APG43L 4.

2 Network Impact Report

NETWORK IMPACT REPORT

2/109 48-APZ 212 60/62-V3 Uen A

Copyright

© Ericsson AB 2021. All rights reserved. No part of this document may be

reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. Ericsson shall
have no liability for any error or damage of any kind resulting from the use of
this document.

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 Contents

Contents

1 Introduction 1
1.1 Purpose 1
1.2 Revision Information 1
1.3 General Information 1
1.4 Node Configurations 2

2 General Impact 2
2.1 Capacity and Performance 2
2.2 Capacity and Performance 2
2.3 Hardware 3
2.4 File System 3
2.5 Implementation 3
2.6 Interface 3
2.7 Operation 4
2.8 Functional Changes 4

3 SW Upgrade 6

4 Additional Information 7
4.1 Operation 7
4.2 Documentation 8

Glossary 13

Reference List 15

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

APG43L 4.2 Network Impact Report

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 Introduction

1 Introduction

The Network Impact Report describes how the current release of APG43L 4.2
with new and changed features affects the previous release of APG43L and the
operator's overall network, including all affected products and functions.

1.1 Purpose
The purpose of this document is to provide sufficient information at an early stage
to Ericsson system operators in order to help them to plan the introduction in their
networks of new APG43L 4.2 Software (SW) package.

1.2 Revision Information

Table 1 Revision Information
Rev Date Reasons for Change
A 2021-10-2 Updated the document due to impacts in APG43L 4.2
9 release.

1.3 General Information

This Network Impact Report describes the software changes introduced in
APG43L 4.2 release with respect to APG43L 4.1.

For information about the software changes introduced in APG43L 4.1, refer to
APG43L 4.1 Network Impact Report.

APG43L 4.2 supports one or two APGs in Single-CP System and Multi-CP System.

APG43L 4.2 SW can be deployed through:

— New installation of all AXE based nodes

— Software Upgrade of all AXE based nodes having APG43L 4.0 as minimum
SW level

1.3.1 Software Baseline

APG43L 4.0 is the minimum software baseline that support a direct SW upgrade
path towards APG43L 4.2 SW level. See Section 3 on page 6 for more information
on the SW upgrade procedures.

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29 1

 APG43L 4.2 Network Impact Report

1.4 Node Configurations

APG43L serving a single-CP system or multi-CP system for a Physical Network
Function (PNF) on the following HW configurations:

— APG43/2

— APG43/3

— APG43/4

With reference to HW configurations, the following popular terms are used in

the document:

— APG43/2. It indicates an APG43 based on APUB GEP2 equipped with a

quad-core processor.

— APG43/3. It indicates an APG43 based on APUB GEP5 equipped with a

10-core processor and the disk on board.

— APG43/4. It indicates an APG43 based on APUB GEP7L equipped with a

10-core processor and the disk on board.

Note: These terms are just used for simplicity and they are not part of APUB
product designation name.

For Node configuration refer to the specific application network impact document.

2 General Impact

2.1 Capacity and Performance

No major performance figures change with respect to previous release.

2.2 Capacity and Performance

2.2.1 APG SW Upgrade Time

The SW upgrade total time depends on the number of corrections, functional
content and operating system fixes and changes. The worst use case is when a
major release of Operating System (OS) is released together with APG functional
content and fixes.

2 2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 General Impact

The table below shows the maximum SW upgrade times measured on a

single-APG configuration from all supported SW baselines, as per Section 1.3.1
on page 1, and for each HW platform.

Table 2 APG SW Upgrade Times

APG HW APG SW Upgrade Time
APG43/4 1hour 10 min ± 10 mins
APG43/3 1hour 10 min ± 10 mins
APG43/2 2hours ± 10 mins

2.3 Hardware
No new HW is introduced.

2.4 File System

No differences compared to previous release.

2.5 Implementation
The preparation of customer network is a critical part, especially the first time an
APG43L is introduced in the network.

2.6 Interface
The following table reports the supported standard protocols:

Table 3 Supported Standard Protocols

Application Layer
FTP • SSH • SFTP • LDAPS • RPC • HTTP • NETCONF• Cli over TLS • FTP over
TLS • NETCONF over TLS • SYSLOG over TLS
Transport Layer
TCP
Network/Internet Layer
IPSec• IPv4
Data link/Physical Layer
Ethernet

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29 3

 APG43L 4.2 Network Impact Report

Note:

— The Telnet based interfaces are not supported anymore.

For more information refer to User Guide How to Access an AXE.

2.7 Operation
APG43L 4.2 introduces, some changes in terms of:

— New, changed or dismissed functions, as per Section 2.8 on page 4.

— New, changed or deprecated AP commands, as per Section 4 on page 6.

— New, changed or deprecated Managed Object Classes (MOC) items, as per

Section 4 on page 6.

— New, changed or deprecated operational CPI documents (Printout

Descriptions, Operational Instructions, User Guides), as per Section 4 on
page 6.

Note: For a description of possible changes in STS object types and/or counters,
refer to specific AXE application document.

2.7.1 Changes for License Management

None.

