20-NEMO Configuration Guide

HomeSupportResource CenterConfigure & DeployConfiguration GuidesH3C MSR810[830][2600][3600] Routers Configuration Guides(V7)-R6728-6W10020-NEMO Configuration Guide
Table of Contents
Related Documents
01-NEMO configuration
Title Size Download
01-NEMO configuration 174.97 KB

Configuring NEMO

About NEMO

Network mobility (NEMO) is an extension of the mobile IP protocol. NEMO enables a node to retain the same IP address and maintain application connectivity when the node travels across networks. If the node is a mobile router, networks attached to the node can move with the node. All nodes on the moving networks can access the Internet without changing their IP addresses. NEMO implements location-independent routing of IP datagrams on the Internet.

Basic concepts

NEMO has the following concepts:

·     Mobile node—A mobile node (MN) is a mobile host or a router capable of reporting its current visiting network to the home agent.

·     Home address—A home address is an IP address that is allocated to a mobile node. The mobile node uses this IP address for all communications.

·     Home network—A home network is the network where the home address of a mobile node resides. The network is attached to a home agent.

·     Home agent—A home agent (HA) is a host or a router attached to the home network of a mobile node. The home agent saves the current location of the mobile node and forwards traffic to the mobile node.

·     Care-of address—A care-of address (CoA) identifies the location of a mobile node when the node is away from its home network. This CoA address is the local endpoint of the mobile IP tunnel to the home agent.

·     Collocated care-of address—A collocated care-of address (CCoA) is a care-of address that a mobile node obtains through manual configuration or DHCP.

·     Mobile router—A mobile router (MR) is a mobile node that provides connectivity for its mobile networks.

Mobile router operation

The mobile router operates as follows:

1.     Sends a registration request to the home agent.

2.     Receives a registration reply and performs the following operations:

¡     Creates a mobile IP tunnel automatically.

¡     Adds a default route destined for the home agent.

The default route uses the tunnel interface as the output interface.

If the router does not receive any replies within the registration lifetime requested, it performs the following operations:

¡     Removes the registration information.

¡     Sends registration requests until a reply is received.

NEMO application scenarios

NEMO provides the following applications for connecting the mobile network to the home network:

·     3G or 4G wireless access.

·     Wired access with the 3G or 4G link as the backup link.

Connecting the mobile network to the home network through the 3G or 4G link

As shown in Figure 1, a tunnel is established between the home agent and the 3G or 4G modem interfaces of the mobile router. The mobile router and nodes on the mobile network can use the tunnel to access the home network.

When the mobile network roams, only the IP address of the 3G or 4G modem interface of the mobile router changes.

The mobile router sends a registration request to the home agent and re-establishes a tunnel with the home agent. Hosts attaching to the mobile router are unaware of the IP address change. Services are not interrupted.

Figure 1 Connecting the mobile network and the home network through the 3G or 4G link

 

Connecting the mobile network to the home network through the wired link

As shown in Figure 2, the 3G or 4G wireless link is the backup link for the wired link between the mobile network and the home network.

When the mobile network roams, the wired link is disconnected. The mobile network is connected to the home network through the 3G or 4G wireless link. After the move is completed, the wired link is recovered, and the wireless link becomes the backup link.

Figure 2 Connecting the mobile network and the home network through the wired link

 

Registration message format

A registration message contains the fixed portion and extensions. The authentication extension must be added. The mobile network extension and NVSE extension can be added as required.

Registration request

A registration request contains the following fields:

·     Type—Type of the message. The value 1 represents a registration request, and the value 3 represents a registration reply.

·     S—Simultaneous bindings.

·     B—Broadcast datagrams.

·     D—Decapsulation by mobile node.

·     M—Minimal encapsulation.

·     G—GRE encapsulation.

·     r—Sent as zero. It is ignored on reception.

·     T—Reverse tunneling requested.

·     x—Sent as zero. It is ignored on reception.

·     Lifetime—Lifetime of the registration. The value 0 represents a request for deregistration. The value 0xFFFF (65535) indicates infinity.

·     Home Address—Home address of the mobile node.

·     Home Agent—IP address of the mobile node's home agent.

·     Care-of Address—IP address for the mobile router end of the tunnel.

·     Identification—Used to match registration requests and registration replies. The value is formatted as specified by the NTP.

