CLOUD MOBILE GATEWAY

Release 22.8.R1

CMG CLOUD NATIVE FUNCTION

INSTALLATION GUIDE

3HE 18240 AAAD TQZZA

Issue 01
September 2022

©2022 Nokia. Nokia Confidential Information. Use subject to agreed restrictions on disclosure and use.
Nokia is committed to diversity and inclusion. We are continuously reviewing our customer documentation and consulting with
standards bodies to ensure that terminology is inclusive and aligned with the industry. Our future customer documentation will be
updated accordingly.

This document includes Nokia proprietary and confidential information, which may not be distributed or disclosed to any third parties
without the prior written consent of Nokia.

This document is intended for use by Nokia's customers ("You"/"Your") in connection with a product purchased or licensed from any
company within Nokia Group of Companies. Use this document as agreed. You agree to notify Nokia of any errors you may find in
this document; however, should you elect to use this document for any purpose(s) for which it is not intended, You understand and
warrant that any determinations You may make or actions You may take will be based upon Your independent judgment and analysis of
the content of this document.

Nokia reserves the right to make changes to this document without notice. At all times, the controlling version is the one available on
Nokia’s site.

No part of this document may be modified.

NO WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF AVAILABILITY,
ACCURACY, RELIABILITY, TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, IS MADE IN
RELATION TO THE CONTENT OF THIS DOCUMENT. IN NO EVENT WILL NOKIA BE LIABLE FOR ANY DAMAGES, INCLUDING BUT NOT
LIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF
PROFIT, REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY OR DATA THAT MAY ARISE FROM THE USE OF THIS DOCUMENT
OR THE INFORMATION IN IT, EVEN IN THE CASE OF ERRORS IN OR OMISSIONS FROM THIS DOCUMENT OR ITS CONTENT.

Copyright and trademark: Nokia is a registered trademark of Nokia Corporation. Other product names mentioned in this document
may be trademarks of their respective owners.

©2022 Nokia.

©2022 Nokia. Nokia Confidential Information. Use subject to agreed restrictions on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Table of Contents

Table of Contents
List of Figures.............................................................................................................................................. 5

List of Tables................................................................................................................................................6

1 Getting started.............................................................................................................................................7

2 What’s new....................................................................................................................................................9

3 Cloud Native Function............................................................................................................................... 10

3.1 CNF infrastructure.................................................................................................................................. 10
3.1.1 K8s and third-party platforms....................................................................................................... 10
3.1.2 K8s cluster.......................................................................................................................................10
3.1.3 K8s cluster runtime framework components................................................................................10
3.1.4 K8s nodes........................................................................................................................................ 10
3.1.4.1 K8s master nodes................................................................................................................... 11
3.1.4.2 K8s worker nodes................................................................................................................... 11
3.1.5 K8s CNI plug-ins..............................................................................................................................11
3.1.6 Service mesh (Istio)........................................................................................................................ 11
3.1.7 Helm charts and Heat templates...................................................................................................12
3.2 CNF deployment models........................................................................................................................ 12
3.2.1 Nokia CNF deployment with CNF-provided PaaS.......................................................................... 12
3.2.2 Nokia CNF deployment with operator-provided CaaS/PaaS.........................................................13

4 CMG as CNF................................................................................................................................................15
4.1 CMG and containers............................................................................................................................... 15
4.1.1 Supported CMG CNF functions...................................................................................................... 16
4.1.1.1 CMG CNF as CP....................................................................................................................... 16
4.1.1.2 CMG CNF as UP....................................................................................................................... 17
4.1.1.3 CMG CNF as ePDG...................................................................................................................18
4.1.2 CMG CNF architecture.....................................................................................................................19
4.2 CMG CNF deployment options...............................................................................................................20
4.3 Platform requirements........................................................................................................................... 21
4.3.1 Infrastructure and host deployment requirements...................................................................... 21
4.3.2 AWS requirements...........................................................................................................................25
4.4 K8s open source components............................................................................................................... 25

5 Lifecycle management............................................................................................................................... 28
5.1 Lifecycle management actions.............................................................................................................. 28
5.2 Container probes.................................................................................................................................... 28
5.3 CMG deployment requirements............................................................................................................. 29

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 3

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Table of Contents

5.3.1 Docker images.................................................................................................................................29

5.3.2 VM and pod resource requirements.............................................................................................. 31
5.3.3 CMG CNF networking...................................................................................................................... 34
5.3.3.1 Network requirements............................................................................................................ 34
5.3.3.2 CMG CNF CP networking.........................................................................................................35
5.3.3.3 CMG CNF UP networking........................................................................................................ 35
5.3.3.4 CMG CNF ePDG networking....................................................................................................36
5.3.4 Helm charts..................................................................................................................................... 37
5.3.5 Persistent Volume........................................................................................................................... 38
5.4 Deploying CMG CNF with an operator-provided CaaS/PaaS................................................................ 38
5.5 Configure and manage the CMG........................................................................................................... 46
5.6 Delete the CMG CNF deployment..........................................................................................................46
5.7 CMG deployment with external Vault.................................................................................................... 46

6 Monitoring and troubleshooting............................................................................................................... 49

6.1 Prometheus metrics............................................................................................................................... 49
6.2 Logging.................................................................................................................................................... 49

7 Helm charts................................................................................................................................................ 52
7.1 CMG Helm charts.................................................................................................................................... 52
7.2 CMG attributes in the values.yaml file............................................................................................. 55
7.3 CDB Helm chart...................................................................................................................................... 73
7.4 CDB values.yaml file............................................................................................................................... 76

Appendix A: Acronyms and terms.............................................................................................................81

Appendix B: Supported NICs for SR-IOV connectivity........................................................................... 135

Appendix C: References...........................................................................................................................137

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 4

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE List of Figures

List of Figures
Figure 1: Nokia CNF deployed with the CNF-provided PaaS....................................................................... 13
Figure 2: Nokia CNF deployed with operator-provided CaaS/PaaS on bare metal.................................... 14
Figure 3: Nokia CNF deployed with operator-provided CaaS/PaaS on VM/hypervisor.............................. 14
Figure 4: K8s Cluster CMG CNF (CP).............................................................................................................17
Figure 5: K8s Cluster CMG CNF (UP)............................................................................................................ 18
Figure 6: K8s Cluster CMG ePDG CNF (CP and UP)..................................................................................... 19
Figure 7: CMG CNF deployment on an operator-provided CaaS/PaaS....................................................... 21
Figure 8: CMG container lifecycle management.......................................................................................... 28
Figure 9: CMG CNF networking (CP)............................................................................................................. 35
Figure 10: CMG CNF networking (UP)............................................................................................................. 36
Figure 11: ePDG as CNF networking (CP and UP)..........................................................................................37

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 5

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE List of Tables

List of Tables
Table 1: What’s new in release 22.8.R1..........................................................................................................9
Table 2: CMG cluster type requirements..................................................................................................... 25
Table 3: CMG cluster service requirements (operator-provided CaaS/PaaS)............................................. 26
Table 4: Docker images for deploying CMG CNF components................................................................... 29
Table 5: SMF requirements........................................................................................................................... 31
Table 6: SMF with sidecars requirements.................................................................................................... 31
Table 7: UPF requirements............................................................................................................................32
Table 8: UPF with sidecars requirements.....................................................................................................32
Table 9: Functional testing (no TPS or packet rate expected).................................................................... 33
Table 10: Labs and small traffic (10 Gb/s with DPI and a maximum of 1000 sessions).............................. 33
Table 11: Vault configuration parameters (values.yaml file)......................................................................... 47
Table 12: Log streaming options.................................................................................................................... 50
Table 13: Files of the CMG Helm chart.......................................................................................................... 53
Table 14: Parameters of the values.yaml file.................................................................................................56
Table 15: Files of the CDB Helm chart...........................................................................................................75
Table 16: Parameters of the charts/cdb/values.yaml file............................................................................. 77
Table 17: Acronym definitions and term expansions.................................................................................... 81
Table 18: Support NICs for CMG CNF SR-IOV..............................................................................................135

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 6

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Getting started

1 Getting started
Get general information about this guide.

About this guide

This guide describes installation and lifecycle management of CMG CP and UP as Cloud Native Function
(CNF).

The CMG CNF supports mobile gateway functionality that can be deployed on a generic compute using a
CNF application management platform such as Kubernetes (K8s). The CMG CP CNF supports the SMF and
PGW-C/GGSN-C/SGW-C CP gateway functions. The CMG UP CNF supports the UPF and PGW-U/GGSN-U/
SGW-U UP gateway functions.

Topics include:

• overview of CMG CNF architecture and deployment options

• network and application requirements

• installation, configuration, and lifecycle management procedures

Note:

• Configuration outputs shown in this guide are examples and actual displays may differ
depending on the user configuration.

• This guide covers content for the release specified on the title page of the guide, and may
also contain content that will be released in later maintenance loads. Refer to the applicable
7750 SR MG and CMG Release Notes for information about features supported in each load
of the release software.

Audience
This guide is intended for network administrators who are responsible for configuring CMG CP/UP functions
and containerized deployments. It is assumed that the network administrators have an understanding of
the following topics:

• x86 hardware architecture

• Linux system installation, configuration, and administration methods

• basic XML syntax

• networking principles and configurations including CNF architectures

Related technical publications

After the CNF installation process is completed, refer to the CMG Installation Guide for information about
setting up the CMG for operation, such as logging in, provisioning the CMG with CLI, configuring link
redundancy, and so on.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 7

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Getting started

Refer also to the guides listed in the CMG Guide to Documentation for information about the software
configuration and the CLI that is used to configure network parameters and services. The CMG Guide to
Documentation includes the 7750 SR configuration guides, which describe SR OS service features that are
supported by the CMG and are mostly used without modification. For the complete list of CMG technical
publications, refer to the CMG Guide to Documentation.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 8

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE What’s new

2 What’s new
Discover the new features and enhancements that have been documented in this guide since the
previous publication.
Refer to the 7750 SR MG and CMG Release Notes for additional information about features and
enhancements in the specific releases.

Table 1: What’s new in release 22.8.R1

Feature or enhancement Description See

— Added AWS requirements AWS requirements

CMG attributes in the values.
yaml file

— Added information about the Appendix B: Supported NICs for

supported NICs SR-IOV connectivity

Added the minimum pod VM and pod resource

requirements for a CMG CNF requirements
deployment

CMG CNF as ePDG Added descriptions of the CMG e CMG CNF as ePDG
PDG CNF and its networking
CMG CNF ePDG networking

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 9

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Cloud Native Function

3 Cloud Native Function

A CNF is a method of building and deploying highly scalable network functions that achieve the benefits
of cloud-based deployment. A CNF deployment provides a common method to simplify operation and
management of all network functions, including application lifecycle management that is application-
and vendor-agnostic.

3.1 CNF infrastructure

The VNF-based method allows network functions to be deployed on general purpose compute, but
cannot provide the benefits of cloud. Cloud native infrastructure is the key difference between VNF- and
CNF-based methods.

3.1.1 K8s and third-party platforms

K8s is the most widely used CNF platform that supports full lifecycle management of a cloud native
application. It is the primary CNF application deployment and management platform for all network
functions available from Nokia.
Third-party supported CNF infrastructure platforms such as RedHat OpenShift and VMWare Tanzu offer
enhanced features in addition to the base functionality available with K8s.

3.1.2 K8s cluster

A K8s cluster consists of control nodes (master nodes) and compute nodes (worker nodes).
The cluster runtime framework includes container platform and orchestrator components, package and
network management components, and storage components.

3.1.3 K8s cluster runtime framework components

A K8s cluster runtime framework includes several components. It also includes optional software plug-in
that can be used for monitoring, logging, storing, and so on.
A K8s cluster runtime framework includes, but is not limited to, the following components:

• Docker/CRI-O as the container runtime platform

• K8s as the container runtime orchestrator

• Helm for K8s package management

• CNI module for network management

• K8s storage solution such as GlusterFS or Ceph, to provide external volumes

• Docker registry for storing Docker images

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 10

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Cloud Native Function

3.1.4 K8s nodes

K8s runs the workload by placing containers into pods to run on nodes. Each node is managed by the CP
and contains the services required to run pods.

3.1.4.1 K8s master nodes

K8s master nodes have the necessary services to run the application containers.
The node controller is a K8s master component, which manages various aspects of the nodes. It includes
etcd, which is a database for maintaining all cluster data, as well as K8s processes such as scheduler, API
server, and controller manager.

3.1.4.2 K8s worker nodes

K8s worker nodes are managed by the master components and contain the necessary services to run the
pods.
The services on the K8s worker node can include the following:

• container runtime and kubelet

• NGINX, as well as an Istio proxy sidecar for service-mesh

NGINX is deployed as a Linux process or a container on nodes with external connectivity. In some
CaaS solutions (like NCS), NGINX may not be deployed on worker nodes but on nodes with external
connectivity assigned role (edge nodes).

• Istio ingress gateway pod and application pods

• database pods and optional plug-in pods (Grafana, Prometheus, and so on)

3.1.5 K8s CNI plug-ins

K8s provides a default network plug-in, using bridges and local hosts (kubenet), but does not manage
pod-to-pod communication. Pod-to-pod communication is handled using the CNI plug-ins. Each CNI
plug-in is based on a different implementation, following the CNI specifications, to receive a container
runtime and configure it to the network.
The K8s networking model has the following requirements:

• all containers can communicate with each other without using NAT

• all nodes can communicate with all containers (and the other way around) without using NAT

• a container sees itself as the same IP address that other containers see it as

These requirements mean that all pods are able to freely communicate with any other pods in the cluster,
even when they reside in different hosts. A pod identifies another pod using its IP address, because the
underlying host does not exist. The host is also able to communicate with any pod using its own IP address,
without using address translation.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 11

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Cloud Native Function

3.1.6 Service mesh (Istio)

The service mesh provides an array of network proxies alongside containers. Each proxy serves as a
gateway to each interaction that occurs among containers and among clusters. The proxy accepts the
connection and spreads the load across the service mesh.
Because pods are ephemeral, their IP addresses must be decoupled using application IP addressing. The
K8s services expose an application running on a set of pods as a network service.

The service mesh is a dedicated infrastructure layer for handling service-to-service communication. It
also allows you to configure how your service instances perform critical actions such as service discovery,
load balancing, data encryption, authentication, and authorization. This is implemented by providing
Istio ingress gateway pods for load balancing across the NRD pods for each service instance, as well as
sidecars within application pods. Sidecars handle inter-service communications, monitoring, security-
related concerns, and anything that can be abstracted away from the individual services.

Istio service mesh is logically split into a DP and a CP. The DP consists of sidecar proxies (such as Envoy),
which mediate and control all the network communication between microservices. The CP consists of the
following components, which are responsible for:

Mixer Policy enforcement and telemetry collecting

Pilot Sidecars service discovery, intelligent routing, and resiliency

Citadel Authentication and credential management

3.1.7 Helm charts and Heat templates

Helm is a package manager for K8s that allows developers and operators to package, configure, and
deploy applications and services into K8s clusters. Heat templates are needed for the VM-based
containerized NRD deployment on top of OpenStack NFVI.
Helm charts contain deployment-specific values and configuration, and are used to deploy an application,
or one component of a larger application. Heat templates define the number of master and worker VMs, IP
address connectivity, host requirements, and so on.

3.2 CNF deployment models

A CNF application can be deployed either with its own CaaS/PaaS (referred to in this document as “CNF-
provided PaaS”), or on an operator-provided CaaS/PaaS.
The CNF-provided PaaS option is frequently referred to as the “VM-B model”, while an operator-provided
CaaS/PaaS is referred to as the “CN-A model” (when deployed as a VM-based CNF) or “CN-B model” (when
deployed as a CNF on bare metal).

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 12

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Cloud Native Function

3.2.1 Nokia CNF deployment with CNF-provided PaaS

When the CNF is deployed with the CNF-provided PaaS, all the required software and plug-ins (Linux
OS, CentOS, K8s, and optional plug-ins), as well as the application-related pods are provided by the
CNF. Optional plug-ins include different CNI options, Prometheus and Grafana for metrics endpoint and
monitoring, and so on.

Figure 1: Nokia CNF deployed with the CNF-provided PaaS

Note: CMG is only supported on an operator-provided CaaS/PaaS that can be deployed on VMs/
hypervisor, or natively without an NFVI layer.

For more information about CMG models, refer to the 7750 SR MG and CMG Release Notes.

3.2.2 Nokia CNF deployment with operator-provided CaaS/PaaS

When a CNF is deployed with an operator-provider CaaS/PaaS, the K8s cluster, CNI plug-ins, and
optionally the service mesh and plug-ins such as Grafana, Fluentd, and so on are provided by the
operator. Only the application pod deployment is provided by the CNF.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 13

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Cloud Native Function

Figure 2: Nokia CNF deployed with operator-provided CaaS/PaaS on bare metal

Figure 3: Nokia CNF deployed with operator-provided CaaS/PaaS on VM/hypervisor

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 14

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

4 CMG as CNF
CMG is provided as a CNF and can be deployed over the K8s cluster.
CMG as CNF supports only deployments using an operator-provided CaaS/PaaS that can be deployed on
VMs/hypervisor, or natively without an NFVI layer. For more information about the supported CMG models,
refer to the 7750 SR MG and CMG Release Notes.

4.1 CMG and containers

Nokia CMG is deployed as a CNF that supports mobile gateway functionality and can be deployed on a
generic compute using CNF application management platforms such as K8s.
K8s is the most widely used CNF platform that supports full lifecycle management of a cloud native
application. K8s supports lifecycle management functions such as installation, upgrading, CNF scaling,
and CI/CD. K8s also provides native tools that allow applications to share a common infrastructure for
functions such as statistics collection, logging, tracing, load balancing/service mesh, and application
instance redundancy. A common management platform for all applications reduces network management
overhead and offers operational efficiency and significant cost saving.

