|
| 1 | +--- |
| 2 | +id: ha_setup |
| 3 | +title: HA AGW Setup |
| 4 | +sidebar_label: HA AGW Setup |
| 5 | +hide_title: true |
| 6 | +--- |
| 7 | +# HA AGW Setup |
| 8 | + |
| 9 | +The following document outlines the necessary steps to deploy and configure a |
| 10 | +Magma access gateway on AWS. This document also outlines configuring the AWS |
| 11 | +gateway to serve as a secondary to a primary gateway running at an edge site. |
| 12 | + |
| 13 | +## Deployment |
| 14 | + |
| 15 | +### Build AGW AMI |
| 16 | + |
| 17 | +Steps: |
| 18 | + |
| 19 | +1. Download packer onto your host machine at https://www.packer.io/downloads.html |
| 20 | +2. Run the following |
| 21 | + |
| 22 | +``` |
| 23 | +[~] cd magma/orc8r/tools/packer |
| 24 | +[~/magma/orc8r/tools/packer] packer build -force \ |
| 25 | + -var "aws_access_key=YOUR_ACCESS_KEY" \ |
| 26 | + -var "aws_secret_key=YOUR_SECRET_KEY" \ |
| 27 | + -var "subnet=YOUR_SUBNET" \ |
| 28 | + -var "vpc=YOUR_VPC" \ |
| 29 | + debian-stretch-aws.json |
| 30 | +``` |
| 31 | + |
| 32 | +YOUR_SUBNET and YOUR_VPC should specify an existing subnet and vpc on your AWS |
| 33 | +region. The choice of subnet and vpc won't affect the final box. These are the |
| 34 | +subnet/vpc which the box is launched into while building. |
| 35 | + |
| 36 | +The result should show |
| 37 | + |
| 38 | +``` |
| 39 | +==> Builds finished. The artifacts of successful builds are: |
| 40 | +--> amazon-ebs: AMIs were created: |
| 41 | +us-west-1: ami-0f1c9db5a767a0296 |
| 42 | +``` |
| 43 | + |
| 44 | +### Deploy AGW AMI |
| 45 | + |
| 46 | +On AWS: |
| 47 | + |
| 48 | +1. Navigate to the EC2 Service |
| 49 | +2. Select `Launch Instance` |
| 50 | +3. Select the AMI that was built in the previous step. This AMI will exist |
| 51 | +under `My AMIs` section. |
| 52 | +4. On page `Choose an Instance Type`, select a c4.xlarge instance type. Proceed |
| 53 | +to `Configure Instance Details`. |
| 54 | +5. On page `Configure Instance Details`, use the default settings. Proceed to |
| 55 | +`Add Storage`. |
| 56 | +6. On page `Add Storage`, use default of 8gb. Proceed to `Add Tags`. |
| 57 | +7. On page `Add Tags`, optionally add tags (e.g. `Magma Secondary Gateway`) |
| 58 | +to identify this as a secondary. |
| 59 | +Magma AGW. Proceed to `Configure Security Group`. |
| 60 | +8. On page “Configure Security Group”, create a new security group with the |
| 61 | +rules listed below. It is advised to limit the source IPs to the subnet that i |
| 62 | +the primary gateway resides in for all rules other than SSH. Proceed to |
| 63 | +`Review and Launch`. |
| 64 | + |
| 65 | +|Type |Protocol |Port Range |Source |Description | |
| 66 | +|--- |--- |--- |--- |--- | |
| 67 | +|SSH |TCP |22 |0.0.0.0/0 |- | |
| 68 | +|SCTP (132) |SCTP (132) |All |0.0.0.0/0 |- | |
| 69 | +|Custom TCP |TCP |3386 |0.0.0.0/0 |- | |
| 70 | +|All UDP |UDP |0 - 65535 |0.0.0.0/0 | | |
| 71 | +|All ICMP - IPv4 |ICMP |All |0.0.0.0/0 |- | |
| 72 | + |
| 73 | +1. Review that the selected settings are as described here. Then proceed to |
| 74 | +`Launch`. |
| 75 | +2. Select `Create a new key pair`, then save the key pair created to your host |
| 76 | +machine. This pair will be used to access the gateway, so ensure the pair is |
| 77 | +saved in a safe and durable location. |
| 78 | +3. Finish by selecting `Launch Instances`. |
| 79 | + |
| 80 | +### ENI Configuration |
| 81 | + |
| 82 | +Before installing Magma, we will add a second interface to gateway by creating |
| 83 | +an ENI and attaching it to the EC2 instance. |
| 84 | + |
| 85 | +1. In the EC2 service on AWS, navigate to the `Network Interfaces` section |
| 86 | +under the `Network and Security` tab on the side panel. |
| 87 | +2. Select `Create network interface` in the upper right corner. |
| 88 | +3. On the `Create network interface` configuration page, select the subnet for |
| 89 | +the ENI. To work properly, this subnet cannot be the same subnet that the |
| 90 | +EC2 instance was deployed with. These subnets must be in the same availability |
| 91 | +zone though. |
| 92 | +4. Select the same subnet that was used to deploy the EC2 instance. |
| 93 | +5. Once configured, select `Create network interface`. |
| 94 | +6. Navigate to the EC2 instances page. |
| 95 | +7. Find the recently deployed EC2 instance on the left hand side. Then select |
| 96 | +`Actions` → `Networking` → `Attach network interface`. |
| 97 | +8. On page `Attach network interface`, select the recently created ENI and then |
| 98 | +click `Attach`. |
| 99 | + |
| 100 | +### Install Magma |
| 101 | + |
| 102 | +1. Find the public IP for the gateway instance by navigating to `Instances` on |
| 103 | +the AWS EC2 service. Select the instance and copy the `Public IPv4 Address` in |
