Setup Guide
Once the information checklist is completed, we will work with you to create your Private Mobile Network following these steps:
- Provision connectivity between your network and the Edge Point
- Configure your Mobile Gateway
- Prepare your IAM (Enterprise Mobile Gateway only)
- Provision your mobile APs
- SIM provisioning
If you have not done so already, please order your SIMs so end to end testing can be done once your network is set up.
Provision connectivity between your network and the Edge Point
In order to connect the Site where your RAN resides to an Edge Point, you will work with us to provision private network connectivity from your site to the Interconnect service on the Edge Point. The Interconnect supports most transport options, including IPSEC VPN, MPLS (L2VPN or L3VPN) or if your Edge Point is on-prem, or you have footprint at the colo where the Alef infrastructure is, direct ethernet connection.
Once this is complete, your private network will extend to your Edge Point, so all services on the Edge Point, as well as your mobile devices (UEs) will use IP addresses within your internal address space.
Routing
As your services running on the Edge Point will be within your address space, you need to provide us with a routable IP address for the Mobile Gateway (MME). You can either manually create a static route for this on your edge router/firewall, or we can exchange routing updates with your BGP AS.
You must ensure that:
- Packets ingressing your network from the Edge Point with UE subnet source addresses are permitted access to the resources required by UE applications.
- Packets returning to the UE subnet are routed back down the tunnel towards the Edge Point.
Your mobile APs will communicate with:
- The Mobile Gateway over the private link that you have set up to the Edge Point
- Your SAS provider over the internet.
Transport Options
IPSEC VPN
To bring up IPSec connectivity to an Alef Location, we will work with you to provision your IPSEC phase 1 and 2 tunnels, and a point to point GRE link that will run over the IPSEC tunnel.
All traffic between your Site and the Edge Point will run across the GRE point to point link.
By default, the following filter is applied to The GRE tunnel:
- Permit IP SCTP port 36412 S1AP and GTP-u UDP port 2152 traffic to the Mobile Gateway
- Permit all traffic from/to UE IP subnets
Please provide our engineers with the following information so we can work with you to bring up the IPSECand GRE tunnels:
- Peer IP
- Phase I IKE parameters
- IKE version
- IKE mode
- Pre-shared key
- Diffie-Hellman group
- Authentication Algorithms
- Encryption Algorithms
- Life-time
- Phase II IPSec parameters
- protocol: ESP
- PFS PFS Perfect Forward Secrecy: Diffie-Hellman Group
- Authentication Algorithms
- Encryption Algorithms
- GRE tunnel IP information
MPLS VPN
We support L2VPN and L3VPN, the Edge Point being seen by your MPLS provider network as another branch office. In order to bring up MPLS connectivity to the Edge Point, our engineers will work with you and your MPLS provider to provision the Edge Point as if it is a new branch site on your MPLS network.
Direct Connect
If you have footprint at a colo that is also hosting Alef infrastructure, the Interconnect service can connect directly with your CE router over ethernet at L2 or L3. This also applies if you are installing an Edge Point on-prem, which we refer to as a Customer Location Edge Point.
Configure your Mobile Gateway
So that it can communicate with your mobile APs, the mobile gateway will be configured with the following settings that have also been configured on the APs:
- PLMN ID
- TAC
- Cell Ids (Optional)
- UE subnet(s)
- DNS server address (to be sent to the UE)
- APN(s)
If you are using Enterprise mode, you will also configure the radius client when you create your Mobile Gateway. It will use this radius client to communicate with your radius servers.
Prepare your IAM (Enterprise Mobile Gateway only)
You will need ensure that your IAM can operate with the EMG’s Radius client. We can provide guidance on this.
IP Management
You will configure IP pools on the Mobile Gateway from which UEs will be assigned IP addresses, block these out on your IPAM and advise us of the range used for the pool. Dynamically assigning IP UE IP addresses via your IPAM is on our roadmap, please contact us for details.
Provision your mobile APs
Once you have installed your mobile APs, and provisioned connectivity from them to your SAS provider, we can assist you with the configuration they need to communicate with the Mobile Gateway on the Edge Point.
Best practice is to statically assign AP addresses via your IPAM such that a given AP will always get the same address.
The following parameters will need to be configured on your mobile APs: PLMN ID TAC Cell ID Mobile Gateway IP (MME)
Once your APs are configured to communicate with the Mobile Gateway, your network infrastructure is ready.
SIM Provisioning
If you are using the Enterprise Mobile Gateway, you will need to provision your SIMs and keys into your existing ID store.
If you are using the Classic Mobile Gateway, assuming you are ordering your SIMs from a 3rd party, once you have the SIM information (IMSI, K, Opc) as well as your PLMN, you will send this to us and we will add this information to the ID store in your Mobile Gateway. If we are providing the SIMs, we will do this for you.