In general, it is relatively less complicated to setup networking to connect (e.g. to an internet cloud service) from a device than it is to connect to servers or services that you manage. Many consumer firewalls, for example, allow arbitrary connections outbound and but are more restrictive on inbound connections. Enterprise networks that incorporate Radio Area Networks (RANs) are multi-segment in nature - so what are the options to connect to a service inside a CBRS RAN from the rest of the corporate network?
In this lab series, we compare different methods of LAN networking configuration to connect to a server or service behind CBRS, including configuration, pros & cons, and use case considerations.
NAT (Basic)
Network Address Translation (NAT) is a way to map multiple local private addresses to a (more) public one before transferring the information. A majority of home internet topologies utilize a simple NAT topology. Let's setup a basic NAT topology with Celona CBRS.
Devices used in this lab
Left side with CPE, radio network
Netgear GS308 8-port gigabit ethernet switch
Apple Macbook laptop with USB-C to ethernet converter
Wisenet PNM-9085RQZ camera
Cradlepoint R500-PLTE router
Right side (simulated corporate network with WAN backhaul)
TP-Link 10-port gigabit ethernet switch
Apple Macbook laptop with USB-C to ethernet converter
Celona indoor Access Point* Celona Edge in small-form factor PC
Netgear Nighthawk M1 hotspot (with AT&T SIM)
The camera can be substituted for any in the industry that has its own management web service and RTSP streaming capability built in.
We simulate an NVR server with a 2nd Macbook laptop that will reside on the corporate side of the network.
We simulate the corporate WAN router with the Netgear Nighthawk M1, but this can be substituted with a standard home internet router with switch, or an ethernet port from the enterprise network that serves DHCP. An important configuration item to note is the IP address of this DHCP server, as it will be referenced in the IP Passthrough topology.
We installed a Celona SIM into the Cradlepoint R500, enabled the SIM in the Celona Orchestrator, and cabled/powered on all devices in the setup, starting from the simulated corporate side WAN router. The following is a logical depiction of the topology:
Side note: Watch this video to see how you can know when the Cradlepoint R500 device is ready to onboard user devices by looking at its LEDs.
There are 3 instances of DHCP and NAT that exist in this topology:
On the simulated corporate WAN router (Netgear Nighthawk M1 to AT&T): 192.168.4.0/24.
Within the Celona Edge to manage UEs/CPEs through CBRS: 12.1.1.0/24.
On the LAN side of the client side gateway (Cradlepoint R500): 192.168.0.0/24.
Access to Servers behind NAT (Basic)
With NAT(Basic), here is how the camera can be accessed:
From Macbook (192.168.0.169) on the same network segment to 192.168.0.100. Note that a connection in this manner is NOT going over CBRS, as both the Macbook and camera are wired over ethernet to the same switch.
The NVR (192.168.4.62) on the corporate side, given an IP address in the 192.168.4.0/24 subnet, has no direct addressable or routable way to get to the camera on the radio side of the network from the corporate side of the network.
While Basic (NAT) allows for connectivity among devices on the same radio gateway, it is a simple topology to allow for connectivity FROM the radio side of the network, but not TO. Stay tuned for the next lab in our series (Port Forwarding) to see how we can let devices from the corporate side of the network reach services inside of CBRS!