Service gateway ESR-21

Mass production

Typical tasks performed by service routers

Data routing
Construction of secure network perimeter (Firewall)
Network attacks prevention and monitoring (IPS/IDS)
Service quality monitoring (SLA)
Filtering of network data by various criteria (including filtering by applications)
Organization of secure network tunnels between different offices of a company
Remote connection of staff members to office
Management and distribution of Internet channel width within an office by using QoS
Organization of redundant connection (by means of wires or 3G/LTE modem)
User termination and bandwidth limiting – BRAS (IPoE)

ESR-21 are multipurpose service routers developed in compliance with requirements of energy and oil-and-gas industries. The devices support advancedrouting, WAN organization and network security functions.

The main feature of ESR-21 is the presence of additional RS-232 ports that can be used for implementing additional functionalities – remote device management via console (AUX mode) and connecting wired/GSM modems to firewalls.

Show all

Interfaces

8x10/100/1000BASE-T (LAN/WAN)
4x10/100/1000BASE-X SFP (LAN/WAN)
3xSerial (RS-232)
1xConsole (RJ-45)
1xUSB 2.0
1xUSB 3.0

Performance

Firewall/NAT/routing (1518B frames) - 2.5 Gbps, 207 kpps
IPsec VPN (1456B frames) - 0.68 Gbps, 58 kpps
IPS/IDS 10k rules - 250.33 Mbps, 50.4 kpps

System features

VPN tunnels - 250
Static routes - 11k
Concurrent sessions - 256k
VLAN support - up to 4k VLANs in accordance with 802.1Q
BGP routes - 1,5M
OSPF routes - 300k
RIP routes - 10k
MAC address table - 2k entries per bridge
FIB size - 1,5M
VRF Lite - 32

Plug-in interfaces

E1 TopGate SFP
DialUp modem

Remote Access VPN clients

PPTP/PPPoE/L2TP/OpenVPN/IPsec XAUTH

Remote Access VPN server

L2TP/PPTP/OpenVPN/IPsec XAUTH

Site-to-site VPN

IPsec: «policy-based» and «route-based» modes
DMVPN
DES, 3DES, AES, Blowfish, Camellia encryption algorithms
IKE MD5, SHA-1, SHA-2 message authentication

Tunneling

IPoGRE, EoGRE
IPIP
L2TPv3
LT (inter VRF-lite routing)

L2 functions

Packet switching (bridging)
LAG/LACP (802.3ad)
VLAN (802.1Q)
Logical interfaces
LLDP, LLDP MED
VLAN-based MAC

L3 functions (IPv4/IPv6)

NAT, Static NAT, ALG
Static routes
Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
Route filtering (prefix list)
VRF Lite
Policy Based Routing (PBR)
BFD for BGP, OSPF, static routes

Network security functions

Intrusion Detection/Prevention system (IPS/IDS)¹
Web filtering by URL, by content (cookies, ActiveX, JavaScript)
Zone-based Firewall
Firewall filtering based on L2/L3/L4 fields and applications
Support for access control lists on the base of L2/L3/L4 fields
Protection from DoS/DDoS attacks and notification on them
Logging of attack and rule triggering events

SLA control functions

Eltex SLA
Channel parameters evaluation:
- Delay (one-way/two-way)
- Jitter (one-way/two-way)
- Packet loss (one-way/two-way)
- Packet Error Rate
- Out-of-order delivery
Wellink SLA (wiSLA)¹

BRAS (IPoE)¹

User termination
White/black URL lists
Quotas for traffic volume, session time, network applications
HTTP/HTTPS Proxy
HTTP/HTTPS Redirect
Session accounting via Netflow protocol
Interaction with ААА, PCRF
Bandwidth management by offices, SSID and user sessions
User authentication by MAC or IP address

IP addressing management (IPv4/IPv6)

Static IP addresses
DHCP client
DHCP Relay Option 82
Embedded DHCP server options: 43, 60, 61, 150
DNS resolver
IP unnumbered

Quality of Service (QoS)

