Auto-Integration: User Guide
Auto-Integration: User Guide
Auto-Integration: User Guide
User Guide
Disclaimer
The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. Ericsson shall
have no liability for any error or damage of any kind resulting from the use of this
document.
Contents
1 Introduction 1
1.1 Benefits 4
2 Feature Operation 5
2.1 Overview 6
2.2 Configuration Requirements 8
2.3 Commissioning Process 15
3 Affected Parameters 25
5 Performance 27
6 Glossary 28
1 Introduction
If the user does not want to monitor the integration process, setting the field-
support account manually at boot is not required. Auto-integration can handle
the creation of a field-support account if a credential file has been generated
with the Python program given in Node Provisioning on page 20, and imported
as the site equipment file with BSIM (for OSS-RC, see Router OSS-RC, End to End
Description in the OSS-RC library; for ENM, see ENM Operators Guide and
AutoIntegration Deployment Guidelines using ENM OSS in the ENM library).
For those users, who do not want to use auto-integration, there is an additional
prompt to disable it after field-support account prompt. The prompt is showed at
every boot until auto-integration is completed, aborted, or disabled. Auto-
integration users can ignore it, or else press n. As described earlier, Auto-
integration can also be aborted later in the exec mode. The following is an
example of the prompt:
Auto-integration: Auto-integration is started automatically when node boots up.
If you want to disable it, type 'y' and press enter.
Otherwise type 'n' or simply wait for node to continue booting.
Disable auto-integration? (y/n):
Auto-integration: response timed out. Continuing with auto-integration enabled.
The following banner is displayed when the user logs in with the field-support
account:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! Auto-integration is ongoing. Please invoke command !!
!! "auto-integration abort" if it is not desired. !!
!! Node reboot will follow. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The ports in the router can be connected in any manner as long as the same local
link has both IP connectivity to the OSS-RC or ENM, and a DHCP server or relay
present (See Node Provisioning on page 20 and DHCP on page 16 ). Therefore,
there is no preset port nor VLAN (any traffic port with any VLAN or local
maintenance terminal without VLAN can be used) for auto-integration to access
the OSS-RC or ENM when downloading the configuration, and optionally a
software upgrade package. Figure 1 shows the operating environment of the
router auto-integration on OSS-RC. Figure 2 shows the operating environment of
the router auto-integration on ENM.
Note: The user must ensure that the network provisioning requirement of
DHCP server on the same link is fulfilled (see Node Provisioning on page
20 and DHCP on page 16).
- - - - O&M
Traffic
RBS Site
Core
Network
Any port Trusted
Router [LMT, Traffic] Transport
Network
BSIM
DNS
DHCP
SMRS
OSS-RC
Infra AIWS
Structure
MASTER
SERVER
G106706B
- - - - O&M
Traffic
RBS Site
Core
Network
Any port Trusted
Router 6672 [LMT, Traffic] Transport
Network ENM AP
DNS
DHCP
ENM SMRS
Infra AIWS
Structure PKI
RA/CA
G106706D
1.1 Benefits
The router auto-integration simplifies project coordination between staff at OSS-
RC or ENM and the managed element. For example, the effort of managing
node-specific configuration data becomes lighter. Configuration data is stored by
OSS-RC or ENM and is automatically retrieved by the router, thereby reducing
manual configuration work in deployment projects. When configuration data has
been created and bound to the particular router to be commissioned, auto-
integration is not dependent on staff presence at OSS-RC or ENM. A field
technician is the only person involved during on-site integration, as the process is
fully automatic, requiring only correct installation and cabling.
2 Feature Operation
For OSS-RC, configuration data is prepared by using the Base Station Integration
Manager (BSIM); for more information, see Router OSS-RC, End to End
Description in the OSS-RC library. BSIM processes and stores the configuration
data in OSS-RC, making it available for the router to retrieve when connected.
These preparations must be performed prior to the integration of the router.
The router comes prepared with advanced security features such as secure
private key storage (Trusted Platform Module) and corresponding certificates.
The certificates are issued based on the HW serial number of the router, and used
to authenticate the router in OSS-RC or ENM. Therefore, when the cabling is
ready and the field technician initiates auto-integration simply by powering up
the router, auto-integration proceeds without intervention and is ready for
service. The field technician completes the integration by checking the indicator
status on the front panel. Successful auto-integration is indicated when the
operational indicator (green) stops blinking and goes steady on. Figure 3 shows
the indicators of the router front panel.
