence of packets delivery

– Wellink SLA (wiSLA)¹

Monitoring and control
– Management interfaces: CLI, SNMP
– In-built Zabbix agent
– Standard and enhanced SNMP MIB support
– Authentication via local user database by means of RADIUS, TACACS+, LDAP protocols
– Access level management
– Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to default settings
– System resources usage monitoring
– Service/processes information displaying
– Netflow v5/v9/v10 (URL statistics export for HTTP, host for HTTPS)
– Ping, traceroute (IPv4/IPv6), displaying information of packets in the console
– Syslog
– NTP
– Firmware update, including remote mode
– Upload and download of configuration via TFTP, SCP, FTP, SFTP
– Local control - console RS-232 (RJ-45)
– Remote control (IPv4/IPv6) - Telnet, SSH

The feature set is available in 1.5.1 firmware version

¹Activated by the license