Ru En
Designer and manufacturer of communication equipment
Russia (GMT +7)

Service gateway ESR-21

Mass production
Typical tasks performed by service routers
  • Data routing
  • Hardware acceleration
  • Multiprotocol Label Switching (MPLS)
  • Construction of secure network perimeter (NAT, Firewall)
  • Intrusion prevention and detection (IPS/IDS)
  • Service Level Agreement (SLA)
  • Filtering of network data by various criteria (including filtering by applications)
  • Organization of secure network tunnels between different offices of a company
  • Remote connection of staff members to an office
  • Internet channel management and bandwidth allocation within an office using QoS
  • Organization of redundant connection (by means of wires or 3G/LTE modem)
  • Subscriber termination and bandwidth shaping BRAS (IPoE)
ESR-21 are service routers designed for connection of small and middle-sized offices in enterprise networks. The functionality of firewall and router allows ensuring security with various Internet connection options. The device supports advanced routing, WAN organization and network security functions.

The key elements of ESR service routers are data processing hardware acceleration means that ensure a high level of performance. Hardware and software processing is distributed among the units of the device.

ESR-21 are universal service routers designed to meet the requirements of the energy and oil and gas industries. ESR-21 has additional RS-232 ports that can be used for remote console access to adjacent equipment (AUX mode), connection of wired and GSM modems.

Specifications
Modules and additional devices
Documents and files
Warranty
Interfaces
  • 8x10/100/1000BASE-T (LAN/WAN)
  • 4x10/100/1000BASE-X SFP (LAN/WAN)
  • 3xSerial (RS-232)
  • 1xConsole (RJ-45)
  • 1xUSB 2.0
  • 1xUSB 3.0
Performance
  • Firewall/NAT/routing (1518B frames) - 2.5 Gbps, 307k pps
  • Firewall/NAT/routing (70B frames) - 190 Mbps, 320k pps
  • Firewall/NAT/routing (IMIX) - 1.35 Gbps, 246k pps
  • L2 switching (1518B frames) - 2.5 Gbps, 212k pps
  • IPsec VPN (1456B frames) - 0.50 Gbps,43k pps
  • IPsec (IMIX)- 290 Mbps, 54k pps
  • IPS/IDS 10k rules - 146 Mbps, 32.2 kpps
  • MPLS (1518B frames) - 3.62 Gbps, 299k pps
System features
  • VPN tunnels - 250
  • Static routes - 11k
  • Concurrent sessions - 256k
  • VLAN support - up to 4k VLANs in accordance with 802.1Q
  • BGP routes - 2.5M
  • BGP neighbors - 1k
  • OSPF routes - 300k
  • RIP routes - 10k
  • ISIS routes - 30k
  • MAC address table - 2k entries per bridge
  • FIB size - 1,4M
  • VRF Lite - 32
Plug-in interfaces
  • USB 3G/4G/LTE modem
  • E1 TopGate SFP
  • DialUp modem (only ESR-21)
Remote Access VPN clients
  • PPTP/PPPoE/L2TP/OpenVPN/IPsec XAUTH
Remote Access VPN server
  • L2TP/PPTP/OpenVPN/IPsec XAUTH
Site-to-site VPN
  • IPsec: «policy-based» and «route-based» modes
  • DMVPN
  • DES, 3DES, AES, Blowfish, Camellia
  • IKE MD5, SHA-1, SHA-2 message authentication
Tunneling
  • IPoGRE, EoGRE
  • IPIP
  • L2TPv3
  • LT (inter VRF-lite routing)
L2 functions
  • Packet switching (bridging)
  • LAG/LACP (802.3ad)
  • VLAN (802.1Q)
  • Logical interfaces
  • LLDP, LLDP MED
  • MAC-based VLAN
L3 functions (IPv4/IPv6)
  • NAT, Static NAT, ALG 
  • Static routes
  • RIPv2, OSPFv2/v3, IS-IS, BGP dynamic protocols
  • Route filtering (prefix list)
  • VRF
  • Policy Based Routing (PBR)
  • BFD for BGP, OSPF, static routes
BRAS (IPoE)1
  • Subscriber termination
  • White/black URL lists
  • Quotas for traffic volume, session time, network applications
  • HTTP/HTTPS Proxy
  • HTTP/HTTPS Redirect
  • Session accounting via Netflow protocol
  • Interaction with ААА, PCRF serveres
  • Bandwidth management by offices, SSID and user sessions
  • User authentication by MAC or IP address
Network security functions
  • Intrusion Detection/Prevention system (IPS/IDS)1
  • Interaction with Eltex Distribution Manager for obtaining licensable content — rule sets distributed by Kaspersky SafeStream II2
  • Web filtering by URL, by content (cookies, ActiveX, JavaScript)
  • Zone-based Firewall
  • Firewall based on L2/L3/L4 fields and applications
  • Support for access control lists (ACL) based on L2/L3/L4 fields
  • Protection against DoS/DDoS attacks and notification on them
  • Logging of attack and rule triggering events
Quality of Service (QoS)
  • Up to 8 priority queues per port
  • L2 and L3 traffic prioritization (802.1p (CoS), DSCP, IP Precedence (ToS))
  • RED, GRED congestion avoidance algorithms
  • Priority re-marking mechanisms
  • Policy-map
  • Bandwidth management (shaping)
  • Hierarchical QоS
  • Session labeling
IP addressing management (IPv4/IPv6)
  • Static IP addresses
  • DHCP client
  • DHCP Relay Option 82
  • Embedded DHCP, 43, 60, 61, 150 options support
  • DNS resolver
  • IP unnumbered 
Network reliability assurance means
  • VRRP v2,v3
  • Tracking based on VRRP or SLA test
    • VRRP parameters management
    • PBR parameter management
    • Interface administration status management
    • Static route enabling and disabling
    • AS-PATH and preference attribute management in route-map
  • WAN interfaces load balancing, data stream redirection, channel switching during QoS control
  • Firewall sessions backup
Management and monitoring
  • Support for standard and extended SNMP MIB, RMONv1
  • Embedded Zabbix agent
  • Authentication methods: local, RADIUS, TACACS+, LDAP
  • Protection against configuration errors
  • Automatic configuration recovery), ability to restore the default factory configuration
  • CLI
  • Syslog
  • System resource usage monitoring
  • Ping, traceroute (IPv4/IPv6), packet information in the console output
  • Firmware upgrade, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
  • Support for NTP
  • Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
  • Local control via RS-232 console port (RJ-45)
  • Remote control via Telnet, SSH (IPv4/IPv6)
  • Displaying information on services/processes
  • Local/remote router configuration storage
SLA control functions
  • Eltex SLA
    Channel parameters evaluation:
    • Delay (one-way/two-way)
    • Jitter (one-way/two-way)
    • Packet loss (one-way/two-way)
    • Packet Error Rate
    • Out-of-order delivery
Physical specifications and ambient parameters
  • Maximum power consumption - 20 W
  • Power supply:
    • 220 V AC +-20%, 50 Hz
  • Operating temperature - from -10 to +40 °С
  • Storage temperature - from -40 to +70 °С
  • Operating humidity - no more than 80%
  • Storage humidity - from 10% to 95%
  • Dimensions (mm) - 430х225х44
  • Weight - 3.15 kg
  • Service life - at least 15 years

