search

HewlettPackard / PacketRusher

High performance 5G UE/gNB Simulator and CP/UP load tester.
Apache License 2.0
109 stars 25 forks source link

[FEATURE] 5G Roaming Support #32

Closed infinitydon closed 10 months ago

infinitydon commented 10 months ago

Is your feature request related to a problem? Please describe. Currently Open5gs supports 5G roaming, it will great if this can be supported in PacketRusher

Describe the solution you'd like Support roaming scenario whereby the UE PLMN is different from the gNB

Describe alternatives you've considered None, I don't think this is supported by any opensource 5G RAN simulator

Additional context Reference to the Open5gs roaming feature: https://open5gs.org/open5gs/docs/tutorial/05-roaming/

linouxis9 commented 10 months ago

Hi @infinitydon!

Thanks for your interest in PacketRusher! PacketRusher should already be able to work with UE's hplmn being different from the gNodeB's plmn as-is. Please let me know if you encounter any issues, and if you do, please share a pcap and logs! :) If some more specific NGAP procedures need to be implemented, we can do it.

Thanks a lot, Valentin

infinitydon commented 10 months ago

@linouxis9 - Thanks for the response, I just tried it but am currently getting Authentication reject from the AMF

12/03 18:17:15.764: [amf] INFO: gNB-N2 accepted[192.168.200.2]:9487 in ng-path module (../src/amf/ngap-sctp.c:113)
12/03 18:17:15.764: [amf] INFO: gNB-N2 accepted[192.168.200.2] in master_sm module (../src/amf/amf-sm.c:741)
12/03 18:17:15.764: [amf] INFO: [Added] Number of gNBs is now 1 (../src/amf/context.c:1227)
12/03 18:17:15.765: [amf] INFO: gNB-N2[192.168.200.2] max_num_of_ostreams : 2 (../src/amf/amf-sm.c:780)
12/03 18:17:16.768: [amf] INFO: InitialUEMessage (../src/amf/ngap-handler.c:401)
12/03 18:17:16.768: [amf] INFO: [Added] Number of gNB-UEs is now 1 (../src/amf/context.c:2546)
12/03 18:17:16.768: [amf] INFO:     RAN_UE_NGAP_ID[1] AMF_UE_NGAP_ID[4] TAC[1] CellID[0x1] (../src/amf/ngap-handler.c:562)
12/03 18:17:16.768: [amf] INFO: [suci-0-999-70-4567-0-0-0000000001] Unknown UE by SUCI (../src/amf/context.c:1831)
12/03 18:17:16.768: [amf] INFO: [Added] Number of AMF-UEs is now 1 (../src/amf/context.c:1612)
12/03 18:17:16.768: [gmm] INFO: Registration request (../src/amf/gmm-sm.c:1165)
12/03 18:17:16.768: [gmm] INFO: [suci-0-999-70-4567-0-0-0000000001]    SUCI (../src/amf/gmm-handler.c:166)
12/03 18:17:16.769: [sbi] WARNING: [AUSF] (NRF-discover) NF has already been added [d26b26e4-91f3-41ee-903b-45ddc8dc585d:1] (../lib/sbi/nnrf-handler.c:1057)
12/03 18:17:16.769: [sbi] WARNING: NF EndPoint(fqdn) updated [ausf.5gc.mnc070.mcc999.3gppnetwork.org:0] (../lib/sbi/context.c:2174)
12/03 18:17:16.770: [sbi] WARNING: NF EndPoint(fqdn) updated [ausf.5gc.mnc070.mcc999.3gppnetwork.org:0] (../lib/sbi/context.c:1917)
12/03 18:17:16.770: [sbi] INFO: [AUSF] (NF-discover) NF Profile updated [d26b26e4-91f3-41ee-903b-45ddc8dc585d:1] (../lib/sbi/nnrf-handler.c:1095)
12/03 18:17:16.808: [sbi] WARNING: [AUSF] (SCP-discover) NF has already been added [d26b26e4-91f3-41ee-903b-45ddc8dc585d:1] (../lib/sbi/path.c:216)
12/03 18:17:16.811: [gmm] ERROR: [suci-0-999-70-4567-0-0-0000000001] MAC failure (../src/amf/gmm-handler.c:844)
0000: 15a19d13 e5a6ce1b 76313ae3 d64a59b9   ........v1:..JY.
0000: 07a1aed7 a58e2aeb 1901de6f 9cfcea69   ......*....o...i
0000: 8867f4c6 2a745d74 a7a46334 732146a8   .g..*t]t..c4s!F.
12/03 18:17:16.811: [amf] WARNING: [suci-0-999-70-4567-0-0-0000000001] Authentication reject (../src/amf/nas-path.c:538)
12/03 18:17:17.814: [amf] INFO: UE Context Release [Action:3] (../src/amf/ngap-handler.c:1696)
12/03 18:17:17.814: [amf] INFO:     RAN_UE_NGAP_ID[1] AMF_UE_NGAP_ID[4] (../src/amf/ngap-handler.c:1697)
12/03 18:17:17.814: [amf] INFO:     SUCI[suci-0-999-70-4567-0-0-0000000001] (../src/amf/ngap-handler.c:1700)
12/03 18:17:17.814: [amf] INFO: [Removed] Number of gNB-UEs is now 0 (../src/amf/context.c:2553)
12/03 18:17:17.814: [amf] INFO: [Removed] Number of AMF-UEs is now 0 (../src/amf/context.c:1705)
12/03 18:17:19.345: [amf] INFO: gNB-N2[192.168.200.2] connection refused!!! (../src/amf/amf-sm.c:793)
12/03 18:17:19.345: [amf] INFO: [Removed] Number of gNBs is now 0 (../src/amf/context.c:1254)

