fixeria has submitted this change. (
https://gerrit.osmocom.org/c/docker-playground/+/31422 )
Change subject: ttcn3-pgw-test: update open5gs-{nrf,smf,upf} config files
......................................................................
ttcn3-pgw-test: update open5gs-{nrf,smf,upf} config files
As stated in the ticket, both open5gs-{nrf,smf} daemons refuse to
start since build #326 because of the following error:
[sbi] ERROR: TLS enabled but no server key (../lib/sbi/context.c:186)
The problem is that the recent open5gs (v2.6.0-39-g22be888 at the
moment of writing) is attempting to employ TLS verification for SBI
even if it's not explicitly configured in the config files.
commit 05fbaf69587488e53b5e741a9ada9f9fa5749322
Author: Sukchan Lee <[email protected]>
Date: Sat Feb 18 10:58:29 2023 +0900
[SBI] HTTP2-TLS verification - ConfFile Changed
Our config files are slightly outdated, so let's take a chance
to update them and specify the missing TLS params. Check out
open5gs-{nrf,smf,upf}.yaml from the latest git version.
The updated files are confirmed to work with both:
* latest release for Debian v2.5.8, and
* latest git version v2.6.0-39-g22be888.
Change-Id: I27adbab6a6b95ddf4c6d39803e4f7dd079f11a4c
Related: OS#5913
---
M ttcn3-pgw-test/open5gs-nrf.yaml
M ttcn3-pgw-test/open5gs-smf.yaml
M ttcn3-pgw-test/open5gs-upf.yaml
3 files changed, 750 insertions(+), 174 deletions(-)
Approvals:
Jenkins Builder: Verified
osmith: Looks good to me, but someone else must approve
pespin: Looks good to me, but someone else must approve
fixeria: Looks good to me, approved
diff --git a/ttcn3-pgw-test/open5gs-nrf.yaml b/ttcn3-pgw-test/open5gs-nrf.yaml
index 4743377..a7b615f 100644
--- a/ttcn3-pgw-test/open5gs-nrf.yaml
+++ b/ttcn3-pgw-test/open5gs-nrf.yaml
@@ -6,64 +6,191 @@
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
-# (Nothing is needed)
+# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
+# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
+# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
+# logger:
# level: trace
-# domain: core,sbi,nrf,event,mem,sock
+# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
level: info
#
-# nrf:
+# o TLS enable/disable
+# sbi:
+# server|client:
+# no_tls: false|true
+# - false: (Default) Use TLS
+# - true: TLS disabled
+#
+# o Verification enable/disable
+# sbi:
+# server|client:
+# no_verify: false|true
+# - false: (Default) Verify the PEER
+# - true: Skip the verification step
+#
+# o Server-side does not use TLS
+# sbi:
+# server:
+# no_tls: true
+#
+# o Client-side skips the verification step
+# sbi:
+# client:
+# no_verify: true
+# key: /etc/open5gs/tls/amf.key
+# cert: /etc/open5gs/tls/amf.crt
+#
+# o Use the specified certificate while verifying the client
+# sbi:
+# server
+# cacert: /etc/open5gs/tls/ca.crt
+#
+# o Use the specified certificate while verifying the server
+# sbi:
+# client
+# cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+ server:
+ no_tls: true
+ cacert: /etc/open5gs/tls/ca.crt
+ key: /etc/open5gs/tls/nrf.key
+ cert: /etc/open5gs/tls/nrf.crt
+ client:
+ no_tls: true
+ cacert: /etc/open5gs/tls/ca.crt
+ key: /etc/open5gs/tls/nrf.key
+ cert: /etc/open5gs/tls/nrf.crt
+
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
+# sbi:
+# server:
+# no_tls: true
+# nrf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
+# sbi:
+# server:
+# no_tls: true
+# nrf:
# sbi:
# - addr:
# - 0.0.0.0
# - ::0
# port: 7777
#
-# o SBI Server(https://<all address avaiable>:443)
+# o SBI Server(https://<all address available>:443)
+# sbi:
+# server:
+# key: /etc/open5gs/tls/nrf.key
+# cert: /etc/open5gs/tls/nrf.crt
