Ru En
Designer and manufacturer of communication equipment
Russia (GMT +7)

Service gateway ESR-1700

– Scalable solution for different fields of application
– Flexible services configuration
– Interfacing with the equipment of leading manufacturers
– Hardware acceleration of data processing 
Functional area
The family of ESR routers is a universal hardware platform capable of performing a wide range of tasks related to network security. The lineup includes models that can be used in networks of various sizes - from small business networks to carrier networks and data centers. 
The key elements of ESR-1700 are data processing hardware acceleration means that ensure a high level of productivity.  Hardware and software processing is distributed among the units of the device.

Typical tasks performed by service routers:
  • providing of NAT, Firewall services
  • routing
  • organization of secure network tunnels to combine different offices of companies (IPsec VPN)
  • organization of remote access to local resources on enterprise networks L2TP, PPTP, OpenVPN
  • filtering of network data by various criteria  

Plug-in interfaces
– USB 3G/4G/LTE modem

VPN clients

VPN server
– L2TP
– OpenVPN

– L2/L3 GRE
– L2TPv3
– Logical Tunnel (inter VRF-lite routing)

L2 functions
– Packet switching (bridging)
– STP, RSTP, MSTP 802.1d (only ESR-1000)
– LAG/LACP (802.3ad)
– VLAN (802.1Q)
– Port Isolation (only ESR-1000, ESR-1200)
– Private VLAN Edge (PVE) (only ESR-1000, ESR-1200)
– Logical interfaces
– VLAN based MAC

L3 functions (IPv4/IPv6)
– NAT, Static NAT, ALG addresses translation
– Static routes
– Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
– Prefix-List
– VRF Lite
– Policy Based Routing (PBR)
– BFD for BGP, OSPF, static routes

IP addressing management (IPv4/IPv6)
– Static IP addresses
– DHCP client
– DHCP Relay Option 82
– Embedded DHCP server (options: 43, 60, 61, 150)
– DNS resolver

Quality of Service (QoS)
– Up to 8 priority queues per port
– L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
– Queues overload management RED, GRED
– Port prioritizing, VLAN
– Resources of priority remarking
– Policy enforcement (policing)
– Bandwidth management (shaping)
– Hierarchical QоS
– Session marking

Network reliability assurance means
– VRRP v2,v3
– Route tracking based on VRRP state
– WAN interfaces load balancing, data stream redirection, failover in case of evaluation of channel quality
– Firewall sessions backup

– User termination
– White/black URL lists
– Limiting by traffic amount, by session time or by network applications
– HTTP/HTTPS Redirect
– Session accounting via Netflow protocol
– Interaction with ААА, PCRF
– Bandwidth management by offices, SSID and user sessions
– User authentication by MAC or IP address

Network security functions
– Network interfaces zoning
– Zone isolation, Firewall, data filtering rules
– IPSec:

– Policy-based and route-based modes
– DES, 3DES, AES, Blowfish, Camelia encryption algorithms
– IKE MD5, SHA-1, SHA-2 logs authentication

– Support for access control lists on the base of L2/L3 fields
– DoS/DDoS attacks defense
– Logging of attack events, rule triggering events
– Traffic filtering by applications

Monitoring and control
– Standard SNMP MIB, RMONv1 support
– Access level management
– In-built Zabbix agent
– Authentication via local user database by means of RADIUS, TACACS+, LDAP protocols
– Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to default settings
– CLI management interfaces
– Syslog
– System resources usage monitoring
– Ping, traceroute (IPv4/IPv6), displaying information of packets in the console
– Firmware update, upload and download of configuration via TFTP, SCP, FTP, SFTP
– Netflow v5/v9/v10 (URL statistics export for HTTP, host for HTTPS)
– Local control - console RS-232 (RJ-45)
– Remote control (IPv4/IPv6) - Telnet, SSH
– Service/processes information displaying Service quality monitoring functions (SLA)1
– Integration with Wellink wiSLA
– Load testing of channel capacity: up to 150 Mbps
– TWAMP support: up to 100 simultaneous tests
– Reflector: TWAMP, UDP-Echo, L2
– Amount of simultaneously controlled services: minimum 100
– TCP, HTTP, DNS services monitoring: up to 100 simultaneous tests

The feature set is available in 1.4.1 firmware version
1Activated by the license