HPE JG411A Product Data Sheet
Data sheet
HPE MSR2000 Router Series
Key features
• Up to 1 Mpps forwarding; converged high-performance routing, switching, security, voice,
and mobility
• Embedded security features with hardware-based encryption, firewall, Network Address
Translation (NAT), and Virtual Private Networks (VPNs)
• Industry-leading breadth of LAN and WAN connectivity, up to 24/48 GE switching ports
integrated
• No additional licensing complexity; no cost for advanced features
• Zero-touch solution, with single-pane-of-glass management
Product overview
The HPE MSR2000 Router Series, the next generation of router from Hewlett Packard Enterprise
(HPE), is a component of the HPE FlexBranch solution, which is a part of the comprehensive
HPE FlexNetwork architecture. These routers feature a modular design that delivers unmatched
application services for small- to medium-sized branch oices. This gives your IT personnel the
benefit of reduced complexity, and simplified configuration, deployment, and management.
The MSR2000 series provides an agile, flexible network infrastructure that enables you to quickly
adapt to your changing business requirements while delivering integrated concurrent services
on a single, easy-to-manage platform.
Data sheet
Page 2
Features and benefits
Performance
• Excellent forwarding performance
Provides forwarding performance up to 1 Mpps (672 Mb/s); meets the bandwidth-intensive
application demands of enterprise businesses
• Powerful security capacity
The MSR2000 series is available with standard or high encryption, an embedded hardware
encryption accelerator to improve encryption performance; IPSec encryption throughput can
be up to 400 Mb/s with a maximum of 1000 IPSec VPN tunnels
Product architecture
• SDN/OpenFlow
OpenFlow is the communications interface defined between the control and forwarding layers
of a Software-Defined Networking (SDN) architecture. OpenFlow separates the data forwarding
and routing decision functions. It keeps the flow-based forwarding function and employs a
separate controller to make routing decisions. OpenFlow matches packets against one or more
flow tables. MSR support OpenFlow 131
• Ideal multiservice platform
Provides WAN router, Ethernet switch, 3G and 4G WAN, stateful firewall, VPN, and SIP or voice
gateway on MSRs
• Advanced hardware architecture
Supports multicore processors, Gigabit switching, and PCIe bus. Dual internal power supplies
(AC or DC) supported on MSR2004-48 for higher reliability and flexibility
• New operating system version
Ships with new Comware v7 Operating System delivering the latest in virtualization and routing
Connectivity
• Virtual eXtensible LAN (VXLAN)
VXLAN is an IP-based network, using the “MAC in UDP” package of Layer VPN technology.
VXLAN can be based on an existing ISP or enterprise IP networks for decentralized physical
site provides Layer 2 communication, and can provide service isolation for dierent tenants
• Virtual Private LAN Service (VPLS)
VPLS delivers a point-to-multipoint L2VPN service over an MPLS or IP backbone. The backbone
is transparent to the customer sites, which can communicate with each other as if they were
on the same LAN. The following protocols support on MSRs, RFC4447, RFC4761, and RFC4762,
BFD detection in VPLS, Support hierarchical HOPE (H-VPLS), MAC address recovery in H-VPLS
to speed up convergence
• Network Mobility (NEMO)
NEMO enables a node to retain the same IP address and maintain application connectivity when the
node travels across networks. It allows location-independent routing of IP datagrams on the Internet
• High-density port connectivity
Provides 24 or 48 Giga LAN switching ports on board (all switching ports can be configured
as routed ports), up to four interface module slots, and up to 30 module options
• Multiple WAN interfaces
Provides a traditional link with E1, T1, Serial, ADSL over POTs, ADSL over ISDN, G.SHDSL,
Asynchronous Transfer Mode (ATM), and ISDN links; high-density Fast or Giga Ethernet access
modules; mobility access with 3G (WCDMA/HSPA)/4G LTE SIC module, and 3G/4G USB modems
Data sheet
Page 3
• Packet storm protection
Protects against broadcast, multicast, or unicast storms with user-defined thresholds
• Loopback
Supports internal loopback testing for maintenance purposes and an increase in availability;
loopback detection protects against incorrect cabling or network configurations and can be
enabled on a per-port or per-VLAN basis for added flexibility
• 3G/4G LTE access support
Provides 3G/4G LTE wireless access for primary or backup connectivity via a 3G/4G LTE SIC
modules certified on various cellular networks; optional carrier 3G/4G LTE USB modems
are available
• USB interface
Uses USB memory disk to download and upload configuration and OS image files; supports
