Presentation link : https://open5gs.org/slides/etri2024
Sukchan Lee
Introduction of a generic API for counters, gauges, etc.
Framed Routing allows a range of IP addresses or prefixes to be reachable over a single PDU Session, supporting IP networks behind a UE for IPv4 and IPv6 sessions.
The Session Management Function (SMF) provides Framed Route information to the User Plane Function (UPF), and updates or releases PDU Sessions based on changes in Framed Route information from DN-AAA or UDM sources.
"imsi", ("999700000021309"),
...
"slice", "[", "{",
"session", "[", "{",
"name", ("internet"),
"ipv4_framed_routes", ("192.168.21.0/24"),
...
PFCP is a 3GPP protocol used in 5G core networks and 4G/LTE EPC to define the interactions between SMF and UPF or between SGW-C and SGW-U.
Across PFCP based interfaces, an SGW-C, SGW-U, SMF and UPF Node shall utilize PFCP Heartbeat Request and Heartbeat Response messages to detect and handle a peer PFCP entity failure or restart.
SMF/SGW-C Restoration Procedures
UPF/SGW-U shall delete all session contexts affected by the PFCP entity restart that it may have stored.
UPF/SGW-U Restoration Procedures
SMF/SGW-C shall include a restoration indication in the PFCP Session Establishment Request message to indicate to the UPF/SGW-U.
A network function in 5G architecture designed to secure information exchange between network operators for roaming.
Use of TLS (Transport Layer Security) for encryption and N32 interface for communication between SEPPs.
TLS Certification and Interface Configuration: Discussion on the security practice of using different TLS certificates for SBI and N32 interfaces, and the design consideration behind separating N32c and N32f interfaces for control and forwarding.
Challenges: Legacy configuration files (up to version 2.6.x) lack the flexibility and features needed to effectively design roaming settings. Key requirements such as Transport Layer Security (TLS) and specific configurations like n32/n32f are difficult to implement.
mme:
freeDiameter: /home/acetcom/Documents/git/open5gs/install/etc/freeDiameter/mme.conf
s1ap:
- - addr: 127.0.0.2
+ server:
+ - address: 127.0.0.2
gtpc:
- - addr: 127.0.0.2
+ server:
+ - address: 127.0.0.2
+ client:
+ sgwc:
+ - address: 127.0.0.3
+ smf:
+ - address: 127.0.0.4
metrics:
- - addr: 127.0.0.2
- port: 9090
+ server:
+ - address: 127.0.0.2
+ port: 9090
gummei:
- plmn_id:
mcc: 999
@@ -25,16 +33,3 @@
full: Open5GS
short: Next
mme_name: open5gs-mme0
-sgwc:
- gtpc:
- - addr: 127.0.0.3
-smf:
- gtpc:
- - addr:
- - 127.0.0.4
- - ::1
-scp:
- sbi:
- - addr: 127.0.1.10
- port: 7777
-
amf:
sbi:
- - addr: 127.0.0.5
- port: 7777
+ server:
+ - address: 127.0.0.5
+ port: 7777
+ client:
+ scp:
+ - uri: http://127.0.0.200:7777
ngap:
- - addr: 127.0.0.5
+ server:
+ - address: 127.0.0.5
metrics:
- - addr: 127.0.0.5
- port: 9090
+ server:
+ - address: 127.0.0.5
+ port: 9090
Only N32 uses HTTPS with TLS, while other NFs use HTTP without TLS.
sepp:
default:
tls:
server:
private_key: /etc/open5gs/tls/sepp1.key
cert: /etc/open5gs/tls/sepp1.crt
client:
cacert: /etc/open5gs/tls/ca.crt
sbi:
server:
- address: 127.0.1.250
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
n32:
server:
- sender: sepp1.localdomain
scheme: https
address: 127.0.1.251
port: 7777
n32f:
scheme: https
address: 127.0.1.252
port: 7777
client:
sepp:
- receiver: sepp2.localdomain
uri: https://sepp2.localdomain:7777
resolve: 127.0.2.251
n32f:
uri: https://sepp2.localdomain:7777
resolve: 127.0.2.252
N32 control and N32 forwarding interface use different key/certificate.
