Auto-Integration: User Guide

Download as pdf or txt
Download as pdf or txt
You are on page 1of 33
At a glance
Powered by AI
The key takeaways are that auto-integration is a process to automatically integrate routers into a mobile backhaul network using tools like BSIM in OSS-RC or Auto Provisioning in ENM. It configures the router, upgrades software, and provisions it for service.

Auto-integration is a process to automatically integrate routers into a mobile backhaul network. For Ericsson R6000, it can be deployed using OSS-RC and ENM. The main tools are BSIM in OSS-RC and Auto Provisioning in ENM. It configures the router, upgrades software, and provisions it for service.

The main stages of auto-integration are starting automatically, software upgrade and configuration importing, and completing the process. Cancellation is not allowed during the penultimate stage of upgrade and configuration.

Auto-Integration

User Guide

2/1553-AXI 101 09/1 Uen H2


Copyright

© Ericsson AB 2018. All rights reserved. No part of this document may be


reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. Ericsson shall
have no liability for any error or damage of any kind resulting from the use of this
document.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Contents

Contents

1 Introduction 1
1.1 Benefits 4

2 Feature Operation 5
2.1 Overview 6
2.2 Configuration Requirements 8
2.3 Commissioning Process 15

3 Affected Parameters 25

4 Affected Features and Functions 26


4.1 Prerequisite Features 26
4.2 Affected Features 26
4.3 Affected System Functions 26

5 Performance 27

6 Glossary 28

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Auto-Integration

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Introduction

1 Introduction

This document describes the router auto-integration feature, that includes


functions within the router and the management systems. For Ericsson R6000,
auto-integration can be deployed using both the Operations Support System –
Radio and Core (OSS-RC) and Ericsson Network Manager (ENM). The main
provisioning tool for auto-integration in OSS-RC is called the Base Station
Integration Manager (BSIM) and that in ENM is called Auto Provisioning (AP).

Auto-integration starts automatically, and the auto-integration abort


command can be used to cancel auto-integration in exec mode CLI. Canceling
auto-integration restores the original configuration and reboots the node. Auto-
integration is not restarted at this time. The no-reset parameter can be
appended to prevent reboot, when immediate troubleshooting is desired. A post-
troubleshooting reboot is required for obtaining consistent router state. During
the penultimate stage of auto-integration that includes software upgrade and
configuration importing, cancellation is not allowed and therefore, this stage runs
to completion. When the above-mentioned stage runs to completion, the original
configuration is not reinstated, rather the downloaded configuration, site basic
file (see Node Provisioning on page 20), is instated as the boot configuration.

Note: Any manual operations such as configuration or upgrade of the router


can only be performed after canceling auto-integration.

Upon using the auto-integration abort command, auto-integration can be


restarted using the auto-integration restart command. Restarting or
canceling auto-integration results in a reboot. Before the initial boot or before
restarting auto-integration, ensure that correct provisioning of the network (For
OSS-RC, see Commissioning Process on page 15) and node (for OSS-RC, see
Router OSS-RC, End to End Description in the OSS-RC library; for ENM, see ENM
Operators Guide and AutoIntegration Deployment Guidelines using ENM OSS in
the ENM library) has been done.

When auto-integration is automatically started at first boot or when restarted,


factory settings are enforced and therefore, no user-defined administrators are
available for monitoring. The auto-integration process is potentially “zero-touch”,
but if the user wants to monitor this process through exec-CLI, a field-support
account must be defined at first boot with the prompt of the field-support
account as follows (the prompt is shown for two minutes).
Field-Support Account does not exist on this Node. Please create it first.
Please Input Field-Support Name: xxx
Field Support Name must start with "_"
Please Input Field-Support Name:_cde
Please Input Field-Support Password:************

If the user does not want to monitor the integration process, setting the field-
support account manually at boot is not required. Auto-integration can handle
the creation of a field-support account if a credential file has been generated
with the Python program given in Node Provisioning on page 20, and imported
as the site equipment file with BSIM (for OSS-RC, see Router OSS-RC, End to End

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 1


Auto-Integration

Description in the OSS-RC library; for ENM, see ENM Operators Guide and
AutoIntegration Deployment Guidelines using ENM OSS in the ENM library).

For those users, who do not want to use auto-integration, there is an additional
prompt to disable it after field-support account prompt. The prompt is showed at
every boot until auto-integration is completed, aborted, or disabled. Auto-
integration users can ignore it, or else press n. As described earlier, Auto-
integration can also be aborted later in the exec mode. The following is an
example of the prompt:
Auto-integration: Auto-integration is started automatically when node boots up.
If you want to disable it, type 'y' and press enter.
Otherwise type 'n' or simply wait for node to continue booting.
Disable auto-integration? (y/n):
Auto-integration: response timed out. Continuing with auto-integration enabled.

