MCC_MME_AWS_CFN_15.0.pdf

Affirmed Networks MCC MME on AWS CFN Deployment
Guide
Release 15.0
Updated: August2021
Inside …
 Prerequisites
 MME Cluster Subnets
 Create Cluster Resource Stack
 VM Instances Stack Creation
 Initial MME Cluster Configuration
 Jump Server (optional)
Affirmed Networks Inc.
35 Nagog Park
Acton, MA 01730
USA
Tel: +1-978-268-0800
www.affirmednetworks.com
A Microsoft Company
Affirmed Networks MCC MME CLI User Guide, Release 15.0
Revision: A

Affirmed Networks MCC MME on AWS CFN Deployment Guide
Revision: A Affirmed Networks Proprietary and Confidential
ii
Copyright© 2021 Affirmed Networks, Inc. All Rights Reserved.
AFFIRMED & DESIGN®, ACUITAS SERVICE MANAGEMENT SYSTEM®, AFFIRMED NETWORKS
MOBILE CONTENT CLOUD™, AFFIRMED OPEN WORKFLOW™, AFFIRMED MOBILE CONTENT
CLOUD™, UnityCloud™, UnityCloud PaaS™, UnityCloud Platform™, UnityCloud Operations™,
UnityCloud Ops™, Operations and Policy Manager (OPM)™ and other trademarks and designs are the
registered or unregistered trademarks of Affirmed Networks, Inc. and its subsidiaries in the United States
and in foreign countries. All other trademarks are the property of their respective owners. The Affirmed
Networks, Inc. trademarks may not be used in connection with any product or service that is not Affirmed
Networks' in any manner that is likely to cause confusion among customers or in any manner that
disparages or discredits Affirmed Networks, Inc.
This document contains information that is the property of Affirmed Networks, Inc. This document may not
be copied, reproduced, reduced to any electronic medium or machine readable form, or otherwise
duplicated, and the information herein may not be used, disseminated or otherwise disclosed, except with
the prior written consent of Affirmed Networks, Inc.

Software License Agreement
iii
AffirmedNETWORKS, INC. SOFTWARELICENSEAGREEMENT
AFFIRMED NETWORKS, INC. (“AFFIRMED”) IS WILLING TO LICENSE THE
ENCLOSED SOFTWARE AND ACCOMPANYING USER DOCUMENTATION
(COLLECTIVELY, THE “PROGRAM”) TO YOU ONLY UPON THE CONDITION THAT
YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THIS LICENSE
AGREEMENT. PLEASE READ THE TERMS AND CONDITIONS OF THISLICENSE
AGREEMENT CAREFULLY BEFORE OPENING THE PACKAGE (S) OR USING THE
AFFIRMED PRODUCTS CONTAINING THE SOFTWARE, AND BEFORE USING THE
ACCOMPANYING USER DOCUMENTATION. OPENING THE PACKAGE (S) OR
USING THE AFFIRMED PRODUCTS CONTAINING THE PROGRAM WILL INDICATE
YOUR ACCEPTANCE OF THE TERMS OF THIS LICENSE AGREEMENT. IFYOU ARE
NOT WILLING TO BE BOUND BY THE TERMS OF THISLICENSE AGREEMENT,
AFFIRMED IS UNWILLING TO LICENSE THE PROGRAM TO YOU, INWHICH
EVENT YOU SHOULD RETURN THE PROGRAM WITHIN TEN (10) DAYS FROM
SHIPMENT TO THE PLACE FROM WHICH IT WAS ACQUIRED, AND YOUR LICENSE
FEE WILL BE REFUNDED. THISLICENSE AGREEMENT REPRESENTS THE ENTIRE
AGREEMENT CONCERNING THE PROGRAM BETWEEN YOU AND AFFIRMED,
AND IT SUPERSEDES ANY PRIOR PROPOSAL, REPRESENTATION OR
UNDERSTANDING BETWEEN THE PARTIES.
License Grant Subject to the provisions of this License, Affirmed grants to Licensee, and Licensee accepts,a
non-exclusive,non-transferable license to use the object code form of the software supplied by
Affirmed, including all patches,errorcorrections, updates andrevisions thereto in machine-
readable,object code form only (the “Software”),and the user documentation, including all
updates andrevisions thereto (the “User Documentation”)forLicensee’s internalbusiness
purposes (including, without limitation, in conjunction with Licensee’s provision of services to
its customers)on or in conjunction with the hardware product with which it was originally
delivered or on a single designated computer.The Software and User Documentation are
sometimes collectively referred to as the “Program”.Licensee acknowledges that certain
Software provided by Affirmed may contain other restrictions and Licensee must refer to
accompanying license certificates for each such Software licensed.Licensee agrees that
Licensee will not pledge, lease, rent, or share Licensee's rights under this License Agreement,
and that Licensee will not,without Affirmed’s prior written consent,assign ortransfer
Licensee's rights hereunder. Licensee agrees that Licensee may not duplicate (except as set
forth below), decompile,disassemble, reverse engineer, modify,orotherwise translate the
Software or permit a third party to do so and that Licensee shall not make the Program
available to any otherthird party,orcreate works derivative of the Program,without
Affirmed’s express written consent.Licensee agrees it shall not publish in any fashion any
results of benchmark tests run on the Program.
The Program is copyrighted and is only authorized to reproduce one copy of the Software and
the User Documentation solely forbackup purposes.Licensee is hereby prohibited from
otherwise copying or translating,modifyingoradaptingthe Program or,incorporatingin
whole or any part in any otherproduct or creating derivative works based on allor any part of
the Program. Licensee is not authorized to license others to reproduce any copies of the
Program, except as expressly provided in this Agreement. Licensee agrees to ensure that all
copyright, trademark andotherproprietary notices of Affirmed affixed to or displayed on the
Program will not be removed ormodified.Licensee shall not decompile,disassemble or
reverse engineer, the licensed software orany component thereof,exceptas may be permitted
by applicable law,in which case Licensee must notify Affirmed in writing and Affirmed may
provide review and assistance.
U.S. Government Restricted Rights. Notice - Distribution and use of products including
computerprogramsand any related documentation and derivative works thereof,to and by the

