Create a site using an ARM template

Azure Private 5G Core private mobile networks include one or more sites. Each site represents a physical enterprise location (for example, Contoso Corporation's Chicago factory) containing an Azure Stack Edge device that hosts a packet core instance. In this how-to guide, you'll learn how to create a site in your private mobile network using an Azure Resource Manager template (ARM template).

An Azure Resource Manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. You describe your intended deployment without writing the sequence of programming commands to create the deployment.

If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.

Button to deploy the Resource Manager template to Azure.

Prerequisites

  • Identify the names of the interfaces corresponding to ports 5 and 6 on your Azure Stack Edge Pro device.
  • Identify the names of the interfaces corresponding to ports 3 and 4 on your Azure Stack Edge Pro device.
  • Collect all of the information in Collect the required information for a site.
  • Ensure you can sign in to the Azure portal using an account with access to the active subscription you used to create your private mobile network. This account must have the built-in Contributor or Owner role at the subscription scope.
  • If the new site will support 4G user equipment (UEs), you must have created a network slice with slice/service type (SST) value of 1 and an empty slice differentiator (SD).

Review the template

The template used in this how-to guide is from Azure Quickstart Templates.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.28.1.47646",
      "templateHash": "6727180129563671192"
    }
  },
  "parameters": {
    "location": {
      "type": "string",
      "metadata": {
        "description": "Region where the mobile network will be deployed (must match the resource group region)"
      }
    },
    "existingMobileNetworkName": {
      "type": "string",
      "metadata": {
        "description": "Name of the mobile network to which you are adding a site"
      }
    },
    "existingDataNetworkName": {
      "type": "string",
      "metadata": {
        "description": "Name of the existing data network to which the mobile network connects"
      }
    },
    "siteName": {
      "type": "string",
      "defaultValue": "myExampleSite",
      "metadata": {
        "description": "The name for the site"
      }
    },
    "azureStackEdgeDevice": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "The resource ID of the Azure Stack Edge device to deploy to"
      }
    },
    "controlPlaneAccessInterfaceName": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "The virtual network name on port 5 on your Azure Stack Edge Pro device corresponding to the control plane interface on the access network. For 5G, this interface is the N2 interface; for 4G, it's the S1-MME interface."
      }
    },
    "controlPlaneAccessIpAddress": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "The IP address of the control plane interface on the access network. In 5G networks this is called the N2 interface whereas in 4G networks this is called the S1-MME interface."
      }
    },
    "userPlaneAccessInterfaceName": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "The virtual network name on port 5 on your Azure Stack Edge Pro device corresponding to the user plane interface on the access network. For 5G, this interface is the N3 interface; for 4G, it's the S1-U interface."
      }
    },
    "userPlaneDataInterfaceName": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "The virtual network name on port 6 on your Azure Stack Edge Pro device corresponding to the user plane interface on the data network. For 5G, this interface is the N6 interface; for 4G, it's the SGi interface."
      }
    },
    "userEquipmentAddressPoolPrefix": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "The network address of the subnet from which dynamic IP addresses must be allocated to UEs, given in CIDR notation. Optional if userEquipmentStaticAddressPoolPrefix is specified. If both are specified, they must be the same size and not overlap."
      }
    },
    "userEquipmentStaticAddressPoolPrefix": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "The network address of the subnet from which static IP addresses must be allocated to UEs, given in CIDR notation. Optional if userEquipmentAddressPoolPrefix is specified. If both are specified, they must be the same size and not overlap."
      }
    },
    "coreNetworkTechnology": {
      "type": "string",
      "defaultValue": "5GC",
      "allowedValues": [
        "EPC",
        "5GC",
        "EPC + 5GC"
      ],
      "metadata": {
        "description": "The mode in which the packet core instance will run"
      }
    },
    "naptEnabled": {
      "type": "string",
      "allowedValues": [
        "Enabled",
        "Disabled"
      ],
      "metadata": {
        "description": "Whether or not Network Address and Port Translation (NAPT) should be enabled for this data network"
