Function Specification 2/15517-AXM 101 04/1 Uen B

vMRF Networks and Connectivity
Virtual Media Resource Function

Contents


1 Introduction

This document describes the internal and external network connectivity of a vMRF VNF residing in the IMS core network.

2 Network Connectivity Overview

vMRF handles media-based services, for example, announcements, conference services, tone and DTMF handling in the core network. The IP layer (L3) is always terminated in the vMRF.

vMRF has several requirements on L2 and L3 infrastructure that must be met for its operation. For more information, see vMRF Infrastructure Requirements.

IPv4 is supported for all interfaces. IPv6 is supported only for media interfaces. Specifications in this document are valid for both IPv4 and IPv6, unless explicitly stated.

The traffic can be separated into logical networks that are mapped to different Virtual Private Networks (VPNs) using Virtual Router (VR) and Virtual Local Area Network (VLAN) separation. Traffic separation is used to treat traffic differently, depending on requirements on security (for example, limiting or isolating traffic between different logical networks), signaling or media functionality, and Quality of Service (QoS).

Figure 1 shows an example of different VPNs in a vMRF configuration.
Figure 1   VPNs in vMRF
Internal VPN  

Internal VPN is used for communication between the VMs of the vMRF VNF. The network is used for IP and TIPC transport between VMs, for example, for configuration data replication from the active SC VM to other VMs, common system function access from PL VMs to SC VMs (FM, CM, PM, and so on).

The Internal VPN must not be exposed to external networks.
Management VPN  Management VPN is used for O&M traffic between vMRF and a common management network for all nodes.
Core signaling VPN  

Core signaling VPN is used for H.248 control signaling (single-homing) between MTAS and vMRF. The VLAN is always terminated in the cloud platform (access vNIC) and connected to vMRF over signaling vNIC.
Media VPN  

Core media VPN is used for media traffic between vMRF and interconnecting nodes in the core network. The VLAN is always terminated in the cloud platform (access vNIC) and connected to vMRF over trusted network vNIC.

All vMRF VMs have the same VPNs attached to them.

One external VLAN is configured per media network. The VLAN is terminated in the cloud platform (access vNIC).

Each external VPN uses its own VR in the L2/L3 router with different routing tables. The external VPNs are mapped to vMRF VLANs in the L2/L3 router.

3 Configuration

3.1 General Description

vMRF acts as a Multimedia Resource Function Processor (MRFP). It is controlled by an MTAS in the role of MRFP over H.248 through the Mp interface. vMRF is connected to other IMS media entities over the Mb interface.

The MRFP function can be handled by several vMRF VNFs, or by one vMRF VNF, depending on available resources and security requirements.

Since SIP signaling and media traffic are handled separately (that is, MTAS (MRFC) handles SIP signaling traffic, and vMRF handles media traffic processing), the signaling and media processing capacity can be scaled independently.

An MRFC can control multiple MRFP (vMRF) instances, however, a vMRF can be controlled by only one MRFC. To configure the link to the controlling MTAS, see Initial Configuration Guide.

The following IP address configuration is needed in vMRF:

  • vMRF-local IP addresses

  • Next hop addresses within the local subnet

IP address consumption is shown in Table 1.
Table 1   IP Address Consumption in vMRF Networks

Network

Typical IP Address Type

Amount of IP Addresses

VNF-internal
link-local or private IP(1)

one per VM

Internal O&M
public or private IP(2)(1)

one per VM

public or private IP(2)(1)

one per VNF
External O&M(3)

public or private IP(1)

one per VNF

Core signaling

private IP(1)

one per VM

Media

private IP

one per VM
(1) Only IPv4 IP addresses are supported.
(2) In CEE, the O&M IP is a public IP.
(3) In CEE, the public management IP is not applicable.

In addition to the amount of IP addresses shown in Table 2, additional IP addresses are needed during vMRF upgrade, when using the in-service upgrade method.