+# nrf:
# sbi:
-# tls:
-# key: nrf.key
-# pem: nrf.pem
#
-# o SBI Server(https://127.0.0.10:443, http://[::1]:80)
+# o SBI Server(https://127.0.0.10:443, https://[::1]:443) without verification
+# sbi:
+# server:
+# no_verify: true
+# key: /etc/open5gs/tls/nrf.key
+# cert: /etc/open5gs/tls/nrf.crt
+# nrf:
# sbi:
# - addr: 127.0.0.10
-# tls:
-# key: nrf.key
-# pem: nrf.pem
# - addr: ::1
#
-# o SBI Server(http://nrf.open5gs.org:80)
+# o SBI Server(https://nrf.open5gs.org:443)
+# Use the specified certificate while verifying the client
+#
+# sbi:
+# server:
+# cacert: /etc/open5gs/tls/ca.crt
+# key: /etc/open5gs/tls/nrf.key
+# cert: /etc/open5gs/tls/nrf.crt
+# nrf:
# sbi:
-# name: nrf.open5gs.org
+# - name: nrf.open5gs.org
#
# o SBI Server(http://127.0.0.10:7777)
+# sbi:
+# server:
+# no_tls: true
+# nrf:
# sbi:
# - addr: 127.0.0.10
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
+# sbi:
+# server:
+# no_tls: true
+# nrf:
# sbi:
-# dev: eth0
+# - dev: eth0
+#
+# o Provide custom SBI address to be advertised to NRF
+# sbi:
+# server:
+# no_tls: true
+# nrf:
+# sbi:
+# - dev: eth0
+# advertise: open5gs-nrf.svc.local
+#
+# o Another example of advertising on NRF
+# sbi:
+# server:
+# no_tls: true
+# nrf:
+# sbi:
+# - addr: localhost
+# advertise:
+# - 127.0.0.99
+# - ::1
+#
+# o SBI Option (Default)
+# - tcp_nodelay : true
+# - so_linger.l_onoff : false
+#
+# sbi:
+# server:
+# no_tls: true
+# nrf:
+# sbi:
+# addr: 127.0.0.10
+# option:
+# tcp_nodelay: false
+# so_linger:
+# l_onoff: true
+# l_linger: 10
+#
+# <NF Service>
+#
+# o NF Service Name(Default : all NF services available)
+# nrf:
+# service_name:
+#
+# o NF Service Name(Only some NF services are available)
+# nrf:
+# service_name:
+# - nnrf-nfm
+# - nnrf-disc
#
nrf:
sbi:
@@ -72,88 +199,142 @@
port: 7777
#
-# parameter:
+# <SBI Client>>
#
-# o Number of output streams per SCTP associations.
-# sctp_streams: 30
+# o SBI Client(http://127.0.1.10:7777)
+# sbi:
+# client:
+# no_tls: true
+# scp:
+# sbi:
+# addr: 127.0.1.10
+# port: 7777
+#
+# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+# sbi:
+# client:
+# no_verify: true
+# key: /etc/open5gs/tls/amf.key
+# cert: /etc/open5gs/tls/amf.crt
+# scp:
+# sbi:
+# - addr: 127.0.1.10
+# - addr: ::1
+#
+# o SBI Client(https://scp.open5gs.org:443)
+# Use the specified certificate while verifying the server
+#
+# sbi:
+# client:
+# cacert: /etc/open5gs/tls/ca.crt
+# key: /etc/open5gs/tls/amf.key
+# cert: /etc/open5gs/tls/amf.crt
+# scp:
+# sbi:
+# - name: scp.open5gs.org
+#
+# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+# sbi:
+# client:
+# no_tls: true
+# scp:
+# sbi:
+# addr:
+# - 127.0.1.10
+# - fd69:f21d:873c:fb::1
+#
+# o SBI Option (Default)
+# - tcp_nodelay : true
+# - so_linger.l_onoff : false
+#
+# sbi:
+# client:
+# no_tls: true
+# scp:
+# sbi:
+# addr: 127.0.1.10
+# option:
+# tcp_nodelay: false
+# so_linger:
+# l_onoff: true
+# l_linger: 10
+#
+#
+scp:
+ sbi:
+ - addr: 127.0.1.10
+ port: 7777
+
+
#
# o Disable use of IPv4 addresses (only IPv6)
-# no_ipv4: true
+# parameter:
+# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
-# no_ipv6: true
+# parameter:
+# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-# prefer_ipv4: true
+# parameter:
+# prefer_ipv4: true
#
parameter:
#
-# max:
-#
-# o Maximum Number of UE per AMF/MME
+# o Maximum Number of UE
+# max:
# ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-# gnb: 64
+#
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+# peer: 64
#
max:
#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-# To connect more UEs, you need to increase the size further.
