IPWorks Network Connectivity Overview

Contents

1Introduction
1.1Prerequisites
1.2Purpose and Scope
1.2.1In Scope
1.2.2Out of Scope
1.3Related Information
1.4Naming Conventions
1.4.1eVIP
1.4.2External Solution

2
IPWorks VNF Network Reference Setup
2.1Logical Network Setup
2.2IP Routing
2.3IPWorks ALB Configuration
2.3.1eVIP
2.3.2IPWorks ALB
2.4Logical Network for Operation & Maintenance
2.4.1Purpose
2.4.2Description
2.4.3Configuration Requirements for Virtual Network OM_CN_SP1
2.4.4Configuration Requirements for Virtual Network IPW_OM_SP1
2.4.5Configuration Requirements for Virtual Routing Function om_cn_sp VR
2.5Logical Network for Provisioning and SQL Data Replication
2.5.1Purpose
2.5.2Description
2.5.3Configuration Requirements for Virtual Network OM_CN_SP2
2.5.4Configuration Requirements for Virtual Network IPW_OM_SP2
2.5.5Configuration Requirements for Virtual Routing Function om_cn_sp VR
2.6Logical Network for Signaling
2.6.1Purpose
2.6.2Description
2.6.3Configuration Requirements for Virtual Network SIG_CN_SP1
2.6.4Configuration Requirements for Virtual Network IPW_SIG_SP1
2.6.5Configuration Requirements for Virtual Routing Function sig_cn_sp VR
2.7Logical Network for Data
2.7.1Purpose
2.7.2Description
2.7.3Configuration Requirements for Virtual Network SIG_DATA_SP1
2.7.4Configuration Requirements for Virtual Network IPW_DATA_SP1
2.7.5Configuration Requirements for Virtual Routing Function sig_data_sp VR
2.8Logical Network for Internal

3
Network Connectivity
3.1External Network Connectivity
3.1.1External VLANs
3.1.2IP Addressing
3.2Internal Network Connectivity
3.2.1Internal VLANs
3.2.2Internal IP Addresses
3.2.3VRRP Network

4
Example IP Connectivity
4.1Static Routing
4.1.1Left Router
4.1.2Right Router

5
Firewall Configurations

6
Appendix
6.1Overview of VRRP vs. BFD Connection between CMX and External Network

Reference List

1   Introduction

This document gives a Solution Architects guidance on how to deploy the IPWorks VNF in a cloud environment. The document provides a logical description of IPWorks VNF networking requirements.

In this document, it provides the main network information as followings:

For how to deploy IPWorks Virtual Network Function (VNF) on Cloud Execution Environment (CEE), refer to IPWorks Deployment Guide.

1.1   Prerequisites

This section states the prerequisites that must be fulfilled:


1.2   Purpose and Scope

This section contains information about what is in scope and what is out of scope of this document.

1.2.1   In Scope

1.2.2   Out of Scope

The following content are not included in this document:

1.3   Related Information

Trademark information, typographic conventions, and a definition and explanation of acronyms and terminology can be found in the following documents:

All configurations throughout this document, all the templates and examples are referred to:

IPWorks configuration: 4 VMs (2 SCs + 2 PLs)

1.4   Naming Conventions

This section describes the naming conventions used in the document.

1.4.1   eVIP

The eVIP framework is used for IP internetworking and load balancing. Throughout this document, the term eVIP (evolved Virtual IP) stands for the eVIP implementation.

1.4.2   External Solution

The CPI only provides the external VRRP solution as an example. For external connection, it is out of IPWorks VNF scope.

2   IPWorks VNF Network Reference Setup

The IPWorks VNF network consists of several logical networks. This document proposes a reference logical network setup for IPWorks VNF, which is realized by the virtual networks that are listed in this document. The reason for using different logical networks is to enable logic separation between different functions owing to, for example, security reasons and traffic control.

It is not mandatory to use the reference logical network setup described in this document to deploy the IPWorks VNF.

The logical network setup can be altered depending on deployment-specific requirements. Any logical network setup other than the IPWorks reference logical network setup is not elaborated further in this document according to customer site environment.

2.1   Logical Network Setup

The IPWorks VNF exposes several network interfaces. These interfaces expose IPWorks functionality, or are used by IPWorks to access external network functions, for example Network Time Protocol (NTP). In the reference network setup of the IPWorks VNF, one or more of these network interfaces is allocated to a virtual network.

The following logical networks are part of the IPWorks reference network setup. This document assumes that the same logical networks exist in an operator network, and that the operator requires that the IPWorks VNF is being connected to these existing logical networks:

Which IPWorks VNF interfaces are exposed in each network is described later in the document. It is outside the scope of this document to show how other network entities are connected to the listed logical networks.

Figure 1 shows an overview of the IPWorks VNF 2+2 configuration, the associated pool allocations (profiles), and the logical network included in the reference logical network setup.

Figure 1   IPWorks VNF Logical Network Setup (for 2+2 Configuration)

Each logical network is realized using one or more virtual networks. This document does not describe how virtual networks and virtual Routing Functions are realized by the cloud infrastructure.

