Transcription

GuideVerizon Wireless Dynamic MobileNetwork Routing LTE - CiscoIntegrated Services Router (ISR)and Connected Grid RouterMobile Router Configuration Guide forPrimary Verizon Wireless AccessRevision 3.9June 2017 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 1 of 14

IntroductionVerizon Wireless Dynamic Mobile Network Routing is a network-based Mobile IP technology capable of providingdynamic routing and support for mobile or stationary enterprise routers in primary wireless access or automaticwireless backup configurations. It enables integration between wireless and wireline enterprise services (4GWireless WAN) by making use of the Mobile IPv4 NEtwork MObility (NeMo) protocol and without the need for endto end overlay tunneling.Dynamic Mobile Network Routing (DMNR) is part of the Verizon Wireless Mobile Private Network. DMNR iscompatible with the Cisco IOS Mobile IP Mobile Networks feature. Please note that not all Cisco-specific featuresare supported by the DMNR service. DMNR makes use of the Collocated-Care-of-Address (CCOA) option andsupports IP subnet registration, routing and forwarding. DMNR does not support any other Cisco Mobile IP MobileNetworks features such as "mobile networks multi-path" or "mobile networks multicast".This configuration guide shows an example of using the Cisco Mobile IP Mobile Networks feature with VerizonWireless Dynamic Mobile Network Routing service to provide primary communications over Verizon Wireless LongTerm Evolution/evolved high-rate packet data (LTE/eHRPD) access and Mobile Private Networks (MPNs) betweenan enterprise branch office and a data center connected to the Verizon Wireless Private IP Multiprotocol LabelSwitching (MPLS)/VPN network.There are three example configurations, for ISR G2 LTE eHWIC, ISR 4K LTE NIM, and 819. GRWIC and 899configurations are similar to eHIWC and 819 respectively.Notes1.Supported platforms include Cisco Integrated Services Routers Generation 2 (ISR G2) and CGR routers withintegrated 4G LTE cards (V or VZ SKUs, 1900, 2900, 3900, and CGR2010 Series with LTE GRWIC), Cisco819 and 899 ISRs with embedded LTE, Cisco ISR 4Ks (4321, 4331, 4351, 4431, 4451) with LTE NIM.2.The minimum Cisco IOS software release depends on the LTE modem firmware level (seen via IOS command“show cell 0/x/0 hardware” for LTE /NIM/ eHWIC/CGM/GRWIC, “show cell 0 hardware” for 819/899/809/829).ISR LTE .5.58.01RecommendedIOS ReleaseXE 16.3.3XE 3.16.5 or 16.3.315.5.3M5 or 15.6.3.M215.5.3M5 or 15.6.3.M215.6.3.M215.5.3M5 or 5.5.3M5 or 15.6.3.M215.5.3M5 or 15.6.3.M215.6.3.M215.5.3M5 or 15.6.3.M215.5.3M5 or 15.6.3.M215.5.3M5 or 15.6.3.M215.5.3M5 or 15.6.3.M215.5.3M5 or 15.6.3.M2 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 2 of 14