Note: Contact a Nokia representative for information about CMG CNF support with other CNF
infrastructure platforms that are built on top of K8s.

The CMG CNF supports the following gateway functions:

• SMF/CP function

• UPF/UP function

• PGW/GGSN/SGW (CP or UP function)

• ePDG

Note: Contact a Nokia representative for information about gateway functions that are supported
with the CMG CNF.

The most common method of deploying an application component or instance on a K8s cluster is using
pods. A pod is the most granular method to identify a component of a cloud native application.

A CMG CNF instance consists of multiple pods running on a K8s cluster. Each pod that participates in the
CMG CNF instance is dedicated for a specific function, currently including, OAM, MG, LB, DB proxy, and
Redis DB pods. The specific function for which each CMG pod is dedicated can be replicated across many
similar pods.

A group of pods can operate in synchronization with other similar pod groups in the instance to support a
network function and is represented as a single instance of CMG CNF. The ability to add multiple pods for
each function allows the CMG CNF to scale horizontally to support a range of a few thousand to several
million subscriber devices.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 15

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

A K8s cluster can be deployed on a generic computing infrastructure on a private or public cloud. The
cluster can be on bare metal (no hypervisor) or inside a VM that could be managed by OpenStack.

Note: Contact a Nokia representative for requirements to deploy CMG CNF on a K8s cluster
running on bare metal (no hypervisor) or inside a VM.

4.1.1 Supported CMG CNF functions

A CMG CNF instance consists of multiple pods that may be hosted across multiple servers. Each pod
within a CMG instance communicates with other participating pods through an internal network. Network
connectivity for internal communication is done over the K8s-provided network.
Functionally, a CMG CNF instance can support 3GPP-defined CP or UP functions, or ePDG.

The CMG CNF CP operates in LB mode for the majority of cases. In this mode, all external traffic flows
through the LB function and is distributed to the MG function over the internal network. The CP can also
operate in LB-less mode using GTP-C redirection. The CMG CNF UP operates in either LB-mode or LB-less
mode. CMG CNF deployed as ePDG is supported only in LB-mode.

For more information about the supported deployment models, refer to the 7750 SR MG and CMG Release
Notes.

Note: Contact a Nokia representative for availability of the following functionality:

• TWAG, and SSG/TDF with CMG CNF

• LB-less mode of CMG CNF as CP

• LB-mode and hybrid (LB per interface type) of CMG CNF as UP

4.1.1.1 CMG CNF as CP

For the CMG CNF CP deployed on a K8s cluster, the OAM, MG, and LB functions are mandatory. The DB
function (DB proxy and Redis Pods) is mandatory for N:K redundancy.
An internal network is created for communication between the CMG CNF pods. An external network is
created on the LB function for communication with the peering nodes of the CMG CNF.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 16

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

Figure 4: K8s Cluster CMG CNF (CP)

Note:

• The CSF network is configured over Calico (primary eth0).

• Multus and SR-IOV are used for the DSF and the external network connectivity. DPDK
acceleration is performed on the application level using DPDK poll mode drivers.

• The primary and secondary DSF networks must be configured on different physical ports to
provide redundancy on the link- and switch-level. The same rule applies for the primary and
secondary external networks.

• LB and DB proxy communication uses SR-IOV connectivity.

• DB proxy and Redis Pods communication is established through the primary Calico interface.

• The OAM pods require Multus and IPVLAN to use on a secondary interface for management
access (SSH, SFTP, and SNMP).

4.1.1.2 CMG CNF as UP

For the CMG CNF UP deployed on a K8s cluster, the OAM, MG, and LB functions are mandatory. The DB
function is mandatory only for N:K redundancy.
An internal network is created for communication between CMG CNF pods. An external network is created
on the LB and MG (LB-less only) for communication with the peering nodes of the CMG CNF.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 17

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

Figure 5: K8s Cluster CMG CNF (UP)

Note:

• The CSF network is configured over Calico (primary eth0).

• Multus and SR-IOV are used for the DSF and the external network connectivity. DPDK
acceleration is performed on the application level using DPDK poll mode drivers.

• The primary and secondary DSF networks must be configured on different physical ports to
provide redundancy on the link- and switch-level. The same rule applies for the primary and
secondary external networks.

• LB and DB proxy communication uses SR-IOV connectivity.

• DB proxy and Redis Pods communication is established through the primary Calico interface.

4.1.1.3 CMG CNF as ePDG

For the CMG ePDG CNF deployed on a K8s cluster, the OAM, MG, and LB functions are mandatory. This
function supports only 1:1 redundancy scheme.
An internal network is created for communication between the CMG CNF pods. An external network is
created on the LB function for communication with the peering nodes of the CMG CNF.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 18

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

Figure 6: K8s Cluster CMG ePDG CNF (CP and UP)

Note:

• The CSF network is configured over Calico (primary eth0).

• Multus and SR-IOV are used for the DSF and the external network connectivity. DPDK
acceleration is performed on the application level using DPDK poll mode drivers.

• The primary and secondary DSF networks must be configured on different physical ports to
provide redundancy on the link- and switch-level. The same rule applies for the primary and
secondary external networks.

4.1.2 CMG CNF architecture

CMG CNF architecture comprises the OAM, LB, MG, DB pod, and DB proxy functions that are deployed on
individual units of a K8s pod.

OAM The OAM pod service performs CP functions that include

CNF instance management, routing protocols, management
interface (SNMP, Telnet, SSH, and CLI) for the configuration,
and KPI-KCI periodic XML report generation

Apart from the OAM container, the OAM pod can also include
the NASC sidecar and the logging containers

The NASC sidecar container is used as a StatsExporter for

sending statistics to Prometheus while the logging container is
used for activity logging.

LB The LB pod service provides network connectivity between the

mobile gateway function and peering network functions

The LB function provides a single common IP address for all

network interfacing elements

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 19

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

If TLS has been configured for HTTP/2, the TLS tunnel

terminates at the LB

For incoming traffic, the LB function provides load distribution

toward the MG pods. With CMG CNF as CP, the LB function
forwards the received GTP-C, HTTP2, Diameter, and RADIUS
messages to the MG

On a CMG CNF UP instance, the LB function provides load

distribution toward the MG for signaling (PFCP) as well as UP
traffic. The LB function is optional for UP traffic. For example,
GTP-U traffic or UE traffic on the SGi is received directly on
the MG and leaves without going through the LB. CMG CNF
supports the UP function without the LB, to achieve higher
efficiency from the available compute and provide cost saving.

MG The MG pod services include 3GPP call processing (CP and

DP), PCEF, and AA (PCEF enhanced with ADC for application
detection and control and L7 service classification for PCC
control)

The MG function supports all 3GPP gateway functions such

as SMF, UPF, and SGW/PGW/GGSN (CUPS). The NASC sidecar
container can also be included in the MG pod

DB pod The DB pod includes Redis DB and provides the common

session storage used to support N:K redundancy

DB proxy The DB proxy pod acts as the proxy interface between MG and
DB pods

4.2 CMG CNF deployment options

CMG as CNF is deployed using an operator-provided CaaS/PaaS.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 20

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

Deployment with an operator-provided CaaS/PaaS

Figure 7: CMG CNF deployment on an operator-provided CaaS/PaaS

Note:

• When CMG is deployed on an operator-provided CaaS/PaaS, all required plug-ins must be

provided by the CaaS/PaaS.

• A minimum of two worker nodes are required to deploy a minimum CMG instance.

4.3 Platform requirements

4.3.1 Infrastructure and host deployment requirements

The requirements for the deployment of CMG CNF on K8s cluster are independent of bare-metal or VM-
based K8s cluster deployment.

K8s node labels

For K8s clusters where all nodes do not have identical networking configurations or host settings, the
appropriate node labels must be provided to ensure the following:

• SR-IOV CNI (or host device CNI in CN-A) and DPDK are available on the nodes where MG and LB pods
will be deployed

• ipvlan CNI is available for OAM deployments

• the required host settings (in this document) are applied

The CMG pods are placed on the appropriate nodes by specifying the nodeSelector which must match the
labeled K8s nodes.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 21

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

Linux host/kernel requirements

CMG requires some tuning in the Linux host and kernel to ensure performance and proper functionality.
Make sure that CMG meets the following requirements:

• Linux kernel 4.18 or later

• VRF support enabled

• tunnel support

• the following sysctl capabilities must be allowed:

– net.ipv4*

– net.ipv6*

– net.core*

to configure the following values:

• net.ipv4.tcp_rmem = 187380 655360 6291456

• net.ipv4.udp_rmem_min = 1048576

• net.ipv4.udp_wmem_min = 1048576

• net.ipv6.conf.all.forwarding = 1

• net.core.rmem_max=4194304

• net.core.wmem_max=4194304

• net.core.rmem_default = 1048576

• net.core.wmem_default = 1048576

In NCS deployments verify the following sysctl capabilities:

– net.ipv4.tcp_wmem = 187380 655360 6291456

– net.ipv4.tcp_rmem = 187380 655360 6291456

– net.core.rmem_max = 1048576

– net.core.wmem_max = 1048576

– net.core.rmem_default = 1048576

– net.core.wmem_default = 1048576

– net.ipv4.udp_rmem_min = 1048576

– net.ipv4.udp_wmem_min = 1048576

• the following setting must be set in the Calico configuration to prevent performance impact on the
CSF network:

– CALICO_IPV4POOL_IPIP: off (or set to never)

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 22

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

• in the case where the OAM pod of CMG needs to be collocated with the CMM NECC pod, add
LimitMSGQUEUE=infinity to the /etc/systemd/ system/containerd.service file; you
must restart the service afterwards

• extra tuning may be required on the underlying CaaS for enabling IPv6 and/or dual stack to enable and
configure IPv6 on the application level

when CMG is deployed on the NCS and IPv6 is required on the application networking, the
Ipv4_dualstack parameter must be enabled on the NCS cluster; refer to the CaaS documentation
for instructions about enabling use of dual stack and IPv6

• in NCS deployments with Mellanox NICs, the SR-IOV offload setting must be set to true to enable the
DPDK functionality

• Nokia recommends setting the kernel core pattern parameter as follows for debugging purposes:

kernel.core_pattern=/var/crash/core.%p

CMG can be deployed on an operator-provided CaaS/PaaS that is running natively or inside a VM. There are
several infrastructure and host requirements, both for VMs carrying pods, as well as for the pods.

A cluster deployed on VMs carrying the pods must meet the following requirements:

• CPU pinning and isolation for VMs must be set to hw:cpu_policy=dedicated

• Hugepages must be enabled

• HA must be enabled either by setting availability zones or anti-affinity groups on the VMs

The CMG pods must meet the following requirements:

• the cpuManagerPolicy flag in the kubelet configuration must be set to static to enable CPU
pinning on the pod level

• the --reserved-cpus option must be set to reserve cores for system processes

• Hugepages must be enabled for CMG pods using DPDK (Ηugepages1G must be enabled)

• the Kubernetes Topology Manager must be enabled and set to single-numa-node policy to deploy the
CMG pods; this ensures that all CPU cores and NIC resources are allocated from the same NUMA

CMG pods can be deployed either in privileged or restricted mode. If security requires the use of the
restricted mode, specific settings must be defined in the PSP which are aligned with the Pod Security
context settings. The PSP can be created by the CaaS administrator (using the CMG requirements set in the
default PSP file in the Helm charts) or during pod deployment using the default PSP included in the Helm
charts.

The containers included in the CMG pods, can be instantiated running as root or non-root user. If they are
instantiated running as a non-root user, a hard-coded ID is used for the CMG pods.

Networking requirements
Multus manages the multiple network interfaces required on OAM, LB, and MG pods. The CMG has been
tested with the following:

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 23

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

• SR-IOV plug-in with Multus, for external network connectivity

• Calico for native K8s networking, which also provides the network for communication between CMG
pods

• IPVLAN with Multus, to configure the management interface on OAM pods

Note: Only use a management interface through the IPVLAN interface with Multus. CNF
deployments do not require static route configuration in the BOF. The management network
is configured in the values.yaml file, on the Multus and IPVLAN interface of the OAM.

The MTU value for the interfaces that run K8s Calico CNI traffic or SMF/UPF Multus traffic must be set to
9000.

For pods that require SR-IOV, the network redundancy is handled at the CMG pod-level. The SR-IOV VFs
associated with two redundant ports/PFs are requested for each pod (for each network type).

NUMA alignment is mandatory for pods that require SR-IOV connectivity. When a node has SR-IOV NICs
configured in both NUMAs, the dual MG statefulset feature must be used to place the MG pods in both
NUMAs of the node.

For non SR-IOV-CNI-based interface access (such as Calico, IPVLAN, and so on), the infrastructure must
ensure the redundancy of the physical network being deployed. For example, the IPVLAN interface required
for the OAM management must be based on Linux bonding incorporating two underlying redundant
interfaces.

CPU Core and memory allocation requirements

Contact your Nokia representative for CPU core and memory allocation on the OAM, LB, MG, and DB pods.

VM-based K8s cluster deployment requirements

The following are CMG CNF requirements for VM-based K8s cluster deployments:

• SRI-OV VF configured on the host must operate in pass-through mode and attach to the VM hosting
worker node

• host-device CNI plug-in

Helm charts
For CMG deployed on an operator-provided CaaS/PaaS, Nokia provides Helm charts for the supported CNF
functions. The values.yaml files included in the Helm charts must be edited to include custom variables
prior to the CMG installation.

If the CaaS/PaaS is deployed on VMs, the Heat templates must be provided and managed by the
infrastructure administrator.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 24

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

Service mesh (Istio) support

CMG does not support Istio service mesh in the current release. The CMG CP deployed with Istio service
mesh will provide load balancing across MG pods in a future release.

Related information

Lifecycle management
Helm charts
Nokia provides the necessary Helm charts for managing the CMG CNF deployment. The Helm charts are located
under the CMG package available for download.

4.3.2 AWS requirements

DSF networking
For AWS deployments, the subnet information passed via the values.yaml file is ignored. To set up the
DSF network, you must update the values.yaml file as follows.

aws:
enable: 1
region: us-east-2

aws.enable
When set to 1, the CMG application obtains the IP address allocated to that ENI interface
which maps to the DSF port from the AWS API server.

The CMG application utilizes this IP address for DSF traffic.

aws.region
The default AWS region

4.4 K8s open source components

K8s is an open source project in which the upstream constantly changes. The open source project
versions have been tested and validated for the current release.

Table 2: CMG cluster type requirements

Cluster Type Cluster Version (minimum) Description

K8s 1.17 CMG CNF is qualified on K8s

version 1.19.4

OpenShift 4.6 Provided by CaaS

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 25

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

Table 2: CMG cluster type requirements (continued)

Cluster Type Cluster Version (minimum) Description

VMware Tanzu 1.2.0 Provided by CaaS

NCS NCS20 FP2 (Baremetal) Provided by CaaS

NCS20 FP3 (VM-based)

Helm 3.0 Provided by CaaS

Multus 3.4 Provided by CaaS

Table 3: CMG cluster service requirements (operator-provided CaaS/PaaS)

Cluster Service Description

Docker registry Mandatory

Required but no dependency expected

k8s.gcr.io/coredns Required for DNS service

k8s.gcr.io/etcd No dependency

Helm Mandatory

prom/prometheus Optional
CNF provides metric endpoint

Calico Optional
Version 3.9.2 is required for IPv6 addresses

Multus Mandatory

fluentd Optional

jaegertracing/all-in-one Optional

grafana/grafana Optional

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 26

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE CMG as CNF

Table 3: CMG cluster service requirements (operator-provided CaaS/PaaS) (continued)

Cluster Service Description

Used for Prometheus

CNF independent of version

k8s.gcr.io/elasticsearch Optional
Used for Elasticsearch
CNF independent of version

docker.elastic.co/kibana/kibana-oss Optional
Used for Elasticsearch
CNF independent of version

GlusterFS Optional
Used for volumes and persistent volumes Version
6.7 is required for IPv6 addresses

k8s.gcr.io/metrics-server-amd64 Optional
Used by K8s HPA and K8s dashboard No CNF
dependency

K8s dashboard Optional

Used for cluster
No CNF dependency

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 27

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

5 Lifecycle management

5.1 Lifecycle management actions

The CMG container lifecycle management includes the following actions:

• deploying (instantiate) pods

• deleting deployments

• healing pods

Figure 8: CMG container lifecycle management

Note: In the current release, software upgrade and rollback of CMG pods are not supported.

5.2 Container probes

Probes are diagnostic tasks performed periodically by the kubelet and ensure that the pods have started,
are healthy, and can process requests.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 28

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

The following probes are supported:

Startup probe Detects when the application within the container has started.
Once configured, all other probes are disabled until the startup
probe succeeds. If no startup probe is provided, the default
state is "Success".

Liveness probe Detects whether the container is running. A container may

appear to be running, but may be unavailable to process
requests (for example, a deadlock has occurred). In this case,
kubelet kills the container and the container is subjected to its
restart policy. If no liveness probe is provided, the default state
is "Success".

Readiness probe Detects when a container is ready to accept traffic. If a

readiness probe fails, the endpoints controller removes the
pod IP address from the endpoints of all services that match
the pod. If a container does not provide a readiness probe, the
default state is "Success".

Note: The values included in the configuration provided are the Nokia-recommended values
and are tuned and verified to bring up the pod quickly and monitor it appropriately based on the
application code.