Note:  
The minimum cloud configuration (2+2) is used to illustrate the IPWorks network connectivity. For IPWorks VNF 2+2, scaling-out operation can be performed to increase the number of Payload VM instances. The scaled PL VMs have the same external network as the PL-3 and PL-4. They don't have difference on the network. The new PL will be put into the original network.

2.2   IP Routing

It is assumed to use the Policy Based Routing (PBR) for the Routing towards the IPWorks VNF from the Router/Switch to the respective Virtual Routing Function. The PBR is a technique used to make routing decisions based on polices (source, destination, port, and so on) set by the network administrator. It can also be read as static routes in a router.

The IP routing logic in the respective Virtual Routing Function (realized by Virtual Routers, see for example, Figure 3) forwards the IP packet to the correct IPWorks VNF VM instance.

The following deployment strategy configured in Virtual Routing Function is used to realize the IP routing logic:

2.3   IPWorks ALB Configuration

2.3.1   eVIP

In the IPWorks VNF, the traffic distribution is provided by the eVIP framework.

Table 1 lists the framework components:

Table 1    Framework Components

Components

Description

Load balancer

The load balancers are IP servers where load distribution is done. The IP servers are transparent, hiding all the eVIP details from the applications.

Abstract Load Balancer (ALB)

The ALB is a logical container for eVIP addresses. The ALB concept is comparable to the Virtual Router (VR) concept available in commercial routers. Load balancer functions are used to distribute traffic (for example, TCP connections) according to a distribution policy (for example, round robin) among a defined set of targets. Such a set of targets is referred to as a "pool of targets".


The ALB also serves as a structuring entity that compartmentalizes scalable SLB resources and external interfaces. An ALB can therefore be viewed as the equivalent of a commercial SLB box, which is embedded in the cluster using eVIP. However, an important difference is that commercial SLB boxes are deployed as external appliance boxes in the Customer-Premises Equipment (CPE). The SLB boxes are individually installed as other independent network appliance boxes, such as routers and firewall boxes.

Front-End (FE)

An instance of a VIP Front-End (FE) is an Open Shortest Path First (OSPF) agent that communicates with the VIP gateway routers, and handles incoming and outgoing traffic.

Gateway Routers

A gateway router is any piece of hardware capable of doing Equal-Cost Multipath (ECMP) and OSPF. In case of BSP-based Ericsson CEE, this task is done by CMXs.

Security Element (SE)

The SE is a part of the IPsec implementation. It applies security policies on the traffic flows and, if necessary, encrypts or decrypts traffic.

For more detail, refer to eVIP Management Guide.

2.3.2   IPWorks ALB

The IPWorks software is distributed across the VMs within a VNF using two software profiles:

Across the PL VMs, the network connectivity is configured through several defined Abstract Load Balancers (ALB). Each ALB has a defined eVIP Front End (FE), Load Balancer Element (LBE), and Security Element (SE), see Figure 2.

Note:  
The OAM in SC VMs is not defined in an ALB but in an MIP.

Figure 2   IPWorks ALB Configuration

Note:  
Specific eVIP FEs are not configured for internal IPWorks application traffic across IPWorks VMs. Internal application traffic is distributed as defined by eVIP target pools.

Refer to eVIP Management Guide for more information.


2.4   Logical Network for Operation & Maintenance

This section describes the logical network O&M.

2.4.1   Purpose

This network is used for the common OAM IP traffic of an application (for example, OSS). Also, it provides access to the SC VMs for management. The network IPW_OM_SP1, and the related vNIC port is eth1 in SC.

The system management network is configured by using static IP address allocated on the SC VMs and a MIP configured for the SCs. The MIP is available on the SC VMs where COM is available. The MIP always associates with the active COM instance. COM runs in active-standby mode in 2 SCs.

The IPWorks VNF exposes the following MIP interface on the logical network Operation and Maintenance (OAM):

2.4.2   Description

It is assumed the following conditions are met:

Hence, it is not required to configure any explicit PBR rules in the Router for these public IP addresses.

The om_cn_sp VR is required to enable Layer 3 routing to and from the IPWorks VNF. The IPWorks VNF SC VM instances use static routing so that the om_cn_sp VR routes incoming IP packets towards IPWorks OAM MIP. These IP packets are sent to the IPWorks SC VM instances.

As it is required to have a Virtual Routing Function to enable Layer 3 routing, it is also required to have two virtual networks to realize Logical Network Operation and Maintenance:

Figure 3 shows the realization of the logical network setup for operation and maintenance of a 2+2 node system.

Figure 3   Realization of Logical Network Setup Operation and Maintenance

In Figure 3, the objects SW0, SW1, CE0, and CE1 are not part of the IPWorks node. They are examples of customer network equipment.

The IPWorks IPW_OM_SP1 network is used for IPWorks SNMP communication with the OSS. The OSS traffic (related to OSS-RC connection, SSH, Netconf connection, NTP connection) enters and exits IPWorks through “LEFT Router” or “Right Router”.

For VRRP, the customer network must be configured to route IPW_OM_SP1 to IPWorks <OM_CN_SP1_VRRP_IP>, which is configured in cluster.conf file.