Fault
Operational
Active/Standby or Master/Slave
Status
G106700A
2. show log | grep AUTOD — trace the chain of events that led to failure
When failure occurs, auto-integration retries every 15 minutes and continues for
a month, in order to provide time for provisioning errors at the OSS-RC or ENM in
the network to be corrected, and thus mitigating the need for visiting the site of
the router. The final auto-integration stage of OSS-RC or ENM synchronization,
which includes SNMP trap sending, is an exception to this. A failure in SNMP trap
sending is retried every five minutes for four hours.
2.1 Overview
The router auto-integration performs self-configuration by detecting the local
link (and optionally, VLAN) that has a DHCP server or DHCP relay. The interface,
on which DHCP DISCOVERY succeeds, is configured according to the DHCP
OFFER from the DHCP server detected. Any traffic port (with or without VLAN) or
local maintenance terminal (without VLAN) can be used for this. Cablings need
not be changed after auto-integration. When one interface is up and assigned an
address, it is able to access OSS-RC or ENM and download needed files for the
optional software update and the mandatory router configuration. The following
1. Network Provisioning
2. Node Provisioning
3. Node Commissioning
4. Node Integration
Deploy and configure Pre-configure Bind a physical node id Power up installed node
or re-configure servers individual node using to pre-configured
used for self configuration templates logical node
establishment and rules for data
assignment
G106701B
• The license for OSS-RC feature FAJ 121 1298: RBS Auto-Provisioning
(RAP) is installed and activated, refer to License Key Administration in
the OSS-RC library.
— The following OSS-RC Library documents must have been read and be
available:
• User has access to Ericsson Network Manager (ENM) and this user has a
role of Autoprovisioning_Operator, or has a custom role which has read /
write capabilities for the Auto Provisioning (AP) application.
• DNS is configured.
• DHCP is configured.
— The following ENM Library documents must have been read and be
available:
— Installation Guide
— Site Planning
This section describes the software and configuration file templates used in the
auto-integration process.
Table 1 shows where the software and configuration files are stored.
Table 1 Storage Location of Software and Configuration Files Used in Auto-Integration (OSS-RC)
When auto-integration is deployed on ENM, the configuation files used for ENM
are similar to that on OSS-RC, except for introduction of the OssNodeProtocol
file. For details, see Table 2.
Table 2 Storage Location of Software and Configuration Files Used in Auto-Integration (ENM)
This section briefly describes the other OSS-RC services that are used by the
router auto-integration.
When the auto-integration commissioning phase starts, the SIF is built and
uploaded to the AIWS server from where the router downloads it. The router logs
on to the AIWS automatically as the server performs a secure TLS identification
of the router, using the securely stored (in the trusted platform computing
hardware module) vendor credentials. For more information regarding secure
identification, refer to Security Management folder.
The OSS-RC master server awaits an SNMPv3 trap message from the router,
indicating that the integration process has completed. After receiving this
message, the master server logs on to the router, using credentials created within
the SBF (see Network Provisioning on page 15), and synchronizes the
configuration database.
OSS-RC Network Resource Model on the OSS-RC master server is the common
data store where topology, connectivity, and security data are modeled for the
entire network to be managed. BSIM and OMSAS interact with ONRM during the
auto-integration process.
During commissioning phase, the upgrade package and the initial configuration
file are imported and uploaded to the SMRS, where individual user accounts are
created for each node to be integrated. During the integration phase, the router
uses SFTP to download the needed files from the SMRS.
This section briefly describes the other ENM services that are used by the router
auto-integration.
— mscm Service
2.2.3.1 AP
ENM's software security system aims to protect ENM internal and managed
network assets from malicious attacks and use. ENM consists of a number of
security management functions and specific security controls which adhere to
industry-wide security standards.
— Enable support for Common Operation and Maintenance (COM). The COMInf
infra server must be running with COM enabled.
— Prepare the OSS-RC for Ericsson vendor certificates. The vendor credentials
are used for secure identification in OSS-RC during the integration process.
— Enable support for Common Operation and Maintenance (COM). The COMInf
infra server must be running with COM enabled.
— Prepare the ENM for Ericsson vendor certificates. The vendor credentials are
used for secure identification in ENM during the integration process.
— Confirm that the Certificate Distribution Point (CDP) is defined in ENM DNS
server (as opposed to the backhaul one) and in the certificates.
2.3.1.1 DHCP
The Dynamic Host Configuration Protocol (DHCP) server provides the router with
temporary IP parameters, used by auto-integration only to download files from
OSS-RC or ENM. In requests (for example DHCP DISCOVERY message) for
parameters from the DHCP server, the router identifies itself with the hardware
serial number as the DHCP client identifier and therefore special handling and
access control can be provisioned in the DHCP server based on this value.
