Quickstart: Deploy Azure Operator 5G Core Preview

Azure Operator 5G Core Preview is deployed using the Azure Operator 5G Core Resource Provider (RP), which uses Bicep scripts bundled along with empty parameter files for each Mobile Packet Core resource.

Note

The clusterservices resource must be created before any of the other services which can follow in any order. However, should you require observability services, then the observabilityservices resource should follow the clusterservices resource.

  • Microsoft.MobilePacketCore/clusterServices - per cluster PaaS services
  • Microsoft.MobilePacketCore/observabilityServices - per cluster observability PaaS services (elastic/elastalert/kargo/kafka/etc)
  • Microsoft.MobilePacketCore/amfDeployments - AMF/MME network function
  • Microsoft.MobilePacketCore/smfDeployments - SMF network function
  • Microsoft.MobilePacketCore/nrfDeployments - NRF network function
  • Microsoft.MobilePacketCore/nssfDeployments - NSSF network function
  • Microsoft.MobilePacketCore/upfDeployments - UPF network function

Prerequisites

Before you can successfully deploy Azure Operator 5G Core, you must:

  • Register and verify the resource providers for the HybridNetwork and MobilePacketCore namespaces.
  • Grant "Mobile Packet Core" service principal Contributor access at the subscription level (note this is a temporary requirement until the step is embedded as part of the RP registration).
  • Ensure that the network, subnet, and IP plans are ready for the resource parameter files.

Complete the steps found in Prerequisites to deploy Azure Operator 5G Core Preview on Nexus Azure Kubernetes Service

Post cluster creation

After you complete the prerequisite steps and create a cluster, you must enable resources used to deploy Azure Operator 5G Core. The Azure Operator 5G Core resource provider manages the remote cluster through line-of-sight communications via Azure ARC. Azure Operator 5G Core workload is deployed through helm operator services provided by the Network Function Manager (NFM). To enable these services, the cluster must be ARC enabled, the NFM Kubernetes extension must be installed, and an Azure custom location must be created. The following Azure CLI commands describe how to enable these services. Run the commands from any command prompt displayed when you sign in using the az login command.

ARC-enable the cluster

ARC is used to enable communication from the Azure Operator 5G Core resource provider to Kubernetes. You must have access to the cluster's kubeconfig file, or to Kubernetes API server to run the connectedK8s command. Refer to Use Azure role-based access control to define access to the Kubernetes configuration file in Azure Kubernetes Service (AKS) for information.

ARC-enable the cluster for Azure Kubernetes Services

Use the following Azure CLI command:

$ az connectedk8s connect --name <ARC NAME> --resource-group <RESOURCE GROUP> --custom-locations-oid <LOCATION> --kube-config <KUBECONFIG FILE>

ARC-enable the cluster for Nexus Azure Kubernetes Services

Retrieve the Nexus AKS connected cluster ID with the following command. You need this cluster ID to create the custom location.

$ az connectedk8s show -n <NAKS-CLUSTER-NAME> -g <NAKS-RESOURCE-GRUP>  --query id -o tsv

Install the Network Function Manager Kubernetes extension

Execute the following Azure CLI command to install the Network Function Manager (NFM) Kubernetes extension:

$ az k8s-extension create
--name networkfunction-operator \
--cluster-name <YourArcClusterName> \ 
--resource-group <YourResourceGroupName> \
--cluster-type connectedClusters \
--extension-type Microsoft.Azure.HybridNetwork \
--auto-upgrade-minor-version true \
--scope cluster \
--release-namespace azurehybridnetwork \
--release-train preview \
--config Microsoft.CustomLocation.ServiceAccount=azurehybridnetwork-networkfunction-operator

Replace YourArcClusterName with the name of your Azure/Nexus Arc enabled Kubernetes cluster and YourResourceGroupName with the name of your resource group.

