5G Cloud Nokia HEP3 Support (Non-SBI)

Nokia HEP3 method is supported by Nokia for network functions across 3G, 4G, 5G and the IMS core. HEP3 efficiently organizes and encodes data for various network protocols and enhances the functionality of Nokia's core network solutions by accommodating diverse packet requirements.

The 5G-Cloud application supports processing the Nokia HEP3 format from the non-SBI network functions – IMS network functions and 3G, 4G network functions. Traffic (clear text or secured with mTLS) is received as a TCP stream with HEP3 encoding by the 5G Cloud application. The 5G-Cloud application receives encapsulated traffic from the IMS  vTAP in HEP3 over TCP, using either clear text or mTLS. Non-SBI control traffic is decoded from HEP3 (Homer Encapsulation Protocol Version 3), emphasizing data handling without IP translation.

How Nokia HEP3 Solution works

The following image shows the ingress and egress data flow through the V Series Node for Nokia HEP3 solution.

The traffic (clear text or secured with mTLS) from the client vTAP systems is transported over TCP. The 5G-Cloud application processes and manages the incoming TCP traffic and terminates the TCP connection. The application then processes the TCP payload and synthesizes the data.

GigaVUE-FM serves as the centralized management platform orchestrating the visibility fabric, which includes the 5G-Cloud V Series Node. The V Series Nodes inspect, aggregate, and process the incoming traffic. After processing, traffic is encapsulated using L2GRE or VXLAN tunneling protocols and forwarded to either physical or virtual probes as follows:

■

Physical Probe: If IP connectivity is not available, the traffic is sent to a GigaVUE HC/GigaVUE TA Series device, which serves as a traffic aggregator and distributor. The device decapsulates and distributes the traffic to the probe.

■

Virtual Probe: If IP connectivity is available, the processed traffic is forwarded directly to the virtual probe for detailed traffic inspection and analytics.

This end-to-end solution ensures comprehensive visibility into 5G network traffic, facilitating efficient monitoring and performance analysis across both physical and cloud-based infrastructures.

Configuration of 5G-Cloud Nokia HEP3

In GigaVUE-FM, you must do the following to add the 5G-Cloud application in the Monitoring Session of a Monitoring Domain:

S.No	Steps	Refer to
1	Create an ingress REP to receive the data over TCP	Create Raw Endpoint (VMware vCenter) Create Raw Endpoint (OpenStack) Create Raw Endpoint (Third Party Orchestration)
2	Add the 5G-Cloud application in the Monitoring Session	5G-Cloud Application
3	Create a link between the ingress REP and the 5G-Cloud application	NA
4	Create egress REP	Create Raw Endpoint (VMware vCenter) Create Raw Endpoint (OpenStack) Create Raw Endpoint (Third Party Orchestration)
5	Create a link between the 5G-Cloud application and the egress REP	NA

Configure Nokia HEP3 in 5G-Cloud Application

Pre-requisite:

• You must upload CSV files containing a valid FQDN and a valid IPv4/IPv6 address. Refer to Add CSV file for IP Mapping.

You can add a 5G-Cloud application to:

■

New Monitoring Session - Add the 5G-Cloud application after creating a new Monitoring Session and when the GigaVUE-FM canvas appears. Refer to Create a Monitoring Session section in the respective GigaVUE Cloud Suite Deployment Guide.

■

Existing session - Select any existing Monitoring Session and go to TRAFFIC PROCESSING tab. The GigaVUE-FM canvas appears.

To add a 5G-Cloud application:

1.

In the canvas, drag and drop the 5G-Cloud application and select Details. The 5G-Cloud quick view appears.

2.

On the application quick view, enter or select the required information as described in the Reference - Configuration Table .

Note:  It is recommended to maintain a 60-90 second delay when undeploying and deploying a Monitoring Session in GigaVUE-FM.