5.3 CMG deployment requirements

5.3.1 Docker images

Table 4: Docker images for deploying CMG CNF components

Pod Container Requirement Description Docker Image Docker Image

Name Size (MB)

MG LMG Mandatory Provides CMG lmg 1 2610

call processing
and UP packet
processing
service

NASC Optional Provides nasc 968

CMG PM data
reporting
service via
Prometheus

1 The LMG, LOAM, LLB, and logging containers use a common container image (lmg).

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 29

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Table 4: Docker images for deploying CMG CNF components (continued)

Pod Container Requirement Description Docker Image Docker Image

Name Size (MB)

LB LLB Mandatory Provides CMG lmg 1 2610

load balancer
service

OAM LOAM Mandatory Provides CMG lmg 1 2610

operation and
management
service

Logging Optional Provides lmg 1 968

CMG logging
service used
by FluentD,
ElasticsSearch,
and Kibana

NASC Optional Provides nasc 968

CMG PM data
reporting
service via
Prometheus

Fluent Bit Optional Provides log fluentbit 761

filtering and
forwarding to
various PaaS
components;
for example
FluentD and
kafka broker
(see Log
streaming
options)

LogSplitter Optional Provides logsplit 70

splitting of
event-logs
to FM and
general logs (
see Logging)

DB-Proxy DBProxy Optional Provides dbproxy 448

session
context
DB Redis Optional storage service redis 116
for state-

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 30

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Table 4: Docker images for deploying CMG CNF components (continued)

Pod Container Requirement Description Docker Image Docker Image

Name Size (MB)

efficient
recovery of
session

— — Mandatory The base lmg-base 700

image for
the other
containers

5.3.2 VM and pod resource requirements

Note: Contact your local Nokia representative for information about VM and pod resource
requirements for VM-based containerized CMG in the current release.

Minimum requirements for a CMG CNF deployment

Table 5: SMF requirements

Pod vCPU Memory (Gi)

OAM 6 8

MG 8 64

LB 6 16

Table 6: SMF with sidecars requirements

Port Container vCPU Memory

OAM loam 6 8 Gi

nasc 2 1 Gi

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 31

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Table 6: SMF with sidecars requirements (continued)

Port Container vCPU Memory

logging 0.01 100 Mi

logsplit 0.01 100 Mi

fluentbit 0.01 100 Mi

MG — 8 64 Gi

LB — 6 16 Gi

Table 7: UPF requirements

Pod vCPU Memory (Gi)

OAM 6 8

MG 8 64

LB 6 16

Table 8: UPF with sidecars requirements

Port Container vCPU Memory

OAM loam 6 8 Gi

nasc 2 1 Gi

logging 0.01 100 Mi

logsplit 0.01 100 Mi

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 32

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Table 8: UPF with sidecars requirements (continued)

Port Container vCPU Memory

fluentbit 0.01 100 Mi

MG — 8 64 Gi

LB — 6 16 Gi

Functional testing and lab deployments

Table 9: Functional testing (no TPS or packet rate expected)

Pod vCPU RAM (Gi)

OAM 4 16

LB 4 16

MG 8 32

DB proxy 4 8

DB pod 2 4

Table 10: Labs and small traffic (10 Gb/s with DPI and a maximum of 1000 sessions)

Pod vCPU RAM (Gi)

OAM 4 16

LB 4 16

MG 16 48

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 33

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Table 10: Labs and small traffic (10 Gb/s with DPI and a maximum of 1000 sessions) (continued)

Pod vCPU RAM (Gi)

DB proxy 4 8

DB pod 2 4

5.3.3 CMG CNF networking

5.3.3.1 Network requirements

A CMG CNF requires availability of the following networks:

Management network (OAM only) The management network provides external network
connectivity for CMG management; a dedicated interface is
needed

CSF network The CSF network provides the internal network for CMG CNF
control messaging (discovery, configurations, and status)
among the CMG CNF pods

DSF internal network The DSF network provides the user signaling and user traffic
between pods and is connected to all MG and LB pods

external network The external network provides access to all 3GPP-defined

interfaces for user traffic and reference points for signaling (
for example, GTP-C, HTTP2, Diameter, RADIUS, GTP-U, UE IP
traffic, and so on); additionally, any traffic to the DB proxy goes
through the LB pod external network

The external network connectivity to the CMG CNF pod is

enabled using the direct access interface method of K8s or K8s
service

Direct access on CN-B deployments is achieved by using SR-

IOV plugins; on CN-A deployments, access to a VM vNIC is
performed using a single CNI host-device (the underlying
infrastructure can be either SR-IOV or OVS DPDK)

DPDK libraries are also used on application level for packet

acceleration

The external network interfaces are configured on the LB and

MG functions, based on the type of the CMG CNF instance

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 34

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

The CMG CNF requires independent interfaces for internal and external networks; therefore, multiple
interface support is mandatory. By default, K8s assigns a single interface per pod; however CNI plug-ins
such as Multus support deployment of multiple interfaces per pod.

5.3.3.2 CMG CNF CP networking

CMG CNF networking (CP) shows the internal and external network connections on the CMG CNF CP. The
internal network for OAM, MG, LB, and DB is enabled over a K8s network. The external network connection
requires multiple interfaces on the LB function. These interfaces can be configured using the K8s CNI plug-
in Multus, which is supported for managing multiple interfaces that manage multiple K8s CNIs.

Figure 9: CMG CNF networking (CP)

For redundancy, dual DSFs are supported from the application side.

Nokia recommends using pod-level VLAN tagging (instead of host-level) to reduce the number of required
interfaces on the pod-level and avoid complexity when assigning interfaces.

To ensure that dual DSF have SR-IOV interfaces allocated from different physical NIC ports and dual
external interfaces also have SR-IOV interfaces allocated from different physical NIC ports, a new section
is added to the DPDK section of the Helm charts. This section (portOrder), allows you to map each pod
interface to a specific NIC interface.

5.3.3.3 CMG CNF UP networking

CMG CNF networking (UP) shows the internal and external network connections on a CMG CNF UP. The
internal network for the OAM, MG, LB, and DB functions is enabled over a network provided by K8s. The
external network connection requires multiple interfaces on the LB function and MG function (for LB-less

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 35

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

deployment). These can be configured using the Kubernetes CNI plug-in Multus, which is supported for
managing multiple interfaces that manage multiple K8s CNIs.

Figure 10: CMG CNF networking (UP)

The same restrictions for the DSF and external network interface assignments described in CMG CNF
networking (CP) also apply to CNF UP networking.

5.3.3.4 CMG CNF ePDG networking

ePDG as CNF networking (CP and UP) shows the internal and external network connections on the CMG
ePDG CNF (CP and UP). The internal network for OAM, MG, LB, and DB is enabled over a K8s network. The
external network connection requires multiple interfaces on the LB function. These interfaces can be
configured using the K8s CNI plug-in Multus, which is supported for managing multiple interfaces that
manage multiple K8s CNIs.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 36

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Figure 11: ePDG as CNF networking (CP and UP)

For redundancy, dual DSFs are supported from the application side.

Nokia recommends using pod-level VLAN tagging (instead of host-level) to reduce the number of required
interfaces on the pod-level and avoid complexity when assigning interfaces.

To ensure that dual DSF have SR-IOV interfaces allocated from different physical NIC ports and dual
external interfaces also have SR-IOV interfaces allocated from different physical NIC ports, a new section
is added to the DPDK section of the Helm charts. This section (portOrder), allows you to map each pod
interface to a specific NIC interface.

5.3.4 Helm charts

To manage the CMG deployment, Nokia provides the required Helm charts for downloading.
The Helm charts package includes a cdb and cmg folder. The CDB Helm charts are used to deploy the
database components (DB-Proxy and DB pods). The CDB Helm charts are common for the database
components on both SMF and UPF. A common CMG Helm chart is provided for deploying CMG as a CP
function or a UP function.

The object specifications for the different K8s objects are defined in the manifest in the CMG Helm charts.
The objects can be customized with deployment-specific values using the charts/cmg/values.yaml file
which is common to CMG CNF as CP and UP, or using CP- and UP-specific values defined in the charts/
cmg/smf_values/ and charts/cmg/upf_values/ YAML files respectively.

Related information

Helm charts
Nokia provides the necessary Helm charts for managing the CMG CNF deployment. The Helm charts are located
under the CMG package available for download.
Product Support Portal

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 37

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

5.3.5 Persistent Volume

A PV is a storage type in the cluster that has been provisioned by an administrator or dynamically
provisioned using storage classes. PVs are volume plug-ins similar to volumes, but their lifecycle is
independent of any individual pod that uses the PV.
To use a PV you need to claim it first using a PVC. The PVC requests a PV with the required specification
(size, speed, and so on) from K8s and binds it to a pod where you can mount it as a volume. For PVs set
access mode: ReadWriteMany.

CAUTION: Nokia recommends using any of the offered K8s volume types, apart from the
hostPath and local storage volume types. hostPath volumes pose security risks while local storage
exposes the risk that data can be lost if the CMG pod re-spawns for any reason on another node.

5.4 Deploying CMG CNF with an operator-provided CaaS/PaaS

Before you start

• K8s PV and PVC are created before the installation; reference these PVCs in the helm install commands
while deploying CMG and CMG-DB

• Helm V2/V3 is supported

• If CMG pods are expected to run in restricted mode, a proper pod security policy must be configured
in CaaS and claimed through the Helm charts

• a network policy is a specification of how groups of pods are allowed to communicate with each other
and other network endpoints

If the network policy is configured on the CaaS to provide network isolation, a specific network policy
must be configured using appropriate labels in namespaces to allow communication between the CMG
and CMG-DB.

Note:

• The kubectl command is replaced with the oc command in OpenShift deployments.

Similarly, the docker command is replaced with the podman command.

• If you want to deploy MG pods in both NUMAs of a server that has SR-IOV capable NICs
in both NUMAs, use the dualMGstatefulesets attribute in the values.yaml file.
This option splits the MG pods into two groups; one deployed in NUMA-0 and the other in
NUMA-1.

Procedure

1. Create the required namespaces (projects in OpenShift).

kubectl create ns <namespace name>

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 38

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Sub-steps

a) Create the SMF and, or UPF namespaces.

Create different namespaces for SMF and the UPF. If network policies must be defined, you must
add labels to the namespaces to be used in the network policy.

Step example

K8s

kubectl create ns smf

namespace/smf created

kubectl create ns upf

namespace/upf created

Step example

OpenShift

oc new-project smf

oc new-project upf

For the SMF namespace, create the Role and RoleBindings to allow privileged pods to run. This is
done as part of the helm install command by setting the openshift.enable parameter to
true.

Note: For the UPF namespace, similar Role and RoleBindings must be created.

b) Create the namespaces to deploy the DB resources for the SMF and, or UPF CNFs.

Step example

kubectl create ns smf-cdb

namespace/smf-cdb created

kubectl create ns upf-cdb

namespace/upf-cdb created

2. Extract the CMG tar file and upload the Docker images.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 39

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Sub-steps

a) Extract the CMG tar file.

tar -xvf <tar_file_with_Docker_images>

b) Load all images to the local Docker process.

sudo docker load -i <container_image_path>

c) Push the images to the image repository.

Tag the image with the host name or IP address and the port of the registry.

sudo docker tag <local_container_image_name_and_tag>

<remote_container_image_name_and_tag>

Step example

sudo docker tag lmg:test1 master1vm.novalocal:5000/lmg:test1

Push the image to the registry.

sudo docker push <remote_container_image_name_and_tag>

Step example

sudo docker push master1vm.novalocal:5000/lmg:test1

For OpenShift deployments, upload the SMF container image (for example, lmg_12.0_R1.tar)
to OpenShift. Then tag it and push it to the image registry.

Step example

podman load -i lmg_12.0_R1.tar

podman tag lmg:12.0R1 default-route-openshift-

imageregistry.apps.ocp1.pandora.com/smf/lmg:12.0R1 oc --skip-check=true registry
login

podman push default-route-openshift-imageregistry.apps.ocp1.pandora.com/smf/

lmg:12.0R1--tlsverify=false

Note: Perform the same steps, if required, for the UPF container image.

3. Install the Helm charts.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 40

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Depending your deployment, you can install any of the SMF and, or UPF Helm charts.

Sub-steps

a) Optional: Install the SMF Helm charts.

Use the helm install command to deploy the SMF. The Helm chart must be available in the
charts directory and all the commands in this step must be executed in the same directory.

Note: Nokia recommends including all the necessary changes in the values.yaml file,
to avoid errors when using the helm install command.

Step example

helm install smf cmg --replace --namespace smf -f cmg/smf_values/

values_dpdk.yaml
NAME: smf
LAST DEPLOYED: Wed May 19 15:28:16 2021
NAMESPACE: smf
STATUS: deployed
REVISION: 1
TEST SUITE: None

If the container images are stored in a private registry and, or repository, you must configure the
secret to access the repository and pull the images. To configure the secret, add the following
argument in the helm install command:

helm install –set image.imagePullSecrets <repositorySecret>

where <repositorySecret> is the secret. Alternatively, configure the imagePullSecrets in the

values.yaml file.

The secret must have already been set in the cluster.

Note: In OpenShift deployments, the helm install command is similar. Use the
appropriate image registry, image tag, namespace and, or project, and so on.

b) Optional: Install the UPF Helm charts.

Use the helm install command to deploy the UPF. The Helm chart must be available in the
charts directory and all the commands in this step must be executed in the same directory.

Step example

helm install upf cmg --replace --namespace upf -f cmg/upf_values/

values_dpdk.yaml
NAME: upf
LAST DEPLOYED: Wed May 19 15:28:53 2021
NAMESPACE: upf

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 41

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

STATUS: deployed
REVISION: 1
TEST SUITE: None

If the container images are stored in a private registry and, or repository, you must configure the
secret to access the repository and pull the images. To configure the secret, add the following
argument in the helm install command:

helm install –set image.imagePullSecrets <repositorySecret>

where <repositorySecret> is the secret. Alternatively, configure the imagePullSecrets in the

values.yaml file.

The secret must have already been set in the cluster.

Note: In OpenShift deployments, the helm install command is similar. Use the
appropriate image registry, image tag, namespace and, or project, and so on.

4. Deploy the DB resources.

Deploy the corresponding DB resources based on the Helm charts installed in step 3.

Sub-steps

a) Optional: Deploy the SMF DB resources.

Use the CDB Helm charts.

Note: A unique NodePort must be used when using the same CDB Helm charts for SMF
and UPF.

Step example

helm install smf-cdb cdb --replace --namespace smf-cdb

NAME: smf-cdb
LAST DEPLOYED: Wed May 19 15:29:10 2021
NAMESPACE: smf-cdb
STATUS: deployed
REVISION: 1
TEST SUITE: None

To verify the installation, use one of the following commands:

helm list -A
helm list -n <namespace>

Step example

NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION

smf smf 1 2021-05-19 15:28:16.651998296 +0000 UTC deployed cmg-1.01.0

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 42

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

smf-cdb smf-cdb 1 2021-05-19 15:29:10.956358053 +0000 UTC deployed cdb-1.01.0

kubectl get pods -n <namespace>

Step example

kubectl get pods -n smf -o wide

NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS
GATES
llb-statefulset-0 1/1 Running 0 2m59s 10.244.6.75 worker7vm.novalocal <none> <none>
lmg-statefulset-0 1/1 Running 0 2m59s 10.244.96.70 worker3vm.novalocal <none> <none>
lmg-statefulset-1 1/1 Running 0 2m52s 10.244.115.198 worker2vm.novalocal <none> <none>
loam-a-v1-f8467895b-8bbsp 1/1 Running 0 2m59s 10.244.98.200 worker5vm.novalocal <none> <none>
loam-b-v1-db59dc89d-bxrwl 1/1 Running 0 2m59s 10.244.6.76 worker7vm.novalocal <none> <none>

kubectl get all -n <namespace>

Step example

kubectl get all -n smf

NAME READY STATUS RESTARTS AGE
pod/llb-statefulset-0 1/1 Running 0 76s
pod/lmg-statefulset-0 1/1 Running 0 76s
pod/lmg-statefulset-1 1/1 Running 0 55s
pod/loam-a-v1-f8467895b-v4t9s 1/1 Running 0 76s
pod/loam-b-v1-db59dc89d-5vfzx 1/1 Running 0 76s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/llb ClusterIP None <none> <none> 77s
service/llb-1-connectivity NodePort 10.102.244.240 <none> 2017:31017/TCP 77s
service/lmg ClusterIP None <none> <none> 77s
service/lmg-1-connectivity NodePort 10.104.154.34 <none> 2001:31001/TCP 76s
service/lmg-2-connectivity NodePort 10.107.200.67 <none> 2002:31002/TCP 77s
service/loam-a ClusterIP None <none> <none> 77s
service/loam-a-connectivity NodePort 10.110.191.48 <none> 2021:31021/TCP 76s
service/loam-b ClusterIP None <none> <none> 77s
service/loam-b-connectivity NodePort 10.97.7.244 <none> 2022:31022/TCP 76s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/loam-a-v1 1/1 1 1 76s
deployment.apps/loam-b-v1 1/1 1 1 76s
NAME DESIRED CURRENT READY AGE
replicaset.apps/loam-a-v1-f8467895b 1 1 1 76s
replicaset.apps/loam-b-v1-db59dc89d 1 1 1 76s
NAME READY AGE
statefulset.apps/llb-statefulset 1/1 76s
statefulset.apps/lmg-statefulset 2/2 76s
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/llb-hpa StatefulSet/llb-statefulset <unknown>/90% 1 1 1 76s
horizontalpodautoscaler.autoscaling/lmg-hpa StatefulSet/lmg-statefulset <unknown>/90% 2 2 2 76s

b) Optional: Deploy the UPF DB resources.

To deploy the UPF DB resources, use the CDB Helm charts.

Note: A unique NodePort must be used when using the same CDB Helm charts for CP
and UP.

