vrr/open5gs
2
0
Fork 0
mirror of https://github.com/open5gs/open5gs.git synced 2026-04-28 19:39:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
open5gs/docs/_docs/tutorial/05-roaming.md
Sukchan Lee 642f827f0c Follow-up on #4213
2025-12-23 15:09:13 +09:00

1951 lines
60 KiB
Markdown
Raw Blame History

---
title: Roaming
---
## 0. Introduction
This document explains how to install and test 5G Core Roaming using Open5GS. Since roaming cannot be tested with UERANSIM, we use Open5GS's built-in test environment.
Open5GS supports both LBO (Local Breakout) and HR (Home Routed) roaming methods. The 5G roaming implementation follows the specifications outlined in the document below:
```
TS29.500
6 General Functionalities in Service Based Architecture
6.1 Routing Mechanisms
6.1.4.3 Routing across PLMN
```
This explanation assumes that you have already completed the UE connection test on a single host.
## 1. Your First Roaming with Test Program
#### Build & Install
Git clone, compile and install:
```
$ git clone https://github.com/open5gs/open5gs
$ cd open5gs
$ meson build --prefix=`pwd`/install
$ ninja -C build install
```
#### Configure DNS for FQDN Resolution
For routing to the Home PLMN, the NRF, AUSF, and UDM addresses in H-PLMN must use FQDN format. Additionally, for HR roaming, NSSF, SMF, and BSF must also use FQDN format. Please edit the /etc/hosts file as follows:
```diff
--- hosts 2025-07-15 08:33:36.594334895 +0900
+++ /etc/hosts 2025-07-15 08:46:53.727356793 +0900
@@ -1,6 +1,27 @@
127.0.0.1 localhost
127.0.1.1 open5gs
+127.0.1.10 nrf.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.11 ausf.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.12 udm.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.14 nssf.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.4 smf.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.15 bsf.5gc.mnc070.mcc999.3gppnetwork.org
+
+127.0.2.10 nrf.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.11 ausf.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.12 udm.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.14 nssf.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.4 smf.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.15 bsf.5gc.mnc001.mcc001.3gppnetwork.org
+
+127.0.3.10 nrf.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.11 ausf.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.12 udm.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.14 nssf.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.4 smf.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.15 bsf.5gc.mnc010.mcc315.3gppnetwork.org
+
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
```
#### Run the V-PLMN 5G Core and H-PLMN 5G Core on a single host
5G Core requires root privileges as it uses reserved ports such as http(80) or https(443).
```
$ sudo ./build/tests/app/5gc -c ./build/configs/examples/5gc-sepp1-999-70.yaml
$ sudo ./build/tests/app/5gc -c ./build/configs/examples/5gc-sepp2-001-01.yaml
$ sudo ./build/tests/app/5gc -c ./build/configs/examples/5gc-sepp3-315-010.yaml
```
Test UE access while roaming with UEs subscribed to different H-PLMNs. The same test commands work for both LBO and HR roaming scenarios - the roaming type is determined by the network configuration and policies:
```
$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-999-70-ue-001-01.yaml simple-test
$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-999-70-ue-315-010.yaml simple-test
$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-001-01-ue-999-70.yaml simple-test
$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-001-01-ue-315-010.yaml simple-test
$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-315-010-ue-999-70.yaml simple-test
$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-315-010-ue-001-01.yaml simple-test
```
You can see the sample traffic for both roaming types:
- LBO Roaming: [[5g-roaming-lbo.pcapng]]({{ site.url }}{{ site.baseurl }}/assets/pcapng/5g-roaming-lbo.pcapng)
- HR Roaming: [[5g-roaming-hr.pcapng]]({{ site.url }}{{ site.baseurl }}/assets/pcapng/5g-roaming-hr.pcapng)
## 2. Roaming Test on a Single Host
Open5GS now supports both roaming architectures:
1. **LBO (Local Breakout)**: User plane traffic is routed locally through the visited network's UPF
2. **HR (Home Routed)**: User plane traffic is routed back to the home network's UPF through the visited network
The choice between LBO and HR is determined by subscriber configuration and roaming agreements. In Open5GS WebUI, you can configure the roaming type for each subscriber session using the `lbo_roaming_allowed` parameter:
- **LBO Roaming**: Set `Subscriber.slice.session.lbo_roaming_allowed` to `true`
- **HR Roaming**: Set `Subscriber.slice.session.lbo_roaming_allowed` to `false` or leave it unset (default behavior)
This allows flexible per-session roaming policy configuration based on subscriber profiles and service requirements.
### Home PLMN
The NRF must include PLMN information when serving in a 5G roaming environment. This enables proper network function discovery and routing by providing the necessary PLMN context for roaming subscribers.
**Create h-nrf.yaml:**
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/h-nrf.yaml
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/h-nrf.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
nrf:
serving: # 5G roaming requires PLMN in NRF
- plmn_id:
mcc: 999
mnc: 70
sbi:
server:
- address: nrf.5gc.mnc070.mcc999.3gppnetwork.org
EOF'
```
The SCP acts as a communication proxy between different network functions, enabling indirect communication and service discovery in the 5G Service Based Architecture.
**Create h-scp.yaml:**
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/h-scp.yaml
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/h-scp.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
scp:
sbi:
server:
- address: 127.0.1.200
port: 7777
client:
nrf:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
EOF'
```
AUSF handles authentication procedures for UE access. It must use FQDN in the Home PLMN for proper authentication in roaming scenarios, ensuring that roaming subscribers can be properly authenticated by the home network.
**Update ausf.yaml:**
```diff
diff -u ./install/etc/open5gs/ausf.yaml.old ./install/etc/open5gs/ausf.yaml
--- ./install/etc/open5gs/ausf.yaml.old 2023-11-19 17:50:12.469116283 +0900
+++ ./install/etc/open5gs/ausf.yaml 2023-11-19 17:52:35.201116202 +0900
@@ -10,13 +10,12 @@
ausf:
sbi:
server:
- - address: 127.0.0.11
- port: 7777
+ - address: ausf.5gc.mnc070.mcc999.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- - uri: http://127.0.0.200:7777
+ - uri: http://127.0.1.200:7777
################################################################################
# SBI Server
```
UDM handles user data management and subscription information. It must also use Home PLMN FQDN to ensure proper user data retrieval and management for roaming subscribers.
