September 2022 - gerrit-log - lists.osmocom.org

Change in osmo-upf[master]: manual: add 'Configure Primary Links'

by neels

neels has submitted this change. ( https://gerrit.osmocom.org/c/osmo-upf/+/29385 ) Change subject: manual: add 'Configure Primary Links' ...................................................................... manual: add 'Configure Primary Links' Add section 'Configure Primary Links' with detailed explanation of the GTP and netfilter setup. Related: SYS#5599 Change-Id: I2378d4856b28e81dae2a85e20aaf2999768de4d9 --- M doc/manuals/chapters/running.adoc A doc/manuals/chapters/upf_gtp_roles.dot 2 files changed, 150 insertions(+), 0 deletions(-) Approvals: Jenkins Builder: Verified laforge: Looks good to me, but someone else must approve fixeria: Looks good to me, approved diff --git a/doc/manuals/chapters/running.adoc b/doc/manuals/chapters/running.adoc index 6a6afd4..0459541 100644 --- a/doc/manuals/chapters/running.adoc +++ b/doc/manuals/chapters/running.adoc @@ -49,3 +49,122 @@ For GTP encapsulation/decapsulation and GTP tunnel relaying, osmo-upf depends on the IP addresses configured at the Linux kernel GTP module, and the IP addresses negotiated within PFCP by the control plane function. + +If multiple `osmo-upf` processes are running on the same Linux kernel, each +`osmo-upf` needs to be configured with a distinct netfilter table name, so that +naming of individual tunnel rulesets does not collide: + +---- +nft + table-name osmo-upf-2 +---- + +=== Configuring Primary Links + +==== Configure PFCP Server + +The following example configures OsmoUPF to listen for PFCP association requests +from Control Plane Function entities on local interface 10.9.8.7, port 8805: + +---- +pfcp + local-addr 10.9.8.7 +---- + +3GPP TS 29.244 4.2.2 specifies that PFCP Request messages shall be sent to UDP +port 8805, i.e. the PFCP port is fixed as 8805 and currently not configurable in +osmo-upf. + +Setting a 'local-addr' is required: the PFCP protocol features a Node ID, which +uniquely identifies PFCP peers across different interfaces. According to the +PFCP specification, the Node ID can be a fully-qualified domain name (FQDN) or +an IP address. Currently, osmo-upf has no support for using an FQDN as Node +ID, and so far uses the 'local-addr' as local Node ID -- hence the 'local-addr' +must not be "0.0.0.0", which is an unfortunate consequence. This is likely to +improve in the future, see https://osmocom.org/issues/5682 . + +==== Configure Linux Kernel GTP Features + +OsmoUPF uses two distinct Linux kernel features: + +* The GTP module is used for GTP encapsulation/decapsulation from/to + "the internet". + +* The netfilter module is used for GTP tunnel proxying, also known as + tunnel forwarding or tunnel mapping. + +.Linux kernel feature usage +[graphviz] +---- +include::upf_gtp_roles.dot[] +---- + +GTP kernel module configuration can be omitted for sites that serve only as GTP +forwarding proxy, without encapsulation/decapsulation of GTP payloads. + +[[gtp_module]] +===== Configure Linux Kernel GTP Module + +The Linux kernel GTP module is used for GTP encapsulation/decapsulation from/to +"the internet". + +To use the GTP kernel module, OsmoUPF requires a GTP device, which is a +dedicated network device provided by the Linux kernel, serving as GTP tunnel +endpoint. It is typically named like "apn0". + +`osmo-upf` can either create a GTP device on startup, or use a pre-existing GTP +device. To en/decapsulate GTP, the APN device needs to be assigned an IP address +range that matches the UE IP addresses that are configured in GTP-C / PFCP. + +The following configuration placed in `osmo-upf.cfg` creates a GTP device called +`apn23` on startup, which is also destroyed on program exit: + +---- +gtp + dev create apn23 +---- + +TODO:: `osmo-upf` is not yet able to configure this network device's IP address +range, MTU etc. + +The following configuration placed in `osmo-upf.cfg` uses a pre-existing device +called `apn42`: + +---- +gtp + dev use apn42 +---- + +GTP kernel devices can be managed manually using the `gtp-link` program +available from the 'libgtpnl' project: + +---- +# gtp-link add apn42 +(keep this process running) +# ip addr add dev apn42 192.168.42.1/24 + +$ osmo-upf -c osmo-upf.cfg +---- + +NOTE:: It is possible to configure multiple GTP devices in `osmo-upf.cfg`, but +`osmo-upf` currently _only uses the first GTP device_ found in the +configuration. In the future, different devices may be used based on the Network +Instance IE passed in the PFCP Session messages (PDR/FAR). Until then, it makes +little sense to configure more than one GTP device. + +[[nftables]] +===== Configure Linux netfilter + +The Linux kernel netfilter module is used for GTP tunnel proxying, also known as +tunnel forwarding or tunnel mapping. + +Using the netfilter module usually requires no configuration in `osmo-upf.cfg`. + +`osmo-upf` creates a new netfilter table, under which it submits rule sets for +GTP tunnel proxying. This table name defaults to `osmo-upf`. A custom table name +can be configured in `osmo-upf.cfg` like this: + +---- +nft + table-name my-table-name +---- diff --git a/doc/manuals/chapters/upf_gtp_roles.dot b/doc/manuals/chapters/upf_gtp_roles.dot new file mode 100644 index 0000000..12dd171 --- /dev/null +++ b/doc/manuals/chapters/upf_gtp_roles.dot @@ -0,0 +1,31 @@ +digraph G { +rankdir=LR +sgsn [label="SGSN"] + +subgraph cluster_sgw { + style=invisible + sgwc [label="SGW-C"] + sgwu [label="OsmoUPF as SGW-U\ntunnel proxy\n*netfilter* kernel module",style=bold,shape=box] + sgwc -> sgwu [label="PFCP",constraint=false] +} + +subgraph cluster_pgw { + style=invisible + pgwc [label="PGW-C"] + pgwu [label="OsmoUPF as PGW-U\ntunnel proxy\n*netfilter* kernel module",style=bold,shape=box] + pgwc -> pgwu [label="PFCP",constraint=false] +} + +subgraph cluster_tdf { + style=invisible + tdfc [label="TDF-C"] + tdfu [label="OsmoUPF as TDF-U\ntunnel en-/decaps\n*GTP* kernel module",style=bold,shape=box] + tdfc -> tdfu [label="PFCP",constraint=false] +} + +pdn [label="PDN\n'the internet'"] + +sgsn -> sgwc -> pgwc -> tdfc [label="GTP-C"] +sgsn -> sgwu -> pgwu -> tdfu [label="GTP-U",dir=both] +tdfu -> pdn [label="IP",dir=both] +} -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/29385 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I2378d4856b28e81dae2a85e20aaf2999768de4d9 Gerrit-Change-Number: 29385 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: merged