Step example

helm install upf-cdb cdb --replace --namespace upf-cdb --set

service.dbproxy.nodePort=5679
NAME: upf-cdb

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 43

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

LAST DEPLOYED: Wed May 19 15:29:27 2021

NAMESPACE: upf-cdb
STATUS: deployed
REVISION: 1
TEST SUITE: None

To verify the installation, use one of the following commands:

helm list -A
helm list -n <namespace>

Step example

helm list -aA

NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
smf smf 1 2021-05-19 15:28:16.651998296 +0000 UTC deployed cmg-1.01.0
smf-cdb smf-cdb 1 2021-05-19 15:29:10.956358053 +0000 UTC deployed cdb-1.01.0
upf upf 1 2021-05-19 15:28:53.601208887 +0000 UTC deployed cmg-1.01.0
upf-cdb upf-cdb 1 2021-05-19 15:29:27.190530344 +0000 UTC deployed cdb-1.01.0

kubectl get all -n <namespace>

Step example

kubectl get all -n upf

NAME READY STATUS RESTARTS AGE
pod/llb-statefulset-0 1/1 Running 0 69s
pod/lmg-statefulset-0 1/1 Running 0 69s
pod/lmg-statefulset-1 1/1 Running 0 44s
pod/loam-a-v1-75c67f44c5-c4dbn 1/1 Running 0 69s
pod/loam-b-v1-844ff5dfdf-brp2x 1/1 Running 0 69s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/llb ClusterIP None <none> <none> 70s
service/llb-1-connectivity NodePort 10.101.236.219 <none> 2017:32017/TCP 69s
service/lmg ClusterIP None <none> <none> 70s
service/lmg-1-connectivity NodePort 10.101.182.17 <none> 2001:32001/TCP 69s
service/lmg-2-connectivity NodePort 10.102.249.185 <none> 2002:32002/TCP 69s
service/loam-a ClusterIP None <none> <none> 70s
service/loam-a-connectivity NodePort 10.106.51.165 <none> 2021:32021/TCP 69s
service/loam-b ClusterIP None <none> <none> 70s
service/loam-b-connectivity NodePort 10.109.191.1 <none> 2022:32022/TCP 69s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/loam-a-v1 1/1 1 1 69s
deployment.apps/loam-b-v1 1/1 1 1 69s
NAME DESIRED CURRENT READY AGE
replicaset.apps/loam-a-v1-75c67f44c5 1 1 1 69s
replicaset.apps/loam-b-v1-844ff5dfdf 1 1 1 69s
NAME READY AGE
statefulset.apps/llb-statefulset 1/1 69s
statefulset.apps/lmg-statefulset 2/2 69s
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/llb-hpa StatefulSet/llb-statefulset <unknown>/90% 1 1 1 69s
horizontalpodautoscaler.autoscaling/lmg-hpa StatefulSet/lmg-statefulset <unknown>/90% 2 2 2 69s

5. Verify the DB resources in the namespace that was created.

Verify the corresponding DB resources deployed in step 4.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 44

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Sub-steps

a) Optional: Verify the SMF DB resources.

Verify the SMF DB resources in the smf-cdb namepace or in the namespace that was created to
deploy the DB resources.

kubectl get all -n smf-cdb

Step example

kubectl get all -n smf-cdb

NAME READY STATUS RESTARTS AGE
pod/dbproxy-v1-5df776f7b9-2lfhc 1/1 Running 0 61s
pod/redis-statefulset-0 1/1 Running 0 61s
pod/redis-statefulset-1 1/1 Running 0 57s
pod/redis-statefulset-2 1/1 Running 0 54s
pod/redis-statefulset-3 1/1 Running 0 47s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dbproxy ClusterIP None <none> <none> 62s
service/dbproxy-connectivity NodePort 10.102.120.61 <none> 5678:5678/TCP 62s
service/redis ClusterIP None <none> <none> 62s
service/redis-connectivity-0 ClusterIP 10.108.127.38 <none> 6379/TCP 62s
service/redis-connectivity-1 ClusterIP 10.100.212.5 <none> 6379/TCP 62s
service/redis-connectivity-2 ClusterIP 10.103.190.131 <none> 6379/TCP 61s
service/redis-connectivity-3 ClusterIP 10.106.90.19 <none> 6379/TCP 62s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dbproxy-v1 1/1 1 1 61s
NAME DESIRED CURRENT READY AGE
replicaset.apps/dbproxy-v1-5df776f7b9 1 1 1 61s
NAME READY AGE
statefulset.apps/redis-statefulset 4/4 61s
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/redis-hpa StatefulSet/redis-statefulset <unknown>/90% 4 4 4 61s

b) Optional: Verify the UPF DB resources.

Verify the UPF DB resources in the upf-cdb namepace or the namespace that was created to
deploy the DB resources.

kubectl get all -n upf-cdb

Step example

kubectl get all -n upf-cdb

NAME READY STATUS RESTARTS AGE
pod/dbproxy-v1-5df776f7b9-fmjxd 1/1 Running 0 52s
pod/redis-statefulset-0 1/1 Running 0 52s
pod/redis-statefulset-1 1/1 Running 0 44s
pod/redis-statefulset-2 1/1 Running 0 38s
pod/redis-statefulset-3 1/1 Running 0 36s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dbproxy ClusterIP None <none> <none> 54s
service/dbproxy-connectivity NodePort 10.106.224.28 <none> 5678:5679/TCP 53s
service/redis ClusterIP None <none> <none> 54s
service/redis-connectivity-0 ClusterIP 10.109.121.164 <none> 6379/TCP 54s
service/redis-connectivity-1 ClusterIP 10.105.37.28 <none> 6379/TCP 53s
service/redis-connectivity-2 ClusterIP 10.101.254.171 <none> 6379/TCP 53s
service/redis-connectivity-3 ClusterIP 10.101.125.86 <none> 6379/TCP 53s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dbproxy-v1 1/1 1 1 52s
NAME DESIRED CURRENT READY AGE
replicaset.apps/dbproxy-v1-5df776f7b9 1 1 1 52s
NAME READY AGE

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 45

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

statefulset.apps/redis-statefulset 4/4 52s

NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
horizontalpodautoscaler.autoscaling/redis-hpa StatefulSet/redis-statefulset <unknown>/90% 4 4 4 52s

Related information

CMG attributes in the values.yaml file

The K8s objects defined in the manifest files are described in Files of the CMG Helm chart. They can be
customized using the values.yaml Helm file. This supports separation of generic templates with deployment-
specific values.

5.5 Configure and manage the CMG

After the CMG CNF deployment is complete, refer to the 7750 SR MG and CMG Configuration Guide for
information about provisioning the CMG for operation, logging in and using the CLI to configure the CMG,
link redundancy, and so on.

For information about CMG troubleshooting, refer to the CMG and CMG-a Troubleshooting Guide.

5.6 Delete the CMG CNF deployment

To delete the SMF and UPF deployments, use the following command:

helm delete <release-name> -n <namespace>

helm delete smf -n smf

release "smf" uninstalled

helm delete upf -n upf

release "upf" uninstalled

helm delete smf-cdb -n smf-cdb

release "upf" uninstalled

helm delete upf-cdb -n upf-cdb

release "upf" uninstalled

5.7 CMG deployment with external Vault

CMG can be configured to connect to an external Vault service and store the master encryption keys to
Vault.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 46

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

To use Vault, CMG CNF must be configured during deployment with the following information in the
values.yaml file (within the CMG Helm chart):

vault:
enable: 1
name: <k8s service name|domain name>
port: <port>
basePath: <absolute path in vault>
adminKeyRpath: <relative path in vault>
tlsCaCert: </path/to/ca-certificate.cert>

For more information about Vault and what information is stored to Vault, refer to the section Secure
Storage in the 7750 SR MG and CMG Configuration Guide.

Table 11: Vault configuration parameters (values.yaml file)

Parameter Description Presence

name The service name, FQDN, or IP Mandatory

address of the external Vault
server

port The port that the Vault server Mandatory

uses

basePath The absolute path inside the Mandatory

Vault storage for storing the
secrets that the specific CMG
instance uses

adminKeyRpath The relative path inside the Optional

Vault storage, appended to
the basePath parameter, to
which an authorized public key
is stored and can be used for
passwordless SSH authentication
of the admin user

tlsCaCert The local, FTP, or sFTP URL Optional

pointing to the CA certificate

The CA certificate is used as

trust anchor to authenticate the
external Vault service

If it is left empty, no CA
certificate is used for validating

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 47

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Lifecycle management

Table 11: Vault configuration parameters (values.yaml file) (continued)

Parameter Description Presence

the Vault server's certificate

during TLS

Authentication to Vault
The CMG CNF instance authentication to Vault is handled automatically using the K8s authentication
method. K8s provides CMG with a service account and a token to be used toward Vault for authentication.
K8s also provides the TokenReview API which Vault uses to authenticate a client connecting to it.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 48

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Monitoring and troubleshooting

6 Monitoring and troubleshooting

6.1 Prometheus metrics

CMG CNFs support the use of Prometheus to scrape a set of CMG KPI and KCI counters as described in
the section Prometheus Metrics of the 7750 SR MG and CMG Configuration Guide.
NASC periodically polls the main OAM and MG containers. The LB metrics are reported via the OAM
container. Based on the scraping interval, configured by the Kubernetes cluster administrator, Prometheus
scrapes the K8s workloads at an endpoint and port specified by the prometheus.io/scrape, prometheus.io/
path, and prometheus.io/port annotations.

For more information about the use of Prometheus, refer to the section Prometheus Metrics in the
7750 SR MG and CMG KPI-KCI Counters Guide.

6.2 Logging
CMG CNF supports log streaming to external PaaS components like FluentD. The logging container is
used to redirect the logging data to stdout, so that they are stored and processed by the standard K8s
logging architecture, or other PaaS components like FluentD.
Alternatively, FluentBit and LogSplitter can be deployed as a sidecar container to the OAM pod. This is used
for log filtering and streaming to different components like FluentD, Kafka broker, and so on.

FM data extraction from logs

CMG CNF FM data is provided together with logging data by default (as in the legacy 7750 SR MG and CMG
product). The external systems that process the logging data and manage CMG can be used to create
stateful alarm objects from the FM data in the logs. For a complete list of the logs that CMG supports, refer
to the 7750 SR MG and CMG Log Events Guide.

Alternatively, the logging functionality can be configured to tag a subset of logging data as FM data.
The ‘_fm_’ string is prefixed to log records that are configured to be tagged as FM data. The tagging
configuration is performed by using the cmg_alarms.csv file into the configmap of the logsplitter
container. Each line in the CSV file identifies a log event from the log events listed in the 7750 SR MG and
CMG Log Events Guide, that is tagged as an FM event.

The CSV line format is the following:

application-name;severity;event-id;paylod-match

where:

application-name The application name of the event log

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 49

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Monitoring and troubleshooting

severity The severity of the event log

event-id The event ID

paylod-match An arbitrary string which must match the message of the event
log, as defined in the message format string

For the application name, severity, event ID, and message format string of the supported event logs, refer
to the 7750 SR MG and CMG Log Events Guide.

The following matches are supported:

1. application name

2. application name AND severity

3. application name AND event ID

4. application name AND event ID AND payload match

The CMG CNF package includes a default configuration file. When configuring a custom set of logs to be
tagged as FM data, make sure that both the raising event and at least one clearing event of an alarm are
included in the CSV file.

To change the default cmg_alarms.csv file in the LogSplitter container:

1. Create a new cmg_alarms.csv file.

2. Create a configmap from the CSV file; for example:

create configmap <config-map-name> --from-file=cmg_alarms.csv

3. Apply the configmap to the running pod or to the pod specifications prior to deployment.

Table 12: Log streaming options

Option Required deployment

All event-logs to stdout; for example, FluentD Logging container

All event-logs to stdout with FM logs being tagged LogSplitter container with the following:

• unset (delete) the OUTPUT_DIR variable

from the LogSplitter container specs in the
deployment.yaml file

• configure a custom cmg_alarms.csv file (

optional)

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 50

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Monitoring and troubleshooting

Table 12: Log streaming options (continued)

Option Required deployment

All event-logs streamed out from FluentBit with FM • Deploy LogSplitter container with the
logs streamed to different destination following:

For example, streaming FM to kafka and the rest to – OUTPUT_DIR variable set
FluentD, which is the default configmap for the Log
– shared-logs volumeMount configured
Splitter container
in the container specifications in the
deployment.yaml file

– configure a custom cmg_alarms.csv

file (optional)

• FluentBit container with shared-logs

volumeMount configured in the container
specifications in the deployment.yaml file.
Configure FluentBit destinations as required

Example: Lines in the cmg_alarms.csv file

BGP;;2032;
CHASSIS;;2016;1.3.6.1.4.1.6527.3.1.3.2.1.0.7
MOBILE_GATEWAY;;2001;Peer State: pathRestart
NTP;critical;;

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 51

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
 CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

7 Helm charts
Nokia provides the necessary Helm charts for managing the CMG CNF deployment. The Helm charts are
located under the CMG package available for download.
The CMG CNF deployment includes the following Helm charts:

• CMG Helm chart for deploying the CMG CP or UP function.

• CDB Helm chart for deploying the database components.

The following sections describe the folder structure, contents, and guidelines to modify the Helm chart
templates using the values.yaml file.

Related information

Nokia Support Portal

7.1 CMG Helm charts

Folder structure

| CMG <release-tag>
|-- <helm charts folder>
+-- cmg
|-- Chart.yaml
|-- values.yaml
|-- license.txt
|-- templates
|-- AWS_ConfigMap.yaml
|-- Card_ConfigMap.yaml
|-- ClusterRole.yaml
|-- ClusterRoleBinding.yaml
|-- CmgAlarms_ConfigMap.yaml
|-- Connectivity_Service.yaml
|-- Deployment.yaml
|-- Dut_ConfigMap.yaml
|-- Endpoints.yaml
|-- FluentBit_ConfigMap.yaml
|-- GlusterFS_Service.yaml
|-- HorizontalPodAutoscaler.yaml
|-- Internal_Service.yaml
|-- License_ConfigMap.yaml
|-- Nasc_ConfigMap.yaml
|-- NetworkAttachmentDefinition.yaml

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 52

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

|-- PersistentVolume.yaml
|-- PersistentVolumeClaim.yaml
|-- PriortyClass.yaml
|-- PodSecurityPolicy.yaml
|-- Role.yaml
|-- RoleBinding.yaml
|-- SecurityContextConstraints.yaml
|-- ServiceAccount.yaml
|-- SriovNetwork.yaml
|-- StatefulSet.yaml
|-- Vault_Tls_cert.yaml

Contents

Table 13: Files of the CMG Helm chart

Template File Description

charts/cmg/templates/Card_ConfigMap. Creates the K8s ConfigMap objects used for the

yaml OAM, LB, MG card and bootup configuration

charts/cmg/templates/Connectivity_ Creates K8s service objects for OAM, LB, and MG

Service.yaml connectivity services, such as SSH, Telnet, and
console access

charts/cmg/templates/CmgAlarms_Config Creates an alarms-cm configmap based on the

Map.yaml2 cmg_alarms.csv file that is used during the
Helm installation process

The alarms-cm configmap is mounted under the /

etc/cmg_alarms directory of the LOAM pods and
is read by the logsplit container to generate alarms

charts/cmg/templates/Deployment.yaml Creates a K8s deployment for OAM pods

This YAML file specifies the deployment

specifications, such as the containers and their
images, the volume mounts, the ConfigMap, and
the number of replicas

2 Applies only when the logsplit sidecar container is enabled in the LOAM pods.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 53

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 13: Files of the CMG Helm chart (continued)

Template File Description

charts/cmg/templates/Dut_ConfigMap. Creates the K8s ConfigMap objects that are used

yaml for the OAM application configuration, such as the
mobile gateway system, base router, profile, and
PDN

charts/cmg/templates/Endpoints.yaml3 Creates endpoint K8s resources based on the IP

addresses configured in the endpointIpList
parameter of the values.yaml file

The created endpoint is referenced under the

GlusterFS endpoints section while creating the PV

charts/cmg/templates/FluentBit_Config Creates a fluent-bit-config configmap which is

Map4 mounted under the fluent-bit/etc/ directory
of the FluentBit container

The FluentBit sidecar container forwards alarms to

Kafka and remainder logs to Fluentd

charts/cmg/templates/GlusterFS_ Creates the ClusterIp service

Service3

charts/cmg/templates/License_Config Creates the K8s ConfigMap object for the CMG

Map.yaml license enforcement

charts/cmg/templates/ToActive_Config Creates the K8s ConfigMap object to define a

Map.yaml python script used for applying the ‘loamState:
active’ label on the OAM pod

charts/cmg/templates/Nasc_ConfigMap. Creates the K8s ConfigMap objects for the NASC

yaml which queries the application (OAM and MG
container) metrics and makes it available for
Prometheus

3 Applies only when the GlusterFS storage is enabled.

4 Applies only when the fluent-bit sidecar container is enabled in the LOAM pods.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 54

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 13: Files of the CMG Helm chart (continued)

Template File Description

charts/cmg/templates/HorizontalPod Creates a K8s horizontal pod autoscalar, for scale-

Autoscalar.yaml out and scale-in of MG pods based on the target
CPU utilization threshold

charts/cmg/templates/Internal_Service. Creates the K8s headless service objects for the

yaml OAM, LB, and MG pods

charts/cmg/templates/PriortyClass. Creates a K8s PriorityClass resource

yaml5
The resource is referenced under the LMG
statefulset and is used only by the LMG pods

charts/cmg/templates/SecurityContext Creates a security-context-constraint resource

Constraints.yaml 6 with all the necessary privileges and capabilities to
allow the pods to run in either in Privileged (root)
or non-privileged (non-root mode)

The security-context-constraint resource is

referenced inside a namespace-dependent role;
when the role is created, the pods start to use the
created SCC via the role-binding.yaml and
service-account.yaml files

charts/cmg/templates/SriovNetwork. Creates a K8s SriovNetwork resource under the

yaml7 openshift-sriov-network-operator namespace

Note: For more information about the K8s-related content, refer to the official K8s
documentation.

