Research how to test IPv6 UE

pirog-spb commented 1 year ago

[x] Research IPv6 UE capabilities of free5gc
[x] Research IPv6 UE capabilities of open5gs
[x] Prepare test configurations if applicable

PapaySail commented 1 year ago

Open5gs Gradiant/openverso-charts

📝 subnetList: is in SMF values https://github.com/Gradiant/openverso-charts/blob/6b627689575bbfa3dffe01ab5b602dca7a8a54be/charts/open5gs-smf/values.yaml#LL106C1-L106C2

```yaml config: dnsList: - 8.8.8.8 - 8.8.4.4 - 2001:4860:4860::8888 - 2001:4860:4860::8844 subnetList: - addr: 10.45.0.1/16 dnn: internet mtu: 1400 ```

Needed to add - addr: 2001:db8:cafe::1/48 👉 To https://github.com/edgecomllc/eupf/blob/main/docs/examples/open5gs/open5gs.yaml#L21

smf:
  config:
    subnetList:
      - addr: 10.45.0.1/16
        dnn: internet
      - addr: 2001:db8:cafe::1/48
        dnn: internet

Enable IPv4/IPv6 Forwarding

At the node host:

$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo sysctl -w net.ipv6.conf.all.forwarding=1

👉 To add to:

https://github.com/edgecomllc/eupf/blob/main/docs/examples/open5gs/eupf-host-nat.yaml#L28
https://github.com/edgecomllc/eupf/blob/main/docs/examples/open5gs/eupf-container-nat.yaml#L21

https://github.com/edgecomllc/eupf/blob/main/docs/examples/open5gs/nat.yaml#L93

podSecurityContext:
sysctls:
- name: net.ipv4.ip_forward
value: "1"
- name: net.ipv6.conf.all.forwarding
value: "1"

AND add corresponding route to scripts, like

  ip -6 rule add from 2001:db8:cafe::1/48 lookup fromn3gtp; \
  ip -6 route add default via 2001:db8:?????::1 dev n6 table fromn3gtp ;\

💭 Optionally, you may consider the settings below for security purposes. 🔒

💡 source: https://open5gs.org/open5gs/docs/guide/01-quickstart/ ```ruby ### Prevent UE's from connecting to the host on which UPF is running $ sudo iptables -I INPUT -s 10.45.0.0/16 -j DROP $ sudo ip6tables -I INPUT -s 2001:db8:cafe::/48 -j DROP ### If your core network runs over multiple hosts, you probably want to block ### UE originating traffic from accessing other network functions. ### Replace x.x.x.x/y with the VNFs IP/subnet $ sudo iptables -I FORWARD -s 10.45.0.0/16 -d x.x.x.x/y -j DROP ```

PapaySail commented 1 year ago

Orange-OpenSource/towards5gs-helm for free5gc

pools in config SMF https://github.com/Orange-OpenSource/towards5gs-helm/blob/main/charts/free5gc/charts/free5gc-smf/values.yaml#L161

```yaml dnnUpfInfoList: # DNN information list for this S-NSSAI - dnn: internet pools: - cidr: 10.1.0.0/17 ``` AND value in https://github.com/Orange-OpenSource/towards5gs-helm/blob/main/charts/free5gc/charts/free5gc-upf/values.yaml#LL21C3-L21C3 ```yaml global: projectName: free5gc userPlaneArchitecture: single # possible values are "single" and "ulcl" uesubnet: 10.1.0.0/16 ```

Needed to add - cidr: 2001:db8:cafe::1/48 👉 To https://github.com/edgecomllc/eupf/blob/main/docs/examples/free5gc/free5gc-single.yaml#L14

