Open5GS status: recent, current and future developments

Presentation link : https://open5gs.org/slides/etri2024

Sukchan Lee

Recent Developments

  • HTTP/2 over TLS
  • Enhanced security and performance for control plane communications
  • 5G SUCI Profile A/B Scheme
  • Enhanced subscriber privacy protection
  • UPF High Availability
  • SMF detects UPF failover using PFCP Heartbeats. Process of transferring PDU sessions to a new UPF for uninterrupted service

Metrics Support using Prometheus

Introduction of a generic API for counters, gauges, etc.

Metrics

Framed Routing in 5G

Framed Routing allows a range of IP addresses or prefixes to be reachable over a single PDU Session, supporting IP networks behind a UE for IPv4 and IPv6 sessions.

The Session Management Function (SMF) provides Framed Route information to the User Plane Function (UPF), and updates or releases PDU Sessions based on changes in Framed Route information from DN-AAA or UDM sources.

Subscriber Database

  • 192.168.21.0/24 being routed to the internet APN is as follows.

            "imsi", ("999700000021309"),
            ...
            "slice", "[", "{",
              "session", "[", "{",
                "name", ("internet"),
                "ipv4_framed_routes", ("192.168.21.0/24"),
                ...
          

Overview of PFCP Restoration

PFCP is a 3GPP protocol used in 5G core networks and 4G/LTE EPC to define the interactions between SMF and UPF or between SGW-C and SGW-U.

Across PFCP based interfaces, an SGW-C, SGW-U, SMF and UPF Node shall utilize PFCP Heartbeat Request and Heartbeat Response messages to detect and handle a peer PFCP entity failure or restart.

  • TS23.007 LTE Restoration procedures
  • TS23.527 5G Restoration procedures

PFCP Restoration Method

SMF/SGW-C Restoration Procedures

UPF/SGW-U shall delete all session contexts affected by the PFCP entity restart that it may have stored.

UPF/SGW-U Restoration Procedures

SMF/SGW-C shall include a restoration indication in the PFCP Session Establishment Request message to indicate to the UPF/SGW-U.

What is SEPP?

A network function in 5G architecture designed to secure information exchange between network operators for roaming.

How Does 5G Roaming Work?

Use of TLS (Transport Layer Security) for encryption and N32 interface for communication between SEPPs.

Roaming(LBO)

Design 5G Roaming

TLS Certification and Interface Configuration: Discussion on the security practice of using different TLS certificates for SBI and N32 interfaces, and the design consideration behind separating N32c and N32f interfaces for control and forwarding.

Challenges: Legacy configuration files (up to version 2.6.x) lack the flexibility and features needed to effectively design roaming settings. Key requirements such as Transport Layer Security (TLS) and specific configurations like n32/n32f are difficult to implement.

New Configuration(Cont.)


           mme:
             freeDiameter: /home/acetcom/Documents/git/open5gs/install/etc/freeDiameter/mme.conf
             s1ap:
          -    - addr: 127.0.0.2
          +    server:
          +      - address: 127.0.0.2
             gtpc:
          -    - addr: 127.0.0.2
          +    server:
          +      - address: 127.0.0.2
          +    client:
          +      sgwc:
          +        - address: 127.0.0.3
          +      smf:
          +        - address: 127.0.0.4
             metrics:
          -    - addr: 127.0.0.2
          -      port: 9090
          +    server:
          +      - address: 127.0.0.2
          +        port: 9090
             gummei:
               - plmn_id:
                   mcc: 999
          @@ -25,16 +33,3 @@
               full: Open5GS
               short: Next
             mme_name: open5gs-mme0
          -sgwc:
          -  gtpc:
          -    - addr: 127.0.0.3
          -smf:
          -  gtpc:
          -    - addr:
          -      - 127.0.0.4
          -      - ::1
          

New Configuration File Format


          -scp:
          -  sbi:
          -    - addr: 127.0.1.10
          -      port: 7777
          -
           amf:
             sbi:
          -    - addr: 127.0.0.5
          -      port: 7777
          +    server:
          +      - address: 127.0.0.5
          +        port: 7777
          +    client:
          +      scp:
          +        - uri: http://127.0.0.200:7777
             ngap:
          -    - addr: 127.0.0.5
          +    server:
          +      - address: 127.0.0.5
             metrics:
          -    - addr: 127.0.0.5
          -      port: 9090
          +    server:
          +      - address: 127.0.0.5
          +        port: 9090
          