5 Apllies only when the priorityclass parameter is defined in the values.yaml file.
6 Applies only to an OpenShift cluster and is executed by setting the openshift.enable=true
parameter during the CMG Helm installation process.
7 Applies only to an OpenShift cluster and is executed by setting the openshift.enable=true
and openshift.sriovOperatorEnable=true parameters during the CMG Helm installation
process.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 55

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

7.2 CMG attributes in the values.yaml file

The K8s objects defined in the manifest files are described in Files of the CMG Helm chart. They can
be customized using the values.yaml Helm file. This supports separation of generic templates with
deployment-specific values.
The CMG Helm chart folder includes a charts/cmg/templates/values.yaml file common for both CP
and UP. Additional examples of CP- and UP-specific values.yaml files, are included under the charts/
cmg/templates/smf_values and charts/cmg/templates/upf_values folders respectively.

The parameters marked as optional may be missing from default the values.yaml file. You can add these
parameters manually if needed.

Table 14: Parameters of the values.yaml file

Parameter Description

dualMgStatefulsets.Multus.setOne.net When two statefulsets must be taken into use, you

Names must manually add these attributes which assign
the following:

dualMgStatefulsets.Multus.setOne. • network names and SR-IOV envNames to both

resourceName:envName statefulsets (so that the MG pods are placed
on both NUMAs of a server)
dualMgStatefulsets.Multus.setTwo.net • the port order so that DSF and external
Names networks are assigned interchangeably to
both ports
dualMgStatefulsets.Multus.setTwo . • Multus resource names and number of Multus
resourceName:envName devices needed

• the baseSlotNum parameter is optional (

Dpdk.setOne.portOrder specifies that the first pod of setOne starts to
use the slot ID from 1 and the first pod of Set
Dpdk.setTwo.portOrder Two starts to use the slot ID from 9)

• the minReplicas and maxReplicas

baseSlotNum.SetOne parameters specify the number of pods
required for each set of MG pods8

baseSlotNum.SetTwo

resources.setOne.multus.resourcename

8 The minReplicas and maxReplicas parameters must be configured with the same value because
in the current release the HorizontalPodAutoscaler parameter for scale-out and scale-in of the
MG pods is not supported.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 56

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

resources.setOne.multus.numDevices

resources.setTwo.multus.resourcename

resources.setTwo.multus.numDevices

setOneScale.minReplicas

setOneScale.maxReplicas

setOneScale.targetCPUUtilization
Percentage

setTwoScale.minReplicas

setTwoScale.maxReplicas

setTwoScale.targetCPUUtilization
Percentage

service.loamA.console.port K8s service port details for console connectivity to

the OAM, LB, and MG pods

service.loamA.console.targetPort

service.loamB.console.nodePort

service.loamB.console.port

service.loamB.console.targetPort

service.lmg.console.nodePort

service.lmg.console.port

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 57

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

service.lmg.console.targetPort

service.llb.console.nodePort

service.llb.console.port

service.llb.console.targetport

loam.sshPort The SSH port of the OAM pod

If not configured, the default value is used

Default: 2222

image.repository Image details for the OAM and MG pods9

image.name

image.tag

image.pullPolicy

imagePullSecrets Optional

Pulls a container image from a private registry and,

or repository

To use this parameter, configure a secret (the

secret must be available)

Example:

imagePullSecrets:
- name: privateRegSecret

nasc.enable Image details for the NASC

9 OAM and MG use the same image as specified by the image.name attribute.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 58

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

Enabling NASC is optional and is only required if

nasc.imageRepository you need to scrape data toward Prometheus

Based on the scraping intervals, configured in the

nasc.imageName
ConfigMap, the NASC container queries the OAM
and MG containers statistics; the Prometheus
nasc.imageTag pod comes and scrapes these statistics at its own
configured interval (under the ownership of the
CaaS administrator)
nasc.imagePullPolicy

nasc.configReadInterval Configuration read interval for the NASC to read

its ConfigMap and scrape interval for the NASC to
query the application (OAM and MG) containers
nasc.scrapeInterval.loam.kciInfo

nasc.scrapeInterval.loam.kpiInfo

nasc.scrapeInterval.lmg.kciInfo

nasc.scrapeInterval.lmg.kpiInfo

nasc.externalLabels

logging.enable Image details for the logging sidecar container

which is deployed alongside the OAM container

logging.imageRepository Enabling the logging container is optional and is

only required if you need to pass log files to pods
like Fluentd, ELasticSearch, and so on
logging.imageName

logging.imageTag

logsplit.imagePullPolicy

logsplit.enable Image details for the log splitting sidecar container

which is deployed alongside the OAM container

logsplit.imageRepository

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 59

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

logsplit.imageName

logsplit.imageTag

logsplit.imagePullPolicy

fluentbit.enable Image details for the fluentbit sidecar container

which is deployed alongside the OAM container

fluentbit.imageRepository

fluentbit.imageName

fluentbit.imageTag

fluentbit.imagePullPolicy

kafka.brokerEndpoint

kafka.topic

fluentbit.host

fluentbit.port

fluentbit.tag

multus.loam.ip Multus IPVLAN CNI plug-in parameters for the OAM

pods

multus.loam.netMask You must configure the OAM management

IP address details and gateway IP address
information
multus.loam.subnet

multus.loam.gw

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 60

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

multus.loam.hostInterface

multus.loam.cniVersion

multus.lmg.numDevices Multus CNI plug-in details for the SR-IOV host

device plug-in for the MG and LB pods

multus.lmg.netNames When application-level tagging is used (

recommended), the numDevices parameter must
be set to 4 for both lmg and llb (2 for DSF and 2 for
multus.lmg.resourceName
external interfaces)

If a single MG statefulset is required, input is

multus.lmg.envName
mandatory; if two MG statefulsets are required,
delete the following attributes:
multus.llb.numDevices
• lmg.netNames

multus.llb.netNames • lmg.reosurceName

• lmgenvName
multus.llb.resourceName

multus.llb.envName

multus.attachDef.name The multus.attachDef parameter must include

the NetworkAttachmentDefinition details provided
by the CaaS administrator for CMG-Multus
multus.attachDef.resourceName
networking

The groFlag parameter must be disabled

multus.attachDef.type
DSF and DPDK must be set to enable for live
deployments
multus.attachDef.cniVersion
The multus.dpdk.configVlan parameter must
be set to 1 for CMG CNF deployments on VMWare
multus.attachDef.pciBusID
Photon OS with Intel i40e driver to ensure that
VLAN tagging works with DPDK interfaces
multus.attachDef.deviceID
To enable dual DSFs, the numDSFDevices
parameter must be set to 2
multus.groFlag

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 61

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

The PortOrder parameter must be set

multus.dsfEnable interchangeably to envNames, pointing to two
physical ports to ensure link redundancy; by doing
multus.dpdk.enable so, DSF-0 is assigned to a VF from PF-0, DSF-1 is
assigned to a VF from port-1, Ext-0 is assigned to a
VF from PF-0, and so on
multus.dpdk.lmg.portOrder
If a single MG statefulset is required, input is
mandatory; if two MG statefulsets are required,
multus.dpdk.llb.portOrder
delete the following attributes:

• lmg.netNames
multus.dpdk.configVlan
• lmg.reosurceName

• lmgenvName

For more information about configuring DSF

link redundancy on physical level and the use
of the portOrder parameter, see CMG CNF CP
networking

gwConfig Not required when statically configuring the CNF

Values:

• smf

• upf

gwRedundancy.active Defines the number of MG groups

lmgScale.minReplicas Scale-out and scale-in support for the MG pods 10

If a single MG statefulset is required, input is

lmgScale.maxReplicas mandatory; if two MG statefulsets are required,
delete the following attributes:

lmgScale.targetCPUUtilization • lmg.netNames
Percentage
• lmg.reosurceName

• lmgenvName

10 The minReplicas and maxReplicas parameter values must be equal because the HorizontalPod
Autoscalar parameter for scale-out and scale-in of the MG pods is not fully supported.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 62

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

llbScale.minReplicas Scale-out and scale-in for the LB pods10

llbScale.maxReplicas

llbScale.targetCPUUtilization
Percentage

resources.loam.cpu CPU and memory requests and limits for OAM, MG,
and LB containers

resources.loam.memory The values on the values.yaml file are indicative;

proper values must be set based on traffic needs

resources.lmg.cpu Nokia recommends setting the *.hugepages1Gi

parameter to 2

resources.lmg.memory

resources.lmg.memory.hugepages1Gi

resources.lmg.multus

resources.llb.cpu

resources.llb.memory

resources.llb.memory.hugepages1Gi

resources.llb.multus

resources.nasc.cpu CPU and memory requests and limits for the NASC
container

resources.nasc.memory Nokia recommends setting the cpu parameter at

100m and memory at 200Mi

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 63

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

resources.logging.cpu CPU and memory requests and limits for the

logging container deployed alongside the OAM
container
resources.logging.memory
Nokia recommends setting the cpu parameter at
100m and memory at 200Mi

resources.logsplit.cpu CPU and memory requests and limits for the log
splitting and fluentBit containers

resources.logsplit.memory Nokia recommends setting the cpu parameter at

100m and memory at 200Mi

resources.fluentBit.cpu

resources.fluentBit.memory

storage.pvCreation Mount path for OAM and MG volume mounts

The storage path defined by storage.parentPath

storage.parentPath must be a shared path between all worker nodes

If the PVs are already created, the storage.pv

storage.pvLogsName Creation parameter must be set to 0

storage.pvStorageClass

storage.pvLogsClaimName

storage.pvSize

storage.cfSize

storage.cfAInfo

storage.cfBInfo

loamB.enable Enables high availability between the OAM pods

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 64

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

podSecurityPolicy.create Creates the PodSecurityPolicy object to define the

security-sensitive aspects of the SMF pods

true the PSP included in the CMG

Helm charts is created

false if CMG uses a PSP created

by CaaS administrators,
an entry must be placed
below create:false as
name:name , where name is
the name of the pre-created
PSP policy

podsecuritypolicy.privileged Optional

true CMG pods (LOAM, LMG, and

LLB) run in privileged mode

false CMG pods (LOAM, LMG, and

LLB) run in restricted mode
and a proper PSP should be
taken into use

Default: false

podsecuritypolicy.runAsNonRoot Optional

true CMG (LOAM, LMG, and LLB)

container processes run with
a hard-coded non-root UID

false CMG (LOAM, LMG, and LLB)

container processes run with
root UID

Default: true

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 65

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

antiAffinity.loam Enables anti-affinity between the OAM pair

When set to hard, it ensures that the OAM pair

does not reside on the same worker node11

antiAffinity.lmg Enables anti-affinity between MG pods

When set to hard, it ensures that two MG pods are

not deployed on the same worker node11, 12

antiAffinity.llb Enables anti-affinity between LB pods

When set to hard, it ensures that LB pods are not

deployed on the same worker node 11

antiAffinity.loamLmg Enables anti-affinity between OAM and MG pods

When set to hard, it ensures that MG ports do not

coexist with the OAM pods11

AntiAffinity.external Optional

External anti-affinity can be set for each CMG pod

(OAM, MG, and LB), to define the anti-affinity rules
with other CNF pods by defining their label and
namespace

Example:

external:
type: hard
lmg:
- label:
key: name
value: SBC
namespace:SBC

11 The antiAffinity:hard setting translates to requiredDuringSchedulingIgnoredDuringExecution

and the antiAffinity:soft setting translates to preferredDuringSchedulingIgnoredDuring
Execution under the pod anti-affinity specification.
12 Provided that there are enough resources, Nokia recommends enabling anti-affinity between MG
pods.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 66

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

The anti-affinity for the LMG pod is set to 'hard' so

that it is not placed on the same server with a pod
named SBC that belongs to the SBC namespace

Antiaffinity.dualMgStatefulsets Optional

Enables anti-affinity between MG SetOne and MG

SetTwo groups when dual MGstatefulest is used

bootstring.ht Indicates the hyper-threading parameters

Values:

2 the sequential cores are

siblings (VM worker node)

3 the first half of cores are

siblings with the second
half of the cores (BareMetal
worker node)

bootstring.fswo The inter-pod control network timer that monitors

the health and state of a pod; it triggers recovery
actions (restart and switchover) based on the pod
type

This parameter must not be altered

bootstring.dsfinfo Required when DSF is enabled

The VLAN and IP networking details to be added

under dsfstring

The dsfstring syntax is: subnet;mask;def_gw;udp_

port;dscp

bootstring.lmg.cpcores Optional

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 67

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

Configures the CPU cores assigned to the CP

functions of the LMG pods 13

bootstring.lmg.cfp Optional

Merges the NIC and scheduler tasks into a single

physical core 13

It can adversely affect performance, especially on

UP functions

Default: 0 (NIC and Scheduler task are on separate

cores)

bootstring.llb.cpcores Optional

Configures the CPU cores assigned to the CP

functions of the LLB pods13

bootstring.llb.cfp Optional

Merges the NIC and scheduler tasks into a single

physical core 13

It can adversely affect performance, especially on

the UP functions

Default: 0 (NIC and Scheduler task are on separate

cores)

priorityclass.value Specifies the pod priority which indicates the

importance of a pod relative to other pods; if a
pod cannot be scheduled, the scheduler tries
priorityclass.name
to preempt (evict) lower priority pods to make
scheduling of the pending pod possible

Priority class is an optional value used only for the

MG pods

The priorityclass.value parameter specifies

the priority of the pod (the higher the value, the
higher the priority of the pod)

13 Optional parameter.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 68

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

The priorityclass.name parameter is optional;

if not specified (for example, "high-priority"), a
name is generated by the Helm chart using the
release name and namespace

For more information about pod priority, refer to

the official K8s documentation

peers.cdbx.ip DB peer configuration details

peers.cdbx.port

peers.cdbx.interface

peers.nrf.ip Parameters to set NRF peer details

peers.nrf.port

peers.nrf.interface

peers.nrf.uuid

peers.upf.peerList Parameters to set the UPF peer details

peers.upf.interface

peers.gx.ip Parameters to set the Gx peer details

peers.gx.interface

peers.rf.ip Parameters to set the Rf peer details

peers.rf.interface

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 69

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

plmn Parameters to set other application-level

configuration

slice

uuid

network.interface

network.staticRoute

network.bgp

apn

uepool

cnfName Specifies the CNF name

nodeSelector.loamA Parameters to specify the node selection

constraints of the OAM, MG, and LB pods (optional)

nodeSelector.loamB If used, they must be entered in the following

format:

nodeSelector.lmg
nodeSelector:
loamA:
nodeSelector.llb - key: key1
value: value1
loamB:
- key: key2
value: value2
lmg:
- key: key3
value: value3
llb:
- key: key4

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 70

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

value: value4

tolerations.loamA Parameters to specify the toleration of the OAM,

MG, and LB pods (optional)

tolerations.loamB If used, they must be entered in the following

format:

tolerations.lmg
tolerations:
#pod type#:
tolerations.llb - key: key1
value: value1
operator: operator1
effect: effect1
tolerationSeconds: toleration
Seconds1

fabMtu Specifies the MTU of the internal switch fabric (CSF

and DSF)

Optional

Default: 9000

Contact your local Nokia representative prior to

changing this value

mda.lmg Refers to the logical slots used to assign several

functions on the MG pod

Optional parameter

Default: 3

mda.llb Refers to the logical slots used to assign several

functions on the LB pod

Optional parameter

Default: 1

k8DualStack Optional

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 71

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

Enables the K8s dual stack within the CMG CNF and
must be set to true to use IPv6 addressing

baseSlotNum.lmg Specifies the base slot number for MG

Optional parameter

Default: 1

baseSlotNum.llb Specifies the base slot number for LB

Optional parameter

Default: 17

vault.enable Enables the connection to the Vault server

vault.name Specifies the IP address or FQDN of the Vault

server

vault.port Specifies the port of the Vault server

vault.basePath Specifies the path in the Vault server under which

the CMG POST (stores) or reads secrets from

vault.adminKeyRPath Specifies the relative path

This is appended to the base path to construct the

full path from where the admin pubKey is read

vault.tlsCaCert Specifies the CA certificate used to connect to the

vault server

aws.enable Used only in AWS deployments

Default: aws.enable=1
aws.region
For more information, see AWS requirements

openshift.enable Used only in OpenShift deployments

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 72

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
 CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 14: Parameters of the values.yaml file (continued)

Parameter Description

Specifies to deploy the cluster in OpenShift

environment

Default: false

bootstring.msmStatsPoll Optional

Allocates a dedicated physical core to the statistics

polling operation

The allocated core is deducted from the CPU

cores allocated to the CP (using the cpcores
parameter)14

Note:

• Nokia provides a charts/cmg/values.yaml file and other sample values.yaml files

under the charts/cmg/smf_values/ and charts/cmg/upf_values/ folders. Nokia
recommends setting the appropriate parameters and passing the correct values.yaml file
in the Helm commands.

• Nokia recommends setting the following antiAffinity rules in production environments:

– antiAffinity.loam=hard

– antiAffinity.lmg=hard

– antiAffinity.llb=hard

– antiAffinity.loamLmg=hard

Setting the MG anti-affinity to hard can lead to high number of hardware resources
in some cases. Alternatively, soft anti-affinity can be used, assuming impact is
acknowledged.

• The values_xdp.yaml file must not be used for live deployments. Only DPDK mode is
supported.

