HPE JG732A Product Data Sheet
Data sheet
HPE MSR1000 Router Series
Key features
• Up to 500 Kpps IP forwarding; converged high-performance routing, switching, security,
voice, and mobility
• Embedded security features with hardware-based encryption, firewall, network address
translation (NAT), and VPNs
• Industry-leading breadth of LAN and WAN connectivity options
• No additional licensing complexity; no cost for advanced features
• Zero-touch solution, with single-pane-of-glass management
Product overview
The HPE MSR1000 Router Series is a next generation multiservices router designed to deliver
unmatched application performance for small branch oices. The MSR1000 series provides
a flexible multiservice end point for small branches and remote oices that quickly adapts to
changing business requirements while delivering integrated, concurrent services on a single,
easy-to-manage platform.
Features and benefits
Performance
• Excellent forwarding performance
Provides forwarding performance up to 500 Kpps; meets current and future bandwidth-intensive
application demands of enterprise businesses
• Powerful encryption capacity
Includes embedded hardware encryption accelerator to improve encryption performance
Product architecture
• SDN/OpenFlow
OpenFlow is the communications interface defined between the control and forwarding
layers of a SDN (Software-Defined Networking ) architecture. OpenFlow separates the data
forwarding and routing decision functions. It keeps the flow-based forwarding function and
employs a separate controller to make routing decisions. OpenFlow matches packets against
one or more flow tables. MSR support OpenFlow 131
Data sheet
Page 2
• Ideal multiservice platform
Provides WAN router, Ethernet switch, wireless LAN, 3G or 4G WAN, firewall, VPN, and SIP
or voice gateway all in one box
• High-density voice interfaces
Provide flexible analog voice interface options for easy integration within a wide range
of deployments
• USB interface
Uses USB memory disk to download and upload configuration files; supports an external
USB 3G modem for a 3G WAN uplink
• Advanced hardware architecture
Delivers Gigabit Ethernet switching and a PCIe bus
Connectivity
• VXLAN (Virtual eXtensible LAN)
VXLAN (Virtual eXtensible LAN, scalable virtual local area network) is an IP-based network,
using the “MAC in UDP” package of Layer VPN technology. VXLAN can be based on an existing
ISP or enterprise IP networks for decentralized physical site provides Layer 2 communication,
and can provide service isolation for dierent tenants
• Virtual Private LAN Service (VPLS)
Virtual Private LAN Service (VPLS) delivers a point-to-multipoint L2VPN service over
an MPLS or IP backbone. The backbone is transparent to the customer sites, which can
communicate with each other as if they were on the same LAN. The following protocols
support on MSRs, RFC4447, RFC4761 and RFC4762, BFD detection in VPLS, Support
hierarchical HOPE(H-VPLS), MAC address recovery in H-VPLS to speed up convergence
• NEMO (Network Mobility)
Network mobility (NEMO) enables a node to retain the same IP address and maintain
application connectivity when the node travels across networks. It allows location-independent
routing of IP datagrams on the Internet
• Packet storm protection
Protects against broadcast, multicast, or unicast storms with user-defined thresholds
• Loopback
Supports internal loopback testing for maintenance purposes and an increase in availability;
loopback detection protects against incorrect cabling or network configurations and can be
enabled on a per-port or per-VLAN basis for added flexibility
• 3G/4G access support
Provides 3G/4G LTE wireless access for primary or backup connectivity via a 3G/4G LTE SIC
modules certified on various cellular networks; optional carrier 3G/4G USB modems available
• Flexible port selection
Provides a combination of fiber and copper interface modules, 100/1000BASE-X auto-speed
selection, and 10/100/1000BASE-T auto-speed detection plus auto duplex and MDI/MDI-X
• Multiple WAN interfaces
Provide a traditional link with E1, T1, ADSL, ADSL2, ADSL2+, G.SHDSL, Serial, and ISDN
backup; provide high-density Ethernet access with Fast Ethernet/Gigabit Ethernet, mobility
access with IEEE 80211b/g/n Wi-Fi, and 3G/4G LTE options
• High-density port connectivity
Integrates four or eight Giga LAN switching ports (All switching ports can be configured
as routed ports.), two or three SIC slots, and up to 30 module options
