diff --git a/docs/_docs/tutorial/05-roaming.md b/docs/_docs/tutorial/05-roaming.md index af2a061ff..0fb232469 100644 --- a/docs/_docs/tutorial/05-roaming.md +++ b/docs/_docs/tutorial/05-roaming.md @@ -21,11 +21,11 @@ Let's start the explanation assuming that the connection test of the UE to this #### Build & Install -We'll start with the `roaming-tier2` branch from now on. +We'll start with the `roaming-tier3` branch from now on. ``` $ git clone https://github.com/open5gs/open5gs $ cd open5gs -$ git checkout roaming-tier2 +$ git checkout roaming-tier3 $ meson build --prefix=`pwd`/install $ ninja -C build install ``` @@ -35,294 +35,793 @@ $ ninja -C build install For routing to Home PLMN, NRF, AUSF and UDM address in H-PLMN shall use FQDN format, so please edit the /etc/hosts file as follows. ```diff -$ diff -u hosts /etc/hosts ---- hosts 2023-07-09 17:26:50.775626909 +0900 -+++ /etc/hosts 2023-07-09 17:27:14.941277632 +0900 -@@ -1,6 +1,13 @@ -127.0.0.1 localhost -127.0.1.1 open5gs +$ diff -u hosts.old hosts.new +--- hosts.old 2023-10-02 11:58:54.261154726 +0900 ++++ hosts.new 2023-10-02 11:59:02.868771248 +0900 +@@ -1,6 +1,18 @@ + 127.0.0.1 localhost + 127.0.1.1 open5gs -+127.0.3.10 nrf.5gc.mnc001.mcc001.3gppnetwork.org -+127.0.3.11 ausf.5gc.mnc001.mcc001.3gppnetwork.org -+127.0.3.12 udm.5gc.mnc001.mcc001.3gppnetwork.org ++127.0.1.10 nrf.5gc.mnc070.mcc999.3gppnetwork.org ++127.0.1.11 ausf.5gc.mnc070.mcc999.3gppnetwork.org ++127.0.1.12 udm.5gc.mnc070.mcc999.3gppnetwork.org + -+127.0.1.15 sepp1.localdomain -+127.0.2.15 sepp2.localdomain ++127.0.2.10 nrf.5gc.mnc001.mcc001.3gppnetwork.org ++127.0.2.11 ausf.5gc.mnc001.mcc001.3gppnetwork.org ++127.0.2.12 udm.5gc.mnc001.mcc001.3gppnetwork.org + -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet ++127.0.3.10 nrf.5gc.mnc010.mcc315.3gppnetwork.org ++127.0.3.11 ausf.5gc.mnc010.mcc315.3gppnetwork.org ++127.0.3.12 udm.5gc.mnc010.mcc315.3gppnetwork.org ++ + # The following lines are desirable for IPv6 capable hosts + ::1 ip6-localhost ip6-loopback + fe00::0 ip6-localnet ``` -Note that we are using 5gc.mnc010.mcc001.3gppnetwork.org for our home network domain for NRF, AUSF and UDM. However, SEPP can be routed without following this home network domain naming, so sepp.localdomain is used for convenience. #### Running V-PLMN 5G Core and H-PLMN 5G Core in the Single Host -H-PLMN 5G Core requires root privileges as it uses reserved ports such as http(80) or https(443). +5G Core requires root privileges as it uses reserved ports such as http(80) or https(443). ``` -$ sudo ./build/tests/app/5gc -c ./build/configs/examples/roaming-lbo-hplmn.yaml -Open5GS daemon v2.6.4-15-gab42065 -``` - -Since V-PLMN Core uses port 7777, it can be run without root privileges. -``` -$ ./build/tests/app/5gc -c ./build/configs/examples/roaming-lbo-vplmn.yaml -Open5GS daemon v2.6.4-15-gab42065 +$ sudo ./build/tests/app/5gc -c ./build/configs/examples/5gc-sepp1-999-70.yaml +$ sudo ./build/tests/app/5gc -c ./build/configs/examples/5gc-sepp2-001-01.yaml +$ sudo ./build/tests/app/5gc -c ./build/configs/examples/5gc-sepp3-315-010.yaml ``` Performs a test of UE access while roaming subscribed to H-PLMN. ``` -./build/tests/registration/registration -c ./build/configs/examples/001-01.yaml simple-test -``` - -A UE subscribed to V-PLMN connects without roaming. -``` -./build/tests/registration/registration -c ./build/configs/examples/999-01.yaml simple-test -``` - -## 2. Roaming Deployment - -#### vNRF and hNRF -We plan to use 001-01 for the Home PLMN and 999-70 for the Visited PLMN. To do so, serving PLMN ID shall be set in the NRF. NF PLMN ID is configured with the same PLMN ID as the NRF during the NFProfile registration process. - -Note that visited