Depending on the cloud platform and the deployment option chosen, local (vMRF) IP addresses for all networks, and the next hop addresses for O&M and signaling networks are allocated in vMRF by the following mechanisms:
Table 2   IP Address Allocation Mechanisms

IP Address Allocation Mechanism

Supported Platforms

Detailed Description

From cloud platform IP address pools provided for vMRF VMs using cloud-init (OpenStack, CEE) or OVF templates (VMware)

OpenStack, CEE, and VMware

By IPv6 Stateless Address Autoconfiguration for media interfaces, according to standards

By configuring IP addresses in each VM during vMRF deployment and scaling, or providing them through OVF templates (VMware)

VMware

3.2 vNIC and IP Address Configuration

Figure 2 shows access vNIC configuration in vMRF.
Figure 2   Access vNIC Configuration in vMRF
Table 3   IP Address Configuration in vMRF

Interface Type

Label in Figure

IP Version

Description

Configuration

Routing

Internal

IP for internal network

IPv4

VM-specific local IP address used for VM-to-VM communication

Dependent on cloud platform and IP allocation method

Direct communication in Linux IP host of the VM guest OS

Management

Moveable management IP

Management IP address of the vMRF VNF

Default route in Linux IP host of the VM guest OS
Fixed management IP

VM-specific local IP address used for outbound management traffic
Public management IP

Public management IP address of the vMRF VNF
Next hop for management traffic

VRRP address of the management network VR
Announcement storage IP(1)

IP address of the announcement storage server
Shared storage IP(1)

IP address of the shared storage server
NTP IP

IP address of the NTP time synchronization server
PM monitoring server IP(1)

IP address of the PM monitoring server

Signaling

 Signaling IP

VM-specific local IP address used for MTAS communication

Auto-created in Linux IP host of the VM guest OS

MTAS IP

Remote MTAS address
Next hop for signaling

VRRP address of the core signaling network VR

Media

 IP for media

IPv4 or IPv6

VM-specific local IP address used for media communication towards the IMS core network

According to the vMRF media configuration
Next hop for trusted traffic

VRRP address of the IMS core network VR
Trusted network

Subnet address of the remote network where remote media server resides
(1) Optional value.

4 Cloud Platform IP Address Pools Provided for vMRF VMs

The following sections summarize IP configuration in vMRF when IP addresses are provided to vMRF VMs from a cloud platform IP address pool.

4.1 Provision of IP Address Pools in OpenStack, using cloud-init

The following HOT files of the openstack directory are used for vMRF deployment:

  • vmrf.yaml for creating the vMRF stack in Heat using the heat stack-create command.

  • example_environment.yaml is used by the OpenStack Environment function and contains network-specific data. This file is populated with example parameter values and needs to be modified to match your network environment.

For more information on OpenStack HOT files, see Deployment Guide for OpenStack.

Table 4   IP Address Configuration using cloud-init in OpenStack

Interface Type

Label in Figure

IP Version

Data Received From

Internal

IP for internal network

IPv4

Dynamically assigned from internal_net IP allocation pool. internal_net issues the full subnet created in CIDR parameter internal_subnet in vmrf.yaml. The default value is 192.168.0.0/24.

Management

Moveable management IP

Dynamically assigned from management_net IP allocation pool. management_net is created with management_network.yaml with input from example_environment.yaml.

Fixed management IP

Dynamically assigned from IP allocation pool attribute management_net

Public management IP

Dynamically assigned from IP allocation pool attribute external_net_name. The public_management_IP is associated with management_movable_IP during deployment.

The optional OM_ip_address parameter in vmrf.yaml can be used for a fixed public management IP.

Next hop for management traffic

Assigned from parameter gateway_ip in management_subnet.

Announcement storage IP

example_environment.yaml parameter announcement_storage_server_ip

Shared storage IP

example_environment.yaml parameter shared_storage_server_ip

NTP IP

example_environment.yaml parameters ntp_server_1, and ntp_server_2

Signaling

Signaling IP

Dynamically assigned from parameter allocation_pools in Signaling subnet

MTAS IP

remoteIpAddress attribute of the MrfH248Interface MO

Next hop for signaling

Assigned from parameter gateway_ip in Signaling subnet

Media

IP for media

IPv4 or IPv6

Dynamically assigned from paramter allocation_pools in Media subnet

Next hop for media

Assigned from parameter gateway_ip in Media subnet

4.2 Provision of IP Address Pools in CEE, using cloud-init

The following HOT files of the cee directory are used for vMRF deployment:

  • vmrf.yaml for creating the vMRF stack in Heat using the heat stack-create command.

