The AWS provides High Availability through the use of Elastic IP (EIP). With EIP, when a switchover from an active SBC instance to a standby instance is required, the IP address for the active server moves to the standby instance through a REST API call, which can result in a 15-20 second switchover time. While this solution may be acceptable for the majority of web-based applications, it does not meet the requirements needed for SBCs for real-time communications.

To accomplish switchover times closer to 2 seconds, an HA Front-End (HFE) was added to the AWS architecture solution to host the Elastic IP.

 In this procedure, the private subnet for HFE is created automatically.

Note

The SBC SWe does not support IPsec in AWS.

The High-Availability Front End (HFE) front-ends only one pkt port (pkt0), public endpoints can be connected only to pkt0. Pkt1 can serve private endpoints.

Note

The HFE is configured using a script named "HFE.sh". This script is available in addition to example CloudFormation templates which support the deployment of an HA SBC with HFE.

Both files are required to deploy an SBC with High-Availability Front-End.

Note

If you delete an instance from the CFN, be aware that AWS does not delete volume(s) automatically. You must also delete them from the AWS UI if you do not want volumes of deleted instances (standalone, HA or HFE-based SBC installation).


Prerequisites for AWS CFN Install of HFE and SBC HA Instance with Automated HFE Private Subnet Creation

Prior to initiating a CFN-based install of an HA SBC instance with HFE perform the following:

  1. Download the CFN supporting HFE and the HFE configuration script (HFE.sh) to your desktop.
  2. Create a VPC for use in the deployment. Refer to Create a VPC for the SBC SWe.
  3. Create Internet Gateway for use in the deployment. Refer to Create an Internet Gateway for SBC SWe.
  4. Create Key Pairs for Linux shell access and Administrator access. Refer to Create Key Pairs for the SBC SWe.
  5. Create Subnets for use in the deployment - HFE Public, SBC Management, SBC HA0, SBC PKT0, SBC PKT1. Refer to Create Subnets for the SBC SWe.
  6. Ensure space in VPC exists and determine subnet CIDR to use to create a new HFE Subnet (which is done by this CFN).
  7. Create Security Groups for use in the deployment. Refer to Create Security Groups for SBC SWe.
  8. Update or create Route tables for the newly created subnets. Refer to Create Route Tables for SBC SWe.
  9. Create a placement group for the SBC deployment. Refer to Create Placement Groups.
  10. Create a Policy and Role for the SBC instance. Refer to Create an Identity and Access Management (IAM) Role for SBC SWe.
  11. Create and Upload the HFE.sh script to S3 bucket. Refer to Upload HFE.sh script to S3.
  12. Create a Policy and Role for the HFE instance. Refer to Create an Identity and Access Management (IAM) Role for HFE.
  13. Locate the AMI ID in your region for an Amazon Linux 2 image. Refer to Locate Amazon Linux 2 AMI ID for use in HFE Deployments.

Instantiate an HFE and HA SBC Instance


To instantiate a standalone instance:

  1. Log onto AWS.

  2. Click the Services drop-down list.
    The Services list is displayed.

  3. Click CloudFormation from Management Tools section.
     

  4. Click Create Stack. The Select Template page displays.

  5. In the Choose a template section, select Upload a template to Amazon S3.
  6. Click Choose File to navigate through the folders and select the template.

  7. Click Next.
    The Create A New Stack page displays.

    Note

    If you desire to use pre-allocated EIPs for management, ensure you to set EIPAssociationForMgt to "No" at the field prompt.

    After the deployment has completed, you must manually associate the pre-allocated EIP to Mgmt (Eth0) Primary and secondary IPs.

  8. In the Stack name field enter a unique name for this SBC stack. A stack is a collection of AWS resources you create and delete as a single unit.

  9. Enter the required values for the Parameter fields. The following table describes the create stack parameters:

    Note

    Third party CPU setting of more than two vCPU is not supported with p3.2xlarge instances due to the vCPU requirement of the Standard_GPU_Profile.


    Create Stack Parameters

    Parameter SectionFieldDescriptionMandatoryCan Leave BlankCustomizable by User
    SBC ConfigurationAMIIDAmazon Machine Image (AMI) for SBC node. The AMI is an encrypted machine image which is like a template of a computer's root drive. For example, ami-xxxxxxxx.(tick)

    HFE ConfigurationHFEAMIIDAmazon Machine Image (AMI) of HFE Node. This is to be the latest AWS Linux 2 x86 AMI ID in your region: ami-xxxxxxxx(tick)

    HFE Configuration

    HFEInstanceType

    The HFE instance type. This must be a valid EC2 instance type.