Data sheet
Page 3
Layer 2 switching
• Spanning Tree Protocol (STP)
Supports standard IEEE 8021D STP, IEEE 8021w Rapid Spanning Tree Protocol (RSTP)
for faster convergence, and IEEE 8021s Multiple Spanning Tree Protocol (MSTP)
• Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD)
protocol snooping
Control and manage the flooding of multicast packets in a Layer 2 network
• Port mirroring
Duplicates port traic (ingress and egress) to a local or remote monitoring port
• VLANs
Support IEEE 8021Q-based VLANs
• sFlow
Allows traic sampling
• Define port as switched or routed
Supports command switch to easily change switched ports to routed (maximum eight GE ports)
Layer 3 routing
• Static IPv4 routing
Provides simple manually configured IPv4 routing
• Routing Information Protocol (RIP)
Uses a distance vector algorithm with User Datagram Protocol (UDP) packets for route
determination; supports RIPv1 and RIPv2 routing; includes loop protection
• Open Shortest Path First (OSPF)
Delivers faster convergence; uses this link-state routing Interior Gateway Protocol (IGP), which
supports ECMP, NSSA, and MD5 authentication for increased security and graceful restart for
faster failure recovery
• Border Gateway Protocol 4 (BGP-4)
Delivers an implementation of the Exterior Gateway Protocol (EGP) utilizing path vectors; uses
TCP for enhanced reliability for the route discovery process; reduces bandwidth consumption
by advertising only incremental updates; supports extensive policies for increased flexibility;
scales to very large networks
• Intermediate system to intermediate system (IS-IS)
Uses a path vector Interior Gateway Protocol (IGP), which is defined by the ISO organization
for IS-IS routing and extended by IETF RFC 1195 to operate in both TCP/IP and the OSI
reference model (Integrated IS-IS)
• Static IPv6 routing
Provides simple manually configured IPv6 routing
• Dual IP stack
Maintains separate stacks for IPv4 and IPv6 to ease the transition from an IPv4-only network
to an IPv6-only network design
• Routing Information Protocol next generation (RIPng)
Extends RIPv2 to support IPv6 addressing
• OSPFv3
Provides OSPF support for IPv6
• BGP+
Extends BGP-4 to support Multiprotocol BGP (MP-BGP), including support for IPv6 addressing
• IS-IS for IPv6
Extends IS-IS to support IPv6 addressing
Data sheet
Page 4
• IPv6 tunneling
Allows IPv6 packets to traverse IPv4-only networks by encapsulating the IPv6 packet into
a standard IPv4 packet; supports manually configured, 6 to 4, and Intra-Site Automatic
Tunnel Addressing Protocol (ISATAP) tunnels; is an important element for the transition
from IPv4 to IPv6
• Multiprotocol Label Switching (MPLS)
Uses BGP to advertise routes across Label Switched Paths (LSPs), but uses simple labels
to forward packets from any Layer 2 or Layer 3 protocol, which reduces complexity and
increases performance; supports graceful restart for reduced failure impact; supports LSP
tunneling and multilevel stacks
• Multiprotocol Label Switching (MPLS) Layer 3 VPN
Allows Layer 3 VPNs across a provider network; uses Multiprotocol BGP (MP-BGP) to establish
private routes for increased security; supports RFC 2547 multiple autonomous system VPNs for
added flexibility; supports IPv6 MPLS VPN
• Multiprotocol Label Switching (MPLS) Layer 2 VPN
Establishes simple Layer 2 point-to-point VPNs across a provider network using only MPLS
Label Distribution Protocol (LDP); requires no routing and therefore decreases complexity,
increases performance, and allows VPNs of non-routable protocols; uses no routing information
for increased security; supports Circuit Cross Connect (CCC), Static Virtual Circuits (SVCs),
Martini draft, and Kompella draft technologies
• Policy routing
Allows custom filters for increased performance and security; supports access control lists (ACLs),
IP prefix, AS paths, community lists, and aggregate policies
Layer 3 services
• N AT-P T
Network Address Translation – Protocol Translation (NAT-PT) enables communication
between IPv4 and IPv6 nodes by translating between IPv4 and IPv6 packets. It performs
IP address translation, and according to dierent protocols, performs semantic translation
for packets. This technology is only suitable for communication between a pure IPv4 node
and a pure IPv6 node
• WAN Optimization
MSR performs optimization using TFO and a combination of DRE, Lempel-Ziv (LZ)
compression to provide the bandwidth optimization for file service and web applications.