·     Extensions—Registration extensions. The authentication extension must be added. The mobile network extension and NVSE extension can be added as required.

Figure 3 Registration request message format

 

Registration reply

A registration reply contains the following different fields than a registration request:

·     Code—A value indicating the result of the registration request. The values 0 through 8 indicate that the registration request is accepted. For more information, see RFC 5944.

·     Identification—Used to match registration requests and registration replies. If the registration request is accepted, this field copies the value of the Identification field in the registration request.

Figure 4 Registration reply message format

 

Authentication extension

An authentication extension contains the following fields:

·     Type—Type of the extension. The value is 32.

·     Length—Length of the extension. The value is the total number of bytes in the SPI and Authenticator fields.

·     SPI—Security parameter index.

·     Authenticator—Authentication data in cipher text.

Figure 5 Authentication extension format

 

Mobile network extension

A mobile network extension contains the following fields:

·     Type—Type of the extension. The value is 148.

·     Length—Length of the extension, excluding the Type filed. The value is 6.

·     Sub-Type—Sub-type of the extension. The value is 0.

·     Prefix Length—Prefix length of the mobile network.

·     Prefix—Prefix of the mobile network.

Figure 6 Mobile network extension format

 

Normal Vendor/Organization Specific Extension (NVSE)

An NVSE extension contains the following fields:

·     Type—Type of the extension. The value is 134.

·     Length—Length of the extension, excluding the Type field.

·     Reserved—Reserved for future use.

·     Vendor/Org-ID—Vendor ID. The value 9 represents Cisco.

·     Vendor-NVSE-Type—Type of the vendor NVSE extension. The value 9 represents the explicit mode, and the value 13 represents the implicit mode.

·     Vendor-NVSE-Value—Value of the vendor NVSE extension.

Figure 7 NVSE format

 

NVSE prefix extension

An NVSE prefix extension contains the following fields:

·     Sub-Type—Sub-type of the extension. The value 1 represents a registration request, and the value 2 represents a registration reply.

·     Length—Length of the extension. The value is 6.

·     Prefix Length—Prefix length of the mobile network.

·     Code—A value indicating the result of the registration request. The value 0 indicates that the registration request is accepted.

·     Prefix—Prefix of the mobile network.

Figure 8 NVSE prefix extension format

 

Protocols and standards

·     RFC 5177, Network Mobility (NEMO) Extensions for Mobile IPv4

·     RFC 5944, IP Mobility Support for IPv4, Revised

Restrictions: Licensing requirements for NEMO

Data Software licenses are required for some devices to support NEMO. For more information about licensing, see license management in Fundamentals Configuration Guide.

Restrictions: Hardware compatibility with NEMO

Hardware

NEMO compatibility

MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK

Yes

MSR810-LMS, MSR810-LUS

No

MSR810-LMS-EA, MSR810-LME

Yes

MSR2600-6-X1, MSR2600-15-X1

No

MSR2600-10-X1

Yes

MSR 2630

Yes

MSR3600-28, MSR3600-51

Yes

MSR3600-28-SI, MSR3600-51-SI

No

MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP

Yes

MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD, MSR-EAD-AK770, MSR3610-I-IG, MSR3610-IE-IG

No

MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC, MSR3620-X1, MSR3640-X1

Yes

MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660

Yes

MSR3610-G, MSR3620-G

Yes

Hardware

NEMO compatibility

MSR810-W-WiNet, MSR810-LM-WiNet

Yes

MSR830-4LM-WiNet

Yes

MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet

Yes

MSR830-6BHI-WiNet, MSR830-10BHI-WiNet

Yes

MSR2600-6-WiNet

No

MSR2600-10-X1-WiNet

Yes

MSR2630-WiNet

Yes

MSR3600-28-WiNet

Yes

MSR3610-X1-WiNet

Yes

MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet

Yes

Hardware

NEMO compatibility

MSR2630-XS

No

MSR3600-28-XS

Yes

MSR3610-XS

Yes

MSR3620-XS

Yes

MSR3610-I-XS

No

MSR3610-IE-XS

No

MSR3620-X1-XS

Yes

MSR3640-XS

Yes

Hardware

NEMO compatibility

MSR810-LM-GL

Yes

MSR810-W-LM-GL

Yes

MSR830-6EI-GL

Yes

MSR830-10EI-GL

Yes

MSR830-6HI-GL

Yes

MSR830-10HI-GL

Yes

MSR2600-6-X1-GL

No

MSR3600-28-SI-GL

No

NEMO tasks at a glance

To configure NEMO, perform the following tasks:

1.     Configuring mobile IP

2.     Configuring the mobile router feature

3.     Configuring a roaming interface

4.     Configuring a mobility security association

Configuring mobile IP

1.     Enter system view.

system-view

2.     Enable mobile IP and enter its view.

router mobile

By default, mobile IP is disabled.

