IP addressing management (IPv4/IPv6)
- Static IP addresses
- DHCP client
- DHCP Relay Option 82
- Embedded DHCP server options: 43, 60, 61, 150
- DNS resolver
- IP unnumbered
Quality of Service (QoS)
- Up to 8 priority queues per port
- L2 and L3 traffic prioritization (802.1p, DSCP, IP Precedence)
- RED, GRED congestion avoidance algorithms
- Precedence re-marking mechanisms
- Applying policies (policy-map)
- Bandwidth management (shaping)
- Hierarchical QоS
- Session marking
Network reliability assurance means
- VRRP v2,v3
- Route tracking based on VRRP state
- WAN interfaces load balancing, data stream redirection, channel switching during QoS control
- Firewall sessions backup
Management and monitoring
- Support for standard and extended SNMP MIB, RMONv1
- Built-in Zabbix agent
- User authentication through a local database via RADIUS, TACACS+, LDAP
- Protection from configuration errors, automatic configuration recovery. Ability to reset configuration to factory settings
- CLI
- Syslog support
- System resources usage monitoring
- Ping, traceroute (IPv4/IPv6), displaying information on packets in the console
- Firmware update, configuration upload and download via TFTP, SCP, FTP, SFTP, HTTP(S)
- NTP support
- Netflow v5/v9/v10 (exporting of URL statistics for HTTP, host for HTTPS)
- Local control via RS-232 (RJ-45)
- Remote control via Telnet, SSH (IPv4/IPv6)
- Displaying information on services/processes
- Local/remote router configuration storage
Physical specifications and ambient parameters
- Maximum power consumption – 250 W
- Power supply:
- 220 V AC +-20%, 50 Hz
- -36..-72V DC
- Up to two hot-swappable power units
- Operating temperature – from -10 to +45 °С
- Storage temperature – from -40 to +70 °С
- Operating humidity – no more than 80%
- Storage humidity – from 10% to 95%
- Dimensions (mm) – 440х490х88
- Weight – 12 kg
- Average service life – 10 years
Specifications
Packet processor – Broadcom XLP780
Interfaces
- 4хCombo 10/100/1000BASE-T/ 1000BASE-X
- 8x10GBASE-R SFP+/1000BASE-X
- 1xConsole (RJ-45)
- 2хUSB 2.0
Performance
- Firewall/NAT/routing (1518B frames) – 39 Gbps,3210 kpps (4900 kpps for frames less than 1000B)
- IPsec VPN (1456B frames) – 17 Gbps, 1463 kpps
- IPS/IDS 10k rules – 1370 Mbps, 257 kpps
System features
- VPN tunnels – 500
- Static routes – 11k
- Concurrent sessions – 512k
- VLAN support – up to 4k VLANs in accordance with 802.1Q
- BGP routes – 2.8M
- OSPF routes – 500k
- RIP routes – 10k
- MAC address table – 128k
- FIB size – 3.0M
- VRF Lite – 32
Plug-in interfaces
- USB 3G/4G/LTE modem
- E1 TopGate SFP
Remote Access VPN clients
- PPTP/PPPoE/L2TP/OpenVPN/IPsec XAUTH
Remote Access VPN server
- L2TP/PPTP/OpenVPN/IPsec XAUTH
Site-to-site VPN
- IPsec: «policy-based» and «route-based» modes
- DMVPN
- DES, 3DES, AES, Blowfish, Camellia encryption algorithms
- IKE MD5, SHA-1, SHA-2 message authentication
Tunneling
- IPoGRE, EoGRE
- IPIP
- L2TPv3
- LT (inter VRF-lite routing)
L2 functions
- Packet switching (bridging)
- LAG/LACP (802.3ad)
- VLAN (802.1Q)
- Logical interfaces
- LLDP, LLDP MED
- VLAN-based MAC
L3 functions (IPv4/IPv6)
- NAT, Static NAT, ALG
- Static routes
- Dynamic routing protocols RIPv2, OSPFv2/v3, BGP
- Route filtering (prefix list)
- VRF Lite
- Policy Based Routing (PBR)
- BFD for BGP, OSPF, static routes
Network security functions
- Intrusion Detection/Prevention system (IPS/IDS)1
- Web filtering by URL, by content (cookies, ActiveX, JavaScript)
- Zone-based Firewall
- Firewall filtering based on L2/L3/L4 fields and applications
- Support for access control lists on the base of L2/L3/L4 fields
- Protection from DoS/DDoS attacks and notification on them
- Logging of attack and rule triggering events
SLA control functions
- Eltex SLA
- Channel parameters evaluation:
- Delay (one-way/two-way)
- Jitter (one-way/two-way)
- Packet loss (one-way/two-way)
- Packet Error Rate
- Out-of-order delivery
- Wellink SLA (wiSLA)1
BRAS (IPoE)1
- User termination
- White/black URL lists
- Quotas for traffic volume, session time, network applications
- HTTP/HTTPS Proxy
- HTTP/HTTPS Redirect
- Session accounting via Netflow protocol
- Interaction with ААА, PCRF
- Bandwidth management by offices, SSID and user sessions
- User authentication by MAC or IP address