    Allowed values:

    • m5.xlarge (default)
    • m5.2xlarge
    • c5.2xlarge
    • c5.4xlarge
    • c5.9xlarge
    • c5n.2xlarge
    • c5n.4xlarge
    • c5n.9xlarge
    (tick)

    HFE ConfigurationLocation of the HFE.sh script on a local S3. Enter the name of the bucket and file preceded by s3:// , for example, s3://hafrontend/HFE.sh(tick)

    SBC ConfigurationIAMRoleThe name of the IAM role for SBC SWe instance. For more information on IAM Role, refer to Create an Identity and Access Management (IAM) Role for HFE.(tick)

    HFE ConfigurationIAMRoleHFEThe name of the IAM role for HFe instance. For more information on IAM Role, refer to Create an Identity and Access Management (IAM) Role for HFE.(tick)

    HFE ConfigurationprivateSubnetCIDREnter a CIDR for private subnet for the SBC, this new subnet will be served by HFE instance. The CIDR is available in your VPC. Recommended value is /28.(tick)

    HFE ConfigurationprivateSubnetAZEnter Availability Zone for private subnet for the SBC, this new subnet will be served by HFE instance. Select an Availability zone which has other subnets for the SBC – mgt, HA and Pkt1 ports. Enter the AZ that you are using to create the SBC.(tick)

    SBC and HFE Common Data

    EipAssociationForMgt

    Select Yes from the drop-down to associate EIP for MGT0 interface to login and access SBC application from public networks. Select No if not using EIP for management interfaces.(tick)

    SBC and HFE Common Data

    SortHfeEip

    Select Yes from the drop-down to enable sorting based on HFE EIP.

    (tick)

    SBC ConfigurationActiveInstanceName

    This specifies the actual CE name of the SBC active instance. For more information, refer to System and Instance Naming in SBC SWe N:1 and Cloud-Based Systems.

    CEName Requirements:

    • Must start with an alphabetic character.
    • Only contain alphabetic characters and/or numbers. No special characters.
    • Cannot exceed 64 characters in length
    (tick)
    (tick)
    SBC ConfigurationStandbyInstanceName

    This specifies the actual CE name of the SBC standby instance. For more information, refer to System and Instance Naming in SBC SWe N:1 and Cloud-Based Systems.

    CEName Requirements:

    • Must start with an alphabetic character.
    • Only contain alphabetic characters and/or numbers. No special characters.
    • Cannot exceed 64 characters in length
    (tick)
    (tick)
    SBC and HFE Common DataInstanceType

    The type of instance created from stack.

    Note: Ribbon recommends m5.xlarge or higher instance type if this instance type is available in your zone. Use c5.2xlarge instance type or higher to handle more calls with transcoding.

    (tick)

    SBC ConfigurationIOPSEnter IOPS reservation for io 1 type EBS volume(tick)

    SBC and HFE Common DataLinuxAdminSshKeyExisting EC2 KeyPair name to enable SSH access to the Linux shell on SBC instance.(tick)

    SBC and HFE Common DataAdminSshKeyExisting EC2 KeyPair name to enable SSH access to admin CLI on SBC instance.(tick)

    IP Configuration on SBC Pkt0, Pkt1 and HFE Public portNumberOfAlternateIPOnPkt0

    The alternate IP address for packet port 0.

    Note: Default is 1. If you are using more than one IP for alternate IPs, use comma separated IPs list.

    (tick)

    IP Configuration on SBC Pkt0, Pkt1, and HFE Public portNumberOfAlternateIPOnPkt1

    The alternate IP address for packet port 1.

    Note: Default is 1. If you are using more than one IP for alternate IPs, use comma separated IPs list.

    (tick)

    IP Configuration on SBC Pkt0, Pkt1, and HFE Public port

    Enter the number of EIP(s), which are required to configure the HFE public port. It must be [<= NumberOfAlternateIPOnPkt0] of the SBC. This helps the user to use the maximum [NumberOfAlternateIPOnPkt0] for the public calls.

    For example, if the NumberOfAlternateIPOnPkt0 = 3 and the NumberOfEIPOnHFEPublic = 5, the HFE configures only 3 IPs for the public calls and the rest 2 IPs are unused.

    Note: Default is 1.

    (tick)

    IP Configuration on SBC Pkt0, Pkt1, and HFE Public port

    Set True to allocate EIPs from Amazon's pool of public IPv4 addresses on HFE public interface or set False to use pre-allocated/reserved EIPs.

    Note: Default is True.