The policy engine module determines which traic can be optimized and which optimization
action should be taken. A pair of WAN optimization equipment can discover each other
automatically and complete the negotiation to establish a TCP optimization session
• Address Resolution Protocol (ARP)
Determines the MAC address of another IP host in the same subnet; supports static ARPs;
gratuitous ARP allows detection of duplicate IP addresses; proxy ARP allows normal ARP
operation between subnets or when subnets are separated by a Layer 2 network
• User Datagram Protocol (UDP) helper
Redirects UDP broadcasts to specific IP subnets to prevent server spoofing
• Dynamic Host Configuration Protocol (DHCP)
Simplifies the management of large IP networks and supports client and server; DHCP Relay
enables DHCP operation across subnets
Quality of service (QoS)
• Traic policing
Supports Committed Access Rate (CAR) and line rate
• Congestion management
Supports FIFO, PQ, CQ, WFQ, CBQ, and RTPQ
Data sheet
Page 5
• Weighted random early detection (WRED)/Random early detection (RED)
Delivers congestion avoidance capabilities through the use of queue management algorithms
• Other QoS technologies
Support traic shaping, FR QoS, MPLS QoS, and MP QoS/LFI
Security
• IPS
Built-in Intrusion Prevention System (IPS) detects and protects the branch oice from security
threats. Optional HPE integration filters for client-side, branch protection from exploits and
vulnerabilities
• Zone based firewall
Zone-Based Policy Firewall changes the firewall configuration from the older interface-based
model to a more flexible, more easily understood zone-based model. Interfaces are assigned
to zones, and inspection policy is applied to traic moving between the zones. Inter-zone
policies oer considerable flexibility and granularity, so dierent inspection policies can be
applied to multiple host groups connected to the same router interface
• Enhanced stateful firewall
Application layer protocol inspection, Transport layer protocol inspection, ICMP error message
check, and TCP SYN check. Support more L4 and L7 protocols like TCP, UDP, UDP-Lite,
ICMPv4/ICMPv6, SCTP, DCCP, RAWIP, HTTP, FTP, SMTP, DNS, SIP, H.323, SCCP
• Auto Discover VPN (ADVPN)
Collects, maintains, and distributes dynamic public addresses through the VPN Address
Management (VAM) protocol, making VPN establishment available between enterprise
branches that use dynamic addresses to access the public network; compared to traditional
VPN technologies, ADVPN technology is more flexible and has richer features, such as NAT
traversal of ADVPN packets, AAA identity authentication, IPSec protection of data packets,
and multiple VPN domains
• Access control list (ACL)
Supports powerful ACLs for both IPv4 and IPv6; ACLs are used for filtering traic to prevent
unauthorized users from accessing the network, or for controlling network traic to save
resources; rules can either deny or permit traic to be forwarded; rules can be based on
a Layer 2 header or a Layer 3 protocol header; rules can be set to operate on specific dates
or times
• Terminal Access Controller Access-Control System (TACACS+)
Delivers an authentication tool using TCP with encryption of the full authentication request,
providing additional security
• Network login
Standard IEEE 8021x allows authentication of multiple users per port
• RADIUS
Eases security access administration by using a password authentication server
• Network address translation (NAT)
Supports one-to-one NAT, many-to-many NAT, and NAT control, enabling NAT-PT to
support multiple connections; supports blacklist in NAT/NAT-PT, and a limit on the number
of connections, session logs, and multi-instances
• Secure shell (SSHv2)
Uses external servers to securely login to a remote device or securely login to MSR from
a remote location; with authentication and encryption, it protects against IP spoofing and
plain text password interception; increases the security of Secure File Transfer Protocol
(SFTP) transfers
Data sheet
Page 6
• Unicast Reverse Path Forwarding (URPF)
Allows normal packets to be forwarded correctly, but discards the attaching packet due to lack
of reverse path route or incorrect inbound interface; prevents source spoofing and distributed
attacks
• IPSec VPN
Supports DES, Triple DES (3DES), and Advanced Encryption Standard (AES) 128/192/256
encryption, and MD5 and SHA-1 authentication
• Attack detection and protection
Responding to network attacks and threats by MSR Comware, support max connection
limitation, single-packet attacks protection, scanning attack protection, flood attack protection,
TCP and ICMP Attack Protection and so on
Convergence
• Internet Group Management Protocol (IGMP)
Utilizes Any-Source Multicast (ASM) or Source-Specific Multicast (SSM) to manage IPv4
multicast networks; supports IGMPv1, v2, and v3
• Protocol Independent Multicast (PIM)
Defines modes of Internet IPv4 and IPv6 multicasting to allow one-to-many and many-to-many
transmission of information; supports PIM Dense Mode (DM), Sparse Mode (SM), and Source-Specific
Multicast (SSM)
• Multicast Source Discovery Protocol (MSDP)
Allows multiple PIM-SM domains to interoperate; is used for interdomain multicast applications
• Multicast Border Gateway Protocol (MBGP)
Allows multicast traic to be forwarded across BGP networks and kept separate from unicast traic
Integration
• Embedded NetStream
Improves traic distribution using powerful scheduling algorithms, including Layer 4 to 7 services;
monitors the health status of servers and firewalls
• Embedded VPN and stateful firewall
Provide enhanced stateful packet inspection and filtering; deliver advanced VPN services with
Triple DES (3DES) and Advanced Encryption Standard (AES) encryption at high performance
and low latency, and application prioritization and enhancement
Resiliency and high availability
• Backup center
Acts as a part of the management and backup function to provide backup for device interfaces;
delivers reliability by switching traic over to a backup interface when the primary one fails
• Virtual Router Redundancy Protocol (VRRP)
Allows groups of two routers to dynamically back each other up to create highly available
routed environments; supports VRRP load balancing
Management
• Ease of deployment
Zero-touch deployment, supports TR-069, USB disk auto deployment and 3G SMS auto
deployment
• Industry-standard CLI with a hierarchical structure
Reduces training time and expenses, and increases productivity in multivendor installations
• Management security
Restricts access to critical configuration commands; oers multiple privilege levels with
password protection; ACLs provide Telnet and SNMP access; local and remote syslog
capabilities allow logging of all access
Loading...