You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/private-5g-core/private-mobile-network-design-requirements.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,7 @@ The following capabilities must be present to allow your user equipment (UEs) to
32
32
33
33
## Designing a private mobile network
34
34
35
-
Your design choices around the private 5G network will directly affect your implementation. The following sections describe elements of the network you'll need to consider and the decisions you'll need to make in preparation for deploying your network.
35
+
The following sections describe elements of the network you'll need to consider and the design decisions you'll need to make in preparation for deploying your network.
36
36
37
37
### Subnets and IP addresses
38
38
@@ -44,45 +44,45 @@ You may have existing IP networks at the enterprise site that the private cellul
44
44
- Using network address and port translation (NAPT), either on the packet core itself, or on an upstream network device such as a border router.
45
45
- Optimizing the network for performance by choosing a maximum transmission unit (MTU) that minimizes fragmentation.
46
46
47
-
Document the IP subnets (IPv4) that will be used for the deployment with the enterprise, agreeing the IP addresses to use for each element in the solution, as well as the addresses that will be allocated to UEs when they attach. Plan to deploy (or configure existing) routers and firewalls at the enterprise site to permit traffic. You should also agree how and where in the network any NAPT or MTU changes are required and plan the associated router/firewall configuration. For more information, see [Complete the prerequisite tasks for deploying a private mobile network](complete-private-mobile-network-prerequisites.md).
47
+
You will need to document the IPv4 subnets that will be used for the deployment and agree the IP addresses to use for each element in the solution, as well as the IP addresses that will be allocated to UEs when they attach. You will need to deploy (or configure existing) routers and firewalls at the enterprise site to permit traffic. You should also agree how and where in the network any NAPT or MTU changes are required and plan the associated router/firewall configuration. For more information, see [Complete the prerequisite tasks for deploying a private mobile network](complete-private-mobile-network-prerequisites.md).
48
48
49
49
### Network access
50
50
51
-
Your design must reflect the enterprise’s rules on what networks and assets should be reachable by the RAN and UEs on the private 5G network. For example, they might be permitted to access local Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), the Internet, or Azure, but not a factory operations local area network (LAN). Conversely, as the system integrator, you may need to arrange for remote access to the network so that you can troubleshoot issues without requiring a site visit. You also need to consider how the enterprise site will be connected to upstream networks such as Azure, for management and/or for access to other resources and applications outside of the enterprise site.
51
+
Your design must reflect the enterprise’s rules on what networks and assets should be reachable by the RAN and UEs on the private 5G network. For example, they might be permitted to access local Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), the internet, or Azure, but not a factory operations local area network (LAN). You may need to arrange for remote access to the network so that you can troubleshoot issues without requiring a site visit. You also need to consider how the enterprise site will be connected to upstream networks such as Azure, for management and/or for access to other resources and applications outside of the enterprise site.
52
52
53
53
Confirm the IP subnets and addresses that will be allowed to communicate with each other with the enterprise team. Then, create a routing plan and/or access control list (ACL) configuration that implements this plan on the local IP infrastructure. You may also use virtual local area networks (VLANs) to partition elements at layer 2 (although the Azure Private 5G Core does not tag VLAN traffic itself). As the system integrator, you may also agree with the enterprise to set up an access mechanism, such as a virtual private network (VPN), that allows your support personnel to remotely connect to the management interface of each element in the solution. In any case you'll need an IP link between Azure Private 5G Core and Azure for management and telemetry.
54
54
55
55
### RAN compliance
56
56
57
-
The RAN that you select to broadcast the signal across the enterprise site must comply with local regulations. For example, this could mean:
57
+
The RAN that you will use to broadcast the signal across the enterprise site must comply with local regulations. For example, this could mean:
58
58
59
59
- The RAN units have completed the process of homologation and received regulatory approval for their use on a certain frequency band in a country.
60
60
- You have received permission for the RAN to broadcast using spectrum in a certain location, for example, by grant from a telecom operator, regulatory authority or via a technological solution such as a Spectrum Access System (SAS).
61
-
- The RAN units in a site have access to high-precision timing sources, such as Precision Time Protocol (PTP), and GPS location services.
61
+
- The RAN units in a site have access to high-precision timing sources, such as Precision Time Protocol (PTP) and GPS location services.
62
62
63
-
Ask your RAN partner for the countries and frequency bands they are approved for use in. You may find that you'll need to use multiple RAN partners to cover the countries in which you provide your solution. Although RAN, UE and packet core all speak standard protocols, Microsoft recommends that you perform interoperability testing for the specific 4G Long-Term Evolution (LTE) or 5G standalone (SA) protocol between Azure Private 5G Core, UEs and the RAN prior to any deployment at an enterprise customer.
63
+
You should ask your RAN partner for the countries and frequency bands for which the RAN is approved. You may find that you'll need to use multiple RAN partners to cover the countries in which you provide your solution. Although the RAN, UE and packet core all communicate using standard protocols, Microsoft recommends that you perform interoperability testing for the specific 4G Long-Term Evolution (LTE) or 5G standalone (SA) protocol between Azure Private 5G Core, UEs and the RAN prior to any deployment at an enterprise customer.