3.ISR 1900, 2900, 3900 and 4000 series require an IOS Software data license for MPN/DMNR (NeMo support).This is included by default with 800 series. The data license is acquired by ordering the AppX license. A 60day temporary data license can be immediately generated using an IOS configuration mode command(requires an IOS reload to take effect). Below are examples for ISR G2 and 4K series.license boot module c1900 technology-package datak9. The keyword following "module" varies based onISR model c1900, c2900, c3900. For ISR 4000 series, the configuration mode command is as follows:license boot level appxk9 the command is the same for all ISR 4K models.4.To connect a Network Mobility (NEMO) session to the Verizon Wireless Enterprise GateWay (EXGW), theenterprise MPN must be provisioned for 4G, and the subscriber mobile line (subscriber identity module [SIM])used by the mobile router enhanced high-speed WAN interface card (eHWIC, NIM or GRWIC or embedded inan 819 or 899) must have NEMO permission provisioned by Verizon Wireless.The enterprise Access Point Name (APN) must be correctly provisioned in the Verizon Wireless network inorder to make a successful private network connection. In addition, the APN must be appropriately set on themodem for LTE and eHRPD profiles, either automatically through Over-The-Air Device Management (OTADM) or locally on the ISR. If OTA-DM does not update the APN, it can be set manually on the ISR. Themethod of manually setting the APN is via a single enable-mode IOS command. An example is shown below:cellular 0/0/0 lte profile create 3 ne01.VZWSTATIC(Note that the Data APN is profile 3). The middle “0” can be 0, 1, 2 or 3 depending on which ISR slot the LTEmodule is installed. For 819 and 899, use “cellular 0”. The value “ne01.VZWSTATIC” is a sample APN. Theappropriate APN must be provided by Verizon Wireless.5.To connect a NEMO session to the EXGW, the mobile router must be configured with the correct SecurityParameter Index (SPI) and key. For DMNR, the correct values are provided in this guide.6.To connect a NEMO session to the EXGW, the mobile router must be configured with the correct IP address ofthe NEMO High Availability (NEMO-HA) service. The address depends on the location of the EXGW. For theappropriate address, please contact your Verizon representative.7.At least one ISR interface must be registered by the mobile router when the NEMO call is made to the EXGW.The interface must be in UP/UP state (loopback interface is recommended).8.Directly connected and non-connected mobile network prefixes may be configured for registration by themobile router. The mobile networks are registered by specifying the connected interface name or by using the“non-connected-network” command. If non-connected subnets are required, please refer to the guide “DMNRwith Secondary IP and Nonconnected Subnets” available here: -and-configuration-guides-list.html9.It is not recommended to configure secondary IP addresses on the interfaces that are registered by the mobilerouter unless it is intended by design. In Cisco IOS Software a secondary IP address is listed first under theinterface configuration, and its subnet will be the only one that is inserted into the NEMO prefix list from thatinterface. If secondary IP addresses are required, please refer to configuration guide “DMNR with SecondaryIP and Nonconnected Subnets” mentioned above.10. The EXGW will accept up to 8 subnets in the NEMO registration prefix list. Subnets in excess of 8 will besilently ignored. Registering a summary address using “non-connected-network” stated above may assist.11. After a successful NEMO registration, the mobile router will automatically bring up a generic-routingencapsulation (GRE) tunnel interface (Tunnel0) and will install a dynamic Mobile Default route to that interface.12. Ensure that no static routes pointing to interface Cellular 0/x/0 (Cellular 0 for 819 or 899) exist in the mobilerouter configuration. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 3 of 14

13. The dynamic Tunnel0 interface will have the IP maximum transmission unit (MTU) of 1476 bytes. IP packetswhose lengths exceed 1440 bytes will require fragmentation. For TCP traffic the ip tcp adjust-mss commandmay be used as shown in this guide to avoid fragmentation. If the mobile router needs to handle large nonTCP packets that have the Don’t Fragment (DF) bit set, a route-map that clears the DF bit should be applied tothe LAN interface of the mobile router.14. Ensure that the ip virtual-reassembly command is not present on interface Cellular 0/x/0.15. The Verizon Wireless Network will preserve the quality-of-service (QoS) markings (type ofservice/differentiated services code point [ToS/DSCP]) that have been set in the original IP packet header.16. The changes to the subnet (prefix) list registered by the mobile router take effect on EXGW immediately whilethe NEMO session is running. No coordination is needed to advertise new subnets beyond ISR configuration.17. While the Wireless/NEMO session is on periodic ( every 10 min) NEMO re-registration packets ( 200 bytes)will be sent by the router and replies sent by EHA. At all other times the backup connection state will bemaintained but the radio traffic channel will be in a dormant state.18. The administrative distance for routes learned via NEMO (M routes) can be changed from the default value of3. The “distance” command can be configured under the “router mobile” stanza.19. Please refer to the notes in the configuration syntax for an explanation of the commands.Design Requirements and Recommendations1.If an LTE connection cannot be made, the APN value on the LTE eHWIC modem should be checked (ISRcommand show cellular 0/x/0 profile). If it is not the enterprise APN, please refer to planning section above.2.Although this configuration guide should be used first, additional information is available at: www.cisco.com/go/4g under “Configuration and Deployment Guides” LTE eHWIC (ISR G2) hardware overview, SIM installs, antenna connection, and module TEHW.html. LTE eHWIC (ISR G2) Cisco IOS Software configuration monitoring and TESW.html. LTE NIM (ISR 4K) hardware overview, SIM installs, antenna connection, and module ENIM HIG.html LTE NIM (ISR 4K) IOS XE Software configuration IM SW.html The CGR-2010 LTE GRWIC is configured in the same manner as the LTE eHWIC. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 4 of 14