2.7.2 Changes for Certificate Management

Remote Syslog interface on TLS is introduced with APG43L 4.2 SW level. Set of
node and credential certificates are required to activate and to establish a secure
session with an External Log Server (ELS) using SYSLOG over TLS.

For more information see Section 2.8.4 on page 5.

2.8 Functional Changes

APG43L 4.2 introduces some functional changes compared with APG43L 4.1. The
changed details are explained in the following sections.

2.8.1 GEP5 disk quota configuration for Wireline

A support for 400 GB and 1200 GB unique disk size hosted by a GEP5 HW variant
for Wireline Single-CP System.

For more information refer to User Guide File Management.

4 2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 General Impact

2.8.2 Changes in security

With APG43L 4.2, the password policy for troubleshooting user and tsadmin user
is enhanced in a way that the password should not contain at least 4 consecutive
characters of the username.

2.8.3 Secure Boot

APG43L 4.2 introduces the protection of system boot by new system defined
user called boot-admin.

For more information refer to User Guide User Management.

boot-admin privileges are required by Ericsson customer support to perform

extreme recovery operations.

For more information refer to User Guide How to Access an AXE.

Password of boot-admin user is set to the password of tsadmin user by new

command pwdsettsadmin.

For more information refer to Manual Page AP, Troubleshooting Administrator

User Account, Password, Set.

Note: The command pwdresettsuser and native linux command passwd must
not be used anymore to manage tsadmin user password.

After the upgrade to APG43L 4.2 it is mandatory to set again tsadmin password
to have boot-admin and tsadmin passwords aligned. AP Healthcheck function
reports specific error until this step is not performed.

For more information see Section 2.8.5.1 on page 6.

2.8.4 Syslog Security Event Logging

APG43L introduces the support of network syslog protocol based on RFC 5424.

Syslog protocol is a standard protocol used to convey event notification messages

in near real time mode by continuous streams.

APG43L 4.2 supports the stream out of security logs towards a compliant External
Log Server (ELS) using TLS as secure transport layer. In addition, other log
types like APG kernel and system event messages can also be streamed out. For
comparison between Syslog and AXE Audit Log Management function, refer to
Axe Security Management user guide.

The configuration of logs streaming towards ELS can be performed by new MOM
interface LogM. For more information refer to Managed Element Management
user guide.

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29 5

 APG43L 4.2 Network Impact Report

Only SystemSecurityAdministrator role has right to manage the security log

streams, while SystemAdministrator role has right to manage regular log streams
under LogM interface. For more information refer to User Management user guide.

A new command fqdndef is introduced, allowing APG to map the Fully Qualified
Domain Name (FQDN) of the ELS with the related IP network address so that
authentication can be successfully performed. Refer to AP, FQDN Configuration,
Define man page for more details.

The mktr command is updated to collect Syslog files. For more information refer to
Make Trouble Report..

A new alarm AP, Log Management, Fault is introduced to report issues with ELS.

For more information refer to Log Management user guide.

2.8.5 Other Changes

2.8.5.1 Health Check Enhancement

The command hcstart is enhanced by introducing new rule in existing security

rules to check boot-admin user.

For more information refer to Manual Page AP, Health Check, Start.

2.8.5.2 Configuration Editing Tool Enhancement

The command cfeted is enhanced to print the respective MAUSCORE details along
with CP-MAU product details for the options "-c" "-l" and "-v" (CUR/BAK) .

For more information refer to Manual Page Configuration Editing Tool, Edit.

3 SW Upgrade

Direct SW upgrade paths from APG43L 4.0 as minimum SW level.

Note: After the upgrade to APG43L 4.2, tsadmin password must be set using
new command pwdsettsadmin. For more information see Section 2.8.3
on page 5

Note: After SW upgrade procedure towards APG43L 4.2, it could be necessary to

follow a specific AXE Application procedure containing additional steps.
Refer to APG43L package information and specific AXE Application SW
upgrade procedures for more details.

6 2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 Additional Information

4 Additional Information

4.1 Operation

4.1.1 New AP Commands

The table below lists the new AP commands that were introduced in APG43L 4.2.

Table 4 New AP Commands

Command Comment
fqdndef New command is introduced as per
description in Section 2.8.4 on page 5
pwdsettsadmin New command is introduced as per
description in Section 2.8.3 on page 5

4.1.2 Deprecated AP Commands

None.

4.1.3 Changed AP Commands

The table below lists all AP commands that have changed their behavior on
APG43L 4.2 when compared to APG43L 4.1.

Table 5 Changed AP commands

Command Comment
cfeted Command is updated as per
description in Section 2.8.5.2 on page 6
pwdresettsuser Command is updated as per
description in Section 2.8.3 on page 5
hcstart Command is updated as per
description in Section 2.8.5.1 on page 6

4.1.4 Removed AP Commands

None.

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29 7

 APG43L 4.2 Network Impact Report

4.1.5 New MML Commands

None.

4.1.6 Changed MML Commands

None.

4.1.7 New Alarms

The table below lists the new AP alarms that were introduced in APG43L 4.2.

Table 6
Alarm Comment
AP, Log Management, Fault New alarm is introduced as per
description in Section 2.8.4 on page 5

4.1.8 Removed Alarms

None.

