Skip to end of metadata
Go to start of metadata

During an NSF inspection, this network setup was declared an NSF "best practice" in 2010. This is meant as a guide to get you started, but individual ships' networks can vary, so ... your milage may vary. Undertake this modification at your own risk.

The basic idea here is to take advantage of Border Gateway Protocol (BGP) (the routing protocol that makes the Internet work) to concurrently keep track of two routing paths to/from the ship. Using normal HiSeasNet, as well as GRE tunnel through the FleetBroadband (FBB), one can set up HiSeasNet-over-FleetBroadband (HSN-over-FBB) . With two paths two/from the same two routers (your ship's and one of the HiSeasNet routers), BGP can keep track of which links are available, IP space is preserved, and downloads, etc, only suffer a brief interruption when toggling between the two, rather than dying and having to be restarted. Since IP space is preserved, and your packets land at the HSN router, your accelerator invisibly works on both links, too.

There will be some values you have to know that are relevant to each ship's setup. In this example, mostly generic values were chosen. These are:

Description

Generic value

hostname

foo

tunnel number

Tunnel10

tunnel IP subnet

192.168.252.16/30

HSN tunnel IP addr

192.168.252.17

ship tunnel IP addr

192.168.252.18

router NIC to use for FBB

FastEthernet0/1

Tunnel destination

137.110.255.83 – this will be one of the two values below

Ku-band router

137.110.255.81

C-band router

137.110.255.83

Login to your router and find out the MAC address of the NIC you will use to talk to your FBB.

Example
myrouter#show interface FastEthernet0/1
FastEthernet0/1 is administratively down, line protocol is down 
  Hardware is MV96340 Ethernet, address is 0024.c413.0eb9 (bia 0024.c413.0eb9)

So, in this example, the MAC address we care about is 0024.c413.0eb9, aka 00:24:c4:13:0e:b9.

Configure your FBB to accept this MAC address

If your FBB box hasn't been configured much, you can probably get started http://192.168.0.1/

Once logged into the FBB UI, goto Settings -> LAN -> Network User Groups, and create/edit your first User Group (mapped to User "A") to be in Bridged Mode. If you are using this , e.g. Ship's Business, with the following values...

Ship's Business

Enabled

Bridge mode

Enabled

In Settings -> LAN -> Network Classification, create an entry, like so:

00:24:c4:13:0e:b9

  

Ship's Business

Whatever IP address this is, you will have to ask Al Suchy or Inmarsat to allow GRE traffic from 137.110.255.81 or 137.110.255.83 to this address. Until you're told that this is ready, and your FBB box has been rebooted, the following example will not work.

Now, configure your router

Note that we make the router's FBB interface a DHCP client. This is so that the FBB can serve up it real-world "Bridged" IP address to the router – this is required for the GRE tunnel to work.

FBB Interface Setup
interface FastEthernet0/1
 description WAN, FBB-LAN
 bandwidth 492
 # Allow the FBB box to set the "Bridged Mode" (MAC address must be configured in the FBB).
 ip address dhcp
 # Learn next-hop, but set poisoned (unpoison single-IP static routes, later).
 ip dhcp client default-router distance 255
 ip dhcp client lease 0 0 5
 no ip dhcp client request dns-nameserver
 no ip dhcp client request domain-name
 no ip dhcp client request netbios-nameserver
 no ip dhcp client request static-route
 no ip dhcp client request tftp-server-address
 no ip dhcp client request vendor-specific
 # Stratos MTU is 1360 per http://www.inmarsat.com/wp-content/uploads/2013/10/Inmarsat_FleetBroadband_Best_Practices_Manual.pdf
 ip mtu 1360
 no cdp enable
 no ip proxy-arp

There's a lot of MTU voodoo in the FBB tunnel setup below, as well as some in the FBB interface setup above. Read the FleetBroadband Best Practices (also at http://www.inmarsat.com/wp-content/uploads/2013/10/Inmarsat_FleetBroadband_Best_Practices_Manual.pdfif you're really curious as to why. FBB, to date, has not explained the technical reasons behind the 1360 MTU, but testing reveals that one should heed it.

