1 Introduction
1.1 Purpose and Scope
The purpose of this document is to highlight the changes made in SEPP from release 23.4.x to release 24.1.x. These changes may have impact on the customer network operations and must be considered by the customer while planning the deployment.
1.2 Compatibility Matrix
The following table lists the versions of added or updated components in release 24.1.x:
Table 1-1 Compatibility Matrix
| Components | Compatibility Version |
|---|---|
| ASM | 1.14.6 |
| ATS | 24.1.x |
| CNC Console | 24.1.x |
| CDCS | 23.4.x, 23.3.x, 23.2.x |
| cnDBTier |
24.1.x, 23.4.x, 23.3.x |
| CNE | 24.1.x, 23.4.x, 23.3.x |
| OCCM | 24.1.x |
| OCI Adaptor | 24.1.0 |
| OSO |
23.4.x, 23.3.x |
To know the list of all the supported versions, see Oracle Communications Cloud Native Core Release Notes.
1.3 Common Services Load Lineup
The following table lists the versions of added or updated common services in release 24.1.x:
Table 1-2 Common Services Load Lineup
| Common Service | Version |
|---|---|
| Alternate Route Svc | 24.1.5 |
| App-Info | 24.1.3 |
| Config-Server | 24.1.3 |
| Debug-tool | 24.1.1 |
| Egress Gateway | 24.1.5 |
| Ingress Gateway | 24.1.5 |
| Helm Test | 24.1.1 |
| NRF-Client | 24.1.5 |
| Perf-Info | 24.1.3 |
| Mediation | 24.1.0 |
To know the list of all the supported versions, see Oracle Communications Cloud Native Core Release Notes.
1.4 Software Requirements
The following table lists the versions of added or updated software required to install release 24.1.x:
Table 1-3 Preinstalled Software
| Software | Versions |
|---|---|
| Kubernetes | 1.27.x, 1.26.x, 1.25.x |
| Helm | 3.12.x, 3.8.x, 3.6.3 |
| Podman | 4.4.1, 4.2.0, 4.0.2 |
| OKE (in OCI) | 1.27.x |
Table 1-4 Additional Software
| Software | Version | Required for |
|---|---|---|
| containerd | 1.7.1 | Logging |
| Calico | 3.26.4 | Logging |
| MetalLB | 0.13.11 | Logging |
| Prometheus | 2.51.1 | Metrics |
| Grafana | 9.5.3 | Metrics |
| Jaeger | 1.52.0 | Logging |
| Istio | 1.18.2 | Logging |
| Kyverno | 1.9.0 | Logging |
| cert-manager | 1.12.4 | Logging |
| Oracle OpenSearch | 2.3.0 | Logging |
| Oracle OpenSearch Dashboard | 2.3.0 | Logging |
| Fluentd OpenSearch | 1.16.2 | Logging |
| Velero | 1.12.0 | Logging |
In OCI, the Prometheus-Operator is not required. The metrics and alerts will be managed using OCI monitoring and Alarm services. For more information, see Oracle Communications Cloud Native Core OCI Adaptor, NF Deployment in OCI.
For more information about software requirements, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide.
1.5 Orchestration
The following table provides information about orchestration changes in release 24.1.x:
Table 1-5 Orchestration
| Orchestration Changes | Status | Notes |
|---|---|---|
| Support for in-service upgrade and roll back | Yes | For information about upgrade and roll back, see Supported Upgrade and Rollback Paths section. |
Changes in the custom_values.yaml file
|
Yes | For information about changes in the
custom_values.yaml file, see Helm section.
|
Changes in the resource information for
custom_values.yaml file
|
Yes | For information about changes in the resource requirements, see Resource Requirement section. |
| Changes in the CSAR package | Yes | Following file and folder are added to the in CSAR package to
support the NF Deployment in OCI:
Note: For more information on specific CSAR changes, contact My Oracle Support. |
| Changes in Role-Based Access Control (RBAC) policy | No | No new RBAC policies are added. |
| Changes in Life Cycle Management (LCM) Operations | No | No new LCM operations are added. |
| Helm Test Support | Yes | Helm Test is supported.