      }
    },
    "dnsAddresses": {
      "type": "array",
      "metadata": {
        "description": "A list of DNS servers that UEs on this data network will use"
      }
    },
    "customLocation": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "The resource ID of the custom location that targets the Azure Kubernetes Service on Azure Stack HCI (AKS-HCI) cluster on the Azure Stack Edge Pro device in the site. If this parameter is not specified, the packet core instance will be created but will not be deployed to an ASE. [Collect custom location information](https://docs.microsoft.com/en-gb/azure/private-5g-core/collect-required-information-for-a-site#collect-custom-location-information) explains which value to specify here."
      }
    },
    "desiredState": {
      "type": "string",
      "defaultValue": "Uninstalled",
      "metadata": {
        "description": "The desired installation state"
      }
    },
    "ueMtu": {
      "type": "int",
      "defaultValue": 1440,
      "metadata": {
        "description": "The MTU (in bytes) signaled to the UE. The same MTU is set on the user plane data links for all data networks. The MTU set on the user plane access link is calculated to be 60 bytes greater than this value to allow for GTP encapsulation. "
      }
    },
    "allowSupportTelemetryAccess": {
      "type": "bool",
      "defaultValue": true,
      "metadata": {
        "description": "Provide consent for Microsoft to access non-PII telemetry information from the packet core."
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.MobileNetwork/packetCoreControlPlanes/packetCoreDataPlanes/attachedDataNetworks",
      "apiVersion": "2024-04-01",
      "name": "[format('{0}/{1}/{2}', parameters('siteName'), parameters('siteName'), parameters('existingDataNetworkName'))]",
      "location": "[parameters('location')]",
      "properties": {
        "userPlaneDataInterface": {
          "name": "[parameters('userPlaneDataInterfaceName')]"
        },
        "userEquipmentAddressPoolPrefix": "[if(empty(parameters('userEquipmentAddressPoolPrefix')), null(), createArray(parameters('userEquipmentAddressPoolPrefix')))]",
        "userEquipmentStaticAddressPoolPrefix": "[if(empty(parameters('userEquipmentStaticAddressPoolPrefix')), null(), createArray(parameters('userEquipmentStaticAddressPoolPrefix')))]",
        "naptConfiguration": {
          "enabled": "[parameters('naptEnabled')]"
        },
        "dnsAddresses": "[parameters('dnsAddresses')]"
      },
      "dependsOn": [
        "[resourceId('Microsoft.MobileNetwork/packetCoreControlPlanes/packetCoreDataPlanes', parameters('siteName'), parameters('siteName'))]"
      ]
    },
    {
      "type": "Microsoft.MobileNetwork/packetCoreControlPlanes/packetCoreDataPlanes",
      "apiVersion": "2024-04-01",
      "name": "[format('{0}/{1}', parameters('siteName'), parameters('siteName'))]",
      "location": "[parameters('location')]",
      "properties": {
        "userPlaneAccessInterface": {
          "name": "[parameters('userPlaneAccessInterfaceName')]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.MobileNetwork/packetCoreControlPlanes', parameters('siteName'))]"
      ]
    },
    {
      "type": "Microsoft.MobileNetwork/mobileNetworks/sites",
      "apiVersion": "2024-04-01",
      "name": "[format('{0}/{1}', parameters('existingMobileNetworkName'), parameters('siteName'))]",
      "location": "[parameters('location')]"
    },
    {
      "type": "Microsoft.MobileNetwork/packetCoreControlPlanes",
      "apiVersion": "2024-04-01",
      "name": "[parameters('siteName')]",
      "location": "[parameters('location')]",
      "properties": {
        "sites": [
          {
            "id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks/sites', parameters('existingMobileNetworkName'), parameters('siteName'))]"
          }
        ],
        "sku": "G0",
        "localDiagnosticsAccess": {
          "authenticationType": "Password"
        },
        "coreNetworkTechnology": "[parameters('coreNetworkTechnology')]",
        "platform": {
          "type": "AKS-HCI",
          "customLocation": "[if(empty(parameters('customLocation')), null(), createObject('id', parameters('customLocation')))]",
          "azureStackEdgeDevice": {
            "id": "[parameters('azureStackEdgeDevice')]"
          }
        },
        "controlPlaneAccessInterface": {
          "ipv4Address": "[parameters('controlPlaneAccessIpAddress')]",
          "name": "[parameters('controlPlaneAccessInterfaceName')]"
        },
        "installation": {
          "desiredState": "[parameters('desiredState')]"
        },
        "ueMtu": "[parameters('ueMtu')]",
        "userConsent": {
          "allowSupportTelemetryAccess": "[parameters('allowSupportTelemetryAccess')]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.MobileNetwork/mobileNetworks/sites', parameters('existingMobileNetworkName'), parameters('siteName'))]"
      ]
    }
  ]
}