7.3 CDB Helm chart

The CDB Helm charts are used to deploy the DB-Proxy and the Redis DB resources in the CMG CNF as CP
or UP.

helm install smf-cdb cdb --replace --namespace smf-cdb

14 Enable this parameter only when a sufficient number of CP cores is configured.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 73

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
 CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

NAME: smf-cdb
LAST DEPLOYED: Wed May 19 15:29:10 2021
NAMESPACE: smf-cdb
STATUS: deployed
REVISION: 1
TEST SUITE: None

helm install upf-cdb cdb --replace --namespace upf-cdb --set

service.dbproxy.nodePort=5679
NAME: upf-cdb
LAST DEPLOYED: Wed May 19 15:29:27 2021
NAMESPACE: upf-cdb
STATUS: deployed
REVISION: 1
TEST SUITE: None

Note: A unique NodePort must be used when using the same CDB Helm charts for CP and UP.

Folder structure

| CMG <release-tag>
|-- charts
+-- cdb
|-- Chart.yaml
|-- values.yaml
|-- values_multus.yaml
|-- values_ncs.yaml
|-- templates
|-- ClusterRole.yaml
|-- ClusterRoleBinding.yaml
|-- Connectivity_Service.yaml
|-- Dbproxy_ConfigMap.yaml
|-- Deployment.yaml
|-- HorizontalPodAutoscaler.yaml
|-- Internal_Service.yaml
|-- NetworkAttachmentDefinition.yaml
|-- PodSecurityPolicy.yaml
|-- RoleBinding.yaml
|-- Role.yaml
|-- SecurityContextConstraints.yaml
|-- SrioNetwork.yaml
|-- StatefulSet.yaml

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 74

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Contents

Table 15: Files of the CDB Helm chart

Template File Description

charts/cdb/templates/Dbproxy_Config Creates the K8s ConfigMap objects used for the

Map.yaml DB-Proxy configuration

charts/cdb/templates/Connectivity_ Creates K8s service objects for connectivity to the

Service.yaml DB-Proxy and each Redis DB pod

charts/cdb/templates/Deployment.yaml Creates a K8s deployment for the DB-Proxy pod

charts/cdb/templates/HorizontalPod Creates a K8s horizontal pod autoscalar, for scale-

Autoscalar.yaml out and scale-in of Redis DB pods based on the
target CPU utilization threshold

charts/cdb/templates/Internal_Service. Creates the K8s headless service objects for the

yaml DB-Proxy and Redis DB pods

charts/cdb/templates/NetworkAttachment Creates a K8s custom extension Network

Definition.yaml AttachmentDefinition object for the secondary
interface on the DB-Proxy pod

charts/cdb/templates/StatefulSet.yaml Creates the K8s StatefulSet objects for Redis DB

pods

charts/cdb/templates/PodSecurity Creates a Kubernetes PodSecurityPolicy object to

Policy.yaml define the security sensitive aspects of the CDB
pods15

charts/cdb/templates/ClusterRole.yaml Creates an RBAC-based ClusterRole and Cluster

RoleBinding for granting access to use the created
charts/cdb/templates/ClusterRole
PodSecurityPolicy, and binding it to the authorized
Binding.yaml
ServiceAccount

15 These resources are created only when the Values.podsecuritypolicy.create attribute is set
to true.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 75

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 15: Files of the CDB Helm chart (continued)

Template File Description

charts/cdb/templates/Role.yaml Specifies a set of permissions to allow CMG pods

to run

These permissions are granted to the service

account holder using the RoleBinding K8s resource

charts/cdb/templates/RoleBinding.yaml Creates a RoleBinding K8s construct that binds to

the created role under the respective namespace

A service account is referenced to this RoleBinding

resource, which is used by the pods to inherit
different permissions that are specified in the
created role

charts/cdb/templates/SecurityContext Creates a security-context-constraint resource

Constraints.yaml 16 with all the necessary privileges and capabilities to
allow the pods to run in either in Privileged (root)
or non-privileged (non-root mode)

The security-context-constraint resource is

referenced inside a namespace-dependent role;
when the role is created, the pods start to use the
created SCC via the role-binding.yaml and
service-account.yaml files

charts/cdb/templates/SriovNetwork. Creates a K8s SriovNetwork resource under the

yaml17 openshift-sriov-network-operator namespace

Note:

• For more information about the K8s-related content, refer to the official K8s documentation.

• Nokia recommends editing the sample YAML files. Refer to the parameters set in those files
and make the necessary changes to the main values.yaml file.

16 Applies only to an OpenShift cluster and is executed by setting the openshift.enable=true

parameter during the CDB Helm installation process.
17 Applies only to an OpenShift cluster and is executed by setting the openshift.enable=true and
openshift.sriovOperatorEnable=true parameters during the CDB Helm installation process.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 76

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

7.4 CDB values.yaml file

The K8s objects defined in the manifest files are described in Files of the CDB Helm chart . They can be
customized using the charts/cdb/values.yaml file. This supports separation of generic templates
with deployment-specific values.
The default values.yaml file assumes that the database proxy uses NodePort connectivity for
communication with the LB pods. This configuration is supported only for lab deployments. For live
deployments, the values_multus file must be used as reference which assumes Multus and SR-IOV
connectivity for communication with the LB pods.

Table 16: Parameters of the charts/cdb/values.yaml file

Parameter Description

service.dbproxy.nodePort K8s service port details for connectivity to the DB-

Proxy pod.

service.dbproxy.Port

service.dbproxy.targetPort

service.redis.port Sets the port for the K8s service and containerPort
for the Redis DB container

image.dbproxy.repository Image details for the DB-Proxy pod

image.dbproxy.name

image.dbproxy.tag

image.dbproxy.pullPolicy

image.redis.repository Image details for the Redis DB pod

image.redis.name

image.redis.tag

image.redis.pullPolicy

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 77

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 16: Parameters of the charts/cdb/values.yaml file (continued)

Parameter Description

redisScale.replicas Support the scale-out and scale-in of the Redis DB

pods

redisScale.targetCPUUtilization
Percentage

resources.dbproxy.cpu Specify the CPU and memory requests and limits

for the DB-Proxy container

resources.dbproxy.memory

resources.redis.cpu Specify the CPU and memory requests and limits

for the Redis DB container

resources.redis.memory

multus.dbproxy.enable Enables the secondary Multus interfaces for the

DB-Proxy pod

multus.dbproxy.numDevices The networkInfo section enables the addition of

one more optional parameter to tag VLAN traffic
between the LB and the DB-proxy pods on the
multus.dbproxy.netNames
application level

Example:
multus.dbproxy.networkInfo

networkInfo:
multus.dbproxy.attachDef ip: 192.168.1.104
mask: 24
multus.groFlag mtu: 9000
vlan: 1095

podsecuritypolicy.create Enables the creation of the PodSecurityPolicy

true the PSP included in the CMG

Helm charts is created

false if CMG uses a PSP created

by CaaS administrators,
an entry must be placed
below create:false as

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 78

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 16: Parameters of the charts/cdb/values.yaml file (continued)

Parameter Description

name:name , where name is

the name of the pre-created
PSP policy

AntiAffinity.external Optional

External anti-affinity can be set for each DB pod (

DBProxy or Redis), to define the anti-affinity rules
with other CNF pods by defining their label and
namespace

Example:

external:
type: hard
dbproxy:
- label:
key: name
value: SBC
namespace:SBC

The anti-affinity for the DBProxy pod is set to '

hard' so that it is not placed on the same server
with a pod named SBC that belongs to the SBC
namespace

podsecuritypolicy.privileged Optional

true CMG pods (LOAM, LMG, and

LLB) run in privileged mode

false CMG pods (LOAM, LMG, and

LLB) run in restricted mode
and a proper PSP should be
taken into use

Default: false

podsecuritypolicy.runAsNonRoot Optional

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 79

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Helm charts

Table 16: Parameters of the charts/cdb/values.yaml file (continued)

Parameter Description

true CMG (LOAM, LMG, and LLB)

container processes run with
a hard-coded non-root UID

false CMG (LOAM, LMG, and LLB)

container processes run with
root UID

Default: true

imagePullSecrets Optional

Pulls a container image from a private registry and,

or repository

To use this parameter, configure a secret (the

secret must be available)

Example:

imagePullSecrets:
- name: privateRegSecret

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 80

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions

Numbers

2G Second-generation wireless telephone technology

3G Third-generation wireless telephone technology

3GPP 3rd Generation Partnership Project

Project in which standards organizations and

other related bodies have agreed to cooperate
for the production of globally applicable technical
specifications for a third-generation mobile system

4G Fourth-generation wireless telephone technology (

LTE)

Fourth-generation mobile communications

technology that enables very fast voice and data
transfer in large volumes

5G Fifth-generation Wireless Telephone Technology

5G-AN 5G Access Network

An AN comprising an NG-RAN or a non-3GPP AN

connecting to a 5GC

5G QoS Flow The finest granularity for QoS forwarding

treatment in the 5GS

All traffic mapped to the same 5G QoS flow

receives the same forwarding treatment; for
example, scheduling policy, queue management
policy, rate shaping policy, and RLC configuration

Providing different QoS forwarding treatment

requires separate 5G QoS flows

5G QoS Identifier A scalar used as a reference to a specific QoS

forwarding behavior (for example, packet loss rate

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 81

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

and packet delay budget) to be provided to a 5G

QoS flow

May be implemented in the AN by the 5QI

referencing node-specific parameters that control
the QoS forwarding treatment; for example,
scheduling weights, admission thresholds, queue
management thresholds, and link layer protocol
configuration

5GC 5G Core Network

5G-EIR 5G Equipment Identity Register

5GS 5G System

3GPP system consisting of 5G-AN, 5GC, and UE

5QI 5G QoS Identifier

AA Application Assurance

AAA Authentication, Authorization, and Accounting

ABC Application-Based Charging

ABMF Account Balance Management Function

ABS Anti-Breakdown System

AC Access Concentrator

Air Conditioned

ACK Acknowledge

An acknowledgment signal that confirms the

receipt of a data packet

ACL Access Control List

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 82

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

ACR Accounting Request

Anonymous Customer Record

ADC Application Detection and Control

ADB Authentication Database

ADMF Administration Function

ADPDP Activation and Deactivation of Pre-defined PDRs

AES Advanced Encryption Standard

AF Application Function

AFTR Address Family Transition Router

AIM Appliance Infrastructure Manager

AKA Authentication and Key Agreement

ALG Application Level Gateway

ALPN Application Layer Protocol Negotiation

Allowed NSSAI An NSSAI provided by the serving PLMN; for

example, a registration procedure indicating the S-
NSSAI values the UE uses in the serving PLMN for
the current registration area

AMBR Aggregate Maximum Bit Rate

AMF Access and Mobility Management Function

AMF region Consists of one or more AMF Sets

AMF Set Consists of AMFs that serve an area and network

slices

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 83

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

The AMF set is unique within an AMF region and it

comprises AMFs that support the same network
slices

Multiple AMF sets may be defined per AMF region

AN Access Network

AP Assume Positive Access Point

APCO Additional Protocol Configuration Options

API Application Programming Interface

APN Access Point Name

Logical name that describes the actual connected

access point to the external PDN, according to
domain name system naming conventions

Access Point Node

ARP Allocation and Retention Priority

AS Access Stratum

ASA Abort Session Answer

ASL Application-Specific License

ASN.1 Abstract Syntax Notation One

ASP Application Service Provider

ASR Abort Session Request

ASSP Airborne Sea Salt Particles

AUSF Authentication Server Function

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 84

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

AUSF Group ID Refers to one or more AUSF instances managing a

specific set of SUPIs

AVP Attribute Value Pair

Average Voice Packet

AWS Amazon Web Services

B4 Basic Bridging BroadBand element

BAR Buffering Action Rule

BBAI BroadBand Access Interworking

BBF BroadBand Forum

BBFC British Board of Film Classification

BBIFF Bearer Binding Intercept and Forwarding Function

BBR Bottleneck Bandwidth and Round-trip propagation

time

BD Billing Domain

May also be a billing system or a billing mediation

device

BDP Bandwidth Delay Product

BFD Bidirectional Forwarding Detection

BGCF Border Gateway Control Function

BHCA Busy Hour Call Attempts

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 85

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

The average number of CP events per one UE/IMSI

per hour during busy hour

BIOS Basic Input/Output System

Part of the operating system that is held in the

computer memory, allowing the computer to start
up and load the rest of its operating system

BMC Baseboard Management Controller

BNG Broadband Network Gateway

BOF Boot Option File

BP Branching Point

UPF functionality where different UP paths lead to

different PSAs that branch out at a common UPF

BSD Berkeley Software Distribution

BSF Binding Session Function

BSID Base Station Identifier

BSON Binary Javascript Object Notation

A binary-encoded serialization of JSON documents

BTS Base Transceiver Stations

CA Certification Authority

Security authority that issues and manages

certificates by using a public key algorithm to
certify the public key

CaaS Containers as a Service

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 86

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

A cloud service that allows software developers

and IT departments to upload, organize, run, scale,
manage, and stop containers by using container-
based virtualization

CBAM CloudBand Application Manager

CBIS CloudBand Infrastructure Software

An NFVI and VIM built for OpenStack Virtualizes

and manages compute, storage, and network
resources, enables VNFs to run, and ensures that
they meet strict robustness, performance, and
security requirements

CBN Common Bonding Network

CBR Create Bearer Request

Create Bearer Response

CC Charging Characteristics

Information that indicates the charging method

that a GPRS subscriber is using

Content of Communication

CCA Connected Component Analysis

Credit Control Answer

CCA-I Credit Control Answer Initial

CCA-T Credit Control Answer Termination

CCA-U Credit Control Answer Update

CCF Charging Collection Function

CCFH Credit Control Failure Handling

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 87

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

CCR Constant Current Regulator

Credit Control Request

CCR-E Credit Control Request Events

CCR-I Credit Control Request Initial

CCR-T Credit Control Request Termination

CCR-U Credit Control Request Update

CCS Converged Charging System

CDF Charging Data Function

CDMA Code Division Multiple Access

CDR Charging Data Record

CDReq Charging Data Request

CDRes Charging Data Response

CEA Capabilities Exchange Answer

Customer Experience Agent

CellID Cell Identity

Ceph Storage platform that implements object storage

on a single distributed computer cluster, and
provides interfaces for object-, block-, and file-
level storage

CF Compact Flash

CGF Charging Gateway Function

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 88

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

CGN Carrier Grade NAT

CHAP Challenge Handshake Authentication Protocol

CHF Charging Function

CI/CD Continuous Integration/Continuous Delivery

Cinder Block storage service for OpenStack, designed to

allow the use of a reference implementation (LVM)
to present storage resources to end-users that can
be consumed by Nova

Cinder virtualizes pools of block storage devices

and provides end-users with a self-service API to
request and consume those resources without
requiring any knowledge of where their storage is
actually deployed, or on what type of device

CIoT Cellular Internet of Things

CITM Common IP Traffic Manager

CITM CSF IP Traffic Manager

CLAT Customer-side translator

CLI Command Line Interface

CLM Centralized License Manager

CMG Cloud Mobile Gateway

CMG-a Cloud Mobile Gateway Appliance

CN Core Network

CNF Container Network Function

CNI Container Network Interface

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 89

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

CNO-ULI Core Network Overload - User Location

Information

CNRD Cloud Network Resource Director

CoA Care of Address

Change of Authorization

Compute Node Provides a core or cluster of storage, memory, and

processing resources that can be used by multiple
VM instances

Config Drive An OpenStack feature that allows instance-specific

configuration data to be written to a read- only
virtual disk that is attached to the VM when it
boots

Configured NSSAI NSSAI provisioned in the UE and applicable to one

or more PLMNs

CP Control Plane

CPF Control Plane Function (BNG CUPS)

CPM Control Plane Module

The OAM-VM in CMG

CPRi Control Packet Redirection interface

The interface between the BNG CPF and the BNG

UPF in a BNG CUPS solution that is used to forward
and tunnel control packets

CPU Central Processing Unit

Part of a computer containing the circuits that

control and execute instructions Contains the
arithmetic logic unit, a number of special registers,
and control circuits

