Configuring WAN Backhaul Redundancy
This chapter describes how to configure WAN backhaul redundancy for cellular and WiMAX interfaces on the Cisco 1000 Series Connected Grid Routers (hereafter referred to as the Cisco CG-OS router).
The system software for the router is identified as the Cisco CG-OS software.
This chapter includes the following sections:
•Information About WAN Backhaul Redundancy
•Prerequisites for WAN Backhaul Redundancy
•Configuring WAN Backhaul Redundancy
•Verifying the WAN Backhaul Configuration
Information About WAN Backhaul Redundancy
You can configure the Cisco CG-OS router to have redundant WAN backhauls within an Open Shortest Path First version 2 (OSPFv2) area by assigning link costs to cellular (3G) and WiMAX interfaces. The interface with the lower assigned link cost remains the primary link until that link goes down; and, then traffic automatically goes to the secondary link with the next lowest cost. In cases where the link with the higher cost fails, no redirect of traffic occurs because the Cisco CG-OS router by default routes all traffic to the link with the lowest cost.
IPSec virtual tunnels are configured between the Cisco CG-OS router and the head-end router (such as the Cisco ASR 1000 Series) to encapsulate the interface traffic (cellular and WiMAX). A tunnel for each of the interfaces is configured.
The router employs IKEv2 to authenticate the traffic running between the Cisco CG-OS router and the head-end router by using either pre-shared key (PSK) or RSA authentication.
A Generic Routing Encapsulation (GRE) tunnel (see RFC2784 and RFC2890) is built between the Cisco CG-OS router and the head-end router. The GRE tunnel allows IPv6 traffic within an OSPFv3 area to traverse the tunnel between the two routers without the packets being parsed or examined by either of the routers.
Figure 7-1 WAN Backhaul Redundancy Employing IPSec and GRE Tunnels
Prerequisites for WAN Backhaul Redundancy
When configuring for IPv4 traffic:
•Ensure that your OSPFv2 network strategy and planning for your network is complete. For example, you must decide whether your network requires multiple areas.
•You must be familiar with routing fundamentals to configure OSPFv2.
•Enable the OSPFv2 feature on the Cisco CG-OS router (see Enabling OSPFv2).
•Configure at least one interface for IPv4 that can communicate with a remote OSPFv2 neighbor.
When configuring for IPv6 traffic:
•Ensure that your OSPFv3 network strategy and planning for your network is complete. For example, you must decide whether your network requires multiple areas.
•You must be familiar with routing fundamentals to configure OSPFv3.
•Enable the OSPFv3 feature on the Cisco CG-OS router (see Enabling OSPFv3).
•Configure at least one interface for IPv6 that can communicate with a remote OSPFv3 neighbor.
Guidelines and Limitations
The Ethernet interface cannot currently be configured as a redundant WAN backhaul.
Configuring WAN Backhaul Redundancy
Tip Cisco recommends that you configure the feature on the Cisco CG-OS router in the order noted below.
Note An example configuration for the head-end router (and Cisco CG-OS router) is provided in the Configuration Example section. For details on configuring the Cisco ASR 1000 Series, refer to the following URL: http://www.cisco.com/en/US/partner/products/ps9343/index.html
BEFORE YOU BEGIN
Ensure that all of the requirements listed in the Prerequisites for WAN Backhaul Redundancy section are met before beginning to configure the Cisco CG-OS router.
DETAILED STEPS
To configure the loopback interface, follow these steps.
To configure the cellular interface, follow these steps.
To configure the WiMAX interface, follow these steps.
To enable IKEv2 on the Cisco CG-OS router, follow these steps.
To enable IPSec tunnelling on the Cisco CG-OS router and configure its parameters, follow these steps.
To enable OSPFv2 processing on the Cisco CG-OS router, enter the following command in the global configuration mode.
|
|
|
---|---|---|
Step 1 |
router ospf instance-tag |
Creates an OSPFv2 routing instance. instance-tag-Internal identifier for the routing instance and can be an alphanumeric word or positive integer. |
To enable OSPFv3 processing on the Cisco CG-OS router, enter the following command in the global configuration mode.
|
|
|
---|---|---|
Step 1 |
router ospfv3 instance-tag |
Creates an OSPFv3 routing instance. instance-tag-Internal identifier for the routing instance and can be an alphanumeric word or positive integer. |
To enable tunneling on the Cisco CG-OS router, enter the following command in the global configuration mode.
|
|
|
---|---|---|
Step 1 |
feature tunnel |
Enables tunneling on the Cisco CG-OS router. |
To create an IPSec tunnel on the Cisco CG-OS router and define an OSPFv2 area on each of the interfaces (cellular and WiMAX), follow these steps to configure each interface.
An individual tunnel must be configured for each of the interfaces, cellular and WiMAX (see Figure 7-1).
To configure a Generic Routing Encapsulation (GRE) tunnel on the Cisco CG-OS router, follow these steps.
EXAMPLE
Cisco CG-OS Router Configuration
The following example shows how to configure the Cisco CG-OS router.
For details on the head-end router configuration, refer to the Head-End Router Configuration.