4.1.9 Changed Alarms

None.

4.2 Documentation

4.2.1 New Documents

4.2.1.1 New Manual Pages

New Manual Page.

Table 7
Document Comment
AP, FQDN Configuration, Define New document is introduced as per
description in Section 2.8.4 on page 5
AP, Troubleshooting Administrator New document is introduced as per
User Account, Password, Set description in Section 2.8.3 on page 5

8 2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 Additional Information

4.2.1.2 New Printout Descriptions

New Printout Descriptions.

Table 8
Document Comment
AP, Log Management, Fault New document is introduced as per
description in Section 2.8.4 on page 5

4.2.1.3 New Operational Instructions

New Operational Instructions.

Table 9
Document Comment
AP, Log Management, Fault New document is introduced as per
description in Section 2.8.4 on page 5

4.2.1.4 New User Guides

The table below lists the new user guides that were introduced in APG43L 4.2.

Table 10
Document Comment
Log Management New document is introduced as per
description in Section 2.8.4 on page 5

4.2.2 New Managed Object Classes

New Managed Object Classes.

Table 11
MOC Name Comments
LogM New MOC introduced as per
description on Section Section 2.8.4
on page 5
Log New MOC introduced as per
description on Section Section 2.8.4
on page 5
RemoteLogServer New MOC introduced as per
description on Section Section 2.8.4
on page 5

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29 9

 APG43L 4.2 Network Impact Report

4.2.3 Changed Documents

4.2.3.1 Changed Command Descriptions

None

4.2.3.2 Changed Descriptions

None.

4.2.3.3 Changed Manual Pages

The table below reports Manual Pages changed in APG43L 4.2..

Table 12 Changed Manual Pages.

Document Reason for Change
Configuration Editing Tool Edit Document is updated as per
description in Section 2.8.5.2 on
page 6
Make Trouble Report Document is updated as per
description in Section 2.8.4 on
page 5
AP, Troubleshooting User Account, Document is updated as per
Password, Reset description in Section 2.8.3 on
page 5
AP, Health Check, Start Document is updated as per
description in Section 2.8.5.1 on
page 6

4.2.3.4 Changed Operational Instructions

The table below reports User Guides changed in APG43L 4.2.

Table 13 Changed Operational Instructions.

Title Reason for Change
AP, MAU Middleware, Install Document is updated as per
description in Section 2.8.5.2 on
page 6

4.2.3.5 Changed Printout Descriptions

None.

10 2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 Additional Information

4.2.3.6 Changed User Guides

Table 14 Changed User Guides

Document Comment
File Management Document is updated as per description
in Section 2.8.1 on page 4
How to Access an AXE Document is updated as per description
in Section 2.8.3 on page 5
User Management Document is updated as per description
in Section 2.8.3 on page 5, Section
2.8.4 on page 5
Managed Element Management Document is updated as per description
in Section 2.8.4 on page 5
AXE Security Management Document is updated as per description
in Section 2.8.4 on page 5

4.2.4 Changed Managed Object Classes

None.

4.2.5 Removed Documents

4.2.5.1 Removed Operational Instructions

None.

4.2.5.2 Removed Printout Descriptions

None.

4.2.5.3 Removed User Guides

None.

4.2.5.4 Removed Manual Pages

None.

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29 11

 APG43L 4.2 Network Impact Report

12 2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 Glossary

Glossary

AP OS
Adjunct Processor Operating System

APG POD
Adjunct Processor Group Printout Description Document

APUB RPC
Adjunct Processor Unit Board Remote Procedure Call

CP SFTP
Central Processor Secure FTP

ELS SSH
External Log Server Secure SHell

ENM STS
Ericsson Network Manager Statistics and Traffic Measurements

FTP SW
File Transfer Protocol Software
FQDN SYSLOG
Fully Qualified Domain Name System Logging
HLR TLS
Home Location Register Transport Layer Security
HW TS
Hardware Troubleshooting
IPSec TSC-S
Internet Protocol Security Transit Switching Center-Server
MML
Man-Machine Language

MOC
Managed Object Class

MOM
Managed Object Model

MSC-S
Mobile Switching Centre-Server

NETCONF
Network Configuration

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29 13

 APG43L 4.2 Network Impact Report

14 2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29

 Reference List

Reference List

[1] AP, Log Management, Fault

POD

[2] AP, Log Management, Fault

OPI

[3] AP, Health Check, Start

MANUAL PAGE

[4] AP, Troubleshooting Administrator User Account, Password, Set

MANUAL PAGE

[5] AP, Troubleshooting User Account, Password, Reset

MANUAL PAGE

[6] APG43L 4.1 Network Impact Report

NETWORK IMPACT REPORT

[7] How to Access an AXE

USER GUIDE

[8] File Management

USER GUIDE

[9] Log Management

USER GUIDE

[10] Make Trouble Repoort

MAN PAGE

[11] Managed Element Management

USER GUIDE

[12] AXE Security Management

USER GUIDE

[13] User Management

USER GUIDE

2/109 48-APZ 212 60/62-V3 Uen A | 2021-10-29 15