| 104 | +the instance summary. |
| 105 | +2. Add the AWS gateway key that was created when the instance was launched: |
| 106 | +`ssh-add ~/.ssh/aws_key.pem` |
| 107 | +3. SSH to EC2 instance using the public IP from step 1: |
| 108 | +`ssh admin@<instance_public_ip>` |
| 109 | +4. Now install Magma |
| 110 | + |
| 111 | +``` |
| 112 | +[admin@<public_ip>~/] sudo su |
| 113 | +[root@<public_ip>:/home/admin] wget https://raw.githubusercontent.com/facebookincubator/magma/v1.4/lte/gateway/deploy/agw_install.sh |
| 114 | +[root@<public_ip>:/home/admin] bash agw_install cloud |
| 115 | +` |
| 116 | +``` |
| 117 | + |
| 118 | +When you see "AGW installation is done." It means that your AGW installation |
| 119 | +is done, you can make sure magma is running by executing: |
| 120 | + |
| 121 | +``` |
| 122 | +service magma@* status |
| 123 | +``` |
| 124 | + |
| 125 | +### Access Gateway Configuration |
| 126 | + |
| 127 | +1. Follow the [configuration steps](https://docs.magmacore.org/docs/lte/config_agw) to register the new gateway. |
| 128 | +2. To configure the gateway to serve as a secondary use the Orc8r API (NMS does |
| 129 | +not currently support this functionality). |
| 130 | + 1. Use the POST request endpoint `/lte/{network_id}/gateway_pools` to |
| 131 | + create a new gateway pool. |
| 132 | + 2. Add the primary gateway(s) to the pool via endpoint |
| 133 | + `/lte/{network_id}/gateways/{gateway_id}/cellular/pooling`. |
| 134 | + 1. MME code should differ for each gateway in the pool. |
| 135 | + 2. MME relative capacity should be set to 255 for each primary |
| 136 | + 3. Add the secondary (AWS) gateway to the pool via endpoint |
| 137 | + `/lte/{network_id}/gateways/{gateway_id}/cellular/pooling`. |
| 138 | + 1. MME code should differ for each gateway in the pool. |
| 139 | + 2. MME relative capacity should be set to 1 for the secondary |
| 140 | +3. To enable secondary AGW to retrieve the connection state of the primary |
| 141 | +instances, the default value of `use_ha: false` should be changed to |
| 142 | +`use_ha: true` in `/etc/magma/mme.yml`. This configuration is mainly for |
| 143 | +Active-Standby configuration and should not be used if an Active-Active |
| 144 | +configuration is desired. When set as true, secondary AGW starts offloading UEs |
| 145 | +camped on it back to the primary instances when the primary instances come back |
| 146 | +up and start syncing up the states of connected eNBs to the orc8r. |
| 147 | +4. If the secondary AGW is in a different network with its eth1 interface |
| 148 | +configured with a private IP address, S1-U IP address needs to be configured |
| 149 | +with the public IP address of the interface separately as by default it will be |
| 150 | +configured with the eth1 IP address that is private. |
| 151 | + 1. add "ipv4_sgw_s1u_addr": **** "IP_ADDRESS_STRING" via the endpoint |
| 152 | + `/lte/{network_id}/gateways/{gateway_id}/cellular/epc`, where |
| 153 | + IP_ADDRESS_STRING is a CIDR formatted IPv4 address, e.g., 203.0.113.25/32. |
| 154 | +5. If eNB is behind a different NAT than the AGW instance, its S1-U IP address |
| 155 | +communicated (with AGW instance) over the S1-MME interface is a private IP |
| 156 | +address. Then, eNB will not be reachable in the user plane (i.e., GTP-U traffic |
| 157 | +will not be routable back to eNB). To remedy this situation, assuming that the |
| 158 | +eNB uses the same routable IP address for S1-MME connection and S1-U |
| 159 | + connection, it is possible to force MME overwrite the S1-U private IP address |
| 160 | + with the public one during bearer context set up by changing the |
| 161 | + `enable_gtpu_private_ip_correction: false` to |
| 162 | + `enable_gtpu_private_ip_correction: true` in `/etc/magma/mme.yml` after |
| 163 | + ssh-ing into the AGW instance. |
| 164 | + |
| 165 | +Note: The current functionality supports multiple primaries using the same |
| 166 | +secondary gateway. However the ENBs configured for the primaries must not |
| 167 | +overlap. |
| 168 | + |
| 169 | +### Enodeb Configuration |
| 170 | + |
| 171 | +Any enodebs that will be used in the HA pool should be added to both the |
| 172 | +primary and secondary gateway via the NMS. |
| 173 | + |
| 174 | +Make sure that your eNB supports MME pooling also known as S1-Flex as Magma HA |
| 175 | +feature relies on this capability. eNBs must be configured with MME pool using |
| 176 | +the management interface for the eNB vendor. The primary and secondary AGW’s |
| 177 | +routable ip addresses assigned for eth1 must be used in this configuration. |
| 178 | +Make sure that eNB simultaneously connects to each MME ip address in its pool |
| 179 | +and there are sctp heartbeat requests and responses on each AGW. |
| 180 | + |
0 commit comments