- - - - O&M
Traffic
RBS Site
Core
Network
Any port Trusted
Router [LMT, Traffic] Transport
Network
BSIM
DNS
DHCP
SMRS
OSS-RC
Infra AIWS
Structure
MASTER
SERVER
G106706B
— RBS auto-integration with R6000 as DHCP server. There are four scenarios
for this use case:
Core
Outer Outer
Network
Inner Inner
DHCP DNS RADIUS DNS
EPC
RAN IPsec Tunnel
RBS OAM IPsec Tunnel R6000
Untrusted Trusted
Transport Transport
Network Network OSS
RA/CA SMRS
RAN Tranfic AIWS
O&M Tranfic
G110991A
In this scenario, the R6000 takes the role of SeGW and inner IP address
provider. As inner IP address provider, the R6000 provides the inner IP
address which is required to terminate the User Plane (UP)/Control
Plane (CP), sync and OAM traffic in the RBS. When R6000 provides the
inner IP address to RBS, there are two ways:
— R6000 provides the inner IP address from the IP address pool which
is maintained by R6000.
Core
Outer
Network
R6000 Inner Inner
DNS RADIUS DNS
EPC
RAN IPsec Tunnel
RBS OAM IPsec Tunnel SeGW
Untrusted Trusted
Transport Transport
Network Network OSS
RA/CA SMRS
RAN Tranfic AIWS
O&M Tranfic
G110992A
— The R6000 as outer DHCP server (option 72 for DHCPv4 server and
option 245 for DHCPv6 server) provides the IP address of the AIWS
server from which the RBS fetches the configuration files.
— The R6000 as outer DHCP server (option 241 for both DHCPv4
server and DHCPv6 server) provides the outer IP address of the
Core
Outer Network
DNS Inner Inner
RADIUS DNS
EPC
RAN IPsec Tunnel
RBS OAM IPsec Tunnel R6000
Untrusted Trusted
Transport Transport
Network Network OSS
RA/CA SMRS
RAN Tranfic AIWS
O&M Tranfic
G110993A
Figure 8 RBS AI with R6000 as SeGW and outer DHCP Server (with
IPsec)
In this scenario, the R6000 takes the roles of outer DHCP server and
SeGW.
— The R6000 as outer DHCP server (option 72 for DHCPv4 server and
option 245 for DHCPv6 server) provides the IP address of the AIWS
server from which the RBS fetches the configuration files.
— The R6000 as outer DHCP server (option 241 for both DHCPv4
server and DHCPv6 server) provides the outer IP address of the
SeGW (temp OAM IP address) for establishing the temporary OAM
IPsec VPN.
Core
RADIUS Network
EPC
RBS R6000
Trusted
Transport
Network
OSS
DNS
RA/CA SMRS
RAN Tranfic AIWS
O&M Tranfic
G110994A
In this scenario, the R6000 is the default gateway router with DHCP
server function. As DHCP server (option 72 for DHCPv4 server and option
245 for DHCPv6 server) , it provides the IP address of the AIWS server
from which RBS fetches the configuration files.
— For IP connectivity to function, the next hop of the router must be configured
to support DHCP, either relay or server.
— IPWorks, the Ericsson supplied product for standard DHCP service can be
utilized.
— The DHCP server must be configured to return an IP address and mask for
the router in addition to the mandatory options defined in Table 3 (defined in
RFC 2132).
Table 3 Parameters for the Communication between router and DHCP Server
DHCP Option Description Mandatory or
Optional
Option code 1 The DHCP server subnet mask. Mandatory
Option code 3 The Default Gateway IP address. Mandatory
Option code 6 The DNS server IP address. Optional
Option code 15 The DNS server domain name. The Optional
user is advised to assess needs.
Option code 42 The NTP server domain name. Optional
Option code 72 The AIWS IPv4 address. Optional
(1)
—RBS AI with R6000 as SeGW and outer DHCPv4 Server (with IPsec)
—RBS AI with R6000 as SeGW and outer DHCPv4/v6 Server (with IPsec)
—RBS AI with R6000 as SeGW and outer DHCPv6 Server (with IPsec)
The returned option values are assigned to an interface on the router which
resides on the same local link as the DHCP server or relay. This must also be the
same link over which OSS-RC or ENM is accessed remotely. Auto-integration
detects this interface automatically.
2.3.1.2 DNS
Servers in the Domain Name System (DNS) are configured to respond to the
queries and map domain names to IP addresses. DNS data formats and
communication are specified in standards RFC 1035 and in 3GPP TS 23.003.
The router auto-integration does not use DNS, in fact, the option code 72 AIWS
IP address and BSIM or AP templates only take numerical addresses. The user is,
however, encouraged to consider if any other service needs DNS, and be aware
that the auto-integration process is able to configure DNS server, if option 6 is
included in the DHCP OFFER.
