Configure a service and SIM policy using an ARM template
Services and SIM policies are the key components of Azure Private 5G Core's customizable policy control, which allows you to provide flexible traffic handling. You can determine exactly how your packet core instance applies quality of service (QoS) characteristics to service data flows (SDFs) to meet your deployment's needs. For more information, see Policy control. In this how-to guide, you'll learn how to use an Azure Resource Manager template (ARM template) to create a simple service and SIM policy.
An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.
If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.
Prerequisites
Ensure you can sign in to the Azure portal using an account with access to the active subscription you used to create your private mobile network. This account must have the built-in Contributor or Owner role at the subscription scope.
Identify the name of the Mobile Network resource corresponding to your private mobile network and the resource group containing it.
Identify the Azure region in which you deployed your private mobile network.
Identify the name of the network slice you want to assign the SIM policy to.
Identify the name of the data network to which you want to assign the new policy.
The ARM template is populated with values to configure a default service and SIM policy that allows all traffic in both directions.
If you want to create a service and SIM policy for another purpose, use the information in Collect the required information for a service and Collect the required information for a SIM policy to design a service and SIM policy to meet your requirements. You'll enter these new values as part of deploying the ARM template.
Review the template
The template used in this how-to guide is from Azure Quickstart Templates.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.22.6.54827",
"templateHash": "7793736700363560682"
}
},
"parameters": {
"location": {
"type": "string",
"metadata": {
"description": "Region where the Mobile Network will be deployed (must match the resource group region)"
}
},
"existingMobileNetworkName": {
"type": "string",
"metadata": {
"description": "Name of the Mobile Network to add a SIM policy to"
}
},
"existingSliceName": {
"type": "string",
"metadata": {
"description": "Name of the existing slice to use for the SIM policy"
}
},
"existingDataNetworkName": {
"type": "string",
"metadata": {
"description": "Name of the existing data network to use for the SIM policy"
}
},
"serviceName": {
"type": "string",
"defaultValue": "Allow_all_traffic",
"metadata": {
"description": "The name of the service"
}
},
"serviceMaximumBitRateUplink": {
"type": "string",
"defaultValue": "2 Gbps",
"metadata": {
"description": "The maximum bit rate (MBR) for uploads across all service data flows that match data flow policy rules configured on the generic service"
}
},
"serviceMaximumBitRateDownlink": {
"type": "string",
"defaultValue": "2 Gbps",
"metadata": {
"description": "The maximum bit rate (MBR) for downloads across all service data flows that match data flow policy rules configured on the generic service"
}
},
"servicePrecedence": {
"type": "int",
"defaultValue": 253,
"minValue": 0,
"maxValue": 255,
"metadata": {
"description": "The precedence value for the service being deployed."
}
},
"dataFlowPolicyRuleName": {
"type": "string",
"defaultValue": "All_traffic",
"metadata": {
"description": "The name of the data flow policy rule that will be created for this service."
}
},
"dataFlowPolicyRulePrecedence": {
"type": "int",
"defaultValue": 253,
"minValue": 0,
"maxValue": 255,
"metadata": {
"description": "The precedence value for the data flow policy rule being created."
}
},
"dataFlowPolicyRuleTrafficControl": {
"type": "string",
"defaultValue": "Enabled",
"allowedValues": [
"Enabled",
"Blocked"
],
"metadata": {
"description": "Whether flows matching this data flow policy rule are permitted or blocked."
}
},
"dataFlowTemplateProtocols": {
"type": "array",
"defaultValue": [
"ip"
],
"metadata": {
"description": "Which protocols match this data flow policy rule. This should be either a list of IANA protocol numbers or the special value \"ip\""
}
},
"dataFlowTemplateName": {
"type": "string",
"defaultValue": "ip_traffic",
"metadata": {
"description": "The name of the data flow template that will be created for this service."
}
},
"dataFlowTemplateDirection": {
"type": "string",
"defaultValue": "Bidirectional",
"allowedValues": [
"Uplink",
"Downlink",
"Bidirectional"
],
"metadata": {
"description": "The direction of the flow to match with this data flow policy rule."