For more information, see "Performing Helm Test" section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide. |
1.6 Resource Requirements
This section lists the added or updated resource requirements in Release 24.1.x.
For more information about resource requirements, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide.
1.6.1 SEPP Resource Requirements
This section lists the added or updated resource requirements in SEPP mode in Release 24.1.0. For more information about resource requirements, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide.
1.6.1.1 SEPP Services
The following table lists resource requirement for SEPP Services:
Table 1-6 SEPP Services
| Service Name | CPU | Memory (GB) | POD | Ephemeral Storage | ||||
|---|---|---|---|---|---|---|---|---|
| Min | Max | Min | Max | Min | Max | Min(Gi) | Max(Gi) | |
| Helm Test | 1 | 1 | 1 | 1 | 1 | 1 | 70Mi | 1 |
| Helm Hook | 1 | 1 | 1 | 1 | 1 | 1 | 0 | 1 |
| <helm-release-name>-n32-ingress-gateway | 6 | 6 | 5 | 5 | 7 | 7 | 1 | 1 |
| <helm-release-name>-n32-egress-gateway | 5 | 5 | 5 | 5 | 7 | 7 | 1 | 1 |
| <helm-release-name>-plmn-ingress-gateway | 5 | 5 | 5 | 5 | 7 | 7 | 1 | 1 |
| <helm-release-name>-plmn-egress-gateway | 5 | 5 | 5 | 5 | 7 | 7 | 1 | 1 |
| <helm-release-name>-pn32f-svc | 5 | 5 | 8 | 8 | 7 | 7 | 2 | 2 |
| <helm-release-name>-cn32f-svc | 5 | 5 | 8 | 8 | 7 | 7 | 2 | 2 |
| <helm-release-name>-cn32c-svc | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 |
| <helm-release-name>-pn32c-svc | 2 | 2 | 2 | 2 | 2 | 2 | 1 | 1 |
| <helm-release-name>-config-mgr-svc | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
| <helm-release-name>-sepp-nrf-client-nfdiscovery | 1 | 1 | 2 | 2 | 2 | 2 | 1 | 1 |
| <helm-release-name>-sepp-nrf-client-nfmanagement | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
| <helm-release-name>-ocpm-config | 1 | 1 | 1 | 1 | 2 | 2 | 1 | 1 |
| <helm-release-name>-appinfo | 1 | 1 | 1 | 2 | 2 | 2 | 1 | 1 |
| <helm-release-name>-perf-info | 2 | 2 | 200Mi | 4 | 2 | 2 | 1 | 1 |
| <helm-release-name>-nf-mediation | 8 | 8 | 8 | 8 | 2 | 2 | NA | NA |
| <helm-release-name>-coherence-svc | 1 | 1 | 2 | 2 | 1 | 1 | NA | NA |
| <helm-release-name>-alternate-route | 2 | 2 | 4 | 4 | 1 | 1 | NA | NA |
| Total | 56 | 56 | 63.200 | 68 | 62 | 62 | 16.7 Gi | 18 |
Note:
- #: <helm-release-name> will be prefixed in each micro service name. Example: if helm release name is "ocsepp", then cn32f-svc microservice name will be "ocsepp-cn32f-svc"
- Init-service container's and Common Configuration Client Hook's resources are not counted because the container gets terminated after initialization completes.
- Helm Hooks Jobs: These are pre and post jobs that are invoked during installation, upgrade, rollback, and uninstallation of the deployment. These are short span jobs that get terminated after the deployment completion.
- Helm Test Job: This job is run on demand when the helm test command is initiated. This job runs the helm test and stops after completion. These are short-lived jobs that get terminated after the deployment is done. They are not part of active deployment resource, but are considered only during helm test procedures.