The following banner is displayed when the user logs in with the field-support
account:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! Auto-integration is ongoing. Please invoke command !!
!! "auto-integration abort" if it is not desired. !!
!! Node reboot will follow. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Note: If auto-integration fails (illuminated yellow status indicator and blinking


green operational indicator) and manual troubleshooting is desired, a
field-support account must be created. If the field-support account is not
created at boot, create it by rebooting the router and waiting for the
prompt of the field-support account. Rebooting can be performed by
briefly disconnecting the power cables. The status indicator may briefly
turn on during boot up. This does not indicate an auto-integration error.

The ports in the router can be connected in any manner as long as the same local
link has both IP connectivity to the OSS-RC or ENM, and a DHCP server or relay
present (See Node Provisioning on page 20 and DHCP on page 16 ). Therefore,
there is no preset port nor VLAN (any traffic port with any VLAN or local
maintenance terminal without VLAN can be used) for auto-integration to access
the OSS-RC or ENM when downloading the configuration, and optionally a
software upgrade package. Figure 1 shows the operating environment of the
router auto-integration on OSS-RC. Figure 2 shows the operating environment of
the router auto-integration on ENM.

Note: The user must ensure that the network provisioning requirement of
DHCP server on the same link is fulfilled (see Node Provisioning on page
20 and DHCP on page 16).

2 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Introduction

- - - - O&M
Traffic

RBS Site

Core
Network
Any port Trusted
Router [LMT, Traffic] Transport
Network
BSIM
DNS
DHCP

SMRS
OSS-RC
Infra AIWS
Structure
MASTER
SERVER

G106706B

Figure 1 Operating Environment of the router Auto-Integration (OSS-RC)

- - - - O&M
Traffic

RBS Site

Core
Network
Any port Trusted
Router 6672 [LMT, Traffic] Transport
Network ENM AP
DNS
DHCP

ENM SMRS
Infra AIWS
Structure PKI
RA/CA

G106706D

Figure 2 Operating Environment of the router Auto-Integration (ENM)

A user is able to execute auto-integration restart with a privilege level of 3 or


higher. Semi-automated integration (with laptop) is not supported.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 3


Auto-Integration

Note: Follow the given configuration settings described in Node Provisioning


on page 20 and Affected Parameters on page 25 for creating a router
configuration (the site basic file) downloaded by auto-integration:
— oam_interface (a loopback for the OAM application on both OSS-RC
and ENM)

— oam_server (a user for the OSS-RC logon, not required by ENM)

— SSH service enablement (for OSS-RC and ENM logon)

1.1 Benefits
The router auto-integration simplifies project coordination between staff at OSS-
RC or ENM and the managed element. For example, the effort of managing
node-specific configuration data becomes lighter. Configuration data is stored by
OSS-RC or ENM and is automatically retrieved by the router, thereby reducing
manual configuration work in deployment projects. When configuration data has
been created and bound to the particular router to be commissioned, auto-
integration is not dependent on staff presence at OSS-RC or ENM. A field
technician is the only person involved during on-site integration, as the process is
fully automatic, requiring only correct installation and cabling.

4 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

2 Feature Operation

This section describes the router auto-integration feature in detail.

Note: To cancel auto-integration, create a field support account and execute


the auto-integration abort command in exec mode CLI.

An auto-integrated facilitates storing the configuration data in OSS-RC or ENM


and supports the router automatically pulls the data over network.

For OSS-RC, configuration data is prepared by using the Base Station Integration
Manager (BSIM); for more information, see Router OSS-RC, End to End
Description in the OSS-RC library. BSIM processes and stores the configuration
data in OSS-RC, making it available for the router to retrieve when connected.
These preparations must be performed prior to the integration of the router.

For ENM, AP is the Application in ENM to manage auto integration. Auto


Provisioning supports the automated rollout of nodes in a network minimizing
the manual steps required.

The router comes prepared with advanced security features such as secure
private key storage (Trusted Platform Module) and corresponding certificates.
The certificates are issued based on the HW serial number of the router, and used
to authenticate the router in OSS-RC or ENM. Therefore, when the cabling is
ready and the field technician initiates auto-integration simply by powering up
the router, auto-integration proceeds without intervention and is ready for
service. The field technician completes the integration by checking the indicator
status on the front panel. Successful auto-integration is indicated when the
operational indicator (green) stops blinking and goes steady on. Figure 3 shows
the indicators of the router front panel.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 5


Auto-Integration

Fault
Operational
Active/Standby or Master/Slave

Status

G106700A

Figure 3 The Front Panel Indicators of the router

Failed auto-integration is indicated by a lit status indicator (yellow) and a


continuously blinking operational indicator (green). If failure occurs, the field
technician can log on to the console using the field-support account and execute
the following commands:

1. auto-integration status — show current status

2. show log | grep AUTOD — trace the chain of events that led to failure

3. show system alarm — confirm alarm raised by auto-integration and


possibly other modules

When failure occurs, auto-integration retries every 15 minutes and continues for
a month, in order to provide time for provisioning errors at the OSS-RC or ENM in
the network to be corrected, and thus mitigating the need for visiting the site of
the router. The final auto-integration stage of OSS-RC or ENM synchronization,
which includes SNMP trap sending, is an exception to this. A failure in SNMP trap
sending is retried every five minutes for four hours.