3.     (Optional.) Set a preference for mobile IP routes.

preference preference

By default, the preference for mobile IP routes is 65.

4.     (Optional.) Set the tunnel interface number range for automatic tunnel creation.

tunnel-number min min-number max max-number

By default, the minimum tunnel interface number is 0 and the maximum tunnel interface number is 10239.

If a tunnel is used by another protocol, the interface number is not available to the mobile IP tunnel. If no available interface number exists, the mobile router fails to establish the tunnel with the home agent. The mobile router initiates a registration request after a registration retry interval.

Configuring the mobile router feature

1.     Enter system view.

system-view

2.     Enable the mobile router feature and enter mobile router view.

ip mobile router

By default, the mobile router feature is disabled.

3.     Assign a home address to the mobile router.

address ip-address

By default, the mobile router does not have any home addresses.

4.     Specify the IP address of the home agent for the mobile router.

home-agent ip-address

By default, no home agent is specified for the mobile router.

When the mobile network moves, the mobile router sends a registration request to the home agent.

5.     (Optional.) Specify the mobile router interface for connecting to a mobile network.

mobile-network interface-type { interface-number | interface-number.subnumber }

By default, no mobile router interface is specified.

The primary IP address of a mobile router interface is contained in the registration request to inform the home agent of the mobile network.

6.     (Optional.) Set the registration lifetime requested by the mobile router.

register lifetime seconds

The default registration lifetime is 65534 seconds.

7.     (Optional.) Configure registration extension parameters for the mobile router to be kept alive.

register extend expire seconds retry retries interval interval

By default:

¡     The mobile router sends a registration request 60 seconds before the registration expires.

¡     The mobile router makes a maximum of 3 retries every 10 seconds if no reply is received.

If the registration lifetime is no longer than the time specified by the expire seconds option, the mobile router sends a registration request when half the registration lifetime elapses.

8.     (Optional.) Set retransmission parameters for the mobile router's registration with the home agent.

register retransmit initial milliseconds maximum milliseconds retry retries

By default:

¡     The initial waiting time is 1000 milliseconds.

¡     The maximum waiting time is 5000 milliseconds.

¡     The maximum number of retries is 3.

9.     (Optional.) Enable the interoperability mode.

interop

By default, the interoperability mode is disabled.

Use this command when the peer device is from other vendors and does not support RFC 5177.

10.     (Optional.) Configure parameters for the mobile IP tunnel.

¡     Set the MTU for the tunnel interface of the mobile IP tunnel.

tunnel mtu size

By default, the MTU for the tunnel interface is 64000 bytes.

¡     Set the DF bit to 0 for outgoing tunneled packets.

ip df-bit zero

By default, the DF bit of outgoing tunneled packets is set to 1.

¡     Apply an IPsec policy to the tunnel interface of the mobile IP tunnel.

ipsec policy policy-name

By default, no IPsec policy is applied to the tunnel interface of a mobile IP tunnel.

For more information about IPsec policies, see Security Configuration Guide.

¡     Set the TCP MSS for the tunnel interface of the mobile IP tunnel.

tcp mss value

By default, no TCP MSS is set.

Configuring a roaming interface

1.     Enter system view.

system-view

2.     Enter Layer 3 interface view.

interface interface-type interface-number

3.     Configure the interface as a roaming interface.

ip mobile router-service roam

By default, an interface is not a roaming interface.

4.     (Optional.) Specify the gateway address for the roaming interface.

ip mobile router-service collocated gateway ip-address

By default, no gateway address is specified for a roaming interface.

Use this command if the interface does not obtain a gateway from the DHCP server, or the interface has a manually configured IP address.

