Ru En
Designer and manufacturer of communication equipment
Russia (GMT +7)

Service gateway ESR-21

Mass production
Typical tasks performed by service routers
  • Data routing
  • Construction of secure network perimeter (Firewall)
  • Network attacks prevention and monitoring (IPS/IDS)
  • Service quality monitoring (SLA)
  • Filtering of network data by various criteria (including filtering by applications)
  • Organization of secure network tunnels between different offices of a company
  • Remote connection of staff members to office
  • Management and distribution of Internet channel width within an office by using QoS
  • Organization of redundant connection (by means of wires or 3G/LTE modem)
  • User termination and bandwidth limiting – BRAS (IPoE)
ESR-21 are multipurpose service routers developed in compliance with requirements of energy and oil-and-gas industries. The devices support advancedrouting, WAN organization and network security functions.

The main feature of ESR-21 is the presence of additional RS-232 ports that can be used for implementing additional functionalities – remote device management via console (AUX mode) and connecting wired/GSM modems to firewalls.
Specifications
Modules and additional devices
Documents and files
Warranty
Interfaces
  • 8x10/100/1000BASE-T (LAN/WAN)
  • 4x10/100/1000BASE-X SFP (LAN/WAN)
  • 3xSerial (RS-232)
  • 1xConsole (RJ-45)
  • 1xUSB 2.0
  • 1xUSB 3.0
Performance
  • Firewall/NAT/routing (1518B frames) - 2.5 Gbps, 207 kpps
  • IPsec VPN (1456B frames) - 0.68 Gbps, 58 kpps
  • IPS/IDS 10k rules - 250.33 Mbps, 50.4 kpps
System features
  • VPN tunnels - 250
  • Static routes - 11k
  • Concurrent sessions - 256k
  • VLAN support - up to 4k VLANs in accordance with 802.1Q
  • BGP routes - 1,5M
  • OSPF routes - 300k
  • RIP routes - 10k
  • MAC address table - 2k entries per bridge
  • FIB size - 1,5M
  • VRF Lite - 32
Plug-in interfaces
  • E1 TopGate SFP
  • DialUp modem
Remote Access VPN clients
  • PPTP/PPPoE/L2TP/OpenVPN/IPsec XAUTH
Remote Access VPN server
  • L2TP/PPTP/OpenVPN/IPsec XAUTH
Site-to-site VPN
  • IPsec: «policy-based» and «route-based» modes
  • DMVPN
  • DES, 3DES, AES, Blowfish, Camellia encryption algorithms
  • IKE MD5, SHA-1, SHA-2 message authentication
Tunneling
  • IPoGRE, EoGRE
  • IPIP
  • L2TPv3
  • LT (inter VRF-lite routing)
L2 functions
  • Packet switching (bridging)
  • LAG/LACP (802.3ad)
  • VLAN (802.1Q)
  • Logical interfaces
  • LLDP, LLDP MED
  • VLAN-based MAC
L3 functions (IPv4/IPv6)
  • NAT, Static NAT, ALG 
  • Static routes
  • Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
  • Route filtering (prefix list)
  • VRF Lite
  • Policy Based Routing (PBR)
  • BFD for BGP, OSPF, static routes
Network security functions
  • Intrusion Detection/Prevention system (IPS/IDS)1
  • Web filtering by URL, by content (cookies, ActiveX, JavaScript)
  • Zone-based Firewall
  • Firewall filtering based on L2/L3/L4 fields and applications
  • Support for access control lists on the base of L2/L3/L4 fields
  • Protection from DoS/DDoS attacks and notification on them
  • Logging of attack and rule triggering events
SLA control functions
  • Eltex SLA
  • Channel parameters evaluation:
    • Delay (one-way/two-way)
    • Jitter (one-way/two-way)
    • Packet loss (one-way/two-way)
    • Packet Error Rate
    • Out-of-order delivery
  • Wellink SLA (wiSLA)1
BRAS (IPoE)1
  • User termination
  • White/black URL lists
  • Quotas for traffic volume, session time, network applications
  • HTTP/HTTPS Proxy
  • HTTP/HTTPS Redirect
  • Session accounting via Netflow protocol
  • Interaction with ААА, PCRF
  • Bandwidth management by offices, SSID and user sessions
  • User authentication by MAC or IP address
IP addressing management (IPv4/IPv6)
  • Static IP addresses
  • DHCP client
  • DHCP Relay Option 82
  • Embedded DHCP server options: 43, 60, 61, 150
  • DNS resolver
  • IP unnumbered 
Quality of Service (QoS)
  • Up to 8 priority queues per port
  • L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
  • RED, GRED congestion avoidance algorithms
  • Precedence re-marking mechanisms
  • Applying policies (policy-map)
  • Bandwidth management (shaping)
  • Hierarchical QоS
  • Session marking
Network reliability assurance means
  • VRRP v2,v3
  • Route tracking based on VRRP state
  • WAN interfaces load balancing, data stream redirection, channel switching during QoS control
  • Firewall sessions backup
Management and monitoring
  • Support for standard and extended SNMP MIB, RMONv1
  • Built-in Zabbix agent
  • User authentication through a local database via RADIUS, TACACS+, LDAP
  • Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to factory settings
  • CLI
  • Syslog support
  • System resources usage monitoring
  • Ping, traceroute (IPv4/IPv6), displaying information on packets in the console
  • Firmware update, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
  • NTP support
  • Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
  • Local control via RS-232 (RJ-45)
  • Remote control via Telnet, SSH (IPv4/IPv6)
  • Displaying information on services/processes
  • Local/remote router configuration storage
Physical specifications and ambient parameters
  • Maximum power consumption - 20 W
  • Power supply:
    • 220 V AC +-20%, 50 Hz
  • Operating temperature - from -10 to +40 °С
  • Storage temperature - from -40 to +70 °С
  • Operating humidity - no more than 80%
  • Storage humidity - from 10% to 95%
  • Dimensions (mm) - 430х225х44
  • Weight - 3.15 kg
  • Average service life - 10 years

