Updated release note and what's new guide now that portal updates rolled out.

Author: PaulCarterMicrosoft

articles/private-5g-core/azure-private-5g-core-release-notes-2404.md

@@ -43,24 +43,42 @@ We're excited to announce that AP5GC is now resilient to system failures when ru
 
 In our commitment to continuous improvement and minimizing service impact we’re excited to announce that, upgrading from this version to a future release will include the capability for In-Service Software Upgrades (ISSU).
 
-ISSU is supported for deployments on a 2-node cluster, software upgrades can be performed seamlessly, ensuring minimal disruption to your services. The upgrade completes with no loss of sessions or registrations and minimal packet loss and packet reordering. Should the upgrade fail, the software will automatically roll back to the previous version, also with minimal service disruption.
+ISSU is supported for deployments on a 2-node cluster. Software upgrades can be performed seamlessly, ensuring minimal disruption to your services. The upgrade completes with no loss of sessions or registrations and minimal packet loss and packet reordering. Should the upgrade fail, the software automatically rolls back to the previous version, also with minimal service disruption.
 
 ### Azure Resource Health 
 
-This feature allows you to monitor the health of your control plane resource using Azure Resource Health.  Azure Resource Health is a service that processes and displays health signals from your resource and displays the health in the Azure portal. This service gives you a personalized dashboard showing all the times your resource was unavailable or in a degraded state, along with recommended actions to take to restore health.
+This feature allows you to monitor the health of your control plane resource using Azure Resource Health. Azure Resource Health is a service that processes and displays health signals from your resource and displays the health in the Azure portal. This service gives you a personalized dashboard showing all the times your resource was unavailable or in a degraded state, along with recommended actions to take to restore health.
 
 For more information, on using Azure Resource Health to monitor the health of your deployment, see [Resource Health overview](../service-health/resource-health-overview.md).
 
-<!--
-** Removed NAS Encryption until configuration available **
 ### NAS Encryption
 
 NAS (Non-Access-Stratum) encryption configuration determines the encryption algorithm applied to the management traffic between the UEs and the AMF(5G) or MME(4G). By default, for security reasons, Packet Core deployments are configured to preferentially use NEA2/EEA2 encryption.
 
 You can change the preferred encryption level after deployment by [modifying the packet core configuration](modify-packet-core.md).
--->
 
-<!--## Issues fixed in the AP5GC 2404 release
+### RADIUS Authentication
+
+The RADIUS authentication feature enables AP5GC to perform secondary authentication via an AAA server for 4G attach and establishing a PDN/PDU session for 4G and 5G.
+This feature can be enabled per DN to perform secondary authentication. PAP based secondary authentication is supported in current release.
+
+For more information on configuration RADIUS Authentication for your deployment, see [RADIUS Authentication](security.md).
+
+### VLAN Trunking
+
+VLAN trunking provides a new method for configuring data networks. A single virtual network interface is used to carry all data plane traffic. The traffic is all VLAN tagged, with each DN using a separate VLAN to provide separation. Configuration to use VLAN trunking is done on both the ASE and Private Mobile Network. When AP5GC is deployed on a 2-node cluster, VLAN trunking is mandatory.
+
+For more information on configuration of VLAN Trunking, see [Commission an AKS Cluster](commission-cluster.md?pivots=ase-pro-2#set-up-advanced-networking).
+
+### Dual-router link redundancy
+
+Link connectivity monitoring for High Availability now accommodates paired peer routers in a dual-redundancy topology.  You can configure this by designating two BFD peer router IP addresses per interface – if this is set then:
+
+- Each Packet Core node establishes BFD sessions with each of these routers, rather than with the default gateway IP.
+- The interface is not considered to have lost connectivity unless both IPs in the redundant pair are unreachable.
+
+For more information on configuration of dual-routers, see [Create a site](create-a-site.md) or [Modify a site](modify-packet-core.md).
+
 # NO FIXED ISSUES IN AP5GC2404
 
 The following table provides a summary of issues fixed in this release.

articles/private-5g-core/whats-new.md

@@ -37,24 +37,43 @@ We're excited to announce that AP5GC is now resilient to system failures when ru
 
 ### In Service Software Upgrade 
 
-In our commitment to continuous improvement and minimizing service impact we’re excited to announce that when upgrading from this version to a future release, updates will include the capability for In-Service Software Upgrades (ISSU).
+In our commitment to continuous improvement and minimizing service impact we’re excited to announce that when upgrading from this version to a future release, updates include the capability for In-Service Software Upgrades (ISSU).
 
-ISSU is supported for deployments on a 2-node cluster, software upgrades can be performed seamlessly, ensuring minimal disruption to your services. The upgrade completes with no loss of sessions or registrations and minimal packet loss and packet reordering. Should the upgrade fail, the software will automatically roll back to the previous version, also with minimal service disruption.
+ISSU is supported for deployments on a 2-node cluster. Software upgrades can be performed seamlessly, ensuring minimal disruption to your services. The upgrade completes with no loss of sessions or registrations and minimal packet loss and packet reordering. Should the upgrade fail, the software automatically rolls back to the previous version, also with minimal service disruption.
 
