Network Mobility (NEMO)


Network Mobility (NEMO)
 
This chapter describes the system’s support for NEMO and explains how it is configured. The product administration guides provide examples and procedures for configuration of basic services on the system. It is recommended that you select the configuration example that best meets your service model and configure the required elements for that model, as described in the Cisco ASR 5x00 Packet Data Network Gateway Administration Guide, before using the procedures in this chapter.
This chapter includes the following sections:
NEMO Overview
When enabled through a feature license key, the system includes NEMO support for a Mobile IPv4 Network Mobility (NEMO-HA) on the P-GW platform to terminate Mobile IPv4 based NEMO connections from Mobile Routers (MRs) that attach to an Enterprise PDN. The NEMO functionality allows bi-directional communication that is application-agnostic between users behind the MR and users or resources on Fixed Network sites.
The same NEMO4G-HA service and its bound Loopback IP address supports NEMO connections whose underlying PDN connection comes through GTP S5 (4G access) or PMIPv6 S2a (eHRPD access).
The following figure shows a high-level view of LTE NEMOv4 Architecture.
NEMO Overview
Use Cases
The following use cases are supported by NEMO in LTE:
1.
Stationary - Applications, like branch offices, with a mobile router that does not require mobility.
2.
Nomadic - Applications that use a mobile router that does not move while in service, but that may be moved to a different location and brought back on service (e.g. a kiosk showing up in a mall one day and in a different location the next day or month).
3.
Moveable - Applications that need to maintain Dynamic Mobile Network Routing (DMNR) service operational while moving and crossing PDSN boundaries, such as public safety vehicles. Service continuity is handled by the mobility protocols (Mobile IP in 3G and GTP in LTE).
Features and Benefits
The system supports the usage of dynamically learned, overlapping customer prefixes. These prefixes are advertised via BGP.
MIPv4-based NEMO Control Plane
The following figure shows a high-level view of the NEMO control plane.
NEMO includes the following features:
The Cisco NEMO MR is expected to use the Collocated-Care-of-Address mode to establish a NEMO MIPv4 session with NEMO4G-HA and as one of the IP endpoints of the NEMO GRE Tunnel for the transport of user traffic.
NEMO4G-HA supports a potential “dummy” MR-HADDR address that would be configured in every MR within the same Enterprise or across all served Enterprises (same IP address).
eBGP is used to advertise the Enterprise WAN-IP Pools and the LAN prefixes learned via NEMO for the associated Enterprise.
NEMO4G-HA supports local authentication for the NEMO MIPv4 RRQ based on preconfigured N-MHAE-SPI/KEY values on a per Enterprise basis (one unique set for all MRs belonging to the same Enterprise) or on a global basis (one unique set for all Enterprises).
NEMO4G-HA supports private and overlapping IP addressing across multiple Enterprises for the WAN IP pools, MR-HADDR, and LAN prefixes.
NEMO MR Authorization
NEMO4G-HA authorizes a NEMO MIPv4 session only if a NEMO permission has been assigned to the underlying PDN connection. NEMO permission should be assigned to the underlying PDN connection via either local configuration (APN parameter) or based on a NEMO permission AVP assigned by the 3GPP AAA during the PDN authorization. For local configuration, a new APN parameter is supported to enable NEMO permission at the APN/PDN level within the P-GW service.
MIPv4 NEMO Protocol
NEMO4G-HA processes a Mobile IPv4 NEMO Registration Request (RRQ) received from the MR NEMO client.
NEMO4G-HA processes the first of three Cisco-specific MIPv4 Extensions of type Normal Vendor/Org Specific Extension (NVSE) that are included in the MIPv4 NEMO RRQ. The three Cisco-specific NVSEs are placed after the MIPv4 “Identification” field and before the mandatory MIPv4 “Mobile-Home-Authentication-Extension.” NEMO4G-HA accepts the LAN prefixes (up to eight) encoded in the first Cisco-specific NVSE (vendor-type = 9). NEMO4G-HA is not expected to process the other two Cisco-specific NVSEs with vendor-type = 49, which carry the Internal Interface ID of the MR's Roaming Interface and the MR's Roaming Interface Bandwidth in Kbps, respectively.
Cisco-specific NVSEs follow RFC 3025 “Mobile IP Vendor/Organization Specific Extensions.”
GRE Encapsulation
User traffic shall be encapsulated over a GRE tunnel between the MR NEMO client and NEMO4G-HA. The IP endpoints of the GRE tunnel shall be the IPv4 assigned to the MR modem during the Enterprise PDN connection setup and the IPv4 address of the NEMO4G-HA service on the E-PGW.
NEMO4G-HA shall remove the GRE encapsulation before it forwards the outbound traffic towards the Enterprise VPN via the associated SGi VLAN interface. Inbound traffic received through the same SGi VLAN interface shall be encapsulated into a GRE tunnel before it's passed to the E-PGW service for forwarding to the MR through the proper GTP/PMIP tunnel.
Session Interactions
The following session interaction scenarios are supported between NEMO and the underlying PDN connection made over eHRPD or LTE access.
