laforge submitted this change.

View Change


Approvals: laforge: Looks good to me, approved pespin: Looks good to me, but someone else must approve Jenkins Builder: Verified 
docs: add chapter operating

Change-Id: If4546fd98c470bcb29523bebae0ffa6bcf7f6cde
---
A docs/manuals/chapters/operating.adoc
M docs/manuals/osmoepdg-usermanual.adoc
2 files changed, 58 insertions(+), 0 deletions(-)

diff --git a/docs/manuals/chapters/operating.adoc b/docs/manuals/chapters/operating.adoc
new file mode 100644
index 0000000..70e978e
--- /dev/null
+++ b/docs/manuals/chapters/operating.adoc
@@ -0,0 +1,47 @@
+[[operating]]
+== Operating osmo-epdg
+
+The osmo-epdg requires to run on Linux.
+osmo-epdg has been tested and developed with Debian 12.
+Linux kernel and/or erlang/OTP from Debian 11 are known to cause problems.
+
+=== Linux requirements
+
+The osmo-epdg is using the following Linux subsystems:
+
+* nftables (soft)
+* IP policy routing (soft)
+* ESP user-plane (soft)
+* GTP user-plane (hard)
+
+Soft dependencies can be changed by configuration.
+Hard dependencies are required and can't be changed without code changes.
+
+The user-plane is configured in the default configuration to use nftables and
+policy routing to ensure the traffic from UEs will only flow between the GTP network
+interface and ESP encrypted tunnels.
+
+strongSwan will use the kernel ESP subsystem to encrypt, decrypt and route traffic.
+strongSwan can be configured to replace the kernel ESP subsystem with a user space
+imeplementation, which comes with a performance impact.
+
+osmo-epdg/erlang is using the GTP subsystem to de- and encapsulate. It only supports using
+the kernel subsystem.
+
+=== EPC requirements
+
+The osmo-epdg was tested and developed against open5gs and requires version 2.7.1 or newer.
+
+==== HSS
+
+When a UE connects it requests an APN via SWu. By default the UE will request
+the APN "ims". The subscriber entry must allow connections to the requested APN to succeed.
+
+==== PGW
+
+The osmo-epdg/erlang expects the PGW to support S2b and S6b.
+An UE will request attributes via IKEv2 which are translated into Additional PCO (APCO) in GTP on the S2b
+reference point. The PGW should support Additional PCO via S2b.
+open5gs supports Additional PCO since 2.7.1.
+
+osmo-epdg only supports S2b over GTP.
diff --git a/docs/manuals/osmoepdg-usermanual.adoc b/docs/manuals/osmoepdg-usermanual.adoc
index 05eb6b0..16473bc 100644
--- a/docs/manuals/osmoepdg-usermanual.adoc
+++ b/docs/manuals/osmoepdg-usermanual.adoc
@@ -12,3 +12,5 @@
 
 include::{srcdir}/chapters/strongswan.adoc[]
 include::{srcdir}/chapters/osmo-epdg.adoc[]
+
+include::{srcdir}/chapters/operating.adoc[]

To view, visit change 36822. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: erlang/osmo-epdg
Gerrit-Branch: master
Gerrit-Change-Id: If4546fd98c470bcb29523bebae0ffa6bcf7f6cde
Gerrit-Change-Number: 36822
Gerrit-PatchSet: 3
Gerrit-Owner: lynxis lazus <lynxis@fe80.eu>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: osmith <osmith@sysmocom.de>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>
Gerrit-MessageType: merged