  • scaling_group.yaml

  • example_environment.yaml is used by the OpenStack Environment function and contains network-specific data. This file is populated with example parameter values and needs to be modified to match your network environment.

For more information on OpenStack HOT files, see Deployment Guide for Cloud Execution Environment (CEE).

IP address configuration is the same as described in Provision of IP Address Pools in OpenStack, using cloud-init with the following differences:

Management

Moveable management IP

IPv4

Configured manually with parameter management_ip_address

Public management IP

Not applicable

Fixed management IP

Dynamically assigned from management_net IP allocation pool

4.3 Provision of IP Address Pools in VMware vSphere Client, using cloud-init

vMRF deployment is performed using the OVF file vmrf.ovf. For more information, see Deployment Guide for VMware vSphere.

Table 5   IP Address Configuration using cloud-init in VMware vSphere Client

Interface

Label in Figure

IP Version

Data Received From

Internal

IP for internal network

IPv4

IP Pool attribute of the vSphere Network protocol profile associated to the internal network

Management

Moveable management IP

OVF vApp property Movable IP address

Public management IP

OVF vApp property Public_OAM_IPaddress

Fixed management IP

IP Pool attribute of the vSphere Network protocol profile associated to the management network

Next hop for management traffic

gateway attribute of the vSphere Network protocol profile associated to the internal network

NTP IP

OVF vApp property Ntp_addresses

Announcement storage IP

OVF vApp property Announcement_storage_server_ip

Shared storage IP

OVF vApp property Shared_storage_server_ip

PM monitoring server IP

OVF vApp property Pm_data_monitoring_hosts_ip_address

Signaling

Signaling IP

IP Pool attribute of the vSphere Network protocol profile associated to the signaling network

MTAS IP

remoteIpAddress attribute of the MrfH248Interface MO

Next hop for signaling

gateway attribute of the vSphere Network protocol profile associated to the signaling network

Media

Next hop for trusted traffic

IPv4

gateway attribute of the vSphere Network protocol profile associated to the trusted media network

IP for media

IP Pool attribute of the vSphere Network protocol profile associated to the trusted media network
Next hop for trusted traffic IPv6

Automatically obtained from Router advertisement

IP for media

Automatically generated based on stateless IPv6 autoconfiguration

The IP addresses chosen from IP pools during deployment are visible in IP Addresses in VM summary in vSphere.

4.4 Provision of IP Address Pools in VMware vCloud Director, using cloud-init

vMRF deployment is performed using the OVF file vmrf.ovf. For more information, see Deployment Guide for VMware vCloud Director.

IP address configuration is similar to the one described in Provision of IP Address Pools in VMware vSphere Client, using cloud-init, with the following differences:

  • IP pools are configured in Provider vDC External networks Static IP pool

  • Nexthops for management and signaling networks are configured in vCloud Director External networks Gateway address

  • OVF vApp properties are located in vApp Guest properties

5 Manual IP Address Configuration during Deployment and Scaling

5.1 Manual IP Address Configuration in VMware vCloud Director

vMRF deployment is performed using the OVF file vmrf_man_ip.ovf. For more information, see Deployment Guide for VMware vCloud Director.

IP address configuration is similar to the one described in Manual IP Address Configuration in VMware vSphere Client, with the following differences:

  • Management and signaling network nexthops are configured in vCloud Director External networks Gateway address

  • OVF vApp properties are located in vApp Guest properties

  • OVF VM properties are located in VM Guest properties

  • When a vMRF is connected to a network using access vNIC, the logical network identities, such as VLAN ID, are configured in the vSphere distributed or standard vSwitch port group.

5.2 Manual IP Address Configuration in VMware vSphere Client

vMRF deployment is performed using the OVF file vmrf_man_ip.ovf. For more information, see Deployment Guide for VMware vSphere.