Up to 8 priority queues per port
L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
RED, GRED congestion avoidance algorithms
Precedence re-marking mechanisms
Applying policies (policy-map)
Bandwidth management (shaping)
Hierarchical QоS
Session marking

Network reliability assurance means

VRRP v2,v3
Route tracking based on VRRP state
WAN interfaces load balancing, data stream redirection, channel switching during QoS control
Firewall sessions backup

Management and monitoring

Support for standard and extended SNMP MIB, RMONv1
Built-in Zabbix agent
User authentication through a local database via RADIUS, TACACS+, LDAP
Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to factory settings
CLI
Syslog support
System resources usage monitoring
Ping, traceroute (IPv4/IPv6), displaying information on packets in the console
Firmware update, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
NTP support
Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
Local control via RS-232 (RJ-45)
Remote control via Telnet, SSH (IPv4/IPv6)
Displaying information on services/processes
Local/remote router configuration storage

Physical specifications and ambient parameters

Maximum power consumption - 20 W
Power supply:
- 220 V AC +-20%, 50 Hz
Operating temperature - from -10 to +40 °С
Storage temperature - from -40 to +70 °С
Operating humidity - no more than 80%
Storage humidity - from 10% to 95%
Dimensions (mm) - 430х225х44
Weight - 3.15 kg
Average service life - 10 years

Functionality for firmware version 1.8.2
¹Activated by the license

Show all

*SFP modules (doesn't included in basic package)*
1 fiber	Part Number
SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM	FH-SB3512CDS3 / FH-SB5312CDS3
SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM	FH-SB3512CDL3 / FH-SB5312CDL3
SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM	FH-SB3512CDS20 / FH-SB5312CDS20
SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM	FH-SB3512CDL20 / FH-SB5312CDL20
SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM, INDUSTRIAL	FH-SB3512IDS20 / FH-SB5312IDS20
SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM	FH-SB3512CDL40 / FH-SB5312CDL40
SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM	FH-SB3512CDS40 / FH-SB5312CDS40
SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM	FH-SB4512CDL80 / FH-SB5412CDL80
SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM	FH-SB4512CDS80 / FH-SB5412CDS80
SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM	FH-SB4512CDL120 / FH-SB5412CDL120
SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM	FH-SB4512CDS120 / FH-SB5412CDS120
SFP 1.25 GE module 160 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM	FH-SB4512CDL160 / FH-SB5412CDL160
2 fibers
SFP 1.25 GE module 550 m, MM, 2 fibers, 850 nm, LC, DDM	FH-S8512CDL05
SFP 1.25 GE module 2 km, ММ, 2 fibers, 1310 nm, LC, DDM	FH-S3112CDL2
SFP 1.25 GE module 20 km, SМ, 2 fibers, 1310 nm, LC, DDM	FH-S3112CDL20
SFP 1.25 GE module 40 km, SМ, 2 fibers, 1310 nm, LC, DDM	FH-S3112CDL40
SFP 1.25 GE module 80 km, SМ, 2 fibers, 1550 nm, LC, DDM	FH-S5512CDL80
SFP 1.25 GE module 120 km, SМ, 2 fibers, 1550 nm, LC, DDM	FH-S5512CDL120
SFP 1.25 GE module 160 km, SМ, 2 fibers, 1550 nm, LC, DDM	FH-S5512CDL160
SFP transceivers with RJ-45 interface
SFP transceiver of 10/100/1000 BASE-T	FH-ST2

Descriptions

Data sheet 1.12.0

Software

Firmware version 1.12.0

Documentations

Quick Guide 1.13.0

User Manual 1.13.0

CLI User Guide 1.13.0

Release notes 1.13.0

Downloads

Operational lifetime of the ELTEX equipment

Regardless of the operational lifetime stage, Eltex provides a 12 months warranty on all its telecommunication equipment.
During the warranty period the manufacturer ensures technical support and free-of-charge repair at the Enterprise which is situated in Novosibirsk.
As part of the warranty service, technical support is provided on the first-in first-out principle.
The priority support packages of 8/5 and 27/7 types are subjects to additional charges.

News