Modified: for 12.1.3



This feature introduces the Packet Front-End (PFE) to the SBC CNe. The PFE pod is a CNF element responsible for front-ending external signaling and media traffic and then forwarding the packets to the back-end CNF elements (SC or SLB pods) based on the port allocated to the backend elements by the Network service. The PFE exposes signaling/media IPs for external communication. The PFE is required only when the customer wants a single (or group of) external IP(s) to serve for both signaling and media traffic based on the port-ranges. (For example, a port range of 5060-5070 for signaling and port range of 6000-64000 for media traffic). In other words, the PFE is optional when the customer has different IPs reserved for both signaling and media traffic.

Through GRE encapsulation, the PFE can conditionally steer external signaling and media traffic to the back-end pods (SLB/SC). Each back-end pod installs individual rules on the PFE to have a section of external traffic steered towards itself. The steering rules are determined by the destination IP, VLAN, protocol, and the tcp/udp port range. This enables the SBC CNe cluster to advertise a single IP address towards an endpoint for both media and signaling. 

The PFE also supports traffic in the opposite direction, decapsulating GRE traffic received from the back-end pods and transmitting the traffic to the appropriate external endpoints based on installed routes.

In summary, the PFE performs the following functionality:

  • Encapsulation/de-capsulation
  • IP fragmentation/reassembly
  • L2/L3 packet handling
  • Packet forwarding to appropriate the SC/SLB instances
  • Packet forwarding to external network

When configuring multiple active PFE pods, please note the following:

  • A single PFE pod can join multiple network segments. Users can link various network segments to a single PFE ID.
  • However, multiple active PFE pods cannot use the same network segment. Similarly, a single network segment cannot join multiple active PFE pods. You must assign each active PFE pod (identified by its PFE ID) to a unique set of network segments.
  • Each active PFE pod needs to have a unique SegmentType/Interface/VLAN.
  • Network segment configuration will return a corresponding error message when the above criteria are unmet.
Note

Call failures, unintended switchovers, and pod evictions (in some cases due to the pod toleration specifications) can occur as a result of an extended outage of more than ten seconds on the eth0 network.

Note

SBC CNe pods support an option to integrate with central secret storage, such as Hashicorp Vault, instead of injecting secrets through the helm charts. Previously, the SBC allowed RAMP to inject secrets through the Helm Charts.


For more information, refer to Network Segment Table - CLI.

Refer to SBC Cloud-Native edition - SBC CNe for the SBC cloud-native architecture overview and deployment model.