NCOS: NEMO Configuration
Products Supported: AER31x0, AER21x0, AER16x0, IBR11x0, IBR9x0, IBR6x0, and MBR1400v2. Click here to identify your router.
Extended Enterprise License (EEL) will also be required to use NEMO, click here for additional information.
NCOS Version: 6.1.0 - for information on upgrading NCOS Versions, click here.
Verizon Wireless Dynamic Mobile Network Routing is a network-based, application-agnostic, mobile technology capable of providing dynamic routing and support for mobile or stationary enterprise routers in primary wireless access or automatic wireless backup configurations. It enables integration between cellular wireless and wireline enterprise services by making use of the Mobile IPv4 NEtwork MObility (NEMO) protocol and without the need for end to end overlay tunneling.
This configuration guide shows an example setup of Cradlepoint NEMO with Verizon Wireless Dynamic Mobile Network Routing service for the purposes of providing communications over Verizon Wireless LTE Access and Mobile Private Networks between an enterprise branch office (Spoke) and a data center (Hub) connected to the Verizon Private IP MPLS/VPN network. This document will provide a complete Cradlepoint solution configuration for both the Hub and Spoke locations utilizing an AER3100 as a Hub and an IBR600 as the Spoke device.
The Hub configuration will consist of running BGP over GRE over IPSec and opening up our Zone Firewall for bi-direction communication, this document will just provide an example configuration and not go into anything specific regarding BGP, GRE over IPSec, or Zone Firewall. For additional information regarding BGP please click here, for GRE over IPSec please click here, and for Zone Firewall please click here
Note: To establish a GRE over IPSec tunnel to VZW, they'll need to provision their end to accept the IP address you'll be establishing the tunnel from. They'll also provide specific information regarding GRE IP addresses, IPSec Encyption/Hash, BGP ASN, etc.
There will be 2 GRE tunnels created to VZW for redundancy.
Note: Any page of the setup that is not shown in the configuration example below is left at it's default values.
2 Transport IPSec tunnels will be created as well, note the second one will be exactly like the first except for point to a different Remote Gateway provided by VZW.
At this point we should be able to check the status screen for our IPSec tunnels to make sure they're getting established with VZW.
Only move onto this step if the IPSec tunnels show mature, since will need to tunnels up in order for BGP to communicate.
Now that we have BGP up and running, we should be receiving some routes from VZW. At this point I'm receiving routes for our two Private Network address space for our Cradlepoint (Spoke) devices of 192.168.100.0/24 and 172.21.10.0/24.
Note: Currently we don't have NEMO running on any of our Spoke devices and won't see the routes behind the Cradlepoint router until NEMO is configured, which will go over in the next section.
Spoke NEMO Configuration
Network Mobility (NEMO) is an Internet standards track protocol defined in RFC 5177. The protocol allows session continuity for every node in a mobile network as the network moves.
NEMO requires a service provider, e.g. Verizon Wireless Private Network with DMNR (Dynamic Mobile Network Routing). Your NEMO service provider will define many of the settings for your NEMO configuration.
Once you have a NEMO service provider and a valid feature license, add networks to the Networks Routed by NEMO section by first clicking Add. In the popup window, input:
The Network Address and Netmask, or subnet mask, together define a range of IP addresses that comprise the local network you want associated with the NEMO settings.
Note: NEMO is sourced based routing, anything that is sourced within the specified network address range entered in here will traverse NEMO towards the headend router.
Network Mobility (NEMO) Settings
Home IP Address and Home Netmask – These may be provided by your NEMO service provider. The IP address is a placeholder, “dummy” address; any IP address can be used (22.214.171.124 is common).
Home Agent IP Address, Home Agent Password (VzWNeMo), and Home Agent SPI – Your home agent will be defined by your NEMO service provider.
Renew Registration – The NEMO network regularly re-registers with the home agent (e.g., every 30 seconds). Specify the number of seconds between each check-in.
MTU – Override the maximum transmission unit (MTU) of the NEMO tunnel. The TCP MSS (maximum segment size) is automatically derived from the MTU. Leave blank to rely on Path MTU Discovery.
Spoke router should create a GRE tunnel automatically as soon as the NEMO configuration settings are saved. On the Hub side, we should now see the new routes advertised to us via BGP from VZW and be able to have bi-directional communication.
Ping from my IBR600 (Spoke) to my AER3100 (Hub) device, note that I'm using -I to source it from my LAN interface to traverse the NEMO tunnel.
Ping from the other direction, going from my AER3100 (Hub) to my IBR600 (Spoke) device.
Published Date: 07/14/2017