AWS Partner Network (APN) Blog
Fully Automated Athonet 4G/5G Core Management and Orchestration on AWS
By Yousef Hawwar CDA, Principal – AWS
By David Perez Caparros, Sr. Customer Delivery Architect – AWS
By Dylan Brothers, Solution Architect – Athonet
By Martin Jensen, Vice President Solution Architect – Athonet
 |
| Athonet |
 |
Many Amazon Web Services (AWS) customers want an easy way to deploy, configure, manage, and upgrade mobile private networks that scale easily based on demand.
Customers want to streamline time-consuming manual operations to deploy, provision, and manage mobile private networks. They want flexible and multi-deployment models they can select from based on deployment requirements, such as:
- All AWS public cloud-based.
- Hybrid between public cloud for control plane and on premises for user plane.
- All on premises-based for disconnected cloud.
In this post, we will discuss how customers can take advantage of Athonet’s fully automated 4G/5G professional-grade solutions on AWS to accelerate their business outcomes.
By combining the cloud-native capabilities of Athonet Core network functions (NF) with AWS services, you can demonstrate the deployment of Athonet Core on AWS in a matter of minutes. This makes it easy for customers to accelerate the path from a small pilot to large-scale deployment.
Athonet Mobile Core Network on AWS
Athonet is an AWS Partner that provides a complete software-based mobile packet core solution supporting LTE, 5G-NSA, and 5G SA standards. It offers a portfolio of flexible deployment models running on AWS to meet customer demands and requirements.
This includes an all-cloud deployment with all mobile Core network functions and management systems running on AWS. It also includes hybrid cloud deployment with certain network functions deployed at the edge or on premises via AWS Outposts, and the rest of the NFs and management running on AWS.
Finally, Athonet includes an on-premises deployment with Athonet Core deployed on AWS Outposts, and a disconnected cloud deployment with Athonet Core running on the AWS Snow Family. The diagram below shows the various deployment models for Athonet Mobile Core.
Figure 1 – Athonet Mobile Core deployment models on AWS.
Below, Figure 2 shows a detailed example of Athonet all-cloud deployment running on AWS and connecting to an on-premises radio access network over a secure connection. In this example, the Mobile Core NFs are deployed as an all-in-one Amazon Elastic Compute Cloud (Amazon EC2) instance. Deploying such a network is intricate and requires multiple steps with certain dependencies between them to complete the setup.
As depicted in the figure below, you would start by setting up the required AWS infrastructure and continue by creating the EC2 instances to deploy the required resources for Mobile Core, gateways, and Central Configuration Service (CCS). As part of steps 2-5, developers or customers are required to identify the appropriate subnets and security groups for each instance.
By the end of step 5, you will have all of the AWS resources created, but developers and customers still need to update the Mobile Core with proper configurations to fetch the Athonet Core license to activate Core, and select which NFs are enabled per instance, as shown in step 6.
With step 7, you create an OpenVPN connection to AWS instances from remote machines. This requires knowledge of public IP address assigned to the network address translation (NAT) gateway instance. With Security Gateway (SecGW) in step 8, you’ll configure the radio certificates and upload them to the radio access network (RAN), and then create secure connections with on-premises RAN and user connection.
With step 9, you create a private hosted zone and create records in the hosted zone to determine how Amazon Route 53 responds to domain name system (DNS) queries for the Mobile Core. This is required to allow for flexibility in security gateway and user plane route selection.
Figure 2 – Athonet Mobile Core deployment on AWS.
Using AWS CloudFormation templates, one can simplify the deployment of these steps. With CloudFormation, you model and set up your AWS resources so you can spend less time managing those resources and more time focusing on your applications running on AWS.
You’ll create a template that describes all of the AWS resources you want, and CloudFormation takes care of provisioning and configuring those resources for you. Figure 3 below describes the model used to deploy and configure Athonet Mobile core using CloudFormation.
The deployment process involves creating a number of CloudFormation stacks in a certain order. The outputs of these stacks are provided as input for subsequent stacks.
While using CloudFormation helps simplify and accelerate the process for deploying, you will still require someone with deep technical knowledge and familiarity with these templates to get this deployed without issues. For example, once the networking resources and EC2 instances have been created, there’s a need to create virtual private network (VPN) and browser security certificates, generate configuration templates, and perform a set of API calls in order to apply Day 1 configuration to Mobile Core.
This is still a relatively manual process that’s time consuming and prone to errors. As the number of customer trials and deployment scales, it’s essential to automate the process for deployment to run with minimum human intervention. This becomes even more essential as the need to support various deployment models described above increases the complexity and combination of CloudFormation stacks created and run.