NRF can use IP address, but home NRF should follow TS23.003(28.3.2.3.2 Format of NRF FQDN) for routing. - -- Create h-nrf.yaml for Home PLMN - -``` -$ cp install/etc/open5gs/nrf.yaml install/etc/open5gs/h-nrf.yaml -``` - -- Update h-nrf.yaml - -```diff -$ diff -u install/etc/open5gs/nrf.yaml install/etc/open5gs/h-nrf.yaml ---- install/etc/open5gs/nrf.yaml 2023-08-06 22:46:02.263941577 +0900 -+++ install/etc/open5gs/h-nrf.yaml 2023-08-06 23:08:22.562644531 +0900 -@@ -9,11 +9,10 @@ -nrf: - serving: # 5G roaming requires PLMN in NRF - - plmn_id: -- mcc: 999 -- mnc: 70 -+ mcc: 001 -+ mnc: 01 - sbi: -- - address: 127.0.0.10 -- port: 7777 -+ - address: nrf.5gc.mnc001.mcc001.3gppnetwork.org - -################################################################################ -# SBI Server -``` - -- Run vNRF and hNRF - -``` -$ ./install/bin/open5gs-nrfd -$ sudo ./install/bin/open5gs-nrfd -c ./install/etc/open5gs/h-nrf.yaml -``` - -Note that Home NRF requires root privileges as it uses reserved ports such as http (80) or https (443). - - -#### vSCP and hSCP - -SCPs do not have to use FQDNs. - -- Create h-scp.yaml for Home PLMN - -``` -$ cp install/etc/open5gs/scp.yaml install/etc/open5gs/h-scp.yaml -``` - -- Update h-scp.yaml - -```diff -$ diff -u install/etc/open5gs/scp.yaml install/etc/open5gs/h-scp.yaml ---- install/etc/open5gs/scp.yaml 2023-08-06 22:46:02.279940823 +0900 -+++ install/etc/open5gs/h-scp.yaml 2023-08-06 23:11:29.727177201 +0900 -@@ -8,10 +8,10 @@ - -scp: - sbi: -- - address: 127.0.1.10 -+ - address: 127.0.2.10 - port: 7777 - nrf: -- - uri: http://127.0.0.10:7777 -+ - uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org - -################################################################################ -# SCP Info -``` - -- Update scp.yaml - -The V-PLMN SCP needs TLS information to connect SEPP. - -To connect SCP and NRF, the user directly specifies the client connection information in the configuration file. On the other hand, SEPP connection information can identify NF profile through NRF discovery function. - -TLS information for connecting SCP and NRF can be set directly by the user in the configuration file, but not in SEPP. Therefore, in order for SCP to connect to SEPP by TLS authentication, the default configuration method as shown below should be used. - -```diff -diff -u install/etc/open5gs/scp.yaml.old install/etc/open5gs/scp.yaml ---- install/etc/open5gs/scp.yaml.old 2023-08-06 23:45:34.184505318 +0900 -+++ install/etc/open5gs/scp.yaml 2023-08-06 23:45:38.216322924 +0900 -@@ -7,6 +7,11 @@ -# peer: 64 - -scp: -+ defconfig: -+ tls: -+ client: -+ scheme: https -+ cacert: /home/acetcom/Documents/git/open5gs/build/configs/open5gs/tls/ca.crt - sbi: - - address: 127.0.1.10 - port: 7777 -``` - -- Run vSCP and hSCP - -``` -$ ./install/bin/open5gs-scpd -$ ./install/bin/open5gs-scpd -c ./install/etc/open5gs/h-scp.yaml -``` - -#### vSEPP and hSEPP - -SEPP can be run without changing the configuration file. And SEPP uses HTTPS scheme with TLS in default setting. Please refer to the configuration file(sepp1.yaml/sepp2.yaml) for more details. - -- Run vSEPP and hSEPP - -``` -$ ./install/bin/open5gs-seppd -c ./install/etc/open5gs/sepp1.yaml -$ ./install/bin/open5gs-seppd -c ./install/etc/open5gs/sepp2.yaml -``` - -As shown below, you can confirm that the SEPP n32c interface is connected. -``` -INFO: [sepp1.localdomain] SEPP established (../src/sepp/handshake-sm.c:297) -``` - -#### hAUSF, hUDM and hUDR - -Home UDR can use IP address, but Home AUSF and Home UDM shall use FQDN. - -- Create h-udr.yaml, h-ausf.yaml and h-udm.yaml for Home PLMN - -``` -$ cp install/etc/open5gs/udr.yaml install/etc/open5gs/h-udr.yaml -$ cp install/etc/open5gs/ausf.yaml