Both the left and right router are configured with static route items covering OSS traffic to the customer network <OM_CN_SP1_VRRP_GW_IP>. The IPWorks VRRP setup requires that the VLAN with ID <OM_CN_SP1_VID> is bridged in the customer network.

2.4.3   Configuration Requirements for Virtual Network OM_CN_SP1

The following configuration requirements apply to this network:

2.4.4   Configuration Requirements for Virtual Network IPW_OM_SP1

The following configuration requirements apply to this network:

2.4.5   Configuration Requirements for Virtual Routing Function om_cn_sp VR

The following configuration requirement exists for this virtual routing function:

PBR rules must be defined to enable the default routing of IP packets from IPWorks VNF correctly. Two Gateway provide one VRRP IP address as default gateway address for IPWorks VNF SC. And Static Routing Rules are also be defined for MIP_OAM_IP in both left and right gateway. These PBR rules are IPWorks VNF instance specific and must adhere to the relevant network plan.

2.5   Logical Network for Provisioning and SQL Data Replication

This section describes the logical network for Provisioning. In Geographic Redundancy deployment, the network is also used for MySQL data replication.

2.5.1   Purpose

The purposes of this logical network is:

The IPWorks VNF exposes the following MIP interface on the logical network Provisioning:

2.5.2   Description

It is assumed the following conditions are met:

Hence, it is not required to configure any explicit PBR rules in the Router for these public IP addresses.

The om_cn_sp VR is required to enable Layer 3 routing to and from the IPWorks VNF. The IPWorks VNF SC VM instances use static routing so that the om_cn_sp VR routes incoming IP packets towards IPWorks OAM MIP. These IP packets are sent to the IPWorks SC VM instances.

As it is required to have a Virtual Routing Function to enable Layer 3 routing, and have two virtual networks to realize Logical Network Operation and Maintenance:

Figure 4 shows the realization of the logical network setup for provisioning and SQL data replication of a 2+2 node system.

Figure 4   Realization of Logical Network Setup Provisioning

In Figure 4, the objects SW0, SW1, CE0, and CE1 are not part of the IPWorks node. They are examples of customer network equipment.

The provisioning and SQL data replication traffic enters and exits IPWorks through Left router or Right router.

For VRRP, the customer network must be configured to route IPW_OM_SP2 to IPWorks <OM_CN_SP2_VRRP_IP>, which is configure in cluster.conf file. .

The IPWorks VRRP setup requires that the VLAN with ID <OM_CN_SP2_VID> is bridged in the customer network. This is described in the Figure 4 by the link between SW0 and SW1.

The <MIP_PROV_IP> is used for IPWCLI provisioning and Geographic Redundancy SQL replication traffic. The customer network must be configured to route <MIP_PROV_IP> to IPWorks <OM_CN_SP2_VRRP_IP>. IPWorks VNF left and right router configure to the customer network <OM_CN_SP2_VRRP_GW_IP> with a default route for these traffics.

2.5.3   Configuration Requirements for Virtual Network OM_CN_SP2

The following configuration requirements apply to this network:

2.5.4   Configuration Requirements for Virtual Network IPW_OM_SP2

The following configuration requirements apply to this network:

2.5.5   Configuration Requirements for Virtual Routing Function om_cn_sp VR

The following configuration requirement exists for this virtual routing function:

2.6   Logical Network for Signaling

This section describes the logical network signaling.

2.6.1   Purpose

The purpose of the Logical Network is to enable DNS/ENUM/AAA communication between the IPWorks and other network entities.

IPWorks VNF exposes the following VIP interfaces on Logical Network Signaling:

2.6.2   Description

It is assumed that the Router is configured with a set of PBR rules. These rules send IP packets addressed to the VIP addresses enumerated in Section 2.6.1 Purpose to the Virtual Routing Function Signaling (sig_cn_sp VR).

sig_cn_sp VR is required to enable Layer 3 routing to and from the IPWorks VNF. The VM instances of type PL use static routing such that the sig_cn_sp VR routes incoming IP packets towards the IPWorks VIP interfaces, and that these IP packets are sent to the PL VM instances.

It is required to have a Virtual Routing Function to enable Layer 3 routing. It also implies that Logical Network Signaling is realized by two Virtual Networks:

Figure 5 shows the realization of the logical network setup for signaling of a 2+2 node system.

Figure 5   Realization of Logical Network Setup Signaling

2.6.3   Configuration Requirements for Virtual Network SIG_CN_SP1

The following configuration requirements apply to this network:

2.6.4   Configuration Requirements for Virtual Network IPW_SIG_SP1

The following configuration requirements apply to this network:

2.6.5   Configuration Requirements for Virtual Routing Function sig_cn_sp VR

The following configuration requirements exist for this Virtual Routing function:

2.7   Logical Network for Data

This section describes the logical network of data.

2.7.1   Purpose

The purpose of the Logical Network is to enable AAA FE/ENUM FE/ERH FE communication between the IPWorks and PG or CUDB network entities.