These commands show how to configure the loopback0 interface, the cellular interface, and the WiMAX interface and their parameters.
router(config)# interface loopback 0
router(config-if)# ip address 20.0.0.2/24
router(config-if)# ip router ospf 2 area 0.0.0.2
router(config-if)# exit
router(config)# chat-script gsm1 PROFILE1
router(config)# interface dialer 1
router(config-if)# dialer persistent
router(config-if)# dialer pool 1
router(config-if)# dialer string gsm 1
router(config-if)# exit
router(config)# interface cellular 3/1
router(config-if)# dialer pool-member 1
router(config-if)# no shutdown
router(config-if)# exit
router(config)# wimax scan-list aaa
router(config-if)# channel index 1 frequency 2550000 bandwidth 10Mhz
router(config-if)# nap id 00:00:01 priority 1 channel-index 1
router(config-if)# nsp id 00:00:01 home
router(config-if)# exit
router(config)# interface wimax 5/1
router(config-if)# scan-list aaa
router(config-if)# ip address 192.10.0.21/16
router(config-if)# no shutdown
router(config-if)# exit
router(config)#
These commands show how to enable IKEv2 on the Cisco CG-OS router.
router(config)# feature crypto ike
router(config)# crypto ike domain ipsec
router(config-ike-ipsec)# policy 10
router(config-ike-ipsec-policy)# authentication pre-share
router(config-ike-ipsec-policy)# group 5
router(config-ike-ipsec-policy)# exit
router(config-ike-ipsec)# key company123 address 11.0.0.1
router(config-ike-ipsec)# key company123 address 192.10.0.1
router(config-ike-ipsec)# key company123 address 192.168.168.1
router(config-ike-ipsec)# exit
router(config)#
These commands show how to enable IPSec tunnelling (and configure its parameters) on the Cisco CG-OS router.
router(config)# feature crypto ipsec virtual-tunnel
router(config)# crypto ipsec transform-set MyTransformSet esp-aes 128 esp-shal-hmac
router(config)# crypto ipsec profile MyProfile
router(config-ipsec-profile)# description VTI IPSec Profile
router(config-ipsec-profile)# set transform-set MyTransformSet
router(config-ipsec-profile)# exit
router(config)#
This command shows how to enable OSPFv2 processing on the Cisco CG-OS router.
router(config)# router ospf 2
This command shows how to enable OSPFv3 processing on the Cisco CG-OS router.
router(config)# router ospfv3 1
This command shows how to enable tunneling on the Cisco CG-OS router.
router(config)# feature tunnel
These commands show how to configure tunnels that transport WiMAX (tunnel 15) and cellular (tunnel 15) data within the IPSec virtual tunnel from the Cisco CG-OS router to the head-end router.
router(config)# interface tunnel 15
router(config-if)# ip address 23.0.5.2/30
router(config-if)# ip ospf cost 100
router(config-if)# ip ospf dead-interval 20
router(config-if)# ip ospf hello-interval 5
router(config-if)# ip ospf mtu-ignore
router(config-if)# ip router ospf 2 area 0.0.0.2
router(config-if)# tunnel mode ipsec ipv4
router(config-if)# tunnel source wimax 5/1
router(config-if)# tunnel destination 192.10.0.1
router(config-if)# no keepalive
router(config-if)# tunnel protection ipsec profile MyProfile
router(config-if)# no shutdown
router(config-if)# exit
router(config)# interface tunnel 16
router(config-if)# ip address 23.0.6.2/30
router(config-if)# ip ospf cost 500
router(config-if)# ip ospf dead-interval 20
router(config-if)# ip ospf hello-interval 5
router(config-if)# ip ospf mtu-ignore
router(config-if)# ip router ospf 2 area 0.0.0.2
router(config-if)# tunnel mode ipsec ipv4
router(config-if)# tunnel source cellular 3/1
router(config-if)# tunnel destination 192.168.168.1
router(config-if)# no keepalive
router(config-if)# tunnel protection ipsec profile MyProfile
router(config-if)# no shutdown
router(config-if)# exit
router(config)#
These commands show how to configure a Generic Routing Encapsulation (GRE) tunnel on the Cisco CG-OS router.
router(config)# interface tunnel 1
router(config-if)# ip address 25.0.0.2/24
router(config-if)# ip address 25::2/64
router(config-if)# ipv6 router ospfv3 1 area 0.0.0.1
router(config-if)# tunnel source loopback 0
router(config-if)# tunnel destination 20.0.0.1
router(config-if)# no shutdown
router(config)#
Head-End Router Configuration
The following example shows how to configure the head-end router to communicate with the
Cisco CG-OS router defined above.
This sample configuration is for a Cisco ASR 1000 Series system operating with Cisco IOS. For more details on the Cisco ASR and its configuration, refer to the following URL: http://www.cisco.com/en/US/partner/products/ps9343/index.html
These commands show how to configure the loopback0 interface on the head-end router.
HeadEndRtr(config)# interface loopback 0
HeadEndRtr(config-if)# ip address 20.0.0.1 255.255.255.0
HeadEndRtr(config-if)# exit
HeadEndRtr(config)#
These commands show how to enable IKEv2 on the head-end router.