Figure 1 shows the customer design scenario. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 5 of 14

NEMO Router Configuration for ISR G2 EHWIC-4G-LTE-V, EHWIC-4G-LTE-VZ!### command allowing for “LTE test cellular” enable mode commands ###service internal!!### Load appropriate IOS Image ###boot system flash:c800-universalk9-mz.SPA.155-3.M5.bin!ip cef!!### CHAT Script to make a data call, name is case-sensitive ###chat-script LTE "" "AT!CALL1" TIMEOUT 20 "OK"!!### This Loopback and IP are required to setup NEMO. This address is notroutable and is used as a placeholder “dummy” address. It may be the same onall customer routers. Any interface number and any IP can be used. Pleaseuse 1.2.3.4 for consistency if possible. ###!interface Loopback1234description ### NEMO Router Home Address – Dummy non-Routable IP ###ip address 1.2.3.4 255.255.255.255!!### This Subnet will be routed by NEMO ###!interface Loopback255ip address 10.0.255.1 255.255.255.255!!### This subnet is routed by NEMO. TCP MSS 1390 bytes, clear DF bits. ###!interface GigabitEthernet0/0ip address 10.20.59.129 255.255.255.128ip tcp adjust-mss 1390ip policy route-map clear-df!!### This subnet is not routed by NEMO. ###interface GigabitEthernet0/1ip address 10.10.20.233 255.255.255.0!!### Interface Cellular – the LTE and NEMO interface. Receives Pool/WAN IP(dynamic or static) from EXGW. ###interface Cellular0/0/0ip address negotiatedno ip unreachablesip mobile router-service roamip mobile router-service collocated ccoa-onlyencapsulation slipload-interval 30dialer in-banddialer idle-timeout 0dialer enable-timeout 1dialer string LTEdialer watch-group 1async mode interactivepulse-time 0 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 6 of 14

!!### This stanza enables NEMO Routing. Admin distance can be adjusted ###!router mobile!!### This command configures NEMO Authentication with EXGW. Use theappropriate EXGW IP address based on the geographic location (page 3). Notethat SPI and KEY must match to what is set on the EXGW under the NEMOservice. Note that the algorithm must be set to “hmac-md5”. ###!ip mobile secure home-agent 66.174.X.Y spi decimal 256 key ascii VzWNeMoalgorithm hmac-md5!!### This section configures the NEMO Mobile Router parameters and defineswhat router interfaces and their subnets to be included into the NEMOregistration with EXGW. Use the appropriate EXGW IP address as above. ###!ip mobile routeraddress 1.2.3.4 255.255.255.0collocated single-tunnelhome-agent 66.174.X.Ymobile-network Loopback255mobile-network GigabitEthernet0/0register extend expire 10 retry 3 interval 5reverse-tunneltunnel mode gre!no cdp run!!### This route-map clears the DF-bit in packets from VLAN1 interface. ###!route-map clear-df permit 10set ip df 0!!### This section defines wireless call activation triggers and timers. ###!!### The call will be triggered by this statement. The address “5.6.7.8” isa “dummy” route. Any “dummy” value can be used. ###dialer watch-list 1 ip 5.6.7.8 0.0.0.0!### ISR will wait 60 sec. to activate the call after the initial boot. ###dialer watch-list 1 delay route-check initial 60!### The router will wait 1 sec. before activating the call. ###dialer watch-list 1 delay connect 1!line 0/0/0script dialer LTEmodem InOutno exectransport input telnet 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 7 of 14