2.1 Overview
The router auto-integration performs self-configuration by detecting the local
link (and optionally, VLAN) that has a DHCP server or DHCP relay. The interface,
on which DHCP DISCOVERY succeeds, is configured according to the DHCP
OFFER from the DHCP server detected. Any traffic port (with or without VLAN) or
local maintenance terminal (without VLAN) can be used for this. Cablings need
not be changed after auto-integration. When one interface is up and assigned an
address, it is able to access OSS-RC or ENM and download needed files for the
optional software update and the mandatory router configuration. The following

6 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

tasks need to be complete for correct functioning of auto-integration (all steps


are described in detail in the upcoming chapters):

1. Network Provisioning

a. Set up DHCP server to respond with needed data (DHCP options).


b. Set up servers in OSS-RC or ENM.
c. Assess DNS and NTP needs. Auto-integration does not require these two
server types.
d. Confirm functioning routes from OSS-RC or ENM up to the link intended
for auto-integration.

2. Node Provisioning

a. Fill in OSS-RC or ENM integration templates (Site Integration File, SIF).


b. Write a router configuration (Site Basic File, SBF).
c. Generate the credential file of field-support account (Site Equipment
File, SEF).
d. Download upgrade package from Ericsson Software Gateway if needed.
e. Obtain License Key Files (LKF) from Ericsson if needed.
f. Prepare the security configuration file: OssNodeProtocol (only for ENM).

3. Node Commissioning

a. In OSS-RC, import SIF, SBF, SEF, UP, ISCF, and LKF.

In ENM, import SIF, SBF, SEF, UP, LKF, and OssNodeProtocol.


b. Bind the SBF to the HW serial number of the router to be auto-
integrated.

4. Node Integration

a. The router is installed at site and cabling is done.


b. The router is powered on.

Figure 4 provides an overview of the commissioning procedure.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 7


Auto-Integration

Network Node Node Node


Provisioning Provisioning Commissioning Integration
Prepare Prepare a Auto-generate Perform
Network Node Node Data Autonomus
Infra Structure Configuration Node Integration

Deploy and configure Pre-configure Bind a physical node id Power up installed node
or re-configure servers individual node using to pre-configured
used for self configuration templates logical node
establishment and rules for data
assignment

G106701B

Figure 4 Processes Supported By router Auto-Integration

2.2 Configuration Requirements


The requirements for configuring AI using OSS-RC are described in the as
follows:

— The prerequisites for using router auto-integration on OSS-RC include:

• The license for OSS-RC feature FAJ 121 1298: RBS Auto-Provisioning
(RAP) is installed and activated, refer to License Key Administration in
the OSS-RC library.

• OSS-RC updated to the correct version. Refer to the latest Network


Impact Report.

— The following OSS-RC Library documents must have been read and be
available:

• ARNE User Guide


• BSIM, Base Station Integration Manager, User Guide
• BSIM, Base Station Integration Manager, System Administrator Guide
• License Key Administration in OSS-RC
• Router OSS-RC, End to End Description
• SMO, Software Management Organizer, User Guide
• Operation and Maintenance Security Administration Server (OMSAS)
The requirements for configuring AI using ENM are as follows:

— The prerequisites for using router auto-integration on ENM include:

8 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

• User has access to Ericsson Network Manager (ENM) and this user has a
role of Autoprovisioning_Operator, or has a custom role which has read /
write capabilities for the Auto Provisioning (AP) application.

• ENM has Vendor Credentials configured.

• DNS is configured.

• DHCP is configured.

• Configure the Network Time Protocol (NTP).

• The Transport Network is available for Operation and Maintenance


(OAM ) traffic, control plane traffic, and user plane traffic.

• Transport Network is equipped with DHCP, and Remote Authentication


Dial In User Service (RADIUS) servers to handle IP address allocation
and Transport Network connectivity.

• Firewalls are open.

— The following ENM Library documents must have been read and be
available:

• ENM Product Description

• ENM Operators Guide (2/1029-AOM 901 151)

• ENM Network Integration Guidelines (1/102 72-AOM 901 151)

• Security System Administration Guide

• Node Hardening Instructions and Guidelines

• Identity and Access Management Programmers Guide

• AutoIntegration Deployment Guidelines using ENM OSS

• Software Hardware Manager

To deploy auto-integrtion on both OSS-RC and ENM, the following router


documents must have been read and be available:

— Installation Guide

— Site Planning

— auto-integration (CLI command)

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 9


Auto-Integration

2.2.1 Software and Configuration Files

This section describes the software and configuration file templates used in the
auto-integration process.

When auto-integration is deployed on OSS-RC, BSIM operates on its internal files


(SIF, SuF, and ISCF see Table 1) using the substitution variables that are set
based on values entered in BSIM. The substitution variables are indicated by
percentage character "%". Table 1 lists the OSS-RC internal files, in addition to
external ones (handled opaquely by OSS-RC). For more details about auto-
integration substitution parameters, refer to Site Installation File, XSD, Site
Installation File, Example, Summary File, XSD, Summary File, Example, Initial
Security Configuration File, XSD, Initial Security Configuration File, Example,
Router OSS End to End Description, and BSIM, Base Station Integration
Manager, User Guide in the OSS-RC library.