an external USB 3G/4G modem for a 3G/4G WAN uplink
• Flexible port selection
Provides a combination of fiber and copper interface modules, 100/1000BASE-X support,
and 10/100/1000BASE-T auto-speed detection plus auto duplex and MDI/MDI-X
Layer 2 switching
• Spanning Tree Protocol (STP)
Supports standard IEEE 8021D STP, IEEE 8021w Rapid Spanning Tree Protocol (RSTP)
for faster convergence, and IEEE 8021s Multiple Spanning Tree Protocol (MSTP)
• Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD)
protocol snooping
Control and manage the flooding of multicast packets in a Layer 2 network
• Port mirroring
Duplicates port traic (ingress and egress) to a local or remote monitoring port
• VLANs
Supports IEEE 8021Q-based VLANs
• sFlow®
Allows traic sampling
• Define port as switched or routed
Supports command switch to easily change switched ports to routed (maximum four Fast Ethernet
ports)
Layer 3 routing
• Static IPv4 routing
Provides simple manually configured IPv4 routing
• Routing Information Protocol (RIP)
Uses a distance vector algorithm with User Datagram Protocol (UDP) packets for route
determination; supports RIPv1 and RIPv2 routing; includes loop protection
• Open Shortest Path First (OSPF)
Delivers faster convergence; uses this link-state routing Interior Gateway Protocol (IGP), which
supports ECMP, NSSA, and MD5 authentication for increased security and graceful restart for
faster failure recovery
Data sheet
Page 4
• Border Gateway Protocol 4 (BGP-4)
Delivers an implementation of the Exterior Gateway Protocol (EGP) utilizing path vectors;
uses TCP for enhanced reliability for the route discovery process; reduces bandwidth consumption
by advertising only incremental updates; supports extensive policies for increased flexibility;
scales to very large networks
• Intermediate system to intermediate system (IS-IS)
Uses a path vector Interior Gateway Protocol (IGP), which is defined by the ISO organization
for IS-IS routing and extended by IETF RFC 1195 to operate in both TCP/IP and the OSI reference
model (Integrated IS-IS)
• Static IPv6 routing
Provides simple manually configured IPv6 routing
• Dual IP stack
Maintains separate stacks for IPv4 and IPv6 to ease the transition from an IPv4-only network
to an IPv6-only network design
• Routing Information Protocol next generation (RIPng)
Extends RIPv2 to support IPv6 addressing
• OSPFv3
Provides OSPF support for IPv6
• BGP+
Extends BGP-4 to support Multiprotocol BGP (MBGP), including support for IPv6 addressing
• IS-IS for IPv6
Extends IS-IS to support IPv6 addressing
• IPv6 tunneling
Allows IPv6 packets to traverse IPv4-only networks by encapsulating the IPv6 packet into
a standard IPv4 packet; supports manually configured, 6 to 4, and Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) tunnels; is an important element for the transition from
IPv4 to IPv6
• Multiprotocol Label Switching (MPLS)
Uses BGP to advertise routes across Label Switched Paths (LSPs), but uses simple labels to
forward packets from any Layer 2 or Layer 3 protocol, which reduces complexity and increases
performance; supports graceful restart for reduced failure impact; supports LSP tunneling and
multilevel stacks
• Multiprotocol Label Switching (MPLS) Layer 3 VPN
Allows Layer 3 VPNs across a provider network; uses Multiprotocol BGP (MBGP) to establish
private routes for increased security; supports RFC 2547bis multiple autonomous system VPNs
for added flexibility; supports IPv6 MPLS VPN
• Multiprotocol Label Switching (MPLS) Layer 2 VPN
Establishes simple Layer 2 point-to-point VPNs across a provider network using only MPLS
Label Distribution Protocol (LDP); requires no routing and therefore decreases complexity,
increases performance, and allows VPNs of non-routable protocols; uses no routing information for
increased security; supports Circuit Cross Connect (CCC), Static Virtual Circuits (SVCs), Martini draft,
and Kompella draft technologies
• Routing policy
Allows custom filters for increased performance and security; supports access control lists (ACLs),
IP prefix, AS paths, community lists, and aggregate policies
Data sheet
Page 5
Layer 3 services
• N AT-P T
Network Address Translation-Protocol Translation (NAT-PT) enables communication between IPv4
and IPv6 nodes by translating between IPv4 and IPv6 packets. It performs IP address translation,
and according to dierent protocols, performs semantic translation for packets. This technology
is only suitable for communication between a pure IPv4 node and a pure IPv6 node
• WAN Optimization
MSR performs optimization using TFO and a combination of DRE, Lempel-Ziv (LZ) compression
to provide the bandwidth optimization for file service and web applications. The policy engine
module determines which traic can be optimized and which optimization action should be taken.
