Instantiating an HFE and HA SBC SWe Instance with Subnet Creation from CFN

A High-Availability Front-End (HFE) node is no longer required in an AWS HA setup, as the switchover time of the Public IP addresses is reduced to less than 5 seconds. When the HFE node is removed, the setup cost is reduced as the additional HFE node and the resources associated with the HFE node are no longer required for the AWS HA setup to work correctly.

The page Remove the HFE from an AWS HA Setup describes the procedure to remove the HFE node from an AWS HA setup with HFE.

 In this procedure, the private subnet for HFE is created automatically.

Prerequisites for AWS CFN Install of HFE and SBC HA Instance with Automated HFE Private Subnet Creation

Prior to initiating a CFN-based install of an HA SBC instance with HFE perform the following:

1. Download the CFN supporting HFE and the HFE configuration script (HFE.sh) to your desktop.
2. Create a VPC for use in the deployment. Refer to Create a VPC for the SBC SWe.
3. Create Internet Gateway for use in the deployment. Refer to Create an Internet Gateway for SBC SWe.
4. Create Key Pairs for Linux shell access and Administrator access. Refer to Create Key Pairs for the SBC SWe.
5. Create Subnets for use in the deployment - HFE Public, SBC Management, SBC HA0, SBC PKT0, SBC PKT1. Refer to Create Subnets for the SBC SWe.
6. Ensure space in VPC exists and determine subnet CIDR to use to create a new HFE Subnet (which is done by this CFN).
7. Create Security Groups for use in the deployment. Refer to Create Security Groups for SBC SWe.
8. Update or create Route tables for the newly created subnets. Refer to Create Route Tables for SBC SWe.
9. Create a placement group for the SBC deployment. Refer to Create Placement Groups.
10. Create a Policy and Role for the SBC instance. Refer to Create an Identity and Access Management (IAM) Role for SBC SWe.
11. Create and Upload the HFE.sh script to S3 bucket. Refer to Upload HFE.sh script to S3.
12. Create a Policy and Role for the HFE instance. Refer to Create an Identity and Access Management (IAM) Role for HFE.
13. Locate the AMI ID in your region for an Amazon Linux 2 image. Refer to Locate Amazon Linux 2 AMI ID for use in HFE Deployments.

Instantiate an HFE and HA SBC Instance

To instantiate a standalone instance:

1. Log onto AWS.

2. Click the Services drop-down list.
   The Services list is displayed.

3. Click CloudFormation from Management Tools section.
    

4. Click Create Stack. The Select Template page displays.

5. In the Choose a template section, select Upload a template to Amazon S3.
6. Click Choose File to navigate through the folders and select the template.
   
   
   
   
   
   

7. Click Next.
   The Create A New Stack page displays.

   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   

   Note

   If you desire to use pre-allocated EIPs for management, ensure you to set EIPAssociationForMgt to "No" at the field prompt.

   After the deployment has completed, you must manually associate the pre-allocated EIP to Mgmt (Eth0) Primary and secondary IPs.

   
   
   
   

   Note

   Ribbon recommends using an EMS/RAMP Private IP in the CFN template for EMS registration. If a public IP is used for EMS/RAMP registration using the SBC CFN template, then you must add the EMS/RAMP public IP to the SBC security group rules for communication.

8. In the Stack name field enter a unique name for this SBC stack. A stack is a collection of AWS resources you create and delete as a single unit.

9. Enter the required values for the Parameter fields. The following table describes the create stack parameters:

   Note

   Third party CPU setting of more than two vCPU is not supported with p3.2xlarge instances due to the vCPU requirement of the Standard_GPU_Profile.

   
   