iv
U.S. Government,are subject to the Restricted Rights provisions of FAR 52.227-19,
paragraph (c)(2)asapplicable,except forpurchases by agencies of the Department of Defense
(DOD). If the software is acquired underthe terms of a Department of Defense orcivilian
agency contract,the software is a “commercialitem” as that term is defined at 48 C.F.R. 2.101
(Oct. 1995),consisting of “commercialcomputersoftware” and “commercialcomputer
software documentation” as such terms are used in 48 C.F.R. 12.212 of the Federal
Acquisition Regulations and its successors and 48 C.F.R. 227.7202-1 through 227.7202-4
(June 1995)of the DoD FAR Supplement and itssuccessors. All U.S. Government end users
acquire the software with only those rights set forth in this Agreement. Manufactureris
Affirmed Networks, Inc.,35 Nagog Park, Acton MA 01720.Unpublished - rights reserved
underthe copyright laws of the United States.
Affirmed’s
Rights
Licensee agrees that the Software and the UserDocumentation are proprietary,confidential
products of Affirmed or Affirmed's licensor protected underU.S.copyright law and Licensee
will use Licensee's best efforts to maintain theirconfidentiality. Licensee further
acknowledges and agrees that allright, title and interest in and to the Program,including
associated intellectualproperty rights,are and shallremain with Affirmed orAffirmed's
licensor. This License Agreement does not convey to Licensee an interest in or to the
Program, but only a limited right of use revocable in accordance with the terms of this License
Agreement.
License Fees The license fees paid by Licensee are paid in consideration of the license granted underthis
License Agreement.
Term This License Agreement is effective upon Licensee's execution of this License Agreement and
payment of the license fees and shallcontinue untilterminated.Licensee may terminate this
License Agreement at any time by returningthe Program and allcopies orportions thereof to
Affirmed.Affirmed may terminate this License Agreement upon the breach by Licensee of
any term hereof.Upon such termination by Affirmed,Licensee agrees to return to Affirmed
the Program and allcopies or portions thereof.
Termination of this License Agreement shall not prejudice Affirmed's rights to damages or
any other available remedy.
Limited
Warranty
Affirmed warrants that with normaluse and service each Software product shallmaterially
conform to Affirmed’s then current published specifications forthe most current release of
such Software product for a period of ninety (90) days from the date of shipment by Affirmed.
Program media is warranted for ninety- (90) days from the date of shipment by Affirmed.
Software support beyond these periods is available at additionalcost underthe terms of
Affirmed’s AnnualMaintenance Service Agreement.
During the warranty period,as Licensee’s sole and exclusive remedy,Affirmed will correct a
Software product’s failure to conform to the warranty provided that Licensee has notified
Affirmed in writing of the nature of the non-conformity.This warranty shallnot apply if any
Software product has been (i) modified oraltered by anyone otherthan Affirmed,(ii) abused
or misapplied,or (iii) used in combination with hardware orsoftware otherthan the Affirmed
manufactured products forwhich it was designed.
Affirmed shall incur no liability underthis warranty if Affirmed’s tests disclose that the
alleged defect is due to causes not within Affirmed’s reasonable control,including alteration
or abuse of the goods.If a Program is determined not to be defective orto have a defect due to
causes not within Affirmed’s reasonable control,Licensee agrees to pay forsuch repair at the
repair price as listed in Affirmed’s then current applicable price list. In no event does
Affirmed warrant that the use of Software products will be error free oruninterrupted.
Affirmed’s sole obligation underthe Software warrantyshallbe to provide the remedies

v
described above.
EXCEPT FOR THE EXPRESS WARRANTIES STATED IN THIS WARRANTY,THE
PROGRAM IS LICENSED “AS IS”, AND Affirmed DISCLAIMS ANY AND ALL
OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY WITH
RESPECT TO THE SOFTWARE PROVIDED UNDER THIS AGREEMENT,
INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ANY
WARRANTIES OF NONINFRINGEMENT AS WELL AS ANY WARRANTIES ARISING
FROM COURSE OF DEALING, USEAGE OR TRADE PRACTICE.
Limitation of
Liability
Affirmed’s cumulative liability to Licensee or any otherparty foranyloss or damages resulting
from any claims, demands,oractions arisingout of or relating to this License Agreement
shall not exceed the greater of: (i) ten thousand U.S. dollars ($10,000)or (ii) the totallicense
fee paid to Affirmed for the use of the Program. In no event shallAffirmed be liable for any
indirect, incidental, consequential, special, punitive or exemplary damages orlost profits or
the loss of software or data,even if Affirmed has been advised of the possibility of such
damages.In the event that the Program contains the intellectual property of a third party
pursuant to a license in favorof Affirmed,with a right to sublicense to Licensee, Affirmed
hereby disclaims, to the extent permitted by law,such third party’s liability of any damages,
whetherdirect, indirect, incidentalor consequential, arising out the use of the Program
Governing Law This License Agreement shall be construed and governed in accordance with the laws and
underthe jurisdiction of the Commonwealth of Massachusetts,U.S.A. Any dispute arising out
of this Agreement shallbe referred to an arbitration proceedingin Boston,Massachusetts,
U.S.A. by the American Arbitration Association.
Miscellaneous If any action is brought by either party to this License Agreement against the otherparty
regarding the subject matterhereof,the prevailingparty shallbe entitled to recover, in
addition to any otherrelief granted,reasonable attorneys’fees and expenses of arbitration.
Should any term of this License Agreement be declared void or unenforceable by any court of
competent jurisdiction,such declaration shall have no effect on the remainingterms hereof.
The failure of either party to enforce any rights granted hereunderorto take action against the
otherparty in the event of any breach hereundershallnot be deemed a waiverby that party as
to subsequent enforcement of rights or subsequent actions in the event of future breaches.
Affirmed has made no commitments orpromises orally or in writing with respect to delivery
of any future software features orfunctions.In relation to any future software features or
functions,all presentations,RFP responses and/orproductoutlook documents,informationor
discussions, either prior to or following the date herein, are forinformationalpurposes only,
and Affirmed has no obligation to provide any future releases orupgrades or any features,
enhancements orfunctions,unless specifically agreed to in writing by both parties.Reseller
acknowledges that no purchasingdecisions are based upon any future software features or
functions.
Third Party
Beneficiary
If the Program incorporates or otherwise contains any intellectual Property of any third party
pursuant to a license agreement in favor of Affirmed and sublicensed to Licensee, such third
party shall, to the extent permitted by law, be a third party beneficiary of the terms and
conditions of this Agreement.

vi
Contents
Preface.......................................................................................................................................xi
Audience............................................................................................................................... xi
Release Information............................................................................................................... xi
How to Obtain Product Documentation.................................................................................... xi
Technical Assistance Center .................................................................................................. xi
Terms and Acronyms............................................................................................................ xii
1 Introduction ...............................................................................................................................1
1.1 New in This Release .........................................................................................................1
1.2 Documentation changes ....................................................................................................1
2 Overview...................................................................................................................................2
2.1 Organization .....................................................................................................................4
3 Prerequisites .............................................................................................................................5
3.1 AWS CLI Setup .................................................................................................................5
3.2 Resources ........................................................................................................................5
3.3 Inputs ...............................................................................................................................6
4 MME Cluster Subnets ................................................................................................................8
4.1 N/S Subnets Planning .......................................................................................................9
4.1.1 Standard Networking with Secondary IP Addresses....................................................9
4.1.2 Standard Networking with Route Table .................................................................... 10
4.1.3 N/S Interfaces with Tunneling .................................................................................. 10
5 Create Cluster Resource Stack .................................................................................................13
5.1 Cluster Stack Parameters ................................................................................................ 13
5.2 Cluster Stack Parameters JSON File ................................................................................ 20
5.3 Stack Creation ................................................................................................................ 20
5.3.1 Option 1: AWS CLI ................................................................................................. 21
5.3.2 Option 2: AWS Console.......................................................................................... 21
5.3.3 Post-Creation Steps ............................................................................................... 23
6 VM Instances Stack Creation....................................................................................................24
6.1 Template Parameters for VM Instance Stacks................................................................... 24
6.2 BASE and DATA Network ................................................................................................ 30

vii
6.2.1 Interface IP Addresses............................................................................................ 30
6.2.2 MTU Values ........................................................................................................... 30
6.3 Creation of MGMT-0/MRM-0 Stack................................................................................... 31
6.3.1 VM Instance CFN Template .................................................................................... 31
6.3.2 JSON Example for MGMT-0 Stack .......................................................................... 31
6.3.3 Stack Post-Creation Steps ...................................................................................... 31
6.4 Creation of Other Instance Stacks .................................................................................... 32
6.4.1 JSON Example for MGMT-1/MRM-1 Stack .............................................................. 32
6.4.2 JSON Example for VM Instance Stack (Non-LB/MSM).............................................. 32
6.4.3 JSON Example for VM Instance Stack (LB/MSM) ..................................................... 32
7 Initial MME Cluster Configuration ..............................................................................................34
7.1 EPC System Configuration .............................................................................................. 34
7.2 Routing Instances Configuration....................................................................................... 34
8 Jump Server (optional) .............................................................................................................35

viii
List of Figures
Figure 1. Full Deployment Model..............................................................................................8
Figure 2. Compact Deployment Model......................................................................................8
Figure 3. Tunneling Network Diagram.....................................................................................10
Figure 4. Configuration Example for GRE tunneling .................................................................11
Figure 5. Create Stack...........................................................................................................22
Figure 6. Upload Template File ..............................................................................................22
Figure 7. Enter Stack Parameters ..........................................................................................23