Create an Azure custom location

Enter the following Azure CLI command to create an Azure custom location:

$ az customlocation create \
  -g <YourResourceGroupName> \
  -n <YourCustomLocationName> \
  -l <YourAzureRegion> \ 
  --namespace azurehybridnetwork 
  --host-resource-id
/subscriptions/<YourSubscriptionId>/resourceGroups/<YourResourceGroupName>/providers/Microsoft.Kubernetes/connectedClusters/<YourArcClusterName> --cluster-extension-ids /subscriptions/<YourSubscriptionId>/resourceGroups/<YourResourceGroupName>/providers/Microsoft.Kubernetes/connectedClusters/<YourArcClusterName>/providers/Microsoft.KubernetesConfiguration/extensions/networkfunction-operator

Replace YourResourceGroupName, YourCustomLocationName, YourAzureRegion, YourSubscriptionId, and YourArcClusterName with your actual resource group name, custom location name, Azure region, subscription ID, and Azure Arc enabled Kubernetes cluster name respectively.

Note

The --cluster-extension-ids option is used to provide the IDs of the cluster extensions that should be associated with the custom location.

Deploy Azure Operator 5G Core via Bicep scripts

Deployment of Azure Operator 5G Core consists of multiple resources including (clusterServices, amfDeployments, smfDeployments, upfDeployments, nrfDeployments, nssfDeployments, and observabilityServices). Each resource is deployed by an individual Bicep script and corresponding parameters file. Contact your Microsoft account contact to get access to the required Azure Operator 5G Core files.

Note

The required files are shared as a zip file.

Unpacking the zip file provides a bicep script for each Azure Operator 5G Core resource and corresponding parameter file. Note the file location of the unpacked file. The next sections describe the parameters you need to set for each resource and how to deploy via Azure CLI commands.

Populate the parameter files

Mobile Packet Core resources are deployed via Bicep scripts that take parameters as input. The following tables describe the parameters to be supplied for each resource type.

Cluster Services parameters

CLUSTERSERVICES  Description   Platform 
admin-password The admin password for all PaaS UIs. This password must be the same across all charts.  all 
alert-host The alert host IP address  Azure only 
alertmgr-lb-ip The IP address of the Prometheus Alert manager load balancer  all 
customLocationId The customer location ID path   all 
db-etcd-lb-ip The IP address of the ETCD server load balancer IP  all 
elastic-password The Elasticsearch server admin password  all 
elasticsearch-host  The Elasticsearch host IP address  all 
fluentd-targets-host  The Fluentd target host IP address   all 
grafana-lb-ip The IP address of the Grafana load balancer.  all 
grafana-url The Grafana UI URL -< https://IP:xxxx> -  customer defined port number  all 
istio-proxy-include-ip-ranges  The allowed Ingress IP ranges for Istio proxy. - default is " * "    all 
jaeger-host  The Jaeger target host IP address   all 
kargo-lb-ip  The Kargo load balancer IP address   all 
multus-deployed  boolean on whether Multus is deployed or not.  Azure only 
nfs-filepath  The NFS (Network File System) file path where PaaS components store data - Nexus default "/filestore"  Azure only 
nfs-server The NFS (Network File System) server IP address   Azure only 
oam-lb-subnet  The subnet name for the OAM (Operations, Administration, and Maintenance) load balancer.   Azure only 
redis-cluster-lb-ip  The IP address of the Redis cluster load balancer  Nexus only 
redis-limit-cpu  The max CPU limit for each Redis server POD  all 
redis-limit-mem  The max memory limit for each Redis POD  all 
redis-primaries The number of Redis primary shard PODs  all 
redis-replicas  The number of Redis replica instances for each primary shard  all 
redis-request-cpu  The Min CPU request for each Redis POD  all 
redis-request-mem  The min memory request for each Redis POD   all 
thanos-lb-ip  The IP address of the Thanos load balancer.  all 
timer-lb-ip  The IP address of the Timer load balancer.  all 
tlscrt  The Transport Layer Security (TLS) certificate in plain text  used in cert manager  all 
tlskey  The TLS key in plain text, used in cert manager  all 
unique-name-suffix  The unique name suffix for all generated PaaS service logs  all 