install/etc/open5gs/h-ausf.yaml -$ cp install/etc/open5gs/udm.yaml install/etc/open5gs/h-udm.yaml -``` - -- Update h-udr.yaml - -```diff -$ diff -u install/etc/open5gs/udr.yaml install/etc/open5gs/h-udr.yaml ---- install/etc/open5gs/udr.yaml 2023-08-06 22:46:02.363936865 +0900 -+++ install/etc/open5gs/h-udr.yaml 2023-08-06 23:26:45.195462712 +0900 -@@ -9,12 +9,12 @@ - -udr: - sbi: -- - address: 127.0.0.20 -+ - address: 127.0.3.20 - port: 7777 -# nrf: -# - uri: http://127.0.0.10:7777 - scp: -- - uri: http://127.0.1.10:7777 -+ - uri: http://127.0.2.10:7777 - -################################################################################ -# SBI Server -``` - -- Update h-ausf.yaml - -```diff -$ diff -u install/etc/open5gs/ausf.yaml install/etc/open5gs/h-ausf.yaml ---- install/etc/open5gs/ausf.yaml 2023-08-06 22:46:02.327938562 +0900 -+++ install/etc/open5gs/h-ausf.yaml 2023-08-06 23:27:08.614413521 +0900 -@@ -8,12 +8,11 @@ - -ausf: - sbi: -- - address: 127.0.0.11 -- port: 7777 -+ - address: ausf.5gc.mnc001.mcc001.3gppnetwork.org -# nrf: -# - uri: http://127.0.0.10:7777 - scp: -- - uri: http://127.0.1.10:7777 -+ - uri: http://127.0.2.10:7777 - -################################################################################ -# SBI Server -``` - -- Update h-udm.yaml - -```diff -diff -u install/etc/open5gs/udm.yaml install/etc/open5gs/h-udm.yaml ---- install/etc/open5gs/udm.yaml 2023-08-06 22:46:02.347937619 +0900 -+++ install/etc/open5gs/h-udm.yaml 2023-08-06 23:27:25.177671001 +0900 -@@ -27,12 +27,11 @@ - scheme: 2 - key: /home/acetcom/Documents/git/open5gs/install/etc/open5gs/hnet/secp256r1-6.key - sbi: -- - address: 127.0.0.12 -- port: 7777 -+ - address: udm.5gc.mnc001.mcc001.3gppnetwork.org -# nrf: -# - uri: http://127.0.0.10:7777 - scp: -- - uri: http://127.0.1.10:7777 -+ - uri: http://127.0.2.10:7777 - -# -################################################################################ -``` - -``` -$ ./install/bin/open5gs-udrd -c ./install/etc/open5gs/h-udr.yaml -$ sudo ./install/bin/open5gs-ausfd -c ./install/etc/open5gs/h-ausf.yaml -$ sudo ./install/bin/open5gs-udmd -c ./install/etc/open5gs/h-udm.yaml -``` - -Like hNRF, hAUSF and hUDM also require root privileges. - -#### Run all NFs in Visited PLMN - -Since NFs in the V-PLMN can use IP addresses, we will use the default configuration. - -``` -$ ./install/bin/open5gs-amfd -$ ./install/bin/open5gs-smfd -$ ./install/bin/open5gs-upfd -$ ./install/bin/open5gs-ausfd -l ausf.log -$ ./install/bin/open5gs-udmd -l udm.log -$ ./install/bin/open5gs-pcfd -$ ./install/bin/open5gs-nssfd -$ ./install/bin/open5gs-bsfd -$ ./install/bin/open5gs-udrd -l udr.log -``` - -Since AUSF/UDM/UDR runs on Home PLMN, the log location is re-configured with the -l option to avoid log conflicts. - -#### Test Roaming -Performs a test of UE access while roaming subscribed to H-PLMN. -``` -./build/tests/registration/registration -c ./build/configs/examples/001-01.yaml simple-test -``` - -A UE subscribed to V-PLMN connects without roaming. -``` -./build/tests/registration/registration -c ./build/configs/examples/999-01.yaml simple-test +$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-999-70-ue-001-01.yaml simple-test +$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-999-70-ue-315-010.yaml simple-test +$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-001-01-ue-999-70.yaml simple-test +$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-001-01-ue-315-010.yaml simple-test +$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-315-010-ue-999-70.yaml simple-test +$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-315-010-ue-001-01.yaml simple-test ``` You can see the sample traffic. -- [[5g-roaming-lbo.pcapng]]({{ site.url }}{{ site.baseurl }}/assets/pcapng/5g_roaming_lbo.pcapng). + + +## 2. Roaming Deployment + +### VM and Subscriber Information + +Each VMs are as follows. +| VM # | Hostname | PLMN-ID | IP address | N32-c | N32-f | +| --- | --- | --- | --- | --- | --- | +| VM1 | sepp1.localdomain | MCC: 999, MNC: 70 | 10.10.1.5/16 | 10.10.1.251/16 | 10.10.1.252/16 | +| VM2 | sepp2.localdomain | MCC: 001, MNC: 01 | 10.10.2.5/16 | 10.10.2.251/16 | 10.10.2.252/16 | +| VM3 | sepp3.localdomain | MCC: 315, MNC: 010 | 10.10.3.5/16 | 10.10.3.251/16 | 10.10.3.252/16 | + +Subscriber Information (other information is the same) is as follows. +| UE # | IMSI | DNN | DN | Tunnel Interface of DN | +| --- | --- | --- | --- | --- | +| UE0 | 999700000000001 | internet | 10.45.0.0/16 | ogstun | +| UE1 | 001010000000001 | internet | 10.46.0.0/16 | ogstun2 | +| UE2 | 315010000000001 | internet | 10.47.0.0/16 | ogstun3 | + +### Setting for VM1 + +- Edit /etc/hosts + +```diff + $ diff -u hosts.old hosts.new +--- hosts.old 2023-10-02 12:22:41.320546720 +0900 ++++ hosts.new 2023-10-02 12:22:33.576884651 +0900 +@@ -1,6 +1,10 @@ + 127.0.0.1 localhost + 127.0.1.1 open5gs + ++127.0.0.10 nrf.5gc.mnc070.mcc999.3gppnetwork.org ++127.0.0.11 ausf.5gc.mnc070.mcc999.3gppnetwork.org ++127.0.0.12 udm.5gc.mnc070.mcc999.3gppnetwork.org ++ + # The following lines are desirable for IPv6 capable hosts + ::1 ip6-localhost ip6-loopback + fe00::0 ip6-localnet + ``` + +NRF shall follow TS23.003(28.3.2.3.2 Format of NRF FQDN) for routing. + +- Update nrf.yaml +```diff +$ diff --git a/configs/open5gs/nrf.yaml.in b/configs/open5gs/nrf.yaml.in +index 3996b2bd9..e57f286b7 100644 +--- a/configs/open5gs/nrf.yaml.in ++++ b/configs/open5gs/nrf.yaml.in +@@ -13,8 +13,7 @@ nrf: + mnc: 70 + sbi: + server: +- - address: 127.0.0.10 +- port: 7777 ++ - address: nrf.5gc.mnc070.mcc999.3gppnetwork.org + + ################################################################################ + # SBI Server +``` + +- Update scp.yaml +```diff +$ diff --git a/configs/open5gs/scp.yaml.in b/configs/open5gs/scp.yaml.in +index 9be6cdc93..eee7d3e3f 100644 +--- a/configs/open5gs/scp.yaml.in ++++ b/configs/open5gs/scp.yaml.in +@@ -13,7 +13,7 @@ scp: + port: 7777 + client: + nrf: +- - uri: http://127.0.0.10:7777 ++ - uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org + + ################################################################################ + # SCP Info +``` + +- Update nssf.yaml +```diff +$ diff --git a/configs/open5gs/nssf.yaml.in b/configs/open5gs/nssf.yaml.in +index d01645b2c..7d89cffef 100644 +--- a/configs/open5gs/nssf.yaml.in ++++ b/configs/open5gs/nssf.yaml.in +@@ -17,7 +17,7 @@ nssf: + scp: + - uri: http://127.0.0.200:7777 + nsi: +- - uri: http://127.0.0.10:7777 ++ - uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org + s_nssai: + sst: 1 + ################################################################################ +``` + +AUSF and UDM shall use FQDN in the Home PLMN. + +- Update ausf.yaml + +```diff +$ diff --git a/configs/open5gs/ausf.yaml.in b/configs/open5gs/ausf.yaml.in +index cd272cd3f..3e1cb67eb 100644 +--- a/configs/open5gs/ausf.yaml.in ++++ b/configs/open5gs/ausf.yaml.in +@@ -9,8 +9,7 @@ max: + ausf: + sbi: + server: +- - address: 127.0.0.11 +- port: 7777 ++ - address: ausf.5gc.mnc070.mcc999.3gppnetwork.org + client: + # nrf: + # - uri: http://127.0.0.10:7777 +``` + +- Update udm.yaml + +```diff +$ diff --git a/configs/open5gs/udm.yaml.in b/configs/open5gs/udm.yaml.in +index ce650d5c2..ed756fc28 100644 +--- a/configs/open5gs/udm.yaml.in ++++ b/configs/open5gs/udm.yaml.in +@@ -28,8 +28,7 @@ udm: + key: @sysconfdir@/open5gs/hnet/secp256r1-6.key + sbi: + server: +- - address: 127.0.0.12 +- port: 7777 ++ - address: udm.5gc.mnc070.mcc999.3gppnetwork.org + client: + # nrf: + # - uri: http://127.0.0.10:7777 +``` + +AMF and UPF must use external IP addresses such as 10.10.1.x for communication between VM2 and VM3. + +- Update amf.yaml + +```diff +$ diff --git a/configs/open5gs/amf.yaml.in b/configs/open5gs/amf.yaml.in +index 938917e32..2db1558e4 100644 +--- a/configs/open5gs/amf.yaml.in ++++ b/configs/open5gs/amf.yaml.in +@@ -18,7 +18,7 @@ amf: + - uri: http://127.0.0.200:7777 + ngap: + server: +- - address: 127.0.0.5 ++ - address: 10.10.1.5 + metrics: + server: + - address: 127.0.0.5 +``` + +- Update upf.yaml + +```diff +$ diff --git a/configs/open5gs/upf.yaml.in b/configs/open5gs/upf.yaml.in +index e78b018f1..3032a06c6 100644 +--- a/configs/open5gs/upf.yaml.in ++++ b/configs/open5gs/upf.yaml.in +@@ -15,7 +15,7 @@ upf: + # - address: 127.0.0.4 + gtpu: + server: +- - address: 127.0.0.7 ++ - address: 10.10.1.5 + session: + - subnet: 10.45.0.1/16 + - subnet: 2001:db8:cafe::1/48 +``` + + +For now we will set up SEPP without using TLS. + +- Create sepp.yaml + +```bash +$ sh -c 'cat << EOF > ./install/etc/open5gs/sepp.yaml +logger: + file: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/sepp.log +# level: info # fatal|error|warn|info(default)|debug|trace + +max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +sepp: + sbi: + server: + - address: 127.0.0.250 + port: 7777 + client: + scp: + - uri: http://127.0.0.200:7777 + n32: + server: + - sender: sepp1.localdomain + address: 10.10.1.251 + port: 7777 + n32f: + address: 10.10.1.252 + port: 7777 + client: + sepp: + - receiver: sepp2.localdomain + uri: http://10.10.2.251:7777 + n32f: + uri: http://10.10.2.252:7777 + - receiver: sepp3.localdomain + uri: http://10.10.3.251:7777 + n32f: + uri: http://10.10.3.252:7777 +EOF' +``` + +NFs requires root privileges as it uses reserved ports such as http (80) or https (443). + +- Run NFs in VM1 + +```bash +$ sudo ./install/bin/open5gs-nrfd +$ sudo ./install/bin/open5gs-scpd +$ sudo ./install/bin/open5gs-seppd +$ sudo ./install/bin/open5gs-amfd +$ sudo ./install/bin/open5gs-smfd +$ sudo ./install/bin/open5gs-upfd +$ sudo ./install/bin/open5gs-ausfd +$ sudo ./install/bin/open5gs-udmd +$ sudo ./install/bin/open5gs-pcfd +$ sudo ./install/bin/open5gs-nssfd +$ sudo ./install/bin/open5gs-bsfd +$ sudo ./install/bin/open5gs-udrd +``` + + +### Setting for VM2 + +- Edit /etc/hosts + +```diff + $ diff -u hosts.old hosts.new +--- hosts.old 2023-10-02 12:22:41.320546720 +0900 ++++ hosts.new 2023-10-02 12:22:33.576884651 +0900 +@@ -1,6 +1,10 @@ + 127.0.0.1 localhost + 127.0.1.1 open5gs + ++127.0.0.10 nrf.5gc.mnc001.mcc001.3gppnetwork.org ++127.0.0.11 ausf.5gc.mnc001.mcc001.3gppnetwork.org ++127.0.0.12 udm.5gc.mnc001.mcc001.3gppnetwork.org ++ + # The following lines are desirable for IPv6 capable hosts + ::1 ip6-localhost ip6-loopback + fe00::0 ip6-localnet + ``` + +NRF shall follow TS23.003(28.3.2.3.2 Format of NRF FQDN) for routing. + +- Update nrf.yaml +```diff +$ diff --git a/configs/open5gs/nrf.yaml.in b/configs/open5gs/nrf.yaml.in +index 3996b2bd9..e57f286b7 100644 +--- a/configs/open5gs/nrf.yaml.in ++++ b/configs/open5gs/nrf.yaml.in +@@ -13,8 +13,7 @@ nrf: + mnc: 70 + sbi: + server: +- - address: 127.0.0.10 +- port: 7777 ++ - address: nrf.5gc.mnc001.mcc001.3gppnetwork.org + + ################################################################################ + # SBI Server +``` + +- Update scp.yaml +```diff +$ diff --git a/configs/open5gs/scp.yaml.in b/configs/open5gs/scp.yaml.in +index 9be6cdc93..eee7d3e3f 100644 +--- a/configs/open5gs/scp.yaml.in ++++ b/configs/open5gs/scp.yaml.in +@@ -13,7 +13,7 @@ scp: + port: 7777 + client: + nrf: +- - uri: http://127.0.0.10:7777 ++ - uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org + + ################################################################################ + # SCP Info +``` + +- Update nssf.yaml +```diff +$ diff --git a/configs/open5gs/nssf.yaml.in b/configs/open5gs/nssf.yaml.in +index d01645b2c..7d89cffef 100644 +--- a/configs/open5gs/nssf.yaml.in ++++ b/configs/open5gs/nssf.yaml.in +@@ -17,7 +17,7 @@ nssf: + scp: + - uri: http://127.0.0.200:7777 + nsi: +- - uri: http://127.0.0.10:7777 ++ - uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org + s_nssai: + sst: 1 + ################################################################################ +``` + +AUSF and UDM shall use FQDN in the Home PLMN. + +- Update ausf.yaml + +```diff +$ diff --git a/configs/open5gs/ausf.yaml.in b/configs/open5gs/ausf.yaml.in +index cd272cd3f..3e1cb67eb 100644 +--- a/configs/open5gs/ausf.yaml.in ++++ b/configs/open5gs/ausf.yaml.in +@@ -9,8 +9,7 @@ max: + ausf: + sbi: + server: +- - address: 127.0.0.11 +- port: 7777 ++ - address: ausf.5gc.mnc001.mcc001.3gppnetwork.org + client: + # nrf: + # - uri: http://127.0.0.10:7777 +``` + +- Update udm.yaml + +```diff +$ diff --git a/configs/open5gs/udm.yaml.in b/configs/open5gs/udm.yaml.in +index ce650d5c2..ed756fc28 100644 +--- a/configs/open5gs/udm.yaml.in ++++ b/configs/open5gs/udm.yaml.in +@@ -28,8 +28,7 @@ udm: + key: @sysconfdir@/open5gs/hnet/secp256r1-6.key + sbi: + server: +- - address: 127.0.0.12 +- port: 7777 ++ - address: udm.5gc.mnc001.mcc001.3gppnetwork.org + client: + # nrf: + # - uri: http://127.0.0.10:7777 +``` + +AMF and UPF must use external IP addresses such as 10.10.2.x for communication between VM1 and VM3. + +- Update amf.yaml + +```diff +$ diff --git a/configs/open5gs/amf.yaml.in b/configs/open5gs/amf.yaml.in +index 938917e32..2db1558e4 100644 +--- a/configs/open5gs/amf.yaml.in ++++ b/configs/open5gs/amf.yaml.in +@@ -18,7 +18,7 @@ amf: + - uri: http://127.0.0.200:7777 + ngap: + server: +- - address: 127.0.0.5 ++ - address: 10.10.2.5 + metrics: + server: + - address: 127.0.0.5 +``` + +- Update upf.yaml + +```diff +$ diff --git a/configs/open5gs/upf.yaml.in b/configs/open5gs/upf.yaml.in +index e78b018f1..3032a06c6 100644 +--- a/configs/open5gs/upf.yaml.in ++++ b/configs/open5gs/upf.yaml.in +@@ -15,7 +15,7 @@ upf: + # - address: 127.0.0.4 + gtpu: + server: +- - address: 127.0.0.7 ++ - address: 10.10.2.5 + session: + - subnet: 10.45.0.1/16 + - subnet: 2001:db8:cafe::1/48 +``` + + +For now we will set up SEPP without using TLS. + +- Create sepp.yaml + +```bash +$ sh -c 'cat << EOF > ./install/etc/open5gs/sepp.yaml +logger: + file: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/sepp.log +# level: info # fatal|error|warn|info(default)|debug|trace + +max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +sepp: + sbi: + server: + - address: 127.0.0.250 + port: 7777 + client: + scp: + - uri: http://127.0.0.200:7777 + n32: + server: + - sender: sepp2.localdomain + address: 10.10.2.251 + port: 7777 + n32f: + address: 10.10.2.252 + port: 7777 + client: + sepp: + - receiver: sepp1.localdomain + uri: http://10.10.1.251:7777 + n32f: + uri: http://10.10.1.252:7777 + - receiver: sepp3.localdomain + uri: http://10.10.3.251:7777 + n32f: + uri: http://10.10.3.252:7777 +EOF' +``` + +NFs requires root privileges as it uses reserved ports such as http (80) or https (443). + +- Run NFs in VM2 + +```bash +$ sudo ./install/bin/open5gs-nrfd +$ sudo ./install/bin/open5gs-scpd +$ sudo ./install/bin/open5gs-seppd +$ sudo ./install/bin/open5gs-amfd +$ sudo ./install/bin/open5gs-smfd +$ sudo ./install/bin/open5gs-upfd +$ sudo ./install/bin/open5gs-ausfd +$ sudo ./install/bin/open5gs-udmd +$ sudo ./install/bin/open5gs-pcfd +$ sudo ./install/bin/open5gs-nssfd +$ sudo ./install/bin/open5gs-bsfd +$ sudo ./install/bin/open5gs-udrd +``` + + +### Setting for VM3 + +- Edit /etc/hosts + +```diff + $ diff -u hosts.old hosts.new +--- hosts.old 2023-10-02 12:22:41.320546720 +0900 ++++ hosts.new 2023-10-02 12:22:33.576884651 +0900 +@@ -1,6 +1,10 @@ + 127.0.0.1 localhost + 127.0.1.1 open5gs + ++127.0.0.10 nrf.5gc.mnc010.mcc315.3gppnetwork.org ++127.0.0.11 ausf.5gc.mnc010.mcc315.3gppnetwork.org ++127.0.0.12 udm.5gc.mnc010.mcc315.3gppnetwork.org ++ + # The following lines are desirable for IPv6 capable hosts + ::1 ip6-localhost ip6-loopback + fe00::0 ip6-localnet + ``` + +NRF shall follow TS23.003(28.3.2.3.2 Format of NRF FQDN) for routing. + +- Update nrf.yaml +```diff +$ diff --git a/configs/open5gs/nrf.yaml.in b/configs/open5gs/nrf.yaml.in +index 3996b2bd9..e57f286b7 100644 +--- a/configs/open5gs/nrf.yaml.in ++++ b/configs/open5gs/nrf.yaml.in +@@ -13,8 +13,7 @@ nrf: + mnc: 70 + sbi: + server: +- - address: 127.0.0.10 +- port: 7777 ++ - address: nrf.5gc.mnc010.mcc315.3gppnetwork.org + + ################################################################################ + # SBI Server +``` + +- Update scp.yaml +```diff +$ diff --git a/configs/open5gs/scp.yaml.in b/configs/open5gs/scp.yaml.in +index 9be6cdc93..eee7d3e3f 100644 +--- a/configs/open5gs/scp.yaml.in ++++ b/configs/open5gs/scp.yaml.in +@@ -13,7 +13,7 @@ scp: + port: 7777 + client: + nrf: +- - uri: http://127.0.0.10:7777 ++ - uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org + + ################################################################################ + # SCP Info +``` + +- Update nssf.yaml +```diff +$ diff --git a/configs/open5gs/nssf.yaml.in b/configs/open5gs/nssf.yaml.in +index d01645b2c..7d89cffef 100644 +--- a/configs/open5gs/nssf.yaml.in ++++ b/configs/open5gs/nssf.yaml.in +@@ -17,7 +17,7 @@ nssf: + scp: + - uri: http://127.0.0.200:7777 + nsi: +- - uri: http://127.0.0.10:7777 ++ - uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org + s_nssai: + sst: 1 + ################################################################################ +``` + +AUSF and UDM shall use FQDN in the Home PLMN. + +- Update ausf.yaml + +```diff +$ diff --git a/configs/open5gs/ausf.yaml.in b/configs/open5gs/ausf.yaml.in +index cd272cd3f..3e1cb67eb 100644 +--- a/configs/open5gs/ausf.yaml.in ++++ b/configs/open5gs/ausf.yaml.in +@@ -9,8 +9,7 @@ max: + ausf: + sbi: + server: +- - address: 127.0.0.11 +- port: 7777 ++ - address: ausf.5gc.mnc010.mcc315.3gppnetwork.org + client: + # nrf: + # - uri: http://127.0.0.10:7777 +``` + +- Update udm.yaml + +```diff +$ diff --git a/configs/open5gs/udm.yaml.in b/configs/open5gs/udm.yaml.in +index ce650d5c2..ed756fc28 100644 +--- a/configs/open5gs/udm.yaml.in ++++ b/configs/open5gs/udm.yaml.in +@@ -28,8 +28,7 @@ udm: + key: @sysconfdir@/open5gs/hnet/secp256r1-6.key + sbi: + server: +- - address: 127.0.0.12 +- port: 7777 ++ - address: udm.5gc.mnc010.mcc315.3gppnetwork.org + client: + # nrf: + # - uri: http://127.0.0.10:7777 +``` + +AMF and UPF must use external IP addresses such as 10.10.3.x for communication between VM1 and VM2. + +- Update amf.yaml + +```diff +$ diff --git a/configs/open5gs/amf.yaml.in b/configs/open5gs/amf.yaml.in +index 938917e32..2db1558e4 100644 +--- a/configs/open5gs/amf.yaml.in ++++ b/configs/open5gs/amf.yaml.in +@@ -18,7 +18,7 @@ amf: + - uri: http://127.0.0.200:7777 + ngap: + server: +- - address: 127.0.0.5 ++ - address: 10.10.3.5 + metrics: + server: + - address: 127.0.0.5 +``` + +- Update upf.yaml + +```diff +$ diff --git a/configs/open5gs/upf.yaml.in b/configs/open5gs/upf.yaml.in +index e78b018f1..3032a06c6 100644 +--- a/configs/open5gs/upf.yaml.in ++++ b/configs/open5gs/upf.yaml.in +@@ -15,7 +15,7 @@ upf: + # - address: 