HPE JG411A Product Data Sheet

Data sheet
HPE MSR2000 Router Series
Key features
• Up to 1 Mpps forwarding; converged high-performance routing, switching, security, voice, and mobility
• Embedded security features with hardware-based encryption, firewall, Network Address Translation (NAT), and Virtual Private Networks (VPNs)
• Industry-leading breadth of LAN and WAN connectivity, up to 24/48 GE switching ports integrated
• No additional licensing complexity; no cost for advanced features
Product overview
The HPE MSR2000 Router Series, the next generation of router from Hewlett Packard Enterprise (HPE), is a component of the HPE FlexBranch solution, which is a part of the comprehensive HPE FlexNetwork architecture. These routers feature a modular design that delivers unmatched application services for small- to medium-sized branch oices. This gives your IT personnel the benefit of reduced complexity, and simplified configuration, deployment, and management.
The MSR2000 series provides an agile, flexible network infrastructure that enables you to quickly adapt to your changing business requirements while delivering integrated concurrent services on a single, easy-to-manage platform.
Data sheet
Page 2
Features and benefits
Performance
• Excellent forwarding performance Provides forwarding performance up to 1 Mpps (672 Mb/s); meets the bandwidth-intensive application demands of enterprise businesses
• Powerful security capacity The MSR2000 series is available with standard or high encryption, an embedded hardware encryption accelerator to improve encryption performance; IPSec encryption throughput can be up to 400 Mb/s with a maximum of 1000 IPSec VPN tunnels
Product architecture
• SDN/OpenFlow OpenFlow is the communications interface defined between the control and forwarding layers of a Software-Defined Networking (SDN) architecture. OpenFlow separates the data forwarding and routing decision functions. It keeps the flow-based forwarding function and employs a separate controller to make routing decisions. OpenFlow matches packets against one or more flow tables. MSR support OpenFlow 131
• Ideal multiservice platform Provides WAN router, Ethernet switch, 3G and 4G WAN, stateful firewall, VPN, and SIP or voice gateway on MSRs
• Advanced hardware architecture Supports multicore processors, Gigabit switching, and PCIe bus. Dual internal power supplies (AC or DC) supported on MSR2004-48 for higher reliability and flexibility
• New operating system version Ships with new Comware v7 Operating System delivering the latest in virtualization and routing
Connectivity
• Virtual eXtensible LAN (VXLAN) VXLAN is an IP-based network, using the “MAC in UDP” package of Layer VPN technology. VXLAN can be based on an existing ISP or enterprise IP networks for decentralized physical site provides Layer 2 communication, and can provide service isolation for dierent tenants
• Virtual Private LAN Service (VPLS) VPLS delivers a point-to-multipoint L2VPN service over an MPLS or IP backbone. The backbone is transparent to the customer sites, which can communicate with each other as if they were on the same LAN. The following protocols support on MSRs, RFC4447, RFC4761, and RFC4762, BFD detection in VPLS, Support hierarchical HOPE (H-VPLS), MAC address recovery in H-VPLS to speed up convergence
• Network Mobility (NEMO) NEMO enables a node to retain the same IP address and maintain application connectivity when the node travels across networks. It allows location-independent routing of IP datagrams on the Internet
• High-density port connectivity Provides 24 or 48 Giga LAN switching ports on board (all switching ports can be configured as routed ports), up to four interface module slots, and up to 30 module options
• Multiple WAN interfaces Provides a traditional link with E1, T1, Serial, ADSL over POTs, ADSL over ISDN, G.SHDSL, Asynchronous Transfer Mode (ATM), and ISDN links; high-density Fast or Giga Ethernet access modules; mobility access with 3G (WCDMA/HSPA)/4G LTE SIC module, and 3G/4G USB modems
Data sheet
Page 3
• Packet storm protection Protects against broadcast, multicast, or unicast storms with user-defined thresholds
• Loopback Supports internal loopback testing for maintenance purposes and an increase in availability; loopback detection protects against incorrect cabling or network configurations and can be enabled on a per-port or per-VLAN basis for added flexibility
• 3G/4G LTE access support Provides 3G/4G LTE wireless access for primary or backup connectivity via a 3G/4G LTE SIC modules certified on various cellular networks; optional carrier 3G/4G LTE USB modems are available