**Update udm.yaml:**
```diff
$ diff -u ./install/etc/open5gs/udm.yaml.old ./install/etc/open5gs/udm.yaml
--- ./install/etc/open5gs/udm.yaml.old 2023-11-19 17:50:17.713116280 +0900
+++ ./install/etc/open5gs/udm.yaml 2023-11-19 17:52:40.701116199 +0900
@@ -29,13 +29,12 @@
key: /home/acetcom/Documents/git/open5gs/install/etc/open5gs/hnet/secp256r1-6.key
sbi:
server:
- - address: 127.0.0.12
- port: 7777
+ - address: udm.5gc.mnc070.mcc999.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- - uri: http://127.0.0.200:7777
+ - uri: http://127.0.1.200:7777
#
################################################################################
```
UDR stores subscription data and user profiles. It needs updated SCP client configuration to properly communicate with other network functions through the service communication proxy.
**Update udr.yaml:**
```diff
$ diff -u ./install/etc/open5gs/udr.yaml.old ./install/etc/open5gs/udr.yaml
--- ./install/etc/open5gs/udr.yaml.old 2023-11-19 18:00:27.049115935 +0900
+++ ./install/etc/open5gs/udr.yaml 2023-11-19 18:00:31.713115932 +0900
@@ -17,7 +17,7 @@
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- - uri: http://127.0.0.200:7777
+ - uri: http://127.0.1.200:7777
################################################################################
# SBI Server
```
SMF manages PDU sessions and requires comprehensive configuration for data plane handling. It coordinates with UPF for user plane traffic and handles session establishment, modification, and termination.
**Create h-smf.yaml:**
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/h-smf.yaml
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/smf.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
smf:
sbi:
server:
- address: smf.5gc.mnc070.mcc999.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.1.10:7777
scp:
- uri: http://127.0.1.200:7777
pfcp:
server:
- address: 127.0.1.4
client:
upf:
- address: 127.0.1.7
gtpc:
server:
- address: 127.0.1.4
gtpu:
server:
- address: 127.0.1.4
metrics:
server:
- address: 127.0.1.4
port: 9090
session:
- subnet: 10.46.0.0/16
gateway: 10.46.0.1
- subnet: 2001:db8:babe::/48
gateway: 2001:db8:babe::1
dns:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
mtu: 1400
EOF'
```
UPF handles user data forwarding and requires coordination with SMF. It manages the user plane traffic routing and forwarding, including packet inspection and QoS enforcement.
**Create h-upf.yaml:**
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/h-upf.yaml
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/upf.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
upf:
pfcp:
server:
- address: 127.0.1.7
client:
# smf: # UPF PFCP Client try to associate SMF PFCP Server
# - address: 127.0.1.4
gtpu:
server:
- address: 127.0.1.7
session:
- subnet: 10.46.0.0/16
gateway: 10.46.0.1
dev: ogstun2
- subnet: 2001:db8:babe::/48
gateway: 2001:db8:babe::1
dev: ogstun2
metrics:
server:
- address: 127.0.1.7
port: 9090
EOF'
```
PCF provides policy control and charging rules for subscriber sessions. It determines QoS policies, charging rules, and session management policies based on subscriber profiles and network conditions.
**Create h-pcf.yaml:**
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/h-pcf.yaml
db_uri: mongodb://localhost/open5gs
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/pcf.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
pcf:
sbi:
server:
- address: 127.0.1.13
port: 7777
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.1.200:7777
metrics:
server:
- address: 127.0.1.13
port: 9090
EOF'
```
BSF manages binding information for network functions. It maintains bindings between different network function instances and provides binding discovery services for dynamic network function selection.
**Create h-bsf.yaml:**
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/h-bsf.yaml
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/bsf.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
bsf:
sbi:
server:
- address: 127.0.1.15
port: 7777
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.1.200:7777
EOF'
```
NSSF handles network slice selection and must use FQDN for proper slice identification. It determines which network slice instance should serve a particular UE based on subscription information and network slice availability.
**Create h-nssf.yaml:**
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/h-nssf.yaml
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/nssf.log
# level: info # fatal|error|warn|info(default)|debug|trace
global:
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
nssf:
sbi:
server:
- address: nssf.5gc.mnc070.mcc999.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.1.200:7777
nsi:
- uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
s_nssai:
sst: 1
EOF'
```
SEPP handles security for inter-PLMN communication and requires SCP client update. It provides security functions for N32 interface communication between different PLMN networks, including message filtering and topology hiding.
**Update sepp1.yaml:**
```diff
$ diff -u ./install/etc/open5gs/sepp1.yaml.old ./install/etc/open5gs/sepp1.yaml
--- ./install/etc/open5gs/sepp1.yaml.old 2023-11-19 19:11:02.293113538 +0900
+++ ./install/etc/open5gs/sepp1.yaml 2023-11-19 19:11:22.429113526 +0900
@@ -23,7 +23,7 @@
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- - uri: http://127.0.0.200:7777
+ - uri: http://127.0.1.200:7777
n32:
server:
- sender: sepp1.localdomain
```
### Visited PLMN
The visited network NRF must be configured with the visited PLMN ID and use appropriate FQDN for network function registration and discovery.
**Update nrf.yaml:**
```diff
$ diff -u ./install/etc/open5gs/nrf.yaml ./install.new/etc/open5gs/nrf.yaml
--- ./install/etc/open5gs/nrf.yaml 2025-07-18 21:57:51.244553083 +0900
+++ ./install.new/etc/open5gs/nrf.yaml 2025-07-18 21:32:57.596880880 +0900
@@ -11,12 +11,11 @@
nrf:
serving: # 5G roaming requires PLMN in NRF
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 001
+ mnc: 01
sbi:
server:
- - address: 127.0.0.10
- port: 7777
+ - address: nrf.5gc.mnc001.mcc001.3gppnetwork.org
################################################################################
# SBI Server
```
The visited network SCP must be updated to reference the visited network NRF for proper service discovery and communication routing.