IPWorks VNF exposes the following VIP interface on Logical Network Data:

2.7.2   Description

It is assumed that the Router is configured with a set of PBR rules. These rules send IP packets addressed to the VIP addresses enumerated in Section 2.7.1 to the Virtual Routing Function Data (sig_data_sp VR).

The sig_data_sp VR is required to enable Layer 3 routing to and from the IPWorks VNF. The VM instances of type PL use static routing such that the sig_data_sp VR routes incoming IP packets towards the IPWorks VIP interfaces, and that these IP packets are sent to the PL VM instances.

It also implies that Logical Network Data is realized by two Virtual Networks:

Figure 6 shows the realization of the logical network setup for data of a 2+2 node system.

Figure 6   Realization of Logical Network Setup Data

2.7.3   Configuration Requirements for Virtual Network SIG_DATA_SP1

The following configuration requirements apply to this network:

2.7.4   Configuration Requirements for Virtual Network IPW_DATA_SP1

The following configuration requirements apply to this network:

2.7.5   Configuration Requirements for Virtual Routing Function sig_data_sp VR

The following configuration requirements exist for this Virtual Routing function:

2.8   Logical Network for Internal

This section describes the logical network internal.

The purpose of the Logical Network is to enable IPWorks VNF internal communication for DHCP,TFTP,NFS,TIPC and so on between VMs in the VNF. The internal network does not communicate with any other network. So, any route configuration is not needed. L2 VLAN configurationn is enough.

Virtual Network IPW_INT_SP will be available when L2 connection is available. Since it needs no connect to any other network, the route function is not needed.

3   Network Connectivity

The Cloud network infrastructure components provide redundancy for IPWorks VNF. The active IPWorks infrastructure consists of two routers: Left Router and Right Router. The router provides Ethernet connectivity and routing functionality, and operates on both Layer 2 (L2) and Layer 3 (L3).

Figure 7   IPWorks Network Connectivity

The Internal Network here means the network between IPWorks VNF and both Routers. And the External Network here means the network between both router and other customer switch and router equipment.

The router provides virtual routing functionality:

3.1   External Network Connectivity

This section specifies how the IPWorks VNF is connected to the external or customer network. All the described networks and IP addresses are routable through the customer network. Before starting to configure the IPWorks VNF network, all the details (IP addresses, network, VLAN tags, and so on) referenced in this section must be agreed with the customer. In general, all VLANs are tagged unless stated otherwise.

Use VRRP and BFD L3 resilience for customer network connectivity is out of the scope.

Both VRRP and BFD provide IPWorks with a suitable redundancy mechanism. Whether VRRP or BFD is used to provide redundancy in the network depends on the customer requirements. Users can configure to use BFD for external network connection by following specific switch/router User Guide.

This document uses VRRP as example.

3.1.1   External VLANs

This section lists the external VLAN used in the IPWorks VNF network.

The number of VLANs between IPWorks and the customer network depends on the used redundancy solution (VRRP or BFD).

There are four kinds of external VLANs in IPWorks VNF:

For BFD configuration, refer to Section 6.

3.1.2   IP Addressing

Note:  
In next sections, the variant within bracket <> means that the customer must set the value to the variant.

The parameters are of the following types:

P

Predefined, not possible to change.

S

Site-specific parameters.

3.1.2.1   IP Networks

Table 2 lists all the external networks and VLANs for IPWorks. The GW_IP in the table is external gateway IP addresses, and the gateway reflected in these tables are physically connected. In the example, it uses VRRP solution instead of BFD solution.

Table 2    External Network and VLANs

Networks

Network Configuration

Description

Type

OAM network (OM_CN_SP1: between CMX and site switch)

OM_CN_SP1

VLAN name for OAM network to customer network.

P, VLAN name

<OM_CN_SP1_VID>

VLAN ID for OM_CN_SP1 to be defined both in internal network and customer network router.

S, VLAN tag

<OM_CN_SP1_CMX_LEFT_IP>

Gateway for customer network for OAM towards IPWorks on left router. Cable is connected to left routes GE3.

S, IP address

<OM_CN_SP1_CMX_RIGHT_IP>

Gateway for customer network for OAM towards IPWorks on Right Router. Cable is connected to Right Routes GE3.

S, IP address

<OM_CN_SP1_VRRP_IP>

VRRP address used as gateway for customer network for OAM towards IPWorks.

S, IP address

<OM_CN_SP1_VRRP_GW_IP>

External gateway for OAM traffic on OM_CN_SP1 from both CMX routers.

S, IP address

Provisioning network (OM_CN_SP2: between CMX and site switch)

OM_CN_SP2

VLAN name for provisioning traffic to customer network.

P, VLAN name

<OM_CN_SP2_VID>

VLAN ID for OM_CN_SP2 to be defined both in internal network and customer network router.

S, VLAN tag

<OM_CN_SP2_CMX_LEFT_IP>

Gateway for customer network for provisioning traffic towards IPWorks on left router. Cable is connected to left routes GE3.

S, IP address

<OM_CN_SP2_CMX_RIGHT_IP>

Gateway for customer network for provisioning traffic towards IPWorks on right router. Cable is connected to right routes GE3.