5.     (Optional.) Set the registration retry interval.

ip mobile router-service collocated registration retry interval

By default, the interval is 60 seconds.

Configuring a mobility security association

Restrictions and guidelines

For successful authentication, configure the same authentication mode and password on the mobile router and the home agent.

Procedure

1.     Enter system view.

system-view

2.     Configure a security association for authentication to the home agent.

ip mobile secure home-agent ip-address spi hex-value key ascii { cipher | simple } string

By default, no security association is specified on the router for authentication.

For information about security associations, see Security Configuration Guide.

Display and maintenance commands for NEMO

Execute display commands in any view.

 

Task

Command

Display registration information for the mobile router.

display ip mobile router registration

 

NEMO configuration examples

Example: Configuring NEMO

Network configuration

As shown in Figure 9, the home agent is a Cisco device. The mobile router uses a USB 3G modem to register with the home agent and access the 3G network through Dial-on-Demand Routing (DDR).

Configure NEMO on the mobile router to meet the following requirements when the mobile network moves:

·     The hosts on the mobile network use their home addresses for communication.

·     Application connectivity is maintained on the hosts.

Figure 9 Network diagram

Procedure

1.     Configure the mobile router:

# Assign the IP address 20.1.1.1 to GigabitEthernet 1/0/1.

<MR> system-view

[MR] interface gigabitethernet 1/0/1

[MR-GigabitEthernet1/0/1] ip address 20.1.1.1 255.255.255.0

[MR-GigabitEthernet1/0/1] quit

# Enable mobile IP.

[MR] router mobile

[MR-MIP] quit

# Enable the mobile router feature.

[MR] ip mobile router

# Assign a home address to the mobile router.

[MR-mobile-router] address 1.1.1.3

# Specify the IP address of the home agent 1.1.1.2 (IP address of the interface Loopback 0 on the home agent) on the mobile router.

[MR-mobile-router] home-agent 1.1.1.2

# Specify GigabitEthernet 1/0/1 as the mobile router interface.

[MR-mobile-router] mobile-network gigabitethernet 1/0/1

[MR-mobile-router] quit

# Channelize Cellular 2/4/0 into a synchronous/asynchronous serial interface.

[MR] controller cellular 2/4/0

[MR-Cellular2/4/0] serial-set 0

[MR-Cellular2/4/0] quit

# Configure Serial 2/4/0:0 as the roaming interface. (In this example, the IP address of the roaming interface is assigned by the service provider. For more information, see Layer 2—WAN Access Configuration Guide.)

[MR] interface serial 2/4/0:0

[MR-Serial2/4/0:0] ip mobile router-service roam

[MR-Serial2/4/0:0] quit

# Configure a security association that contains the home agent address 1.1.1.2, SPI 100, and the plaintext key abc. Make sure the same security association is configured on the home agent.

[MR] ip mobile secure home-agent 1.1.1.2 spi 100 key ascii simple abc

2.     Configure the home agent as described in its user documentation. (Details not shown.)

Verifying the configuration

# Display registration information for the mobile router.

[MR] display ip mobile router registration

Registration accepted on 12/04/13 at 10:43:52, On Serial2/4/0:0

Care-of addr: 208.122.148.233, HA addr: 1.1.1.2, Home addr: 1.1.1.3

Lifetime requested: 65534, Granted: 36000

Remaining: 9 hours 58 minutes 36 seconds

Flags sbDmG-T-

Identification d64985e8.bd34f00e

Next registration: 9 hours 56 minutes 36 seconds

Extensions:

  Mobile Network 20.1.1.0/24

  Authentication SPI: 100

# Display registration information for the mobile router after it moves to another network.

[MR] display ip mobile router registration

Registration accepted on 12/04/13 at 11:35:45, On Serial2/4/0:0

Care-of addr: 212.48.124.187, HA addr: 1.1.1.2, Home addr: 1.1.1.3

Lifetime requested: 65534, Granted: 36000

Remaining: 9 hours 58 minutes 36 seconds

Flags sbDmG-T-

Identification d6499211.bc35e11d

Next registration: 9 hours 56 minutes 36 seconds

Extensions:

  Mobile Network 20.1.1.0/24

  Authentication SPI: 100

The output shows that the mobile router retains the home address and maintains the application connectivity when it moves.