}
},
"dataFlowTemplateRemoteIps": {
"type": "array",
"defaultValue": [
"any"
],
"metadata": {
"description": "The remote IP addresses that UEs will connect to for this flow. This should be either a list of IP addresses or the special value \"any\""
}
},
"simPolicyName": {
"type": "string",
"defaultValue": "Default-policy",
"metadata": {
"description": "The name of the SIM policy"
}
},
"totalBandwidthAllowedUplink": {
"type": "string",
"defaultValue": "2 Gbps",
"metadata": {
"description": "The UE aggregated maximum bit rate (UE-AMBR) for uploads across all non-GBR QoS flows for a particular UE"
}
},
"totalBandwidthAllowedDownlink": {
"type": "string",
"defaultValue": "2 Gbps",
"metadata": {
"description": "The UE aggregated maximum bit rate (UE-AMBR) for downloads across all non-GBR QoS flows for a particular UE"
}
},
"sessionAggregateMaximumBitRateUplink": {
"type": "string",
"defaultValue": "2 Gbps",
"metadata": {
"description": "The session aggregated maximum bit rate (Session-AMBR) for uploads across all non-GBR QoS flows of an individual PDU session involving a particular UE"
}
},
"sessionAggregateMaximumBitRateDownlink": {
"type": "string",
"defaultValue": "2 Gbps",
"metadata": {
"description": "The session aggregated maximum bit rate (Session-AMBR) for downloads across all non-GBR QoS flows of an individual PDU session involving a particular UE"
}
}
},
"resources": [
{
"type": "Microsoft.MobileNetwork/mobileNetworks/services",
"apiVersion": "2023-09-01",
"name": "[format('{0}/{1}', parameters('existingMobileNetworkName'), parameters('serviceName'))]",
"location": "[parameters('location')]",
"properties": {
"servicePrecedence": "[parameters('servicePrecedence')]",
"serviceQosPolicy": {
"maximumBitRate": {
"uplink": "[parameters('serviceMaximumBitRateUplink')]",
"downlink": "[parameters('serviceMaximumBitRateDownlink')]"
}
},
"pccRules": [
{
"ruleName": "[parameters('dataFlowPolicyRuleName')]",
"rulePrecedence": "[parameters('dataFlowPolicyRulePrecedence')]",
"trafficControl": "[parameters('dataFlowPolicyRuleTrafficControl')]",
"serviceDataFlowTemplates": [
{
"templateName": "[parameters('dataFlowTemplateName')]",
"protocol": "[parameters('dataFlowTemplateProtocols')]",
"direction": "[parameters('dataFlowTemplateDirection')]",
"remoteIpList": "[parameters('dataFlowTemplateRemoteIps')]"
}
]
}
]
}
},
{
"type": "Microsoft.MobileNetwork/mobileNetworks/simPolicies",
"apiVersion": "2023-09-01",
"name": "[format('{0}/{1}', parameters('existingMobileNetworkName'), parameters('simPolicyName'))]",
"location": "[parameters('location')]",
"properties": {
"ueAmbr": {
"uplink": "[parameters('totalBandwidthAllowedUplink')]",
"downlink": "[parameters('totalBandwidthAllowedDownlink')]"
},
"defaultSlice": {
"id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks/slices', parameters('existingMobileNetworkName'), parameters('existingSliceName'))]"
},
"sliceConfigurations": [
{
"slice": {
"id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks/slices', parameters('existingMobileNetworkName'), parameters('existingSliceName'))]"
},
"defaultDataNetwork": {
"id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks/dataNetworks', parameters('existingMobileNetworkName'), parameters('existingDataNetworkName'))]"
},
"dataNetworkConfigurations": [
{
"dataNetwork": {
"id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks/dataNetworks', parameters('existingMobileNetworkName'), parameters('existingDataNetworkName'))]"
},
"sessionAmbr": {
"uplink": "[parameters('sessionAggregateMaximumBitRateUplink')]",
"downlink": "[parameters('sessionAggregateMaximumBitRateDownlink')]"
},
"allowedServices": [
{
"id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks/services', parameters('existingMobileNetworkName'), parameters('serviceName'))]"
}
]
}
]
}
]
},
"dependsOn": [
"[resourceId('Microsoft.MobileNetwork/mobileNetworks/services', parameters('existingMobileNetworkName'), parameters('serviceName'))]"
]
}
]
}
Two Azure resources are defined in the template.
- Microsoft.MobileNetwork/mobileNetworks/services: create a service.
- Microsoft.MobileNetwork/mobileNetworks/simPolicies: create a SIM policy.
Deploy the template
Select the following link to sign in to Azure and open a template.
Select or enter the following values, using the information you retrieved in Prerequisites.
- Subscription: select the Azure subscription you used to create your private mobile network.
- Resource group: select the resource group containing the Mobile Network resource representing your private mobile network.
- Region: select the region in which you deployed the private mobile network.
- Location: enter the code name of the region in which you deployed the private mobile network.
- Existing Mobile Network Name: enter the name of the Mobile Network resource representing your private mobile network.
- Existing Slice Name: enter the name of the Slice resource representing your network slice.
- Existing Data Network Name: enter the name of the data network. This value must match the name you used when creating the data network.
If you want to use the default service and SIM policy, leave the remaining fields unchanged. Otherwise, fill out the remaining fields to match the service and SIM policy you want to configure, using the information you collected from Collect the required information for a service and Collect the required information for a SIM policy.
Select Review + create.
Azure will now validate the configuration values you've entered. You should see a message indicating that your values have passed validation.
If the validation fails, you'll see an error message and the Configuration tab(s) containing the invalid configuration will be flagged. Select the flagged tab(s) and use the error messages to correct invalid configuration before returning to the Review + create tab.
Once your configuration has been validated, you can select Create to create the service and SIM policy. The Azure portal will display a confirmation screen when the deployment is complete.
Review deployed resources
On the confirmation screen, select Go to resource group.
Confirm that your service and SIM policy have been created in the resource group.
Next steps
You can now assign the SIM policy to your SIMs to bring them into service.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for