S, IP address

<OM_CN_SP2_VRRP_IP>

VRRP address used as gateway for customer network for provisioning traffic towards IPWorks

S, IP address

<OM_CN_SP2_VRRP_GW_IP>

External gateway for provisioning traffic on OM_CN_SP2 from both CMX routers.

S, IP address

Sig traffic network (between CMX and site switch)

SIG_CN_SP1

VLAN name for DNS/ENUM/AAA traffic network to customer network.

P, VLAN name

<SIG_CN_SP1_VID>

VLAN ID for SIG_CN_SP1 to be defined both in internal network and customer network router.

S, VLAN tag

<SIG_CN_SP1_CMX_LEFT_IP>

Gateway for customer network for DNS/ENUM/AAA traffic towards IPWorks on left router. Cable is connected to left router GE2.

S, IP address

<SIG_CN_SP1_CMX_RIGHT_IP>

Gateway for customer network for DNS/ENUM/AAA traffic towards IPWorks on right router. Cable is connected to right router GE2.

S, IP address

<SIG_CN_SP1_VRRP_IP>

VRRP address used as gateway for customer network for DNS/ENUM/AAA traffic towards IPWorks.

S, IP address

<SIG_CN_SP1_VRRP_GW_IP>

External gateway for DNS/ENUM/AAA traffic on SIG_CN_SP1 from both CMX routers.

S, IP address

Sig data network (between CMX and site switch)

SIG_DATA_SP1

VLAN name for LDAP/SOAP traffic(2) network to customer network.

P, VLAN name

<SIG_DATA_SP1_VID>

VLAN ID for SIG_DATA_SP1 to be defined both in internal network and customer network router.

S, VLAN tag

<SIG_DATA_SP1_CMX_LEFT_IP>

Gateway for customer network for LDAP/SOAP traffic towards IPWorks on right router. Cable is connected to right router GE2.

S, IP address

<SIG_DATA_SP1_CMX_RIGHT_IP>

Gateway for customer network for LDAP/SOAP traffic towards IPWorks on right router. Cable is connected to right router GE2.

S, IP address

<SIG_DATA_SP1_VRRP_IP>

VRRP address used as gateway for customer network for LDAP/SOAP traffic towards IPWorks.

S, IP address

<SIG_DATA_SP1_VRRP_GW_IP>

External gateway for LDAP/SOAP traffic on SIG_DATA_SP1 from both CMX routers.

S, IP address

3.1.2.2   Exported IP Addresses

Under normal conditions, the traffic sourced by the VIPs (see Table 3) can exit from either one of the router. That is, both router are active for packets sourced by IPWorks. Which router is going to be used to forward an IP packet is determined by the IPWorks eVIP application and bond interface status.

For OAM and provisioning traffic, IPWorks does not use eVIP. IPWorks uses movable IP (MIP) for OAM related traffics.

Table 3 lists the OAM MIP addresses required by IPWorks VNF and the eVIP addresses required by IPWorks VNF different traffics.

Table 3    Address of OAM MIP and eVIP

External IPs

Network Parameters

Description

Public Exported IP addresses

<MIP_OAM_IP>

Movable IP address for System management and OSS traffic, this MIP belongs to IPW_OM_SP1 network.

<MIP_PROV_IP>

Movable IP address for provisioning traffic (IPWCLI), this MIP belongs to IPW_OM_SP2 network.

<VIP_TRF_IP1>

VIP address for DNS/ENUM/AAA traffic

<VIP_TRF_IP2>

VIP address for AAA traffic

<VIP_SS7_IP1>

VIP address for SS7 traffic for PL

<VIP_SS7_IP2>

VIP address for SS7 traffic for PL

<VIP_DATA_IP>

VIP address for LDAP/SOAP traffic (note: including SOAP notifications from the CUDB related to data changes)

3.1.2.3   IP Addresses of External Elements

Table 4    IP Addresses of External Elements

External IPs

Network Parameters

Description

External Remote IPs

<NTP_SERVER_IP1>

NTP server in customer network. Customer can configure one or more NTP Servers

<NTP_SERVER_IP2>

NTP server in customer network. Customer can configure one or more NTP Servers, it is optional.

<SS7_CLIENT_IP1>

SS7 Client address which connects to VIP_SS7_IP1

<SS7_CLIENT_IP2>

SS7 Client address which connects to VIP_SS7_IP2

Note:  
NTP_SERVER_IP2 or more can be configured to /cluster/etc/cluster.conf if user wants.

External IP address for CUDB can be configured in ECLI after IPWorks VNF is deployed. Whether configure the external IP address depends on AAA FE/ENUM/ERH FE feature is enabled or not. For how to configure it, refer to the document Configure Route for IPWorks Payload.


3.1.2.4   VRRP and BFD

The customers can set up VRRP or BFD for External network based on the site requirements. It is out of this document scope.

In this document, VRRP is selected for configuration example. Refer to Section 6 for some detail of BSP platform.

3.2   Internal Network Connectivity

The Tenant Internal networks here are not only the IPWorks VNF internal network (which is used for IPWorks cluster nodes internal communication for DHCP/TFTP/NFS/TIPC and so on), but also the network connectivity for IPWorks VNF to communicate with external network.