 

AMF Deployments Parameters 

AMF Parameters  Description   Platform 
admin-password  The password for the admin user.    
aes256cfb128Key  The AES-256-CFB-128 encryption key is Customer generated  all 
amf-cfgmgr-lb-ip The IP address for the AMF Configuration Manager POD.  all 
amf-ingress-gw-lb-ip  The IP address for the AMF Ingress Gateway load balancer POD IP   all 
amf-ingress-gw-li-lb-ip  The IP address for the AMF Ingress Gateway Lawful intercept POD IP  all 
amf-mme-ppe-lb-ip1 \*  The IP address for the AMF/MME external load balancer (for SCTP associations)   all 
amf-mme-ppe-lb-ip2 The IP address for the AMF/MME external load balancer (for SCTP associations)  (second IP).   all 
elasticsearch-host The Elasticsearch host IP address  all 
external-gtpc-svc-ip The IP address for the external GTP-C IP service address for N26 interface  all 
fluentd-targets-host The Fluentd target host IP address  all 
gn-lb-subnet The subnet name for the GN-interface load balancer.  Azure only 
grafana-url The Grafana UI URL -< https://IP:xxxx> -  customer defined port number  all 
gtpc\_agent-n26-mme The IP address for the GTPC agent N26 interface to the cMME. AMF-MME  all 
gtpc\_agent-s10 The IP address for the GTPC agent S10 interface - MME to MME   all 
gtpc\_agent-s11-mme The IP address for the GTPC agent S11 interface to the cMME. - MME - SGW  all 
gtpc-agent-ext-svc-name The external service name for the GTP-C (GPRS Tunneling Protocol Control Plane) agent.  all 
gtpc-agent-ext-svc-type  The external service type for the GTPC agent.  all 
gtpc-agent-lb-ip The IP address for the GTPC agent load balancer.  all 
jaeger-host  The Jaeger target host IP address   all 
li-lb-subnet The subnet name for the LI load balancer.  all 
nfs-filepath The Network File System (NFS) file path where PaaS components store data  Azure only 
nfs-server The NFS server IP address   Azure only 
oam-lb-subnet The subnet name for the Operations, Administration, and Maintenance (OAM) load balancer.   Azure only 
sriov-subnet  The name of the SRIOV subnet   Azure only 
ulb-endpoint-ips1  Not required since we're using lb-ppe in Azure Operator 5G Core. Leave blank   all 
ulb-endpoint-ips2  Not required since we're using lb-ppe in Azure Operator 5G Core. Leave blank   all 
unique-name-suffix  The unique name suffix for all generated PaaS service logs  all 

 

