Service gateway ESR-1700

• 4хCombo 10/100/1000BASE-T/ 1000BASE-X
• 8x10GBASE-R SFP+/1000BASE-X
• 1xConsole (RJ-45)
• 2хUSB 2.0

Plug-in interfaces

• USB 3G/4G/LTE modem

VPN clients

• PPTP
• PPPoE

VPN server

• L2TP
• PPTP
• OpenVPN

Tunneling

• L2/L3 GRE
• IPIP
• L2TPv3
• Logical Tunnel (inter VRF-lite routing)

L2 functions

• Packet switching (bridging)
• STP, RSTP, MSTP 802.1d (only ESR-1000)
• LAG/LACP (802.3ad)
• VLAN (802.1Q)
• Port Isolation (only ESR-1000, ESR-1200)
• Private VLAN Edge (PVE) (only ESR-1000, ESR-1200)
• Logical interfaces
• LLDP
• VLAN based MAC

L3 functions (IPv4/IPv6)

• NAT, Static NAT, ALG addresses translation
• Static routes
• Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
• Prefix-List
• VRF Lite
• Policy Based Routing (PBR)
• BFD for BGP, OSPF, static routes

IP addressing management (IPv4/IPv6)

• Static IP addresses
• DHCP client
• DHCP Relay Option 82
• Embedded DHCP server (options: 43, 60, 61, 150)
• DNS resolver

Quality of Service (QoS)

• Up to 8 priority queues per port
• L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
• Queues overload management RED, GRED
• Port prioritizing, VLAN
• Resources of priority remarking
• Policy enforcement (policing)
• Bandwidth management (shaping)
• Hierarchical QоS
• Session marking

Network reliability assurance means

• VRRP v2,v3
• Route tracking based on VRRP state
• WAN interfaces load balancing, data stream redirection, failover in case of evaluation of channel quality
• Firewall sessions backup

BRAS (IPoE)¹

• User termination
• White/black URL lists
• Limiting by traffic amount, by session time or by network applications
• HTTP/HTTPS Proxy
• HTTP/HTTPS Redirect
• Session accounting via Netflow protocol
• Interaction with ААА, PCRF
• Bandwidth management by offices, SSID and user sessions
• User authentication by MAC or IP address

Network security functions

• Network interfaces zoning
• Zone isolation, Firewall, data filtering rules
• IPSec:
  • Policy-based and route-based modes
  • DES, 3DES, AES, Blowfish, Camelia encryption algorithms
  • IKE MD5, SHA-1, SHA-2 logs authentication
• Support for access control lists on the base of L2/L3 fields
• DoS/DDoS attacks defense
• Logging of attack events, rule triggering events
• Traffic filtering by applications

Monitoring and control

• Standard SNMP MIB, RMONv1 support
• Access level management
• In-built Zabbix agent
• Authentication via local user database by means of RADIUS, TACACS+, LDAP protocols
• Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to default settings
• CLI management interfaces
• Syslog
• System resources usage monitoring
• Ping, traceroute (IPv4/IPv6), displaying information of packets in the console
• Firmware update, upload and download of configuration via TFTP, SCP, FTP, SFTP
• NTP
• Netflow v5/v9/v10 (URL statistics export for HTTP, host for HTTPS)
• Local control - console RS-232 (RJ-45)
• Remote control (IPv4/IPv6) - Telnet, SSH
• Service/processes information displaying Service quality monitoring functions (SLA)¹
  Integration with Wellink wiSLA
• Load testing of channel capacity: up to 150 Mbps
• TWAMP support: up to 100 simultaneous tests
• Reflector: TWAMP, UDP-Echo, L2
• Amount of simultaneously controlled services: minimum 100
• TCP, HTTP, DNS services monitoring: up to 100 simultaneous tests

The feature set is available in 1.4.4 firmware version
¹Activated by the license