global:
  uesubnet: 10.1.0.0/16
free5gc-smf:
  configuration:
    configuration: |-
      smfName: SMF
      snssaiInfos:
        - sNssai:
            sst: 1
            sd: 010203
          dnnInfos: # DNN information list
            - dnn: internet # Data Network Name
              dns: # the IP address of DNS
                ipv4: 8.8.8.8
        - sNssai:
            sst: 1
            sd: 112233
          dnnInfos: # DNN information list
            - dnn: internet # Data Network Name
              dns: # the IP address of DNS
                ipv4: 8.8.8.8
        - sNssai:
            sst: 2
            sd: 112234
          dnnInfos:
            - dnn: internet
              dns:
                ipv4: 8.8.8.8
      plmnList: # the list of PLMN IDs that this SMF belongs to (optional, remove this key when unnecessary)
        - mcc: "208" # Mobile Country Code (3 digits string, digit: 0~9)
          mnc: "93" # Mobile Network Code (2 or 3 digits string, digit: 0~9)
      userplaneInformation: # list of userplane information
        upNodes: # information of userplane node (AN or UPF)
          gNB1: # the name of the node
            type: AN # the type of the node (AN or UPF)
          UPF:  # the name of the node
            type: UPF # the type of the node (AN or UPF)
            nodeID: 10.100.50.241 # the IP/FQDN of N4 interface on this UPF (PFCP)
            sNssaiUpfInfos: # S-NSSAI information list for this UPF
                  - sNssai: # S-NSSAI (Single Network Slice Selection Assistance Information)
                      sst: 1 # Slice/Service Type (uinteger, range: 0~255)
                      sd: 010203 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)
                    dnnUpfInfoList: # DNN information list for this S-NSSAI
                      - dnn: internet
                        pools:
                          - cidr: 10.1.0.0/17
                          - cidr: 2001:db8:cafe::1/48
                  - sNssai: # S-NSSAI (Single Network Slice Selection Assistance Information)
                      sst: 1 # Slice/Service Type (uinteger, range: 0~255)
                      sd: 112233 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)
                    dnnUpfInfoList: # DNN information list for this S-NSSAI
                      - dnn: internet
                        pools:
                          - cidr: 10.1.128.0/17
            interfaces: # Interface list for this UPF
                  - interfaceType: N3 # the type of the interface (N3 or N9)
                    endpoints: # the IP address of this N3/N9 interface on this UPF
                      - 10.100.50.233
                    networkInstances: internet # Data Network Name (DNN)
        links: # the topology graph of userplane, A and B represent the two nodes of each link
          - A: gNB1
            B: UPF
      locality: area1 # Name of the location where a set of AMF, SMF and UPFs are located

PapaySail commented 1 year ago

Test configuration

✔ At the node

root@edgecom:/# sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
root@edgecom:/# sudo sysctl  net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1

forbidden sysctl: "net.ipv6.conf.all.forwarding" not allowlisted while trying to start the pod

📝Kubenetes environment: Enabling Unsafe Sysctls

https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/#enabling-unsafe-sysctls > All unsafe sysctls are disabled by default and must be allowed manually by the cluster admin on a per-node basis. Pods with disabled unsafe sysctls will be scheduled, but will fail to launch. ```powershell sergo@edgecom:~$ sudo nano /etc/kubernetes/kubelet-config.yaml sergo@edgecom:~$ sudo tail /etc/kubernetes/kubelet-config.yaml kubeReserved: cpu: 200m memory: 512Mi resolvConf: "/run/systemd/resolve/resolv.conf" eventRecordQPS: 5 shutdownGracePeriod: 60s shutdownGracePeriodCriticalPods: 20s allowedUnsafeSysctls: - "net.ipv4.ip_forward" - "net.ipv6.conf.all.forwarding" ``` >Files under this path will be monitored periodically for updates. The monitoring period is 20s by default But it's not really monitored. So [restart kubelet](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-reconfigure/#reflecting-the-kubelet-changes): ```prolog sergo@edgecom:~$ sudo systemctl restart kubelet.service sergo@edgecom:~$ sudo systemctl status kubelet.service * kubelet.service - Kubernetes Kubelet Server Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2023-06-19 12:08:46 MSK; 4s ago Docs: https://github.com/GoogleCloudPlatform/kubernetes Main PID: 182604 (kubelet) Tasks: 0 (limit: 14275) Memory: 46.7M CPU: 1.572s CGroup: /system.slice/kubelet.service > 182604 /usr/local/bin/kubelet --logtostderr=true --v=2 --node-ip=188.120.232.247 --hostname-override=edgecom --bootstrap-kubeconfig=/etc/> Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.907203 182604 memory_manager.go:168] "Starting memorymanager" policy="None" Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.907259 182604 state_mem.go:35] "Initializing new in-memory state store" Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.908035 182604 state_mem.go:75] "Updated machine memory state" Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.908069 182604 state_checkpoint.go:82] "State checkpoint: restored state from checkpoint" Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.941672 182604 manager.go:247] "Starting Device Plugin manager" Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.941763 182604 manager.go:610] "Failed to read data from checkpoint" checkpoint="kubelet_interna> Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.942101 182604 manager.go:289] "Serving device plugin registration server on socket" path="/var/> Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.942550 182604 plugin_watcher.go:52] "Plugin Watcher Start" path="/var/lib/kubelet/plugins_regis> Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.943348 182604 plugin_manager.go:112] "The desired_state_of_world populator (plugin watcher) sta> Jun 19 12:08:47 edgecom kubelet[182604]: I0619 12:08:47.943380 182604 plugin_manager.go:114] "Starting Kubelet Plugin Manager" ```