A pair of WAN optimization equipment can discover each other automatically and complete the
negotiation to establish a TCP optimization session
• Address Resolution Protocol (ARP)
Determines the MAC address of another IP host in the same subnet; supports static ARPs;
gratuitous ARP allows detection of duplicate IP addresses; proxy ARP allows normal ARP operation
between subnets or when subnets are separated by a Layer 2 network
• User Datagram Protocol (UDP) helper
Redirects UDP broadcasts to specific IP subnets to prevent server spoofing
• Dynamic Host Configuration Protocol (DHCP)
Simplifies the management of large IP networks and supports client and server; DHCP Relay
enables DHCP operation across subnets
Quality of service (QoS)
• Nested QoS
Provides a built-in QoS engine that supports nested QoS (same as hierarchical QoS) and can
implement a hierarchical scheduling mechanism based on ports, user groups, users, and user services
• Traic policing
Supports Committed Access Rate (CAR) and line rate
• Congestion management
Supports FIFO, PQ, CQ, WFQ, CBQ, and RTPQ
• Weighted random early detection (WRED)/random early detection (RED)
Delivers congestion avoidance capabilities through the use of queue management algorithms
• Other QoS technologies
Supports traic shaping, MPLS QoS, MP QoS/LFI, and Control Plane Policing (CoPP)
Data sheet
Page 6
Security
• IPS
Built-in Intrusion Prevention System (IPS) detects and protects the branch oice from security
threats. Optional HPE integration filters for client-side, branch protection from exploits and
vulnerabilities
• Enhanced stateful firewall
Application layer protocol inspection, Transport layer protocol inspection, ICMP error message
check, and TCP SYN check. Support more L4 and L7 protocols like TCP, UDP, UDP-Lite,
ICMPv4/ICMPv6, SCTP, DCCP, RAWIP, HTTP, FTP, SMTP, DNS, SIP, H.323, SCCP
• Zone based firewall
Zone based policy firewall changes the firewall configuration from the older interface-based
model to a more flexible, more easily understood zone-based model. Interfaces are assigned
to zones, and inspection policy is applied to traic moving between the zones. Inter-zone
policies oer considerable flexibility and granularity, so dierent inspection policies can be
applied to multiple host groups connected to the same router interface
• Auto Discover VPN (ADVPN)
Collects, maintains, and distributes dynamic public addresses through the VPN Address
Management (VAM) protocol, making VPN establishment available between enterprise branches
that use dynamic addresses to access the public network; compared to traditional VPN
technologies, ADVPN technology is more flexible and has richer features, such as NAT traversal
of ADVPN packets, AAA identity authentication, IPSec protection of data packets, and multiple
VPN domains
• IPSec VPN
Supports DES, Triple DES (3DES), and Advanced Encryption Standard (AES) 128/192/256
encryption, and MD5 and SHA-1 authentication
• Access control list (ACL)
Supports powerful ACLs for both IPv4 and IPv6; ACLs are used for filtering traic to prevent
unauthorized users from accessing the network, or for controlling network traic to save resources;
rules can either deny or permit traic to be forwarded; rules can be based on a Layer 2 header or
a Layer 3 protocol header; rules can be set to operate on specific dates or times
• Terminal Access Controller Access-Control System (TACACS+)
Delivers an authentication tool using TCP with encryption of the full authentication request,
providing additional security
• Unicast Reverse Path Forwarding (URPF)
Allows normal packets to be forwarded correctly, but discards the attaching packet due to lack of
reverse path route or incorrect inbound interface; prevents source spoofing and distributed attacks
• Network login
Allows authentication of multiple users per port
• RADIUS
Eases security access administration by utilizing a user and password authentication server
• Network address translation (NAT)
Supports one-to-one NAT, many-to-many NAT, and NAT control, enabling NAPT to support
multiple connections; supports blacklist in NAT, a limit on the number of connections, session logs,
and multi-instances
Loading...