ix
List of Tables
Table 1. "routing-instances” Configuration Parameters for Tunneling...........................................11
Table 2. Required Parameters for Cluster Resources Stack .......................................................13
Table 3. VM Instance Stack Parameters ....................................................................................24
Table 4. Jump Server Template Parameters..............................................................................35

xi
Preface
Affirmed Networks MCC MME on AWS CFN for Release 15.0.
Audience
This guide is intended for all users of the system.
Release Information
See the Release Notes for important information, requirements, limitations, and restrictions that apply
to this release.
How to Obtain Product Documentation
Documentation is available for currently supported product releases. Documentation is available
online in Adobe PDF format. You can view PDFs online using the latest version of Adobe Reader®.
To download the latest version of the Adobe Reader software from the Adobe web site, go to
http://get.adobe.com/reader/
Product documentation is available from the Affirmed Networks SFTP server. Contact your sales
representative or the TAC for instructions on accessing the SFTP server.
See the Affirmed Networks Documentation Library for a complete list of Affirmed Networks product
documentation.
Technical Assistance Center
Affirmed Networks Technical Assistance Center (TAC) provides technical support 24 hours a day, 7
days a week (24 x 7) for any customer with an active maintenance contract. To contact the TAC:
E-mail: an_support_operation@microsoft.com
24 x 7 Telephone support:
Local: 1-978-268-0871
Toll free: 1-888-283-2838

Preface
xii
Terms and Acronyms
For a comprehensive list of terms and acronyms used in Affirmed Networks documentation, please
see Affirmed Networks Terms and Acronyms.

1
1 Introduction
This content describes the steps necessary to deploy and run the Affirmed MME on Amazon Web
Services (AWS) cloud, using the supported Cloud Formation templates. Due to the vastness of AWS,
its facilities and the knowledge necessary to work with AWS, this content focuses primarily on the
deployment of the MME and not necessarily on the intricacies of AWS.
1.1 New in This Release
Not applicable.
1.2 Documentation changes
Add MTU Values section to BASE and DATA Network section.

2
2 Overview
The Cloud Formation templates for Affirmed Networks MME on AWS support the creation of an MME
cluster with flexibility to fit into the desired operation model.
The stack creation for the MME deployment has a hierarchy of steps to complete a deployment. The
first step is the create the shared resources for the cluster. In this step, the following resources are
created:
▪ Security group for use by BASE and DATA subnet MME network interfaces (optionally can be
used for ALL MME network interfaces
→ Ingress security group rule allowing all traffic
→ Egress security group rule allowing all traffic
▪ BASE Subnet for Availability Zone A
▪ DATA subnet for Availability Zone A
▪ IAM Profile enabling AmazonEC2FullAccess
In addition to EC2 resource creation, all common variables for the cluster must be specified in the
creation of the cluster resources stack. These values are exported from this stack, and referenced
automatically from the subsequent stack creation steps for the MME VM instances.
In the cluster resource stack, the following resources are created ONLY if specified in the stack
parameters as described in the content in later sections of this document:
▪ MGMT subnet for Availability Zone A
▪ MGMT subnet for Availability Zone B (Unsupported in this release)
▪ BASE subnet for Availability Zone B (Unsupported in this release)
▪ DATA subnet for Availability Zone B (Unsupported in this release)
Note: Dual availability-zone deployment option is a future feature, and is not currently fully supported
by the AFN MME in this release.
After successful creation of the MME cluster resources stack, the next step is to create a MGMT-0
OR MRM-0 instance, depending on the desired deployment type (full (5-VM) vs. compact (2-VM)).
In the MGMT-0/MRM-0 stack creation, the following resources are created:
▪ MGMT network interface
▪ BASE network interface
▪ DATA network interface

Overview
3
▪ EC2 instance for the MGMT-0/MRM-0 VM
The MGMT-0/MRM-0 stack exports the IP addresses allocated for both its BASE and DATA network
interfaces. These are referenced during the stack creation for all other VM instances in the MME
cluster. Therefore, the MGMT-0/MRM-0 stack MUST be created first, prior to the creation of all other
stacks for members of the cluster.
The final step in the process of stack creation for the MME cluster is to create the stacks for ALL
other VMs in the cluster. Each VM instance in the cluster is created with a separate stack. This
allows the ultimate flexibility in terms of engineering of the cluster, as well as expandability after first
creation. The parent stack provided in previous MME releases is no longer supported.
In the member instance stack creation, the following resources are created:
▪ MGMT network interface
▪ BASE network interface
▪ DATA network interface
▪ Up to four specified N/S interfaces (for LB or MSM VM service types only)
▪ EC2 instance for the MGMT-0/MRM-0 VM
For all MME cluster VM instance stacks, the following resources are exported and can be referenced
by other stacks if required:
▪ MGMT network interface ID
▪ BASE network interface ID
▪ DATA network interface ID
▪ All N/S network interface ID(s)
▪ MGMT interface IP address
▪ BASE interface IP address
▪ DATA interface IP address
▪ N/S interface(s) IP address(es)
Optionally, a jump server can be created using the provided template. This jump server does not
depend on the cluster resources stack. It is an independent EC2 instance, which has a network
interface on the MGMT subnet for the MME cluster. If configured in the stack parameters, an AWS
Elastic IP will be allocated and associated with the jump server interface, allowing access from the
public internet.
Note: The jump server template requires the input of the ID for an existing SSH Key Pair, which must
be created in the AWS account prior to the stack creation.

Overview
4
The following resources are created by the jump server stack:
▪ Jump Server:
→ Elastic IP (if specified in stack parameters)
→ Network interface on MGMT subnet (Availability Zone A)
o Associated to the created Elastic IP (if specified)
→ Jump server EC2 instance
2.1 Organization
This content is organized as follows:
▪ Prerequisites
▪ MME Cluster Subnets
▪ Create Cluster Resource Stack
▪ VM Instances Stack Creation
▪ Initial MME Cluster Configuration
▪ Jump Server (optional)

5
3 Prerequisites
3.1 AWS CLI Setup
It is expected that the operator will have the AWS CLI application installed on a machine with access
to the AWS service. For the command-line option for stack deployment, AWS CLI access is required.
For the AWS console option for stack deployment, AWS CLI application is not required.
Documentation for AWS CLI installation and configuration can be found at this link:
https://aws.amazon.com/cli/
3.2 Resources
In order to deploy and run the MME on AWS, it is expected that the following resources be in place in
the AWS account:
▪ VPC
→ DNS hostnames and DNS resolution must be enabled
→ Internet GW -- provides connectivity to the internet for jump server, and any other VNF
that requires it
o Elastic IP -- for connectivity to jump server
→ VPN
o Customer Gateway – configuration in AWS for the VPN server in remote
premises
o Virtual Private GW -- VPN service that S1 network will use for connectivity to
remote RAN site. This VPG should propagate its routes to all applicable N/S
subnets
o Site-to-site VPN connections: IPsec tunnels for the VPG to the customer GW
▪ It is recommended to use redundant IPsec tunnels to separate VPN
servers for high availability, but not required for MME function
→ Subnets
o Common MGMT network
o Common North/South network(s)
→ Security Groups (can be passed in as inputs to cluster resource stack)