**Update scp.yaml:**
```diff
$ diff -u ./install/etc/open5gs/scp.yaml ./install.new/etc/open5gs/scp.yaml
--- ./install/etc/open5gs/scp.yaml 2025-07-18 21:57:51.262552520 +0900
+++ ./install.new/etc/open5gs/scp.yaml 2025-07-18 21:33:54.670492255 +0900
@@ -15,7 +15,7 @@
port: 7777
client:
nrf:
- - uri: http://127.0.0.10:7777
+ - uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
################################################################################
# SCP Info
```
AMF handles access and mobility management for UEs. The visited network AMF must be configured to support both home and visited PLMN access control, and handle roaming subscribers appropriately.
**Update amf.yaml:**
```diff
$ diff -u ./install/etc/open5gs/amf.yaml ./install.new/etc/open5gs/amf.yaml
--- ./install/etc/open5gs/amf.yaml 2025-07-18 21:57:51.173555303 +0900
+++ ./install.new/etc/open5gs/amf.yaml 2025-07-18 21:05:05.396288769 +0900
@@ -20,27 +20,34 @@
- uri: http://127.0.0.200:7777
ngap:
server:
- - address: 127.0.0.5
+ - address: 127.0.2.5
metrics:
server:
- address: 127.0.0.5
port: 9090
- guami:
+ access_control:
+ - plmn_id:
+ mcc: 001
+ mnc: 01
- plmn_id:
mcc: 999
mnc: 70
+ guami:
+ - plmn_id:
+ mcc: 001
+ mnc: 01
amf_id:
region: 2
set: 1
tai:
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 001
+ mnc: 01
tac: 1
plmn_support:
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 001
+ mnc: 01
s_nssai:
- sst: 1
security:
```
The visited network SMF must use the visited PLMN FQDN for proper session management and coordination with other network functions.
**Update smf.yaml:**
```diff
$ diff -u ./install/etc/open5gs/smf.yaml ./install.new/etc/open5gs/smf.yaml
--- ./install/etc/open5gs/smf.yaml 2025-07-18 21:57:51.154555897 +0900
+++ ./install.new/etc/open5gs/smf.yaml 2025-07-18 21:28:29.423632460 +0900
@@ -11,8 +11,7 @@
smf:
sbi:
server:
- - address: 127.0.0.4
- port: 7777
+ - address: smf.5gc.mnc001.mcc001.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
Due to the absence of UDR in the visiting network, V-PCF uses locally configured policies. When the UE is located in the home PLMN (999/70), MongoDB is used. When the UE is located in the visiting PLMN (001/01), locally configured policies are used based on roaming agreements.
**Update pcf.yaml:**
```diff
$ diff --git a/configs/open5gs/pcf.yaml.in b/configs/open5gs/pcf.yaml.in
index 4c5d103f9..d16e85728 100644
--- a/configs/open5gs/pcf.yaml.in
+++ b/configs/open5gs/pcf.yaml.in
@@ -23,6 +23,84 @@ pcf:
server:
- address: 127.0.0.13
port: 9090
+ policy:
+ - supi_range:
+ - 999700000000001-999709999999999
+ slice:
+ - sst: 1 # 1,2,3,4
+ default_indicator: true
+ session:
+ - name: internet
+ type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
+ ambr:
+ downlink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 1
+ unit: 3
+ qos:
+ index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ - name: ims
+ type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
+ ambr:
+ downlink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ qos:
+ index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ pcc_rule:
+ - qos:
+ index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ mbr:
+ downlink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ gbr:
+ downlink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ - qos:
+ index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 2 # 1: Disabled, 2:Enabled
+ mbr:
+ downlink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ gbr:
+ downlink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
################################################################################
# PCF Policy Configuration: UE Home PLMN and SUPI Range Based Policies
```
The visited network BSF requires updated addresses to align with the visited network addressing scheme.
**Update bsf.yaml:**
```diff
$ diff -u ./install/etc/open5gs/bsf.yaml ./install.new/etc/open5gs/bsf.yaml
--- ./install/etc/open5gs/bsf.yaml 2025-12-23 15:08:00.929141999 +0900
+++ ./install.new/etc/open5gs/bsf.yaml 2025-12-23 15:08:31.540143864 +0900
@@ -11,7 +11,7 @@
bsf:
sbi:
server:
- - address: 127.0.0.15
+ - address: 127.0.2.15
port: 7777
client:
# nrf:
```
The visited network NSSF must use the visited PLMN FQDN and reference the appropriate NRF for network slice selection services.
**Update nssf.yaml:**
```diff
diff -u ./install/etc/open5gs/nssf.yaml ./install.new/etc/open5gs/nssf.yaml
--- ./install/etc/open5gs/nssf.yaml 2025-07-18 21:57:51.387548612 +0900
+++ ./install.new/etc/open5gs/nssf.yaml 2025-07-18 21:21:33.415221920 +0900
@@ -11,15 +11,14 @@
nssf:
sbi:
server:
- - address: 127.0.0.14
- port: 7777
+ - address: nssf.5gc.mnc001.mcc001.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.0.200:7777
nsi:
- - uri: http://127.0.0.10:7777
+ - uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
s_nssai:
sst: 1
################################################################################
```
### Run the V-PLMN 5G Core and H-PLMN 5G Core on a single host
#### Home Network
5G Core requires root privileges as it uses reserved ports such as http(80) or https(443).