2 years, 9 months

1
0
0 0

Change in osmo-upf[master]: vty doc: indicate default nft table name

by neels

neels has submitted this change. ( https://gerrit.osmocom.org/c/osmo-upf/+/29384 ) Change subject: vty doc: indicate default nft table name ...................................................................... vty doc: indicate default nft table name Change-Id: I79b4d287cae47c37b45a35904f298e57120a65f0 --- M src/osmo-upf/upf_vty.c 1 file changed, 2 insertions(+), 1 deletion(-) Approvals: Jenkins Builder: Verified laforge: Looks good to me, but someone else must approve fixeria: Looks good to me, but someone else must approve neels: Looks good to me, approved diff --git a/src/osmo-upf/upf_vty.c b/src/osmo-upf/upf_vty.c index 5227dba..cfc65ea 100644 --- a/src/osmo-upf/upf_vty.c +++ b/src/osmo-upf/upf_vty.c @@ -238,7 +238,8 @@ "table-name TABLE_NAME", "Set the nft inet table name to create and place GTP tunnel forwarding chains in" " (as in 'nft add table inet foo'). If multiple instances of osmo-upf are running on the same system, each" - " osmo-upf must have its own table name. Otherwise the names of created forwarding chains will collide.\n" + " osmo-upf must have its own table name. Otherwise the names of created forwarding chains will collide." + " The default table name is \"osmo-upf\".\n" "nft inet table name\n") { osmo_talloc_replace_string(g_upf, &g_upf->nft.table_name, argv[0]); -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/29384 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I79b4d287cae47c37b45a35904f298e57120a65f0 Gerrit-Change-Number: 29384 Gerrit-PatchSet: 2 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: merged