Functionality for firmware version 1.8.1
1Activated by the license


SFP modules (doesn't included in basic package)  

    1 fiber

Part Number

 SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS3 / FH-SB5312CDS3

 SFP 1.25 GE module, 3 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL3 / FH-SB5312CDL3

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS20 / FH-SB5312CDS20

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL20 / FH-SB5312CDL20

 SFP 1.25 GE module, 20 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM, INDUSTRIAL

FH-SB3512IDS20 / FH-SB5312IDS20

 SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 LC set, DDM

FH-SB3512CDL40 / FH-SB5312CDL40

 SFP 1.25 GE module 40 km, SM, 1 fiber, TX/RX 1310/1550 SC set, DDM

FH-SB3512CDS40 / FH-SB5312CDS40

 SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL80 / FH-SB5412CDL80

 SFP 1.25 GE module 80 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM

FH-SB4512CDS80 / FH-SB5412CDS80

 SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL120 / FH-SB5412CDL120

 SFP 1.25 GE module 120 km, SM, 1 fiber, TX/RX 1490/1550 SC set, DDM

FH-SB4512CDS120 / FH-SB5412CDS120

 SFP 1.25 GE module 160 km, SM, 1 fiber, TX/RX 1490/1550 LC set, DDM

FH-SB4512CDL160 / FH-SB5412CDL160

 2 fibers

 

 SFP 1.25 GE module 550 m, MM, 2 fibers, 850 nm,  LC,  DDM

FH-S8512CDL05

 SFP 1.25 GE module 2 km, ММ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL2

 SFP 1.25 GE module 20 km, SМ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL20

 SFP 1.25 GE module 40 km, SМ, 2 fibers, 1310 nm, LC, DDM

FH-S3112CDL40

 SFP 1.25 GE module 80 km, SМ, 2 fibers, 1550 nm, LC, DDM

FH-S5512CDL80

 SFP 1.25 GE module 120 km, SМ, 2 fibers, 1550 nm, LC, DDM

FH-S5512CDL120

 SFP 1.25 GE module 160 km, SМ, 2 fibers, 1550 nm, LC, DDM   

FH-S5512CDL160

 SFP transceivers with RJ-45 interface

 

 SFP transceiver of 10/100/1000 BASE-T 

FH-ST2

Operational lifetime of the ELTEX equipment
In development
1
Pre-production
2
Mass production
3
Mass production is over
4
Sold out
5
Support is over
6
Regardless of the operational lifetime stage, Eltex provides a 12 months warranty on all its telecommunication equipment.
During the warranty period the manufacturer ensures technical support and free-of-charge repair at the Enterprise which is situated in Novosibirsk.
As part of the warranty service, technical support is provided on the first-in first-out principle.
The priority support packages of 8/5 and 27/7 types are subjects to additional charges.

Помогите сделать
сайт лучше