Reference - Configuration Table

Field	Description
Application	The name 5g-Cloud appears by default.
Alias	Enter the required alias name. (for example: NokiaHep3)
Vendor Integrations	From the drop-down list, select Nokia IMS.
SBI Operational Mode	The Operational Mode is grayed out when you select Nokia CMM or Nokia IMS.
Ingress Tunnel
Type	Specify the tunnel type. The default is TCP.
Listening IP	Specify the tunnel's local listen IP address to receive packets.
Listening Port	Specify the tunnel's local listening port to bind for receiving packets. The application listens to the traffic on the specified port. Enter a value between 1 and 65535.
Source Port	Specify the tunnel destination port to send packets. Enter a value between 1 and 65535.
Egress Tunnel
Type	Specify the tunnel type. Available tunnel types are: ● VXLAN ● L2GRE
Tool IP	Specify the remote IP address to which you want to send the packets.
Destination Port	Specify the tunnel destination port to send the packets. Enter a value between 1 and 65535.
Source IP	Specify the source IP address to use when sending the packet.
Source Port	Specify the tunnel source port to bind when sending packets. Enter a value between 1 and 65535.
Tool MTU	Specify the tool port MTU: ● For V Series Node version 6.8.00 and above, enter a value between 1400 and 8800. The default value is 8800. ● For V Series Node version below 6.8.00, enter a value between 1500 and 8800. The default value is 8800.
VNI ID (Applicable only when the selected tunnel type is VXLAN)	Specify the ID for VXLAN traffic. Enter a value between 0 and 16777215.
L2GRE Key (Applicable only when the selected tunnel type is L2GRE)	Specify the key for the L2GRE tunnel type. Enter a value between 0 and 4294967295.
Nokia IMS / CMM Configuration
Number of Ingress TCP Connections	Specify the number of concurrent TCP connections VTAP can establish. Enter a value between 128 and 2048. The default value is 1024.
Ingress TCP Timeout	Specify the timeout value for an Ingress TCP connection in seconds. Enter a value between 30 and 3600 seconds. The default is 60 seconds. Note:  If no packets are received within the configured time, the TCP connection will terminate due to a timeout.
Number of Egress TCP Flows	Specify the total number of TCP flows allocated for tracking non-SBI traffic. ● For V Series Node (extra-large form factor, total memory ≥ 32 GB): 1024 – 16000000 ● For V Series Node (large form factor, total memory < 32 GB): 1024 – 16384. ● Default value: 4096.
Egress TCP Flow Timeout	Specify the timeout value for an Egress TCP flow in seconds. Enter a value between 30 and 7200 seconds. The default is 900 seconds. Note:  If no packets are received within the configured time, the TCP flow will terminate due to a timeout.
Number of Receiver Threads	Specify the number of receiver threads for processing incoming packets. Enter a value between 1 and 128. The default value is 8.
Number of Egress SCTP Flows	Specify the total number of SCTP flows allocated to track non-SBI traffic. Enter a value between 128 and 2000000. The default value is 1024.
Egress SCTP Flow Timeout	Specifies the timeout value for an Egress SCTP flow in seconds. Enter a value between 30 and 7200. The default value is 900 seconds. Note:  If no packets are received within the configured time, the SCTP flow will terminate due to a due to timeout.
mTLS Configuration
mTLS	Use the toggle button to enable or disable mTLS encryption and decryption in Monitor Mode.
mTLS key	● If mTLS encryption is enabled, select the mTLS key alias for the SSL certificate from the drop-down list. ● To create a key alias, click Add next to the text box. For further details, refer to Configure SSL Decrypt.
SBI / IMS Mappings Refer to Add CSV file for IP Mapping section for more details.
FQDN Mapping	Use this option to provide mappings between Fully Qualified Domain Names and IP addresses for all Network Functions in the network. ● Select an alias: Choose the alias name associated with the uploaded FQDN table (CSV file) from the drop-down list. ● Add a new alias: If no alias exists, click Add to create one.
Network Function Instance Mapping (Optional)	Use this option to provide mappings between NF Instance IDs and IP addresses for all Network Functions in the network. ● Select an alias: Choose the alias name associated with the uploaded NFID table (CSV file) from the drop-down list. ● Add a new alias: If no alias exists, click Add to create one.
User Agent Mapping (Optional)	Use this option to provide mappings between User Agents and IP addresses for all Network Functions in the network. ● Select an alias: Choose the alias name associated with the uploaded User Agent table (CSV file) from the drop-down list. ● Add a new alias: If no alias exists, click Add to create one.
Service Mapping (Optional)	Use this option to map ephemeral attribute values to standard service attributes and define service-specific actions. ● Select an alias: Choose the alias name associated with the uploaded Service Mapping table (CSV file) from the drop-down list. ● Add a new alias: If no alias exists, click Add to create one. ● None: Select None to clear any previously selected Service Map entry. Refer to Reference - Service Map Field Definitions section for example details.
SBI Advanced Configuration Note:  The below configurations apply only to SBI traffic and will not be used for non-SBI traffic.
TCP Server Ports	Specify the TCP server port or port range to enable TCP communication between endpoints. ● Valid port range: 1-65535. ● Maximum number of ports: 1024. Note:  TCP communication is allowed only on the configured ports.
Number of TCP Flows	Specify the total number of TCP Flows allocated for tracking active TCP Flows. ● Valid range: 128-2048 ● Default value: 1024
Number of Transaction Flows	Specify the total number of Transaction Stream flows allocated for tracking active Transaction. Refer to Recommend Form Factor for VMware vCenter (Instance Types) for more details. Streams: ● Large Form Factor VMs (total memory < 32GB): 128-5500. ● Extra Large Form Factor VMs (total memory ≥ 32GB): 128-26000 ● Default value: 2048
TCP Flow Timeout	Specify the TCP flow timeout value. ● Valid range: 0-7200 ● Default value: 900
SCP Transaction Timeout	Specify the Transaction timeout value. ● Valid range: 1-300 ● Default value: 10
Minimum TCP Client Port	Specify the starting port number for Synthesize Flow. ● Valid range: 1023-65535 ● Default value: 32768
Maximum TCP Client Port	Specify the end port number for the Synthesize Flow. ● Valid range: 1023-65535 ● Default value: 36863
SCP Processing Threads	Specify the number of worker threads for processing In-Out packets. ● Valid range: 1-16 ● Default value: 8
TCP Client Ports per Thread	Specify the number of TCP client ports for each worker thread. ● Valid range: 100-8000 ● Default value: 1000
Header Index	Enable or disable the header indexing. The default option is disabled.
Header Compression Code	Enable or disable the header compression code. The default option is disable.
Gigamon Header	Enable or disable the Gigamon Header. The default option is Enable.
Diagnostic Settings
Log Directory	Specify the path to store the log files.
Application Log Level	Select the severity log level of the events from the following options: ● None ● Fatal ● Error ● Notification ● Information ● Debug
Packet Capture Level	Select the packet capture level from the drop-down list: ● All ● Receive ● Transmit ● None
Packet Capture Timestamp	Select the required timestamp used to save the Egress PCAPs. The available timestamps are: ● Observed Timestamp ● System Timestamp Note:  Timestamp option is disabled if the Packet capture level is set to None.
Message Trace Log Level	Select the 5G-Cloud CSV log level from the drop-down list. ● All ● Flow ● Message ● Transaction ● None (Default Value)