```
$ sudo ./install/bin/open5gs-nrfd -c ./install/etc/open5gs/h-nrf.yaml
$ ./install/bin/open5gs-scpd -c ./install/etc/open5gs/h-scp.yaml
$ sudo ./install/bin/open5gs-ausfd
$ sudo ./install/bin/open5gs-udmd
$ ./install/bin/open5gs-udrd
$ sudo ./install/bin/open5gs-smfd -c ./install/etc/open5gs/h-smf.yaml
$ ./install/bin/open5gs-upfd -c ./install/etc/open5gs/h-upf.yaml
$ ./install/bin/open5gs-pcfd -c ./install/etc/open5gs/h-pcf.yaml
$ ./install/bin/open5gs-bsfd -c ./install/etc/open5gs/h-bsf.yaml
$ sudo ./install/bin/open5gs-nssfd -c ./install/etc/open5gs/h-nssf.yaml
$ ./install/bin/open5gs-seppd -c ./install/etc/open5gs/sepp1.yaml
```
#### Visited Network
```
$ sudo ./install/bin/open5gs-nrfd
$ ./install/bin/open5gs-scpd
$ ./install/bin/open5gs-amfd
$ sudo ./install/bin/open5gs-smfd
$ ./install/bin/open5gs-upfd
$ ./install/bin/open5gs-pcfd
$ ./install/bin/open5gs-bsfd
$ sudo ./install/bin/open5gs-nssfd
$ ./install/bin/open5gs-seppd -c ./install/etc/open5gs/sepp2.yaml
```
### Performs a test of UE access while roaming subscribed to H-PLMN.
```
$ ./build/tests/registration/registration -c ./build/configs/examples/gnb-001-01-ue-999-70.yaml simple-test
```
## 3. Roaming Deployment
### VM and Subscriber Information
Each VMs are as follows.
- VM1
```
Hostname: sepp1.localdomain
PLMN-ID: MNC(999), MNC(70)
IP Address: 10.10.1.5
N32-c: 10.10.1.251
N32-c: 10.10.1.252
```
- VM2
```
Hostname: sepp2.localdomain
PLMN-ID: MNC(001), MNC(01)
IP Address: 10.10.2.5
N32-c: 10.10.2.251
N32-c: 10.10.2.252
```
- VM3
```
Hostname: sepp3.localdomain
PLMN-ID: MNC(003), MNC(03)
IP Address: 10.10.3.5
N32-c: 10.10.3.251
N32-c: 10.10.3.252
```
- Subscriber
```
imsi-999700000000001
imsi-001010000000001
imsi-315010000000001
```
### Setting for VM1
- Edit /etc/hosts
```diff
$ diff -u hosts.old hosts.new
--- hosts.old 2025-07-19 07:02:44.813666212 +0900
+++ hosts.new 2025-07-19 07:02:51.019489167 +0900
@@ -1,6 +1,13 @@
127.0.0.1 localhost
127.0.1.1 open5gs
+127.0.1.10 nrf.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.11 ausf.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.12 udm.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.14 nssf.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.4 smf.5gc.mnc070.mcc999.3gppnetwork.org
+127.0.1.15 bsf.5gc.mnc070.mcc999.3gppnetwork.org
+
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
```
NRF shall follow TS23.003(28.3.2.3.2 Format of NRF FQDN) for routing.
- Update nrf.yaml
```diff
$ diff --git a/configs/open5gs/nrf.yaml.in b/configs/open5gs/nrf.yaml.in
index 3996b2bd9..e57f286b7 100644
--- a/configs/open5gs/nrf.yaml.in
+++ b/configs/open5gs/nrf.yaml.in
@@ -13,8 +13,7 @@ nrf:
mnc: 70
sbi:
server:
- - address: 127.0.0.10
- port: 7777
+ - address: nrf.5gc.mnc070.mcc999.3gppnetwork.org
################################################################################
# SBI Server
```
- Update scp.yaml
```diff
$ diff --git a/configs/open5gs/scp.yaml.in b/configs/open5gs/scp.yaml.in
index 9be6cdc93..eee7d3e3f 100644
--- a/configs/open5gs/scp.yaml.in
+++ b/configs/open5gs/scp.yaml.in
@@ -13,7 +13,7 @@ scp:
port: 7777
client:
nrf:
- - uri: http://127.0.0.10:7777
+ - uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
################################################################################
# SCP Info
```
- Update nssf.yaml
```diff
$ diff --git a/configs/open5gs/nssf.yaml.in b/configs/open5gs/nssf.yaml.in
index 015085f56..92ceb63b5 100644
--- a/configs/open5gs/nssf.yaml.in
+++ b/configs/open5gs/nssf.yaml.in
@@ -11,15 +11,14 @@ global:
nssf:
sbi:
server:
- - address: 127.0.0.14
- port: 7777
+ - address: nssf.5gc.mnc070.mcc999.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.0.200:7777
nsi:
- - uri: http://127.0.0.10:7777
+ - uri: http://nrf.5gc.mnc070.mcc999.3gppnetwork.org
s_nssai:
sst: 1
################################################################################
```
AUSF, UDM and SMF shall use FQDN in the Home PLMN.
- Update ausf.yaml
```diff
$ diff --git a/configs/open5gs/ausf.yaml.in b/configs/open5gs/ausf.yaml.in
index cd272cd3f..3e1cb67eb 100644
--- a/configs/open5gs/ausf.yaml.in
+++ b/configs/open5gs/ausf.yaml.in
@@ -9,8 +9,7 @@ max:
ausf:
sbi:
server:
- - address: 127.0.0.11
- port: 7777
+ - address: ausf.5gc.mnc070.mcc999.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
- Update udm.yaml
```diff
$ diff --git a/configs/open5gs/udm.yaml.in b/configs/open5gs/udm.yaml.in
index ce650d5c2..ed756fc28 100644
--- a/configs/open5gs/udm.yaml.in
+++ b/configs/open5gs/udm.yaml.in
@@ -28,8 +28,7 @@ udm:
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
sbi:
server:
- - address: 127.0.0.12
- port: 7777
+ - address: udm.5gc.mnc070.mcc999.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
- Update smf.yaml
```diff
$ diff --git a/configs/open5gs/smf.yaml.in b/configs/open5gs/smf.yaml.in
index e47752393..b6cee9ff8 100644
--- a/configs/open5gs/smf.yaml.in
+++ b/configs/open5gs/smf.yaml.in
@@ -11,8 +11,7 @@ global:
smf:
sbi:
server:
- - address: 127.0.0.4
- port: 7777
+ - address: smf.5gc.mnc070.mcc999.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
AMF and UPF must use external IP addresses such as 10.10.1.x for communication between VM2 and VM3.