CPU Pinning A configuration constraint (often expressed as an

affinity map), which specifies to the scheduler the

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 90

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

(logical) cores that can be used to run a task or set

of tasks

CRD Custom Resource Definition

CRU Charging Rule Unit

CSAR Cloud Service Archive

CSCF Call Session Control Function

CSF Control Switch Fabric

CSG Closed Subscriber Group

CSR Create Session Request

Create Session Response

CSV Comma-Separated Value

File format in which each line is one entry or

record, and the fields in a record are separated by
commas or another delimiter

CT Call Trace

CTF Charging Trigger Function

CUPS Control and User Plane Separation

C-VLAN Customer VLAN

The VLAN tag that customers use on their own

devices

CWIND Congestion Window size

DAC Direct Air Cooled

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 91

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

Direct Attach Cable

DACK Delayed ACK

DAE Dynamic Authorization Extensions

DB Database

Collection of data describing a specific target area,

and used and updated by one or more applications

DBMS DataBase Management System

DB-VM Database VM

DCA DOIC Capability Announcement

DCC Dedicated Control Channel

Diameter Credit Control

DCCA Diameter Credit Control Application

DCN Dedicated Core Networks

DCNR Dual Connectivity with NR

DDN Downlink Data Notification

DEA Diameter EAP Answer

DEM Dynamic Experience Management

DEM-GW Dynamic Experience Management Gateway

DER Diameter EAP Request

DF Delivery Function

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 92

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

DFW Distributed Firewall

DHCP Dynamic Host Configuration Protocol

DID Domain ID

DL Downlink

DLBD DL Buffering Duration

DM Disconnect Message

DMTF Distributed Management Task Force

Computer software trade group that works to

simplify the manageability of network-accessible
technologies

DN Data Network

DNAI Data Network Access Identifier

Identifier of UP access to one or more DNs where

applications are deployed

Dynamic Network Access Identifier

DNN Data Network Name

DNS Domain Name Server

Domain Name System

DOIC Diameter Overload Indication Conveyance

DORA Discover Offer Request Acknowledge

A process used by DHCP

DoS Denial of Service

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 93

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

DP Data Plane

DPDK Data Plane Development Kit

Open-source software (BSD-licensed) developed

by Intel to improve fast packet processing for NFV
data plane applications

DPDK optimizations include poll-mode NIC drivers

in Linux user space, Huge Pages for memory
management, and lockless queues

DPDRA Deferred PDR Activation or Deactivation

DPI Deep Packet Inspection

DPL Delegated Prefix Length

DPR Disconnect Peer Request

DRA Diameter Routing Agent

DRMP Diameter Routing Message Priority

DRT Data Record Transfer

DSCP Differentiated Services Code Point

Field in the IP header that prompts network

routers to apply different grades of service to
various packet streams

DSF Data Switch Fabric

DS-Lite Dual-Stack Lite

DUID DHCP Unique Identifier

EAP Extensible Authentication Protocol

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 94

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

EBI East-Bound Interface

EPS Bearer ID

ECGI EUTRAN Cell Global Identifier

ECM EPS Connection Management

ECMP Equal-Cost Multi-Path

ECUR Event Charging with Unit Reservation

EDGE Enhanced Data rates for Global Evolution

eDRX extended Idle Mode Discontinuous Reception

EH Extension Headers

eHRPD evolved High-Rate Packet Data

ELK Elasticsearch Logstash and Kibana

A stack composed of the Elasticsearch, Logstash,

and Kibana open-source projects and often
referred to as Elasticsearch

The ELK stack provides the ability to aggregate

logs from systems and applications, analyze the
logs, and create visualizations for application and
infrastructure monitoring, faster troubleshooting,
and security analytics

eMBB enhanced Mobile BroadBand

eMPS enhanced Multimedia Priority Service

EMS Enhanced Subscriber Management

Endpoint Address An address used by an NF service consumer to

access the NF service (that is, to invoke service
operations) provided by an NF service provider

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 95

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

An endpoint address is represented in the syntax

of a URI; for example, part of Resource URI of the
NF service API

ENI Elastic Network Interfaces

A logical networking component in a VPC that
represents a virtual network card

eNodeB (or eNB) evolved Node B

Base transceiver station that controls all radio-

related functions in the radio access part of the E-
UTRAN

EP Entry Point

EPC Evolved Packet Core

IP-based network that is an evolution of the 3GPP

system with a higher data rate, lower latency, and
packet optimization, and that supports multiple
radio access technologies

EPCO Extended Protocol Configuration Options

ePDG evolved Packet Data Gateway

EPS Evolved Packet System

EPS is the evolution of the 3G/UMTS standard

introduced by the 3GPP standard

ESG Edge Services Gateway

ESP Encapsulating Security Payload

ETS Estimated Time Stamp

EUT Equipment Under Test

E-UTRAN Evolved UTRAN

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 96

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

EVDO Evolution-Data Optimized

EVPN Ethernet Virtual Private Network

FAR Forwarding Action Rule

FBC Flow-Based Charging

FH Failure Handling

FM Fault Management

FP Fast Path

FPT First Packet Trigger

FQDN Fully Qualified Domain Name

FRRT Framed Routing

F-SEID Fully Qualified SEID

Contains the SEID and IP address of the PFCP

entity

F-TEID Fully Qualified TEID

FTP File Transfer Protocol

Application protocol, part of the TCP/IP protocol

stack, used for transferring files between network
nodes

FUA Final Unit Action

FUI Final Unit Indication

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 97

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

GBR Guaranteed Bit Rate

GBR QoS Flow A QoS flow using the GBR resource type or the
delay-critical GBR resource type and requiring
GFBR

GERAN GSM EDGE RAN

GFBR Guaranteed Flow Bit Rate

GGSN Gateway GPRS Support Node

gNB Next Generation NodeB

GNU GNU's Not UNIX

GPRS General Packet Radio Service

GPSI Generic Public Subscription Identifier

GRUB GRand Unified Bootloader

Multiboot boot loader developed by the GNU

project

GSM Global System for Mobile Communications

GSN GPRS Support Node

GSU Granted Service Units

GTP GPRS Tunneling Protocol

GTP-C GPRS Tunneling Protocol - Control plane

GTP-U GPRS Tunneling Protocol - User plane

GTSM Group Traffic State Machine

GUAMI Globally Unique AMF Identifier

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 98

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

GUI Graphical User Interface

User interface for interacting with computer

software, based on windows and graphical icons

H-CHF Home CHF

H-NSSF Home NSSF

H-SMF Home SMF

HA High Availability

Home Agent

HAG Hybrid Access Gateway

Haswell Intel CPU micro-architecture introduced in 2013

that uses 22-nm process

HDD Hard Disk Drive

HDLC High Level Data Link Control

HEEU Header Enrichment of Uplink traffic

HEX Heat Exchange

HLR Home Location Register

HOT HEAT Orchestration Template

HPLMN (or H-PLMN) Home Public Land Mobile Network

HQoS (or H-QoS) Hierarchical Quality of Service

HR Home-Routed

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 99

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

HRPD High Rate Packet Data

HSGW HRPD SGW

HSS Home Subscriber Server

A master database for a user, which is used for

keeping a list of features and services associated
with the user, and for tracking the location and the
means of access for its users

HTML HyperText Markup Language

Subset of SGML used on the Web

HTTP HyperText Transfer Protocol

Protocol using TCP/IP that enables the transfer of

HTML files

HTTPs secure HTTP

HTTP that supports sending of individual

messages securely over the Web

Huge Pages A large block (2 MB or 1 GB) of physically

contiguous virtual memory that has a mapping (in
the page table) to physical memory

HVAC Heating Ventilation and Air Conditioning

HW Hardware

Hyper- threading Intel technology that presents one physical CPU

core as two logical processors to the OS

Hypervisor Software that runs on a host machine, creates and

manages VMs, and provides the guest OS in each
VM with an abstraction of the physical machine

IA Identity Association

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 100

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

IBCF Interconnecting Border Control Function

IBCP In-band Control Plane

IBN Isolated Bonding Network

ICC Incoming Call Control

ICE Information and Content Exchange

Intercepting Control Element

ICMP Internet Control Message Protocol

ICR Inter-Chassis Redundancy

IDi IDentification initiator

IDr IDentification responder

IE Information Element

IEC Immediate Event Charging

IES Industrial Ethernet Switch

IETF Internet Engineering Task Force

IHOSS Internet-Hosted Octet Stream Service

IKEv2 Internet Key Exchange v2

iLOM integrated Lights-out Management

IMEI International Mobile Equipment Identity

Identity with which the mobile station can be

uniquely identified as a piece or assembly of
equipment

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 101

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

IMS Information Management System

Intelligent Maintenance System

IP Multimedia core network Subsystem

IP Multimedia Subsystem

IMS-AGW IMS Access Gateway

IMSI International Mobile Subscriber Identity

Unique subscription identifier that consists of the

NMSI and MCC

IoT Internet of Things

I/O Input/Output

IOPS Input/Output Operations per Second

IP Internet Protocol

IP-CAN IP-Connectivity AN

IPCP IP Control Protocol

IPID Interception Point ID

IPMI Intelligent Platform Management Interface

IPSec Internet Protocol Security

IPv4 Internet Protocol version 4

IPv6 Internet Protocol version 6

IPv6CP IPv6 Control Protocol

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 102

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

IPv6 PD IPv6 Prefix Delegation

IPX Internetwork Packet Exchange

IRI Intercept Related Information

ISDN Integrated Services Digital Network

ISSU In-Service Software Upgrade

I-UPF Intermediate UPF

IWF Internet Watch Foundation

JSON JavaScript Object Notation

Lightweight data-interchange format that humans
can read and write, and machines can parse and
generate

JWT JSON Web Token

KCI Key Capacity Indicator

KPI Key Performance Indicator

KVM Kernel-based VM

Linux kernel module that allows a user-space

program, such as QEMU, to access the hardware
virtualization features of the CPU

L2TP Layer Two Tunneling Protocol

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 103

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

LA Location Area

In the TETRA system, a geographical area

consisting of one or more cells permanently
defined for all radio users

LAC L2TP Access Concentrator

Location Area Code

LADN Local Area Data Network

A DN that is accessible by the UE only in specific

locations, that provides connectivity to a specific
DNN, and for which availability is provided to the
UE

LAG Link Aggregation Group

LAI Location Area Identity

LAN Local Area Network

LAPB Link Access Protocol Balance

LB mode Load Balancing mode

The CMG supports processing of user traffic

received on an MG-VM through the LB-VM. In LB
mode, the CMG uses a common IP address for all
GTP-U sessions anchored across multiple MG-
VMs present in the CMG instance. The CMG uses
GTP-C signaling to set up an individual GTP tunnel
per PDN session across multiple MG-VMs with the
use of a single IP address. Multiple LB-VMs can be
configured per CMG instance for a scalable system.

LBI Linked EPS Bearer ID (or Linked Bearer Identity)

LB-less mode Load-Balancing-less mode

The CMG supports the LB-less mode, in which the

MG-VM processes GTP-U traffic without an LB-VM

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 104

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

present in the system. The CMG in LB-less mode

uses the GTP-U redirection method to distribute
sessions on the MG-VM. Each MG-VM is configured
with one or more GTP-U interfaces (that is, I/O
ports with IP addresses). GTP-C signaling is used
to anchor the GTP-U traffic on a single MG-VM, to
support sending and receiving of user plane traffic
directly on the MG-VM.

LBO Local Break Out

Roaming scenario for a PDU session where the PDU

session anchor and its controlling SMF are located
in the serving PLMN (V-PLMN)

LB-VM Load Balancer VM

LCI Load Control Indicator

Load Control Information

LCM LifeCycle Management

LCP Link Control Protocol

LDRA Lightweight DHCPv6 Relay Agent

LEA Law Enforcement Agency

LED Light Emitting Diode

LEMF Law Enforcement Monitoring Facility

LI Lawful Interception

Libvirt Open-source Linux package that provides a

common set of APIs for creating and managing the
VMs on one host, independently of the hypervisor,
and uses XML files to define the properties of VM
instances, networks, and other devices

LICF Lawful Interception Control Function

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 105

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

LIG Lawful Interception Gateway

LIID Lawful Interception Identifier

Linux Bridge Software implementation of a bridge that forwards

Ethernet frames based on destination MAC
address and is supported by various Linux OSs

LIPF Lawful Interception Provisioning Function

LLA Link Local Address

LLC Logical Link Control

LMA Local Mobility Anchor

LMF Location Management Function

LMISF LI Mirror IMS State Function

LNS L2TP Network Server

LRO Large Receive Offload

LTE Long Term Evolution

LTMT Lightweight Real-time Monitoring and

Troubleshooting

MAC Media Access Control

MAPCON Multi Access PDN Connectivity

MBR Maximum Bit Rate

Modify Bearer Request

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 106

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

Modify Bearer Response

MCC Mobile Country Code

MCP MP Concentrator Point

MCS Multi-Chassis Synchronization

MDBV Maximum Data Burst Volume

MDF Mediation and Delivery Function

ME Mobile Equipment

MEC Multi-Access Edge Computing

MEI ME Identity

MERV Minimum Efficiency Reporting Value

MF Matched Filter

MFBR Maximum Flow Bit Rate

MG Mobile Gateway

MGCF Media Gateway Control Function

MG-VM Mobile Gateway VM

See MSCP

MIPv4 Mobile IPv4

MM Mobility Management Functional entity of the

mobile communication system by means of which
the movement of mobile stations and their users
are managed

MME Mobility Management Entity

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 107

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

mMTC massive Machine-Type Communications

MNC Mobile Network Code

MNO Mobile Network Operator

MNOP Measurement of Number of Packets

MO Mobile Originated

MODP Modular Exponential

MongoDB An open-source DBMS that uses a document-

oriented database model, which supports various
forms of data

MP Multi-Path

MPS Multimedia Priority Service

MP-TCP Multi-Path Transmission Control Protocol

MR Mobile Router

MRU Maximum Receive Unit

MS Mobile Station

MSAN Multi-Service Access Node

MSC Main Service Channel

MSCC Multiple Services Credit Control

MSCP Mobile Subscriber Control Plane

The MG-VM in CMG

MS-ISA Multi-Service Integrated Service Adapter

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 108

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

MSISDN Mobile Subscriber ISDN Number

ISDN number that uniquely defines the mobile

subscriber at international level

MSM Mobility Service Module

MSS Maximum Segment Size

MT Mobile Terminated

MTU Maximum Transmit Unit

N3IWK Non-3GPP Interworking Function

NA Neighbor Advertisement

Non-temporary Address

NAPT Network Address Port Translation

NAS Non-Access Stratum

A set of protocols in the EPS, used to convey non-

radio signaling between the UE and the MME for an
LTE/E-UTRAN access

NASC Nokia Analytics Sidecar Container

NAT Network Address Translation

NB-IoT NarrowBand-Internet of Things

NBNS NetBIOS Name Service

NBR Neighbor

NCP Network Control Protocol

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 109

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

NCS Nokia Container Services

A platform providing CaaS functionality for the on-

premises deployment of containerized applications
in cloud environments

ND Neighbor Discovery

NEF Network Exposure Function

NEMO Network Mobility

NEMOv4 Network Mobility for Mobile IPv4

netloc network locality

Network Instance Information identifying a domain

Used by the UPF for traffic detection and routing

Network Slice A logical network that provides specific network

capabilities and network characteristics

Network Slice Instance ID An identifier for an NSI

Next Generation RAN A RAN that supports one or more of the following
options with the common characteristic that it
connects to 5GC:

• Standalone NR

• NR is the anchor with E-UTRA extensions

• Standalone E-UTRA

• E-UTRA is the anchor with NR extensions

NF Network Function

A 3GPP-adopted or 3GPP-defined processing

function in a network, which has defined functional
behavior and 3GPP-defined interfaces

NF instance An identifiable instance of the NF

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 110

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

NF service A functionality exposed by an NF through an SBI

and consumed by other authorized NFs

NF service instance An identifiable instance of the NF service

NF service operation An elementary unit that an NF service is composed

of

NFID Network Function ID

NFM-P NSP Network Functions Manager for Packet

NFM-P is the NSP module for IP/MPLS

management, formerly known as the Nokia 5620
Service Aware Manager

NFV Network Function Virtualization

Network architecture concept that proposes the

use of IT virtualization-related technologies to
virtualize entire classes of network node functions
into building blocks that may be connected, or
chained, to create communication services

NFVI Network Function Virtualization Infrastructure

NFVO Network Function Virtualization Orchestrator

NG-RAN Next-Generation RAN

NI Network Indicator/Identity

NIC Network Interface Card

NMS Network Management System

NMSI National Mobile Subscriber Identity

Non-GBR QoS Flow A QoS flow using the non-GBR resource type and
not requiring guaranteed flow bit rate

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 111

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

Nova An OpenStack compute project

NPLI Network Provided Location Information

NR New Radio

NR-DC NR with Dual Connectivity

NRD Network Resource Discovery

NRF Network Repository Function

NS Neighbor Solicitation

Network Slice

NSAPI Network Service Access Point Identifier

NSH Network Service Header

NSI Network Slice Instance

A set of NF instances and the required resources (

for example, computing, storage, and networking
resources) that form a deployed NS

NSP Network Services Platform

NSSAI NS Selection Assistance Information

NSSF NS Selection Function

NSSP NS Selection Policy

NSWO Non-Seamless WiFi Offload

NTP Network Transfer Protocol

NUMA Non-Uniform Memory Access

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 112

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

An optimization for multi-CPU systems where each

processor has its own memory

NWDAF Network Data Analytics Function

OAM Operations, Administration and Maintenance

OAM-VM Operations, Administration and Maintenance VM

OCF Online Charging Function

OCI Overload Control Indicator

Overload Control Information

OCP Open Compute Project

OpenShift Container Platform

OCS Online Charging System

OCSP Online Certificate Status Protocol

ODSA On Demand Subnet Allocation

OFCS Offline Charging System

OI Operator Identifier/Interface/Integration

OLIA Opportunistic Linked Increases Algorithm

OLR Overload Report

OOC Out of Credit

OpenStack An open-source cloud orchestration platform (VIM)

managed by the non-profit OpenStack foundation
that includes various components such as Nova
(compute), Neutron (networking), Glance (image

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 113

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

service), Cinder (block storage), and Dashboard (

GUI)

OPEX Operating Expenditure

OS Operating System

OSP Octet Stream Protocol

OTT Over-The-Top

OVA Open Virtual Appliance (or Open Virtual

Application)

A tar archive of an OVF package

OVF Open Virtualization Format

A DMTF standard format for packaging software to

be run in VMs

An OVF package contains an XML-based OVF

descriptor file (.ovf), one or more disk images,
and other auxiliary files. The OVF descriptor file
specifies HW requirements and lists references to
other files in the OVF package.