1.6.1.2 Upgrade
Following is the resource requirement for upgrading SEPP:
Table 1-7 Upgrade
| Service Name | CPU | Memory (GB) | POD | Ephemeral Storage | ||||
|---|---|---|---|---|---|---|---|---|
| Min | Max | Min | Max | Min | Max | Min(Gi) | Max(Gi) | |
| <helm-release-name>-n32-ingress-gateway | 6 | 6 | 5 | 5 | 1 | 2 | 1 | 1 |
| <helm-release-name>-n32-egress-gateway | 5 | 5 | 5 | 5 | 1 | 2 | 1 | 1 |
| <helm-release-name>-plmn-ingress-gateway | 5 | 5 | 5 | 5 | 1 | 2 | 1 | 1 |
| <helm-release-name>-plmn-egress-gateway | 5 | 5 | 5 | 5 | 1 | 2 | 1 | 1 |
| <helm-release-name>-pn32f-svc | 5 | 5 | 8 | 8 | 1 | 2 | 2 | 1 |
| <helm-release-name>-cn32f-svc | 5 | 5 | 8 | 8 | 1 | 2 | 2 | 1 |
| <helm-release-name>-cn32c-svc | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32c-svc | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
| <helm-release-name>-config-mgr-svc | 2 | 2 | 2 | 2 | 1 | 1 | 1 | 1 |
| <helm-release-name>-sepp-nrf-client-nfdiscovery | 1 | 1 | 2 | 2 | 1 | 1 | 1 | 1 |
| <helm-release-name>-sepp-nrf-client-nfmanagement | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
| <helm-release-name>-ocpm-config | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
| <helm-release-name>-appinfo | 1 | 1 | 1 | 2 | 1 | 1 | 1 | 1 |
| <helm-release-name>-perf-info | 2 | 2 | 200Mi | 4 | 1 | 1 | 1 | 1 |
| <helm-release-name>-nf-mediation | 8 | 8 | 8 | 8 | 1 | 1 | 1 | 1 |
| <helm-release-name>-alternate-route | 2 | 2 | 4 | 4 | 1 | 1 | NA | NA |
| Total | 54 | 54 | 61.2 | 66 | 17 | 23 | 17 | 15 Gi |
Note:
<helm-release-name> is the Helm release name. Example: if helm release name is "ocsepp", then cn32f-svc microservice name will be "ocsepp-cn32f-svc".1.6.1.3 Common Services Container
Following is the resource requirement for Common Services Container:
Table 1-8 Common Services Container
| Container Name | CPU | Memory (GB) | Kubernetes Init Container |
|---|---|---|---|
| init-service | 1 | 1 | Y |
| common_config_hook | 1 | 1 | N |
- Update Container service: Ingress or Egress Gateway services use this container service to periodically refresh NRF Private Key or Certificate and CA Root Certificate for TLS.
- Init Container service: Ingress or Egress Gateway services use this container to get NRF Private Key or Certificate and CA Root Certificate for TLS during start up.
- Common Configuration Hook: It is used for creating database for common service configuration.
1.6.1.4 ASM Sidecar
SEPP leverages the Platform Service Mesh (for example, Aspen Service Mesh) for all internal and external TLS communication. If ASM Sidecar injection is enabled during SEPP deployment or upgrade, this container is injected to each pod (or selected pod, depending on the option chosen during deployment or upgrade). These containers stay till pod or deployment exist.
