HP ProCurve Secure Router 7000dl Series

HP Updated: 2009-02-23 RSS
HP ProCurve Secure Router 7000dl Series

ProCurve Lifetime Warranty The HP ProCurve Secure Router 7000dl Series provides an affordable and scalable platform for small and medium businesses as well as medium and large enterprise organizations to connect branch offices to their headquarter locations. The Secure Router 7000dl Series offers a variety of WAN interface modules and supports wire-speed routing performance with integrated security and convergence capabilities to secure branch office connections edge to edge while simplifying the deployment, management, and support of routers.

For as long as you own the product, with next-business-day advance replacement (available in most countries). The following hardware products and their related series modules have a one-year hardware warranty with extensions available: HP ProCurve Routing Switch 9300m series, HP ProCurve Switch 8100fl series, HP ProCurve Network Access Controller 800, and HP ProCurve DCM Controller. The following hardware mobility products have a one-year hardware warranty with extensions available: HP ProCurve M111 Client Bridge, HP ProCurve MSM3xx-R Access Points, HP ProCurve MSM7xx Mobility and Access Controllers, HP ProCurve RF Manager IDS/IPS Systems, HP ProCurve MSM Power Supplies, HP ProCurve 1 Port Power Injector, and HP ProCurve CNMS Appliances. Disk drives in the HP ProCurve ONE Services zl modules have a five year hardware warranty. Standalone software, upgrades, or licenses may have a different warranty duration.

Resiliency and high availability
* Equal-cost multi-path (ECMP) for BGP, OSPF, and static routes: provides the ability to load-balance traffic across multiple WAN connections
* Multilink capability: MLFR and MLPPP enable multiple T1/E1 ports to be aggregated and dynamically load-balanced across Frame Relay or PPP links
* Multi-homing BGP support: supports redundant WAN connections to multiple service providers using BGP routing protocol
* Network monitor: Provides performance testing and Layer 3 network connectivity monitoring for integrated IP interfaces and externally connected ADSL/cable modems; can be used to initiate a demand routing backup connection based on the status of IP links
* Optional redundant power supply: provides uninterrupted power (provided by HP ProCurve 600 RPS/EPS)

Layer 2 switching
* VLAN support and tagging: support complete IEEE 802.1Q (4,096 VLAN IDs)

Layer 3 services
* IP multicast: supports PIM SM, IGMPv2, and multicast stub routing
* PIM Sparse mode: routes IP multicast traffic using PIM Sparse mode (PIM-SM)
* DHCP support: acts as a DHCP server, relay, or client
* SNTP Client/Server:
o SNTP client: obtains time settings from NTP server using SNTP
o SNTP server: device will respond to SNTP client requests for time settings

Layer 3 routing
* IP routing protocols: supports static routes, RIP, RIPv2, OSPF, and BGP4
* Policy-based routing: allows users to route based upon both source and destination address
* Route redistribution: redistributes routes between BGP, OSPF, RIP, and static routes
* Concurrent bridging and routing: simultaneously bridge non-IP traffic and route IP traffic on the same interface
* VLAN-aware bridging: ability to preserve IEEE 802.1Q tag across Frame Relay, PPP, and HDLC WAN circuits

Supported WAN standards
* WAN protocols: provides support for PPP, Frame Relay, IPSec, HDLC, DDR, MLPPP, MLFR, PPPoA, and PPPoE
* Dial-on-Demand Routing (DDR): ISDN or analog modem links activate when interesting traffic needs to be routed, helping to avoid costs associated with toll charges
* Channelized T1/E1 support: enables connections of up to 24 or 30 locations at 64 kbps, terminating on a single T1 or E1 WAN port on the 8xT1/E1 module