Tunnel to HiSeasNet Interface Setup
interface Tunnel10
 description Tunnel to HiSeasNet C-band router, through FBB NIC.
 # This is a best-effort to keep a flapping interface from becoming active
 dampening 30 1000 3000 120
 keepalive
 # This /30 IP address to be negotiated with hiseasnet@ucsd.edu
 ip address 192.168.252.18 255.255.255.252
 # Stratos MTU is 1360, subtract 24 bytes for GRE encapsulation.
 ip mtu 1336
 ip tcp adjust-mss 1296
 load-interval 30
 # Mimic HSN's shore->ship speed.
 rate-limit output 96000 1514 2048 conform-action transmit exceed-action drop
 # Keep inbound web-browsing traffic from saturating the FBB link.
 rate-limit input access-group 187 65536 131072 131072 conform-action transmit exceed-action drop
 # Tunnel source is your chosen interface.
 tunnel source FastEthernet0/1
 # Destination IP is 137.110.255.81 for Ku-band ships; 137.110.255.83 for C-band ships.
 tunnel destination 137.110.255.83

We must then force the HiSeasNet router's public-facing IP address to only be reached through the FBB interface.

Static Route
# Only route to HSN C router via FBB's next-hop.
ip route 137.110.255.83 255.255.255.255 FastEthernet0/1 dhcp 1

We then fiddle with the BGP process on the router...

BGP setup
# HiSeasNet routing
router bgp 64521

First, we adjust the timing so that HSN fails over to HSN-over-FBB within 20s.

BGP setup, timers
 # No large routing tables and unstable connection(s); make iBGP fail quickly.
 timers bgp 8 20

You should have something like this in your router already (to make normal HSN work), but will have to add the fall-over clause.

BGP setup, normal HiSeasNet
 # Normal HiSeasNet routing:
 neighbor 137.110.255.89 remote-as 64521
 neighbor 137.110.255.89 description hsn-cband-gw
 neighbor 137.110.255.89 weight 30000
 neighbor 137.110.255.89 fall-over
 neighbor 137.110.255.89 next-hop-self

We then basically copy-and-paste the same info, but adjust IP addresses and weights. Less weight means "less preferred", so if HSN and HSN-over-FBB are available, HSN will win with a weight of 30,000 (versus HSN-over-FBB's weight of 25,000).

BGP setup, HiSeasNet-over-FleetBroadband
 # HiSeasNet-over-FleetBroadband routing:
 neighbor 192.168.252.17 remote-as 64521
 neighbor 192.168.252.17 description hsn-cband-gw-gre
 neighbor 192.168.252.17 weight 25000
 neighbor 192.168.252.17 fall-over
 neighbor 192.168.252.17 next-hop-self

Finally, to take advantage of rate-limiting FBB's most prominent traffic (and not run up a huge FBB bill), create an access list like so, using your ship's IP space in lieu of "x.x.x.0 0.0.0.255".

Access List
access-list 187 remark ACL to throttle our most prominent traffic (lightly).
access-list 187 permit tcp any range ftp-data 22 x.x.x.0 0.0.0.255
access-list 187 permit tcp any eq www x.x.x.0 0.0.0.255
access-list 187 permit tcp any eq 443 x.x.x.0 0.0.0.255

Once this is setup, and HSN and FBB are both up and active, you should be able to see two different default routes (routes to 0.0.0.0/0), e.g.:

myrouter#show ip bgp
BGP table version is 105, local router ID is 137.110.255.90
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i0.0.0.0          137.110.255.89           0    100  30000 i <-- normal HSN
* i                 192.168.252.17           0    100  25000 i <-- HSN-over-FBB
*> x.x.x.0/24 0.0.0.0                  0         32768 i <-- ship's network, advertised

At this point, your router's ready to toggle between the links. Try `show ip route` to see which way you're routing, then turn off HSN, and watch HSN-over-FBB kick in.

A status page (see Report what route you're router is using to your shipboard users, via PHP) to alert your shipboard users as to what's going on is nice too.

  • No labels