-#
-# - Pool-size 128 => 65536 Number
-# - Pool-size 256 => 16384 Number
-# - Pool-size 512 => 4096 Number
-# - Pool-size 1024 => 1024 Number
-# - Pool-size 2048 => 512 Number
-# - Pool-size 8192 => 128 Number
-# - Pool-size 1024*1024 => 8 Number
-#
-# 128: 65536
-# 256: 16384
-# 512: 4096
-# 1024: 1024
-# 2048: 512
-# 8192: 128
-# big: 8
-#
-pool:
-
-#
-# time:
#
# o NF Instance Heartbeat (Default : 10 seconds)
+# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (Disabled)
+# time:
# nf_instance:
# heartbeat: 0
#
# o NF Instance Heartbeat (5 seconds)
+# time:
# nf_instance:
# heartbeat: 5
#
# o NF Instance Validity (Default : 3600 seconds = 1 hour)
+# (Default values are used, so no configuration is required)
#
# o NF Instance Validity (10 seconds)
+# time:
# nf_instance:
# validity: 10
#
# o Subscription Validity (Default : 86400 seconds = 1 day)
+# (Default values are used, so no configuration is required)
#
# o Subscription Validity (Disabled)
+# time:
# subscription:
# validity: 0
#
# o Subscription Validity (3600 seconds = 1 hour)
+# time:
# subscription:
# validity: 3600
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
+# time:
# message:
# duration: 3000
time:
diff --git a/ttcn3-pgw-test/open5gs-smf.yaml b/ttcn3-pgw-test/open5gs-smf.yaml
index ac8bd80..f75a6e6 100644
--- a/ttcn3-pgw-test/open5gs-smf.yaml
+++ b/ttcn3-pgw-test/open5gs-smf.yaml
@@ -1,92 +1,282 @@
#
-# logger:
-#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
-# (Nothing is needed)
+# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
+# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
+# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
+# logger:
# level: trace
-# domain: core,pfcp,fd,pfcp,gtp,smf,event,tlv,mem,sock
+# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
level: info
#
-# smf:
+# o TLS enable/disable
+# sbi:
+# server|client:
+# no_tls: false|true
+# - false: (Default) Use TLS
+# - true: TLS disabled
+#
+# o Verification enable/disable
+# sbi:
+# server|client:
+# no_verify: false|true
+# - false: (Default) Verify the PEER
+# - true: Skip the verification step
+#
+# o Server-side does not use TLS
+# sbi:
+# server:
+# no_tls: true
+#
+# o Client-side skips the verification step
+# sbi:
+# client:
+# no_verify: true
+# key: /etc/open5gs/tls/amf.key
+# cert: /etc/open5gs/tls/amf.crt
+#
+# o Use the specified certificate while verifying the client
+# sbi:
+# server
+# cacert: /etc/open5gs/tls/ca.crt
+#
+# o Use the specified certificate while verifying the server
+# sbi:
+# client
+# cacert: /etc/open5gs/tls/ca.crt
+#
+sbi:
+ server:
+ no_tls: true
+ cacert: /etc/open5gs/tls/ca.crt
+ key: /etc/open5gs/tls/smf.key
+ cert: /etc/open5gs/tls/smf.crt
+ client:
+ no_tls: true
+ cacert: /etc/open5gs/tls/ca.crt
+ key: /etc/open5gs/tls/smf.key
+ cert: /etc/open5gs/tls/smf.crt
+
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
+# sbi:
+# server:
+# no_tls: true
+# smf:
# sbi:
#
-# o SBI Server(http://<any address>:80)
+# o SBI Server(http://<any address>:7777)
+# sbi:
+# server:
+# no_tls: true
+# smf:
# sbi:
# - addr:
# - 0.0.0.0
# - ::0
# port: 7777
#
-# o SBI Server(https://<all address avaiable>:443)
+# o SBI Server(https://<all address available>:443)
+# sbi:
+# server:
+# key: /etc/open5gs/tls/smf.key
+# cert: /etc/open5gs/tls/smf.crt
+# smf:
# sbi:
-# - tls:
-# key: smf.key
-# pem: smf.pem
#
-# o SBI Server(https://127.0.0.4:443, http://[::1]:80)
+# o SBI Server(https://127.0.0.4:443, https://[::1]:443) without verification
+# sbi:
+# server:
+# no_verify: true
+# key: /etc/open5gs/tls/smf.key
+# cert: /etc/open5gs/tls/smf.crt
+# smf:
# sbi:
# - addr: 127.0.0.4
-# tls:
-# key: smf.key
-# pem: smf.pem
# - addr: ::1
#
-# o SBI Server(http://smf.open5gs.org:80)
+# o SBI Server(https://smf.open5gs.org:443)
+# Use the specified certificate while verifying the client
+#
+# sbi:
+# server:
+# cacert: /etc/open5gs/tls/ca.crt
+# key: /etc/open5gs/tls/smf.key
+# cert: /etc/open5gs/tls/smf.crt
+# smf:
# sbi:
# - name: smf.open5gs.org
#
# o SBI Server(http://127.0.0.4:7777)
+# sbi:
+# server:
+# no_tls: true
+# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
+# sbi:
+# server:
+# no_tls: true
+# smf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
+# sbi:
+# server:
+# no_tls: true
+# smf:
# sbi:
# - dev: eth0
# advertise: open5gs-smf.svc.local
#
+# o Another example of advertising on NRF
+# sbi:
+# server:
+# no_tls: true
+# smf:
# sbi:
# - addr: localhost
# advertise:
# - 127.0.0.99
# - ::1
#
+# o SBI Option (Default)
+# - tcp_nodelay : true
+# - so_linger.l_onoff : false
+#
+# sbi:
+# server:
+# no_tls: true
+# smf:
+# sbi:
+# addr: 127.0.0.4
+# option:
+# tcp_nodelay: false
+# so_linger:
+# l_onoff: true
+# l_linger: 10
+#
+#
+# <NF Service>
+#
+# o NF Service Name(Default : all NF services available)
+# smf:
+# service_name:
+#
+# o NF Service Name(Only some NF services are available)
+# smf:
+# service_name:
+# - nsmf-pdusession
+#
+# <NF Discovery Query Parameter>
+#
+# o (Default) If you do not set Query Parameter as shown below,
+#
+# sbi:
+# server:
+# no_tls: true
+# smf:
+# sbi:
+# - addr: 127.0.0.4
+# port: 7777
+#
+# - 'service-names' is included.
+#
+# o Service-Names are not included
+# sbi:
+# server:
+# no_tls: true
+# smf:
+# sbi:
+# - addr: 127.0.0.4
+# port: 7777
+# discovery:
+# option:
+# no_service_names: false
+#
+# o To remove 'service-names' from URI query parameters in NS Discovery
+# no_service_names: true
+#
+# * For Indirect Communication with Delegated Discovery,
+# 'service-names' is always included in the URI query parameter.
+# * That is, 'no_service_names' has no effect.
+#
+# <For Indirect Communication with Delegated Discovery>
+#
+# o (Default) If you do not set Delegated Discovery as shown below,
+#
+# sbi:
+# server:
+# no_tls: true
+# smf:
+# sbi:
+# - addr: 127.0.0.4
+# port: 7777
+#
+# - Use SCP if SCP available. Otherwise NRF is used.
+# => App fails if both NRF and SCP are unavailable.
+#
+# sbi:
+# server:
+# no_tls: true
+# smf:
+# sbi:
+# - addr: 127.0.0.4
+# port: 7777
+# discovery:
+# delegated: auto
+#
+# o To use SCP always => App fails if no SCP available.
+# delegated: yes
+#
+# o Don't use SCP server => App fails if no NRF available.
