Open5GS status: recent, current and future developments
Presentation link : https://open5gs.org/slides/etri2024
Sukchan Lee
Recent Developments
- HTTP/2 over TLS Enhanced security and performance for control plane communications
- 5G SUCI Profile A/B Scheme Enhanced subscriber privacy protection
- UPF High Availability SMF detects UPF failover using PFCP Heartbeats. Process of transferring PDU sessions to a new UPF for uninterrupted service
Metrics Support using Prometheus
Introduction of a generic API for counters, gauges, etc.
Framed Routing in 5G
Framed Routing allows a range of IP addresses or prefixes to be reachable over a single PDU Session, supporting IP networks behind a UE for IPv4 and IPv6 sessions.
The Session Management Function (SMF) provides Framed Route information to the User Plane Function (UPF), and updates or releases PDU Sessions based on changes in Framed Route information from DN-AAA or UDM sources.
Subscriber Database
- 192.168.21.0/24 being routed to the internet APN is as follows.
"imsi", ("999700000021309"),
...
"slice", "[", "{",
"session", "[", "{",
"name", ("internet"),
"ipv4_framed_routes", ("192.168.21.0/24"),
...
Overview of PFCP Restoration
PFCP is a 3GPP protocol used in 5G core networks and 4G/LTE EPC to define the interactions between SMF and UPF or between SGW-C and SGW-U.
Across PFCP based interfaces, an SGW-C, SGW-U, SMF and UPF Node shall utilize PFCP Heartbeat Request and Heartbeat Response messages to detect and handle a peer PFCP entity failure or restart.
- TS23.007 LTE Restoration procedures
- TS23.527 5G Restoration procedures
PFCP Restoration Method
SMF/SGW-C Restoration Procedures
UPF/SGW-U shall delete all session contexts affected by the PFCP entity restart that it may have stored.
UPF/SGW-U Restoration Procedures
SMF/SGW-C shall include a restoration indication in the PFCP Session Establishment Request message to indicate to the UPF/SGW-U.
What is SEPP?
A network function in 5G architecture designed to secure information exchange between network operators for roaming.
How Does 5G Roaming Work?
Use of TLS (Transport Layer Security) for encryption and N32 interface for communication between SEPPs.
Design 5G Roaming
TLS Certification and Interface Configuration: Discussion on the security practice of using different TLS certificates for SBI and N32 interfaces, and the design consideration behind separating N32c and N32f interfaces for control and forwarding.
Challenges: Legacy configuration files (up to version 2.6.x) lack the flexibility and features needed to effectively design roaming settings. Key requirements such as Transport Layer Security (TLS) and specific configurations like n32/n32f are difficult to implement.
New Configuration(Cont.)
mme:
freeDiameter: /home/acetcom/Documents/git/open5gs/install/etc/freeDiameter/mme.conf
s1ap:
- - addr: 127.0.0.2
+ server:
+ - address: 127.0.0.2
gtpc:
- - addr: 127.0.0.2
+ server:
+ - address: 127.0.0.2
+ client:
+ sgwc:
+ - address: 127.0.0.3
+ smf:
+ - address: 127.0.0.4
metrics:
- - addr: 127.0.0.2
- port: 9090
+ server:
+ - address: 127.0.0.2
+ port: 9090
gummei:
- plmn_id:
mcc: 999
@@ -25,16 +33,3 @@
full: Open5GS
short: Next
mme_name: open5gs-mme0
-sgwc:
- gtpc:
- - addr: 127.0.0.3
-smf:
- gtpc:
- - addr:
- - 127.0.0.4
- - ::1
New Configuration File Format
-scp:
- sbi:
- - addr: 127.0.1.10
- port: 7777
-
amf:
sbi:
- - addr: 127.0.0.5
- port: 7777
+ server:
+ - address: 127.0.0.5
+ port: 7777
+ client:
+ scp:
+ - uri: http://127.0.0.200:7777
ngap:
- - addr: 127.0.0.5
+ server:
+ - address: 127.0.0.5
metrics:
- - addr: 127.0.0.5
- port: 9090
+ server:
+ - address: 127.0.0.5
+ port: 9090
SEPP Configuration
Only N32 uses HTTPS with TLS, while other NFs use HTTP without TLS.
sepp:
default:
tls:
server:
private_key: /etc/open5gs/tls/sepp1.key
cert: /etc/open5gs/tls/sepp1.crt
client:
cacert: /etc/open5gs/tls/ca.crt
sbi:
server:
- address: 127.0.1.250
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
n32:
server:
- sender: sepp1.localdomain
scheme: https
address: 127.0.1.251
port: 7777
n32f:
scheme: https
address: 127.0.1.252
port: 7777
client:
sepp:
- receiver: sepp2.localdomain
uri: https://sepp2.localdomain:7777
resolve: 127.0.2.251
n32f:
uri: https://sepp2.localdomain:7777
resolve: 127.0.2.252
SEPP Configuration(Cont.)