 ### Azure Resource Health 
 
 This feature allows you to monitor the health of your control plane resource using Azure Resource Health. Azure Resource Health is a service that processes and displays health signals from your resource and displays the health in the Azure portal. This service gives you a personalized dashboard showing all the times your resource was unavailable or in a degraded state, along with recommended actions to take to restore health.
 
 For more information, on using Azure Resource Health to monitor the health of your deployment, see [Resource Health overview](../service-health/resource-health-overview.md).
 
-<!--
-** Removed NAS Encryption until configuration available **
 ### NAS Encryption
 
-NAS (Non-Access-Stratum) encryption configuration determines the encryption algorithm applied to the management traffic between the UEs and the AMF(5G) or MME(4G). By default, for security reasons, Packet Core deployments will be configured to preferentially use NEA2/EEA2 encryption.
+NAS (Non-Access-Stratum) encryption configuration determines the encryption algorithm applied to the management traffic between the UEs and the AMF(5G) or MME(4G). By default, for security reasons, Packet Core deployments are configured to preferentially use NEA2/EEA2 encryption.
 
 You can change the preferred encryption level after deployment by [modifying the packet core configuration](modify-packet-core.md).
--->
+
+### RADIUS Authentication
+
+The RADIUS authentication feature enables AP5GC to perform secondary authentication via an AAA server for 4G attach and establishing a PDN/PDU session for 4G and 5G.
+This feature can be enabled per DN to perform secondary authentication. PAP based secondary authentication is supported in current release.
+
+For more information on configuration RADIUS Authentication for your deployment, see [RADIUS Authentication](security.md).
+
+### VLAN Trunking
+
+VLAN trunking provides a new method for configuring data networks. A single virtual network interface is used to carry all data plane traffic. The traffic is all VLAN tagged, with each DN using a separate VLAN to provide separation. Configuration to use VLAN trunking is done on both the ASE and Private Mobile Network. When AP5GC is deployed on a 2-node cluster, VLAN trunking is mandatory.
+
+For more information on configuration of VLAN Trunking, see [Commission an AKS Cluster](commission-cluster.md?pivots=ase-pro-2#set-up-advanced-networking).
+
+### Dual-router link redundancy
+
+Link connectivity monitoring for High Availability now accommodates paired peer routers in a dual-redundancy topology.  You can configure this by designating two BFD peer router IP addresses per interface – if this is set then:
+- Each Packet Core node establishes BFD sessions with each of these routers, rather than with the default gateway IP.
+- The interface is not considered to have lost connectivity unless both IPs in the redundant pair are unreachable.
+
+For more information on configuration of dual-routers, see [Create a site](create-a-site.md) or [Modify a site](modify-packet-core.md).
+
 ## April 2024
 ### Packet core 2403
 
@@ -66,7 +85,7 @@ The 2403 release for the Azure Private 5G Core packet core is now available. For
 
 ### TCP Maximum Segment Size (MSS) Clamping
 
-TCP session initial setup messages that include a Maximum Segment Size (MSS) value, which controls the size limit of packets transmitted during the session. The packet core now automatically sets this value, where necessary, to ensure packets aren't too large for the core to transmit. This reduces packet loss due to oversized packets arriving at the core's interfaces, and reduces the need for fragmentation and reassembly, which are costly procedures.
+TCP session initial setup messages that include a Maximum Segment Size (MSS) value, which controls the size limit of packets transmitted during the session. The packet core now automatically sets this value, where necessary, to ensure packets aren't too large for the core to transmit. This setting reduces packet loss due to oversized packets arriving at the core's interfaces, and reduces the need for fragmentation and reassembly, which are costly procedures.
 
 ### Improved Packet Core Scaling 
 
@@ -95,7 +114,7 @@ See [Azure Policy policy definitions for Azure Private 5G Core](azure-policy-ref
 
 **Date available:** March 22, 2024
 
-The SUPI (subscription permanent identifier) secret needs to be encrypted before being transmitted over the radio network as a SUCI (subscription concealed identifier). The concealment is performed by the UEs on registration, and deconcealment is performed by the packet core. You can now securely manage the required private keys through the Azure portal and provision SIMs with public keys.
+The SUPI (subscription permanent identifier) secret needs to be encrypted before being transmitted over the radio network as a SUCI (subscription concealed identifier). UEs perform this concealment on registration, and the packet core performs the deconcealment. You can now securely manage the required private keys through the Azure portal and provision SIMs with public keys.
 
 For more information, see [Enable SUPI concealment](supi-concealment.md).
 
@@ -106,7 +125,7 @@ For more information, see [Enable SUPI concealment](supi-concealment.md).
 