NEMO Router Configuration for ISR C819G-4G-LTE-V, C819G-4G-VZ, C899G-LTE-VZ!### command allowing for “LTE test cellular” enable mode commands ###service internal!hostname c819-Internet!!### Load appropriate IOS Image ###boot system flash:c800-universalk9-mz.SPA.155-3.M5.bin!ip cef!!### CHAT Script to make a data call, name is case-sensitive ###chat-script LTE "" "AT!CALL1" TIMEOUT 20 "OK"!!### This Loopback and IP are required to setup NEMO. This address is notroutable and is used as a placeholder “dummy” address. It may be the same onall customer routers. Any interface number and any IP can be used. Pleaseuse 1.2.3.4 for consistency if possible. ###!interface Loopback1234description ### NEMO Router Home Address – Dummy non-Routable IP ###ip address 1.2.3.4 255.255.255.255!!### This Subnet will be routed by NEMO ###!interface Loopback255ip address 10.0.255.1 255.255.255.255!!### This subnet is routed by NEMO. TCP MSS 1390 bytes, clear DF bits. ###!interface VLAN1ip address 10.20.59.129 255.255.255.128ip tcp adjust-mss 1390ip policy route-map clear-df!!### This subnet is not routed by NEMO. ###!interface GigabitEthernet0ip address 10.10.20.233 255.255.255.0!!### Interface Cellular – the LTE and NEMO interface. Receives Pool/WAN IP(dynamic or static) from EXGW. ###!interface Cellular0ip address negotiatedno ip unreachablesip mobile router-service roamip mobile router-service collocated ccoa-onlyencapsulation slipload-interval 30dialer in-banddialer idle-timeout 0dialer enable-timeout 1 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 8 of 14

dialer string LTEdialer watch-group 1async mode interactivepulse-time 0!!### This stanza enables NEMO Routing. Admin distance can be adjusted ###!router mobile!!### This command configures NEMO Authentication with EXGW. Use theappropriate EXGW IP address based on the geographic location (page 3). Notethat SPI and KEY must match to what is set on the EXGW under the NEMOservice. Note that the algorithm must be set to “hmac-md5”. ###!ip mobile secure home-agent 66.174.X.Y spi decimal 256 key ascii VzWNeMoalgorithm hmac-md5!!### This section configures the NEMO Mobile Router parameters and defineswhat router interfaces and their subnets to be included into the NEMOregistration with EXGW. Use the appropriate EXGW IP address as above. ###!ip mobile routeraddress 1.2.3.4 255.255.255.0collocated single-tunnelhome-agent 66.174.X.Ymobile-network Loopback255mobile-network VLAN1register extend expire 10 retry 3 interval 5reverse-tunneltunnel mode gre!no cdp run!!### Route-map clears the DF-bit in IP packets from the VLAN1 interface. ###!route-map clear-df permit 10set ip df 0!!### This section defines the 4G call activation triggers and timers. ###!!### The call will be triggered by this statement. The address “5.6.7.8” isa “dummy” route. Any “dummy” value can be used. ###dialer watch-list 1 ip 5.6.7.8 0.0.0.0!### The router will wait for 60 sec. before activating the call after theintitial boot. ###dialer watch-list 1 delay route-check initial 60!### The router will wait 1 sec. before activating the call. ###dialer watch-list 1 delay connect 1!line 3script dialer LTEmodem InOutno exectransport input telnet 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 9 of 14