3.2.1   Internal VLANs

This section specifies how the IPWorks VNF is connected in the internal network before connecting to external or customer network.

In general, all VLANs are tagged unless stated otherwise.

There are five kinds of internal VLANs in IPWorks VNF:

3.2.2   Internal IP Addresses

Table 5 lists all the internal networks and VLANs for IPWorks. The GW_IP in the table is internal gateway IP addresses (like site router), and the gateway reflected in these tables are physically connected. In this document, VRRP is selected for configuration example.

The VRRP GW IP is from left and right internal gateway IP addresses connected to IPWorks VNF SC VM. MIP_OAM_IP and MIP_PROV_IP belonged to these 2 OM networks are configured with static route in om_cn_sp VR to expose to external network.

Table 5    Internal IP Address

Networks

Network Configuration

Description

OAM network (IPW_OM_SP1)

IPW_OM_SP1

VLAN name for OAM network to site router network.

<IPW_OM_SP1_NW>

Network CIDR for IPW_OM_SP1 network

<IPW_OM_SP1_VID>

VLAN ID for IPW_OM_SP1 to be defined in tenant internal network

<IPW_OM_SP1_CMX_LEFT_IP>

Left router IP which belongs to IPW_OM_SP1 network

<IPW_OM_SP1_CMX_RIGHT_IP>

Right router IP which belongs to IPW_OM_SP1 network

<IPW_OM_SP1_SC1_IP>

SC1 IP in IPW_OM_SP1

<IPW_OM_SP1_SC2_IP>

SC2 IP in IPW_OM_SP1

<MIP_OAM_IP>

The MIP IP belongs to IPW_OM_SP1 network

<IPW_OM_SP1_VRRP_GW_IP>

Gateway for IPW_OM_SP1 from IPWorks VNF towards both left and right  routers

Provisioning and SQL data replication network (IPW_OM_SP2)

IPW_OM_SP2

VLAN name for provisioning and SQL data replication network to site router network.

<IPW_OM_SP2_NW>

Network CIDR for IPW_OM_SP2 network

<IPW_OM_SP2_VID>

VLAN ID for IPW_OM_SP2 to be defined in tenant internal network

<IPW_OM_SP2_CMX_LEFT_IP>

Left route IP which belongs to IPW_OM_SP2 network

<IPW_OM_SP2_CMX_RIGHT_IP>

Right route IP which belongs to IPW_OM_SP2 network

<IPW_OM_SP2_SC1_IP>

SC1 IP in IPW_OM_SP2

<IPW_OM_SP2_SC2_IP>

SC2 IP in IPW_OM_SP2

<MIP_PROV_IP>

The MIP IP belongs to IPW_OM_SP2 network

<IPW_OM_SP2_VRRP_GW_IP>

Gateway for IPW_OM_SP2 from IPWorks VNF towards both CMX routers

Sig traffic network (IPW_SIG_SP1)

IPW_SIG_SP1

VLAN name for IPWorks traffic network to left and right network.

<IPW_SIG_SP1_NW>

Network CIDR for IPW_SIG_SP1 network

<IPW_SIG_SP1_VID>

VLAN ID for IPW_SIG_SP1 to be defined in internal network

<IPW_SIG_SP1_VRRP_GW_IP>

Gateway for IPW_SIG_SP1 from IPWorks VNF towards both left and right Routers.

<IPW_SIG_SP1_CMX_LEFT_IP>

Left route IP which belongs to IPW_SIG_SP1 network.

<IPW_SIG_SP1_CMX_RIGHT_IP>

Right route IP which belongs to IPW_SIG_SP1 network.

<IPW_SIG_SP1_FEE1_IP>

IPWorks VNF resilient FEE IP Addresses for IPW_SIG_SP1 network. For more details, refer to section 2.2.2 Resilient FEE IP Addresses in eVIP Internetworking.

<IPW_SIG_SP1_FEE2_IP>

IPWorks VNF resilient FEE IP Addresses for IPW_SIG_SP1 network. For more details, refer to section 2.2.2 Resilient FEE IP Addresses in eVIP Internetworking.

<IPW_SIG_SP1_FEE3_IP>

IPWorks VNF resilient FEE IP Addresses for IPW_SIG_SP1 network. For more details, refer to section 2.2.2 Resilient FEE IP Addresses in eVIP Internetworking.

<IPW_SIG_SP1_FEE4_IP>

IPWorks VNF resilient FEE IP Addresses for IPW_SIG_SP1 network. For more details, refer to section 2.2.2 Resilient FEE IP Addresses in eVIP Internetworking.

Sig data network (IPW_DATA_SP1)

IPW_DATA_SP1

VLAN name for LDAP/SOAP traffic (2) network to left and right network.

<IPW_DATA_SP1_NW>

Network CIDR for IPW_DATA_SP1 network

<IPW_DATA_SP1_VID>

VLAN ID for IPW_DATA_SP1 to be defined in internal network

<IPW_DATA_SP1_VRRP_GW_IP>

Gateway for IPW_DATA_SP1 from IPWorks VNF towards both left Router and right routers.