🚫 Open5GS: SMF not generated IPv6 address: `IPv4[10.45.0.2] IPv6[]`

Details

SMF log: ```ruby 06/19 11:34:13.329: [smf] INFO: [Added] Number of SMF-UEs is now 1 (../src/smf/context.c:898) 06/19 11:34:13.330: [smf] INFO: [Added] Number of SMF-Sessions is now 1 (../src/smf/context.c:2975) 06/19 11:34:13.330: [sbi] WARNING: Try to discover [nudm-sdm] (../lib/sbi/path.c:114) 06/19 11:34:13.331: [sbi] INFO: [dce0ad0a-0e82-41ee-8db6-1b1e2f11e58b] (NF-discover) NF registered (../lib/sbi/nnrf-handler.c:731) 06/19 11:34:13.331: [sbi] INFO: [dce0ad0a-0e82-41ee-8db6-1b1e2f11e58b] (NF-discover) NF Profile updated (../lib/sbi/nnrf-handler.c:75 06/19 11:34:13.337: [sbi] WARNING: Try to discover [npcf-smpolicycontrol] (../lib/sbi/path.c:114) 06/19 11:34:13.339: [sbi] INFO: [ec11dd08-0e82-41ee-b100-a959cc55f6bc] (NF-discover) NF registered (../lib/sbi/nnrf-handler.c:731) 06/19 11:34:13.339: [sbi] INFO: [ec11dd08-0e82-41ee-b100-a959cc55f6bc] (NF-discover) NF Profile updated (../lib/sbi/nnrf-handler.c:75 06/19 11:34:13.348: [smf] INFO: UE SUPI[imsi-999700000000001] DNN[internet] IPv4[10.45.0.2] IPv6[] (../src/smf/npcf-handler.c:495) 06/19 11:34:13.350: [gtp] INFO: gtp_connect() [10.233.11.131]:2152 (../lib/gtp/path.c:60) 06/19 11:34:13.351: [sbi] WARNING: Try to discover [namf-comm] (../lib/sbi/path.c:114) 06/19 11:34:13.353: [sbi] INFO: [126ac934-0e91-41ee-9763-6957c5324718] (NF-discover) NF registered (../lib/sbi/nnrf-handler.c:731) 06/19 11:34:13.353: [sbi] INFO: [126ac934-0e91-41ee-9763-6957c5324718] (NF-discover) NF Profile updated (../lib/sbi/nnrf-handler.c:75 ``` SMF config file: ```yaml I have no name!@open5gs-smf-bc5db4dd6-kpqd7:~$ cat /opt/open5gs/etc/open5gs/smf.yaml logger: level: info parameter: {} smf: sbi: - dev: "eth0" port: 7777 pfcp: - dev: "eth0" port: 8805 gtpc: - dev: "eth0" port: 2123 gtpu: - dev: "eth0" port: 2152 subnet: # - # addr: 10.45.0.1/16 # dnn: internet - addr: 2001:db8:cafe::1/48 addr: 10.45.0.1/16 dnn: internet dns: - 8.8.8.8 - 8.8.4.4 - 2001:4860:4860::8888 - 2001:4860:4860::8844 mtu: 1400 nrf: sbi: - name: open5gs-nrf-sbi port: 7777 upf: pfcp: - name: edgecomllc-eupf-universal-chart port: 8805 ```

PapaySail commented 1 year ago

⚠ SMF warning about our eUPF:

06/19 11:55:41.266: [pfcp] WARNING: F-TEID allocation/release not supported with peer [10.233.11.131]:8805 (../lib/pfcp/handler.c:138)
06/19 11:55:41.266: [smf] INFO: PFCP associated [10.233.11.131]:8805 (../src/smf/pfcp-sm.c:174)
06/19 11:55:41.270: [sbi] INFO: [36d0814a-0e98-41ee-ace5-d9241dadb005] NF registered [Heartbeat:10s] (../lib/sbi/nf-sm.c:222)

@pirog-spb is it interesting?

pirog-spb commented 1 year ago

UPF don't support UE address allocation at the moment. So this behaviour is expected

PapaySail commented 1 year ago

TODO after first trys:

n6 interface: add IPv6 addr
add routings -6 over n6 interface

PapaySail commented 1 year ago

⚠ Orange-OpenSource/towards5gs-helm for free5gc

Something broken in new apps release free5GC v3.3.0, it can't read "logger" section of config

```ruby 2023-06-20T12:58:11.346259507Z [INFO][WEBUI][Main] WEBUI version: free5GC version: v3.3.0 build time: 2023-06-20T08:01:33Z commit hash: 2b9cc4c3 commit time: 2023-05-31T04:51:46Z go version: go1.17.8 linux/amd64 2023-06-20T12:58:11.346407470Z [INFO][WEBUI][CFG] Read config from [../config/webuicfg.yaml] 2023-06-20T12:58:11.346601597Z [ERRO][WEBUI][Main] WEBUI Run error: ReadConfig [../config/webuicfg.yaml] Error: [Factory] yaml: unmarshal errors: line 11: cannot unmarshal !!str `logger:...` into factory.Logger ```

.

PapaySail commented 1 year ago

🚫Free5GS SMF can't give IPv6 address

[WARN][SMF][CTX] Pool is empty: 2001:db8:cafe::/48

Details

Then IPv6 cidr set only. SMF log: ```ruby 2023-06-22T10:30:47.222179719Z [INFO][SMF][PduSess] Receive Create SM Context Request 2023-06-22T10:30:47.222436295Z [INFO][SMF][PduSess] In HandlePDUSessionSMContextCreate 2023-06-22T10:30:47.222498362Z [INFO][SMF][CTX] UrrPeriod: 0s 2023-06-22T10:30:47.222512140Z [INFO][SMF][CTX] UrrThreshold: 0 2023-06-22T10:30:47.226461982Z [INFO][SMF][PduSess][pdu_session_id:1][supi:imsi-208930000000003] Send NF Discovery Serving UDM Successfully 2023-06-22T10:30:47.234717927Z [INFO][SMF][GSM] In HandlePDUSessionEstablishmentRequest 2023-06-22T10:30:47Z [INFO][NAS][Convert] ProtocolOrContainerList: [0xc000354820 0xc000354840] 2023-06-22T10:30:47.234786818Z [INFO][SMF][GSM] Protocol Configuration Options 2023-06-22T10:30:47.234799118Z [INFO][SMF][GSM] &{[0xc000354820 0xc000354840]} 2023-06-22T10:30:47.234806892Z [INFO][SMF][GSM] Didn't Implement container type IPAddressAllocationViaNASSignallingUL 2023-06-22T10:30:47.240108248Z [INFO][SMF][Consumer] SendNFDiscoveryServingAMF ok 2023-06-22T10:30:47.240298951Z [WARN][SMF][CTX] Pool is empty: 2001:db8:cafe::/48 2023-06-22T10:30:47.240315321Z [WARN][SMF][CTX] UE IP pool exhausted for DNN[internet] S-NSSAI[sst: 1 sd: 010203] DNAI[] 2023-06-22T10:30:47.240323216Z [INFO][SMF][PduSess][pdu_session_id:1][supi:imsi-208930000000003] Allocated PDUAdress[] 2023-06-22T10:30:47.240339992Z [ERRO][SMF][PduSess][pdu_session_id:1][supi:imsi-208930000000003] PDUSessionSMContextCreate err: fail to allocate PDU address, Selection Parameter: Dnn: internet Sst: 1, Sd: 010203 2023-06-22T10:30:47.240544625Z [INFO][SMF][GIN] | 500 | 10.233.78.109 | POST | /nsmf-pdusession/v1/sm-contexts | 2023-06-22T10:30:47.240627815Z [INFO][SMF][PduSess][pdu_session_id:1][supi:imsi-208930000000003] smContext[urn:uuid:eeacf2cc-fee2-4a43-af70-526ae37bf04b] is deleted from pool ``` SMF Config: ```yaml /free5gc/smf # cat ../config/smfcfg.yaml info: version: 1.0.7 description: SMF initial