 Functionality for firmware version 1.8.2
1Activated by the license

SFP modules (doesn't included in basic package)  

    1 fiber

Part Number

 SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS3 / FH-SB5312CDS3

 SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL3 / FH-SB5312CDL3

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS20 / FH-SB5312CDS20

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL20 / FH-SB5312CDL20

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM, INDUSTRIAL

FH-SB3512IDS20 / FH-SB5312IDS20

 SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL40 / FH-SB5312CDL40

 SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS40 / FH-SB5312CDS40

 SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL80 / FH-SB5412CDL80

 SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM

FH-SB4512CDS80 / FH-SB5412CDS80

 SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL120 / FH-SB5412CDL120

 SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM

FH-SB4512CDS120 / FH-SB5412CDS120

 SFP 1.25 GE module 160 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL160 / FH-SB5412CDL160

 2 fibers

 

 SFP 1.25 GE module 550 m, MM, 2 fibers, 850 nm,  LC,  DDM

FH-S8512CDL05

 SFP 1.25 GE module 2 km, ММ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL2

 SFP 1.25 GE module 20 km, SМ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL20

 SFP 1.25 GE module 40 km, SМ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL40

 SFP 1.25 GE module 80 km, SМ, 2 fibers, 1550 nm, LC, DDM

FH-S5512CDL80

 SFP 1.25 GE module 120 km, SМ, 2 fibers, 1550 nm, LC, DDM

FH-S5512CDL120

 SFP 1.25 GE module 160 km, SМ, 2 fibers, 1550 nm, LC, DDM   

FH-S5512CDL160

 SFP transceivers with RJ-45 interface

 

 SFP transceiver of 10/100/1000 BASE-T 

FH-ST2

Operational lifetime of the ELTEX equipment
In development
1
Pre-production
2
Mass production
3
Mass production is over
4
Sold out
5
Support is over
6
Regardless of the operational lifetime stage, Eltex provides a 12 months warranty on all its telecommunication equipment.
During the warranty period the manufacturer ensures technical support and free-of-charge repair at the Enterprise which is situated in Novosibirsk.
As part of the warranty service, technical support is provided on the first-in first-out principle.
The priority support packages of 8/5 and 27/7 types are subjects to additional charges.