Category     

Series 3 FW v6.0 and newer: NEMO/DMNR Configuration

« Go Back

Information

 
Content

Series 3 FW v6.0 and newer: NEMO Configuration

Products Supported: AER31x0, AER21x0, AER16x0, IBR11x0, IBR6x0, and MBR1400v2. Click here to identify your router.

Extended Enterprise License (EEL) will also be required to use NEMO, click here for additional information.

Firmware Version: 6.1.0 - for information on upgrading firmware, click here.


Quick Links

Summary

Network Topology

Hub Configuration

Spoke Configuration

Related Articles


Summary

Verizon Wireless Dynamic Mobile Network Routing is a network-based, application-agnostic, mobile technology capable of providing dynamic routing and support for mobile or stationary enterprise routers in primary wireless access or automatic wireless backup configurations. It enables integration between cellular wireless and wireline enterprise services by making use of the Mobile IPv4 NEtwork MObility (NEMO) protocol and without the need for end to end overlay tunneling.

This configuration guide shows an example setup of Cradlepoint NEMO with Verizon Wireless Dynamic Mobile Network Routing service for the purposes of providing communications over Verizon Wireless LTE Access and Mobile Private Networks between an enterprise branch office (Spoke) and a data center (Hub) connected to the Verizon Private IP MPLS/VPN network. This document will provide a complete Cradlepoint solution configuration for both the Hub and Spoke locations utilizing an AER3100 as a Hub and an IBR600 as the Spoke device.


Network Topology

User-added image

Hub Configuration

Difficulty: Advance

The Hub configuration will consist of running BGP over GRE over IPSec and opening up our Zone Firewall for bi-direction communication, this document will just provide an example configuration and not go into anything specific regarding BGP, GRE over IPSec, or Zone Firewall. For additional information regarding BGP please click here, for GRE over IPSec please click here, and for Zone Firewall please click here

Note: To establish a GRE over IPSec tunnel to VZW, they'll need to provision their end to accept the IP address you'll be establishing the tunnel from. They'll also provide specific information regarding GRE IP addresses, IPSec Encyption/Hash, BGP ASN, etc.

GRE Configuration

There will be 2 GRE tunnels created to VZW for redundancy.
Note: Any page of the setup that is not shown in the configuration example below is left at it's default values.

User-added image
User-added image
User-added image
 

IPSec Configuration

2 Transport IPSec tunnels will be created as well, note the second one will be exactly like the first except for point to a different Remote Gateway provided by VZW.

User-added image
User-added image
User-added image
User-added image
User-added image

Status

At this point we should be able to check the status screen for our IPSec tunnels to make sure they're getting established with VZW.

User-added image

BGP Configuration

Only move onto this step if the IPSec tunnels show mature, since will need to tunnels up in order for BGP to communicate.

User-added image
User-added image
User-added image
User-added image
User-added image

Status

Now that we have BGP up and running, we should be receiving some routes from VZW. At this point I'm receiving routes for our two Private Network address space for our Cradlepoint (Spoke) devices of 192.168.100.0/24 and 172.21.10.0/24.

Note: Currently we don't have NEMO running on any of our Spoke devices and won't see the routes behind the Cradlepoint router until NEMO is configured, which will go over in the next section.

User-added image

Zone Firewall

User-added image
User-added image


Spoke NEMO Configuration

Difficulty: Easy

Network Mobility (NEMO) is an Internet standards track protocol defined in RFC 5177. The protocol allows session continuity for every node in a mobile network as the network moves.

NEMO requires a service provider, e.g. Verizon Wireless Private Network with DMNR (Dynamic Mobile Network Routing). Your NEMO service provider will define many of the settings for your NEMO configuration.

Once you have a NEMO service provider and a valid feature license, add networks to the Networks Routed by NEMO section by first clicking Add. In the popup window, input:

  • Network Address
  • Netmask

The Network Address and Netmask, or subnet mask, together define a range of IP addresses that comprise the local network you want associated with the NEMO settings.

Note: NEMO is sourced based routing, anything that is sourced within the specified network address range entered in here will traverse NEMO towards the headend router.

User-added image

Network Mobility (NEMO) Settings

Home IP Address and Home Netmask – These may be provided by your NEMO service provider. The IP address is a placeholder, “dummy” address; any IP address can be used (1.2.3.4 is common).

Home Agent IP Address, Home Agent Password (VzWNeMo), and Home Agent SPI – Your home agent will be defined by your NEMO service provider.

Renew Registration – The NEMO network regularly re-registers with the home agent (e.g., every 30 seconds). Specify the number of seconds between each check-in.

MTU – Override the maximum transmission unit (MTU) of the NEMO tunnel. The TCP MSS (maximum segment size) is automatically derived from the MTU. Leave blank to rely on Path MTU Discovery.

Status

Spoke router should create a GRE tunnel automatically as soon as the NEMO configuration settings are saved. On the Hub side, we should now see the new routes advertised to us via BGP from VZW and be able to have bi-directional communication.

User-added image
User-added image

Ping Test

Ping from my IBR600 (Spoke) to my AER3100 (Hub) device, note that I'm using -I to source it from my LAN interface to traverse the NEMO tunnel.

User-added image

Ping from the other direction, going from my AER3100 (Hub) to my IBR600 (Spoke) device.

User-added image

Related Articles/Links


Published Date: 7/22/2016


 
Knowledge Home | Product