Table 1 shows where the software and configuration files are stored.

Table 1 Storage Location of Software and Configuration Files Used in Auto-Integration (OSS-RC)

File Type Type of Data Storage Location Imported By


Upgrade Package For optional upgrade SMRS server User
of the router software.
Site Basic File (SBF) For configuration of SMRS server User
the router, created by
the user.
Site Installation File The site installation AIWS Server User
(SIF) file contains the SMRS
server address and
node logical name.
Summary File (SuF) Contains pointers to SMRS server OSS-RC
UP and SBF.
Initial Security Contains the OSS-RC SMRS server OSS-RC
Configuration File SNMPv3 listener.
(ISCF)
License Key File (LKF) An optional license file SMRS server User
for expanded
functionality.
Site Equipment File Contains the SMRS server User
(SEF) credentials of field-
support account.
Generated by the user
using the Python script
provided in this
document.

10 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

When auto-integration is deployed on ENM, the configuation files used for ENM
are similar to that on OSS-RC, except for introduction of the OssNodeProtocol
file. For details, see Table 2.

Table 2 Storage Location of Software and Configuration Files Used in Auto-Integration (ENM)

File Type Type of Data Storage Location Imported By


Upgrade Package For optional upgrade SMRS server User
of the router software.
Site Basic File (SBF) For configuration of SMRS server User
the router, created by
the user.
Site Installation File The site installation AIWS Server User
(SIF) file contains the SMRS
server address and
node logical name.
Summary File (SuF) Contains pointers to SMRS server OSS-RC
UP and SBF.
License Key File (LKF) An optional license file SMRS server User
for expanded
functionality.
Site Equipment File Contains the SMRS server User
(SEF) credentials of field-
support account.
Generated by the user
using the Python script
provided in this
document.
OSSNodeProtocol Includes configuration SMRS server User
for LDAP
authentication, OAM
node credentials,
CMPv2 certificate
enrollment, NetConf
over TLS
configuration,
SNMPv3
configuration, and
licensing
configuration.

2.2.2 Services on OSS-RC

This section briefly describes the other OSS-RC services that are used by the
router auto-integration.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 11


Auto-Integration

— Auto-integration Web Service (AIWS)

— Operation and Maintenance Security Administration Server (OMSAS)

— Master Server (MS)

— OSS-RC Network Resource Model (ONRM)

— Security Configuration Service (SCS)

— Software Management Repository Server (SMRS)

2.2.2.1 AIWS Server

When the auto-integration commissioning phase starts, the SIF is built and
uploaded to the AIWS server from where the router downloads it. The router logs
on to the AIWS automatically as the server performs a secure TLS identification
of the router, using the securely stored (in the trusted platform computing
hardware module) vendor credentials. For more information regarding secure
identification, refer to Security Management folder.

2.2.2.2 Operation and Maintenance Security Administration Server

OMSAS in OSS-RC provides Public Key Infrastructure (PKI) services, including


assigning of the root of trust certificate, based on which the router is
authenticated at the AIWS. Refer to the OMSAS Guide Operation and
Maintenance Security Administration Server in the OSS-RC library for more
information.

2.2.2.3 OSS-RC Master Server

The OSS-RC master server awaits an SNMPv3 trap message from the router,
indicating that the integration process has completed. After receiving this
message, the master server logs on to the router, using credentials created within
the SBF (see Network Provisioning on page 15), and synchronizes the
configuration database.

2.2.2.4 OSS-RC Network Resource Model

OSS-RC Network Resource Model on the OSS-RC master server is the common
data store where topology, connectivity, and security data are modeled for the
entire network to be managed. BSIM and OMSAS interact with ONRM during the
auto-integration process.

12 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

2.2.2.5 Security Configuration Service

The Security Configuration Service (SCS) in OSS-RC handles security


configuration operations such as installation of certificates and copy of local
authentication and authorization database files.

BSIM requests security configurations from SCS, which coordinates the


communication between BSIM, ONRM, and OMSAS. The service also
synchronizes ONRM with the authentication and authorization database on
OMSAS.

2.2.2.6 Software Management Repository Service

During commissioning phase, the upgrade package and the initial configuration
file are imported and uploaded to the SMRS, where individual user accounts are
created for each node to be integrated. During the integration phase, the router
uses SFTP to download the needed files from the SMRS.

2.2.3 Services on ENM

This section briefly describes the other ENM services that are used by the router
auto-integration.

The ENM services include:

— Auto-integration Web Service (AIWS)

— Operation and Maintenance Security Administration Server (OMSAS)

— Auto provisioning (AP)

— Security Configuration Service (SCS)

— Software Management Repository Server (SMRS)

— mscm Service

To deploy auto-integration, a number of services are used on both OSS-RC and


ENM, including AIWS, OMAS, and SMRS. For details of these services, refer to
Services on OSS-RC on page 11. The services exclusively contained in ENM are
described in the following sections.