Prerequisites
6
o For MGMT subnet interface, and/or
o For N/S subnet interface(s)
Note: Template supports the configuration of the security group ID for each of these
network interfaces. Security groups can be reused for more than one interface if desired.
Note: Inbound and outbound rules can be set at the operator’s discretion. Please see
MME Operator’s Guide and other documentation for required inbound/outbound security
rules for connectivity.
→ VPC Endpoint
o VPC Endpoint for EC2 API access for MGMT-0/MRM-0
▪ Service Name: com.amazonaws.<availability-zone-a>.ec2
▪ Subnet: MGMT subnet in Availability Zone A
▪ Enable DNS name should be checked
▪ Security group should minimally allow AWS API traffic
▪ EC2
→ Key Pair – SSH key pair to be used with the jump server (this is a required parameter for
the template, regardless of whether a jump server will be part of stack creation)
→ Optional: Jump server VM Instance(s)
o Jump server with associated Elastic IP – for remote connectivity to VNFs
Note: MME has no specific requirements for the jump server other than that is has connectivity to the
MGMT subnet. The template creates a jump server if specified. Otherwise, a pre-existing jump server
can be utilized to provide connectivity to the MGMT/MRM VMs.
3.3 Inputs
The following names and/or IDs from the previous list of pre-requisite resources are required as
inputs to the MME CloudFormation templates:
▪ VPC ID
▪ Availability Zone “A”
▪ Availability Zone “B” (OPTIONAL – must be in same region as Availability Zone A) [Note:
Unsupported in this release]
▪ The following are REQUIRED only if jump server is created

Prerequisites
7
→ Key Pair name
→ AMI ID for Jump Server (Ubuntu 16.04 LTS from AWS marketplace for the install region)
▪ For Availability Zone A (REQUIRED):
→ MGMT subnet ID
→ N/S 1 subnet ID
→ N/S 2 subnet ID (optional based on network topology)
▪ For Availability Zone B (OPTIONAL) [Note: Unsupported in this release]:
→ MGMT subnet ID
→ N/S 1 subnet ID
▪ Security group(s) for MGMT and N/S subnet interfaces (optional)

8
4 MME Cluster Subnets
The Affirmed Networks MME requires three common networks, and a variable number of
“North/South” networks to function. These networks are as follows:
▪ Networks common to all VM instance:
→ MGMT/OAM network
→ BASE – inter-VM fabric for inter-process communication
→ DATA – inter-VM fabric for signaling traffic
▪ Networks specific to MSM/LB VM instances:
→ North/South – variable number of networks for connectivity to 3GPP interfaces such as
S1, S11, S6, etc.
For the MRM/MSM deployment model, the network connectivity diagram is shown in the following
figure. Engineering limits for the number of instances of each type of VMs are captured in the MME
Engineering Guide.
Figure 1. Full Deployment Model
Figure 2. Compact Deployment Model
The MME Cloud Formation template requires the use of a pre-existing MGMT subnet, as well as pre-
existing N/S subnet(s).
MGMT-0
Jump
Server
MGMT
BASE
DATA
MGMT-1
CALLPx-0 LB-0
CALLPx-1 LB-1
N/S 1
N/S x
RM-0
RM-1
SIG-0
SIG-x
MGMT-0
Jump
Server
MGMT
BASE
DATA
MGMT-1
MSMx-0
MSMx-1
N/S 1
N/S x

MME Cluster Subnets
9
4.1 N/S Subnets Planning
For the North/South subnets, the MME supports 2 modes of operation to provide connectivity to peer
nodes. The first mode of operation is standard mode (using either Secondary IP addresses or route
entries), and the second mode incorporates point-to-point tunneling from the MME to the operator’s
data center over a VPN or other AWS connectivity option. These modes are described in this
section.
The choice of networking mode impacts the parameter inputs in the stack creation of the cluster
resource and individual VM instance stacks. This choice is specific to each N/S subnet; a single
MME can support all 3 methods in a single cluster across its N/S subnets.
4.1.1 Standard Networking with SecondaryIP Addresses
For subnets in which the peer nodes are located within the same AWS VPC, tunneling does not
apply. For these subnets, additional AWS configuration is required for connectivity to the MME
external (loopback) IP addresses as detailed in this section.
4.1.1.1 Configure Secondary IP Addresses for N/S Network Interfaces
Note: The following step is only required for N/S routing-instances that use loopback IP addresses in
the same subnet as the interface IP address, and do not use the MME tunneling feature described in
section 4.1.3.
After the completion of the stack creation process and prior to configuration of the MME cluster, all
3GPP interface IP addresses (“loopbacks”) must be associated to one of the corresponding N/S
interfaces of an MSM instance as AWS Secondary IP addresses. These loopback IP addresses
should be distributed across all MSM instances for best performance. This allows for packets
destined to those addresses to be received on the appropriate N/S interface of the MSM instance.
Note: All 3GPP interface IP addresses MUST be allocated from the CIDR for the corresponding N/S
subnet. AWS does not support assignment of secondary IP addresses outside of the subnet.
4.1.1.2 Management of Secondary IP Address Association
The MME will monitor the secondary IP address associations to MSM VMs. When a failure of an
MSM instance is detected, the MME will automatically re-associate the secondary IP addresses
associated to the failed MSM instance to other MSM instances in the cluster. When the failed MSM
recovers and re-enters service, the secondary IP address association will be reverted to the original
location.
To reset the MME view of mapping of secondary IP addresses to MSM instances based on the
current configuration in the AWS dashboard, issue the “routing-instances reset” command.
admin@afnmme-0 18:05:03> request routing-instances reset
You are requesting to reset the default loopback positions for public cloud.

MME Cluster Subnets
10
Continue? [y/n]: y
Resetting the default loopback positions for public cloud...
[ok][2019-12-12 18:06:10]
4.1.2 Standard Networking with Route Table
Note: Support for this mode is planned for the MME 14.1 release.
Standard networking mode can also use AWS route tables and static routing to steer incoming traffic
to the correct node in the MME cluster. In this use case, the MME loopback IP addresses DO NOT
reside within a CIDR block allocated to the VPC within which the MME is operating.
4.1.2.1 Configure Routes for MME Loopback IP Addresses
Feature currently not supported.
4.1.2.2 Automatic Management of Static Routes for HA
Feature currently not supported.
4.1.3 N/S Interfaces with Tunneling
Note: For connectivity to remote networks (such as S1 network), the AWS VPC should be connected
to the remote data center via VPN (or other method supported by AWS). This configuration is a pre-
requisite to MME cluster deployment and is outside the scope of this document.
For the MME to connect to peer nodes within the remote data center, GRE (or IP-IP) tunnels must be
established from a router in the data center to each MSM deployed in the MME cluster. This is a
constraint of the AWS VPG routing capability.
Figure 3. Tunneling Network Diagram
Note: The N/S subnet(s) that require tunneling should activate route propagation from the VPG to the
subnet route table in AWS.

MME Cluster Subnets
11
4.1.3.1 MME “routing-instance” Configuration for Tunneling
The following figure shows an example of configuration for a routing-instance that utilizes tunnel
interfaces. The parameters relating to tunnel configuration are described in the table that follows the
example.
Figure 4. Configuration Example for GRE tunneling
instance external_s1 {
bfd disable;
lb-vm-if1 gre-ext-s1;
tunneling gre;
tunnel-if eth3;
lb-instance 0 {
if1-ipv4-addr 1.1.2.2/30;
tunnel-ipv4-addr 10.179.8.4/28;
tunnel-peer-ipv4-addr 10.165.153.240;
tunnel-if-next-hop-ipv4-gw-addr 10.179.8.1;
}
lb-instance 1 {
if1-ipv4-addr 1.1.2.18/30;
}
lb-instance 2 {
if1-ipv4-addr 1.1.2.34/30;
}
lb-instance 3 {
if1-ipv4-addr 1.1.2.38/30;
}
}
In Figure 3 above, an example of a routing-instance with tunneling enabled is shown. The parameters
are as follows:
Table 1. "routing-instances” Configuration Parameters for Tunneling
Parameter Values Description
Routing-Instance Parameters
tunneling none (default),
gre,
ipip
Tunneling mode for this routing-instance. Defaultvalue is none
which is a non-tunneled routing-instance. To activate tunneling for
this routing-instance,this parameter should be “gre” for GRE
tunnels,or “ipip” for IP-IP tunnels.
lb-vm-if1 String If tunneling is not “none”,this is the desired name of the created
GRE/IP-IP tunnel interface in the OS. For a GRE tunnel,this name