- Update amf.yaml
```diff
$ diff --git a/configs/open5gs/amf.yaml.in b/configs/open5gs/amf.yaml.in
index 938917e32..11a19c808 100644
--- a/configs/open5gs/amf.yaml.in
+++ b/configs/open5gs/amf.yaml.in
@@ -18,11 +18,21 @@ amf:
- uri: http://127.0.0.200:7777
ngap:
server:
- - address: 127.0.0.5
+ - address: 10.10.1.5
metrics:
server:
- address: 127.0.0.5
port: 9090
+ access_control:
+ - plmn_id:
+ mcc: 999
+ mnc: 70
+ - plmn_id:
+ mcc: 001
+ mnc: 01
+ - plmn_id:
+ mcc: 315
+ mnc: 010
guami:
- plmn_id:
mcc: 999
```
- Update upf.yaml
```diff
$ diff --git a/configs/open5gs/upf.yaml.in b/configs/open5gs/upf.yaml.in
index e78b018f1..3032a06c6 100644
--- a/configs/open5gs/upf.yaml.in
+++ b/configs/open5gs/upf.yaml.in
@@ -15,7 +15,7 @@ upf:
# - address: 127.0.0.4
gtpu:
server:
- - address: 127.0.0.7
+ - address: 10.10.1.5
session:
- subnet: 10.45.0.1/16
- subnet: 2001:db8:cafe::1/48
```
Due to the absence of UDR in the visiting network, V-PCF uses locally configured policies. When the UE is located in the home PLMN (999/70), MongoDB is used. On the other hand, when the UE is located in the visiting PLMN (001/01, 315/010), locally configured policies are used. This is because there is no session management policy data for the UE in the visiting network, so locally configured information based on the roaming agreement is used.
- Update pcf.yaml
```diff
$ diff --git a/configs/open5gs/pcf.yaml.in b/configs/open5gs/pcf.yaml.in
index 4c5d103f9..c1526ff3a 100644
--- a/configs/open5gs/pcf.yaml.in
+++ b/configs/open5gs/pcf.yaml.in
@@ -23,6 +23,85 @@ pcf:
server:
- address: 127.0.0.13
port: 9090
+ policy:
+ - supi_range:
+ - 001010000000001-001019999999999
+ - 315010000000001-315010999999999
+ slice:
+ - sst: 1 # 1,2,3,4
+ default_indicator: true
+ session:
+ - name: internet
+ type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
+ ambr:
+ downlink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 1
+ unit: 3
+ qos:
+ index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ - name: ims
+ type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
+ ambr:
+ downlink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ qos:
+ index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ pcc_rule:
+ - qos:
+ index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ mbr:
+ downlink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ gbr:
+ downlink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ - qos:
+ index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 2 # 1: Disabled, 2:Enabled
+ mbr:
+ downlink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ gbr:
+ downlink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
################################################################################
# PCF Policy Configuration: UE Home PLMN and SUPI Range Based Policies
```
For now we will set up SEPP without using TLS.
- Create sepp.yaml
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/sepp.yaml
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/sepp.log
# level: info # fatal|error|warn|info(default)|debug|trace
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
sepp:
sbi:
server:
- address: 127.0.0.250
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
n32:
server:
- sender: sepp1.localdomain
address: 10.10.1.251
port: 7777
n32f:
address: 10.10.1.252
port: 7777
client:
sepp:
- receiver: sepp2.localdomain
uri: http://10.10.2.251:7777
n32f:
uri: http://10.10.2.252:7777
- receiver: sepp3.localdomain
uri: http://10.10.3.251:7777
n32f:
uri: http://10.10.3.252:7777
EOF'
```
NFs requires root privileges as it uses reserved ports such as http (80) or https (443).
- Run NFs in VM1
```bash
$ sudo ./install/bin/open5gs-nrfd
$ sudo ./install/bin/open5gs-scpd
$ sudo ./install/bin/open5gs-seppd
$ sudo ./install/bin/open5gs-amfd
$ sudo ./install/bin/open5gs-smfd
$ sudo ./install/bin/open5gs-upfd
$ sudo ./install/bin/open5gs-ausfd
$ sudo ./install/bin/open5gs-udmd
$ sudo ./install/bin/open5gs-pcfd
$ sudo ./install/bin/open5gs-nssfd
$ sudo ./install/bin/open5gs-bsfd
$ sudo ./install/bin/open5gs-udrd
```
### Setting for VM2
- Edit /etc/hosts
```diff
$ diff -u hosts.old hosts.new
--- hosts.old 2025-07-19 07:02:44.813666212 +0900
+++ hosts.new 2025-07-19 07:03:40.466147375 +0900
@@ -1,6 +1,13 @@
127.0.0.1 localhost
127.0.1.1 open5gs
+127.0.2.10 nrf.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.11 ausf.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.12 udm.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.14 nssf.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.4 smf.5gc.mnc001.mcc001.3gppnetwork.org
+127.0.2.15 baf.5gc.mnc001.mcc001.3gppnetwork.org
+
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
```
NRF shall follow TS23.003(28.3.2.3.2 Format of NRF FQDN) for routing.
- Update nrf.yaml
```diff
$ diff --git a/configs/open5gs/nrf.yaml.in b/configs/open5gs/nrf.yaml.in
index 3996b2bd9..ab708abd8 100644
--- a/configs/open5gs/nrf.yaml.in
+++ b/configs/open5gs/nrf.yaml.in
@@ -9,12 +9,11 @@ max:
nrf:
serving: # 5G roaming requires PLMN in NRF
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 001
+ mnc: 01
sbi:
server:
- - address: 127.0.0.10
- port: 7777
+ - address: nrf.5gc.mnc001.mcc001.3gppnetwork.org
################################################################################
# SBI Server
```
- Update scp.yaml
```diff
$ diff --git a/configs/open5gs/scp.yaml.in b/configs/open5gs/scp.yaml.in
index 9be6cdc93..eee7d3e3f 100644
--- a/configs/open5gs/scp.yaml.in
+++ b/configs/open5gs/scp.yaml.in
@@ -13,7 +13,7 @@ scp:
port: 7777
client:
nrf:
- - uri: http://127.0.0.10:7777
+ - uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
################################################################################
# SCP Info
```
- Update nssf.yaml
```diff
$ diff --git a/configs/open5gs/nssf.yaml.in b/configs/open5gs/nssf.yaml.in
index 015085f56..92ceb63b5 100644
--- a/configs/open5gs/nssf.yaml.in
+++ b/configs/open5gs/nssf.yaml.in
@@ -11,15 +11,14 @@ global:
nssf:
sbi:
server:
- - address: 127.0.0.14
- port: 7777
+ - address: nssf.5gc.mnc001.mcc001.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.0.200:7777
nsi:
- - uri: http://127.0.0.10:7777
+ - uri: http://nrf.5gc.mnc001.mcc001.3gppnetwork.org
s_nssai:
sst: 1
################################################################################
```
AUSF, UDM and SMF shall use FQDN in the Home PLMN.
