top of page

Typical tasks performed by service routers

  • Data routing
  • Construction of secure network perimeter (Firewall)
  • Network attacks prevention and monitoring (IPS/IDS)
  • Service quality monitoring (SLA)
  • Filtering of network data by various criteria (including filtering by applications)
  • Organization of secure network tunnels between different offices of a company
  • Remote connection of staff members to office
  • Management and distribution of Internet channel width within an office by using QoS
  • Organization of redundant connection (by means of wires or 3G/LTE modem)
  • User termination and bandwidth limiting – BRAS (IPoE)

ESR-21 are multipurpose service routers developed in compliance with requirements of energy and oil-and-gas industries. The devices support advancedrouting, WAN organization and network security functions.

The main feature of ESR-21 is the presence of additional RS-232 ports that can be used for implementing additional functionalities – remote device management via console (AUX mode) and connecting wired/GSM modems to firewalls.


Out of Stock
  • Packet processor - Broadcom NS2


    • 8x10/100/1000BASE-T (LAN/WAN)
    • 4x10/100/1000BASE-X SFP (LAN/WAN)
    • 3xSerial (RS-232)
    • 1xConsole (RJ-45)
    • 1xUSB 2.0
    • 1xUSB 3.0


    • Firewall/NAT/routing (1518B frames) - 2.5 Gbps, 207 kpps
    • IPsec VPN (1456B frames) - 0.68 Gbps, 58 kpps

    • IPS/IDS 10k rules - 250.33 Mbps, 50.4 kpps

    System features

    • VPN tunnels - 250
    • Static routes - 11k
    • Concurrent sessions - 256k
    • VLAN support - up to 4k VLANs in accordance with 802.1Q
    • BGP routes - 1,5M
    • OSPF routes - 300k
    • RIP routes - 10k
    • MAC address table - 2k entries per bridge
    • FIB size - 1,5M
    • VRF Lite - 32

    Plug-in interfaces

    • E1 TopGate SFP
    • DialUp modem

    Remote Access VPN clients


    Remote Access VPN server


    Site-to-site VPN

    • IPsec: «policy-based» and «route-based» modes
    • DMVPN
    • DES, 3DES, AES, Blowfish, Camellia encryption algorithms
    • IKE MD5, SHA-1, SHA-2 message authentication


    • IPoGRE, EoGRE
    • IPIP
    • L2TPv3
    • LT (inter VRF-lite routing)

    L2 functions

    • Packet switching (bridging)
    • LAG/LACP (802.3ad)
    • VLAN (802.1Q)
    • Logical interfaces
    • VLAN-based MAC

    L3 functions (IPv4/IPv6)

    • NAT, Static NAT, ALG 
    • Static routes
    • Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
    • Route filtering (prefix list)
    • VRF Lite
    • Policy Based Routing (PBR)
    • BFD for BGP, OSPF, static routes

    Network security functions

    • Intrusion Detection/Prevention system (IPS/IDS)1
    • Web filtering by URL, by content (cookies, ActiveX, JavaScript)
    • Zone-based Firewall
    • Firewall filtering based on L2/L3/L4 fields and applications
    • Support for access control lists on the base of L2/L3/L4 fields
    • Protection from DoS/DDoS attacks and notification on them
    • Logging of attack and rule triggering events

    SLA control functions

    • Eltex SLA
    • Channel parameters evaluation:
      • Delay (one-way/two-way)
      • Jitter (one-way/two-way)
      • Packet loss (one-way/two-way)
      • Packet Error Rate
      • Out-of-order delivery
    • Wellink SLA (wiSLA)1

    BRAS (IPoE)1

    • User termination
    • White/black URL lists
    • Quotas for traffic volume, session time, network applications
    • HTTP/HTTPS Proxy
    • HTTP/HTTPS Redirect
    • Session accounting via Netflow protocol
    • Interaction with ААА, PCRF
    • Bandwidth management by offices, SSID and user sessions
    • User authentication by MAC or IP address

    IP addressing management (IPv4/IPv6)

    • Static IP addresses
    • DHCP client
    • DHCP Relay Option 82
    • Embedded DHCP server options: 43, 60, 61, 150
    • DNS resolver
    • IP unnumbered 

    Quality of Service (QoS)

    • Up to 8 priority queues per port
    • L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
    • RED, GRED congestion avoidance algorithms
    • Precedence re-marking mechanisms
    • Applying policies (policy-map)
    • Bandwidth management (shaping)
    • Hierarchical QоS
    • Session marking

    Network reliability assurance means

    • VRRP v2,v3
    • Route tracking based on VRRP state
    • WAN interfaces load balancing, data stream redirection, channel switching during QoS control
    • Firewall sessions backup

    Management and monitoring

    • Sup