The HPE FlexNetwork MSR95x Router Series is a high-performance Comware v7 based small-branch router that delivers
integrated routing, 4
connectivity, dual 3G/4G LTE, and
fiber (SFP) in a single box.
The MSR95x Router Series solutions deliver up to 300 Kpps forwarding with comprehensive IPv4 and IPv6 routing, MPLS, QoS,
stateful firewall, network address translation (NAT), VPN, switching, v
Moreover, this router series is based on open standards for seamless integration with existing small-branch deployments.
Features and benefits
Quality of Service (QoS)
• Integrated GbE WAN and 4-port or 8-port LAN, fiber (SFP)
• Dual 4G LTE, 3G as well as IEEE 802.11b/g/n WLAN in one box
• High encryption, stateful firewall, IPS, NAT, DVPN, GDVPN, ADVPN security features
• Unified Comware v7 OS, zero-touch solution, and single-pane-of-glass management
-port or 8-port switch options, security, SIP, embedded 802.11b/g/n WLAN
oice, and wireless capabilities in a compact, fixed form factor.
Page
QuickSpecs
HPE FlexNetwork MSR95x Router Series
Overview
2
• Traffic policing
Management
restricts access to critical configuration commands; offers multiple privilege levels with password protection; ACLs provide
impler method using User Datagram Protocol (UDP); Secure File Transfer Protocol (SFTP) runs over an
C
supports Committed Access Rate (CAR) and line rate
• Congestion management
supports FIFO, PQ, CQ, WFQ, CBQ, and RTPQ
• Weighted random early detection (WRED)/random early detection (RED)
delivers congestion avoidance capabilities through the use of queue management algorithms
• Other QoS technologies
support traffic shaping, FR QoS, and MP QoS/LFI
• Industry-standard CLI with a hierarchical structure
reduces training time and expenses, and increases productivity in multivendor installations
• Management security
• SNMPv1, v2, and v3
• Remote monitoring (RMON)
• FTP, TFTP, and SFTP support
• Debug and sampler utility
• Network Time Protocol (NTP)
• Information center
onnectivity
• Multiple Gigabit Ethernet connection options
• Multiple advanced WAN interfaces
• 4G LTE Verizon/At&t/Sprint and global carrier support
• Packet storm protection
• Loopback
Telnet and SNMP access; local and remote syslog capabilities allow logging of all access
provide complete support of SNMP; provide full support of industry-standard Management Information Base (MIB) plus
private extensions; SNMPv3 supports increased security using encryption
uses standard SNMP to monitor essential network functions; supports events, alarm, history, and statistics group plus a
private alarm extension group
offers different mechanisms for configuration updates; FTP allows bidirectional transfers over a TCP/IP network; trivial
FTP (TFTP) is a s
SSH tunnel to provide additional security
supports ping and traceroute for both IPv4 and IPv6
synchronizes timekeeping among distributed time servers and clients; keeps timekeeping consistent among all clockdependent devices within the network so that the devices can provide diverse applications based on the consistent time
provides a central repository for system and network information; aggregates all logs, traps, and debugging information
generated by the system and maintains them in order of severity; outputs the network information to multiple channels
based on user-defined rules
provides 2 GbE WAN and 4 GbE LAN ports onboard
provide traditional connection options including GbE copper (cat5e/Ethernet) connection but an additional Fiber (SFP)
port for a total of 2 WAN Gigabit Ethernet ports; and offer wireless access with 4G LTE, 3G and 802.11n WLAN
connectivity
delivers embedded 4G LTE wireless WAN backhaul connectivity with three different carrier firmware options and
simultaneous 802.11n WLAN connectivity
protects against broadcast, multicast, or unicast storms with user-defined thresholds
supports internal loopback testing for maintenance purposes and an increase in availability; loopback detection protects
against incorrect cabling or network configurations and can be enabled on a per-port basis for added flexibility
Page
QuickSpecs
HPE FlexNetwork MSR95x Router Series
Overview
3
• 3G and 4G LTE access
Performance
Resiliency and high availability
Layer 2 switching
Layer 3 services
determines the MAC address of another IP host in the same subnet; supports static ARPs; gratuitous ARP allows detection
helps manage a large number of scattered network devices centrally
supports popular 3G and 4G LTE USB modems; for a list of supported products, contact your local HPE representative
• Forwarding performance
provides up to 300 Kpps; and meets current and future bandwidth-intensive application demands for enterprise
businesses
• Embedded encryption
supports up to 100 VPN tunnels and up to 160 Mb/s encryption throughput
