Fwd: Open5GS Traffic Accounting
laforge at osmocom.org
Wed Mar 11 16:00:03 UTC 2020
On Tue, Mar 10, 2020 at 08:15:01PM -0300, Romeu Medeiros wrote:
> I was thinking about one way to generate traffic accounting from the LTE
> users of the Open5GS.
> I'm rearching something using the iptables (in Linux),
Please don't. iptables is mroe than 20 years old by now, and for any
new development you should consider using nftables. It is much more powerful,
efficient nad also (contrary to iptables) has nice library API by which rules
can be installed from programs without fork+exec of an "iptables" binary with
command line arguments.
In Debian 10 (and presumably other distributions) nftables is alredy the default.
Based on the fact that there's an iptables compatibility layer on top, you may
not even know that.
The fundamental question is whether or not you want to do this in the external
packet filter of the OS or inside the PGW itself. I would argue for the latter,
> The bad from this idea is that this code only will work correctly in a
> Linux box.
that, and also because the open5gs PGW already contains a (stripped
down) BSD firewall code base if you want to do filtering or the like.
In general, the question is what kind of throughput in terms of
bandwidth and pps you are looking for. Implementing GTP-U encap/decap,
accounting, filtering etc. inside a userspace process behind RAW sockets
and a tun device is not going to scale very far. For a single-eNB lab
setup: Fine. But do you need accounting there?
For anything bigger, I would consider looking at other P-GW
implementations out there, such as ergw or the OMEC implementation.
They both do CUPS (control / user plane split) and have DPDK and/or VPP
accelerated user plane implementations. Given they talk standard GTP,
you should be able to inter-operate them with open5gs.
- Harald Welte <laforge at osmocom.org> http://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
More information about the nextepc