Physical Layers

The vCloud NFV platform interacts with the physical transports both at the core and ISP routing planes for North-South connectivity. The NSX-T Tier-0 Edge Node routers are used as this perimeter edge. The edge is used to multipath Gm and RTP traffic from upstream core switching and routing fabric to the downstream tenant-specific NSX-T Tier-0 Edge Node clusters.

Local network-to-network interface (NNI) at the data center site is established by interfacing with the ISP block of routers. In the above diagram, both the SIP signaling and RTP media streams would traverse over the mobile packet core bearer SGi interfaces (not shown in the diagram).

Load distribution and scale is managed through ECMP at the perimeter. Traffic from the perimeter edges is routed to each tenant's NSX Tier-0 edge cluster. Dynamic routing using eBGP and failure detection using BFD capabilities reside on the Tier-0 edge nodes and is available on the uplink only. Stateful services such as NAT, firewall , and load balancer can be run as well on the Tenant Tier-0 Edge Nodes, however this requires an active-standby configuration.

Virtual Layers

The virtual design of the EPC service requires a separation of resources across the control and data planes. The deployment design strategy could assume a distributed CUPS cloud topology whereby the data plane functions would be deployed closer to the UE (for example a telco far edge site) and a centralized control plane hosted at the core data center. However, for simplicity this design assumes a single cloud data center. The overlay network segments are setup for east-west traffic and connected to the respective Tenant NSX T0 Edge node clusters for Gm and RTP interfaces.

This transformation scenario uses a multitenant tenant design with tenant dedicated PvDC setup for the following data and control plane class of workloads.

• Data Plane. The data plane functions of the P-CSCF (media) are deployed in a dedicated cluster of resource, which maximizes availability and performance. The resource reservations are maximized to ensure availability (CPU and Memory). The workloads are also backed by and NSX-T Enhanced switch for packet processing acceleration using CPU pinning and NUMA vertical alignment. The external network connectivity for the cluster is VLAN backed for higher through-put.

• Control Plane. The control plane functions such as the P/I/S-CSCF, TAS, M/BGCF, HSS and ENUM are deployed in a dedicated cluster with less stringent performance characteristics. Resource reservations can have more elasticity to allow for more cluster headroom and on-demand scale up and scale out optimizations. The control plane functions are deployed on a N-VDS Standard non-accelerated switch. A local instance of the HSS and ENUM is shown; acting as a fast-access cache of subscriber and subscription information stored in the global HSS - the control plane function.

Using multiple MVNOs as an example, each would be a tenant with their own instance of IMS workloads. A dedicated set of PVDCs are created for each tenant to guarantee network and resource isolation, SLA agreements, and scale.

Service Layers

The virtual IMS service for mobile broadband internet access is delivered over a set of core 3GPP-defined components and interfaces. The VNFs are distributed across the virtual resource isolation boundaries defined with segmented networking for east-west and north-south communications.

Security profiles using micro-segmentation are defined and deployed at the east-west plane of the VNFs. This ensures that inter-component communications are secured in this reference-point architecture and minimizes the risk from any rogue messaging floods.

With an analytics-enabled design the service components can be monitored for health, capacity, and proactively optimized to ensure acceptable SLAs.