SEPP Configuration

Only N32 uses HTTPS with TLS, while other NFs use HTTP without TLS.


          sepp:
            default:
              tls:
                server:
                  private_key: /etc/open5gs/tls/sepp1.key
                  cert: /etc/open5gs/tls/sepp1.crt
                client:
                  cacert: /etc/open5gs/tls/ca.crt
            sbi:
              server:
                - address: 127.0.1.250
                  port: 7777
              client:
                scp:
                  - uri: http://127.0.0.200:7777
            n32:
              server:
                - sender: sepp1.localdomain
                  scheme: https
                  address: 127.0.1.251
                  port: 7777
                  n32f:
                    scheme: https
                    address: 127.0.1.252
                    port: 7777
              client:
                sepp:
                  - receiver: sepp2.localdomain
                    uri: https://sepp2.localdomain:7777
                    resolve: 127.0.2.251
                    n32f:
                      uri: https://sepp2.localdomain:7777
                      resolve: 127.0.2.252
          

SEPP Configuration(Cont.)

N32 control and N32 forwarding interface use different key/certificate.


            sbi:
              server:
                - address: 127.0.1.250
                  port: 7777
              client:
                scp:
                  - uri: http://127.0.0.200:7777
            n32:
              server:
                - sender: sepp1.localdomain
                  scheme: https
                  address: 127.0.1.251
                  private_key: /etc/open5gs/tls/sepp1.key
                  cert: /etc/open5gs/tls/sepp1.crt
                  verify_client: true
                  verify_client_cacert: /etc/open5gs/tls/ca.crt
                  n32f:
                    scheme: https
                    address: 127.0.1.252
                    private_key: /etc/open5gs/tls/sepp1-n32f.key
                    cert: /etc/open5gs/tls/sepp1-n32f.crt
                    verify_client: true
                    verify_client_cacert: /etc/open5gs/tls/ca.crt
              client:
                sepp:
                  - receiver: sepp2.localdomain
                    uri: https://sepp2.localdomain
                    resolve: 127.0.2.251
                    cacert: /etc/open5gs/tls/ca.crt
                    client_private_key: /etc/open5gs/tls/sepp1.key
                    client_cert: /etc/open5gs/tls/sepp1.crt
                    n32f:
                      uri: https://sepp2.localdomain
                      resolve: 127.0.2.252
                      cacert: /etc/open5gs/tls/ca.crt
                      client_private_key: /etc/open5gs/tls/sepp1-n32f.key
                      client_cert: /etc/open5gs/tls/sepp1-n32f.crt
          

NRF requires a PLMN-ID

For 5G Roaming, the PLMN ID must be configured in the NRF as follows:


          nrf:
            serving:  # 5G roaming requires PLMN in NRF
              - plmn_id:
                  mcc: 999
                  mnc: 70
            sbi:
              server:
                - address: 127.0.0.10
                  port: 7777
          

The configuration of FQDN in NFs

During the registration phase, a Network Function (NF) receives PLMN-ID information from the NRF and configures its own Fully Qualified Domain Name (FQDN) accordingly.

  • /etc/hosts

          127.0.1.10  nrf.5gc.mnc070.mcc999.3gppnetwork.org
          127.0.1.11  ausf.5gc.mnc070.mcc999.3gppnetwork.org
          127.0.1.12  udm.5gc.mnc070.mcc999.3gppnetwork.org

          127.0.2.10  nrf.5gc.mnc001.mcc001.3gppnetwork.org
          127.0.2.11  ausf.5gc.mnc001.mcc001.3gppnetwork.org
          127.0.2.12  udm.5gc.mnc001.mcc001.3gppnetwork.org

          127.0.3.10  nrf.5gc.mnc010.mcc315.3gppnetwork.org
          127.0.3.11  ausf.5gc.mnc010.mcc315.3gppnetwork.org
          127.0.3.12  udm.5gc.mnc010.mcc315.3gppnetwork.org
          

Determining UE Roaming in NFs

  • AMF

Due to the ability to accurately extract the PLMN-ID from the SUCI, it is easy to distinguish whether the connection is being made from the Home PLMN or a Visited PLMN.