Deploy the Monitoring Session

After adding all the required elements to the canvas, to deploy the session do the following:

1. From the Actions menu, select Deploy.

   After successful deployment on all the V Series Nodes, the status appears as Success on the Monitoring Sessions page.

2. View the Deployment Report

   1. You can view the Monitoring Session Deployment Report in the SOURCES and V SERIES NODES tab.

   2. When you select the Status link, the Deployment Report is displayed.

   3. When the deployment is incorrect, the Status column displays one of the following errors:

      • Success: Not deployed on one or more instances due to V Series Node failure.

      • Failure: Not deployed on all V Series Nodes or Instances.

Download Logs - 5G-Cloud application

You can view the log files of a V Series Node or download them as .CSV or .txt files.

To download the log files to a local environment:

1.

Go to Traffic > VIRTUAL > select your cloud platform.

2.

Select the required Monitoring Session and go to TRAFFIC PROCESSING tab. On the cloud5g application, click the menu button and select Details. Go to LOGGING in the quick view. The Logging page displays the logs currently available.

3.

Select the required Days, Timestamps, File Name, and Type (TextLog and FlowStats) details.

4.

Select the log files to download, and then click Download > Files. The system downloads the selected files to your local environment.

Add CSV file for IP Mapping

To add the CSV file for IP mapping:

1.

Go to Inventory > VIRTUAL > select your cloud platform, and then click Settings > 5G-Apps. The 5G-Apps Configuration page appears.

2.

Click New. Enter the name for the CSV file in the Alias field.

3.

From the Type drop-down list, select one of the following. You can also choose to download the template using the Download Template option and add the required entries.

o

5G-Cloud FQDN - Add the CSV file containing a valid FQDN ID and a valid IPv4/IPv6 address for IP mapping.

Header Details	Example
FQDNID	abc.xyz.com
IngressIP1	1.1.1.1
IngressIP2	2.2.2.2
IngressPort	100
EgressIP	3.3.3.3
NFType	SMF
NFLocation	US
IMSIP	1001:0008:85a2:0000:0000:8f1e:0340:7110
IMSIntfName	100 200
IMSMask	96
IMSType	nef

Notes:

■

The fields fqdnID and ingressIPAddress1 are mandatory. All other fields are optional.

■

The fields imsipaddress, imsinterfacename, imsmask and imstype are applicable only when the Integrated solution Vendor is "Nokia HEP3".

o

5G-Cloud NF Instance - Add the CSV file containing a valid NF instance ID and a valid IPv4/IPv6 address for IP mapping.

Header Details	Example
NFID	amf.local
ingressIPAddress1	1.1.1.1
ingressIPAddress2	2.2.2.2
IngressPort	100
egressIPAddress	3.3.3.3
NFType	AMF
NFLocation	US

Note:   The fields NFID and ingressIP1 are mandatory. All other fields are optional.

o

5G-Cloud UA - Add the CSV file containing a valid user agent ID and a valid IPv4/IPv6 address for IP mapping.