64
64
65
65
Your RAN will transmit an identifier, known as a *PLMN ID*, to all UEs, on the frequency band it is configured to use. You should define the PLMN ID and confirm your access to spectrum. In some countries spectrum must be obtained from the national regulator, or incumbent telco operator. For example, if you're using the band 48 Citizens Broadband Radio Service (CBRS) spectrum, you may need to work with your RAN partner to deploy a SAS domain proxy on the enterprise site so that the RAN can continuously check that it is authorized to broadcast.
66
66
67
67
### Signal coverage
68
68
69
-
The UEs must be able to communicate with the RAN, from any location at the site. This means that the signals must propagate effectively in the environment, including accounting for obstructions and equipment, to support UEs moving around the site, for example between indoor and outdoor areas.
69
+
The UEs must be able to communicate with the RAN from any location at the site. This means that the signals must propagate effectively in the environment, including accounting for obstructions and equipment, to support UEs moving around the site (for example, between indoor and outdoor areas).
70
70
71
-
Perform a site survey with your RAN partner and the enterprise to make sure that the coverage is adequate. Make sure that you understand the RAN units’ capabilities in different environments and any limits, for example, on the number of attached UEs that a single unit can support. If your UEs are going to move around the site, you should also confirm that the RAN supports X2 (4G) or Xn (5G) handover, which allows for the UE to transition seamlessly between the coverage provided by two RAN units. Note that UEs cannot use these handover techniques to roam between a private enterprise network and the public cellular network offered by a telco operator.
71
+
You should perform a site survey with your RAN partner and the enterprise to make sure that the coverage is adequate. Make sure that you understand the RAN units’ capabilities in different environments and any limits; for example, on the number of attached UEs that a single unit can support. If your UEs are going to move around the site, you should also confirm that the RAN supports X2 (4G) or Xn (5G) handover, which allows for the UE to transition seamlessly between the coverage provided by two RAN units. Note that UEs cannot use these handover techniques to roam between a private enterprise network and the public cellular network offered by a telecommunications operator.
72
72
73
73
### SIMs
74
74
75
-
Every UE must present an identity encoded in a SIM to the network. SIMs are available in different physical form factors as well as in software-only format (eSIM). The data encoded on the SIM must match the configuration of the RAN and of the provisioned identity data in the Azure Private 5G Core.
75
+
Every UE must present an identity to the network, encoded in a SIM. SIMs are available in different physical form factors as well as in software-only format (eSIM). The data encoded on the SIM must match the configuration of the RAN and of the provisioned identity data in the Azure Private 5G Core.
76
76
77
-
Obtain SIMs in factors compatible with the UEs and programmed with the PLMN ID and keys that you want to use for the deployment. Physical SIMs are widely available on the open market at relatively low cost. If you prefer to use eSIMs, you'll need to deploy the necessary eSIM configuration and provisioning infrastructure so that UEs can configure themselves before they attach to the cellular network. Use the provisioning data you receive from your SIM partner to provision matching entries in Azure Private 5G Core. Because SIM data must be kept secure, the cryptographic keys used to provision SIMs are not readable in Azure Private 5G Core once set, so consider how you might store them in case you ever need to reprovision the data in Azure Private 5G Core.
77
+
You should SIMs in factors compatible with the UEs and programmed with the PLMN ID and keys that you want to use for the deployment. Physical SIMs are widely available on the open market at relatively low cost. If you prefer to use eSIMs, you'll need to deploy the necessary eSIM configuration and provisioning infrastructure so that UEs can configure themselves before they attach to the cellular network. You can use the provisioning data you receive from your SIM partner to provision matching entries in Azure Private 5G Core. Because SIM data must be kept secure, the cryptographic keys used to provision SIMs are not readable in Azure Private 5G Core once set, so you must consider how you will store them in case you ever need to reprovision the data in Azure Private 5G Core.
78
78
79
79
### Automation and integration
80
80
81
81
Being able to build enterprise networks using automation and other programmatic techniques saves time, reduces errors, and produces better customer outcomes. Such techniques also provide a recovery path in the event of a site failure that requires rebuilding the network.
82
82
83
83
Consider adopting a programmatic, *infrastructure as code* approach to your deployments. Use templates or the Azure REST API to build your deployment using parameters as inputs with values that you have collected during the design phase of the project. Save provisioning information such as SIM data, switch/router configuration, and network policies in machine-readable format so that, in the event of a failure, you can reapply the configuration in the same way as you originally did. You may also wish to deploy a spare Azure Stack Edge server to minimize recovery time if the first unit fails. For more information on deploying a network using templates, refer to [Quickstart: Deploy a private mobile network and site - ARM template](deploy-private-mobile-network-with-site-arm-template.md).
84
84
85
-
You must also consider how you'll integrate other Azure products and services with the private enterprise network. These products include [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) and [role-based access control (RBAC)](/azure/role-based-access-control/overview), where you must consider how tenants, subscriptions and resource permissions will align with the business model that exists between you and the enterprise, as well as your own approach to customer system management. You might use, for example,[Azure Blueprints](/azure/governance/blueprints/overview) to set up the subscriptions and resource group model that works best for your organization.
85
+
You must also consider how you'll integrate other Azure products and services with the private enterprise network. These products include [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) and [role-based access control (RBAC)](/azure/role-based-access-control/overview), where you must consider how tenants, subscriptions and resource permissions will align with the business model that exists between you and the enterprise, as well as your own approach to customer system management. For example, you might use[Azure Blueprints](/azure/governance/blueprints/overview) to set up the subscriptions and resource group model that works best for your organization.
0 commit comments