+# delegated: no
+#
# <PFCP Server>
#
# o PFCP Server(127.0.0.4:8805, ::1:8805)
+# smf:
# pfcp:
# - addr: 127.0.0.4
# - addr: ::1
#
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+# smf:
# pfcp:
# name: localhost
#
+# o PFCP Option (Default)
+# - so_bindtodevice : NULL
+#
+# smf:
+# pfcp:
+# addr: 127.0.0.4
+# option:
+# so_bindtodevice: vrf-blue
+#
# <GTP-C Server>
#
# o GTP-C Server(127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123)
+# smf:
# gtpc:
# addr:
# - 127.0.0.4
@@ -94,35 +284,59 @@
#
# o On SMF, Same configuration
# (127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123).
+# smf:
# gtpc:
# - addr: 127.0.0.4
# - addr: fd69:f21d:873c:fa::3
#
+# o GTP-C Option (Default)
+# - so_bindtodevice : NULL
+#
+# smf:
+# gtpc:
+# addr: 127.0.0.4
+# option:
+# so_bindtodevice: vrf-blue
+#
# <GTP-U Server>>
#
# o GTP-U Server(127.0.0.4:2152, [::1]:2152)
+# smf:
# gtpu:
# - addr: 127.0.0.4
# - addr: ::1
#
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+# smf:
# gtpu:
# name: localhost
#
+# o GTP-U Option (Default)
+# - so_bindtodevice : NULL
+#
+# smf:
+# gtpu:
+# addr: 127.0.0.4
+# option:
+# so_bindtodevice: vrf-blue
+#
# <Metrics Server>
#
# o Metrics Server(http://<any address>:9090)
+# smf:
# metrics:
-# addr: 0.0.0.0
-# port: 9090
+# - addr: 0.0.0.0
+# port: 9090
#
# <Subnet for UE Pool>
#
# o IPv4 Pool
+# smf:
# subnet:
# addr: 10.45.0.1/16
#
# o IPv4/IPv6 Pool
+# smf:
# subnet:
# - addr: 10.45.0.1/16
# - addr: 2001:db8:cafe::1/48
@@ -131,6 +345,7 @@
# o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48
# ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
#
+# smf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -144,6 +359,7 @@
# o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
# ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
#
+# smf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -152,22 +368,26 @@
# - addr: 10.50.0.1/16 ## FALLBACK SUBNET
#
# o Pool Range Sample
+# smf:
# subnet:
# - addr: 10.45.0.1/24
# range: 10.45.0.100-10.45.0.200
#
+# smf:
# subnet:
# - addr: 10.45.0.1/24
# range:
# - 10.45.0.5-10.45.0.50
# - 10.45.0.100-
#
+# smf:
# subnet:
# - addr: 10.45.0.1/24
# range:
# - -10.45.0.200
# - 10.45.0.210-10.45.0.220
#
+# smf:
# subnet:
# - addr: 10.45.0.1/16
# range:
@@ -182,6 +402,7 @@
#
# o Primary/Secondary can be configured. Others are ignored.
#
+# smf:
# dns:
# - 8.8.8.8
# - 8.8.4.4
@@ -200,10 +421,25 @@
#
# o Proxy Call Session Control Function
#
+# smf:
# p-cscf:
# - 127.0.0.1
# - ::1
#
+# <CTF>
+#
+# o Gy interface parameters towards OCS.
+# o enabled:
+# o auto: Default. Use Gy only if OCS available among Diameter peers
+# o yes: Use Gy always;
+# reject subscribers if no OCS available among Diameter peers
+# o no: Don't use Gy interface if there is an OCS available
+#
+# smf:
+# ctf:
+# enabled: auto|yes|no
+#
+#
# <SMF Selection - 5G Core only>
# 1. SMF sends SmfInfo(S-NSSAI, DNN, TAI) to the NRF
# 2. NRF responds to AMF with SmfInfo during NF-Discovery.
@@ -212,6 +448,7 @@
# Note that if there is no SmfInfo, any AMF can select this SMF.
#
# o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI
+# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -219,6 +456,7 @@
# - internet
#
# o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims]
+# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -227,7 +465,8 @@
# - internet
# - ims
#
-# o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:90170 TAC:1]
+# o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1]
+# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -235,15 +474,16 @@
# - internet
# tai:
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# tac: 1
#
# o If any of conditions below are met:
-# - S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:90170 TAC:1-9]
+# - S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1-9]
# - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims]
-# - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:90170 TAC:10-20,30-40]
+# - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40]
#
+# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -251,7 +491,7 @@
# - internet
# tai:
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# range:
# - 1-9
@@ -267,13 +507,14 @@
# - internet
# tai:
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# range:
# - 10-20
# - 30-40
#
# o Complex Example
+# smf:
# info:
# - s_nssai:
# - sst: 1
@@ -297,27 +538,27 @@
# - internet
# tai:
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# tac: [1, 2, 3]
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# tac: 4
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# tac:
# - 5
# - 6
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# range:
# - 100-200
# - 300-400
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# range:
# - 500-600
@@ -329,11 +570,25 @@
# - internet
# tai:
# - plmn_id:
-# mcc: 901
+# mcc: 999
# mnc: 70
# tac: 99
#
-
+# <Security Indication - 5G Core only>
+#
+# According to 3GPP TS38.413 Section 9.3.1.27,
+# Security Indication IE may be instructed to 5G gNB.