MME Cluster Subnets
12
Parameter Values Description
mustbegin with “gre“, and for an IP-IP tunnel the name mustbegin
with “tunl”.
If tunneling is “none”,this parameter is the network interface in the
OS (ex. eth3) to which this routing-instance is mapped.
tunnel-if eth3 – eth6 This parameter is only configurable when tunneling is not“none”.
When tunneling is not “none”,this parameter is the network interface
in the OS (ex. eth3) to which this routing-instance is mapped.
LB Per-Instance Parameters
if1-ipv4-addr IPv4 CIDR This is the “inner” subnetfor the tunneling interface. This IP address
and mask only applies to either end of the tunnel,but it not utilized in
the forwarding of packets. It can be any IP/subnet that does not
conflictwith the tunnel endpoints or loopback IP addresses. This
parameter is in the form “x.x.x.x/y”.
tunnel-ipv4-addr IPv4 CIDR The local GRE tunnel endpointIP address and subnetmask, in the
form “x.x.x.x/y”.
tunnel-peer-ipv4-addr IPv4 address The remote GRE tunnel endpointIP address, in the form “x.x.x.x”.
tunnel-if-next-hop-ipv4-
gw-addr
IPv4 address The IP address of the next-hop gateway for the connected AWS N/S
subnet. It should reside in the same subnetas tunnel-ipv4-addr.

13
5 Create Cluster Resource Stack
This section describes the stack parameters and creation process for the cluster resource stack.
These resources and parameters are common to the entire cluster.
5.1 Cluster Stack Parameters
The MME CFN template requires variables for the cluster to be configured. The following table
describes all of the required parameters.
Table 2. Required Parameters for Cluster Resources Stack
Parameter Template Variable
Name
Optionality Value Description
VPC ID vpcId REQUIRED VPC ID ID for the AWS VPC, in the form vpc-
XXXXXXXX
Availability
Zone List
availabilityZoneList REQUIRED Comma
Separated
List of
Availability
Zone names
A list of at least 1 (max 2) Availability
Zone names for deploymentof the
MME cluster. This list should consist
of up to 2 AZs, the first being the “A”
side zone, and the second being the
“B” side zone. The parameter should
be in the form:“us-east-1a,us-
east-1b”. Dual availability zones
are not supported in this release. For
single availability zone deployment, all
VMs of the MME cluster will be
deployed in the single AZ. For a
single AZ deployment,the parameter
mustbe in the form:“us-east-1a,”
with the availability zone name
followed by a single comma.
Dual
Availability
Support Flag
dualAvailabilityZones OPTIONAL true or false Flag to indicate whether MME shall be
deployed into two separate availability
zones for geographic redundancy.
FEATURE NOT CURRENTLY
SUPPORTED – SET TO “false”.
MGMT AMI ID mgmtImageId REQUIRED AMI ID This is the AMI for the image to be
used for MGMT/RM/MRM VMs.
Non-MGMT
AMI ID
nonMgmtImageId REQUIRED AMI ID This is the AMI for the image to be
used for all non-MGMT/RM/MRM
VMs.

Create Cluster Resource Stack
14
Name
MGMT/MRM
EC2 Instance
Type
mgmtInstanceType REQUIRED EC2
Instance
Type
EC2 instance type for MGMT OR
MRM VMs. Defaultis “c5.2xlarge”.
Minimum allowed C5 instance type is
“c5.large”.
Note: This value is used for MRM
instance type for compactmodel.
RM EC2
Instance Type
rmInstanceType REQUIRED EC2
Instance
Type
EC2 instance type for RM VMs.
Defaultis “c5.2xlarge”. Minimum
allowed C5 instance type is “c5.large”.
SIG EC2
Instance Type
sigInstanceType REQUIRED EC2
Instance
Type
EC2 instance type for SIG VMs.
allowed C5 instance type is
“c5.xlarge”.
LB EC2
Instance Type
lbInstanceType REQUIRED EC2
Instance
Type
EC2 instance type for LB VMs.
allowed C5 instance type is “c5.large”.
CALLP EC2
Instance Type
callpInstanceType REQUIRED EC2
Instance
Type
EC2 instance type for CALLP AND
MSM VMs. Defaultis “c5.4xlarge”.
Minimum allowed C5 instance type is
“c5.2xlarge”.
Note: This value is used for MSM
instance type for compactmodel.
Cluster Name clusterName REQUIRED String Logical name for the MME cluster.
Cluster
Number
clusterNumber REQUIRED Integer (0-
99)
Logical number for the MME cluster.
MGMT
Floating IP
Address
mgmtFloatingIp REQUIRED IPv4 Address High-availability IP address for MGMT
connectivity.
RefreshSSH
Keys
refreshSshKeys OPTIONAL Boolean Indicates if user SSH keys for built-in
users should be regenerated at first
boot. Defaultis “false”.
Root
Hardening
rootHardening OPTIONAL Boolean Indicates if root accountlogin via
password should be disabled. Default
is “false”.
User Auth
Method
userAuthMethod OPTIONAL String
Enumeration
Indicates the authentication method to
be configured for all built-in users.
Valid values are: “password-or-key”,
“password-and-key”,“password-only”,
and “key-only”. Defaultis “password-
or-key”.

15
Name
MGMT Subnet
ID List
mgmtSubnetIdList REQUIRED Comma
separated list
of Subnet ID
The list of the AWS subnetID(s) for
the pre-created subnet(s) for the
MGMT network. The list mustbe in
the form of “subnet-
XXXXXXXXXXXXX, subnet-
XXXXXXXXXXXXX”. This firstsubnet
ID should reside in Availability Zone
A, and the optional second subnetID
should reside in Availability Zone B.
When the cluster is deployed into a
single availability zone,the parameter
should be formatted as: “subnet-
XXXXXXXXXXXXX,” with the MGMT
subnetID followed by a single
comma.
MGMT
Security
Group ID
mgmtSecurityGroupID OPTIONAL String (AWS
Security
Group ID)
This is the security group to be
associated with the MGMT network
interface for all cluster VM instances.
Note: If this value is not configured in
the cluster resource stack, then the
UseDefaultSecurityGroupMGMT
parameter for the VM instance stack
must be set to “true”. This will result
in the use of the security group
created for BASE/DATA subnets in
the cluster resource stack to be used
for the MGMT interface for that
instance.
BASE CIDR
List
baseCIDRList REQUIRED Comma
Separated
List of IPv4
CIDR
The list of IPv4 CIDRs to be used for
the BASE subnets. The first CIDR
should be for Availability Zone A, and
the second for Availability Zone B.
The parameter mustbe in the form:
“x.x.x.x/y,x.x.x.x/y”. When
the cluster is deployed into a single
availability zone,the parameter
should be formatted as:
“x.x.x.x/y,” with the single BASE
subnetCIDR followed by a single
comma.
Note:
• Both CIDRs MUST fall within the
range of a CIDR block configured
for the VPC.