2 years, 9 months

1
0
0 0

Change in osmo-upf[master]: manual: add/fix running.adoc

by neels

neels has submitted this change. ( https://gerrit.osmocom.org/c/osmo-upf/+/29383 ) Change subject: manual: add/fix running.adoc ...................................................................... manual: add/fix running.adoc Actually add running.adoc to osmoupf-usermanual.adoc so that the chapter shows in the generated PDF. Related: SYS#5599 Change-Id: I1ae668ff75882e7ac55dd5b27566a68c449bdee5 --- M doc/manuals/osmoupf-usermanual.adoc 1 file changed, 2 insertions(+), 0 deletions(-) Approvals: Jenkins Builder: Verified laforge: Looks good to me, approved fixeria: Looks good to me, approved diff --git a/doc/manuals/osmoupf-usermanual.adoc b/doc/manuals/osmoupf-usermanual.adoc index eace4dd..0e0e7b7 100644 --- a/doc/manuals/osmoupf-usermanual.adoc +++ b/doc/manuals/osmoupf-usermanual.adoc @@ -9,6 +9,8 @@ include::{srcdir}/chapters/overview.adoc[] +include::{srcdir}/chapters/running.adoc[] + include::./common/chapters/vty.adoc[] include::./common/chapters/logging.adoc[] -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/29383 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I1ae668ff75882e7ac55dd5b27566a68c449bdee5 Gerrit-Change-Number: 29383 Gerrit-PatchSet: 2 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-MessageType: merged

2 years, 9 months

1
0
0 0

Change in osmo-upf[master]: vty doc: indicate default nft table name

by neels

Attention is currently required from: fixeria. neels has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-upf/+/29384 ) Change subject: vty doc: indicate default nft table name ...................................................................... Patch Set 2: Code-Review+2 (1 comment) Patchset: PS2: combine votes -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/29384 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I79b4d287cae47c37b45a35904f298e57120a65f0 Gerrit-Change-Number: 29384 Gerrit-PatchSet: 2 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Comment-Date: Mon, 19 Sep 2022 10:10:49 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

2 years, 9 months

1
0
0 0

Change in osmo-upf[master]: vty doc: indicate default nft table name

by neels

Attention is currently required from: fixeria. neels has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-upf/+/29384 ) Change subject: vty doc: indicate default nft table name ...................................................................... Patch Set 2: (1 comment) File src/osmo-upf/upf_vty.c: https://gerrit.osmocom.org/c/osmo-upf/+/29384/comment/669f951d_af3c6f42 PS2, Line 239: "Set the nft inet table name to create and place GTP tunnel forwarding chains in" > IMO, the interactive VTY help is not the right place for such a verbose explanation. […] The VTY actually is a *good* place for verbose explanation: The explanations written here are placed in the vty-reference PDF, where there is unlimited space; the more concise information written in the VTY reference document, the better. On the live telnet vty prompt, long explanations are nicely structured with line breaks; The doc is only shown on explicit user request. No reason to be brief. So here, also, complete explanations are a good thing. My general opinion is that there should be a lot more verbose explanations in the vty doc. -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/29384 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I79b4d287cae47c37b45a35904f298e57120a65f0 Gerrit-Change-Number: 29384 Gerrit-PatchSet: 2 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Attention: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Comment-Date: Mon, 19 Sep 2022 10:10:40 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-MessageType: comment

2 years, 9 months

1
0
0 0

Change in libosmo-abis[master]: ipaccess: Call line->ops->sign_link_down() only if set

by osmith

Attention is currently required from: pespin. osmith has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmo-abis/+/29371 ) Change subject: ipaccess: Call line->ops->sign_link_down() only if set ...................................................................... Patch Set 3: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/c/libosmo-abis/+/29371 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-abis Gerrit-Branch: master Gerrit-Change-Id: I666c5bbf157fe604e336df44f7eac098572d42ba Gerrit-Change-Number: 29371 Gerrit-PatchSet: 3 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Comment-Date: Mon, 19 Sep 2022 10:03:59 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