In the next section, we show how to automate such deployment by combining CloudFormation templates with AWS serverless services.
Figure 3 – AWS CloudFormation flow to create Athonet Mobile Core Private Network.
Automation of Athonet Mobile Private Network
To automate the Athonet Mobile Core deployment and configuration process, we use a collection of AWS serverless compute services tools and frameworks, such as AWS Step Functions, AWS Service Catalog, AWS Developer Tools, AWS Cloud Development Kit (CDK), and AWS Lambda.
Figure 4 – AWS Step Functions workflow to automate deployment of Athonet Mobile Core.
The end-to-end automation flow together with Athonet Mobile Core components have been modeled as a cloud development kit application. AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through CloudFormation.
AWS CDK relies on modern programming languages like Typescript and offers high-level, object-oriented abstractions to define AWS resources. Furthermore, the CDK application code is version controlled and stored in a code repository like AWS CodeCommit.
The deployment of the CDK application modeling the automation constructs for Athonet Mobile Core is a one-time operation. It starts by creating a product portfolio in AWS Service Catalog with both Athonet Mobile Core and AWS infrastructure products. These products leverage CloudFormation templates that describe resources such as the virtual private cloud (VPC), subnets, security groups, or EC2 instances as required by Athonet Mobile Core.
Together with the Service Catalog product portfolio, the CDK application contains a set of state machines that capture the lifecycle management operation workflow, such as instantiation or termination.
In AWS Step Functions, a state machine captures the deployment and Day 1 configuration workflow for Athonet Mobile Core on AWS. After starting the execution (step 1 in Figure 3), the state machine provisions the Athonet Mobile Core product that has been previously onboarded into a Service Catalog product portfolio (step 2).
By leveraging Service Catalog product chaining capabilities, Athonet Mobile Core combines five sub-products together: VPC, Mobile Core, CCS, S1 Security GW, and NAT GW. When provisioning the chained product, Service Catalog creates and executes a deployment plan that takes into account the inter-dependencies between combined sub-products. Product chaining avoids manual errors when copying outputs from one product as inputs to another.
The next step in the state machine stores a unique execution token in AWS Systems Manager Parameter Store and pauses the state machine execution (step 3) while the Athonet Mobile Core product is being provisioned (step 4). The unique execution token identifies the state machine execution and will be required to resume it.
AWS Service Catalog can be configured to stream product notifications to an Amazon Simple Notification Service (Amazon SNS) topic (step 5). A Lambda function, which is subscribed to the product portfolio SNS topic, processes the notification events. When Service Catalog publishes a CREATE_COMPLETE event that refers to the Athonet Mobile Core chained product, the Lambda function fetches the unique execution token from Parameter Store (step 7) and resumes the execution of the state machine (step 8).
After the deployment of Athonet Mobile Core component, the state machine invokes a set of Lambda functions with Day 1 configuration logic (step 9). This includes:
- Generating configuration templates in the format of Athonet’s CCS and configuring Athonet Mobile Core by executing a sequence of API calls against Athonet CCS.
- Generating the required VPN certificates for the OAM and S1 Security Gateway instances and placing them in in an Amazon Simple Storage Service (Amazon S3) bucket.
- Uploading a given TLS certificate from S3 to the Athonet Mobile Core via FTPS to enable secure HTTPS access to the core graphical user interface (GUI).
- Create private hosted zone and create set of records for Mobile Core.
Once the Lambda functions have completed their initial execution, the Day 1 configuration is complete and the user has a completely enabled Mobile Core.
To accelerate execution of Day 1 configurations, we leverage parallel processing for Lambda functions. For Day 2 configuration, such as adding new RAN certificates or reconfiguration of CIDR blocks, the Lambda functions can be re-invoked as needed by the customer.
In summary, the AWS resources to automate and orchestrate the deployment and configuration of one or more Athonet Mobile Core instances have been modeled in CDK as code and can be deployed to an AWS account using the AWS CDK Toolkit (cdk command), or even a CI/CD pipeline using AWS CodePipeline.
Once deployed and using AWS serverless compute services, the automation flow creates new Athonet Mobile Core instances with a single API call.
Conclusion
By using AWS CDK and AWS Step Functions, customers can launch Athonet Mobile Core in AWS Service Catalog and automate the deployment and configuration with minimal human intervention.
Such a process can even be invoked with a single API call, thus making it easier to integrate to customers’ business support system (BSS) and operation support system (OSS).
.
.
Athonet – AWS Partner Spotlight
Athonet is an AWS Partner and fully softwarised mobile core network for mobile operators, MVNOs, or enterprises and is fully integrated with AWS IoT Core.