2.2.3.1 AP

The Mediation Service for Auto Provisioning is responsible for communication


between the Auto Provisioning Service (apserv) and the nodes.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 13


Auto-Integration

AP automatically executes the following functions (driven by the input


configuration data provided by the user):

— Configuration of the security data.

— Configuration of the node licenses.

— Configuration of the optional features.

— Configuration of the Ericsson R6000 and transport data.

— Bringing nodes into service.

2.2.3.2 Security Configuration Service on ENM

ENM's software security system aims to protect ENM internal and managed
network assets from malicious attacks and use. ENM consists of a number of
security management functions and specific security controls which adhere to
industry-wide security standards.

— Identity and Access Management (IdAM)

— PKI Management System

— Node Security Configuration Service (NSCS)

— Logging and log viewing

PKI Management System


ENM offers PKI Management System to satisfy the needs to the managed
network but also to support ENM internal services.

Apart from offering basic PKI functions (issue/reissue/revoke certificates), the


system also supports certificate publishing for trust distribution, Registration
Authority (RA) with SCEP and CMPv2, Vendor Credential Management and
certificates for external entities (for example,Webservers, SeGW). Certificate
enrollment can be done for use in traffic nodes.

Public Key Infrastructure Registration Authority (PKIRA) service enrolls online


certificates for nodes. With CDPS(Certificate Revocation List [CRL] Distribution
Point Service) and TDPS (Trust Distribution Point Service) functions.

A Registration Authority (RA) is an authority in a network that verifies user


requests for a digital certificate and tells the Certificate Authority (CA) to issue it.

2.2.3.3 mscm Service

The mscm service performs CM activities on the network elements managed by


the ENM system. These activities include adding, deleting, synchronizing,

14 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

subscribing to and handling notifications from, and performing CRUD (Create,


Read, Update, and Delete) operations on the NEs.

2.3 Commissioning Process


This section provides details about the process of adding the router using auto-
integration.

2.3.1 Network Provisioning

Network provisioning must be done in network management system (OSS-RC or


ENM) and the backhaul of the router. The backhaul provisioning includes
configuring a DHCP relay or server on the LAN used to access OSS-RC or ENM,
and may include setting up DNS and NTP servers (DNS and NTP are not strictly
needed for auto-integration). Routing between OSS-RC or ENM and the router
must be defined.

The following items provide a summary of task to be performed in OSS-RC, refer


to Router OSS-RC End to End Description in the OSS-RC library to obtain detailed
information about the procedures:

— Configure the AIWS and establish the communication with BSIM.

— Configure the SMRS.

— Enable support for Common Operation and Maintenance (COM). The COMInf
infra server must be running with COM enabled.

— Prepare NETCONF (COM user). The COM user must be assigned an


appropriate role before integration starts, i.e., the role
"NetconfPlatformAdministrator", and there is no privilege requirement.

— Prepare the OSS-RC for Ericsson vendor certificates. The vendor credentials
are used for secure identification in OSS-RC during the integration process.

— Confirm that the Certificate Distribution Point (CDP) is defined in OSS-RC


DNS server (as opposed to the backhaul one) and in the certificates.

For ENM, the network provisioning procedure is as follows:

— Configure the AIWS and establish the communication with AP.

— Configure the SMRS.

— Enable support for Common Operation and Maintenance (COM). The COMInf
infra server must be running with COM enabled.

— Prepare NETCONF (COM user). The COM user must be assigned an


appropriate role before integration starts.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 15


Auto-Integration

— Prepare the ENM for Ericsson vendor certificates. The vendor credentials are
used for secure identification in ENM during the integration process.

— Confirm that the Certificate Distribution Point (CDP) is defined in ENM DNS
server (as opposed to the backhaul one) and in the certificates.

2.3.1.1 DHCP

The Dynamic Host Configuration Protocol (DHCP) server provides the router with
temporary IP parameters, used by auto-integration only to download files from
OSS-RC or ENM. In requests (for example DHCP DISCOVERY message) for
parameters from the DHCP server, the router identifies itself with the hardware
serial number as the DHCP client identifier and therefore special handling and
access control can be provisioned in the DHCP server based on this value.

Ericsson R6000 supports the following two use cases:

— R6000 (except 6274) auto-integration with an external DHCP server.

- - - - O&M
Traffic

RBS Site

Core
Network
Any port Trusted
Router [LMT, Traffic] Transport
Network
BSIM
DNS
DHCP

SMRS
OSS-RC
Infra AIWS
Structure
MASTER
SERVER

G106706B

Figure 5 R6000 Auto-integration with an External DHCP Server

— RBS auto-integration with R6000 as DHCP server. There are four scenarios
for this use case:

• Auto-integration with IPsec:

16 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

Core
Outer Outer
Network
Inner Inner
DHCP DNS RADIUS DNS
EPC
RAN IPsec Tunnel
RBS OAM IPsec Tunnel R6000
Untrusted Trusted
Transport Transport
Network Network OSS

RA/CA SMRS
RAN Tranfic AIWS

O&M Tranfic
G110991A

Figure 6 RBS AI with R6000 as SeGW and inner IP address provider


(with IPsec)

In this scenario, the R6000 takes the role of SeGW and inner IP address
provider. As inner IP address provider, the R6000 provides the inner IP
address which is required to terminate the User Plane (UP)/Control
Plane (CP), sync and OAM traffic in the RBS. When R6000 provides the
inner IP address to RBS, there are two ways:
— R6000 provides the inner IP address from the IP address pool which
is maintained by R6000.

