Service gateway ESR-1700

Typical tasks performed by service routers

Data routing
Construction of secure network perimeter (Firewall)
Intrusion prevention and detection (IPS/IDS)
Service quality monitoring (SLA)
Filtering of network data by various criteria (including filtering by applications)
Organization of secure network tunnels between different offices of a company
Remote connection of staff members to office
Management and distribution of Internet channel width within an office by using QoS
Organization of redundant connection (by means of wires or 3G/LTE modem)
Subscriber termination and bandwidth limiting – BRAS (IPoE)

The family of ESR routers is a universal hardware platform capable of performing a wide range of tasks related to network secu- rity, data encryption, subscriber termination, etc. The product line includes models that can be used in networks of various sizes — from small enterprise networks to carrier networks and data centers.

Performance
The key elements of ESR service routers are data processing hardware acceleration means that ensure a high level of perfor- mance. Hardware and software processing is distributed among the units of the device.

Functional areapurpose

Scalable solution for different fields of application
Flexible service configuration
Interfacing with the equipment of leading manufacturers
Hardware acceleration of data processing

Show all

Interfaces

4хCombo 10/100/1000BASE-T/ 1000BASE-X
8x10GBASE-R SFP+/1000BASE-X
1xConsole (RJ-45)
2хUSB 2.0

Performance

Firewall/NAT/routing (1518B frames) - 39 Gbps; 3216k pps
Firewall/NAT/routing (70B frames) - 2.692 Gbps; 4548k pps
IPsec VPN (1456B frames) - 13 Gbps; 1117k pps
IPS/IDS 10k rules - 3.64 Gbps; 797k pps
MPLS (1518B frames)¹

System features

VPN tunnels - 500
Static routes - 11k
Concurrent sessions - 512k
VLAN support - up to 4k VLANs in accordance with 802.1Q
BGP routes - 5M
OSPF routes - 500k
RIP routes - 10k
MAC address table - 128k
FIB size - 3.0M
VRF Lite - 32

Plug-in interfaces

USB 3G/4G/LTE modem
E1 TopGate SFP

Remote Access VPN clients

L2TP/PPTP/OpenVPN/IPsec XAUTH

Remote Access VPN server

L2TP/PPTP/OpenVPN/IPsec XAUTH

Site-to-site VPN

IPsec: “policy-based” and “route-based” modes
DMVPN
DES, 3DES, AES, Blowfish, Camellia encryption algorithms
IKE MD5, SHA-1, SHA-2 message authentication

Tunneling

IPoGRE, EoGRE
IPIP
L2TPv3
LT (inter VRF-lite routing)

L2 functions

Packet switching (bridging)
LAG/LACP (802.3ad)
VLAN support (802.1Q)
Port Isolation
Private VLAN Edge (PVE)
Logical interfaces
LLDP, LLDP MED
MAC-based VLAN

L3 functions (IPv4/IPv6)

NAT, Static NAT, ALG
Static routes
Dynamic routing protocols RIPv2, OSPFv2/v3, IS-IS, BGP
Route filtering (prefix list)
VRF Lite
Policy Based Routing (PBR)
BFD for BGP, OSPF, static routes

BRAS (IPoE)¹

Subscriber termination
White/black URL lists
Quotas for traffic volume, session time, network applications
HTTP/HTTPS Proxy
HTTP/HTTPS Redirect
Session accounting via Netflow protocol
Interaction with ААА, PCRF servers
Bandwidth management by offices, SSIDs and user sessions
User authentication by MAC or IP address

Network security functions

Intrusion Prevention/Detection system (IPS/IDS)¹
Interaction with Eltex Distribution Manager for obtaining licensable content — rule sets, distributed by Kaspersky SafeStream II1
Web filtering by URL, by content (cookies, ActiveX, JavaScript)
Zone-based Firewall
Filtering based on L2/L3/L4 fields and applications
Support for access control lists (ACL) based on L2/L3/L4 fields
Protection against DoS/DDoS attacks and notification on them
Logging of attack and rule triggering events

Quality of Service (QoS)

Up to 8 priority queues per port
L2 and L3 traffic prioritization (802.1p (CoS), DSCP, IP Precedence (ToS))
RED, GRED congestion avoidance algorithms
Precedence re-marking mechanisms
Applying policies (policy-map)
Bandwidth management (shaping)
Hierarchical QоS
Session marking

IP addressing management (IPv4/IPv6)

Static IP addresses
DHCP client
DHCP Relay Option 82
Embedded DHCP server, 43, 60, 61, 150 options support
DNS resolver
IP unnumbered

Network reliability assurance means

VRRP v2,v3
VRRP or SLA tracking
- Managing VRRP Profiles
- Managing PBR Profiles
- Interface Status Management
- Activation and deactivation of a static route
- Managing the AS-PATH attribute and preference in route map
WAN interfaces load balancing, data stream redirection, channel switching during QoS control
Firewall sessions backup

Management and monitoring

Support for standard and extended SNMP MIB, RMONv1
Embedded Zabbix agent
Authentication methods: local, RADIUS, TACACS+, LDAP
Protection against configuration errors
Automatic configuration recovery), ability to restore the default factory configuration
CLI
Syslog
System resource usage monitoring
Ping, traceroute (IPv4/IPv6), packet information in the console output
Firmware upgrade, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
Support for NTP
Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
Local control via RS-232 console port (RJ-45)
Remote control via Telnet, SSH (IPv4/IPv6)
Displaying information on services/processes
Local/remote router configuration storage

SLA control functions

Eltex SLA
Channel parameters evaluation:
- Delay (one-way/two-way)
- Jitter (one-way/two-way)
- Packet loss (one-way/two-way)
- Packet Error Rate
- Out-of-order delivery