In the following circumstances, NEMO4G-HA shall withdraw the associated prefix routes from the Enterprise VRF routing table, update the eBGP neighbors and free up all internal resources allocated for the underlying PDN connection and NEMO session:
NEMO4G-HA shall not be able to process any NEMO MIPv4 RRQs if there's no underlying PDN connection associated to those RRQs (PMIPv6 or GTP). In other words, NEMO MIPv4 RRQs can be accepted and processed only if an Enterprise PDN connection has been established with E-PGW by the mobile router.
NEMO4G-HA shall silently ignore NEMO MIPv4 RRQs if the underlying PDN connection associated to each of those RRQs does not have the NEMO permission indication. This applies to both eHRPD and LTE access.
NEMO4G-HA shall forward (not drop) user data using MIP or GRE tunneling (UDP/434 or IP Protocol/47, respectively) to the external enterprise VRF if such data is not destined to the NEMO4G-HA IP address. This applies to PDN connections that have or do not have the NEMO Permission indication. This shall also apply to both eHRPD and LTE access.
Any failure on either the authentication or authorize of a NEMO MIPv4 session shall not affect the underlying PDN connection established between the mobile router and the E-PGW via eHRPD or LTE. For example, if the security credentials do not match between the MR NEMO client and NEMO4G-HA, NEMO4G-HA can reject the NEMO MIPv4 RRQ, but the associated PDN connection shall not be terminated.
NEMO Session Timers
NEMO4G-HA uses the registration lifetime value locally configured, even though MR's may use the maximum possible value (65534).
NEMO4G-HA can process ad-hoc NEMO RRQ messages.
Enterprise-wide Route Limit Control
NEMO4G-HA supports a control mechanism to limit the maximum number of prefixes/routes that a given enterprise can register, including the pools for WAN IP assignments.
When the maximum number of routes is reached, a syslog message is generated. Once the number of routes goes under the limit, a syslog message is generated for notification.
Forced Fragmentation
E-PGW forces IP packet fragmentation even for IP packets with the DF-bit set.
Redundancy/Reliability
The LTE NEMO solution supports intra-chassis Session Redundancy (SR) and Inter-Chassis Session Redundancy (ICSR) functionalities.
LTE NEMO Call Flow
The following figure describes the call flow of the NEMOv4 solution.
1.
2.
3.
4.
5.
Engineering Rules
Supported Standards
NEMO Configuration
Important: Commands used in the configuration samples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands.
To configure the system for NEMO:
1.
2.
3.
4.
Allow the P-GW to use the NEMO service by applying the example in the Configure and Enable NEMO in APN Profile section.
5.
6.
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration. For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference.
Sample Configuration
context egress
interface corp1-outbound
   ip address 192.168.1.1 255.255.255.0
#exit
ip vrf corp1
ip pool corp1-test 10.1.1.1 255.255.255.0 private vrf corp1
nexthop-forwarding-address 192.168.1.2 overlap vlanid 50
router bgp 100
   address-family ipv4 vrfcorp1
      neighbor192.168.1.2 remote-as 300
      neighbor 192.168.1.2 allow-default-vrf-connection
      redistribute connected
   #exit
#exit
context pgw
   apn nemo.corp1.com
      permission nemo
      ip context-name egress
      ip address pool name corp1_nemo_pool
   #exit
#exit
context ingress
interface corp1-inbound
   ip address 192.168.1.1 255.255.255.0
#exit
   ha-service nemo
      mn-ha-spi spi-number 100 encrypted secret 01abd002c82b4a2c
      authentication mn-aaa noauth
      encapsulation allow keyless-gre
      bind address 38.0.0.2
      #end
Create a VRF
Use this example to first create a VRF on the router and assign a VRF-ID.
configure
   context <context_name> -noconfirm
      ip vrf <vrf_name>
      ip pool <pool_name> <pool_address> private vrf <vrf_name>
      nexthop-forwarding-address <ip_address> overlap vlanid <vlan_id>
Set Neighbors and Address Family
Use this example to set the neighbors and address family to exchange routing information with a peer router.
configure
   context <context_name>
      ip vrf <vrf_name>
         router bgp <as_number>
         ip vrf <vrf_name>
            neighbor <ip_address> remote-as <AS_num>
            address-family <type>
            neighbor <ip_address> activate
            end
Redistribute Connected Routes
Use this example to redistribute connected routes between routing domains.
configure
   context <context_name>
      ip vrf <vrf_name>
         router bgp <as_number>
         ip vrf <vrf_name>
            address-family <type> vrf <vrf_name>
               redistribute connected
               exit
               redistribute connected
               end
Configure and Enable NEMO in APN Profile
Use this example to configure and enable NEMO in an APN profile.
configure
   context <context_name>
      apn <apn_name>
         permission nemo
      ip context-name <name>
      ip address pool name <pool_nme>
         end
Create a NEMO HA
Use this example to create a NEMO HA.
configure
   context <context_name>
      ha-service <ha_service_name>
         mn-ha-spi spi-number <number> encrypted secret <enc_secret>
         authentication mn-aaa noauth
         encapsulation allow keyless-gre
         bind address <ip_address>
         end
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883