• Gigabit Ethernet interface
provides a connection to the network that eliminates the network as a bottleneck
• Backup Center
acts as a part of the management and backup function to provide backup for device interfaces; delivers reliability by
switching traffic over to a backup interface when the primary one fails
• Virtual Router Redundancy Protocol (VRRP)
allows groups of two routers to dynamically back each other up to create highly available routed environments; and
supports VRRP load balancing
• Spanning Tree Protocol (STP)
supports standard IEEE 802.1D STP, IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) for faster convergence, and
IEEE 802.1s Multiple Spanning Tree Protocol (MSTP)
• Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) protocol snooping
controls and manages the flooding of multicast packets in a Layer 2 network
• Port mirroring
duplicates port traffic (ingress and egress) to a local or remote monitoring port
• Port isolation
increases security by isolating ports within a VLAN while still allowing them to communicate with other VLANs
• VLANs
supports IEEE 802.1Q-based VLANs
• sFlow
allows traffic sampling
• Address Resolution Protocol (ARP)
of duplicate IP addresses; proxy ARP allows normal ARP operation between subnets or when subnets are separated by a
Layer 2 network
•Dynamic Host Configuration Protocol (DHCP)
simplifies the management of large IP networks and supports client and server; DHCP Relay enables DHCP operation
across subnets
• Built-in applications support
− Device management controller (DMC)
acts as the gateway of a virtual "network training room"
− Wisdom Network (WiNet) technology
Page
QuickSpecs
HPE FlexNetwork MSR95x Router Series
Overview
4
− Remote terminal connection (RTC) and true type terminal (TTY) access
Layer 3 routing
IS routing and extended
terior routing protocol for routing integrity and reliability between different autonomous
Security
dates or times
allows the connection of a terminal to a router through an asynchronous interface for data exchange with a frontend processor (FEP) or another terminal through the router
• Static IPv4 routing
• Routing Information Protocol (RIP)
• Open shortest path first (OSPF)
• Border Gateway Protocol 4 (BGP-4)
• Intermediate system to intermediate system (IS-IS)
• Static IPv6 routing
• Dual IP stack
• Routing Information Protocol next generation (RIPng)
• OSPFv3
• BGP+
• IS-IS for IPv6
• IPv6 tunneling
• Policy routing
• BGP4+ support
provides simple manually configured IPv4 routing
uses a distance vector algorithm with UDP packets for route determination; supports RIPv1 and RIPv2 routing; includes
loop protection
delivers faster convergence; uses this link-state routing Interior Gateway Protocol (IGP), which supports ECMP, NSSA, and
MD5 authentication for increased security and graceful restart for faster failure recovery
delivers an implementation of the Exterior Gateway Protocol (EGP) utilizing path vectors; uses TCP for enhanced
reliability for the route discovery process; reduces bandwidth consumption by advertising only incremental updates;
supports extensive policies for increased flexibility; scales to very large networks
uses a path vector Interior Gateway Protocol (IGP), which is defined by the ISO organization for ISby IETF RFC 1195 to operate in both TCP/IP and the OSI reference model (Integrated IS-IS)
provides simple manually configured IPv6 routing
maintains separate stacks for IPv4 and IPv6 to ease the transition from an IPv4-only network to an IPv6-only network
design
extends RIPv2 to support IPv6 addressing
provides OSPF support for IPv6
extends BGP-4 to support Multiprotocol BGP (MBGP), including support for IPv6 addressing
extends IS-IS to support IPv6 addressing
allows IPv6 packets to traverse IPv4-only networks by encapsulating the IPv6 packet into a standard IPv4 packet;
supports manually configured, 6to4, and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnels; is an
important element for the transition from IPv4 to IPv6
allows custom filters for increased performance and security; supports ACLs, IP prefix, AS paths, community lists, and
aggregate policies
utilizes the BGP-4 (RFC 4271) ex
systems
• Intrusion prevention system (IPS) and high encryption (HE)
• Access control list (ACL)
With Comware v7, deploy router-based IPS to help prevent attacks at the perimeter, and high encryption for enhanced
traffic security
supports powerful ACLs for both IPv4 and IPv6; ACLs are used for filtering traffic to prevent unauthorized users from
accessing the network, or for controlling network traffic to save resources; rules can either deny or permit traffic to be
forwarded; rules can be based on a Layer 2 header or a Layer 3 protocol header; rules can be set to operate on specific
Page
QuickSpecs