• USB interface Uses USB memory disk to download and upload configuration and OS image files; supports an external USB 3G/4G modem for a 3G/4G WAN uplink
• Flexible port selection Provides a combination of fiber and copper interface modules, 100/1000BASE-X support, and 10/100/1000BASE-T auto-speed detection plus auto duplex and MDI/MDI-X
Layer 2 switching
• Spanning Tree Protocol (STP) Supports standard IEEE 8021D STP, IEEE 8021w Rapid Spanning Tree Protocol (RSTP) for faster convergence, and IEEE 8021s Multiple Spanning Tree Protocol (MSTP)
• Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) protocol snooping Control and manage the flooding of multicast packets in a Layer 2 network
• Port mirroring Duplicates port traic (ingress and egress) to a local or remote monitoring port
• VLANs Supports IEEE 8021Q-based VLANs
• sFlow® Allows traic sampling
• Define port as switched or routed Supports command switch to easily change switched ports to routed (maximum four Fast Ethernet ports)
Layer 3 routing
• Static IPv4 routing Provides simple manually configured IPv4 routing
• Routing Information Protocol (RIP) Uses a distance vector algorithm with User Datagram Protocol (UDP) packets for route determination; supports RIPv1 and RIPv2 routing; includes loop protection
• Open Shortest Path First (OSPF) Delivers faster convergence; uses this link-state routing Interior Gateway Protocol (IGP), which supports ECMP, NSSA, and MD5 authentication for increased security and graceful restart for faster failure recovery
Data sheet
Page 4
• Border Gateway Protocol 4 (BGP-4) Delivers an implementation of the Exterior Gateway Protocol (EGP) utilizing path vectors; uses TCP for enhanced reliability for the route discovery process; reduces bandwidth consumption by advertising only incremental updates; supports extensive policies for increased flexibility; scales to very large networks
• Intermediate system to intermediate system (IS-IS) Uses a path vector Interior Gateway Protocol (IGP), which is defined by the ISO organization for IS-IS routing and extended by IETF RFC 1195 to operate in both TCP/IP and the OSI reference model (Integrated IS-IS)
• Static IPv6 routing Provides simple manually configured IPv6 routing
• Dual IP stack Maintains separate stacks for IPv4 and IPv6 to ease the transition from an IPv4-only network to an IPv6-only network design
• Routing Information Protocol next generation (RIPng) Extends RIPv2 to support IPv6 addressing
• OSPFv3 Provides OSPF support for IPv6
• BGP+ Extends BGP-4 to support Multiprotocol BGP (MBGP), including support for IPv6 addressing
• IS-IS for IPv6 Extends IS-IS to support IPv6 addressing
• IPv6 tunneling Allows IPv6 packets to traverse IPv4-only networks by encapsulating the IPv6 packet into a standard IPv4 packet; supports manually configured, 6 to 4, and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels; is an important element for the transition from IPv4 to IPv6
• Multiprotocol Label Switching (MPLS) Uses BGP to advertise routes across Label Switched Paths (LSPs), but uses simple labels to forward packets from any Layer 2 or Layer 3 protocol, which reduces complexity and increases performance; supports graceful restart for reduced failure impact; supports LSP tunneling and multilevel stacks
• Multiprotocol Label Switching (MPLS) Layer 3 VPN Allows Layer 3 VPNs across a provider network; uses Multiprotocol BGP (MBGP) to establish private routes for increased security; supports RFC 2547bis multiple autonomous system VPNs for added flexibility; supports IPv6 MPLS VPN
• Multiprotocol Label Switching (MPLS) Layer 2 VPN Establishes simple Layer 2 point-to-point VPNs across a provider network using only MPLS Label Distribution Protocol (LDP); requires no routing and therefore decreases complexity, increases performance, and allows VPNs of non-routable protocols; uses no routing information for increased security; supports Circuit Cross Connect (CCC), Static Virtual Circuits (SVCs), Martini draft, and Kompella draft technologies
• Routing policy Allows custom filters for increased performance and security; supports access control lists (ACLs), IP prefix, AS paths, community lists, and aggregate policies
Data sheet
Page 5
Layer 3 services
• N AT-P T Network Address Translation-Protocol Translation (NAT-PT) enables communication between IPv4 and IPv6 nodes by translating between IPv4 and IPv6 packets. It performs IP address translation, and according to dierent protocols, performs semantic translation for packets. This technology is only suitable for communication between a pure IPv4 node and a pure IPv6 node
