The following SBC SWe in GCP deployment models are supported:


Public Cloud Deployment Models

HFE Node Network Setup

The High-Availability Front End (HFE) node is a public-facing node that allows sub-second switchover between Active and Standby SBC instances of an HA pair, as it negates the need for any IP reassignment.

GCP requires each interface of a instance in a separate Virtual Private Network (VPC). Create a minimum of six VPCs for a full HFE set up (assuming all management interfaces for the SBC and the HFE node are in the same VPC).

HFE 2.0 Network Setup

HFE 2.0 is an environment that uses a single HFE node with 5 interfaces. All trusted and untrusted traffic use the same node. Each interface's function is described in the following table:

Interfaces for HFE 2.0 Configuration

Standard/Ubuntu Interface Name

NIC

Function

Requires External IP?
eth0 / ens4nic0Public Interface for SBC PKT0Yes
eth1 / ens5nic1Private interface in for SBC PKT1; only instances in the same subnet can connect.No
eth2 / ens6nic2Management interface to HFE.Optional
eth3 / ens7nic3Interface to SBC PKT0; ensure it is in the same VPC and the subnet as SBC pkt0.No
eth4 / ens8nic4Interface to SBC PKT1; ensure it is in the same VPC and the subnet as SBC pkt1.No

Note

To use a HFE 2.0 environment, the startup-script for the SBCs requires the field HfeInstanceName. For more information, refer to the table in the section "User Data" on the page Instantiating SBC SWe in GCP.

HFE 2.1 Network Setup

HFE 2.1 has two HFE nodes, each responsible for a different type of traffic:

  • Untrusted public traffic to the SBC (for PKT0). In this document, such a HFE node is referred to as "PKT0 HFE node".
  • Trusted traffic from the SBC to other trusted networks (from PKT1). In this document, such a HFE node is referred to as the "PKT1 HFE node".

Both HFE nodes require three interfaces, as follows:

Interfaces for HFE 2.1 Configuration

Standard/Ubuntu Interface Name

NIC

PKT0 HFE node Function

PKT1 HFE node FunctionRequires External IP?
eth0 / ens4nic0Public Interface for SBC PKT0Private interface in for SBC PKT1; only instances in the same subnet can connect.Yes (only on PKT0 HFE node)
eth1 / ens5nic1Management interface to HFE.Management interface to HFE.Optional
eth2 / ens6nic2Interface to SBC PKT0; ensure that the interface is in the same VPC and subnet as SBC pkt0.Interface to SBC PKT1; ensure that the interface is in the same VPC and subnet as SBC pkt1.No

Note

To use a HFE 2.1 environment, the startup-script for the SBCs requires the fields Pkt0HfeInstanceName and Pkt1HfeInstanceName. For more information, refer to the table in the section "User Data" on the page Instantiating SBC SWe in GCP.

  • No labels