Four Azure resources are defined in the template.

Deploy the template

  1. Select the following link to sign in to Azure and open a template.

    Button to deploy the Resource Manager template to Azure.

  1. Select or enter the following values, using the information you retrieved in Prerequisites.

    Field Value
    Subscription Select the Azure subscription you used to create your private mobile network.
    Resource group Select the resource group containing the mobile network resource representing your private mobile network.
    Region Select the region in which you deployed the private mobile network.
    Location Enter the code name of the region in which you deployed the private mobile network.
    Existing Mobile Network Name Enter the name of the mobile network resource representing your private mobile network.
    Existing Data Network Name Enter the name of the data network. This value must match the name you used when creating the data network.
    Site Name Enter a name for your site.
    Azure Stack Edge Device Enter the resource ID of the Azure Stack Edge resource in the site.
    Control Plane Access Interface Name Enter the virtual network name on port 5 on your Azure Stack Edge Pro GPU device corresponding to the control plane interface on the access network. For 5G, this interface is the N2 interface; for 4G, it's the S1-MME interface; for combined 4G and 5G, it's the N2/S1-MME interface.
    Control Plane Access Ip Address Enter the IP address for the control plane interface on the access network.
    User Plane Access Interface Name Enter the virtual network name on port 5 on your Azure Stack Edge Pro GPU device corresponding to the user plane interface on the access network. For 5G, this interface is the N3 interface; for 4G, it's the S1-U interface; for combined 4G and 5G, it's the N3/S1-U interface.
    User Plane Data Interface Name Enter the virtual network name on port 6 on your Azure Stack Edge Pro GPU device corresponding to the user plane interface on the data network. For 5G, this interface is the N6 interface; for 4G, it's the SGi interface; for combined 4G and 5G, it's the N6/SGi interface.
    User Equipment Address Pool Prefix Enter the network address of the subnet from which dynamic IP addresses must be allocated to UEs in CIDR notation. You can omit this if you don't want to support dynamic IP address allocation.
    User Equipment Static Address Pool Prefix Enter the network address of the subnet from which static IP addresses must be allocated to UEs in CIDR notation. You can omit this if you don't want to support static IP address allocation.
    Core Network Technology Enter 5GC for 5G, EPC for 4G, or EPC + 5GC for combined 4G and 5G.
    Napt Enabled Set this field depending on whether Network Address and Port Translation (NAPT) should be enabled for the data network.
    Dns Addresses Enter the DNS server addresses. You should only omit this if you don't need the UEs to perform DNS resolution, or if all UEs in the network will use their own locally configured DNS servers.
    Custom Location Enter the resource ID of the custom location that targets the Azure Kubernetes Service on Azure Stack HCI (AKS-HCI) cluster on the Azure Stack Edge Pro device in the site.
  1. Select or enter the following values, using the information you retrieved in Prerequisites.