Note: DNS servers configured based on DHCP OFFERs are only used during
auto-integration. Any permanent DHCP servers to be used in-service
must be configured in the site basic file, that is, the router configuration
to be downloaded from OSS-RC or ENM (see Node Provisioning on page
20).
During node provisioning, the user inputs operator-specific data to define the
behavior of a router transport node. This entails the following tasks:
— Input configuration data to the OSS-RC site installation file (SIF) and ARNE
templates (see BSIM Router OSS End to End Description).
— Purchase licenses (License Key File, LKF) from Ericsson, according to needs.
Note: The above tasks use OSS-RC as an example, ENM also needs to follow
the OSS-RC procedure for node provisioning and node comissioning for
the existing functions.
This script generates the file equipment.cfg to be copied into a location accessible
by BSIM, and then imported (see BSIM Router 6000 OSS End to End
Description).
For OSS-RC, the Initial Security Configuration File (ISCF) is generated and
imported by OSS-RC, and it contains the IP address of OSS-RC SNMPv3 receiver.
This address is appended automatically by auto-integration to the router
configuration (combined with the SBF) and used as a destination for the
SNMPv3 trap message sent to the OSS-RC at the end of auto-integration (the
trap is a notification of presence and forwarding service availability).
Note: The SNMPv3 trap receiver information within the downloaded ISCF is
appended to the router configuration. However, any additional SNMP
receivers can be configured by the user in the SBF.
snmp server
snmp view Inet-View internet included
snmp group Group4 notify Inet-View
snmp user Admin group Group4 security-model usm noauth
snmp target target10 10.11.12.13 security-name Admin version 3 s →
ecurity-level noauth group Group4 view Inet-View
The mssnmpfm service checks the communication between the Simple Network
Management Protocol (SNMP) NE and the ENM system. When alarm supervision
is started the mssnmpfm subscribes to the NE for alarms. After a successful
subscription, ENM system starts receiving alarm.
To deploy AI on R6000, two SBF template files are available for reference: SBF
with AU and SBF Without AU. You can use the corresponding template file based
on your device configuration. If your device has an AU, use SBF with AU to create
your own SBF file. Otherwise, SBF without AU shall be used.
Note: The SBF must contain a specially named interface for the NETCONF
OAM connection called oam_interface, which belongs to local context
and is not allowed to change.
interface oam_interface
ip address 10.170.115.127/24
For a device with an AU. The configuration links in the SBF file SBF with AU need
to be configured based on your requirements.See the following example:
port ethernet 1/8 needs to be replaced with the actual Ethernet port linking
to the AU device.
If your device needs to support multiple AUs, you need to add the same
configuration with different AU ID and port number.
Note: The site basic file must have the SSH service enabled in order for the
master server to be able to log in.
The OSS-RC master server must be authenticated locally on the router. Therefore,
create an OAM administrator as shown here (oam_server is the administrator
name; select password as appropriate):
administrator oam_server password *********
privilege start 15
privilege max 15
role NetconfPlatformAdministrator
Note: An OAM administrator account for the OSS-RC master server must also
be configured in the SBF. Also, the user must create a username and
password with full privileges (and NetconfPlatformAdministrator role)
within the SBF. The administrator name can be an arbitrary name.
Note: Only manual hardware binding is supported; the serial number can only
be entered manually in OSS-RC or ENM for the intended configuration
and logical node name.
During the node integration stage, the router performs self-configuration after
fetching its configuration files, and optionally, the specified software package
version from the OSS-RC or ENM. The files are downloaded using HTTPS and the
factory prepared vendor credentials. Therefore the router is authenticated based
on Ericsson Root Certificate Authority (CA) signed certificates (stored securely in
Trusted Platform Module, TPM). The self-configuration is performed for each
individual node being integrated, without the need for user interaction. As the
3 Affected Parameters
For OSS-RC, the following router configuration parameters (in SBF) need special
attention:
— LDAP authentication
— SNMPv3 configuration
— Licensing configuration
This section describes the features and functions affected by the router auto-
integration.
5 Performance
6 Glossary
AIWS
Auto-Integration Web Service
BSIM
Base Station Integration Manager
DHCP
The Dynamic Host Configuration Protocol
DNS
Domain Name System
KPI
Key Performance Indicator
LKF
License Key Files
MS
Master Server
NTP
Network Time Protocol
OMSAS
Operation and Maintenance Security Administration Server
ONRM
OSS-RC Network Resource Model
OSS-RC
Operations Support System – Radio and Core
PKI
Public Key Infrastructure
RAP
RBS Auto-Provisioning
SBF
Site Basic File
SCS
Security Configuration Service
SEF
Site Equipment File
SIF
Site Integration File
SMRS
Software Management Repository Server
SNMP
Simple Network Management Protocol
UP
Upgrade Package