16
Name
Minimum subnetsize of 28
DATA CIDR
List
dataCIDRList REQUIRED Comma
Separated
List of IPv4
CIDR
The list of IPv4 CIDRs to be used for
the DATA subnets. The first CIDR
should be for Availability Zone A, and
the second for Availability Zone B.
The parameter mustbe in the form:
“x.x.x.x/y,x.x.x.x/y”. When
the cluster is deployed into a single
availability zone,the parameter
should be formatted as:
“x.x.x.x/y,” with the single BASE
subnetCIDR followed by a single
comma.
Note:
• Both CIDRs MUST fall within the
range of a CIDR block configured
for the VPC.
• Minimum subnetsize of 28
N/S 1 Connect
Indicator
ns1Connect REQUIRED true or false Indicates whether N/S 1 subnet
should be connected. Should always
be true if MSM VM is instantiated.
Note: Due to an AWS cloudformation
limitation,this value mustalso be
passed as a parameter to both the
cluster resource stack and the
individual VM stacks.
N/S 1 Subnet
ID List
ns1SubnetIdList REQUIRED Comma
separated list
of Subnet ID
the pre-created subnet(s) for the N/S
1 network. The list mustbe in the
form of “subnet-XXXXXXXXXXXXX,
subnet-XXXXXXXXXXXXX”. This first
subnetID should reside in Availability
Zone A, and the optional second
Zone B. When the cluster is deployed
into a single availability zone,the
parameter should be formatted as:
“subnet-XXXXXXXXXXXXX,” with the
N/S 1 subnet ID followed by a single
comma.
N/S 1 Security
Group ID
ns1SecurityGroupID OPTIONAL String (AWS
Security
Group ID)
associated with the N/S 1 network

17
Name
interface for all cluster LB/MSM VM
instances.
UseDefaultSecurityGroupNs1
for the N/S 1 interface for that
instance.
N/S 2 Connect
Indicator
should be connected.
Note: Due to a AWS cloudformation
N/S 2 Subnet
ID List
ns2SubnetIdList OPTIONAL Comma
separated list
of Subnet ID
or single
comma
comma.
Note: If N/S 2 is not in use, the
parameter value should be “,” (single
comma).
N/S 2 Security
Group ID
Security
Group ID)
instances.

18
Name
instance.
N/S 3 Connect
Indicator
N/S 3 Subnet
ID List
Ns3SubnetIdList OPTIONAL Comma
separated list
of Subnet ID
or single
comma
comma.
comma).
N/S 3 Security
Group ID
Security
Group ID)
instances.
instance.

19
Name
N/S 4 Connect
Indicator
N/S 4 Subnet
ID List
Ns4SubnetIdList OPTIONAL Comma
separated list
of Subnet ID
or single
comma
4 network. The list mustbe in the form
of “subnet-XXXXXXXXXXXXX,
comma.
comma).
N/S 4 Security
Group ID
Security
Group ID)
instances.
instance.

20
5.2 Cluster Stack Parameters JSON File
When instantiating the stack via the AWS CLI, the variable parameters for the MME cluster stack
should be defined in a single JSON file and referenced as part of the cloudformation create-stack
command as described in the next section. Prior to executing the AWS CLI cloudformation create-
stack command, the values must be entered and saved in a JSON file with the correct values for the
cluster. Care should be taken to only update the values (and not the headings and variable names).
This file will be referenced in the create-stack command documented below.
Note: Proper formatting of the file is critical to the successful instantiation of the stack. Care should
be taken to not re-order lines, leave required variables blank, and remove any characters other that
those with parameter values.
The following is an example of the entries within the JSON file.
[
{ "ParameterKey": "vpcId", "ParameterValue": "vpc-03a5936a2399d9466" },
{ "ParameterKey": "availabilityZoneList", "ParameterValue": "us-east-1a," },
{ "ParameterKey": "dualAvailabilityZones", "ParameterValue": "false" },
{ "ParameterKey": "mgmtImageId", "ParameterValue": "ami-039d693fbc130ac7b" },
{ "ParameterKey": "nonMgmtImageId", "ParameterValue": "ami-083f6fb888051889f" },
{ "ParameterKey": "mgmtInstanceType", "ParameterValue": "c5.2xlarge" },
{ "ParameterKey": "rmInstanceType", "ParameterValue": "c5.2xlarge" },
{ "ParameterKey": "sigInstanceType", "ParameterValue": "c5.4xlarge" },
{ "ParameterKey": "callpInstanceType", "ParameterValue": "c5.4xlarge" },
{ "ParameterKey": "lbInstanceType", "ParameterValue": "c5.2xlarge" },
{ "ParameterKey": "clusterName", "ParameterValue": "afnmme" },
{ "ParameterKey": "clusterNumber", "ParameterValue": "20" },
{ "ParameterKey": "mgmtFloatingIp", "ParameterValue": "10.8.66.18" },
{ "ParameterKey": "refreshSshKeys", "ParameterValue": "false" },
{ "ParameterKey": "rootHardening", "ParameterValue": "false" },
{ "ParameterKey": "userAuthMethod", "ParameterValue": "password-or-key" },
{ "ParameterKey": "mgmtSubnetIdList", "ParameterValue": "subnet-007f0d7ab0e498cdf," },
{ "ParameterKey": "mgmtSecurityGroupId", "ParameterValue": "sg-03943a78ba6c94ed7" },
{ "ParameterKey": "baseCIDRList", "ParameterValue": "10.8.64.64/28," },
{ "ParameterKey": "dataCIDRList", "ParameterValue": "10.8.64.80/28," },
{ "ParameterKey": "ns1Connect", "ParameterValue": "true" },
{ "ParameterKey": "ns1SubnetIdList", "ParameterValue": "subnet-00c48354a28c32ad7," },
{ "ParameterKey": "ns1SecurityGroupId", "ParameterValue": "sg-0a062c9345f98f643" },
{ "ParameterKey": "ns2Connect", "ParameterValue": "false" },
{ "ParameterKey": "ns2SubnetIdList", "ParameterValue": "subnet-04460033aa2853ed7," },
{ "ParameterKey": "ns3SubnetIdList", "ParameterValue": "subnet-0c67cec1a8741a21b," },
{ "ParameterKey": "ns4SubnetIdList", "ParameterValue": "subnet-0396575c7d0b9b017," },
{ "ParameterKey": "ns4SecurityGroupId", "ParameterValue": "sg-0a062c9345f98f643" }
]
Note: Editing a JSON file is not required if the AWS Console is used to instantiate the MME cluster
resources stack. See Option 2 in the following section.
5.3 Stack Creation
The CloudFormation stack for the MME cluster resources can be instantiated either using the AWS
CLI utility, or using the CloudFormation dashboard in the AWS console.

21
Note: Perform either option to instantiate the stack, but not both. It is recommended to use the CLI
option. This allows for quick repetition of the procedure without the need to re-enter parameters each
time the stack creation is performed.
5.3.1 Option 1: AWS CLI
To create the stack using the AWS CLI, run the cloudformation create-stack command.
aws cloudformation create-stack --stack-name mme-cluster-stack-name --template-url
file:///path/to/cluster/yaml/cluster.yaml --parameters file:///path/to/env/envfile.json --
disable-rollback --capabilities CAPABILITY_IAM
where:
mme-cluster-stack-name = name of the stack
path/to/cluster/yaml = path to the cluster.yaml file
path/to/env = path to the cluster.yaml file
envfile.json = path and name of the JSON containing the stack variables
The --disable-rollback option prevents cloud formation from automatically deleting the stack in
the case of an error during stack creation. This is helpful to troubleshoot stack creation failure.
The --capabilities CAPABILITY_IAM option is necessary due to the application of an IAM
Profile to the MGMT/MRM VMs. This profile enables the instances to call the AWS EC2 API from
within the VM.
5.3.2 Option 2: AWS Console
To create the stack via the AWS Console (CloudFormation section), perform the following steps.
Within the CloudFormation window, select the “Create stack” button, and select “With new resources
(standard).

22
Figure 5. Create Stack
In the “Create stack” page, select the “Upload a template file” option. Click the “Choose file” button
and select the cluster.yaml file. Click Next.
Figure 6. Upload Template File
The following page will allow for the entering of the stack parameters, first the stack name, and then
the paramters as defined in Table 2 - Required Parameters for Cluster Resources Stack. Once all of
the values for the stack have been entered, click the Next button.