    Field Value
    Subscription Select the Azure subscription you used to create your private mobile network.
    Resource group Select the resource group containing the mobile network resource representing your private mobile network.
    Region Select the region in which you deployed the private mobile network.
    Location Enter the code name of the region in which you deployed the private mobile network.
    Existing Mobile Network Name Enter the name of the mobile network resource representing your private mobile network.
    Existing Data Network Name Enter the name of the data network. This value must match the name you used when creating the data network.
    Site Name Enter a name for your site.
    Azure Stack Edge Device Enter the resource ID of the Azure Stack Edge resource in the site.
    Control Plane Access Interface Name Enter the virtual network name on port 3 on your Azure Stack Edge Pro 2 device corresponding to the control plane interface on the access network. For 5G, this interface is the N2 interface; for 4G, it's the S1-MME interface; for combined 4G and 5G, it's the N2/S1-MME interface.
    Control Plane Access Ip Address Enter the IP address for the control plane interface on the access network.
    User Plane Access Interface Name Enter the virtual network name on port 3 on your Azure Stack Edge Pro 2 device corresponding to the user plane interface on the access network. For 5G, this interface is the N3 interface; for 4G, it's the S1-U interface; for combined 4G and 5G, it's the N3/S1-U interface.
    User Plane Data Interface Name Enter the virtual network name on port 4 on your Azure Stack Edge Pro 2 device corresponding to the user plane interface on the data network. For 5G, this interface is the N6 interface; for 4G, it's the SGi interface; for combined 4G and 5G, it's the N6/SGi interface.
    User Equipment Address Pool Prefix Enter the network address of the subnet from which dynamic IP addresses must be allocated to UEs in CIDR notation. You can omit this if you don't want to support dynamic IP address allocation.
    User Equipment Static Address Pool Prefix Enter the network address of the subnet from which static IP addresses must be allocated to UEs in CIDR notation. You can omit this if you don't want to support static IP address allocation.
    Core Network Technology Enter 5GC for 5G, EPC for 4G, or EPC + 5GC for combined 4G and 5G.
    Napt Enabled Set this field depending on whether Network Address and Port Translation (NAPT) should be enabled for the data network.
    Dns Addresses Enter the DNS server addresses. You should only omit this if you don't need the UEs to perform DNS resolution, or if all UEs in the network will use their own locally configured DNS servers.
    Custom Location Enter the resource ID of the custom location that targets the Azure Kubernetes Service on Azure Stack HCI (AKS-HCI) cluster on the Azure Stack Edge Pro device in the site.
  1. Select Review + create.

  2. Azure will now validate the configuration values you've entered. You should see a message indicating that your values have passed validation.

    If the validation fails, you'll see an error message and the Configuration tab(s) containing the invalid configuration will be flagged. Select the flagged tab(s) and use the error messages to correct invalid configuration before returning to the Review + create tab.

  3. Once your configuration has been validated, you can select Create to create the site. The Azure portal will display a confirmation screen when the site has been created.

Review deployed resources

  1. On the confirmation screen, select Go to resource group.

    Screenshot of the Azure portal showing a deployment confirmation for the ARM template.

  2. Confirm that the resource group contains the following new resources:

    • A Mobile Network Site resource representing the site as a whole.
    • A Packet Core Control Plane resource representing the control plane function of the packet core instance in the site.
    • A Packet Core Data Plane resource representing the data plane function of the packet core instance in the site.
    • An Attached Data Network resource representing the site's view of the data network.

    Screenshot of the Azure portal showing a resource group containing a site and its related resources.

Next steps

If you decided to set up Microsoft Entra ID for local monitoring access, follow the steps in Modify the local access configuration in a site and Enable Microsoft Entra ID for local monitoring tools.

If you haven't already done so, you should now design the policy control configuration for your private mobile network. This allows you to customize how your packet core instances apply quality of service (QoS) characteristics to traffic. You can also block or limit certain flows. See Policy control to learn more about designing the policy control configuration for your private mobile network.