Details of manual IP address configuration are shown in Table 6.
Table 6   Manual IP Address Configuration in VMware vSphere Client

Interface

Label in Figure

IP Version

Data Received From

Internal

IP for internal network

IPv4

OVF VM property Internal_IPaddress

Management

Moveable management IP

OVF vApp property OAM_IPaddress

Public management IP

OVF vApp property Public_OAM_IPaddress

Fixed management IP

OVF VM property Management_IPaddress

Next hop for management traffic

gateway attribute of the vSphere Network protocol profile associated to the internal network

NTP IP

OVF vApp property Ntp_addresses

Announcement storage IP

OVF vApp property Announcement_storage_server_ip

Shared storage IP

OVF vApp property Shared_storage_server_ip

PM monitoring server IP

OVF vApp property Pm_data_monitoring_hosts_ip_address

Signaling

Signaling IP

OVF VM property Signaling_IPaddress

MTAS IP

remoteIpAddress attribute of the MrfH248Interface MO

Next hop for signaling

gateway attribute of the vSphere Network protocol profile associated to the signaling network

Media

Next hop for trusted traffic

IPv4

OVF vApp property Media IPv4 Gateway

IP for media

OVF VM property Trusted media IPv4 address
Next hop for trusted traffic

IPv6

OVF vApp property Media IPv6 Gateway

IP for media

OVF VM property Trusted media IPv6 address

6 Redundancy

6.1 vMRF SC Redundancy

In vMRF, O&M functions are secured with a redundancy scheme called Roaming SC. This means that all VMs can process payload and also act as a system controller when necessary. If the SC fails, any VM in the cluster can take over the SC role. When a VM takes the SC role, it activates the movable IP address in the management network and sends a gratuitous ARP message to advertise the movable IP address in the management network. For more information on roaming SC, see vMRF Overview.

6.2 L2/L3 Router Redundancy

Virtual Router Redundancy Protocol (VRRP) is assumed to be used for router redundancy. The VRRP address is configured as nexthop address in vMRF.

VRRP is used by the L2/L3 Routers to assign the routing responsibilities dynamically to one of the routers, the master router. In the event of a router or link failure in the master router, the IP address and the corresponding VRRP MAC address are changed to direct to the backup router.

Object tracking between internal and external interfaces can also be used in the router to secure that the same router is the master router on both the external and internal side.

7 Connectivity

7.1 Internal Connectivity

Internal communication between SC and PL VMs is handled on a dedicated internal communication network using IPv4 transport.
Figure 3   Internal Connectivity in vMRF

Each VM has one access vNIC connected to a subnet used for cluster-internal communication. Only IPv4 is supported for this network.

vMRF uses an untagged VLAN for the internal communication, that is, the vMRF is not adding a VLAN tag for the packets sent in this network. It is assumed that the virtualized infrastructure uses a separate VPN (for example, a VLAN) for vMRF-internal communication. This VLAN is only accessible from VMs within one vMRF VNF instance.

Table 7 shows the details of the internal network.

Table 7   Internal Network Details in vMRF

Traffic

Transport Protocol

Source

Source Port

Destination

Destination Port

Direction

IP Version

Cluster-internal communication

TIPC, TCP, UDP

vMRF VM

*

vMRF VM

*

bidirectional

IPv4

7.2 External Connectivity

7.2.1 O&M Connectivity

Figure 4 shows vMRF connected to the O&M network through NBI when the O&M network is behind NAT.
Figure 4   O&M Connectivity in vMRF Using NAT

Figure 5 shows vMRF connected to the O&M network through NBI when no NAT is used.

Figure 5   O&M Connectivity in vMRF Without NAT

Each VM has one access vNIC connected to a subnet for vMRF management communication. Only IPv4 is supported in this network. There is one movable IP address in the active SC VM for incoming management traffic, and one fixed IP address per VM for outgoing traffic, used, for example, for time synchronization.