- Update ausf.yaml
```diff
$ diff --git a/configs/open5gs/ausf.yaml.in b/configs/open5gs/ausf.yaml.in
index cd272cd3f..3e1cb67eb 100644
--- a/configs/open5gs/ausf.yaml.in
+++ b/configs/open5gs/ausf.yaml.in
@@ -9,8 +9,7 @@ max:
ausf:
sbi:
server:
- - address: 127.0.0.11
- port: 7777
+ - address: ausf.5gc.mnc001.mcc001.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
- Update udm.yaml
```diff
$ diff --git a/configs/open5gs/udm.yaml.in b/configs/open5gs/udm.yaml.in
index ce650d5c2..ed756fc28 100644
--- a/configs/open5gs/udm.yaml.in
+++ b/configs/open5gs/udm.yaml.in
@@ -28,8 +28,7 @@ udm:
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
sbi:
server:
- - address: 127.0.0.12
- port: 7777
+ - address: udm.5gc.mnc001.mcc001.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
- Update smf.yaml
```diff
$ diff --git a/configs/open5gs/smf.yaml.in b/configs/open5gs/smf.yaml.in
index e47752393..b6cee9ff8 100644
--- a/configs/open5gs/smf.yaml.in
+++ b/configs/open5gs/smf.yaml.in
@@ -11,8 +11,7 @@ global:
smf:
sbi:
server:
- - address: 127.0.0.4
- port: 7777
+ - address: smf.5gc.mnc001.mcc001.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
AMF and UPF must use external IP addresses such as 10.10.2.x for communication between VM1 and VM3.
- Update amf.yaml
```diff
$ diff --git a/configs/open5gs/amf.yaml.in b/configs/open5gs/amf.yaml.in
index 938917e32..2f7822b46 100644
--- a/configs/open5gs/amf.yaml.in
+++ b/configs/open5gs/amf.yaml.in
@@ -18,27 +18,37 @@ amf:
- uri: http://127.0.0.200:7777
ngap:
server:
- - address: 127.0.0.5
+ - address: 10.10.2.5
metrics:
server:
- address: 127.0.0.5
port: 9090
- guami:
+ access_control:
- plmn_id:
mcc: 999
mnc: 70
+ - plmn_id:
+ mcc: 001
+ mnc: 01
+ - plmn_id:
+ mcc: 315
+ mnc: 010
+ guami:
+ - plmn_id:
+ mcc: 001
+ mnc: 01
amf_id:
region: 2
set: 1
tai:
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 001
+ mnc: 01
tac: 1
plmn_support:
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 001
+ mnc: 01
s_nssai:
- sst: 1
security:
```
- Update upf.yaml
```diff
$ diff --git a/configs/open5gs/upf.yaml.in b/configs/open5gs/upf.yaml.in
index e78b018f1..3032a06c6 100644
--- a/configs/open5gs/upf.yaml.in
+++ b/configs/open5gs/upf.yaml.in
@@ -15,7 +15,7 @@ upf:
# - address: 127.0.0.4
gtpu:
server:
- - address: 127.0.0.7
+ - address: 10.10.2.5
session:
- subnet: 10.45.0.1/16
- subnet: 2001:db8:cafe::1/48
```
Due to the absence of UDR in the visiting network, V-PCF uses locally configured policies. When the UE is located in the home PLMN (001/01), MongoDB is used. On the other hand, when the UE is located in the visiting PLMN (999/70, 315/010), locally configured policies are used. This is because there is no session management policy data for the UE in the visiting network, so locally configured information based on the roaming agreement is used.
- Update pcf.yaml
```diff
$ diff --git a/configs/open5gs/pcf.yaml.in b/configs/open5gs/pcf.yaml.in
index 4c5d103f9..c1526ff3a 100644
--- a/configs/open5gs/pcf.yaml.in
+++ b/configs/open5gs/pcf.yaml.in
@@ -23,6 +23,85 @@ pcf:
server:
- address: 127.0.0.13
port: 9090
+ policy:
+ - supi_range:
+ - 999700000000001-999709999999999
+ - 315010000000001-315010999999999
+ slice:
+ - sst: 1 # 1,2,3,4
+ default_indicator: true
+ session:
+ - name: internet
+ type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
+ ambr:
+ downlink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 1
+ unit: 3
+ qos:
+ index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ - name: ims
+ type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
+ ambr:
+ downlink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ qos:
+ index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ pcc_rule:
+ - qos:
+ index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ mbr:
+ downlink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ gbr:
+ downlink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ - qos:
+ index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 2 # 1: Disabled, 2:Enabled
+ mbr:
+ downlink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ gbr:
+ downlink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
################################################################################
# PCF Policy Configuration: UE Home PLMN and SUPI Range Based Policies
```
For now we will set up SEPP without using TLS.
- Create sepp.yaml
```bash
$ sh -c 'cat << EOF > ./install/etc/open5gs/sepp.yaml
logger:
file:
path: /home/acetcom/Documents/git/open5gs/install/var/log/open5gs/sepp.log
# level: info # fatal|error|warn|info(default)|debug|trace
max:
ue: 1024 # The number of UE can be increased depending on memory size.
# peer: 64
sepp:
sbi:
server:
- address: 127.0.0.250
port: 7777
client:
scp:
- uri: http://127.0.0.200:7777
n32:
server:
- sender: sepp2.localdomain
address: 10.10.2.251
port: 7777
n32f:
address: 10.10.2.252
port: 7777
client:
sepp:
- receiver: sepp1.localdomain
uri: http://10.10.1.251:7777
n32f:
uri: http://10.10.1.252:7777
- receiver: sepp3.localdomain
uri: http://10.10.3.251:7777
n32f:
uri: http://10.10.3.252:7777
EOF'
```
NFs requires root privileges as it uses reserved ports such as http (80) or https (443).