• WAN Optimization MSR performs optimization using TFO and a combination of DRE, Lempel-Ziv (LZ) compression to provide the bandwidth optimization for file service and web applications. The policy engine module determines which traic can be optimized and which optimization action should be taken. A pair of WAN optimization equipment can discover each other automatically and complete the negotiation to establish a TCP optimization session
• Address Resolution Protocol (ARP) Determines the MAC address of another IP host in the same subnet; supports static ARPs; gratuitous ARP allows detection of duplicate IP addresses; proxy ARP allows normal ARP operation between subnets or when subnets are separated by a Layer 2 network
• User Datagram Protocol (UDP) helper Redirects UDP broadcasts to specific IP subnets to prevent server spoofing
• Dynamic Host Configuration Protocol (DHCP) Simplifies the management of large IP networks and supports client and server; DHCP Relay enables DHCP operation across subnets
Quality of service (QoS)
• Nested QoS Provides a built-in QoS engine that supports nested QoS (same as hierarchical QoS) and can implement a hierarchical scheduling mechanism based on ports, user groups, users, and user services
• Traic policing Supports Committed Access Rate (CAR) and line rate
• Congestion management Supports FIFO, PQ, CQ, WFQ, CBQ, and RTPQ
• Weighted random early detection (WRED)/random early detection (RED) Delivers congestion avoidance capabilities through the use of queue management algorithms
• Other QoS technologies Supports traic shaping, MPLS QoS, MP QoS/LFI, and Control Plane Policing (CoPP)
Data sheet
Page 6
Security
• IPS Built-in Intrusion Prevention System (IPS) detects and protects the branch oice from security threats. Optional HPE integration filters for client-side, branch protection from exploits and vulnerabilities
• Enhanced stateful firewall Application layer protocol inspection, Transport layer protocol inspection, ICMP error message check, and TCP SYN check. Support more L4 and L7 protocols like TCP, UDP, UDP-Lite, ICMPv4/ICMPv6, SCTP, DCCP, RAWIP, HTTP, FTP, SMTP, DNS, SIP, H.323, SCCP
• Zone based firewall Zone based policy firewall changes the firewall configuration from the older interface-based model to a more flexible, more easily understood zone-based model. Interfaces are assigned to zones, and inspection policy is applied to traic moving between the zones. Inter-zone policies oer considerable flexibility and granularity, so dierent inspection policies can be applied to multiple host groups connected to the same router interface
• Auto Discover VPN (ADVPN) Collects, maintains, and distributes dynamic public addresses through the VPN Address Management (VAM) protocol, making VPN establishment available between enterprise branches that use dynamic addresses to access the public network; compared to traditional VPN technologies, ADVPN technology is more flexible and has richer features, such as NAT traversal of ADVPN packets, AAA identity authentication, IPSec protection of data packets, and multiple VPN domains
• IPSec VPN Supports DES, Triple DES (3DES), and Advanced Encryption Standard (AES) 128/192/256 encryption, and MD5 and SHA-1 authentication
• Access control list (ACL) Supports powerful ACLs for both IPv4 and IPv6; ACLs are used for filtering traic to prevent unauthorized users from accessing the network, or for controlling network traic to save resources; rules can either deny or permit traic to be forwarded; rules can be based on a Layer 2 header or a Layer 3 protocol header; rules can be set to operate on specific dates or times
• Terminal Access Controller Access-Control System (TACACS+) Delivers an authentication tool using TCP with encryption of the full authentication request, providing additional security
• Unicast Reverse Path Forwarding (URPF) Allows normal packets to be forwarded correctly, but discards the attaching packet due to lack of reverse path route or incorrect inbound interface; prevents source spoofing and distributed attacks
• Network login Allows authentication of multiple users per port
• RADIUS Eases security access administration by utilizing a user and password authentication server
• Network address translation (NAT) Supports one-to-one NAT, many-to-many NAT, and NAT control, enabling NAPT to support multiple connections; supports blacklist in NAT, a limit on the number of connections, session logs, and multi-instances
Loading...
+ 14 hidden pages