23
Figure 7. Enter Stack Parameters
In the “Configure stack options” page, additional configuration for the stack can be added which is not
MME specific and outside the scope of this document. Click “Next” to go to the next page.
In the resulting “Review stack” page, review the values for the parameters shown match the intended
values. When satisfied that all values are correct, click the required checkboxes at the bottom of the
page for IAM. This are required due to the creation of an IAM profile. Once complete, click “Create
stack” to begin stack creation.
5.3.3 Post-Creation Steps
▪ Ensure that the cluster resources stack creation is successful, reaching the
CREATE_COMPLETE state.
▪ Review the Outputs from the resulting stack, ensuring they are consistent with the intended
values.
With the completion of the cluster resources stack creation, the next step is to create the stacks for
each VM instance, as described in the next section.

24
6 VM Instances Stack Creation
The CFN template for each VM instance stack creates network interfaces for all connected subnets
for that instance. The following inputs are required parameters for network interface creation for
every required VM instance.
6.1 Template Parameters for VM Instance Stacks
The following parameters provide the IP addresses for MGMT and N/S interfaces in the MME cluster.
Table 3. VM Instance Stack Parameters
Name
Cluster
Resource
Stack Name
BaseStackName REQUIRED String The name of the previously
created cluster resource
stack.
MGMT-0 Stack
Name
Mgmt0StackName REQUIRED String For MGMT-0/MRM-0, this
parameter is leftempty.
For all other VM instances,
this should be the name of the
stack for MGMT-0/MRM-0.
VM Service VmService REQUIRED VM Service for
the instance.
The VM service for this
instance,chosen from the
following for a standard
deployment:
mgmt-X (X=0-1)
rm-X (X=0-1)
sig-X (X=0-31)
lb-X (x=0-7)
callpX-Y (X=0-15,
Y=0-1)
For compactmode:
mrm-X (X=0-1)
msmX-Y (X=0-3, Y=0-1)
MGMT IP
Address
MgmtPrimaryIp REQUIRED IPv4 address IP address for MRM-0 MGMT
interface
Use Default
Security
Group for
MGMT I/F
UseDefaultSecurityGroup
MGMT
OPTIONAL true or false Default: false
Flag to indicate if the security
group created by the cluster
resource stack should be

VM Instances Stack Creation
25
Name
used for the MGMT subnet
interface.
Note: If the
MgmtSecurityGroupID
parameter of the cluster
resource stack is empty, then
this value MUST be set to
true, otherwise stack creation
will fail.
Key fields below apply only to MGMT/MRM VM types and are ignored for other VM types.
Root SSH Key
1
RootSshKey1 OPTIONAL String Inject this public key for the
root user.
Input: A valid SSH public key
in the form of key-type key-
string. This is typically the
public key outputof the ssh-
keygen program.
Root SSH Key
2
RootSshKey2 OPTIONAL String Inject this public key for the
root user.
keygen program.
Admin SSH
Key 1
AdminSshKey1 OPTIONAL String Inject this public key for the
admin user.
keygen program.
Admin SSH
Key 2
AdminSshKey2 OPTIONAL String Inject this public key for the
admin user.
keygen program.
Mtc SSH Key 1 MtcSshKey1 OPTIONAL String Inject this public key for the
mtc user.

26
Name
keygen program.
Mtc SSH Key 2 MtcSshKey2 OPTIONAL String Inject this public key for the
mtc user.
keygen program.
Viewer SSH
Key 1
ViewerSshKey1 OPTIONAL String Inject this public key for the
viewer user.
keygen program.
Viewer SSH
Key 2
ViewerSshKey2 Inject this public key for the
viewer user.
keygen program.
Operator SSH
Key 1
OperatorSshKey1 OPTIONAL String Inject this public key for the
operator user.
keygen program.
Operator SSH
Key 2
OperatorSshKey2 Inject this public key for the
operator user.
keygen program.
Accounting
SSH Key 1
AccountingSshKey1 OPTIONAL String Inject this public key for the
accounting user.

27
Name
keygen program.
Accounting
SSH Key 2
AccountingSshKey2 Inject this public key for the
accounting user.
keygen program.
LEA SSH Key
1
LeaSshKey1 OPTIONAL String Inject this public key for the
lea user.
keygen program.
LEA SSH Key
2
LeaSshKey2 Inject this public key for the
lea user.
public key output of the ssh-
keygen program.
Fields below apply only to LB and MSM VM types and are omitted for other VM types.
N/S 1 IP
Address
Ns1PrimaryIp REQUIRED IPv4 address or
BLANK
IP address for N/S 1 interface
if deployed. Only used if the
VM type is LB or MSM.
Use Default
Security
Group for N/S
1 interface
Ns1
used for the N/S 1 subnet
interface.
Note: If the
Ns1SecurityGroupID
will fail.

28
Name
N/S 2 IP
Address
Ns2PrimaryIp OPTIONAL IPv4 address or
BLANK
Use Default
Security
Group for N/S
2 interface
Ns2
interface.
Note: If the
Ns2SecurityGroupID
will fail.
N/S 3 IP
Address
BLANK
Use Default
Security
Group for N/S
3 interface
Ns3
interface.
Note: If the
Ns3SecurityGroupID
will fail.
N/S 4 IP
Address
BLANK
Use Default
Security
Group for N/S
4 interface
Ns4
interface.
Note: If the
Ns4SecurityGroupID

29
Name
will fail.
N/S 1 Connect
Indicator
Ns1Connect REQUIRED true or false Indicates whether N/S 1
subnetshould be connected.
Should always be true if and
LB or MSM VM is instantiated.
This value is ignored on non-
LB/MSM VMs and can be
omitted for those VM types.
Note: Due to an AWS
cloudformation limitation,this
value mustalso be passed as
a parameter to both the
individual VM stacks. The
value in the cluster stack must
match this value.
N/S 2 Connect
Indicator
Ns2Connect OPTIONAL true or false Default:“false”
Indicates whether N/S 2
Note: Due to an AWS
match this value.
N/S 3 Connect
Indicator

30
Name
Note: Due to an AWS
match this value.
N/S 4 Connect
Indicator
Note: Due to an AWS
match this value.
6.2 BASE and DATA Network
6.2.1 Interface IP Addresses
The IP addresses for the BASE and DATA network interfaces cannot be statically assigned. These
are allocated from the corresponding subnets by AWS when the resources are created. The MME
cluster virtual machines receive the IP address assignment via DHCP.
6.2.2 MTU Values
The MTU values for the BASE and DATA network devices in all cluster VMs are hard coded during
stack creation to 9000 bytes. These values are not configurable.
The MTU values for the BASE and DATA tunnel devices in all cluster VMs are hard coded to 8700
(Base) and 1500 (Data). The MTU value for the base network tunnel device should not be modified

31
after deployment. The MTU value for the data network can be lowered (via CLI configuration) if
required for inter-operability with external networks/nodes.
6.3 Creation of MGMT-0/MRM-0 Stack
The first MME instance to be created MUST be the mgmt-0 or mrm-0 VM depending on the
deployment mode. All other stack instances will depend on outputs from the mgmt-0/mrm-0 stack.
Using either the AWS CLI or the AWS CloudFormation dashboard, instantiate the mgmt-0/mrm-0
stack. The procedures for stack creation are documented in the previous section. Take note of the
name given to the MGMT-0/MRM-0 stack, as it will be an input to all remain instance stacks.
6.3.1 VM Instance CFN Template
The MME VM instance template is delivered in YAML format, in the file named “mme-vm.yaml”. This
template will take the input parameters from the JSON environment file, as well as the outputs from
the MME cluster resources stack created in the previous section, and create the following resources:
▪ MGMT Network Interface with IP address specified by MgmtPrimaryIp.
▪ BASE Network Interface with a system allocated IP address from the BASE subnet.
▪ DATA Network Interface with a system allocated IP address from the DATA subnet.
For MGMT and MRM VM types, the IAM Instance Profile created by the cluster resource stack above
is applied to the instance, allowing AWS EC2 APIs to be called from within these VMs.
6.3.2 JSON Example for MGMT-0 Stack
Assuming that the MME cluster resource stack is created above with the stack name of “afnmme”, the
following shows an example of the JSON file contents for the mgmt-0 stack.
[
{ "ParameterKey": "BaseStackName", "ParameterValue": "afnmme" },
{ "ParameterKey": "Mgmt0StackName", "ParameterValue": "" },
{ "ParameterKey": "VmService", "ParameterValue": "mgmt-0" },
{ "ParameterKey": "MgmtPrimaryIp", "ParameterValue": "10.8.66.18" },
{ "ParameterKey": "RootSshKey1", "ParameterValue": "id_rsa XXXXXX " }
]
6.3.3 Stack Post-Creation Steps
▪ Ensure that the cluster resources stack creation is successful, reaching the
CREATE_COMPLETE state.