NEMO Router Configuration for ISR 4K NIM-4G-LTE-VZ!### Chat script and cellular line definitions not needed w/ISR4K ###!### command allowing for “LTE test cellular” enable mode commands ###service internal!hostname C4321-4G!!### IOS XE 3.16 or later ###boot-start-markerboot system bootflash: r!ip dhcp pool 10dot250dot1network 10.250.1.0 255.255.255.0default-router 10.250.1.1dns-server 10.20.45.20domain-name test.verizon.comoption 150 ip 10.20.80.9!username cisco privilege 15 secret 5 xxxxxxxxxxxx!controller Cellular 0/1/0!interface Loopback1234description ### NEMO Router Home Addressip address 1.2.3.4 255.255.255.255!!### This Subnet will be routed by NEMO ###!interface Loopback255ip address 10.0.255.1 255.255.255.255!!### This subnet is routed by NEMO. TCP MSS 1390 bytes, clear DF bits. ###!interface GigabitEthernet0/0/0ip address 10.250.1.1 255.255.255.0ip tcp adjust-mss 1390ip policy route-map clear-df!interface GigabitEthernet0/0/1ip address 10.0.3.1 255.255.255.0ip tcp adjust-mss 1390!!### Interface Cellular – the LTE and NEMO interface. Receives Pool/WAN IP(dynamic or static) from EXGW. ###!interface Cellular0/1/0ip address negotiatedip mobile router-service roamip mobile router-service collocated ccoa-onlydialer in-banddialer idle-timeout 0dialer enable-timeout 1 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 10 of 14

dialer watch-group 1pulse-time 0!interface GigabitEthernet0vrf forwarding Mgmt-intfip address 10.0.0.2 255.255.255.254negotiation auto!!### This stanza enables NEMO Routing. Admin distance can be adjusted ###router mobile!!### This command configures NEMO Authentication with EXGW. Use theappropriate EXGW IP address based on the geographic location (page 3). Notethat SPI and KEY must match to what is set on the EXGW under the NEMOservice. Note that the algorithm must be set to “hmac-md5”. ###!ip mobile secure home-agent 66.174.X.Y spi decimal 256 key ascii VzWNeMoalgorithm hmac-md5!!### This section configures the NEMO Mobile Router parameters and defineswhat router interfaces and their subnets to be included into the NEMOregistration with EXGW. Use the appropriate EXGW IP address as above. ###!ip mobile routeraddress 1.2.3.4 255.255.255.0collocated single-tunnelhome-agent 66.174.X.Ymobile-network Loopback255mobile-network GigabitEthernet0/0/1mobile-network GigabitEthernet0/0/0register extend expire 10 retry 3 interval 5reverse-tunneltunnel mode gre!!### Route-map clears the DF-bit in IP packets from the VLAN1 interface. ###!route-map clear-df permit 10set ip df 0!!### This section defines the 4G call activation triggers and timers. ###!!### The call will be triggered by this statement. The address “5.6.7.8” isa “dummy” route. Any “dummy” value can be used. ###dialer watch-list 1 ip 5.6.7.8 0.0.0.0!### The router will wait for 60 sec. before activating the call after theintitial boot. ###dialer watch-list 1 delay route-check initial 60!### The router will wait 1 sec. before activating the call. ###dialer watch-list 1 delay connect 1!End 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 11 of 14

Operation and Show CommandsNEMO Call Comes Up 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 12 of 14

2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.Page 13 of 14

Sample command output: ISR 4K “show ip mobile router” (output will vary from configuration example):C4321-4G#show ip mobile routerMobile RouterEnabled 07/30/15 18:14:15Last redundancy state transition NEVERConfiguration:Home Address 1.2.3.4 Mask 255.255.255.0Home Agent 66.174.251.2 Priority 100 (best) (current)66.174.192.225 Priority 100Registration lifetime 65534 secRetransmit Init 1000, Max 5000 msec, Limit 3Extend Expire 10, Retry 3, Interval 5Reverse tunnel requiredRequest GRE tunnelMulti-path denied by HA, Requested metric: bandwidthMobile Networks: GigabitEthernet0/0/1 (Down)GigabitEthernet0/0/0 (10.250.1.0/255.255.255.0)non connected subnet (192.168.222.0/255.255.255.0)Monitor:Status -RegisteredUsing collocated care-of address 10.14.12.11On interface Cellular0/1/0Tunnel0 mode GRE/IPC4321-4G#David MindelPrinted in USA 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco/Verizon Public Information.C07-720264-0001/13Page 14 of 14

an enterprise branch office and a data center connected to the Verizon Wireless Private IP Multiprotocol Label Switching (MPLS)/VPN network. There are three example configurations, for ISR G2 LTE eHWIC, ISR 4K LTE NIM, and 819. GRWIC and 899 configura