100Gbps Enterprise Router Powered by Marvell OCTEON 10 CN103
Price range: $4,278.00 through $6,328.00
- 8 x 2.5GHz ARM64 Neoverse N2 cores based on Marvell OCTEON 10 CN103
- 2 x 100GE QSFP28, 2 x 10GE SFP+, optional 2 x 2.5GE RJ45
- 16GB pluggable DDR5 SO-DIMM, expandable up to 48GB
- True inline crypto engine with 80Gbps encryption/decryption capacity
- 100Gbps intelligent data processing for routing, firewall, IPSec, and SSL/TLS
- Optional M.2 NVMe SSD up to 4TB
- Optional PTP/SyncE module with 20ns accuracy and BC support
- Optional AI inference engine with 160TOPS INT8 inference performance
- <100W power consumption with full configuration and workload
Enterprise router, firewall, and VPN — in one box
AsterNOS-VPP is a SONiC-based OS with a VPP hardware-accelerated data plane. Full 100 Gbps routing, stateful firewall, and hardware IPSec — production-ready from day one. No separate appliances, no separate licenses.
The routing stack covers everything from a straightforward static default route to a full BGP peering session with route policy, prefix filtering, and graceful restart. VRF support means you can segment traffic from multiple tenants or uplinks on the same physical box without cross-contamination — each VRF has its own routing table, ARP table, and forwarding state.
For multi-site deployments, VXLAN with EVPN gives you L2 extension and L3 VPN across data centers over a standard IP underlay. ECMP distributes load across multiple uplinks automatically. BFD keeps link failure detection sub-second so BGP reconverges fast.
Stateful inspection and ACLs, processed in hardware at 80 Gbps
The firewall runs as a VPP plugin, meaning every packet that hits a security policy goes through the CN103’s programmable packet pipeline — not through a general-purpose CPU. Stateful inspection tracks connection state for TCP, UDP, and ICMP. Zone-based policy lets you define trusted and untrusted segments and control what traffic crosses the boundary.
For traffic filtering, ACLs operate on 5-tuple match at line rate with no measurable throughput penalty. GeoIP filtering lets you drop or flag traffic by country of origin — useful for complying with geographic access policies or blocking known bad-actor regions without a separate DPI appliance. Deep packet inspection (SPI) is included in the Commercial Plus edition.
IPSec and WireGuard — hardware-encrypted at 80 Gbps, inline
The CN103 has a dedicated inline crypto engine. “Inline” means packets are encrypted or decrypted as they pass through the forwarding pipeline — there is no hairpin to a crypto coprocessor, no extra latency, and no CPU involvement. The full 80 Gbps encryption throughput is sustained even under maximum packet rates.
IPSec covers IKEv1/IKEv2 for interoperability with all major vendor equipment — Cisco, Juniper, Palo Alto, or any standards-compliant peer. WireGuard is supported for modern site-to-site and remote-access scenarios where simplicity and low-overhead key management matter. L2TPv3 and GRE are available for legacy tunnel compatibility.
| Memory | 16GB, 32GB, 48GB |
|---|---|
| NVME SSD Module | 0T |
| 5G/LTE Module | None, 5G/LTE (Global) |
| AI Module | None, Included |
| Software | Commercial Plus Edition — ARM ET3600($1799) |
Reviews
There are no reviews yet.