cnMaestro and multihoming

rnelson · December 7, 2017, 6:05pm

We operate an infrastructure that multiple retail service providers (RSPs) use to access and sell fiber and wireless internet services. Under our wireless model, we provide the RSP with a Cambium SM and a vlan. The SMs do not directly route to the Cambium AP. Instead the AP operates as a pass through. The IP address on the SM is setup by the RSP and is local to their network. All IP addresses on the SMs are private and not publicly routable for security reasons.

To illustrate, our AP is assigned an IP address such as 10.121.53.105 so we can reach it via our internal management network. The AP has vlans for all of our RSPs and our internal management vlan for administering the AP. The SM issued to the RSP is set with the vlan for his network, for example 1030, and that RSP assigns his own internal IP address, such as 172.17.17.218.

We setup two cnMaestro servers, one in the RSP vlan and one in our AP management vlan. Obviously since the two networks cannot route, the AP’s cnMaestro cannot see the SMs and the RSP’s cnMaestro cannot see the APs (and hence cannot update SMs via AP sector in mass). In prior versions of PMP, the SMs were updatable via the virtual proxy capability of the AP. However, it’s my understanding that cnMaestro utilizes a different mechanism for AP to SM visibility, hence the need for a route between the networks.

We looked into what it would take to have the SM route to the AP but that would create security and administrative overhead issues that are deal breakers for us in using cnMaestro.

What we do know works is multihoming. We have successfully used multihoming in our infrastructure for many different applications used by our RSPs. Multihoming is the only feasible way we will be able to utilize cnMaestro in our organization.

We are hoping Cambium would be willing to provide a cnMaestro on-premises image or docker container that supports multihoming. We’d gladly do the setup needed in the nginx and Ethernet interface configurations to make this happen. We were also curious if there are any plans to release an updated image utilizing Ubuntu 16.04 LTS or the upcoming Ubuntu 18.04 LTS.

Cambium_Emilio · December 11, 2017, 6:16pm

Hi rnelson. I sent you an offline email to get a better understanding of your use-case. Thanks.

newkirk · December 11, 2017, 7:18pm

If you're familiar with linux server networking setup, you can drop to a shell on the cnMaestro on-premises login and edit the file /etc/rc.local to insert the pertinent commands before the final 'exit' line. (we use this to add a local IP [in our switch/router/NAS subnet] as well as the official public IP, with a line like "/sbin/ip a a 10.10.1.15/24 dev eth0") I would recommend an off-image backup of any changes, since there's no knowing whether a future cnMaestro update package might overwrite your additions.

j

rnelson · April 19, 2018, 4:26pm

Long overdue update on how we accomplished this with one NIC because cnMaestro cannot hold the interface configuration on multiple NICs. Please note there is no need to configure anything in the initial menu on cnMaestro boot - it will just blow out your config. Once the interface is configured, cnMaestro will just work. No other tweaks needed.

We are successfully running a very similar config with over 350 SMs and 25APs attaching to cnMaestro. So far it works flawlessly. The only annoying part is doing OVA image upgrades.

Steps:

1. Install the vlan package (sudo apt-get install vlan)

2. Configure modprobe to handle vlans (add 8021q to /etc/modules)

3. In VMWare, set the NIC up as a trunk. This step needs to be after the vlan setup, otherwise you will not be able to access the internet to install the necessary package.

4. In the /etc/network/interfaces file, setup the needed configuration. Make sure the new lines/spacing is appropriate, otherwise Ubuntu won't read the config properly:

auto lo iface lo inet loopback

Mgmt address with gateway

vlan 25

auto eth0.25
iface eth0.25 inet static
address 10.10.10.14/24
gateway 10.10.10.1 # Only define one gateway

Another vlan (50)

auto eth0.50
iface eth0.50 inet static
address 172.22.22.120/24

Multiple subnets off same vlan (vlan 100)

first subnet

auto eth0.100
iface eth0.100 inet static
address 10.18.18.5/24

second subnet

auto eth0.100:1
iface eth0.100:1 inet static
address 10.18.18.6/24

third subnet

auto eth0.100:2
iface eth0.100:2 inet static
address 10.18.18.7/24

5. Run the vconfig command for each vlan (rebooting or up/down on the interface auto adds/removes the vlan). We reboot instead of configuring with vconfig merely to make sure the cnMaestro network settings recover in case of power issue/reboot:

sudo vconfig add eth0 15

sudo vconfig add eth0 50

sudo vconfig add eth0 100

6. After interface up/down or system reboot, check ifconfig. Everything should be configured and pingable. If the boot screen is taking a long time to come up while checking for network settings, there is probably a configuration issue. This can be sped along with a slight modification:

 sudo nano /etc/init/failsafe.conf 
    Comment out the sleep lines (# before line)

rnelson · October 29, 2020, 8:11pm

Update: To keep the config persistent across reboots, run this from the command line:

# Makes the interface file immutable
chattr +i interfaces

# To edit the file again:
chattr -i interfaces