 **Date available:** February 21, 2024
 
-Access to the [distributed tracing](distributed-tracing.md) tool now requires a dedicated sas.user role in Microsoft Entra ID. This user is available from AP5GC version 4.2310.0-8, and required from AP5GC version 2402 onwards. If you are using Microsoft Entra ID authentication, you should create this user prior to upgrading to version 2402 to avoid losing access to the tracing tool. Microsoft Entra ID access to the packet core dashboards is unchanged.
+Access to the [distributed tracing](distributed-tracing.md) tool now requires a dedicated sas.user role in Microsoft Entra ID. This user is available from AP5GC version 4.2310.0-8, and required from AP5GC version 2402 onwards. If you're using Microsoft Entra ID authentication, you should create this user before upgrading to version 2402 to avoid losing access to the tracing tool. Microsoft Entra ID access to the packet core dashboards is unchanged.
 
 See [Enable Microsoft Entra ID for local monitoring tools](enable-azure-active-directory.md) for details.
 
@@ -125,7 +144,7 @@ Previously, packet capture could only be performed from edge sites, requiring lo
 
 **Date available:** December 22, 2023
 
-The new Edge Log Backhaul feature provides Microsoft support personnel with easy access to customer network function logs to help them troubleshoot and find root cause for customer issues. This is enabled by default. To disable this feature, [modify the packet core configuration](modify-packet-core.md).
+The new Edge Log Backhaul feature provides Microsoft support personnel with easy access to customer network function logs to help them troubleshoot and find root cause for customer issues. This feature is enabled by default. To disable this feature, [modify the packet core configuration](modify-packet-core.md).
 
 ## October 2023
 ### Packet core 2310
@@ -218,7 +237,7 @@ The UE usage tracking messages in Azure Event Hubs are now encoded in AVRO file
 
 **Date available:** July 31, 2023
 
-This feature changes the 4G NAS EMM cause code for “unknown user” (subscriber not provisioned on AP5GC) to “no-suitable-cells-in-ta-15” by default. This provides better interworking in scenarios where a single PLMN is used for multiple, independent mobile networks.
+This feature changes the 4G NAS EMM cause code for “unknown user” (subscriber not provisioned on AP5GC) to “no-suitable-cells-in-ta-15” by default. This feature provides better interworking in scenarios where a single PLMN is used for multiple, independent mobile networks.
 ### 2023-06-01 API
 
 **Type:** New release
@@ -242,7 +261,7 @@ Note: ARM API users who did a PUT using the 2023-06-01 API and enabled configura
 
 You can now use Azure Monitor Workbooks to monitor your private mobile network. Workbooks provide versatile tools for visualizing and analyzing data. You can use workbooks to gain insights into your connected resources - including the packet core, Azure Stack Edge devices and Kubernetes clusters - using a range of visualization options. You can create new workbooks or customize one of the included templates to suit your needs.
 
-See [Monitor Azure Private 5G Core with Azure Monitor Workbooks](monitor-private-5g-core-workbooks.md) to learn more.
+For more information, see [Monitor Azure Private 5G Core with Azure Monitor Workbooks](monitor-private-5g-core-workbooks.md).
 
 ## June 2023
 
@@ -263,7 +282,7 @@ It's now possible to:
 - attach a new or existing data network.
 - modify an attached data network's configuration.
 
-This is followed by a few minutes of downtime, but not a packet core reinstall.
+This change is followed by a few minutes of downtime, but not a packet core reinstall.
 
 For details, see [Modify a packet core instance](modify-packet-core.md).
 
@@ -445,7 +464,7 @@ Make the following changes for each 2022-04-01-preview API template that you wan
 1. In the **Packet Core Control Plane** resource:
    1. Remove the field **properties.mobileNetwork**.
    2. Add the new mandatory field **properties.sites**. This array must contain a reference to the site resource under which this control plane is being created.
-   3. Add the new mandatory field **properties.localDiagnosticsAccess.authenticationType**. This field is an enum governing how users of local diagnostics APIs are authenticated. Set this to **Password**.
+   3. Add the new mandatory field **properties.localDiagnosticsAccess.authenticationType**. This field is an enum governing how users of local diagnostics APIs are authenticated. Set this field to **Password**.
    4. Update the field **properties.sku** according to the mapping in the following table.
 
         | 2022-04-01-preview API  | 2022-11-01 API |
@@ -579,9 +598,9 @@ This feature has the following limitations:
 
 - Once more than a single Data Network is configured, further configuration changes require the packet core to be reinstalled. To ensure this reinstall happens only after you make all your changes, you must follow the process for installing and modifying as described in the documentation.
 
-- VLAN separation of Data Networks is not supported. Only Layer 3 separation is supported (meaning you can't have overlapping IP address spaces across the Data Networks).
+- VLAN separation of Data Networks isn't supported. Only Layer 3 separation is supported (meaning you can't have overlapping IP address spaces across the Data Networks).
 
-- Metrics are not yet reported on a per-Data Network basis.
+- Metrics aren't yet reported on a per-Data Network basis.
 
 To add data networks to an existing site, see [Modify the packet core instance in a site](modify-packet-core.md). To create a new site, see [Create a site](create-a-site.md).