— R6000 provides the inner IP address through consulting external


DHCP server.

Core
Outer
Network
R6000 Inner Inner
DNS RADIUS DNS
EPC
RAN IPsec Tunnel
RBS OAM IPsec Tunnel SeGW
Untrusted Trusted
Transport Transport
Network Network OSS

RA/CA SMRS
RAN Tranfic AIWS

O&M Tranfic
G110992A

Figure 7 RBS AI with R6000 as outer DHCP Server (with IPsec)

In this scenario, the R6000 is an outer DHCP server.

— The R6000 as outer DHCP server (option 72 for DHCPv4 server and
option 245 for DHCPv6 server) provides the IP address of the AIWS
server from which the RBS fetches the configuration files.

— The R6000 as outer DHCP server (option 241 for both DHCPv4
server and DHCPv6 server) provides the outer IP address of the

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 17


Auto-Integration

SeGW (temp OAM IP address) for establishing the temporary OAM


IPsec VPN.

Core
Outer Network
DNS Inner Inner
RADIUS DNS
EPC
RAN IPsec Tunnel
RBS OAM IPsec Tunnel R6000
Untrusted Trusted
Transport Transport
Network Network OSS

RA/CA SMRS
RAN Tranfic AIWS

O&M Tranfic
G110993A

Figure 8 RBS AI with R6000 as SeGW and outer DHCP Server (with
IPsec)

In this scenario, the R6000 takes the roles of outer DHCP server and
SeGW.

— The R6000 as outer DHCP server (option 72 for DHCPv4 server and
option 245 for DHCPv6 server) provides the IP address of the AIWS
server from which the RBS fetches the configuration files.

— The R6000 as outer DHCP server (option 241 for both DHCPv4
server and DHCPv6 server) provides the outer IP address of the
SeGW (temp OAM IP address) for establishing the temporary OAM
IPsec VPN.

— The R6000 as SeGW provides data encryption and decryption


between trusted and untrusted networks.

• Auto-integration without IPsec:

Core
RADIUS Network

EPC

RBS R6000
Trusted
Transport
Network
OSS

DNS
RA/CA SMRS
RAN Tranfic AIWS

O&M Tranfic
G110994A

Figure 9 RBS AI with R6000 as default DHCP Server (without IPsec)

18 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

In this scenario, the R6000 is the default gateway router with DHCP
server function. As DHCP server (option 72 for DHCPv4 server and option
245 for DHCPv6 server) , it provides the IP address of the AIWS server
from which RBS fetches the configuration files.

The following configuration is required:

— For IP connectivity to function, the next hop of the router must be configured
to support DHCP, either relay or server.

— IPWorks, the Ericsson supplied product for standard DHCP service can be
utilized.

— The DHCP server must be configured to return an IP address and mask for
the router in addition to the mandatory options defined in Table 3 (defined in
RFC 2132).

Table 3 Parameters for the Communication between router and DHCP Server
DHCP Option Description Mandatory or
Optional
Option code 1 The DHCP server subnet mask. Mandatory
Option code 3 The Default Gateway IP address. Mandatory
Option code 6 The DNS server IP address. Optional
Option code 15 The DNS server domain name. The Optional
user is advised to assess needs.
Option code 42 The NTP server domain name. Optional
Option code 72 The AIWS IPv4 address. Optional
(1)

Option code 241 The secure gateway IPv4 address. Optional


The secure gateway IPv6 address. (2)

Option code 245 The AIWS IPv6 address. Optional


(3)

(1) This option is required for R6000 in the following scenarios:

—RBS AI with R6000 as outer DHCPv4 Server (with IPsec)

—RBS AI with R6000 as SeGW and outer DHCPv4 Server (with IPsec)

—RBS AI with R6000 as default DHCPv4 Server (without IPsec)


(2) This option is required for R6000 in the following scenarios:

—RBS AI with R6000 as outer DHCPv4/v6 Server (with IPsec)

—RBS AI with R6000 as SeGW and outer DHCPv4/v6 Server (with IPsec)

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 19


Auto-Integration

(3) This option is required for R6000 in the following scenarios:

—RBS AI with R6000 as outer DHCPv6 Server (with IPsec)

—RBS AI with R6000 as SeGW and outer DHCPv6 Server (with IPsec)

—RBS AI with R6000 as default DHCPv6 Server (without IPsec)

The returned option values are assigned to an interface on the router which
resides on the same local link as the DHCP server or relay. This must also be the
same link over which OSS-RC or ENM is accessed remotely. Auto-integration
detects this interface automatically.

2.3.1.2 DNS

Servers in the Domain Name System (DNS) are configured to respond to the
queries and map domain names to IP addresses. DNS data formats and
communication are specified in standards RFC 1035 and in 3GPP TS 23.003.

