Setup Connectivity
Provision connectivity between your network and the Edge Point
In order to connect the Site where your RAN resides to an Edge Point, you will work with us to provision private network connectivity from your site to the Interconnect service on the Edge Point. The Interconnect supports most transport options, including Site-to-Site VPN (IPsec), MPLS (L2VPN or L3VPN) or if your Edge Point is on-prem, or you have footprint at the colo where the Alef infrastructure is, direct ethernet connection.
Once this is complete, your private network will extend to your Edge Point, so all services on the Edge Point, as well as your mobile devices (UEs), will use IP addresses within your internal address space.
Routing
As your services running on the Edge Point will be within your address space, you need to provide us with a routable IP address for the Mobile Gateway (MME). You can either manually create a static route for this on your edge router/firewall, or we can exchange routing updates with your BGP AS.
You must ensure that:
- Packets ingressing your network from the Edge Point with UE subnet source addresses are permitted access to the resources required by UE applications.
- Packets returning to the UE subnet are routed back down the tunnel towards the Edge Point.
Your mobile APs will communicate with:
- The Mobile Gateway over the private link that you have set up to the Edge Point
- Your SAS provider over the internet.
Transport Options
Site-to-Site VPN
To bring up as Site-to-Site VPN using IPSec connectivity to an Alef Location, we will work with you to provision your IPSEC phase 1 and 2 tunnels, and a point to point GRE link that will run over the IPSEC tunnel. All traffic between your Site and the Edge Point will run across the GRE point to point link.
By default, the following filter is applied to the GRE tunnel:
- Permit IP SCTP port 36412 S1AP and GTP-u UDP port 2152 traffic to the Mobile Gateway
- Permit all traffic from/to UE IP subnets
Please provide our engineers with the following information so we can work with you to bring up the IPSEC and GRE tunnels:
- Peer IP
- Phase I IKE parameters
- IKE version
- IKE mode
- Pre-shared key
- Diffie-Hellman group
- Authentication Algorithms
- Encryption Algorithms
- Life-time
- Phase II IPSec parameters
- protocol: ESP
- PFS PFS Perfect Forward Secrecy: Diffie-Hellman Group
- Authentication Algorithms
- Encryption Algorithms
- GRE tunnel IP information
MPLS VPN
We support L2VPN and L3VPN, the Edge Point being seen by your MPLS provider network as another branch office. In order to bring up MPLS connectivity to the Edge Point, our engineers will work with you and your MPLS provider to provision the Edge Point as if it is a new branch site on your MPLS network.
Direct Connect
If you have footprint at a colo that is also hosting Alef infrastructure, the Interconnect service can connect directly with your CE router over ethernet at L2 or L3.