   Create Stack Parameters

   Parameter Section	Field	Description	Mandatory	Can Leave Blank	Customizable by User
   HFE Configuration	HFEAMIID	Amazon Machine Image (AMI) of HFE Node. This is to be the latest AWS Linux 2 x86 AMI ID in your region: ami-xxxxxxxx
   HFE Configuration	HFEInstanceType	The HFE instance type. This must be a valid EC2 instance type. Allowed values: m5.xlarge (default) m5.2xlarge c5.2xlarge c5.4xlarge c5.9xlarge c5n.2xlarge c5n.4xlarge c5n.9xlarge
   HFE Configuration	HFEScriptS3Location	Location of the HFE.sh script on a local S3. Enter the name of the bucket and file preceded by s3:// , for example, s3://hafrontend/HFE.sh
   HFE Configuration	IAMRoleHFE	The name of the IAM role for HFe instance. For more information on IAM Role, refer to Create an Identity and Access Management (IAM) Role for HFE.
   HFE Configuration	privateSubnetCIDR	Enter a CIDR for private subnet for the SBC, this new subnet will be served by HFE instance. The CIDR is available in your VPC. Recommended value is /28.
   HFE Configuration	privateSubnetAZ	Enter Availability Zone for private subnet for the SBC, this new subnet will be served by HFE instance. Select an Availability zone which has other subnets for the SBC – mgt, HA and Pkt1 ports. Enter the AZ that you are using to create the SBC.
   HFE Configuration	remoteSSHMachinePublicIP	Optionally the HFE management interface can be accessed from a public server. Enter IP(public IP) of machine that will connect(SSH) to HFE using public IP. For more information, refer to Handling Multiple Remote SSH IPs to Connect to HFE Node.
   HFE Configuration	SecurityGrpHFEPublic	Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic to HFE.
   HFE Configuration	SecurityGrpHFETowardsSBC	Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic between HFE and SBC.
   HFE Configuration	SubnetIdHFePublic	SubnetId of an existing subnet in your Virtual Private Cloud (VPC) for the Public Interface on HFE.
   HFE Configuration	SubnetIdHFETowardsSBC	SubnetId of an existing subnet in your Virtual Private Cloud (VPC) for the private interface on HFE (towards the SBC).
   SBC Configuration	ActiveInstanceName	This specifies the actual CE name of the SBC active instance. For more information, refer to System and Instance Naming in SBC SWe N:1 and Cloud-Based Systems. CEName Requirements: Must start with an alphabetic character. Only contain alphabetic characters and/or numbers. No special characters. Cannot exceed 64 characters in length
   SBC Configuration	AMIID	Amazon Machine Image (AMI) for SBC node. The AMI is an encrypted machine image which is like a template of a computer's root drive. For example, ami-xxxxxxxx.
   SBC Configuration	IAMRole	The name of the IAM role for SBC SWe instance. For more information on IAM Role, refer to Create an Identity and Access Management (IAM) Role for HFE.
   SBC Configuration	IOPS	Enter IOPS reservation for io 1 type EBS volume
   SBC Configuration	PlacementId	A placement group ID of logical group of instances within a single Availability Zone. This is an optional field and can be blank.
   SBC Configuration	SBCPersonality	The type of SBC for this deployment, either isbc or slb
   SBC Configuration	SecurityGrpHa0	Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic for HA0.
   SBC Configuration	SecurityGrpMgt0	Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic for MGT0.
   SBC Configuration	SecurityGrpPkt1	Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic for PKT1.
   SBC Configuration	StandbyInstanceName	This specifies the actual CE name of the SBC standby instance. For more information, refer to System and Instance Naming in SBC SWe N:1 and Cloud-Based Systems. CEName Requirements: Must start with an alphabetic character. Only contain alphabetic characters and/or numbers. No special characters. Cannot exceed 64 characters in length
   SBC Configuration	SubnetIdHA0	Subnet ID of an existing subnet in your Virtual Private Cloud (VPC) for HA0.
   SBC Configuration	SubnetIdMgt0	Subnet ID of an existing subnet in your Virtual Private Cloud (VPC) for Mgt0.
   SBC Configuration	SubnetIdPkt1	SubnetId of an existing subnet in your Virtual Private Cloud (VPC) for Pkt1.
   SBC Configuration	SystemName	This specifies the actual system name of the SBC instance. For more information, refer to System and Instance Naming in SBC SWe N:1 and Cloud-Based Systems. System Requirements: Must start with an alphabetic character. Only contain alphabetic characters and/or numbers. No special characters. Cannot exceed 26 characters in length.
   SBC Configuration	Tenancy	The Tenancy Attribute for this instance.