- Run NFs in VM2
```bash
$ sudo ./install/bin/open5gs-nrfd
$ sudo ./install/bin/open5gs-scpd
$ sudo ./install/bin/open5gs-seppd
$ sudo ./install/bin/open5gs-amfd
$ sudo ./install/bin/open5gs-smfd
$ sudo ./install/bin/open5gs-upfd
$ sudo ./install/bin/open5gs-ausfd
$ sudo ./install/bin/open5gs-udmd
$ sudo ./install/bin/open5gs-pcfd
$ sudo ./install/bin/open5gs-nssfd
$ sudo ./install/bin/open5gs-bsfd
$ sudo ./install/bin/open5gs-udrd
```
### Setting for VM3
- Edit /etc/hosts
```diff
$ diff -u hosts.old hosts.new
--- hosts.old 2025-07-19 07:02:44.813666212 +0900
+++ hosts.new 2025-07-19 07:04:14.598284689 +0900
@@ -1,6 +1,13 @@
127.0.0.1 localhost
127.0.1.1 open5gs
+127.0.3.10 nrf.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.11 ausf.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.12 udm.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.14 nssf.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.4 smf.5gc.mnc010.mcc315.3gppnetwork.org
+127.0.3.15 bsf.5gc.mnc010.mcc315.3gppnetwork.org
+
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
```
NRF shall follow TS23.003(28.3.2.3.2 Format of NRF FQDN) for routing.
- Update nrf.yaml
```diff
$ diff --git a/configs/open5gs/nrf.yaml.in b/configs/open5gs/nrf.yaml.in
index 3996b2bd9..ab708abd8 100644
--- a/configs/open5gs/nrf.yaml.in
+++ b/configs/open5gs/nrf.yaml.in
@@ -9,12 +9,11 @@ max:
nrf:
serving: # 5G roaming requires PLMN in NRF
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 315
+ mnc: 010
sbi:
server:
- - address: 127.0.0.10
- port: 7777
+ - address: nrf.5gc.mnc010.mcc315.3gppnetwork.org
################################################################################
# SBI Server
```
- Update scp.yaml
```diff
$ diff --git a/configs/open5gs/scp.yaml.in b/configs/open5gs/scp.yaml.in
index 9be6cdc93..eee7d3e3f 100644
--- a/configs/open5gs/scp.yaml.in
+++ b/configs/open5gs/scp.yaml.in
@@ -13,7 +13,7 @@ scp:
port: 7777
client:
nrf:
- - uri: http://127.0.0.10:7777
+ - uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
################################################################################
# SCP Info
```
- Update nssf.yaml
```diff
$ diff --git a/configs/open5gs/nssf.yaml.in b/configs/open5gs/nssf.yaml.in
index 015085f56..92ceb63b5 100644
--- a/configs/open5gs/nssf.yaml.in
+++ b/configs/open5gs/nssf.yaml.in
@@ -11,15 +11,14 @@ global:
nssf:
sbi:
server:
- - address: 127.0.0.14
- port: 7777
+ - address: nssf.5gc.mnc010.mcc315.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
scp:
- uri: http://127.0.0.200:7777
nsi:
- - uri: http://127.0.0.10:7777
+ - uri: http://nrf.5gc.mnc010.mcc315.3gppnetwork.org
s_nssai:
sst: 1
################################################################################
```
AUSF, UDM and SMF shall use FQDN in the Home PLMN.
- Update ausf.yaml
```diff
$ diff --git a/configs/open5gs/ausf.yaml.in b/configs/open5gs/ausf.yaml.in
index cd272cd3f..3e1cb67eb 100644
--- a/configs/open5gs/ausf.yaml.in
+++ b/configs/open5gs/ausf.yaml.in
@@ -9,8 +9,7 @@ max:
ausf:
sbi:
server:
- - address: 127.0.0.11
- port: 7777
+ - address: ausf.5gc.mnc010.mcc315.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
- Update udm.yaml
```diff
$ diff --git a/configs/open5gs/udm.yaml.in b/configs/open5gs/udm.yaml.in
index ce650d5c2..ed756fc28 100644
--- a/configs/open5gs/udm.yaml.in
+++ b/configs/open5gs/udm.yaml.in
@@ -28,8 +28,7 @@ udm:
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
sbi:
server:
- - address: 127.0.0.12
- port: 7777
+ - address: udm.5gc.mnc010.mcc315.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
- Update smf.yaml
```diff
$ diff --git a/configs/open5gs/smf.yaml.in b/configs/open5gs/smf.yaml.in
index e47752393..b6cee9ff8 100644
--- a/configs/open5gs/smf.yaml.in
+++ b/configs/open5gs/smf.yaml.in
@@ -11,8 +11,7 @@ global:
smf:
sbi:
server:
- - address: 127.0.0.4
- port: 7777
+ - address: smf.5gc.mnc010.mcc315.3gppnetwork.org
client:
# nrf:
# - uri: http://127.0.0.10:7777
```
AMF and UPF must use external IP addresses such as 10.10.3.x for communication between VM1 and VM2.