+#
+# If you set the security_indication in smf.yaml,
+# this information is delivered using PDU Session Resource Request Transfer
IE
+#
+# smf:
+# security_indication:
+# integrity_protection_indication: required|preferred|not-needed
+# confidentiality_protection_indication: required|preferred|not-needed
+# maximum_integrity_protected_data_rate_uplink:
bitrate64kbs|maximum-UE-rate
+# maximum_integrity_protected_data_rate_downlink:
bitrate64kbs|maximum-UE-rate
+#
smf:
sbi:
- addr: 172.18.18.4
@@ -358,24 +613,112 @@
- 2001:4860:4860::8888
- 2001:4860:4860::8844
mtu: 1400
+ ctf:
+ enabled: auto
freeDiameter: /data/freeDiameter-smf.conf
#
-# nrf:
+# <SBI Client>>
+#
+# o SBI Client(http://127.0.1.10:7777)
+# sbi:
+# client:
+# no_tls: true
+# scp:
+# sbi:
+# addr: 127.0.1.10
+# port: 7777
+#
+# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
+# sbi:
+# client:
+# no_verify: true
+# key: /etc/open5gs/tls/amf.key
+# cert: /etc/open5gs/tls/amf.crt
+# scp:
+# sbi:
+# - addr: 127.0.1.10
+# - addr: ::1
+#
+# o SBI Client(https://scp.open5gs.org:443)
+# Use the specified certificate while verifying the server
+#
+# sbi:
+# client:
+# cacert: /etc/open5gs/tls/ca.crt
+# key: /etc/open5gs/tls/amf.key
+# cert: /etc/open5gs/tls/amf.crt
+# scp:
+# sbi:
+# - name: scp.open5gs.org
+#
+# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
+# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
+#
+# sbi:
+# client:
+# no_tls: true
+# scp:
+# sbi:
+# addr:
+# - 127.0.1.10
+# - fd69:f21d:873c:fb::1
+#
+# o SBI Option (Default)
+# - tcp_nodelay : true
+# - so_linger.l_onoff : false
+#
+# sbi:
+# client:
+# no_tls: true
+# scp:
+# sbi:
+# addr: 127.0.1.10
+# option:
+# tcp_nodelay: false
+# so_linger:
+# l_onoff: true
+# l_linger: 10
+#
+#
+scp:
+ sbi:
+ - addr: 127.0.1.10
+ port: 7777
+
#
# <SBI Client>>
#
-# o SBI Client(http://127.0.0.1:7777)
+# o SBI Client(http://127.0.0.10:7777)
+# sbi:
+# client:
+# no_tls: true
+# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
-# o SBI Client(https://127.0.0.10:443, http://nrf.open5gs.org:80)
+# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
+# sbi:
+# client:
+# no_verify: true
+# key: /etc/open5gs/tls/amf.key
+# cert: /etc/open5gs/tls/amf.crt
+# nrf:
# sbi:
# - addr: 127.0.0.10
-# tls:
-# key: nrf.key
-# pem: nrf.pem
+# - addr: ::1
+#
+# o SBI Client(https://nrf.open5gs.org:443)
+# Use the specified certificate while verifying the server
+#
+# sbi:
+# client:
+# cacert: /etc/open5gs/tls/ca.crt
+# key: /etc/open5gs/tls/amf.key
+# cert: /etc/open5gs/tls/amf.crt
+# nrf:
+# sbi:
# - name: nrf.open5gs.org
#
# o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
@@ -386,6 +729,22 @@
# - 127.0.0.10
# - fd69:f21d:873c:fa::1
#
+# o SBI Option (Default)
+# - tcp_nodelay : true
+# - so_linger.l_onoff : false
+#
+# sbi:
+# client:
+# no_tls: true
+# nrf:
+# sbi:
+# addr: 127.0.0.10
+# option:
+# tcp_nodelay: false
+# so_linger:
+# l_onoff: true
+# l_linger: 10
+#
nrf:
sbi:
- addr:
@@ -393,12 +752,10 @@
port: 7777
#
-# upf:
-#
# <PFCP Client>>
#
# o PFCP Client(127.0.0.7:8805)
-#
+# upf:
# pfcp:
# addr: 127.0.0.7
#
@@ -449,76 +806,62 @@
- addr: 172.18.18.7
#
-# parameter:
-#
-# o Number of output streams per SCTP associations.