The router auto-integration does not use DNS, in fact, the option code 72 AIWS
IP address and BSIM or AP templates only take numerical addresses. The user is,
however, encouraged to consider if any other service needs DNS, and be aware
that the auto-integration process is able to configure DNS server, if option 6 is
included in the DHCP OFFER.

Note: DNS servers configured based on DHCP OFFERs are only used during
auto-integration. Any permanent DHCP servers to be used in-service
must be configured in the site basic file, that is, the router configuration
to be downloaded from OSS-RC or ENM (see Node Provisioning on page
20).

2.3.2 Node Provisioning

During node provisioning, the user inputs operator-specific data to define the
behavior of a router transport node. This entails the following tasks:

— Input configuration data to the OSS-RC site installation file (SIF) and ARNE
templates (see BSIM Router OSS End to End Description).

— Optionally download the latest software upgrade package through the


Ericsson Software Gateway and import it to OSS-RC (refer to Router OSS-
RC, End to End Description).

— Generate the credentials of the field-support account within the site


equipment file (SEF, see Automatic Field-Support Account Creation on page
21).

— Prepare a complete router configuration file (SBF) according to the rules of


the IPOS Exec-CLI language and verify it. The SBF must be provided in the
same format as the router stores its configuration. Therefore, this must not

20 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

be a script; for example, not a file listing commands such as configure or


manual traversal CLI hierarchies.

— Purchase licenses (License Key File, LKF) from Ericsson, according to needs.

Note: The above tasks use OSS-RC as an example, ENM also needs to follow
the OSS-RC procedure for node provisioning and node comissioning for
the existing functions.

2.3.2.1 Master Server Connection Settings

A specially named L3 interface must be created in the SBF (router configuration


to be downloaded) of the router for the purpose of accepting incoming NETCONF
connections over SSH (most likely a loopback) from the OSS-RC master server.
This interface must be named oam_interface, and its address is informed by the
SNMPv3 trap transmission to the OSS-RC. The master server subsequently
connects to this address for state synchronization.

2.3.2.2 Automatic Field-Support Account Creation

In order for auto-integration to be a zero-touch procedure, a field support


account must also be created automatically. The field-support account is
provisioned by copy-pasting the following Python script (requires at Python
version 3.4.3 at minimum) into a Linux terminal and entering username (must
start with an underscore _) and password when prompted (password is shown in
clear text when typed):

python3 -c 'import crypt,re,sys; u=input("Username: "); (print("Username is valid.") if (re.match( →


r"(?=^.{4,128}$)[a-z_-]+$", u)) else exit("Bad username.")) if (u.startswith("_")) else exit("User →
name must start with: _"); p=input("Password: "); print("Password is valid.") if (re.match(r"(?=^. →
{8,128}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z]))^.*", p)) else exit("Bad password."); f=open("equipment.c →
fg", "w"); f.write(u +"\n"); f.write(crypt.crypt(p, crypt.mksalt(crypt.METHOD_SHA512)))'

This script generates the file equipment.cfg to be copied into a location accessible
by BSIM, and then imported (see BSIM Router 6000 OSS End to End
Description).

2.3.2.3 SNMP Settings

SNMP settings are included in different files on OSS-RC and ENM.

For OSS-RC, the Initial Security Configuration File (ISCF) is generated and
imported by OSS-RC, and it contains the IP address of OSS-RC SNMPv3 receiver.
This address is appended automatically by auto-integration to the router
configuration (combined with the SBF) and used as a destination for the
SNMPv3 trap message sent to the OSS-RC at the end of auto-integration (the
trap is a notification of presence and forwarding service availability).

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 21


Auto-Integration

Note: The SNMPv3 trap receiver information within the downloaded ISCF is
appended to the router configuration. However, any additional SNMP
receivers can be configured by the user in the SBF.

The following example shows SNMP receiver configuration in the SBF.

snmp server
snmp view Inet-View internet included
snmp group Group4 notify Inet-View
snmp user Admin group Group4 security-model usm noauth
snmp target target10 10.11.12.13 security-name Admin version 3 s →
ecurity-level noauth group Group4 view Inet-View

For ENM, the SNMP configuration is included in the OssNodeProtocol file.

The mssnmpfm service checks the communication between the Simple Network
Management Protocol (SNMP) NE and the ENM system. When alarm supervision
is started the mssnmpfm subscribes to the NE for alarms. After a successful
subscription, ENM system starts receiving alarm.

2.3.2.4 Node Configuration in SBF File

To deploy AI on R6000, two SBF template files are available for reference: SBF
with AU and SBF Without AU. You can use the corresponding template file based
on your device configuration. If your device has an AU, use SBF with AU to create
your own SBF file. Otherwise, SBF without AU shall be used.

Note: The SBF must contain a specially named interface for the NETCONF
OAM connection called oam_interface, which belongs to local context
and is not allowed to change.

