ETSI-NFV provides a framework for provisioning and maintenance of VNFs in the Management and Network Orchestration in ETSI GS NFV-MAN 001 V1.1.1 (2014-12) (http://www.etsi.org/deliver/etsi_gs/NFV-MAN/001_099/001/01.01.01_60/gs_nfv-man001v010101p.pdf). We will discuss the orchestration aspects in general and as it pertains to vEPC in this section.

A note about VNFMs. There are two types of VNFMs - Generic VNFM (GVNFM) and Specialized VNFM (SVNFM) . The SVNFMs are tightly coupled with the VNFs that they manage. Lifecycle management of vEPC is a very complex task. Altough GVNFMs may be able to perform most of the tasks required in vEPC in theory, in practice, there would have to be a lot of customization to make the GVNFM knowledgeable about the vEPC VNF . KPI monitoring, element management, failover, load-balancing, elasticity and application healing aspects require a deep and real-time knowledge of the application state. As a result complex VNFs such as vEPC tend to have their own VNFM provided by the VNF vendor.

In vEPC deployments, the NFV-O acts as the top-level orchestration layer that interfaces with northbound entities such as the service catalog, customer portal and service assurance. Customers in the vEPC context are not end users of mobile/smartphones typically. They may be enterprise customers ordering over-the-top enterprise VPN service from the mobile operator or ordering an instance to house additional M2M (Machine to Machine) instances. Typically, this order will result in one of the following:

Regardless of which case, when a customer orders a service that results in modifications to the vEPC (existing or new), mobile operators prefer it goes through a manual approval process where a human checks to make sure the order is valid. Once customer service/onboarding team approves the order, the NFV-O gets messaging with service attributes. The NFV-O will take the following action(s):

Figure 30 shows a flow diagram with details of VNF instantiation as recommended by ETSI. It should be noted that vEPC VNFs may be accompanied by Element Managers (EMs) that assist in managing the VNF from an application standpoint.

Figure 30: VNF Instantiation flow as per ETSI

The VNFM typically is responsible for Day0 configuration. It will start the VM using the ssh-keys assigned for it, configure Eth0 if required for management/SSH access. All higher level configuration such as protocols (BGP, Firewall rules etc.) will be done through configuration automation tool such as Ansible.

For internal communication between the control modules and service modules, vEPC application may have reserved internal IP address ranges. These are typically RFC-1918 non-routable IP subnets. The application may choose not to use the DHCP services offered by OpenStack L3 agent.

If the platform uses provider networks for their tenant connectivity and compute hosts don’t have access to the dhcp-agent running on the controller using the provider networks, special provisions need to be made to enable DHCP services for the guests, or the guests need to use pre-provisioned static IP addresses. One of the ways to accomplish this is to use config-drive to pass networking information to the guests. Images used to instantiate the VMs need to contain a cloud-init package capable of mounting the config-drive or a special script can be created to mount the drive, depending on the guest OS.

While mobile VNF vendors tend to support both OpenStack as well as VMWare, the focus of this document will be around Red Hat OpenStack Platform as a VIM. vEPC VNFMs may use some middleware to abstract the VIM API requests (for e.g. OpenStack API).