Security
* Stateful firewall: includes an integrated stateful firewall and a Cyber Attack Defense Engine that stops common attacks to help ensure continuous availability of critical Internet-dependent applications; the firewall also supports NAT and port-forwarding operations
* Access control lists (ACLs): provide IP Layer 3 filtering based on source/destination IP address/subnet and source/destination TCP/UDP port number
* Time-based ACLs: can be used to restrict network services (i.e., Internet access) based on time of day or day of the week
* IPSec VPN: optional IPSec VPN module enables site-to-site and client sessions; tunneling protocols include IPSec and GRE; encryption methods include 3DES-CBC, DES-CBC, AES-CBC, 128-bit, 192-bit, and 256-bit; hash algorithms supported are SHA-1, MD5, and manual IPSec policies; supports the ability to route traffic between tunnels (hub and spoke VPNs)
* HTTP content filtering: HTTP filtering can be applied to incoming or outgoing sessions on any IP interface to provide a proactive defense against Web-based threats; also, uses the WiSP protocol to communicate with Websense Enterprise server for enhanced content-filtering services
* Policy-based routing: allows the enforcement of packet policies and resource allocation down to individual end systems and end users
* Network address translation (NAT) support: provides 1:1 or 1:many NAT port translation
* Management security: utilizes SSHv2, secure copy, and SSL to encrypt all HTTP traffic, allowing secure access to the browser-based management GUI in the router; supports AAA systems, including authentication methods that utilize RADIUS servers or a local user database for operator and privileged mode passwords
* Global password encryption: provides a global command to allow encryption of all user passwords
* RADIUS authentication: user authentication is performed via RADIUS to prevent unauthorized management access
* TACACS+ AAA support: offers full authentication, authorization, and accounting (AAA) with TACACS+
* IEEE 802.1X supplicant: supports IEEE 802.1X supplicant mode, where the router transmits and receives EAP requests from the authenticator to support IEEE 802.1X-enabled environments and prevent rogue networking equipment deployments

Convergence
* VoIP support: supports H.323 and SIP ALGs through a firewall

Quality of Service (QoS)
* Layer 2/3/4 QoS mechanisms: IEEE 802.1p marking, precedence, and DiffServ priority tagging based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, and source port
* QoS maps on Ethernet interfaces: map IEEE 802.1p marking to Layer 3 QoS tag based on ACL settings
* Scheduling mechanisms: supports Weighted Fair Queuing (WFQ), FIFO, Low Latency Queuing (LLQ), and Priority Queuing (PQ)
* Class-Based Weighted Fair Queuing (CBWFQ): allows allocation of bandwidth to a particular class of traffic based on a percentage of total available bandwidth or maximum kbps throughput
* Traffic shaping and QoS support for Ethernet ports: allow the ability to apply WFQ, LLQ, and CBWFQ mechanisms to Ethernet ports based on DiffServ Code Point settings
* Policy and shaping: support Frame Relay Traffic Shaping (FRTS) and Frame Relay Fragmentation (FRF.12) to help reduce insertion delay across low-speed WAN links

Ease of use
* ProCurve AutoSynch capability: automatic synchronization of the internal flash and compact flash memory to help ensure that the most recent configuration and image files are stored in both locations to facilitate remote deployment, manageability, and maintenance
* ProCurve SafeMode capability: allows easy recovery of configuration mishaps when modifying active configurations remotely
* Industry-standard CLI: utilizes a familiar command-line interface (CLI) to reduce training and certification costs
* Link Layer Discovery Protocol (LLDP): supported by HP ProCurve Manager to enable real-time mapping of Ethernet nodes connected to the router ports
* Compact flash port: facilitates remote site installation by allowing the system image and configuration file to boot from externally accessible compact flash (CF) drive; can be configured to support ProCurve AutoSynch technology to simultaneously update external CF and onboard flash with the system image and configuration file, helping to limit downtime and switchover in the event of failure
* Dual flash images: provides independent primary and secondary OS files for backup while upgrading
* Firewall and VPN wizards: the GUI provides a simplified format for configuring firewall policies and access control lists (ACLs), as well as setting up VPN tunnels; novice and expert users will find the GUI to be intuitive and easy to use
* Central management: supports SNMPv2/v3; can be centrally managed to archive and update configuration and software image files, and secures SNMP management through addition of authentication and encryption