packet-rusher-logs:

INFO[0000] PacketRusher version 1.0.1
INFO[0000] ---------------------------------------
INFO[0000] [TESTER] Starting test function: Testing an ue attached with configuration
INFO[0000] [TESTER][UE] Number of UEs: 1
INFO[0000] [TESTER][UE] disableTunnel is false
INFO[0000] [TESTER][GNB] Control interface IP/Port: 192.168.200.2/9487
INFO[0000] [TESTER][GNB] Data interface IP/Port: 192.168.200.2/2152
INFO[0000] [TESTER][AMF] AMF IP/Port: 192.168.200.1/38412
INFO[0000] ---------------------------------------
INFO[0000] [GNB] SCTP/NGAP service is running
INFO[0000] [GNB] Initiating NG Setup Request
INFO[0000] [GNB][SCTP] Receive message in 0 stream
INFO[0000] [GNB][NGAP] Receive NG Setup Response
INFO[0000] [GNB][AMF] AMF Name: open5gs-amf0
INFO[0000] [GNB][AMF] State of AMF: Active
INFO[0000] [GNB][AMF] Capacity of AMF: 255
INFO[0000] [GNB][AMF] PLMNs Identities Supported by AMF -- mcc: 001 mnc:01
INFO[0000] [GNB][AMF] List of AMF slices Supported by AMF -- sst:01 sd:000001
INFO[0001] [TESTER] TESTING REGISTRATION USING IMSI 0000000001 UE
INFO[0001] [UE] Initiating Registration
INFO[0001] [UE] Switched from state 0 to state 1
INFO[0001] [GNB][SCTP] Receive message in 1 stream
INFO[0001] [GNB][NGAP] Receive Downlink NAS Transport
INFO[0001] [UE][NAS] Message without security header
INFO[0001] [UE][NAS] Receive Authentication Request
INFO[0001] [UE][NAS][MAC] Authenticity of the authentication request message: OK
INFO[0001] [UE][NAS][SQN] SQN of the authentication request message: VALID
INFO[0001] [UE][NAS] Send authentication response
INFO[0001] [UE] Switched from state 1 to state 2
INFO[0001] [GNB][SCTP] Receive message in 1 stream
INFO[0001] [GNB][SCTP] Receive message in 1 stream
INFO[0001] [GNB][NGAP] Receive Downlink NAS Transport
INFO[0001] [GNB][NGAP] Receive UE Context Release Command
INFO[0001] [UE][NAS] Message without security header
INFO[0001] [UE][NAS] Receive Authentication Reject
INFO[0001] [UE][NAS] Authentication of UE 1 failed
INFO[0001] [UE] Switched from state 2 to state 1
INFO[0002] [GNB] Initiating UE Context Complete
ERRO[0002] [UE][0000000001] Stopping UE as communication with gNB was closed
INFO[0002] [UE] UE Terminated
INFO[0002] [UE] Switched from state 1 to state 0
INFO[0002] [GNB][NGAP] Releasing UE Context, cause: nas: Normal release