HPE FlexNetwork MSR95x Router Series
Overview
5
•Terminal Access Controller Access-Control System (TACACS+)
network; compared to traditional VPN technologies, the DVPN technology is more flexible and has richer features, such as
Convergence
Integration
delivers an authentication tool using TCP with encryption of the full authentication request, providing additional security
• Remote Authentication Dial-in user Service (RADIUS) login
eases security access administration by using a password authentication server
• NAT enablement
facilitates one-to-one NAT, many-to-many NAT, and NAT control—enabling NAT-PT to support multiple connections;
supports blacklisting in the NAT/NAT-PT; and enables a limit on the number of connections, session logs, and multiple
instances
• SSHv2
uses external servers to securely log in to a remote device or MSRs from a remote location; protects against IP spoofing
and plain-text password interception, with authentication and encryption; and increases the security of SFTP transfers
• Unicast Reverse Path Forwarding (URPF)
allows normal packets to be forwarded correctly, but discards the attaching packets due to lack of a reverse path route or
an incorrect inbound interface; and helps prevents source spoofing and distributed attacks
• IPSec VPN
supports DES, 3DES, and AES 128/192/256 encryption as well as MD5 and SHA-1 authentication
• DVPN
collects, maintains, and distributes dynamic public addresses through the VPN Address Management (VAM) protocol,
making the VPN establishment available between enterprise branches that use dynamic addresses to access the public
NAT traversal of DVPN packets, AAA identity authentication, IPSec protection of data packets, and multiple VPN domains
• Internet Group Management Protocol (IGMP)
• Protocol Independent Multicast (PIM)
• Multicast Source Discovery Protocol (MSDP)
• Multicast Border Gateway Protocol (MBGP)
• Internet Group Management Protocol (IGMP) snooping and proxy
• Multicast VPN and bidirectional protocol-independent multicasting (PIM)
utilizes Any-Source Multicast (ASM) or Source-Specific Multicast (SSM) to manage IPv4 multicast networks; supports
IGMPv1, v2, and v3
defines modes of Internet IPv4 and IPv6 multicasting to allow one-to-many and many-to-many transmission of
information; supports PIM Dense Mode (DM), Sparse Mode (SM), and Source-Specific Multicast(SSM)
allows multiple PIM-SM domains to interoperate; is used for inter-domain multicast applications
allows multicast traffic to be forwarded across BGP networks and kept separate from unicast traffic
− Monitors and observes IGMP network traffic, allowing the network device to listen in on the IGMP conversation
between hosts and routers—enabling better IP multicast stream control
− Allows a multicast router to learn multicast group membership information; and enables it to forward multicast
packets
− Allows rich multicast services such as video conferencing and data sharing amongst enterprise VPN-based
deployments
− Improves scalability of various applications through the use of bidirectional PIM
• Embedded NetStream
• Embedded VPN firewall
improves traffic distribution using powerful scheduling algorithms, including Layer 4 to 7 services; monitors the health
status of servers and firewalls
− provides enhanced stateful packet inspection and filtering
− delivers advanced VPN services with Triple DES (3DES) and Advanced Encryption Standard (AES) encryption at
high performance and low latency
− offers Web content filtering and application prioritization and enhancement
Page
QuickSpecs
HPE FlexNetwork MSR95x Router Series
Overview
6
Additional information
Warranty and support
; for details on the software releases
• Green initiative support
provides support for RoHS and WEEE regulations
• OPEX savings
simplifies and streamlines deployment, management, and training through the use of a common operating system,
thereby cutting costs as well as reducing the risk of human errors associated with having to manage multiple operating
systems across different platforms and network layers
• Faster time to market
allows new and custom features to be brought rapidly to market through engineering efficiencies, delivering better initial
and ongoing stability
•1-year Warranty 2.0
See http://www.hpe.com/networking/warrantysummary
product purchase.
• Software releases
to find software for your product, refer to http://www.hpe.com/networking/support
available with your product purchase, refer to http://www.hpe.com/networking/warrantysummary
for warranty and support information included with your
Page
QuickSpecs
HPE FlexNetwork MSR95x Router Series
Configuration
7
Build To Order:
BTO is a standalone unit with no integration. BTO products ship standalone are not part of a CTO or Rack-Shippable solution.