SMF Deployment Parameters

SMF Parameters  Description   Platform 
aes256cfb128Key The AES-256-CFB-128 encryption key. Default value is an empty string.  all 
elasticsearch-host The Elasticsearch host IP address  all 
fluentd-targets-host The Fluentd target host IP address  all 
gn-lb-subnet The subnet name for the GN-interface load balancer.  Azure only 
grafana-url The Grafana UI URL -< https://IP:xxxx> - customer defined port number  all 
gtpc-agent-ext-svc-name The external service name for the GTPC agent.  all 
gtpc-agent-ext-svc-type  The external service type for the GTPC agent.  all 
gtpc-agent-lb-ip The IP address for the GTPC agent load balancer.  all 
inband-data-agent-lb-ip The IP address for the inband data agent load balancer.   all 
jaeger-host  The jaeger target host IP address  all 
lcdr-filepath The filepath for the local CDR charging  all 
li-lb-subnet  The subnet for the LI subnet.    Azure only 
max-instances-in-smfset The maximum number of instances in the SMF set - value is set to 3  all 
n4-lb-subnet  The subnet name for N4 load balancer service.   Azure only 
nfs-filepath The NFS (Network File System) file path where PaaS components store data  Azure only 
nfs-server The NFS (Network File System) server IP address   Azure only 
oam-lb-subnet  The subnet name for the OAM (Operations, Administration, and Maintenance) load balancer.   Azure only 
pfcp-c-loadbalancer-ip The IP address for the PFCP-C load balancer.  all 
pfcp-ext-svc-name The external service name for the PFCP.  all 
pfcp-ext-svc-type The external service type for the PFCP.  all 
pfcp-lb-ip The IP address for the PFCP load balancer.  all 
pod-lb-ppe-replicas The number of replicas for the POD LB PPE.  all 
radius-agent-lb-ip The IP address for the RADIUS agent IP load balancer.  all 
smf-cfgmgr-lb-ip  The IP address for the SMF Config manager load balancer.  all 
smf-ingress-gw-lb-ip The IP address for the SMF Ingress Gateway load balancer.  all 
smf-ingress-gw-li-lb-ip  The IP address for the SMF Ingress Gateway LI load balancer.  all 
smf-instance-id The unique set ID identifying SMF in the set.    
smfset-unique-set-id The unique SMF set ID SMF in the set.   all 
sriov-subnet The name of the SRIOV subnet   Azure only 
sshd-cipher-suite  The cipher suite for SSH (Secure Shell) connections.  all 
tls-cipher-suite The TLS cipher suite.  all 
unique-name-suffix The unique name suffix for all PaaS service logs  all 

UPF Deployment Parameters 

UPF parameters  Description   Platform 
admin-password  "admin"    
aes256cfb128Key The AES-256-CFB-128 encryption key. AES encryption key used by cfgmgr  all 
alert-host The alert host IP address  all 
elasticsearch-host The Elasticsearch host IP address  all 
fileserver-cephfs-enabled-true-false A boolean value indicating whether CephFS is enabled for the file server.    
fileserver-cfg-storage-class-name The storage class name for file server storage.  all 
fileserver-requests-storage The storage size for file server requests.  all 
fileserver-web-storage-class-name The storage class name for file server web storage.  all 
fluentd-targets-host The Fluentd target host IP address  all 
gn-lb-subnet The subnet name for the GN-interface load balancer.    
grafana-url The Grafana UI URL -< https://IP:xxxx> -  customer defined port number  all 
jaeger-host The jaeger target host IP address  all 
l3am-max-ppe The maximum number of Packet processing engines (PPE) that are supported in user plane   all 
l3am-spread-factor  The spread factor determines the number of PPE instances where sessions of a single PPE are backed up   all 
n4-lb-subnet The subnet name for N4 load balancer service.   Azure only 
nfs-filepath The NFS (Network File System) file path where PaaS components store data  Azure only 
nfs-server The NFS (Network File System) server IP address   Azure only 
oam-lb-subnet The subnet name for the OAM (Operations, Administration, and Maintenance) load balancer.   Azure only 
pfcp-ext-svc-name The name of the PFCP (Packet Forwarding Control Protocol) external service.  Azure only 
pfcp-u-external-fqdn The external fully qualified domain name for the PFCP-U.  all 
pfcp-u-lb-ip The IP address for the PFCP-U (Packet Forwarding Control Protocol - User Plane) load balancer.  all 
ppe-imagemanagement-requests-storage  The storage size for PPE (Packet Processing Engine) image management requests.  all 
ppe-imagemanagement-storage-class-name The storage class name for PPE image management.  all 
ppe-node-zone-resiliency-enabled A boolean value indicating whether PPE node zone resiliency is enabled.  all 
sriov-subnet-1 The subnet for SR-IOV (Single Root I/O Virtualization) interface 1.  Azure only 
sriov-subnet-2 The subnet for SR-IOV interface 2.  Azure only 
sshd-cipher-suite The cipher suite for SSH (Secure Shell) connections.  all 
tdef-enabled-true-false A boolean value indicating whether TDEF (Traffic Detection Function) is enabled. False is default  Nexus only 
tdef-sc-name TDEF storage class name   Nexus only 
tls-cipher-suite The cipher suite for TLS (Transport Layer Security) connections.  all 
tvs-enabled-true-false A boolean value indicating whether TVS (Traffic video shaping) is enabled. Default is false  Nexus only 
unique-name-suffix The unique name suffix for all PaaS service logs  all 
upf-cfgmgr-lb-ip The IP address for the UPF configuration manager load balancer.  all 
upf-ingress-gw-lb-fqdn The fully qualified domain name for the UPF ingress gateway LI.  all 
upf-ingress-gw-lb-ip The IP address for the User Plane Function (UPF) ingress gateway load balancer.  all 
upf-ingress-gw-li-fqdn The fully qualified domain name for the UPF ingress gateway load balancer.  all 
upf-ingress-gw-li-ip The IP address for the UPF ingress gateway LI (Local Interface).  all 