    (tick)

    IP Configuration on SBC Pkt0, Pkt1, and HFE Public port

    If [AllocateEIPOnHFEPublicInterface] is set to False then enter comma separated pre-allocated/reserved EIPs allocation IDs and ensure the number of EIP allocation IDs are equal to the [NumberOfEIPOnHFEPublic] value.

    For example,a list of EIPs allocation IDs could be:

    eipalloc-0f2e0f651bbf494fe,eipalloc-0a9ab9d240705c149,eipalloc-04e59f946b14980b8


    (tick)
    SBC ConfigurationPlacementIdA placement group ID of logical group of instances within a single Availability Zone. This is an optional field and can be blank.
    (tick)
    SBC ConfigurationSBCPersonalityThe type of SBC for this deployment. In this release, always set the personality to isbc.(tick)

    SBC ConfigurationSecurityGrpHa0Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic for HA0.(tick)

    SBC ConfigurationSecurityGrpMgt0Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic for MGT0.(tick)

    SBC ConfigurationSecurityGrpPkt1Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic for PKT1.(tick)

    HFE ConfigurationSecurityGrpHFEPublicActs as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic to HFE.(tick)

    HFE ConfigurationSubnetIdHFePublicSubnetId of an existing subnet in your Virtual Private Cloud (VPC) for the Public Interface on HFE.(tick)

    HFE ConfigurationSubnetIdHFETowardsSBCSubnetId of an existing subnet in your Virtual Private Cloud (VPC) for the private interface on HFE (towards the SBC).(tick)

    HFE ConfigurationremoteSSHMachinePublicIPOptionally the HFE management interface can be accessed from a public server. Enter IP(public IP) of machine that will connect(SSH) to HFE using public IP.(tick)

    HFE ConfigurationSecurityGrpHFETowardsSBCActs as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic between HFE and SBC.
    (tick)
    SBC ConfigurationSubnetIdHA0Subnet ID of an existing subnet in your Virtual Private Cloud (VPC) for HA0.(tick)

    SBC ConfigurationSubnetIdMgt0Subnet ID of an existing subnet in your Virtual Private Cloud (VPC) for Mgt0.(tick)

    SBC ConfigurationSubnetIdPkt1SubnetId of an existing subnet in your Virtual Private Cloud (VPC) for Pkt1.(tick)

    SBC ConfigurationSystemName

    This specifies the actual system name of the SBC instance. For more information, refer to System and Instance Naming in SBC SWe N:1 and Cloud-Based Systems.

    System Requirements:

    • Must start with an alphabetic character.
    • Only contain alphabetic characters and/or numbers. No special characters.
    • Cannot exceed 26 characters in length.
    (tick)

    SBC ConfigurationVolumeSizeEnter the size of disk required in GB. The minimum size is 65 GIB. However, more can be chosen.(tick)
    (tick) 
    SBC ConfigurationTenancyThe Tenancy Attribute for this instance.(tick)

    SBC ConfigurationVolumeTypeSelect the type of volume for SBC. Ribbon recommends that the SBC use io1 type.(tick)

    SBC and HFE Common DataVpcIdSelect a VPC with Subnet, Security Group, etc., selected earlier.(tick)

    Third Party Applications ProvisioningThirdPartyCPUsEnter number of CPUs to be reserved for use with third-party apps.
    Note: Default is 0.
    (tick)
    (tick) 
    Third Party Applications ProvisioningThirdPartyMemEnter number of MB of memory to be reserved for use with third-party apps. Note: Default is 0.(tick)
    (tick) 

  10. Click Next.
    The Options page displays.
  11. Optionally you can choose to Tag your deployment with a Key-value pair, IAM Role Permissions, Rollback Triggers or other advanced Options.


  12. Click Next.
    The Review page displays.
  13. Review the stack details and click Create
    The CloudFormation Stacks page is displayed.
  14. On successful stack creation, the stack then lists.


Warning

Do not update or modify the stack after creation.

Do not change or remove resources after instance creation. For example, removing or attaching EIP, or changing the user data.


Verify the Instance Creation

Perform the following steps to view the SBC SWe instances created:

  1. Click the Services drop-down list.
    The Services list is displayed.

  2. From the left pane click EC2.

    The EC2 Dashboard page is displayed.
     

  3. From the left pane under Instances click Instances.


    The instances table lists the new instance.

    Caution

    If you delete an instance from CFN, be aware that AWS does not delete volume(s) automatically. You must also delete it from the AWS UI if you do not want volumes of deleted instances (standalone, HA or HFE-based SBC installation).