127.0.0.4 + gtpu: + server: +- - address: 127.0.0.7 ++ - address: 10.10.3.5 + session: + - subnet: 10.45.0.1/16 + - subnet: 2001:db8:cafe::1/48 +``` + + +For now we will set up SEPP without using TLS. + +- Create sepp.yaml + +```bash +$ sh -c 'cat << EOF > ./install/etc/open5gs/sepp.yaml +logger: + file: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/sepp.log +# level: info # fatal|error|warn|info(default)|debug|trace + +max: + ue: 1024 # The number of UE can be increased depending on memory size. +# peer: 64 + +sepp: + sbi: + server: + - address: 127.0.0.250 + port: 7777 + client: + scp: + - uri: http://127.0.0.200:7777 + n32: + server: + - sender: sepp3.localdomain + address: 10.10.3.251 + port: 7777 + n32f: + address: 10.10.3.252 + port: 7777 + client: + sepp: + - receiver: sepp1.localdomain + uri: http://10.10.1.251:7777 + n32f: + uri: http://10.10.1.252:7777 + - receiver: sepp2.localdomain + uri: http://10.10.2.251:7777 + n32f: + uri: http://10.10.2.252:7777 +EOF' +``` + +NFs requires root privileges as it uses reserved ports such as http (80) or https (443). + +- Run NFs in VM3 + +```bash +$ sudo ./install/bin/open5gs-nrfd +$ sudo ./install/bin/open5gs-scpd +$ sudo ./install/bin/open5gs-seppd +$ sudo ./install/bin/open5gs-amfd +$ sudo ./install/bin/open5gs-smfd +$ sudo ./install/bin/open5gs-upfd +$ sudo ./install/bin/open5gs-ausfd +$ sudo ./install/bin/open5gs-udmd +$ sudo ./install/bin/open5gs-pcfd +$ sudo ./install/bin/open5gs-nssfd +$ sudo ./install/bin/open5gs-bsfd +$ sudo ./install/bin/open5gs-udrd +``` + +## 3. Setting SEPP on VM1 to HTTPS scheme with TLS + +Only N32 uses HTTPS with TLS, while other NFs use HTTP without TLS. + +```diff +$ diff -u sepp.yaml.old sepp.yaml +--- sepp.yaml.old 2023-10-02 18:35:23.585643661 +0900 ++++ sepp.yaml 2023-10-02 18:36:17.971104248 +0900 +@@ -7,6 +7,13 @@ + # peer: 64 + + sepp: ++ defconfig: ++ tls: ++ server: ++ private_key: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.key ++ cert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.crt ++ client: ++ cacert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/ca.crt + sbi: + server: + - address: 127.0.0.250 +@@ -17,18 +24,22 @@ + n32: + server: + - sender: sepp1.localdomain ++ scheme: https + address: 10.10.1.251 +- port: 7777 + n32f: ++ scheme: https + address: 10.10.1.252 +- port: 7777 + client: + sepp: + - receiver: sepp2.localdomain +- uri: http://10.10.2.251:7777 ++ uri: https://sepp2.localdomain ++ resolve: 10.10.2.251 + n32f: +- uri: http://10.10.2.252:7777 ++ uri: https://sepp2.localdomain ++ resolve: 10.10.2.252 + - receiver: sepp3.localdomain +- uri: http://10.10.3.251:7777 ++ uri: https://sepp3.localdomain ++ resolve: 10.10.3.251 + n32f: +- uri: http://10.10.3.252:7777 ++ uri: https://sepp3.localdomain ++ resolve: 10.10.3.252 +``` + +Add client TLS verification to N32 interface +```diff +$ diff -u sepp.yaml.old sepp.yaml +--- sepp.yaml.old 2023-10-02 18:44:56.011099652 +0900 ++++ sepp.yaml 2023-10-02 18:45:48.884662145 +0900 +@@ -12,8 +12,12 @@ + server: + private_key: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.key + cert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.crt ++ verify_client: true ++ verify_client_cacert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/ca.crt + client: + cacert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/ca.crt ++ client_private_key: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.key ++ client_cert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.crt + sbi: + server: + - address: 127.0.0.250 +``` + +For more information, please refer to the [LINK](https://github.com/open5gs/open5gs/blob/roaming-tier3/configs/open5gs/sepp1.yaml.in). \ No newline at end of file