There is an O&M VR in the L2/L3 routers for communication with routers in an external O&M network. All VMs are connected to the O&M VRs over the management VLAN. The management VLAN and a subnet are used for handling data on the NBI towards the SC VM. The management interface is used automatically as the default route in the Linux OS routing table.
Note: The management VLAN is created in the virtualized infrastructure by a cloud manager. VLAN tagging is not performed by the vMRF application.
Table 8 shows the traffic passing through over the NBI.
Table 8   O&M Network Details in vMRF

Traffic

Protocol

Source

Source Port

Destination

Destination Port

Direction

Transport Protocol

IP Version

CLI

SSH

user client

*

vMRF MIP

22

incoming

TCP

IPv4

NETCONF

SSH

ENM

*

vMRF MIP

830

TLS

ENM

*

vMRF MIP

6513

PM files, alarm and alert logs

SFTP

ENM

*

vMRF MIP

115

Synchronization

NTP

vMRF VM (MIP or management_fixed_IP)

*

NTP Server

bidirectional(1)

UDP

SNMP

SNMP

vMRF MIP

SNMP server

*

SNMP target

vMRF MIP

162

161

outgoing

incoming

LDAP

TLS

vMRF MIP

*

LDAP server

configurable

outgoing

TCP

LDAPS

*

configurable

Shared storage

SFTP (SSHFS)

vMRF VM (MIP or management_fixed_IP)

*

shared storage server

configurable

bidirectional

PM monitoring

UDP

vMRF VM (MIP or management_fixed_IP)

*

PM monitoring server

configurable

outgoing

UDP

Announcement storage

SFTP (SSHFS)

vMRF VM

*

announcement storage server

configurable

bidirectional

TCP

NeLS

TLS

vMRF VM

*

network license server

9095

incoming

TCP
(1) Association is initiated by vMRF VM.

7.2.2 H.248 Connectivity to MTAS

vMRF communicates with MTAS over the core signaling VPN. Upon configuring MTAS in vMRF, vMRF performs H.248 MG registration towards MTAS. This allows MTAS to utilize vMRF media handling resources for SIP sessions. Figure 6 shows vMRF connected to MTAS on the core signaling network.

Figure 6   H.248 Connectivity to MTAS

vMRF supports SCTP single-homing for MTAS H.248 signaling connectivity. SCTP single-homing implies that only one local SCTP IP address is configured per vMRF VM. For single-homing connectivity, only one path is available between two SCTP endpoints, so the SCTP association goes down if the path is not available. In addition, the VR redundancy between two L2/L3 routers is controlled by VRRP.

Each VM has one access vNIC connected to a subnet used for vMRF signaling. Only IPv4 is supported for this network.

There is a core signaling VR in L2/L3 routers for communication with routers in a signaling network. All VMs are connected to the signaling VRs over the core signaling VLAN. All VMs communicate with the configured MTAS endpoint over the network. MTAS endpoint configuration is done in the MrfH248Control MO. The VRRP IP address of the core signaling VR is resolved by different mechanisms, as described in General Description. MTAS IP address-specific entries are added automatically in the Linux OS routing table when the MrfH248Control MO is configured.
Note: The core signaling VLAN is created in the virtualized infrastructure by a cloud manager. VLAN tagging is not performed by the vMRF application.
shows the details of the core signaling network.
Table 9   Core Signaling Network Details in vMRF

Traffic

Protocol

Source

Source Port

Destination

Destination Port

Direction

Transport Protocol

IP Version

Signaling

H.248

vMRF VM

2944 (configurable)

MTAS

2944 (configurable)

bidirectional

SCTP

IPv4

7.2.3 Core Media Network Connectivity

Figure 7 shows vMRF connected to the IMS core media network.
Figure 7   Core Media Network Connectivity in vMRF

Each VM has one access vNIC connected to a subnet used for media communication in core network. Both IPv4 and IPv6 are supported in this network.

There is a core media VR in the L2/L3 routers for communication with routers in the core media network. All VMs are connected to the core media VRs over the core media VLAN. All VMs can be configured to communicate with the remote media server end points over the core network. The VRRP IP address of the core media VR is configured in the MrfNextHop MO. Multiple next hops are supported for router load sharing.
Note: The core media VLAN is created in the virtualized infrastructure by a cloud manager. VLAN tagging is not performed by the vMRF application.
Table 10 shows the details of the core media network.
Table 10   Core Media Network Details in vMRF

Traffic

Protocol

Source

Source Port

Destination

Destination Port

Direction

Transport Protocol

IP Version

Audio

RTP, RTCP

remote media server

negotiated in SDP

derived through latching

vMRF

1024–65535

bidirectional

UDP

IPv4 or IPv6

Direct connections are required in data center. There must be no NAT configured in data center virtual routers.

Legal |© Ericsson AB 2018, 2019