<IPW_DATA_SP1_CMX_LEFT_IP>

Left route IP which belongs to IPW_DATA_SP1 network.

<IPW_DATA_SP1_CMX_RIGHT_IP>

Right route IP which belongs to IPW_DATA_SP1 network.

<IPW_DATA_SP1_FEE1_IP>

IPWorks VNF resilient FEE IP Addresses for IPW_DATA_SP1 network. For more details, refer to section 2.2.2 Resilient FEE IP Addresses in eVIP Internetworking.

<IPW_DATA_SP1_FEE2_IP>

IPWorks VNF resilient FEE IP Addresses for IPW_DATA_SP1 network. For more details, refer to section 2.2.2 Resilient FEE IP Addresses in eVIP Internetworking.

<IPW_DATA_SP1_FEE3_IP>

IPWorks VNF resilient FEE IP Addresses for IPW_DATA_SP1 network. For more details, refer to section 2.2.2 Resilient FEE IP Addresses in eVIP Internetworking.

<IPW_DATA_SP1_FEE4_IP>

IPWorks VNF resilient FEE IP Addresses for IPW_DATA_SP1 network. For more details, refer to section 2.2.2 Resilient FEE IP Addresses in eVIP Internetworking.

3.2.3   VRRP Network

For IPW_OM_SP1, IPW_OM_SP2, IPW_SIG_SP1, and IPW_DATA_SP1, resilience between VRs and the IPWorks VNF is based on VRRP. The interfaces of the two VRs are configured to participate in the same VRRP group. The connectivity between the VRs is to be one collapsed network, meaning one broadcast domain. When a fault occurs and the VRRP IP address is moved from one side to the other, a gratuitous ARP is sent out to update the ARP table of IPWorks SC VMs and the switches regarding the move.

4   Example IP Connectivity

Since L2 configuration is much more specified to the hardware, and the L3 is more general, in this section, it only provides an IP connectivity for IPWorks VNF.

In the IP connectivity example, the IPWorks VNF is deployed to BSP-based Ericsson CEE. The IPWorks VNF L2 configuration is configured by CEE automatically by using BSP neutron plug-in. For other hardware platform, refer to Section 3.1.1 and Section 3.2.1 to configure L2.

Refer this IP connectivity example for L3 network connectivity configuration.

4.1   Static Routing

The BSP CMX switched routers are configured with some virtual routers. The virtual routers have static routes configured towards both internal and external networks.

For sig_cn_sp and sig_data_sp, inner NLCL between CMXs is configured with static routing for backup routing.

4.1.1   Left Router

Table 6    Left Router (CMX-0-26) Static Routing

Virtual Router

Destination

Next-hop

VLAN

sig_cn_sp

This default route covers all DNS/ENUM/AAA/SS7 traffic from IPWorks VNF to external.

<SIG_CN_SP1_VRRP_GW_IP> (VRRP) =10.0.60.33

<SIG_CN_SP1_VID>=vlan1.22

<VIP_TRF_IP1>

<IPW_SIG_SP1_FEE1_IP>=192.168.17.3


<IPW_SIG_SP1_FEE2_IP>=192.168.17.4


<IPW_SIG_SP1_FEE3_IP>=192.168.17.5


<IPW_SIG_SP1_FEE4_IP>=192.168.17.6


<SIG_CN_NLCL_RIGHT_IP>=192.168.207.10

<IPW_SIG_SP1_VID>=vlan1.82

<VIP_TRF_IP2>

VIP_SIG_SS7_IP1

VIP_SIG_SS7_IP2

sig_data_sp

This default route covers all LDAP traffic from IPWorks VNF to external.

<SIG_DATA_SP1_VRRP_GW_IP>=10.0.61.41

<SIG_DATA_SP1_VID>=vlan1.23

<VIP_DATA_IP>

<IPW_DATA_SP1_FEE1_IP>=192.168.27.3


<IPW_DATA_SP1_FEE2_IP>=192.168.27.4


<IPW_DATA_SP1_FEE3_IP>=192.168.27.5


<IPW_DATA_SP1_FEE4_IP>=192.168.27.6


<SIG_DATA_NLCL_RIGHT_IP>=192.168.207.26

<IPW_DATA_SP1_VID>=vlan1.83

om_cn_sp

These static routes cover NTP, SNMP, OAM, and provisioning and SQL data replication traffic from IPWorks VNF to external.

<OM_CN_SP1_VRRP_GW_IP>=10.0.4.1

<OM_CN_SP1_VID>=vlan1.11


<OM_CN_SP2_VID>=vlan1.11

<MIP_OAM_IP>

<IPW_OM_SP1_RIGHT_CMX_IP>= 10.170.19.67

<IPW_OM_SP1_VID>=vlan1.80

<MIP_PROV_IP>

IPW_OM_SP2_RIGHT_CMX_IP> =10.170.19.75

<IPW_OM_SP2_VID>= vlan1.81

4.1.2   Right Router

Table 7    Right Router (CMX-0-28) Static Routing

Virtual Router

Destination

Next-hop

VLAN

sig_cn_sp

This default route covers all DNS/ENUM/AAA/SS7 traffic from IPWorks VNF to external.