-# sctp_streams: 30
-#
# o Disable use of IPv4 addresses (only IPv6)
-# no_ipv4: true
+# parameter:
+# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
-# no_ipv6: true
+# parameter:
+# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-# prefer_ipv4: true
+# parameter:
+# prefer_ipv4: true
#
# o Disable selection of UPF PFCP in Round-Robin manner
-# no_pfcp_rr_select: true
+# parameter:
+# no_pfcp_rr_select: true
+#
+# o Legacy support for pre-release LTE 11 devices
+# - Omits adding local address in packet filters for compatibility
+# parameter:
+# no_ipv4v6_local_addr_in_packet_filter: true
#
parameter:
#
+# o Maximum Number of UE
# max:
+# ue: 1024
#
-# o Maximum Number of UE per AMF/MME
-# ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-# gnb: 64
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+# peer: 64
+#
+# o Maximum Number of GTP peer nodes per SGWC/SMF
+# max:
+# gtp_peer: 64
#
max:
#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-# To connect more UEs, you need to increase the size further.
-#
-# - Pool-size 128 => 65536 Number
-# - Pool-size 256 => 16384 Number
-# - Pool-size 512 => 4096 Number
-# - Pool-size 1024 => 1024 Number
-# - Pool-size 2048 => 512 Number
-# - Pool-size 8192 => 128 Number
-# - Pool-size 1024*1024 => 8 Number
-#
-# 128: 65536
-# 256: 16384
-# 512: 4096
-# 1024: 1024
-# 2048: 512
-# 8192: 128
-# big: 8
-#
-pool:
-
-#
-# time:
-#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
+# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
-#
+# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
+# time:
# message:
# duration: 3000
#
@@ -526,8 +869,10 @@
# Time to wait for SMF to send
# PFCP Session Modification Request(Remove Indirect Tunnel) to the UPF
# after sending Nsmf_PDUSession_UpdateSMContext Response(hoState:COMPLETED)
+# (Default values are used, so no configuration is required)
#
# o Handover Wait Duration (500ms)
+# time:
# handover:
# duration: 500
time:
diff --git a/ttcn3-pgw-test/open5gs-upf.yaml b/ttcn3-pgw-test/open5gs-upf.yaml
index 10fe4d4..693a1d7 100644
--- a/ttcn3-pgw-test/open5gs-upf.yaml
+++ b/ttcn3-pgw-test/open5gs-upf.yaml
@@ -1,52 +1,65 @@
#
-# logger:
-#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
-# (Nothing is needed)
+# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
+# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
+# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
+# logger:
# level: trace
-# domain: core,pfcp,gtp,upf,event,tlv,mem,sock
+# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
level: info
#
-# upf:
-#
# <PFCP Server>
#
# o PFCP Server(127.0.0.7:8805, ::1:8805)
+# upf:
# pfcp:
# - addr: 127.0.0.7
# - addr: ::1
#
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
+# upf:
# pfcp:
# name: localhost
#
+# o PFCP Option (Default)
+# - so_bindtodevice : NULL
+#
+# upf:
+# pfcp:
+# addr: 127.0.0.7
+# option:
+# so_bindtodevice: vrf-blue
+#
# <GTP-U Server>>
#
# o GTP-U Server(127.0.0.7:2152, [::1]:2152)
+# upf:
# gtpu:
# - addr: 127.0.0.7
# - addr: ::1
#
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
+# upf:
# gtpu:
# name: localhost
#
# o User Plane IP Resource information
+# upf:
# gtpu:
# - addr:
# - 127.0.0.7
@@ -62,24 +75,37 @@
# source_interface: 1
#
# o Provide custom UPF GTP-U address to be advertised inside NGAP messages
+# upf:
# gtpu:
# - addr: 10.4.128.21
# advertise: 172.24.15.30
#
+# upf:
# gtpu:
# - addr: 10.4.128.21
# advertise:
# - 127.0.0.1
# - ::1
#
+# upf:
# gtpu:
# - addr: 10.4.128.21
# advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org
#
+# upf:
# gtpu:
# - dev: ens3
# advertise: upf1.5gc.mnc001.mcc001.3gppnetwork.org
#
+# o GTP-U Option (Default)
+# - so_bindtodevice : NULL
+#
+# upf:
+# gtpu:
+# addr: 127.0.0.7
+# option:
+# so_bindtodevice: vrf-blue
+#
# <Subnet for UE network>
#
# Note that you need to setup your UE network using TUN device.
@@ -88,6 +114,7 @@
# o IPv4 Pool
# $ sudo ip addr add 10.45.0.1/16 dev ogstun
#
+# upf:
# subnet:
# addr: 10.45.0.1/16
#
@@ -95,6 +122,7 @@
# $ sudo ip addr add 10.45.0.1/16 dev ogstun
# $ sudo ip addr add 2001:db8:cafe::1/48 dev ogstun
#
+# upf:
# subnet:
# - addr: 10.45.0.1/16
# - addr: 2001:db8:cafe::1/48
@@ -109,6 +137,7 @@
#
# ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
#
+# upf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -122,6 +151,7 @@
# o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
# ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
#
+# upf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -135,6 +165,7 @@
# $ sudo ip addr add 10.46.0.1/16 dev ogstun3
# $ sudo ip addr add 2001:db8:babe::1/48 dev ogstun3
#
+# upf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
@@ -148,6 +179,14 @@
# dnn: ims
# dev: ogstun3
#
+# <Metrics Server>
+#
+# o Metrics Server(http://<any address>:9090)
+# upf:
+# metrics:
+# - addr: 0.0.0.0
+# port: 9090
+#
upf:
pfcp:
- addr: 172.18.18.7
@@ -162,12 +201,10 @@
dev: ogstun46
#
-# smf:
-#
# <PFCP Client>>
#
# o PFCP Client(127.0.0.4:8805)
-#
+# smf:
# pfcp:
# addr: 127.0.0.4
#
@@ -176,62 +213,41 @@
addr: 172.18.18.4
#
-# parameter:
-#
# o Number of output streams per SCTP associations.
-# sctp_streams: 30
+# parameter:
+# sctp_streams: 30
#
# o Disable use of IPv4 addresses (only IPv6)
-# no_ipv4: true
+# parameter:
+# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
-# no_ipv6: true
+# parameter:
+# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
-# prefer_ipv4: true
+# parameter:
+# prefer_ipv4: true
#
parameter:
#
+# o Maximum Number of UE
# max:
+# ue: 1024
#
-# o Maximum Number of UE per AMF/MME
-# ue: 1024
-# o Maximum Number of gNB/eNB per AMF/MME
-# gnb: 64
+# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
+# max:
+# peer: 64
#
max:
#
-# pool:
-#
-# o The default memory pool size was set assuming 1024 UEs.
-# To connect more UEs, you need to increase the size further.
-#
-# - Pool-size 128 => 65536 Number
-# - Pool-size 256 => 16384 Number
-# - Pool-size 512 => 4096 Number
-# - Pool-size 1024 => 1024 Number
-# - Pool-size 2048 => 512 Number
-# - Pool-size 8192 => 128 Number
-# - Pool-size 1024*1024 => 8 Number
-#
-# 128: 65536
-# 256: 16384
-# 512: 4096
-# 1024: 1024
-# 2048: 512
-# 8192: 128
-# big: 8
-#
-pool:
-
-#
-# time:
-#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
+# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
+# time:
# message:
# duration: 3000
time:
--
To view, visit https://gerrit.osmocom.org/c/docker-playground/+/31422
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: docker-playground
Gerrit-Branch: master
Gerrit-Change-Id: I27adbab6a6b95ddf4c6d39803e4f7dd079f11a4c
Gerrit-Change-Number: 31422
Gerrit-PatchSet: 2
Gerrit-Owner: fixeria <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <[email protected]>
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-Reviewer: osmith <[email protected]>
Gerrit-Reviewer: pespin <[email protected]>
Gerrit-MessageType: merged