HeadEndRtr(config)# crypto ikev2 keyring MyIke2KeyRing
HeadEndRtr(config-ike)# peer wimax-cgr
HeadEndRtr(config-ike)# address 192.10.0.21
HeadEndRtr(config-ike)# pre-shared-key Cisco123
HeadEndRtr(config-ike)# peer cellular-cgr
HeadEndRtr(config-ike)# address 192.168.168.21
HeadEndRtr(config-ike)# pre-shared-key Cisco123
HeadEndRtr(config-ike)# exit
HeadEndRtr(config)# cryto ikev2 profile MyIke2Profile
HeadEndRtr(config-ike)# match fvrf any
HeadEndRtr(config-ike)# match identity remote address 192.10.0.21 255.255.255.255
HeadEndRtr(config-ike)# match identity remote address 192.168.168.19 255.255.255.255
HeadEndRtr(config-ike)# authentication local pre-share
HeadEndRtr(config-ike)# authentication remote pre-share
HeadEndRtr(config-ike)# keyring MyIke2KeyRing
HeadEndRtr(config-ike)# exit
HeadEndRtr(config)#
These commands show how to enable IPSec tunnelling and configure its parameters on the head-end router.
HeadEndRtr(config)# crypto ipsec transform-set AES128SHA1 esp-aes esp-sha-hmac
HeadEndRtr(config)# crypto ipsec profile IPSecProfile
HeadEndRtr(config-ipsec-profile)# set transform-set AES128SHA1
HeadEndRtr(config-ipsec-profile)# set ikev2-profile MyIke2Profile
HeadEndRtr(config-ipsec-profile)# responder-only
HeadEndRtr(config-ipsec-profile)# exit
HeadEndRtr(config)#
These commands show how to configure tunnels that transport WiMAX (tunnel 15) and
cellular (tunnel 16) data from the head-end router to the Cisco CG-OS router.
HeadEndRtr(config)# interface tunnel 15
HeadEndRtr(config-if)# ip address 23.0.5.1 255.255.255.252
HeadEndRtr(config-if)# ip ospf cost 100
HeadEndRtr(config-if)# ip ospf hello-interval 5
HeadEndRtr(config-if)# ip ospf mtu-ignore
HeadEndRtr(config-if)# tunnel source GigabitEthernet 0/2
HeadEndRtr(config-if)# tunnel mode ipsec ipv4
HeadEndRtr(config-if)# tunnel destination 192.10.0.21
HeadEndRtr(config-if)# tunnel protection ipsec profile IPSecProfile
HeadEndRtr(config-if)# exit
HeadEndRtr(config)# interface tunnel 16
HeadEndRtr(config-if)# ip address 23.0.6.1 255.255.255.252
HeadEndRtr(config-if)# ip ospf cost 500
HeadEndRtr(config-if)# ip ospf hello-interval 5
HeadEndRtr(config-if)# ip ospf mtu-ignore
HeadEndRtr(config-if)# tunnel source GigabitEthernet 0/1.168
HeadEndRtr(config-if)# tunnel mode ipsec ipv4
HeadEndRtr(config-if)# tunnel destination 192.168.168.21
HeadEndRtr(config-if)# tunnel protection ipsec profile IPSecProfile
HeadEndRtr(config-if)# exit
HeadEndRtr(config)#
These command shows how to create a GRE tunnel on the head-end router.
HeadEndRtr(config)# interface tunnel 1
HeadEndRtr(config)# ip address 25.0.0.1 255.255.255.0
HeadEndRtr(config-if)# ip ospf mtu-ignore
HeadEndRtr(config-if)# ip address 25::1/64
HeadEndRtr(config-if)# ipv6 enable
HeadEndRtr(config-if)# ipv6 ospf mtu-ignore
HeadEndRtr(config-if)# ipv6 ospf 1 area 1
HeadEndRtr(config-if)# tunnel source loopback 0
HeadEndRtr(config-if)# tunnel destination 20.0.0.2
HeadEndRtr(config-if)# exit
HeadEndRtr(config)#
These command shows how to enable OSPFv3 processing, define OSPFv3 areas, and enable the OSPFv3 for IPv6 router configuration mode (which allows you to configure IPv6 parameters) on the head-end router.
HeadEndRtr(config)# router ospf 2
HeadEndRtr(config-router)# network 20.0.0.0 0.0.0.255 area 2
HeadEndRtr(config-router)# network 23.0.5.0 0.0.0.255 area 2
HeadEndRtr(config-router)# network 23.0.6.0 0.0.0.255 area 2
HeadEndRtr(config-router)# exit
HeadEndRtr(config)# ipv6 router ospf 1
Verifying the WAN Backhaul Configuration
To display the WAN backhaul configuration, enter any or all of the following commands on the Cisco CG-OS router:
Note The Cisco CG-OS software does not support the [vrf {vrf-name | all | default | management}] parameter in the commands listed below.
Monitoring Statistics
To display WAN backhaul statistics, enter the following commands:
Configuration Example
See EXAMPLE.