N32 control and N32 forwarding interface use different key/certificate.
sbi:
server:
- address: 127.0.1.250
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
n32:
server:
- sender: sepp1.localdomain
scheme: https
address: 127.0.1.251
private_key: /etc/open5gs/tls/sepp1.key
cert: /etc/open5gs/tls/sepp1.crt
verify_client: true
verify_client_cacert: /etc/open5gs/tls/ca.crt
n32f:
scheme: https
address: 127.0.1.252
private_key: /etc/open5gs/tls/sepp1-n32f.key
cert: /etc/open5gs/tls/sepp1-n32f.crt
verify_client: true
verify_client_cacert: /etc/open5gs/tls/ca.crt
client:
sepp:
- receiver: sepp2.localdomain
uri: https://sepp2.localdomain
resolve: 127.0.2.251
cacert: /etc/open5gs/tls/ca.crt
client_private_key: /etc/open5gs/tls/sepp1.key
client_cert: /etc/open5gs/tls/sepp1.crt
n32f:
uri: https://sepp2.localdomain
resolve: 127.0.2.252
cacert: /etc/open5gs/tls/ca.crt
client_private_key: /etc/open5gs/tls/sepp1-n32f.key
client_cert: /etc/open5gs/tls/sepp1-n32f.crt
NRF requires a PLMN-ID
For 5G Roaming, the PLMN ID must be configured in the NRF as follows:
nrf:
serving: # 5G roaming requires PLMN in NRF
- plmn_id:
mcc: 999
mnc: 70
sbi:
server:
- address: 127.0.0.10
port: 7777
The configuration of FQDN in NFs
During the registration phase, a Network Function (NF) receives PLMN-ID information from the NRF and configures its own Fully Qualified Domain Name (FQDN) accordingly.
- /etc/hosts
127.0.1.10 nrf.5gc.mnc070.mcc999.3gppnetwork.org
127.0.1.11 ausf.5gc.mnc070.mcc999.3gppnetwork.org
127.0.1.12 udm.5gc.mnc070.mcc999.3gppnetwork.org
127.0.2.10 nrf.5gc.mnc001.mcc001.3gppnetwork.org
127.0.2.11 ausf.5gc.mnc001.mcc001.3gppnetwork.org
127.0.2.12 udm.5gc.mnc001.mcc001.3gppnetwork.org
127.0.3.10 nrf.5gc.mnc010.mcc315.3gppnetwork.org
127.0.3.11 ausf.5gc.mnc010.mcc315.3gppnetwork.org
127.0.3.12 udm.5gc.mnc010.mcc315.3gppnetwork.org
Determining UE Roaming in NFs
- AMF
Due to the ability to accurately extract the PLMN-ID from the SUCI, it is easy to distinguish whether the connection is being made from the Home PLMN or a Visited PLMN.
Determining UE Roaming(Cont.)
- SMF
The AMF transmits session information to the SMF for roaming UEs using the Full DNN method, leveraging FQDN information.
By comparing the SUPI with the Full DNN, the SMF determines whether the MNC is 2 or 3 bytes and identifies the accurate Home PLMN ID, allowing it to discern whether the UE is on the Home or Visited PLMN.
Full DNN: internet.5gc.mnc070.mcc999.3gppnetwork.org
SUPI: imsi-999700000000001
IMSI: 999700000000001
PLMN-ID: MCC(999) MNC(70)
Full DNN: internet.5gc.mnc014.mcc310.3gppnetwork.org
SUPI: imsi-3100140000000001
IMSI: 3100140000000001
PLMN-ID: MCC(310) MNC(014)
The Risk of Full DNN:
If an AMF from other vendor doesn't use Full DNN, it won't work right.
TS29.502
6.1 Nsmf_PDUSession Service API
Table 6.1.6.2.2-1: Definition of type SmContextCreateData
NAME: dnn, Data type: Dnn
When present, it shall contain the requested DNN; the DNN
shall be the full DNN (i.e. with both the Network Identifier
and Operator Identifier) for a HR PDU session, and
it should be the full DNN in LBO and non-roaming scenarios.
If the Operator Identifier is absent,
the serving core network operator shall be assumed.
5G Roaming
For insights and detailed information on 5G Roaming with Open5GS, the tutorial at https://open5gs.org/open5gs/docs/tutorial/05-roaming/ serves as an excellent resource.
Open5GS in the Present
Working to fill in the gaps where functionality is limited or not yet fully implemented, as shown below.
- Partial implementation of Roaming
- No OCS/OFCS
Home Routed Roaming
While progress has been made in supporting LBO for roaming, the complete implementation for Home Routed roaming is pending.
Gy Interface Development
- Collaboration with Osmocom is ongoing for Gy interface implementation
- open5gs-smfd supports interacting to an OCS node through the Gy interface
- Initial basic code for open5gs-ocsd is expected to be released soon - Issues #1492
open5gs-ocsd
It may make sense to introduce at least a minimal open5gs-ocsd in open5gs.git which announced the Credit Control diameter app support, and which can handle CCR Initial/Update/Termination answering with CCA.
It could also set Validity-Time and Volume-Threshold each time it is requested some resources, to get periodic reports about each subscriber, and perhaps store that into the mongodb database.
Future Work
I wonder if I should...
Moving Documentation and WebUI to separate repositories
Request from Community
- MongoDB Alternative using YAML conf
- CLI using Rest API
- GTP-U Restoration
- io_uring
- osmo-gsm-shark with gsmtap
Request from Community(Cont.)
- EAP-AKA-Prime
- Add locality in the configuration
- SUPI/GPSI Ranges in UDM - Issues #2010
- UL Classifier - N9 interface between UPFs
- NEF
Mesurement of UPF Performance
| UPF | TCP | UDP | Loss | RTT |
|---|---|---|---|---|
| UPG-VPP | 1162Mbps | 458Mbps | 0.96% | 0.398ms |
| eUPF | 358Mbps | 418Mbps | 3.6% | 0.882ms |
| free5GC | 231Mbps | 401Mbps | 23% | 0.786ms |
| Open5GS | 205Mbps | 389Mbps | 30% | 1.081ms |
UPF Comparison
| Kind | Description |
|---|---|
| eBPF/XDP | Simply works on mainline linux |
| DPDK/VPP | A slightly higher performance than XDP |
| NIC need to be dedicated to DPDK |
Open5GS UPF Improvements
Should Open5GS create its own UPF?
Harmonious Prioritization
- Prioritizing bug fixes in the issue
- Need to address security vulnerablilities
- Hope to do a lot of new features
Thank you
Thank You for Your Attention!