Header Details	Example
useragentid	nef.nb.5gc.mc005.mcc580.yournetwork
ingressIPAddress	1.1.1.1
NFType	AMF
NFLocation	US

Note:   The fields useragentID and ingressIPAddress are mandatory. All other fields are optional.

o

5G-Cloud Service Map - Add the CSV file containing valid ephemeral port details and a valid IPv4/IPv6 address for IP mapping. Refer to Reference - Service Map Field Definitions for header details and examples.

4.

Click Choose File in the File Name field to upload the CSV file into GigaVUE-FM.

5.

Click Validate to validate the CSV file.

6.

Click Save to add the CSV file.

Recommended VM Specifications

The configuration of the 5G-Cloud Nokia HEP3 application should be performed on extra-large and large VMs.

■

Configuration specifications for Extra Large VM:

o

vCPUs: 26

o

Memory: 32 GB

o

Disk Space: 200 GB

Note:   Nokia HEP3 configuration on extra‑large VMs is supported only through the Third‑Party Orchestration method.

■

Configuration specifications for Large VM:

o

vCPUs: 8

o

Memory: 16 GB

o

Disk Space: 80 GB

■

Supported Ports: 1 Management interface, 1 ingress, and 1 egress interfaces.

■

It is recommended to use SRIOV enabled drivers for better performance and higher throughput. Refer to Configure GigaVUE Fabric Components using VMware ESXi topic for more details.

Reference - Service Map Field Definitions

Service mapping normalizes SIP traffic by converting vendor‑specific or ephemeral ports to standard SIP service ports (such as 5060). GigaVUE-FM matches incoming SIP control messages against configurable rules and, when a rule applies, rewrites the source and/or destination port before forwarding the traffic. This ensures that monitoring tools that rely on standard SIP ports continue to work without any changes.

Refer below for field specific details:

Note:   All fields except sipMessageType, srcPortMap, and dstPortMap are mandatory.

1.

srcIP - Source IP address of the SIP traffic, as carried in HEP3. You can specify a single IPv4 / IPv6 address, a prefix, or ipany to match any address.

Example:

o

ipany – matches SIP traffic from any source IP.

o

1.1.1.1 – matches only traffic coming from 1.1.1.1.

2.

dstIP - Destination IP address of the SIP traffic. You can specify a single IPv4 / IPv6 address, a prefix, or ipany to match any address.

Example:

o

ipany – any destination IP.

o

2.2.2.2 – match traffic going to 2.2.2.2.

3.

srcPort - Source port number of the SIP traffic. You can use a specific port to target a known source, or portany to match all source ports.

Example:

o

portany – match SIP traffic regardless of the source port.

o

5060 – match only when the source port is 5060.

4.

dstPort - Destination port number of the SIP traffic.

Example:

o

portany – any destination port.

o

5060 – only traffic with destination port 5060.

5.

protocolFamily - Identifies the IP family of the traffic.

Example:

o

IPv4 SIP traffic.

o

IPv6 SIP traffic.

6.

transportProtocol - Identifies the L4 transport protocol (TCP or UDP).

Note:  This field accepts only tcp or udp; it does not support integer values.

7.

applicationProtocol - Encodes the application protocol type carried in the HEP3 encapsulation.

Example:

o

1 – match SIP messages.

8.

interfaceName - Identifies the Nokia interface number on which the traffic is received.

Example:

o

90 – match traffic received on Nokia HEP3 vTAP interface 90 (IMS Non‑SBI).

9.

Direction - Traffic direction from the node’s point of view.

Example:

o

ingress – apply this rule only to traffic arriving at the node.

o

egress – apply this rule only to traffic sent out from the node.

10.

sipMessageType - Tells whether the SIP message is a request or a response.

Example:

o

request – map ports only for SIP requests.

o

response – map ports only for SIP responses.

11.

action - Specifies what the 5G Cloud application does with matching traffic.

Example:

o

portmap – change source and/or destination ports as specified in srcPortMap / dstPortMap.

o

discard – drop matching traffic.

o

ignore – match but do not modify the ports.

12.

srcPortMap - Applies only to server response frames. Use a valid port number in response frames (sipMessageType = response) and set it to portany for request frames.

Example:

o

5060 – set the source port to 5060 for matching SIP responses.

o

portany – keep the original source port.

13.

dstPortMap - Applies onto client-to-server request frames. Use a valid port number in request frames (sipMessageType = request) and set it to portany for response frames.

Example:

o

7777 – set the destination port to 7777 for matching SIP requests.

o

portany – keep the original destination port.

FHA Dashboards for 5G-Cloud Applications

After configuring the 5G-Cloud application, you can monitor the statistics for Nokia HEP3 by the reports displayed in the Dashboard. To access the details, refer to FHA Dashboards for 5G-Cloud Applications.