sbi:
server:
- address: 127.0.1.250
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
n32:
server:
- sender: sepp1.localdomain
scheme: https
address: 127.0.1.251
private_key: /etc/open5gs/tls/sepp1.key
cert: /etc/open5gs/tls/sepp1.crt
verify_client: true
verify_client_cacert: /etc/open5gs/tls/ca.crt
n32f:
scheme: https
address: 127.0.1.252
private_key: /etc/open5gs/tls/sepp1-n32f.key
cert: /etc/open5gs/tls/sepp1-n32f.crt
verify_client: true
verify_client_cacert: /etc/open5gs/tls/ca.crt
client:
sepp:
- receiver: sepp2.localdomain
uri: https://sepp2.localdomain
resolve: 127.0.2.251
cacert: /etc/open5gs/tls/ca.crt
client_private_key: /etc/open5gs/tls/sepp1.key
client_cert: /etc/open5gs/tls/sepp1.crt
n32f:
uri: https://sepp2.localdomain
resolve: 127.0.2.252
cacert: /etc/open5gs/tls/ca.crt
client_private_key: /etc/open5gs/tls/sepp1-n32f.key
client_cert: /etc/open5gs/tls/sepp1-n32f.crt
For 5G Roaming, the PLMN ID must be configured in the NRF as follows:
nrf:
serving: # 5G roaming requires PLMN in NRF
- plmn_id:
mcc: 999
mnc: 70
sbi:
server:
- address: 127.0.0.10
port: 7777
During the registration phase, a Network Function (NF) receives PLMN-ID information from the NRF and configures its own Fully Qualified Domain Name (FQDN) accordingly.
127.0.1.10 nrf.5gc.mnc070.mcc999.3gppnetwork.org
127.0.1.11 ausf.5gc.mnc070.mcc999.3gppnetwork.org
127.0.1.12 udm.5gc.mnc070.mcc999.3gppnetwork.org
127.0.2.10 nrf.5gc.mnc001.mcc001.3gppnetwork.org
127.0.2.11 ausf.5gc.mnc001.mcc001.3gppnetwork.org
127.0.2.12 udm.5gc.mnc001.mcc001.3gppnetwork.org
127.0.3.10 nrf.5gc.mnc010.mcc315.3gppnetwork.org
127.0.3.11 ausf.5gc.mnc010.mcc315.3gppnetwork.org
127.0.3.12 udm.5gc.mnc010.mcc315.3gppnetwork.org
Due to the ability to accurately extract the PLMN-ID from the SUCI, it is easy to distinguish whether the connection is being made from the Home PLMN or a Visited PLMN.
The AMF transmits session information to the SMF for roaming UEs using the Full DNN method, leveraging FQDN information.
By comparing the SUPI with the Full DNN, the SMF determines whether the MNC is 2 or 3 bytes and identifies the accurate Home PLMN ID, allowing it to discern whether the UE is on the Home or Visited PLMN.
Full DNN: internet.5gc.mnc070.mcc999.3gppnetwork.org
SUPI: imsi-999700000000001
IMSI: 999700000000001
PLMN-ID: MCC(999) MNC(70)
Full DNN: internet.5gc.mnc014.mcc310.3gppnetwork.org
SUPI: imsi-3100140000000001
IMSI: 3100140000000001
PLMN-ID: MCC(310) MNC(014)
If an AMF from other vendor doesn't use Full DNN, it won't work right.
TS29.502
6.1 Nsmf_PDUSession Service API
Table 6.1.6.2.2-1: Definition of type SmContextCreateData
NAME: dnn, Data type: Dnn
When present, it shall contain the requested DNN; the DNN
shall be the full DNN (i.e. with both the Network Identifier
and Operator Identifier) for a HR PDU session, and
it should be the full DNN in LBO and non-roaming scenarios.
If the Operator Identifier is absent,
the serving core network operator shall be assumed.
For insights and detailed information on 5G Roaming with Open5GS, the tutorial at https://open5gs.org/open5gs/docs/tutorial/05-roaming/ serves as an excellent resource.
Working to fill in the gaps where functionality is limited or not yet fully implemented, as shown below.
While progress has been made in supporting LBO for roaming, the complete implementation for Home Routed roaming is pending.
It may make sense to introduce at least a minimal open5gs-ocsd in open5gs.git which announced the Credit Control diameter app support, and which can handle CCR Initial/Update/Termination answering with CCA.
It could also set Validity-Time and Volume-Threshold each time it is requested some resources, to get periodic reports about each subscriber, and perhaps store that into the mongodb database.
I wonder if I should...
Moving Documentation and WebUI to separate repositories
UPF | TCP | UDP | Loss | RTT |
---|---|---|---|---|
UPG-VPP | 1162Mbps | 458Mbps | 0.96% | 0.398ms |
eUPF | 358Mbps | 418Mbps | 3.6% | 0.882ms |
free5GC | 231Mbps | 401Mbps | 23% | 0.786ms |
Open5GS | 205Mbps | 389Mbps | 30% | 1.081ms |
Kind | Description |
---|---|
eBPF/XDP | Simply works on mainline linux |
DPDK/VPP | A slightly higher performance than XDP |
NIC need to be dedicated to DPDK |
Should Open5GS create its own UPF?
Thank You for Your Attention!