The AWS provides High Availability through the use of Elastic IP (EIP). With EIP, when a switchover from an active SBC instance to a standby instance is required, the IP address for the active server moves to the standby instance through a REST API call, which can result in a 15-20 second switchover time. While this solution may be acceptable for the majority of web-based applications, it does not meet the requirements needed for SBCs for real-time communications.
To accomplish switchover times closer to 2 seconds, an HA Front-End (HFE) was added to the AWS architecture solution to host the Elastic IP.
In this procedure, the private subnet for HFE is created automatically.
Note
The SBC SWe does not support IPsec in AWS.
The High-Availability Front End (HFE) front-ends only one pkt port (pkt0), public endpoints can be connected only to pkt0. Pkt1 can serve private endpoints.
Note
The HFE is configured using a script named "HFE.sh". This script is available in addition to example CloudFormation templates which support the deployment of an HA SBC with HFE.
Both files are required to deploy an SBC with High-Availability Front-End.
Note
If you delete an instance from the CFN, be aware that AWS does not delete volume(s) automatically. You must also delete them from the AWS UI if you do not want volumes of deleted instances (standalone, HA or HFE-based SBC installation).
Prerequisites for AWS CFN Install of HFE and SBC HA Instance with Automated HFE Private Subnet Creation
Prior to initiating a CFN-based install of an HA SBC instance with HFE perform the following:
Download the CFN supporting HFE and the HFE configuration script (HFE.sh) to your desktop.
Enter a CIDR for private subnet for the SBC, this new subnet will be served by HFE instance. The CIDR is available in your VPC. Recommended value is /28.
HFE Configuration
privateSubnetAZ
Enter Availability Zone for private subnet for the SBC, this new subnet will be served by HFE instance. Select an Availability zone which has other subnets for the SBC – mgt, HA and Pkt1 ports. Enter the AZ that you are using to create the SBC.
HFE Configuration
remoteSSHMachinePublicIP
Optionally, you can access the HFE management interface from a public server.
Enter IP(public IP) of machine that will connect(SSH) to HFE using public IP.
HFE Configuration
SecurityGrpHFEPublic
Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic to HFE
HFE Configuration
SecurityGrpHFETowardsSBC
Acts as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic between HFE and SBC
HFE Configuration
SubnetIdHFePublic
SubnetId of an existing subnet in your Virtual Private Cloud (VPC) for the Public Interface on HFE
HFE Configuration
SubnetIdHFETowardsSBC
SubnetId of an existing subnet in your Virtual Private Cloud (VPC) for the private interface on HFE (towards the SBC)
Only contain alphabetic characters and/or numbers. No special characters
Cannot exceed 64 characters in length
SBC Configuration
AMIID
Amazon Machine Image (AMI) for SBC node. The AMI is an encrypted machine image which is like a template of a computer's root drive. For example, ami-xxxxxxxx.
Only contain alphabetic characters and/or numbers. No special characters.
Cannot exceed 26 characters in length.
SBC Configuration
Tenancy
The Tenancy Attribute for this instance.
SBC Configuration
VolumeSize
Enter the size of disk required in GB. The minimum size is 65 GIB. However, more can be chosen.
SBC Configuration
VolumeType
Select the type of volume for SBC. Ribbon recommends that the SBC use io1 type.
SBC and HFE Common Data
AdminSshKey
Existing EC2 KeyPair name to enable SSH access to admin CLI on SBC instance.
SBC and HFE Common Data
EipAssociationForMgt
Select Yes from the drop-down to associate EIP for MGT0 interface to login and access SBC application from public networks. Select No if not using EIP for management interfaces.
SBC and HFE Common Data
InstanceType
The type of instance created from stack.
Note: Ribbon recommends m5.xlarge or higher instance type if this instance type is available in your zone. Use c5.2xlarge instance type or higher to handle more calls with transcoding.
SBC and HFE Common Data
LinuxAdminSshKey
Existing EC2 KeyPair name to enable SSH access to the Linux shell on SBC instance.
SBC and HFE Common Data
SortHfeEip
Select Yes from the drop-down to enable sorting based on HFE EIP.
SBC and HFE Common Data
VpcId
Select a VPC with Subnet, Security Group, etc., selected earlier.
IP Configuration on SBC Pkt0, Pkt1 and HFE Public port
NumberOfAlternateIPOnPkt0
The alternate IP address for packet port 0.
Note: Default is 1. If you are using more than one IP for alternate IPs, use comma separated IPs list.
IP Configuration on SBC Pkt0, Pkt1, and HFE Public port
NumberOfAlternateIPOnPkt1
The alternate IP address for packet port 1.
Note: Default is 1. If you are using more than one IP for alternate IPs, use comma separated IPs list.
IP Configuration on SBC Pkt0, Pkt1, and HFE Public port
Enter the number of EIP(s), which are required to configure the HFE public port.
It must be [<= NumberOfAlternateIPOnPkt0] of the SBC. This helps the user to use the maximum [NumberOfAlternateIPOnPkt0] for the public calls.
For example, if the NumberOfAlternateIPOnPkt0 = 3 and the NumberOfEIPOnHFEPublic = 5, the HFE configures only 3 IPs for the public calls and the rest 2 IPs are unused.
Note: Default is 1.
IP Configuration on SBC Pkt0, Pkt1, and HFE Public port
Set True to allocate EIPs from Amazon's pool of public IPv4 addresses on HFE public interface or set False to use pre-allocated/reserved EIPs.
Note: Default is True.
IP Configuration on SBC Pkt0, Pkt1, and HFE Public port
If [AllocateEIPOnHFEPublicInterface] is set to False then enter comma separated pre-allocated/reserved EIPs allocation IDs and ensure the number of EIP allocation IDs are equal to the [NumberOfEIPOnHFEPublic] value.
For example,a list of EIPs allocation IDs could be:
Enable this for capturing instance metrics at cloudwatch.
Note: Default is false.
Yes, when CloudWatch features are using Interval Stats
System Configuration
UseAnonymizationFeature
Enable this for Anonymization.
Note: Default is false.
Yes, when CloudWatch features are using ACT, TRC
Third Party Applications Provisioning
ThirdPartyCPUs
Enter number of CPUs to be reserved for use with third-party apps. Note: Default is 0.
Yes, when using CloudWatch features
Third Party Applications Provisioning
ThirdPartyMem
Enter number of MB of memory to be reserved for use with third-party apps.
Note: Default is 0.
Yes, when using CloudWatch features
Click Next. The Options page displays.
Optionally you can choose to Tag your deployment with a Key-value pair, IAM Role Permissions, Rollback Triggers or other advanced Options.
Click Next. The Review page displays.
Review the stack details and click Create The CloudFormation Stacks page is displayed.
On successful stack creation, the stack then lists.
Warning
Do not update or modify the stack after creation.
Do not change or remove resources after instance creation. For example, removing or attaching EIP, or changing the user data.
Verify the Instance Creation
Perform the following steps to view the SBC SWe instances created:
Click the Services drop-down list. The Services list is displayed.
From the left pane click EC2.
The EC2 Dashboard page is displayed.
From the left pane under Instances click Instances.
The instances table lists the new instance.
Caution
If you delete an instance from CFN, be aware that AWS does not delete volume(s) automatically. You must also delete it from the AWS UI if you do not want volumes of deleted instances (standalone, HA or HFE-based SBC installation).