You can configure the IP address as required. The following is an example:

interface oam_interface
ip address 10.170.115.127/24

For a device with an AU. The configuration links in the SBF file SBF with AU need
to be configured based on your requirements.See the following example:

attached-unit 1 attach-to-router 1/8 au-type CES_UNIT


port ethernet 1/8
no auto-negotiate
no shutdown

port ethernet 1/8 needs to be replaced with the actual Ethernet port linking
to the AU device.

au-type CES_UNIT needs to be set to ABIS_UNIT or CES_Unit as required.

22 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Feature Operation

If your device needs to support multiple AUs, you need to add the same
configuration with different AU ID and port number.

SBF Configuration Only for OSS-RC


For OSS-RC you need to implement the following configuration:

Enable the SSH service on the router for correct functioning.

Note: The site basic file must have the SSH service enabled in order for the
master server to be able to log in.

The OSS-RC master server must be authenticated locally on the router. Therefore,
create an OAM administrator as shown here (oam_server is the administrator
name; select password as appropriate):
administrator oam_server password *********
privilege start 15
privilege max 15
role NetconfPlatformAdministrator

Note: An OAM administrator account for the OSS-RC master server must also
be configured in the SBF. Also, the user must create a username and
password with full privileges (and NetconfPlatformAdministrator role)
within the SBF. The administrator name can be an arbitrary name.

2.3.3 Node Commissioning

In the commissioning phase, a particular router configuration is associated with a


particular hardware unit. This means that a hardware serial number is bound to a
logical node name and the SBF of the node. The binding of the HW serial number
and logical node name is done manually by entering the serial number. If desired,
the Upgrade Package, License Key File, and Site Equipment File (see Node
Provisioning on page 20) are imported with BSIM (for OSS-RC) or AP (for ENM).
Refer to Router OSS End to End Description for more information on how to
import the files and data generated from templates.

Note: Only manual hardware binding is supported; the serial number can only
be entered manually in OSS-RC or ENM for the intended configuration
and logical node name.

2.3.4 Node Integration

During the node integration stage, the router performs self-configuration after
fetching its configuration files, and optionally, the specified software package
version from the OSS-RC or ENM. The files are downloaded using HTTPS and the
factory prepared vendor credentials. Therefore the router is authenticated based
on Ericsson Root Certificate Authority (CA) signed certificates (stored securely in
Trusted Platform Module, TPM). The self-configuration is performed for each
individual node being integrated, without the need for user interaction. As the

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 23


Auto-Integration

last step of auto-integration, a SNMPv3 trap message is sent to OSS-RC or ENM


after which router state synchronization is performed with NETCONF over SSH
(for OSS-RC) or NETCONF over TLS (for ENM). When auto-integration succeeds,
the operational indicator (green) goes steady on. Failure is indicated by blinking
operational indicator and a lit status indicator (yellow).

24 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Affected Parameters

3 Affected Parameters

This section describes router configuration parameters affected by the


introduction of a router auto-integration.

Integrating the router into a mobile backhaul entails it to be set up as a unique


network element, and to become ready for service.

For OSS-RC, the following router configuration parameters (in SBF) need special
attention:

— The L3 interface oam_interface used for the master server connections.

— The administrator credentials for the master server (oam_server)


authentication.

— OSS-RC SNMP receiver for the configurations.

— Enabling the SSH service.

— Automatic field-support account creation.

For ENM, the following router configutation parameters (in OssNodeProtocol)


need special attention.

— L3 interface oam_interface used by Netconf

— OAM node credentials for the AP server (oam_server) authentication

— SNMP receiver for the configurations

— LDAP authentication

— CMPv2 certificate enrollment

— NetConf over TLS configuration

— SNMPv3 configuration

— Licensing configuration

See Node Provisioning on page 20 for all affected parameters.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 25


Auto-Integration

4 Affected Features and Functions

This section describes the features and functions affected by the router auto-
integration.

4.1 Prerequisite Features


None

4.2 Affected Features


None

4.3 Affected System Functions


None

26 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Performance

5 Performance

There are no counters, events, or Key Performance Indicator (KPI) definitions


associated with this function. The auto-integration process depends on network
capacity levels, but normally finished within 15 minutes.

The status of auto-integration can be reviewed using the auto-integration


status command. The system log contains information about auto-integration
activities and status. One can display the log using the show log | grep AUTOD
command.

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 27


Auto-Integration

6 Glossary

AIWS
Auto-Integration Web Service

BSIM
Base Station Integration Manager

DHCP
The Dynamic Host Configuration Protocol

DNS
Domain Name System

KPI
Key Performance Indicator

LKF
License Key Files

MS
Master Server

NTP
Network Time Protocol

OMSAS
Operation and Maintenance Security Administration Server

ONRM
OSS-RC Network Resource Model

OSS-RC
Operations Support System – Radio and Core

28 2/1553-AXI 101 09/1 Uen H2 | 2018-07-11


Glossary

PKI
Public Key Infrastructure

RAP
RBS Auto-Provisioning

SBF
Site Basic File

SCS
Security Configuration Service

SEF
Site Equipment File

SIF
Site Integration File

SMRS
Software Management Repository Server

SNMP
Simple Network Management Protocol

UP
Upgrade Package

2/1553-AXI 101 09/1 Uen H2 | 2018-07-11 29

You might also like