OVS Open Virtual Switch

Open-source software implementation of a multi-

layer switch that supports standard bridging
protocols, monitoring protocols (sFlow, Netflow),
and programmatic extensions (Openflow, OVSDB)

The main OVS components are userspace daemon

(ovs-vswitchd), database daemon (ovsdb- server),
and kernel module

P2P Peer to Peer

PaaS Platform as a Service

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 114

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

The ability to deploy on the cloud infrastructure

consumer-created or acquired applications created
using programming languages, libraries, services,
and tools supported by the provider

There is no management or control of the

underlying cloud infrastructure, including network,
servers, operating systems, or storage, but there
is control over the deployed applications and
possibly configuration settings for the application-
hosting environment

PAD Packet Assembler/Disassembler

PADI PPPoE Active Discovery Initiation

PADO PPPoE Active Discovery Offer

PADT PPPoE Active Discovery Terminate

PAP Password Authentication Protocol

PCAP Packet Capture

PCC Policy and Charging Control

PCEF Policy and Charging Enforcement Function

PCF Policy Control Function

PCI Physical Cell Identity

Pre-emption Capability Indicator

PCMD Per-Call Measurement Data

Detailed data of major events associated with the

processing of each connection within a session

Typically collected via count mechanisms in the

session or the connection management software
and forwarded to static storage on the network
node

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 115

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

PCMD is forwarded to a northbound interface,

which collects, stores, and analyzes the PCMD data

PCO Protocol Configuration Options

pCPU physical Central Processing Unit

PCRF Policy and Charging Rules Function

P-CSCF Proxy Call Session Control Function

PD Prefix Delegation

PDB Packet Delay Budget

PDCP Packet Data Convergence Protocol

PDI Packet Detection Information

PDIU PDI optimized signaling

PDN Packet Data Network

General, circuit-switched data transmission

network

PDP Packet Data Protocol

PDR Packet Detection Rule

PDSN Packet Data Serving Node

PDU Protocol Data Unit

A logical connection between the UE and the data

network

PDU Connectivity Service A service that provides exchange of PDUs between

a UE and a data network

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 116

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

PDU Session Type The type of PDU session, which can be IPv4, IPv6,
IPv4v6, Ethernet, or unstructured

PEI Permanent Equipment Identifier

PEM Privacy Enhanced Mail

Internet e-mail transfer service that provides

confidentiality, authentication, and message
integrity using various encryption methods

PER Packet Error Rate

PF Physical Function

PFCP Packet Forwarding Control Protocol

PFD Packet Flow Description

PFDF Packet Flow Description Function

PGW Packet Data Gateway

PGW-C Packet Data Gateway Control plane

PGW-U Packet Data Gateway User plane

PLAT Provider-side translator

PLMN Public Land Mobile Network

PM Performance Management

PMD Poll Mode Driver

Consists of APIs to configure devices and their

respective queues

PMIP Proxy Mobile IP

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 117

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

PNF Physical Network Function

Physical server cluster that is responsible for one

functionality in the telecommunication network

PNG Portable Network Graphics

pNIC physical NIC

POI Point of Interception

PPI Paging Policy Indicator

PPP Point-to-Point Protocol

PPPoE Point-to-Point Protocol over Ethernet

PRA Presence Reporting Area

PRB Physical Resource Book

PRCT Partial Record Closure Trigger

PRU Policy Rule Unit

PSA PDU Session Anchor

PSM Power Saving Mode

PSP Pod Security Policy

PSTN Public Switched Telephone Network

PSU Power Supply Unit

PTMP Point to Multipoint

P-TMSI Packet Temporary Mobile Subscriber Identity

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 118

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

PTP Point to Point

PTT Push-To-Talk

PV Persistent Volume

PVC Permanent Virtual Circuit

Persistent Volume Claim

PVI Pre-emption Vulnerability Indicator

QBC QoS flow Based Charging

QCI QoS Class Identifier

QCOW2 QEMU Copy On Write

File format for disk image files used by QEMU,

a hosted VM monitor Uses a disk storage
optimization strategy that delays allocation of
storage until it is actually required

Files in QCOW format can contain a variety of disk

images that are generally associated with specific
guest operating systems

Supports multiple snapshots through a flexible

model for storing snapshots

QCT Quota Consumption Time

QEMU Quick Emulator

Open-source hypervisor typically used with KVM

that emulates a broad range of devices including
CPUs, disks, PCIe chipsets, USB devices, and serial
ports

QER QoS Enforcement Rule

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 119

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

QFI QoS Flow Identifier

QHT Quota Holding Time

QNC QoS Notification Control

QoS Quality of Service

QRU QoS Rule Unit

QSFP Quad Small Form-factor Pluggable

RA Router Advertisement

RAA Reauthorization Answer

RAB Release Access Bearer

RAC Routing Area Code

RADIUS Remote Authentication Dial In User Service

RAI Routing Area Identity

RAN Radio Access Network

Third-generation network that provides mobile

access to a number of core networks of both
mobile and fixed origin

RAR Reauthorization Request

RAT Radio Access Technology

Access technology that is used to connect

different terminals and applications to
telecommunication networks by using radio
frequency signals

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 120

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

RBAC Role-Based Access Control

RDNSS Recursive DNS Server

Requested NSSAI NSSAI provided by the UE to the serving PLMN

during registration

REST Representational State Transfer

Rf Radio frequency (interface)

RF Rating Function

RFC Request For Comments

RG Rating Group

Residential Gateway

RHEL Red Hat Enterprise Linux

RLF Rate Limiting Function

RNC Radio Network Controller

ROC Reallocation of Credit

RPC Remote Procedure Call

In client-server computing, a procedure call that

is built or specified by the client and executed
remotely on the server, with the result returned
over the network to the client

RQA Reflective QoS Attribute

RQI Reflective QoS Indication

RS Router Solicitation

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 121

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

RSS Receive Side Scaling

A feature supported by NICs to classify incoming

packets into different receive queues based on 5-
tuple flow

Each queue has its own interrupt handled by its

own core, which may improve receive throughput

RSU Requested Service Units

RT0 Retransmission Timeout

RTT Round Trip Time

RU Rack Unit

RWIN Receiver Window size

Rx Receive

S8HR S8 Home Routing

SACK Selective ACK

SAE System Architecture Evolution

SaMOG S2a Mobility Over GTP

SAP Service Access Point

SBA Service-Based Architecture

SBI Service-Based Interface

SCCG Single Card Combination Gateway

SCi State Control interface

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 122

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

An extension of the PFCP protocol for the BNG

CUPS solution

SCI Service Class Indicator

SCP Secure Copy Protocol

Secure file transfer method provided by the SSH

Service Communication Proxy

S-CSCF Serving Call Session Control Function

SCTP Stream Control Transmission Protocol

SCUR Session Charging with Unit Reservation

SD Service Data

SDA Session Discovery Answer

SDC Service Data Container

SDF Service Data Flows

SDF Filter A set of packet flow header parameter values and

ranges used to identify one or more packet (IP or
Ethernet) flows that constitute an SDF

SDF Template A set of SDF filters in a policy rule, or an

application identifier in a policy rule, referring to an
application detection filter, required for defining an
SDF

SEAF Security Anchor Functionality

secAgg secondary Aggregated Data (drill down)

SEID Service Endpoint Identifier

SEPP Security Edge Protection Proxy

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 123

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

Service Continuity The uninterrupted user experience of a service,

including the cases where the IP address and/ or
anchoring point change

Session Continuity The continuity of a PDU session

For a PDU session of IPv4, IPv6, or IPv4v6 type,

session continuity implies that the IP address is
preserved for the lifetime of the PDU session

SFC Service Function Chaining

SFF Service Forwarding Function

SFP Small Form-factor Pluggable (transceiver)

SFTP SSH File Transfer Protocol (or Secure File Transfer

Protocol)

A network protocol, modification of the FTP, that

encrypts the password exchange and file transfer

SGML Standard Generalized Markup Language

Language for document representation that

formalizes markup and frees it of system and
processing dependencies

SGSN Serving GPRS Support Node

SGW Serving Gateway

SGW-C Serving Gateway Control plane

SGW-U Serving Gateway User plane

SID Service Identifier

SIP Session Initiation Protocol

SLAAC StateLess Address AutoConfiguration

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 124

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

SM Session Management

Layer in the GPRS radio interface that supports

the procedures required for session management
procedures between the MS and the SGSN

SMBIOS System Management BIOS

Data structures and access methods for storing

and reading BIOS information

SMF Session Management Function

SMP Symmetric Multi-Processing

SMS Short Message Service

SMSF Short Message Service Function

SNDCP SubNetwork Dependent Convergence Protocol

SNMP Simple Network Management Protocol

S-NAPT Source Network Address and Port Translation

S-NSSAI Single Network Slice Selection Assistance

Information

SNI Server Name Indication

SPF Static Port Forwards

SPI Security Parameter Index

SR Service Router

SR-IOV Single Root I/O Virtualization

A PCI-SIG standard that allows a PCIe device to

appear as multiple separate PCIe devices, allowing

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 125

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

multiple VM vNIC interfaces to share the same

physical NIC port for communications

SRU Static Rule Unit

SSC Session and Service Continuity

SSD Solid State Drive

SSG Subscriber Services Gateway

Serving Steering Gateway

SSH Secure Shell

Protocol to log in to another computer over

a network, to execute commands in a remote
machine, and to move files from one machine to
another

SSID Service Set Identification

SST Slice/Service Type

STP Shielded Twisted Pair

STUN Session Traversal Utilities for NAT

Subscribed S- NSSAI S-NSSAI based on subscriber information, which a

UE is subscribed to use in a PLMN

SUPI Subscription Permanent Identifier

S-VLAN Service VLAN

The VLAN tag that the service provider uses to

differentiate customers

TA Tracking Area

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 126

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

TAC Tracking Area Code

TAD Traffic Aggregate Description

TAI Technical Analysis Indicator

Tracking Area Identity

TAU Tracking Area Update

TC Traffic Class

TCP Transmission Control Protocol

TCPdump A program that captures and copies TCP/IP packets

and displays the contents of the packets

TCP/IP Transmission Control Protocol/Internet Protocol

A basic communication protocol used to transmit

data over networks, on the Internet, and on private
networks

TCPO TCP Optimization

TDF Traffic Detection Function

TDM Time Division Multiplexing

TDV Traffic Data Volume

TE Terminal Equipment

TEC Thermal Electric Cooling

TEID Tunnel Endpoint Identifier

TETRA TErrestrial Trunked RAdio

TF Triggering Function

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 127

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

TFT Traffic Flow Template

TFTP Trivial File Transfer Protocol

TLS Transport Layer Security

ToS Type of Service

Function between the IP layer and the upper layers

to communicate on how tradeoffs in the IP layer
must be made for a particular packet

TPKT Transport Packet

TPS Transactions Per Second

TrGW Transit Gateway

TRU Trigger Rule Unit

TS file Technical Support file

Generated using the admin tech-support

command

TSA TDF Session Answer

TSO TCP Segmentation Offload

TSR TDF Session Request

TTC Tariff Time Change

TTL Time To Live

TWAG Trusted WLAN Access Gateway

TWAN Trusted WLAN A

TWAP Trusted WLAN AAA Proxy

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 128

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

Tx Transmit

UBR Update Bearer Request

UCI User CSG Information

UDM Unified Data Management

UDM Group ID One or more UDM instances managing a specific

set of SUPIs

UDP User Datagram Protocol

UDR Unified Data Repository

UDR Group ID One or more UDR instances managing a specific

set of SUPIs

UDSF Unstructured Data Storage Function

UDSS Unified Data Storage Server

UE User Equipment

UICC Universal Integrated Circuit Card

UL Uplink

UL CL Uplink Classifier

UPF functionality that aims at diverting UL traffic,

based on filter rules provided by the SMF, toward
the data network

ULI User Location Information

ULIC UMTS LI Correlation

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 129

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

UMTS Universal Mobile Telecommunications System

UP User Plane

UPF User Plane Function (5G, BNG CUPS)

UPF Service Area The area within which a PDU session associated
with the UPF can be served by (R)AN nodes via
an N3 interface between the (R)AN and the UPF,
without requiring to add a new UPF in between, or
to remove or re-allocate the UPF

UPnP Universal Plug and Play

URI Uniform Resource Identifier

URR Usage Reporting Rule

URSP UE Route Selection Policy

USU Used Service Units

UTC Universal Coordinated Time

UTRAN UMTS Terrestrial RAN

A RAN that consists of RNCs and BTSs and that is

located between the Iu interface and the WCDMA
radio interface

UUC Used Units Container

UUID Universally Unique Identifier

UWAN Untrusted Wireless Access Network

V-CHF Visited CHF

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 130

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

V-NRF Visited NRF

V-NSSF Visited NSSF

V-PLMN Visited PLMN

V-SMF Visited SMF

vCD vCloud Director

vCPU virtual Central Processing Unit

vDS vNetwork Distributed Switch

VDU Virtual Deployment Unit

VF Virtual Function

vFP virtual Fast Path

vHW virtual Hardware

VIM Virtual Infrastructure Manager

A MANO component responsible for managing the

NFV infrastructure including compute, storage, and
network resources

OpenStack and CloudStack are typical VIMs

VIO VMware-Integrated Openstack

VIP Virtual IP

VirtIO A paravirtualized I/O framework where buffers are

transferred between the guest-side VirtIO driver
and the host-side VirtIO driver

VLAN Virtual Local Area Network

A group of devices on one or more local area

networks that communicate as if they were

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 131

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

attached to the same wire, although they are

located on a number of different local area
network segments

VM Virtual Machine
A MANO component responsible for managing the
NFV infrastructure including compute, storage, and
network resources

OpenStack and CloudStack are typical VIMs

VMDK Virtual Machine Disk

The virtual disk image format used by VMware VMs

VMG Virtualized Mobile Gateway

VMware vSphere A virtualization product suite sold by VMware that

includes the ESXi hypervisor, the vCenter server,
the vSphere Web client, and advanced feature add-
ons; for example, vMotion, High Availability, Fault
Tolerance, Distributed Switch, and Distributed
Resource Scheduler

VNF Virtualized Network Function Implementation of a

network function that can be deployed on an NFVI

VNFC Virtual Network Function Component

VNFD Virtualized Network Function Descriptor

VNFM Virtualized Network Function Manager

The MANO component responsible for lifecycle

management of VNF instances that coordinates
with EMS/NMS, a role provided by Cloudband CBAM
for VSR instances

vNIC Virtual Network Interface Card

VoLTE Voice over LTE

VoWiFi Voice over WiFi

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 132

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

VPC Virtual Private Clouds

VPLS Virtual Private LAN Service

A service used to connect LANs over the Internet,

so that the resulting virtual private network
appears to the users as a single Ethernet

VPRN Virtual Private Routed Network

VQT Volume Quota Threshold

VRRP Virtual Router Redundancy Protocol

VSA Vendor Specific Attribute

A RADIUS attribute that is specific to a vendor

VSR Virtualized Service Router

VTEP Virtual Tunnel End-Point

VxLAN Virtual eXtensible LAN

A method of encapsulating Ethernet frames inside

IP/UDP packets to create a tenant-specific overlay
network within a data center

WCDMA Wideband Code Division Multiple Access

WLAN Wireless LAN

WLC Wireless LAN Controller

WPP Web Portal Protocol

WT Worker Task

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 133

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix A: Acronyms and terms

Table 17: Acronym definitions and term expansions (continued)

XCM XMA Control Module

XDP eXpress Data Path

XMA XRS Media Adapter

XRS Extensible Routing System

ZLB Zero-Length Body

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 134

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix B: Supported NICs for SR-IOV connectivity

Appendix B: Supported NICs for SR-IOV connectivity

Deploying SR-IOV requires driver support at both the VM host and guest. The VM host driver might impose
restrictions that prevent SR-IOV connectivity for the CMG CNF.

Table 18: Support NICs for CMG CNF SR-IOV

Supported controllers Supported speed (Gb/s) Support status in CMG Minimum tested host
CNF release version

Intel 82599 10 GA in Release 22.5.R1 Driver: ixgbe

Version: 5.1.0-k-rh7.5

Firmware version:
0x61c10001

Intel X710 40 GA in Release 22.5.R1 Driver: i40e

Version: 2.1.14-k

Firmware version: 6.01

0x800034a4 1.1747.0

Mellanox Connect-X5 25/100 GA in Release 22.5.R1 Driver: mlx5_core

Version: 5.0-0

Firmware version: 16.

24.1000

Mellanox Connect X6 100 GA in Release 22.5.R1 Driver: mlx5_core

Version: 5.0-0

Firmware version: 20.

28.4000

Mellanox Connect X6 DX 100 GA in Release 22.5.R1 Driver: mlx5_core

Version: 5.0-0

Firmware version: 22.

28.1002

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 135

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix B: Supported NICs for SR-IOV connectivity

Note:

• CMG CNF qualification for the listed controllers for SR-IOV is performed using RHEL/CentOS
as the host OS and with the corresponding inbox SR-IOV drivers.

• All Mellanox NICs of the same family (NICs that share the same vendor and device ID) are
expected to use the same software and firmware drivers, providing SR-IOV compatibility and
support for CMG CNF deployments.

• CMG CNF does not restrict the firmware and, or software version of a supported NIC. The
minimum versions are listed to avoid using old firmware and software drivers, but newer
versions are expected to work, unless stated otherwise in the guide or release notes.

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 136

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.
CMG CLOUD NATIVE FUNCTION INSTALLATION GUIDE Appendix C: References

Appendix C: References
1. Calico: https://www.projectcalico.org

2. Ceph: https://ceph.io

3. etcd: https://etcd.io

4. Grafana: https://grafana.com

5. Helm: https://helm.sh

6. Istio: https://opensource.google.com/projects/istio

7. Kubernetes: https://kubernetes.io

8. NGINX: https://www.nginx.com

9. MariaDB: https://www.mariadb.org

10. Prometheus: https://prometheus.io

11. Prometheus Operator: https://github.com/coreos/prometheus-operator

CLOUD MOBILE GATEWAY 3HE 18240 AAAD TQZZA 01 137

Release 22.8.R1 ©2022 Nokia. Nokia Confidential Information
Use subject to agreed restrictions
on disclosure and use.