Home
MATRIXX 5G Integration
MATRIXX SBA Gateway
This section describes the Service Based Architecture (SBA) Gateway, which provides the framework to build 5G network function (NF) services based on 3GPP technical specifications.
Installing SBA Gateway
This section describes installing SBA Gateway in hybrid deployments and installing CHF within an Istio service mesh.
Installing CHF Within Istio Service Mesh
A Kubernetes service mesh adds network routing, security, observability, and reliability features to applications as proxy containers paired with application containers. This enables features to be abstracted away from the application layer.
Istio Ingress Gateway, VirtualService, and DestinationRule
Inbound 5G traffic requires either a standard Kubernetes Ingress or an Istio Ingress Gateway. Definitions for an Istio VirtualService and DestinationRule are also required.

Welcome
MATRIXX Release Notes
MATRIXX Architecture
MATRIXX Installation and Upgrade
MATRIXX Configuration
MATRIXX Security
MATRIXX Integration
MATRIXX Diameter Integration
MATRIXX Call Control Framework Integration
MATRIXX TM Forum Integration
MATRIXX 5G Integration
- About MATRIXX 5G Integration
  MATRIXX 5G Integration describes how to implement the Service-Based Architecture (SBA) Gateway and messaging. In addition, this document provides information about security configuration (secured and not secured).
- MATRIXX SBA Gateway
  This section describes the Service Based Architecture (SBA) Gateway, which provides the framework to build 5G network function (NF) services based on 3GPP technical specifications.
  - MATRIXX SBA Gateway Overview
    SBA Gateway converts incoming 5G JSON messages to MATRIXX Data Containers (MDCs) and forwards these requests to the Traffic Routing Agent (TRA), which routes them to the correct sub-domain on MATRIXX Engine. Outgoing messages are converted from MDCs to 5G JSON messages.
  - Installing SBA Gateway
    This section describes installing SBA Gateway in hybrid deployments and installing CHF within an Istio service mesh.
    - Installing SBA Gateway in Hybrid Deployments
      SBA Gateway requires a Kubernetes cluster. Some bare metal deployments select a gradual transition to 5G by integrating SBA Gateway with the existing bare metal MATRIXX deployment. To do this, SBA Gateway can be installed as its own Helm release, in its own namespace.
    - Installing CHF Within Istio Service Mesh
      A Kubernetes service mesh adds network routing, security, observability, and reliability features to applications as proxy containers paired with application containers. This enables features to be abstracted away from the application layer.
      - Istio Ingress Gateway, VirtualService, and DestinationRule
        Inbound 5G traffic requires either a standard Kubernetes Ingress or an Istio Ingress Gateway. Definitions for an Istio VirtualService and DestinationRule are also required.
      - Installing SBA Gateway for Use with Istio Service Mesh
        SBA Gateway requires added annotations in your Helm values file to correctly support the service mesh. It must also be deployed as its own Helm release, in its own namespace, to isolate other MATRIXX components outside of the service mesh.
  - Upgrading SBA Gateway
    When upgrading to a new version of SBA Gateway, there are several things you must consider to ensure the upgrade is successful and the correct configuration is applied.
  - Viewing the SBA Gateway Version
    You can use version, revision, and timestamp data to check which version of SBA Gateway is running.
  - Configuring SBA Gateway
    SBA Gateway is configured as 5G network functions in several ways.
  - Monitoring and Logging
    You administer the SBA Gateway by configuring its logging and monitoring features. For more information about monitoring SBA Gateway administration tasks, see the discussions about monitoring SBA Gateway and configuring the SNMP Prometheus adapter in MATRIXX Monitoring and Logging.
  - Creating a Mapping Configuration
    The following documentation provides information about how to create a mapping configuration. For a list of 5G message mappings from MATRIXX Data Container (MDCs) to OpenAPI supported by MATRIXX, see the discussion about MATRIXX 5G message mapping.
  - Security
    SBA Gateway supports HTTP BASIC authentication and TLS Mutual Authentication.
  - API for 5G Integration
    The URI, mapping, and OpenAPI specification are configurable, and only the HTTP method and mapping filename are not.
  - Throttling
    SBA Gateway can be throttled to protect the platform from overload conditions.
  - Connecting to Multiple Networks with Multus
    Depending on requirements, SBA Gateway might require a dedicated connection to the 5G network separate from its connection to other MATRIXX components.
  - MATRIXX 5G Message Mapping
    The following sections describe the default configuration for SBA Gateway-supported 5G message mapping. Topics in the following sections describe the mappings from MATRIXX Data Container (MDC) format to OpenAPI format for each 3GPP 5G version.
- Charging Function
  This section describes the Charging Function components and how to deploy and configure them.
MATRIXX 5G Event Streaming
MATRIXX Event Streaming
MATRIXX Administration
MATRIXX Web App Administration
MATRIXX Monitoring and Logging
MATRIXX Policy
MATRIXX Kafka CDR Consumer
MATRIXX Pricing and Rating
MATRIXX Pay Now
MATRIXX Subscriber Management
MATRIXX Subscriber Management API
MATRIXX Business API SDK
My MATRIXX Help
MATRIXX Backoffice Customer Tool Help
MATRIXX Third-Party Licenses
Glossary

Istio Ingress Gateway, VirtualService, and DestinationRule

Inbound 5G traffic requires either a standard Kubernetes Ingress or an Istio Ingress Gateway. Definitions for an Istio VirtualService and DestinationRule are also required.

Istio Ingress Gateway

It is possible to use a standard Kubernetes Ingress for 5G network traffic, or you can use an Istio Ingress Gateway instead. Istio Ingress Gateways can be configured in several ways. In the following example, the Istio Ingress Gateway offloads traffic from the HTTPS TLS connection addressed to chf.acme.com and validates using the certificate held in the chf-acme-credential secret in the istio-system namespace.

apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  name: matrixx-chf-gateway
spec:
  selector:
    istio: ingressgateway
  servers:
 
    # HTTP/2 Traffic secured
  - port:
      number: 443
      name: https
      protocol: HTTPS
    hosts:
      - "chf.acme.com"
    tls:
      mode: SIMPLE
      credentialName: chf-acme-credential

VirtualService

To route inbound traffic from the Istio ingress Gateway, create a VirtualService that accepts traffic from the Istio Ingress Gateway and sends it to the Kubernetes service for the CHF network function. Create the VirtualService in the istio-system namespace.

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: chf
spec:
  hosts:
  - "chf.acme.com"
  gateways:
  - matrixx-chf-gateway
  http:
 
  # Match HTTPS (HTTP2) Traffic
  - match:
    - uri:
        prefix: "/"
      port: 443
    route:
 
      # CHF (with Engine)
    - destination:
        port:
          number: 80
        host: sba-5gc-chf-ag1.matrixx-chf.svc.cluster.local
      weight: 100

DestinationRule

In addition to the VirtualService, you must create a DestinationRule to ensure that communication between the Istio Ingress Gateway and the CHF service is always upgraded to HTTP/2. Create the DestinationRule in the istio-system namespace.

apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
  name: chf
spec:
  host: sba-5gc-chf-ag1.matrixx-chf.svc.cluster.local
  trafficPolicy:
    connectionPool:
      http:
        h2UpgradePolicy: UPGRADE