<SIG_CN_SP1_VRRP_GW_IP> (VRRP)=10.0.60.33

<SIG_CN_SP1_VID>= vlan1.22

<VIP_TRF_IP1>

<IPW_SIG_SP1_FEE1_IP>=192.168.17.3


<IPW_SIG_SP1_FEE2_IP>=192.168.17.4


<IPW_SIG_SP1_FEE3_IP>=192.168.17.5


<IPW_SIG_SP1_FEE4_IP>=192.168.17.6


<SIG_CN_NLCL_LEFT_IP>=192.168.207.9

<IPW_SIG_SP1_VID>= vlan1.82

<VIP_TRF_IP2>

<VIP_SIG_SS7_IP1>

<VIP_SIG_SS7_IP2>

sig_data_sp

This default route covers all LDAP traffic from IPWorks VNF to external.

<SIG_DATA_SP1_VRRP_GW_IP>=10.0.60.41

<SIG_DATA_SP1_VID>=vlan1.23

<VIP_DATA_IP>

<IPW_DATA_SP1_FEE1_IP>=192.168.27.3


<IPW_DATA_SP1_FEE2_IP>=192.168.27.4


<IPW_DATA_SP1_FEE3_IP>=192.168.27.5


<IPW_DATA_SP1_FEE6_IP>=192.168.27.6


<SIG_DATA_NLCL_LEFT_IP>=192.168.207.25

<IPW_DATA_SP1_VID>=vlan1.83

om_cn_sp

These static routes cover NTP, SNMP, OAM, provisioning, and SQL data replication traffic from IPWorks VNF to external.

<OM_CN_SP1_VRRP_GW_IP>=10.0.4.1

<OM_CN_SP1_VID>=vlan1.11


<OM_CN_SP2_VID>= vlan1.11

<MIP_OAM_IP>

<IPW_OM_SP1_LEFT_CMX_IP>= 10.170.19.66

<IPW_OM_SP1_VID>= vlan1.80

<MIP_PROV_IP>

<IPW_OM_SP2_RIGHT_CMX_IP> =10.170.19.74

<IPW_OM_SP2_VID>= vlan1.81

5   Firewall Configurations

Network Firewall configuration is controlled by cloud infrastructure and it is out of the scope.

For the configuration of IPWorks IP tables, refer to IPWorks IPTables Service Configuration. If an external firewall is used, the same rules need to apply.

6   Appendix

Since the customers would use BFD to configure external network, so the main difference detail for reference is provided. In this reference, it is assumed that the IPWorks VNF is deployed to BSP-based Ericsson CEE.

6.1   Overview of VRRP vs. BFD Connection between CMX and External Network

The customers can use VRRP or BFD connection for communication between CMX and external switch/router. Figure 8 and Figure 9 describe the main difference in configuration between VRRP and BFD. For eVIP DNS/ENUM/AAA traffic and LDAP/SOAP Traffic, they can be configured to use VRRP or BFD to bridge CMX to customer switch/route.

Figure 8   External VRRP Connection Overview

The objects SW0, SW1, CE0, and CE1 are not parts of the IPWorks node. They are the examples of customer network equipment.

The IPWorks VRRP setup requires that the VLAN with ID <VID> is bridged in the customer network. This is described in the figure by the link between SW0 and SW1. The customer network must be configured to route OM/Provisioning MIP or eVIP to IPWorks <VRRP_IP> which cross 2 CMX. IPWorks CMX-0-26 and CMX-0-28 configure with a default route for traffic to the customer network <VRRP_GW_IP>.

For details about BSP configuration, refer to Add VRRP Group, Reference [7].

Figure 9   BFD Connection Overview

The objects SW0, SW1, CE0, and CE1 are not part of the IPWorks node. They are the examples of customer network equipment.

IPWorks application-related traffic use MIP or eVIP for communication. The customer network must be configured to route. The VIP or MIP to IPWorks <CMX_0_26_IP> and <CMX_0_28_IP>. IPWorks is configured to route application-related traffic from CMX-0-26 to the customer network <CMX_0_26_CE0_GW_IP> and from CMX-0-28 to the customer network <CMX_0_28_CE0_GW_IP>.

For details about BSP configuration, refer to Add Static Routing, Reference [8].


Reference List

Ericsson Documents
[1] Trademark Information.
[2] Typographic Conventions.
[3] Glossary of Terms and Acronyms.
[4] IPWorks IPTables Service Configuration.
[5] IPWorks Deployment Guide, 21/1553-AVA 901 33/3 Uen
[6] CEE on BSP, 1/1551-CNA 403 3045/2 Uen
[7] Add VRRP Group, 10/1543-APR 901 0549/1 Uen
[8] Add Static Routing, 47/1543-APR 901 0549/1 Uen
Ericsson Library
[9] Cloud Execution Environment (CEE) R7B, Ericsson Internal Support, EN/LZN 792 0001/9 R7B


Copyright

© Ericsson AB 2017, 2018. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List
All trademarks mentioned herein are the property of their respective owners. These are shown in the document Trademark Information.

    IPWorks Network Connectivity Overview