NRF Deployment Parameters

NRF Parameters  Description   Platform 
aes256cfb128Key   The AES-256-CFB-128 encryption key is Customer generated  All 
elasticsearch-host The Elasticsearch host IP address   All 
grafana-url  The Grafana UI URL -< https://IPaddress:xxxx> , customer defined port number  All 
jaeger-host The Jaeger target host IP address   All 
nfs-filepath  The NFS (Network File System) file path where PaaS components store data  Azure only 
nfs-server The NFS (Network File System) server IP address   Azure only 
nrf-cfgmgr-lb-ip The IP address for the NRF Configuration Manager POD.  All 
nrf-ingress-gw-lb-ip  The IP address of the load balancer for the NRF ingress gateway.  All 
oam-lb-subnet  The subnet name for the OAM (Operations, Administration, and Maintenance) load balancer.   Azure only 
unique-name-suffix  The unique name suffix for all generated PaaS service logs  All 

 

NSSF Deployment Parameters

NSSF Parameters  Description   Platform 
aes256cfb128Key   The AES-256-CFB-128 encryption key is Customer generated  all 
elasticsearch-host The Elasticsearch host IP address  all 
fluentd-targets-host The Fluentd target host IP address  all 
grafana-url The Grafana UI URL -< https://IP:xxxx> - customer defined port number  all 
jaeger-host  The Jaeger target host IP address   all 
nfs-filepath  The NFS (Network File System) file path where PaaS components store data  Azure only 
nfs-server The NFS (Network File System) server IP address   Azure only 
nssf-cfgmgr-lb-ip The IP address for the NSSF Configuration Manager POD.  all 
nssf-ingress-gw-lb-ip  The IP address for the NSSF Ingress Gateway load balancer IP  all 
oam-lb-subnet  The subnet name for the OAM (Operations, Administration, and Maintenance) load balancer.   Azure only 
unique-name-suffix  The unique name suffix for all generated PaaS service logs  all 

 

Observability Services Parameters 

OBSERVABILITY parameters  Description   Platform 
admin-password  The admin password for all PaaS UIs. This password must be the same across all charts.  all 
elastalert-lb-ip  The IP address of the Elastalert load balancer.  all 
elastic-lb-ip  The IP address of the Elastic load balancer.  all 
elasticsearch-host  The host IP of the Elasticsearch server IP  all 
elasticsearch-server  The Elasticsearch UI server IP address  all 
fluentd-targets-host  The host of the Fluentd server IP address  all 
grafana-url  The Grafana UI URL -< https://IP:xxxx> -  customer defined port number  all 
jaeger-lb-ip  The IP address of the Jaeger load balancer.  all 
kafka-lb-ip  The IP address of the Kafka load balancer  all 
keycloak-lb-ip  The IP address of the Keycloak load balancer  all 
kibana-lb-ip The IP address of the Kibana load balancer  all 
kube-prom-lb-ip The IP address of the Kube-prom load balancer  all 
nfs-filepath  The NFS (Network File System) file path where PaaS components store data  Azure only 
nfs-server  The NFS (Network File System) server IP address   Azure only 
oam-lb-subnet  The subnet name for the OAM (Operations, Administration, and Maintenance) load balancer.   Azure only 
unique-name-suffix  The unique name suffix for all PaaS service logs  all 
     

Deploy Azure Operator 5G Core via Azure Resource Manager

You can deploy Azure Operator 5G Core resources by using Azure CLI. The following command deploys a single mobile packet core resource. To deploy a complete AO5GC environment, all resources must be deployed.