AMF config:

logger:
  file: /var/log/open5gs/v-amf.log
#  level: info   # fatal|error|warn|info(default)|debug|trace

global:
  max:
    ue: 1024  # The number of UE can be increased depending on memory size.
#    peer: 64

amf:
  sbi:
    server:
      - address: 127.0.0.5
        port: 7777
    client:
      scp:
        - uri: http://127.0.0.200:7777
  ngap:
    server:
      - address: 192.168.200.1
  metrics:
    server:
      - address: 127.0.0.5
        port: 9090
  access_control:
    - plmn_id:
        mcc: 001
        mnc: 01
    - plmn_id:
         mcc: 999
         mnc: 70
  guami:
    - plmn_id:
        mcc: 001
        mnc: 01
      amf_id:
        region: 2
        set: 1
  tai:
    - plmn_id:
        mcc: 001
        mnc: 01
      tac: 1
  plmn_support:
    - plmn_id:
        mcc: 001
        mnc: 01
      s_nssai:
        - sst: 1
          sd: 000001
  security:
    integrity_order : [ NIA2, NIA1, NIA0 ]
    ciphering_order : [ NEA0, NEA1, NEA2 ]
  network_name:
    full: Open5GS
    short: Next
  amf_name: open5gs-amf0
  time:
#    t3502:
#      value: 720   # 12 minutes * 60 = 720 seconds
    t3512:
      value: 540    # 9 minutes * 60 = 540 seconds

packet-rusher config:

gnodeb:
  controlif:
    ip: "192.168.200.2"
    port: 9487
  dataif:
    ip: "192.168.200.2"
    port: 2152
  plmnlist:
    mcc: "001"
    mnc: "01"
    tac: "000001"
    gnbid: "000008"
  slicesupportlist:
    sst: "01"
    sd: "000001"

ue:
  msin: "0000000001"
  key: "465B5CE8B199B49FAA5F0A2EE238A6BC"
  opc: "E8ED289DEBA952E4283B54E88E6183CA"
  amf: "8000"
  sqn: "00000000"
  dnn: "internet"
  routingindicator: "4567"
  hplmn:
    mcc: "999"
    mnc: "70"
  snssai:
    sst: 01
    sd: "000001"
  integrity:
    nia0: false
    nia1: false
    nia2: true
    nia3: false
  ciphering:
    nea0: true
    nea1: false
    nea2: false
    nea3: false
amfif:
  ip: "192.168.200.1"
  port: 38412
logs:
    level: 4

I double checked the UE profile, both the security key and oPC codes looks ok.

image

Attached below is the PCAP

packet-rusher-o5gs-roaming.zip

linouxis9 commented 10 months ago

Hi @infinitydon, Thanks for sharing the detailed logs and PCAP. I'll try to reproduce the issue, and fix it. I'll keep you updated.

linouxis9 commented 10 months ago

I was able to reproduce the bug, I'll keep investigating. Thanks a lot for the report!

linouxis9 commented 10 months ago

Issue should be fixed and PacketRusher should now work with roaming, please try again with the latest commits from the main branch. Thanks a lot for the report! @infinitydon

priyanshs commented 4 months ago

@infinitydon @linouxis9 Hi, is there a writeup on how to configure packetrusher for roaming scenarios? TIA

linouxis9 commented 4 months ago

Hi @priyanshs! There is this article https://futuredon.medium.com/5g-roaming-with-mutual-tls-1468d109129c from @infinitydon. But else, it's very easy, it's juste a matter of configuring Open5GS roaming following the Open5GS guide, and then configure in the config.yml an UE with a different MCC/MNC than the gNodeB. Cheers, Valentin

priyanshs commented 4 months ago

Thanks a bunch :)