- Update amf.yaml
```diff
$ diff --git a/configs/open5gs/amf.yaml.in b/configs/open5gs/amf.yaml.in
index 938917e32..383489d13 100644
--- a/configs/open5gs/amf.yaml.in
+++ b/configs/open5gs/amf.yaml.in
@@ -18,27 +18,37 @@ amf:
- uri: http://127.0.0.200:7777
ngap:
server:
- - address: 127.0.0.5
+ - address: 10.10.3.5
metrics:
server:
- address: 127.0.0.5
port: 9090
- guami:
+ access_control:
- plmn_id:
mcc: 999
mnc: 70
+ - plmn_id:
+ mcc: 001
+ mnc: 01
+ - plmn_id:
+ mcc: 315
+ mnc: 010
+ guami:
+ - plmn_id:
+ mcc: 315
+ mnc: 010
amf_id:
region: 2
set: 1
tai:
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 315
+ mnc: 010
tac: 1
plmn_support:
- plmn_id:
- mcc: 999
- mnc: 70
+ mcc: 315
+ mnc: 010
s_nssai:
- sst: 1
security:
```
- Update upf.yaml
```diff
$ diff --git a/configs/open5gs/upf.yaml.in b/configs/open5gs/upf.yaml.in
index e78b018f1..3032a06c6 100644
--- a/configs/open5gs/upf.yaml.in
+++ b/configs/open5gs/upf.yaml.in
@@ -15,7 +15,7 @@ upf:
# - address: 127.0.0.4
gtpu:
server:
- - address: 127.0.0.7
+ - address: 10.10.3.5
session:
- subnet: 10.45.0.1/16
- subnet: 2001:db8:cafe::1/48
```
Due to the absence of UDR in the visiting network, V-PCF uses locally configured policies. When the UE is located in the home PLMN (315/010), MongoDB is used. On the other hand, when the UE is located in the visiting PLMN (999/70, 001/01), locally configured policies are used. This is because there is no session management policy data for the UE in the visiting network, so locally configured information based on the roaming agreement is used.
- Update pcf.yaml
```diff
$ diff --git a/configs/open5gs/pcf.yaml.in b/configs/open5gs/pcf.yaml.in
index 4c5d103f9..c1526ff3a 100644
--- a/configs/open5gs/pcf.yaml.in
+++ b/configs/open5gs/pcf.yaml.in
@@ -23,6 +23,85 @@ pcf:
server:
- address: 127.0.0.13
port: 9090
+ policy:
+ - supi_range:
+ - 999700000000001-999709999999999
+ - 001010000000001-001019999999999
+ slice:
+ - sst: 1 # 1,2,3,4
+ default_indicator: true
+ session:
+ - name: internet
+ type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
+ ambr:
+ downlink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 1
+ unit: 3
+ qos:
+ index: 9 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 8 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ - name: ims
+ type: 3 # 1:IPv4, 2:IPv6, 3:IPv4v6
+ ambr:
+ downlink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 1
+ unit: 3 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ qos:
+ index: 5 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ pcc_rule:
+ - qos:
+ index: 1 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 1 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 1 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 1 # 1: Disabled, 2:Enabled
+ mbr:
+ downlink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ gbr:
+ downlink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 82
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ - qos:
+ index: 2 # 1, 2, 3, 4, 65, 66, 67, 75, 71, 72, 73, 74, 76, 5, 6, 7, 8, 9, 69, 70, 79, 80, 82, 83, 84, 85, 86
+ arp:
+ priority_level: 4 # 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15
+ pre_emption_vulnerability: 2 # 1: Disabled, 2:Enabled
+ pre_emption_capability: 2 # 1: Disabled, 2:Enabled
+ mbr:
+ downlink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ gbr:
+ downlink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
+ uplink:
+ value: 802
+ unit: 1 # 0:bps, 1:Kbps, 2:Mbps, 3:Gbps, 4:Tbps
################################################################################
# PCF Policy Configuration: UE Home PLMN and SUPI Range Based Policies
```
NFs requires root privileges as it uses reserved ports such as http (80) or https (443).
- Run NFs in VM3
```bash
$ sudo ./install/bin/open5gs-nrfd
$ sudo ./install/bin/open5gs-scpd
$ sudo ./install/bin/open5gs-seppd
$ sudo ./install/bin/open5gs-amfd
$ sudo ./install/bin/open5gs-smfd
$ sudo ./install/bin/open5gs-upfd
$ sudo ./install/bin/open5gs-ausfd
$ sudo ./install/bin/open5gs-udmd
$ sudo ./install/bin/open5gs-pcfd
$ sudo ./install/bin/open5gs-nssfd
$ sudo ./install/bin/open5gs-bsfd
$ sudo ./install/bin/open5gs-udrd
```
## 3. Setting SEPP on VM1 to HTTPS scheme with TLS
Only N32 uses HTTPS with TLS, while other NFs use HTTP without TLS.
```diff
$ diff -u sepp.yaml.old sepp.yaml
--- sepp.yaml.old 2023-10-02 18:35:23.585643661 +0900
+++ sepp.yaml 2023-10-02 18:36:17.971104248 +0900
@@ -7,6 +7,13 @@
# peer: 64
sepp:
+ default:
+ tls:
+ server:
+ private_key: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.key
+ cert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.crt
+ client:
+ cacert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/ca.crt
sbi:
server:
- address: 127.0.0.250
@@ -17,18 +24,22 @@
n32:
server:
- sender: sepp1.localdomain
+ scheme: https
address: 10.10.1.251
- port: 7777
n32f:
+ scheme: https
address: 10.10.1.252
- port: 7777
client:
sepp:
- receiver: sepp2.localdomain
- uri: http://10.10.2.251:7777
+ uri: https://sepp2.localdomain
+ resolve: 10.10.2.251
n32f:
- uri: http://10.10.2.252:7777
+ uri: https://sepp2.localdomain
+ resolve: 10.10.2.252
- receiver: sepp3.localdomain
- uri: http://10.10.3.251:7777
+ uri: https://sepp3.localdomain
+ resolve: 10.10.3.251
n32f:
- uri: http://10.10.3.252:7777
+ uri: https://sepp3.localdomain
+ resolve: 10.10.3.252
```
Add client TLS verification to N32 interface
```diff
$ diff -u sepp.yaml.old sepp.yaml
--- sepp.yaml.old 2023-10-02 18:44:56.011099652 +0900
+++ sepp.yaml 2023-10-02 18:45:48.884662145 +0900
@@ -12,8 +12,12 @@
server:
private_key: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.key
cert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.crt
+ verify_client: true
+ verify_client_cacert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/ca.crt
client:
cacert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/ca.crt
+ client_private_key: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.key
+ client_cert: /home/acetcom/Documents/git/my/open5gs/build/configs/open5gs/tls/sepp1.crt
sbi:
server:
- address: 127.0.0.250
```
For more information, please refer to the [LINK](https://github.com/open5gs/open5gs/blob/main/configs/open5gs/sepp1.yaml.in).
Reference in a new issue View git blame Copy permalink