   SBC Configuration	VolumeSize	Enter the size of disk required in GB. The minimum size is 65 GIB. However, more can be chosen.
   SBC Configuration	VolumeType	Select the type of volume for SBC. Ribbon recommends that the SBC use io1 type.
   SBC and HFE Common Data	AdminSshKey	Existing EC2 KeyPair name to enable SSH access to admin CLI on SBC instance.
   SBC and HFE Common Data	EipAssociationForMgt	Select Yes from the drop-down to associate EIP for MGT0 interface to login and access SBC application from public networks. Select No if not using EIP for management interfaces.
   SBC and HFE Common Data	InstanceType	The type of instance created from stack. Note: Ribbon recommends m5.xlarge or higher instance type if this instance type is available in your zone. Use c5.2xlarge instance type or higher to handle more calls with transcoding.
   SBC and HFE Common Data	LinuxAdminSshKey	Existing EC2 KeyPair name to enable SSH access to the Linux shell on SBC instance.
   SBC and HFE Common Data	SortHfeEip	Select Yes from the drop-down to enable sorting based on HFE EIP.
   SBC and HFE Common Data	VpcId	Select a VPC with Subnet, Security Group, etc., selected earlier.
   IP Configuration on SBC Pkt0, Pkt1 and HFE Public port	NumberOfAlternateIPOnPkt0	The alternate IP address for packet port 0. Note: Default is 1. If you are using more than one IP for alternate IPs, use comma separated IPs list.
   IP Configuration on SBC Pkt0, Pkt1, and HFE Public port	NumberOfAlternateIPOnPkt1	The alternate IP address for packet port 1. Note: Default is 1. If you are using more than one IP for alternate IPs, use comma separated IPs list.
   IP Configuration on SBC Pkt0, Pkt1, and HFE Public port	NumberOfEIPOnHFEPublic	Enter the number of EIP(s), which are required to configure the HFE public port. It must be [<= NumberOfAlternateIPOnPkt0] of the SBC. This helps the user to use the maximum [NumberOfAlternateIPOnPkt0] for the public calls. For example, if the NumberOfAlternateIPOnPkt0 = 3 and the NumberOfEIPOnHFEPublic = 5, the HFE configures only 3 IPs for the public calls and the rest 2 IPs are unused. Note: Default is 1.
   IP Configuration on SBC Pkt0, Pkt1, and HFE Public port	AllocateEIPOnHFEPublicInterface	Set True to allocate EIPs from Amazon's pool of public IPv4 addresses on HFE public interface or set False to use pre-allocated/reserved EIPs. Note: Default is True.
   IP Configuration on SBC Pkt0, Pkt1, and HFE Public port	EIPAllocationIdList	If [AllocateEIPOnHFEPublicInterface] is set to False then enter comma separated pre-allocated/reserved EIPs allocation IDs and ensure the number of EIP allocation IDs are equal to the [NumberOfEIPOnHFEPublic] value. For example,a list of EIPs allocation IDs could be: eipalloc-0f2e0f651bbf494fe,eipalloc-0a9ab9d240705c149,eipalloc-04e59f946b14980b8
   System Configuration	EnableCloudWatchMetrics	Enable this for capturing instance metrics at cloudwatch. Note: Default is false.	Yes, when CloudWatch features are using Interval Stats
   System Configuration	UseAnonymizationFeature	Enable this for Anonymization. Note: Default is false.	Yes, when CloudWatch features are using ACT, TRC
   Third Party Applications Provisioning	ThirdPartyCPUs	Enter number of CPUs to be reserved for use with third-party apps. Note: Default is 0.	Yes, when using CloudWatch features
   Third Party Applications Provisioning	ThirdPartyMem	Enter number of MB of memory to be reserved for use with third-party apps. Note: Default is 0.	Yes, when using CloudWatch features

10. Click Next.
    The Options page displays.

11. Optionally you can choose to Tag your deployment with a Key-value pair, IAM Role Permissions, Rollback Triggers or other advanced Options.
    
    
    
    

12. Click Next.
    The Review page displays.
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
13. Review the stack details and click Create
    The CloudFormation Stacks page is displayed.
    
14. On successful stack creation, the stack then lists.
    

Verify the Instance Creation

Perform the following steps to view the SBC SWe instances created:

1. Click the Services drop-down list.
   The Services list is displayed.

2. From the left pane click EC2.

   

   The EC2 Dashboard page is displayed.
    

3. From the left pane under Instances click Instances.

   
   The instances table lists the new instance.

   Caution

   If you delete an instance from CFN, be aware that AWS does not delete volume(s) automatically. You must also delete it from the AWS UI if you do not want volumes of deleted instances (standalone, HA or HFE-based SBC installation).