2 years, 9 months

1
0
0 0

Change in libosmo-abis[master]: ipaccess_close(): No need to lookup already available struct e1i_ts

by osmith

Attention is currently required from: pespin. osmith has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmo-abis/+/29370 ) Change subject: ipaccess_close(): No need to lookup already available struct e1i_ts ...................................................................... Patch Set 3: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/libosmo-abis/+/29370 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-abis Gerrit-Branch: master Gerrit-Change-Id: I54a69cad5adc3df3f95dd51e00ea68bb04ba9963 Gerrit-Change-Number: 29370 Gerrit-PatchSet: 3 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Comment-Date: Mon, 19 Sep 2022 10:03:35 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

2 years, 9 months

1
0
0 0

Change in libosmo-abis[master]: e1inp_line_ipa_rsl_ts(): Return null instead of reading out of bounds

by osmith

Attention is currently required from: pespin. osmith has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmo-abis/+/29369 ) Change subject: e1inp_line_ipa_rsl_ts(): Return null instead of reading out of bounds ...................................................................... Patch Set 2: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/libosmo-abis/+/29369 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-abis Gerrit-Branch: master Gerrit-Change-Id: Ic382ab509e4541124f36df153e4b247d9cba35c5 Gerrit-Change-Number: 29369 Gerrit-PatchSet: 2 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Comment-Date: Mon, 19 Sep 2022 10:02:25 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

2 years, 9 months

1
0
0 0

Change in libosmo-abis[master]: ipa: Allow users closing lower layer tcp/ipa connections

by osmith

Attention is currently required from: pespin, daniel. osmith has posted comments on this change. ( https://gerrit.osmocom.org/c/libosmo-abis/+/29365 ) Change subject: ipa: Allow users closing lower layer tcp/ipa connections ...................................................................... Patch Set 2: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/libosmo-abis/+/29365 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: libosmo-abis Gerrit-Branch: master Gerrit-Change-Id: Ia6418321f3b6f1f7274efd414625a4b10a09a362 Gerrit-Change-Number: 29365 Gerrit-PatchSet: 2 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Attention: daniel <dwillmann(a)sysmocom.de> Gerrit-Comment-Date: Mon, 19 Sep 2022 10:01:15 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment

2 years, 9 months

1
0
0 0

Change in osmo-hlr[master]: Debian: add osmocom user during package install

by osmith

Attention is currently required from: laforge, fixeria, msuraev. osmith has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-hlr/+/29311 ) Change subject: Debian: add osmocom user during package install ...................................................................... Patch Set 7: (1 comment) File debian/postinst: https://gerrit.osmocom.org/c/osmo-hlr/+/29311/comment/7ff6a46c_a093cee0 PS7, Line 9: # install. > as you mentioned in the issue, this also need to be added to the rpm spec or else the systemd file t […] ...and also to OE as you mentioned. probably here: https://gitea.osmocom.org/cellular-infrastructure/meta-telephony/src/branch… I wonder if maybe it's more elegant to just use the systemd service to create a user and change permissions of the related files, instead of doing this in post-upgrade scripts. Looks like this might be possible with ReadWritePaths= and DynamicUser=? But we would need to make sure that all options used are present in the (older) systemd versions that are on Debian 10 and in the 201705 OE we use. -- To view, visit https://gerrit.osmocom.org/c/osmo-hlr/+/29311 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-hlr Gerrit-Branch: master Gerrit-Change-Id: I625c993ab03dfe32976c651acca9c35c33a768e7 Gerrit-Change-Number: 29311 Gerrit-PatchSet: 7 Gerrit-Owner: msuraev <msuraev(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Attention: laforge <laforge(a)osmocom.org> Gerrit-Attention: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Attention: msuraev <msuraev(a)sysmocom.de> Gerrit-Comment-Date: Mon, 19 Sep 2022 09:43:23 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: osmith <osmith(a)sysmocom.de> Gerrit-MessageType: comment

2 years, 9 months

1
0
0 0

2025

2024

2023

2022

gerrit-log September 2022