MPLS

LDP
L2VPN VPWS
L2VPN VPLS Martini Mode
L2VPN VPLS Kompella Mode
L3VPN MP-BGP

Physical specifications and ambient parameters

Maximum power consumption - 250 W
Maximum noise level - 70 dB
Power supply:
- 176–264 V AC,50–60 Hz;
- 36–72 V DC
- Up to two hot-swappable power modules
Operating temperature - from -10 to +45 °С
Storage temperature - from -40 to +70 °С
Operating humidity - no more than 80%
Storage humidity - from 10% to 95%
Dimensions (mm) - 440 х 88 х 490
Weight - 12 kg
Average service life - 15 years

Functionality for firmware version 1.14.5

¹Activated by the license

Show all

Additional modules (doesn't included in basic package)
PM350-48/12	PM350-48/12 power module, 35-75V DC, 500W
РМ350-220/12	РМ350-220/12 power module, 176-264V AC, 500W

1 fiber	Part Number
SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM	FH-SB3512CDS3 / FH-SB5312CDS3
SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM	FH-SB3512CDL3 / FH-SB5312CDL3
SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM	FH-SB3512CDS20 / FH-SB5312CDS20
SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM	FH-SB3512CDL20 / FH-SB5312CDL20
SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM, INDUSTRIAL	FH-SB3512IDS20 / FH-SB5312IDS20
SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM	FH-SB3512CDL40 / FH-SB5312CDL40
SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM	FH-SB3512CDS40 / FH-SB5312CDS40
SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM	FH-SB4512CDL80 / FH-SB5412CDL80
SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM	FH-SB4512CDS80 / FH-SB5412CDS80
SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM	FH-SB4512CDL120 / FH-SB5412CDL120
SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM	FH-SB4512CDS120 / FH-SB5412CDS120
SFP 1.25 GE module 160 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM	FH-SB4512CDL160 / FH-SB5412CDL160
2 fibers
SFP 1.25 GE module 550 m, MM, 2 fibers, 850 nm, LC, DDM	FH-S8512CDL05
SFP 1.25 GE module 2 km, ММ, 2 fibers, 1310 nm, LC, DDM	FH-S3112CDL2
SFP 1.25 GE module 20 km, SМ, 2 fibers, 1310 nm, LC, DDM	FH-S3112CDL20
SFP 1.25 GE module 40 km, SМ, 2 fibers, 1310 nm, LC, DDM	FH-S3112CDL40
SFP 1.25 GE module 80 km, SМ, 2 fibers, 1550 nm, LC, DDM	FH-S5512CDL80
SFP 1.25 GE module 120 km, SМ, 2 fibers, 1550 nm, LC, DDM	FH-S5512CDL120
SFP 1.25 GE module 160 km, SМ, 2 fibers, 1550 nm, LC, DDM	FH-S5512CDL160
SFP+
1 fiber
SFP+ 10GE module 3 km, SM, 1 fiber, TX/RX 1290/1310 LC set, DDM	FH-SPB311TCDL3 / FH-SPB191TCDL3
SFP+ 10GE module 20 km, SM, 1 fiber, TX/RX 1330/1270 LC set, DDM	FH-SPB231TCDL20 / FH-SPB321TCDL20
SFP+ 10GE module 40 km, SM, 1 fiber, TX/RX 1330/1270 LC set, DDM	FH-SPB231TCDL40 / FH-SPB321TCDL40
SFP+ 10GE module 60 km, SM, 1 fiber, TX/RX 1330/1270 LC set, DDM	FH-SPB231TCDL60 / FH-SPB321TCDL60
SFP+ 10GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM	FH-SPB451TCDL80 / FH-SPB541TCDL80
SFP+ 10GE module 100 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM	FH-SPB451TCDL100 / FH-SPB541TCDL100
2 fibers
SFP+ 10GE module, 0.3 km, MM, 2 fibers, 850 nm, LC, DDM	FH-SP851TCDL03
SFP+ 10GE module, 20 km, SM, 2 fibers, 1310 nm, LC, DDM	FH-SP311TCDL20
SFP+ 10GE module, 40 km, SM, 2 fibers, 1550 nm, LC, DDM	FH-SP551TCDL40
SFP+ 10GE module, 80 km, SM, 2 fibers, 1550 nm, LC, DDM	FH-SP551TCDL80
SFP+ 10GE module, 100 km, SM, 2 fibers, 1550 nm, LC, DDM	FH-SP551TCDL100
SFP/SFP+ transceivers with RJ-45 interface
SFP transceiver of 10/100/1000 BASE-T	FH-ST2
SFP+ transceiver of 10GBASE-Т	FH-10SFP-T
SFP+ Direct Attach Cable
SFP+ Direct attach cable, 10G, 1m	FH-DP1T30SS01
SFP+ Direct attach cable, 10G, 2m	FH-DP1T30SS02
SFP+ Direct attach cable, 10G, 3m	FH-DP1T30SS03
SFP+ Direct attach cable, 10G, 5m	FH-DP1T30SS05

Descriptions

Data sheet 1.14.5

Software

Firmware Update Guide 1.18.3

esr1700-1.18.3-build2.tar.gz

mibs-1.18.3.zip

Documentations

User Manual 1.18.1

Quick Guide 1.18.1

Intrusion Prevention System

CLI User Guide 1.13.0

Release notes 1.13.0

Downloads

Operational lifetime of the ELTEX equipment

Regardless of the operational lifetime stage, Eltex provides a 12 months warranty on all its telecommunication equipment.
During the warranty period the manufacturer ensures technical support and free-of-charge repair at the Enterprise which is situated in Novosibirsk.
As part of the warranty service, technical support is provided on the first-in first-out principle.
The priority support packages of 8/5 and 27/7 types are subjects to additional charges.