How much extra are you using with IPv6 on cellular?
Category Archives: 5G SA
SMS Transport Wars?
There’s old joke about standards that the great thing about standards there’s so many to choose from. SMS wasn’t there from the start of GSM, but within a year of the inception of 2G we had SMS, and we’ve had SMS, almost totally unchanged, ever since. In a recent Twitter exchange, I was asked, what’s … Continue reading SMS Transport Wars?
What’s the maximum speed for LTE and 5G?
What’s the biggest speed you can punch into the speed fields in LTE and 5G?
Huawei BTS3900 eNB Configuration
Setting up a BTS3900 for LTE from scratch using MML
BSF Addresses
How Binding Support Function addresses are found in LTE/5GC.
Will 5GC be used in Wireline Access? No. Here’s why.
WIll wireline and 5G Core converge?
An intro to GSMA TAP3 Files
Getting to know the GSMA’s TAP files, what’s in them, and how they’re used to bill roaming traffic.
Inside a 32×32 MIMO Antenna
A peek under the radome of 32×32 5G Active Antenna Unit
Filtering for 3GPP DNS in Wireshark
Filtering for 3gppnetwork.org domains in Wireshark to make your troubleshooting easier
The Surprisingly Complicated World of SMS: Apple iPhone MT SMS
Quirks and gotchas of working with SMS on IMS on iPhones.
Some thoughts on NRF Security in 5G Core
A look at attack vectors the NRF opens up in #5G Core networks, and the mitigations recommended by 3GPP.
If you like Pina Coladas, and service the control plane – Intro to NRF in 5GC
Looking for Love in the 5G Core?
Let’s look at our matchmaker – The Network Repository Function in 5G Core.
Backing up and Restoring Open5GS
How to backup and restore Open5Gs config between servers
GTP Extension Headers (PDU session user plane protocol) in 5GC
How GTP is extended in 5G Core Networks to support extra QoS functionality like Reflective QoS and Delay Indicators
Framed Routing in 5G
5GC includes native support for framed-routing.
Reflective QoS in 5G
A great new feature of #5G Core Networks is Reflective QoS – Where QoS of the traffic coming to a UE is reflected on the QoS coming out.
SMS in 5GC
The first SMS was sent in 1993, and all these years later as 5G rolls out, we’re still supporting it.
5G Online Charging with the Nchf_ConvergedCharging SBI
There’s no such thing as a free lunch, and 5G is the same – services running through a 5G Standalone core need to be billed. In 5G Core Networks, the SMF (Session Management Function) reaches out to the CHF (Charging Function) to perform online charging, via the Nchf_ConvergedCharging Service Based Interface (aka reference point). Like … Continue reading 5G Online Charging with the Nchf_ConvergedCharging SBI
EIR in 5G Networks (N5g-eir_EquipmentIdentityCheck)
A look at the Equipment Identity Register in 5G Core
Open5GS without NAT
While most users of Open5GS EPC will use NAT on the UPF / P-GW-U but you don’t have to.
While you can do NAT on the machine that hosts the PGW-U / UPF, you may find you want to do the NAT somewhere else in the network, like on a router, or something specifically for CG-NAT, or you may want to provide public addresses to your UEs, either way the default config assumes you want NAT, and in this post, we’ll cover setting up Open5GS EPC / 5GC without NAT on the P-GW-U / UPF.
Before we get started on that, let’s keep in mind what’s going to happen if we don’t have NAT in place,
Traffic originating from users on our network (UEs / Subscribers) will have the from IP Address set to that of the UE IP Pool set on the SMF / P-GW-C, or statically in our HSS.
This will be the IP address that’s sent as the IP Source for all traffic from the UE if we don’t have NAT enabled in our Core, so all external networks will see that as the IP Address for our UEs / Subscribers.
UE Generates packet Core Network transports GTP encapsulated traffic to P-GW-U / UPF UPF/P-GW-U routes the traffic to it’s default gateway
The above example shows the flow of a packet from UE with IP Address 10.145.0.1 sending something to 1.1.1.1.
This is all well and good for traffic originating from our 4G/5G network, but what about traffic destined to our 4G/5G core?
Well, the traffic path is backwards. This means that our router, and external networks, need to know how to reach the subnet containing our UEs. This means we’ve got to add static routes to point to the IP Address of the UPF / P-GW-U, so it can encapsulate the traffic and get the GTP encapsulated traffic to the UE / Subscriber.
For our example packet destined for 1.1.1.1, as that is a globally routable IP (Not an internal IP) the router will need to perform NAT Translation, but for internal traffic within the network (On the router) the static route on the router should be able to route traffic to the UE Subnets to the UPF / P-GW-U’s IP Address, so it can encapsulate the traffic and get the GTP encapsulated traffic to the UE / Subscriber.
Setting up static routes on your router is going to be different on what you use, in my case I’m using a Mikrotik in my lab, so here’s a screenshot from that showing the static route point at my UPF/P-GW-U. I’ve got BGP setup to share routes around, so all the neighboring routers will also have this information about how to reach the subscriber.

Next up we’ve got to setup IPtables on the server itself running our UPF/P-GW-U, to route traffic addressed to the UE and encapsulate it.
sudo ip route add 10.145.0.0/24 dev ogstun sudo echo 1 > /proc/sys/net/ipv4/ip_forward sudo iptables -A FORWARD -i ogstun -o osgtun -s 10.145.0.0/24 -d 0.0.0.0/0 -j ACCEPT
And that’s it, now traffic coming from UEs on our UPF/P-GW will leave the NIC with their source address set to the UE Address, and so long as your router is happily configured with those static routes, you’ll be set.
If you want access to the Internet, it then just becomes a matter of configuring traffic from that subnet on the router to be NATed out your external interface on the router, rather than performing the NAT on the machine.
In an upcoming post we’ll look at doing this with OSPF and BGP, so you don’t need to statically assign routes in your routers.