The example command is run for the nrfDeployments resource. Similar commands run for the other resource types (SMF, AMF, UPF, NRF, NSSF). The observability components can also be deployed with the observability services resource making another request. There are a total of seven resources to deploy for a complete Azure Operator 5G Core deployment.

Deploy using Azure CLI

Set up the following environment variables:

$ export resourceGroupName=<Name of resource group> 
$ export templateFile=<Path to resource bicep script> 
$ export resourceName=<resource Name> 
$ export location <Azure region where resources are deployed> 
$ export templateParamsFile <Path to bicep script parameters file>

Note

Choose a name that contains all associated Azure Operator 5G Core resources for the resource name. Use the same resource name for clusterServices and all associated network function resources.

Enter the following command to deploy Azure Operator 5G Core:

az deployment group create \
--name $deploymentName \
--resource-group $resourceGroupName \
--template-file $templateFile \
--parameters $templateParamsFile

The following shows a sample deployment:

PS C:\src\teest> az deployment group create ` 
--resource-group ${ resourceGroupName } ` 
--template-file ./releases/2403.0-31-lite/AKS/bicep/nrfTemplateSecret.bicep ` 
--parameters resourceName=${ResourceName} ` 
--parameters locationName=${location} ` 
--parameters ./releases/2403.0-31-lite/AKS/params/nrfParams.json ` 
--verbose 

INFO: Command ran in 288.481 seconds (init: 1.008, invoke: 287.473) 

{ 
 "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroupName /providers/Microsoft.Resources/deployments/nrfTemplateSecret", 
 "location": null, 
 "name": "nrfTemplateSecret", 
 "properties": { 
   "correlationId": "00000000-0000-0000-0000-000000000000", 
   "debugSetting": null, 
   "dependencies": [], 
   "duration": "PT4M16.5545373S", 
   "error": null, 
   "mode": "Incremental", 
   "onErrorDeployment": null, 
   "outputResources": [ 
     { 
       "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ resourceGroupName /providers/Microsoft.MobilePacketCore/nrfDeployments/test-505", 
       "resourceGroup": " resourceGroupName " 
     } 
   ], 

   "outputs": null, 
   "parameters": { 
     "locationName": { 
       "type": "String", 
       "value": " location " 
     }, 
     "replacement": { 
       "type": "SecureObject" 
     }, 
     "resourceName": { 
       "type": "String", 
       "value": " resourceName " 
     } 
   }, 
   "parametersLink": null, 
   "providers": [ 
     { 
       "id": null, 
       "namespace": "Microsoft.MobilePacketCore", 
       "providerAuthorizationConsentState": null, 
       "registrationPolicy": null, 
       "registrationState": null, 
       "resourceTypes": [ 
         { 
           "aliases": null, 
           "apiProfiles": null, 
           "apiVersions": null, 
           "capabilities": null, 
           "defaultApiVersion": null, 
           "locationMappings": null, 
           "locations": [ 
             " location " 
           ], 
           "properties": null, 
           "resourceType": "nrfDeployments", 
           "zoneMappings": null 
         } 
       ] 
     } 
   ], 
   "provisioningState": "Succeeded", 
   "templateHash": "3717219524140185299", 
   "templateLink": null, 
   "timestamp": "2024-03-12T16:07:49.470864+00:00", 
   "validatedResources": null 
 }, 
 "resourceGroup": " resourceGroupName ", 
 "tags": null, 
 "type": "Microsoft.Resources/deployments" 
} 

PS C:\src\test>

Next step