local configuration configuration: serviceNameList: - nsmf-pdusession - nsmf-event-exposure - nsmf-oam sbi: scheme: http registerIPv4: free5gc-free5gc-smf-service # IP used to register to NRF bindingIPv4: 0.0.0.0 # IP used to bind the service port: 80 tls: key: cert/smf.key pem: cert/smf.pem nrfUri: http://nrf-nnrf:8000 pfcp: nodeID: 10.100.50.245 listenAddr: 10.100.50.245 externalAddr: 10.100.50.245 smfName: SMF snssaiInfos: - sNssai: sst: 1 sd: 010203 dnnInfos: # DNN information list - dnn: internet # Data Network Name dns: # the IP address of DNS ipv4: 8.8.8.8 ipv6: 2001:4860:4860::8888 - sNssai: sst: 1 sd: 112233 dnnInfos: # DNN information list - dnn: internet # Data Network Name dns: # the IP address of DNS ipv4: 8.8.8.8 ipv6: 2001:4860:4860::8888 - sNssai: sst: 2 sd: 112234 dnnInfos: - dnn: internet dns: ipv4: 8.8.8.8 ipv6: 2001:4860:4860::8888 plmnList: # the list of PLMN IDs that this SMF belongs to (optional, remove this key when unnecessary) - mcc: 208 # Mobile Country Code (3 digits string, digit: 0~9) mnc: 93 # Mobile Network Code (2 or 3 digits string, digit: 0~9) userplaneInformation: # list of userplane information upNodes: # information of userplane node (AN or UPF) gNB1: # the name of the node type: AN # the type of the node (AN or UPF) UPF: # the name of the node type: UPF # the type of the node (AN or UPF) nodeID: 10.100.50.241 # the IP/FQDN of N4 interface on this UPF (PFCP) addr: 10.100.50.241 # the IP/FQDN of N4 interface on this UPF (PFCP) sNssaiUpfInfos: # S-NSSAI information list for this UPF - sNssai: # S-NSSAI (Single Network Slice Selection Assistance Information) sst: 1 # Slice/Service Type (uinteger, range: 0~255) sd: 010203 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF) dnnUpfInfoList: # DNN information list for this S-NSSAI - dnn: internet pools: - cidr: 2001:db8:cafe::/48 staticPools: - cidr: 10.1.64.0/24 - sNssai: # S-NSSAI (Single Network Slice Selection Assistance Information) sst: 1 # Slice/Service Type (uinteger, range: 0~255) sd: 112233 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF) dnnUpfInfoList: # DNN information list for this S-NSSAI - dnn: internet pools: - cidr: 10.1.128.0/17 staticPools: - cidr: 10.1.192.0/24 interfaces: # Interface list for this UPF - interfaceType: N3 # the type of the interface (N3 or N9) endpoints: # the IP address of this N3/N9 interface on this UPF - 10.100.50.233 networkInstances: - internet # Data Network Name (DNN) links: # the topology graph of userplane, A and B represent the two nodes of each link - A: gNB1 B: UPF locality: area1 # Name of the location where a set of AMF, SMF and UPFs are located t3591: enable: true # true or false expireTime: 16s # default is 6 seconds maxRetryTimes: 3 # the max number of retransmission # retransmission timer for pdu session release command t3592: enable: true # true or false expireTime: 16s # default is 6 seconds maxRetryTimes: 3 # the max number of retransmission logger: enable: true level: info reportCaller: false ```

pirog-spb commented 1 year ago

FYI

PapaySail commented 1 year ago

📝 https://github.com/aligungr/UERANSIM/wiki/Configuration#ue-configuration

Only IPv4 is supported for now as a PDU session type.

https://github.com/aligungr/UERANSIM/blob/3a96298fa284b0da261a60439b21c1adf1677aea/src/gnb/gtp/task.cpp#L185

    // ignore non IPv4 packets
    if ((data[0] >> 4 & 0xF) != 4)
        return;

edgecomllc / eupf