SUCI

Determining UE Roaming(Cont.)

  • SMF

The AMF transmits session information to the SMF for roaming UEs using the Full DNN method, leveraging FQDN information.

By comparing the SUPI with the Full DNN, the SMF determines whether the MNC is 2 or 3 bytes and identifies the accurate Home PLMN ID, allowing it to discern whether the UE is on the Home or Visited PLMN.


          Full DNN: internet.5gc.mnc070.mcc999.3gppnetwork.org
          SUPI: imsi-999700000000001
          IMSI: 999700000000001
          PLMN-ID: MCC(999) MNC(70)

          Full DNN: internet.5gc.mnc014.mcc310.3gppnetwork.org
          SUPI: imsi-3100140000000001
          IMSI: 3100140000000001
          PLMN-ID: MCC(310) MNC(014)
          

The Risk of Full DNN:

If an AMF from other vendor doesn't use Full DNN, it won't work right.


            TS29.502
            6.1 Nsmf_PDUSession Service API
            Table 6.1.6.2.2-1: Definition of type SmContextCreateData

            NAME: dnn, Data type: Dnn

            When present, it shall contain the requested DNN; the DNN
            shall be the full DNN (i.e. with both the Network Identifier
            and Operator Identifier) for a HR PDU session, and

            it should be the full DNN in LBO and non-roaming scenarios.

            If the Operator Identifier is absent,
            the serving core network operator shall be assumed.
          

5G Roaming

For insights and detailed information on 5G Roaming with Open5GS, the tutorial at https://open5gs.org/open5gs/docs/tutorial/05-roaming/ serves as an excellent resource.

Open5GS in the Present

Working to fill in the gaps where functionality is limited or not yet fully implemented, as shown below.

  • Partial implementation of Roaming
  • No OCS/OFCS

Home Routed Roaming

While progress has been made in supporting LBO for roaming, the complete implementation for Home Routed roaming is pending.

Roaming(Home-Routed)

Gy Interface Development

  • Collaboration with Osmocom is ongoing for Gy interface implementation
  • open5gs-smfd supports interacting to an OCS node through the Gy interface
  • Initial basic code for open5gs-ocsd is expected to be released soon - Issues #1492

open5gs-ocsd

It may make sense to introduce at least a minimal open5gs-ocsd in open5gs.git which announced the Credit Control diameter app support, and which can handle CCR Initial/Update/Termination answering with CCA.

It could also set Validity-Time and Volume-Threshold each time it is requested some resources, to get periodic reports about each subscriber, and perhaps store that into the mongodb database.

Future Work

I wonder if I should...

Moving Documentation and WebUI to separate repositories

Request from Community

  • MongoDB Alternative using YAML conf
  • CLI using Rest API
  • GTP-U Restoration
  • io_uring
  • osmo-gsm-shark with gsmtap

Request from Community(Cont.)

  • EAP-AKA-Prime
  • Add locality in the configuration
  • SUPI/GPSI Ranges in UDM - Issues #2010
  • UL Classifier - N9 interface between UPFs
  • NEF

Mesurement of UPF Performance

UPF TCP UDP Loss RTT
UPG-VPP 1162Mbps 458Mbps 0.96% 0.398ms
eUPF 358Mbps 418Mbps 3.6% 0.882ms
free5GC 231Mbps 401Mbps 23% 0.786ms
Open5GS 205Mbps 389Mbps 30% 1.081ms

UPF Comparison

Kind Description
eBPF/XDP Simply works on mainline linux
DPDK/VPP A slightly higher performance than XDP
NIC need to be dedicated to DPDK

Open5GS UPF Improvements

Should Open5GS create its own UPF?

Harmonious Prioritization

  • Prioritizing bug fixes in the issue
  • Need to address security vulnerablilities
  • Hope to do a lot of new features

Thank you

Thank You for Your Attention!