Table 1-9 ASM Sidecar
| Service Name | CPU | Memory (GB) | Ephemeral Storage | |||
|---|---|---|---|---|---|---|
| Min | Max | Min | Max | Min(Mi) | Max(Gi) | |
| <helm-release-name>-alternate-route | 2 | 2 | 1 | 1 | NA | NA |
| Total | 34 | 34 | 17 | 17 | 1050 Mi | 15 Gi |
Note:
<helm-release-name> is the Helm release name. Example: if helm release name is "ocsepp", then cn32f-svc microservice name will be "ocsepp-cn32f-svc"1.6.1.5 Debug Tool Container
The Debug Tool provides third-party troubleshooting tools for debugging the runtime issues in a lab environment. If Debug Tool Container injection is enabled during SEPP deployment or upgrade, this container is injected to each SEPP pod (or selected pod, depending on the option chosen during deployment or upgrade). These containers stay till pod or deployment exist. For more information about configuring Debug Tool, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.
Table 1-10 Debug Tool Container
| Service Name | CPU | Memory (GB) | Ephemeral Storage | |||
|---|---|---|---|---|---|---|
| Min | Max | Min(Gi) | Max(Gi) | Min(Mi) | Max(Mi) | |
| <helm-release-name>-n32-ingress-gateway | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-n32-egress-gateway | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-plmn-ingress-gateway | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-plmn-egress-gateway | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-pn32f-svc | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-cn32f-svc | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-cn32c-svc | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-pn32c-svc | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-config-mgr-svc | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-sepp-nrf-client-nfdiscovery | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-sepp-nrf-client-nfmanagement | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-ocpm-config | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-appinfo | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-perf-info | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-nf-mediation | 0.5 | 1 | 4 | 4 | 512 | 512 |
| <helm-release-name>-coherence-svc | NA | NA | NA | NA | NA | NA |
| <helm-release-name>-alternate-route | 0.5 | 1 | 4 | 4 | NA | NA |
| Total | 8 | 16 | 64 | 64 | 7680 Mi | 7680 Mi |
Note:
<helm_release_name> is the Helm release name. For example, if Helm release name is "ocsepp", then plmn-egress-gateway microservice name will be "ocplmn-egress-gateway".
1.6.1.6 SEPP Hooks
Following is the resource requirement for SEPP Hooks.
Table 1-11 SEPP Hooks
| Hook Name | CPU | Memory (GB) | ||
|---|---|---|---|---|
| Min | Max | Min | Max | |
| <helm-release-name>-update-db-pre-install | 1 | 1 | 1 | 1 |
| <helm-release-name>-update-db-<post-install> | 1 | 1 | 1 | 1 |
| <helm-release-name>-update-db-<pre-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-update-db-<post-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-update-db-<pre-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-update-db-<post-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32f-svc-pre-install | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32f-svc-post-install | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32f-svc-<pre-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32f-svc-<post-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32f-svc-<pre-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32f-svc-<post-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32f-svc-pre-install | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32f-svc-<post-install> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32f-svc-<pre-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32f-svc-<post-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32f-svc-<pre-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32f-svc-<post-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32c-svc-pre-install | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32c-svc-<post-install> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32c-svc-<pre-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32c-svc-<post-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32c-svc-<pre-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-cn32c-svc-<post-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32c-svc-pre-install | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32c-svc-<post-install> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32c-svc-<pre-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32c-svc-<post-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32c-svc-<pre-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-pn32c-svc-<post-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-config-mgr-svc-pre-install | 1 | 1 | 1 | 1 |
| <helm-release-name>-config-mgr-svc-<post-install> | 1 | 1 | 1 | 1 |
| <helm-release-name>-config-mgr-svc-<pre-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-config-mgr-svc-<post-upgrade> | 1 | 1 | 1 | 1 |
| <helm-release-name>-config-mgr-svc-<pre-rollback> | 1 | 1 | 1 | 1 |
| <helm-release-name>-config-mgr-svc-<post-rollback> | 1 | 1 | 1 | 1 |
Note:
<helm-release-name> is the Helm release name.1.6.2 Roaming Hub or Hosted SEPP Resource Requirements
This section lists the added or updated resource requirements in Roaming Hub or Hosted SEPP mode in Release 24.1.0. For more information about Roaming Hub or Hosted SEPP resource requirements, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide.