IP Passthrough is commonly used in cellular networking when you need to access a single host connected to a gateway, usually via ethernet. Use cases include IP cameras, sensors, and other applications with pub-sub application flows. When using a telco's cellular network this meant using Public IP or VPNs.
Now that we have private cellular networks it's possible to use this IP Passthrough functionality, in combination with Celona's enterprise IP domain services, to connect these kinds of devices directly to your existing IP subnets.
During our work with existing customers we have found that many cellular gateway devices generate some interesting IP configurations for their WAN/Modem interfaces which can cause issues with traditional enterprise IP schemes.
In this document, we're going to share what we've learned from working with Cradlepoint routers in this configuration.
Use Case - Connecting a Ruggedized Tablet on a Forklift
Our application requires the ruggedized tablet to be reachable via an IP address in our 10.48.1.0/24 subnet on VLAN 1048.
It was previously connected via Wi-Fi but there were issues with roaming performance while passing from indoor to outdoor coverage.
As the Tablet does not have a built-in modem we are using a Cradlepoint industrial gateway to connect it via ethernet.
Configuring the custom IP Domain using Celona Orchestrator
Our first step is to create a link from Celona Edge to the 10.0.48.0/24 subnet on VLAN 1048.
Log in to your Celona Orchestrator account and select Edge Clusters from the menu.
Click the Node Name of the cluster where this device will be connected. This will take you to the Cluster Overview page.
Scroll down to the IP Domains section, clicking the '+' icon to create a new IP domain.
We choose 'External' as the IP Domain Type as we are connecting to a LAN subnet 'External' to the private cellular network on your enterprise LAN.
We leave the DHCP server field blank to broadcast DHCP requests on that subnet.
After entering the VLAN ID of 1048 click Add.
Celona Edge will now create sub-interfaces, in DHCP client mode, on VLAN 1048 for it's LAN ports. Your Celona Edge should always be connected to a trunked switch port with the correct VLANs enabled.
Now, you will assign your new IP Domain to a device group that contains the Cradlepoint gateways.
Assigning your IP Domain to devices
Select Device Groups from the menu and create a new group for the Cradlepoint gateways.
Select the 'Forklift Tablets' IP Domain, along with your devices and click 'Add'.
That's it for the Celona Orchestrator side, let's move on to the Cradlepoint IP Passthrough configuration.
Configure IP Passthrough
We are assuming your Cradlepoint gateways have the Celona SIMs installed and are connected to the network in their default NAT configuration.
Log in to your Cradlepoint Netcloud account. Select the gateway you want to configure and choose 'Configuration > Edit' from the dropdown menu.
Select 'Networking > Local Networks > Local IP Networks' then edit the Primary LAN
IP Address and Netmask fields show the fallback IP info used when the gateway does not have an active cellular connection. You can update them if the default address conflicts with other devices on your LAN.
Change IPv4 Routing Mode to 'IP Passthrough', and in Subnet Selection Mode choose 'Custom Settings'. This enables the Gateway and Subnet override fields, enter the appropriate information for your network.
If cellular connectivity is lost the device connected to it will receive a new IP in the configured fallback IP range. If that lease time is left at the default, 6 hours, the device may not request a new IP once the cellular connection is re-established.
This is especially true for IP Cameras connected using POE injectors. The camera would not detect the Ethernet down/up that occurs when the gateway reconnects to the cellular network, and might sit offline for another 4 to 5 hours.
If that is a concern for your use case then access the IPv4 DHCP menu and reduce the IPv4 lease time to 1 minute.
Thanks to our friends at Cradlepoint for this tip!
For our directly connected tablet case this is not an issue.
Select 'Save' and 'Commit Changes' to synch the configuration to your router.
Validating the configuration
If the device you are connecting to the Cradlepoint gateway has the ability to show the IP assigned to it's Ethernet you can confirm your configuration has been successful very easily.
If the device is an IP camera or other device without a physical UI, validate your config by connecting a laptop via ethernet and confirming you receive the correct IP information.
You can also access the Gateway status via Cradlepoint Netcloud. However, the WAN/Modem interface will show some of that auto generated gateway and subnet info we spoke about. See below.
Hello, gateway IP of 10.48.1.16/27, where did you come from? The good news, while this looks problematic, our testing shows that this isn't going to cause IP conflict issues.
We tested pinging 10.48.1.16 from the IP Passthrough host 10.48.1.15, no response.
Next, we created a host on the LAN with 10.48.1.16 as it's address. It was pingable from the IP Passthrough host, and other hosts in the subnet. As soon as it was disconnected, unreachable.
If you have concerns, this auto-generated IP information can be overridden via the Connection Manager menu. However, they do not appear to be active/visible to other hosts.