32
▪ Review the Outputs from the resulting stack, ensuring they are consistent with the intended
values. Ensure the BaseIpAddress and DataIpAddress appear to be valid. These IP addresses
are imported into the remaining instance stacks for internal connectivity.
Note: The following steps may require the creation of a jump server as documented in Section 8 -
Jump Server (optional).
At this point, it is recommended to connect to the newly created mgmt-0/mrm-0 VM instance via SSH,
to ensure that the instance instantiated correctly. Once connected, initial cluster configuration can be
performed as documented in Section 7 - Initial MME Cluster Configuration.
6.4 Creation of Other Instance Stacks
Following the instantiation of MGMT-0, the remaining VM instances can be created, beginning with
MGMT-1/MRM-1, and then the other cluster members in any order. Assuming that the MME cluster
resource stack is created above with the stack name of “afnmme” and the MGMT-0 stack is created
with the name of “afnmme-mgmt-0”, see the following sections showing examples of the JSON file
contents for the various VM instances’ stacks.
Note: The line for the last entry in the file must not end with a comma.
6.4.1 JSON Example for MGMT-1/MRM-1Stack
[
{ "ParameterKey": "Mgmt0StackName", "ParameterValue": "afnmme-mgmt-0" },
{ "ParameterKey": "VmService", "ParameterValue": "rm-0" },
{ "ParameterKey": "RootSshKey1", "ParameterValue": "id_rsa XXXXXX" }
]
6.4.2 JSON Example for VM Instance Stack (Non-LB/MSM)
[
{ "ParameterKey": "VmService", "ParameterValue": "rm-0" },
{ "ParameterKey": "MgmtPrimaryIp", "ParameterValue": "10.8.66.18" }
]
6.4.3 JSON Example for VM Instance Stack (LB/MSM)
Assuming that the MME cluster resource stack is created above with the stack name of “afnmme” and
the MGMT-0 stack is created with the name of “afnmme-mgmt-0”, the following shows an example of
the JSON file contents for the lb-0 stack. For an LB/MSM VM, the N/S connection parameters and IP
addresses must be provided.

33
[
{ "ParameterKey": "VmService", "ParameterValue": "lb-0" },
{ "ParameterKey": "Ns1Connect", "ParameterValue": "true" },
{ "ParameterKey": "Ns2Connect", "ParameterValue": "false" },
{ "ParameterKey": "Ns1PrimaryIp", "ParameterValue": "10.8.64.4" },
{ "ParameterKey": "Ns4PrimaryIp", "ParameterValue": "10.8.64.52" }
]
If the “epc system” configuration was perf ormed following the instantiation of the MGMT-0/MRM-0
stack, then all VMs should join the cluster after stack creation is complete. Some VM instances will
not become fully active until required configuration is performed, as documented in the MME
documentation suite.

34
7 Initial MME Cluster Configuration
The newly instantiated MME cluster must be configured prior to entry into service. The full MME
configuration is outside the scope of this document. However, there are two sections of configuration
that should be completed soon after stack creation to ensure connectivity of the MME node.
7.1 EPC System Configuration
The cluster member configuration should be done to allow the cluster VM instances to communicate
with the MGMT-0/MRM-0 instance. From the jump server, SSH into the MGMT-0/MRM-0 VM as
admin.
admin connected from 10.179.6.250 using ssh on mmedeploy-0
mmedeploy-0# config
Entering configuration mode terminal
mmedeploy-0(config)# epc system mrm unit 1 vm-instance afnmme-mrm-1
Additional instance configuration commands for the remaining units in the system.
mmedeploy-0(config-unit-0)# commit
Commit complete.
mmedeploy-0# show vm
UNIT
LOCATION SERVICE ID ADMIN OPER STANDBY CPU MEMORY VERSION
-------------------------------------------------------------------------------------
afnmme-mrm-0 mrm 0 unlocked enabled active 0 10 15.0.6.1
afnmme-mrm-1 mrm 1 unlocked enabled hot standby 0 8 15.0.6.1
afnmme-msm0-0 msm0 0 unlocked enabled active 0 7 15.0.6.1
afnmme-msm0-1 msm0 1 unlocked enabled hot standby 0 7 15.0.6.1
afnmme-msm1-0 msm1 0 unlocked enabled hot standby 0 6 15.0.6.1
afnmme-msm1-1 msm1 1 unlocked enabled active 0 6 15.0.6.1
7.2 Routing Instances Configuration
Note: The following section should be done AFTER the secondary IP address association
configuration is performed as described in Configure Secondary IP Addresses for N/S Network
Interfaces.
After completing the cluster configuration from the previous section as well as the secondary IP
address association, configure the routing instances for the 3GPP external interfaces in the MME, as
described in the MME Configuration Guide and in section MME “routing-instance” Configuration
for Tunneling.

35
8 Jump Server (optional)
The MME CFN templates also include a template and sample environment file for the creation of a
generic Ubuntu jump server instance, to provide external access to the MME cluster. The jump server
is based on the AWS Ubuntu 16.04 server AMI instance available in the AWS Marketplace. The
template will create an EC2 instance with the specified instance type, populate the specified SSH key
into the image, and optionally allocate/associate an Elastic IP for the instance.
The following template parameters pertain to jump server creation.
Table 4. Jump Server Template Parameters
Name
VPC ID vpcId REQUIRED String
(VPC ID)
The VPC for the networking
components of the jump server.
Availability
Zone
availabilityZone REQUIRED AWS
Availability
Zone
Name
The availability zone into which the
jump server will be created.
Subnet ID subnetId REQUIRED AWS
SubnetID
The subnetfor the jump server
network interface.
Security Group
ID
securityGroupID REQUIRED AWS
Security
Group ID
associated with the network interface
for the jump server.
Jump Server
Name
jumpServerName REQUIRED String Name of the jump server EC2
instance.
SSH Key Pair jumpSshKeyName REQUIRED Key Pair
name
The pre-created SSH key pair to be
used for Jump Server access.
Jump Server
AMI ID
jumpImageId REQUIRED AMI ID The AMI ID to be used to create the
jump server instance.This AMI ID
should be that of the Ubuntu 16.04
LTS server image in the AWS
marketplace for the region in which
the MME cluster is being installed.
Jump Server
EC2 Instance
Type
jumpInstanceType REQUIRED EC2
Instance
Type
The EC2 instance type to be used for
the jump server. Defaultvalue is
“t2.micro”,and is used if no value is
passed in for the parameter.
Jump Server
MGMT IP
Address
jumpPrimaryIpAddress REQUIRED IPv4
address or
BLANK
The IP address to be assigned to the
MGMT interface of the jump server.

Jump Server (optional)
36
Name
Elastic IP
Allocate
Indicator
allocateJumpElasticIp OPTIONAL true or
false
Flag to indicate whether an Elastic IP
should be allocated and associated to
the jump server network interface.
Defaultvalue is false.

MCC_MME_AWS_CFN_15.0.pdf

Recommended

Recommended

More Related Content

Similar to MCC_MME_AWS_CFN_15.0.pdf

Similar to MCC_MME_AWS_CFN_15.0.pdf (20)

Recently uploaded

Recently uploaded (20)

MCC_MME_AWS_CFN_15.0.pdf