How Binding Support Function addresses are found in LTE/5GC.
Category Archives: EPC
Will 5GC be used in Wireline Access? No. Here’s why.
WIll wireline and 5G Core converge?
Getting to know the PCRF for traffic Policy, Rules & Rating
A look at the PCRF in EPC Networks, and the Charging Rules that lay at the heart of it all.
Diameter Routing Agents – Part 5 – AVP Transformations with FreeDiameter and Python in rt_pyform
Using FreeDiameter, Python and our newly released “rt_pyform” module to rewrite AVPs in your FreeDiameter based Diameter Routing Agent.
NB-IoT NIDD Basics
An overview of the who, how and why of Non-IP Data Deliver in NB-IoT cellular services.
Diameter Routing Agents – Part 5 – AVP Transformations
A look at why we’d want to apply translations to Diameter AVPs inside a Diameter Routing Agent
Diameter Routing Agents – Part 4 – Advanced FreeDiameter DRA Routing
Looking at overriding the default Diameter routing logic in FreeDiameter with rt_default
Diameter Routing Agents – Part 3 – Building a DRA with FreeDiameter
Using FreeDiameter as a DRA
Diameter Routing Agents (Why you need them, and how to build them) – Part 2 – Routing
Diving back into the world of Diameter Routing Agents with a look at the logic that defines how a DRA routes traffic from one place to another.
Diameter Routing Agents (Why you need them, and how to build them) – Part 1
Answer Question 1: Because they make things simpler and more flexible for your Diameter traffic.
Answer Question 2: With free software of course!
All about DRAs
But let’s dive a little deeper. Let’s look at the connection between an MME and an HSS (the S6a interface).
We configure the Diameter peers on MME1 and HSS01 so they know about each other and how to communicate, the link comes up and presto, away we go.
But we’re building networks here! N+1 redundancy and all that, so now we have two HSSes and two MMEs.
Okay, bit messy, but that’s okay…
But then our network grows to 10 MMEs, and 3 HSSes and you can probably see where this is going, but let’s drive the point home.
Now imagine once you’ve set all this up you need to do some maintenance work on HSS03, so need to shut down the Diameter peer on 10 different MMEs in order to isolate it and deisolate it.
The problem here is pretty evident, all those links are messy, cumbersome and they just don’t scale.
If you’re someone with a bit of networking experience (and let’s face it, you’re here after all), then you’re probably thinking “What if we just had a central system to route all the Diameter messages?”
An Agent that could Route Diameter, a Diameter Routing Agent perhaps…
By introducing a DRA we build Diameter peer links between each of our Diameter devices (MME / HSS, etc) and the DRA, rather than directly between each peer.
Then from the DRA we can route Diameter requests and responses between them.
Let’s go back to our 10x MME and 3x HSS network and see how it looks with a DRA instead.
Not only does this look better, but it makes our life operating the network a whole lot easier.
Each MME sends their S6a traffic to the DRA, which finds a healthy HSS from the 3 and sends the requests to it, and relays the responses as well.
We can do clever load balancing now as well.
Plus if a peer goes down, the DRA detects the failure and just routes to one of the others.
If we were to introduce a new HSS, we wouldn’t need to configure anything on the MMEs, just add HSS04 to the DRA and it’ll start getting traffic.
Plus from an operations standpoint, now if we want to to take an HSS offline for maintenance, we just shut down the link on the HSS and all HSS traffic will get routed to the other two HSS instances.
In our next post we’ll talk about the Routing part of the DRA, how the decisions are made and all the nuances, and then in the following post we’ll actually build a DRA and start routing some traffic around!
Filtering for 3GPP DNS in Wireshark
Filtering for 3gppnetwork.org domains in Wireshark to make your troubleshooting easier
FreeDiameter – Generating Certificates
Using OpenSSL to generate self-signed certs for use in FreeDiameter
CGrates in Baby Steps – Part 1
Getting started with CGrateS to bill for calls in a Telecom environment.
Evolved Packet Core – Analysis Challenge
Step right up folks and test your skills on EPC with this PCAP analysis challllleeennnggeee!
Lifecycle of a Dedicated Bearer – From Flow-Description AVP to Traffic Flow Templates
A look at how Dedicated Bearers get established for VoLTE.
Backing up and Restoring Open5GS
How to backup and restore Open5Gs config between servers
Jaffa Cakes explain the nuances between Centralized vs Decentralized Online Charging in 3GPP Networks
A look at Centralized vs DeCentralized Online Charging with the aid of sugar.
Basics of EPC/LTE Online Charging (OCS)
A glimpse into the complexities of prepaid billing (Online Charging) Diameter based networks.
Open5GS without NAT
While most users of Open5GS EPC will use NAT on the UPF / P-GW-U but you don’t have to.
While you can do NAT on the machine that hosts the PGW-U / UPF, you may find you want to do the NAT somewhere else in the network, like on a router, or something specifically for CG-NAT, or you may want to provide public addresses to your UEs, either way the default config assumes you want NAT, and in this post, we’ll cover setting up Open5GS EPC / 5GC without NAT on the P-GW-U / UPF.
Before we get started on that, let’s keep in mind what’s going to happen if we don’t have NAT in place,
Traffic originating from users on our network (UEs / Subscribers) will have the from IP Address set to that of the UE IP Pool set on the SMF / P-GW-C, or statically in our HSS.
This will be the IP address that’s sent as the IP Source for all traffic from the UE if we don’t have NAT enabled in our Core, so all external networks will see that as the IP Address for our UEs / Subscribers.
The above example shows the flow of a packet from UE with IP Address 10.145.0.1 sending something to 188.8.131.52.
This is all well and good for traffic originating from our 4G/5G network, but what about traffic destined to our 4G/5G core?
Well, the traffic path is backwards. This means that our router, and external networks, need to know how to reach the subnet containing our UEs. This means we’ve got to add static routes to point to the IP Address of the UPF / P-GW-U, so it can encapsulate the traffic and get the GTP encapsulated traffic to the UE / Subscriber.
For our example packet destined for 184.108.40.206, as that is a globally routable IP (Not an internal IP) the router will need to perform NAT Translation, but for internal traffic within the network (On the router) the static route on the router should be able to route traffic to the UE Subnets to the UPF / P-GW-U’s IP Address, so it can encapsulate the traffic and get the GTP encapsulated traffic to the UE / Subscriber.
Setting up static routes on your router is going to be different on what you use, in my case I’m using a Mikrotik in my lab, so here’s a screenshot from that showing the static route point at my UPF/P-GW-U. I’ve got BGP setup to share routes around, so all the neighboring routers will also have this information about how to reach the subscriber.
Next up we’ve got to setup IPtables on the server itself running our UPF/P-GW-U, to route traffic addressed to the UE and encapsulate it.
sudo ip route add 10.145.0.0/24 dev ogstun sudo echo 1 > /proc/sys/net/ipv4/ip_forward sudo iptables -A FORWARD -i ogstun -o osgtun -s 10.145.0.0/24 -d 0.0.0.0/0 -j ACCEPT
And that’s it, now traffic coming from UEs on our UPF/P-GW will leave the NIC with their source address set to the UE Address, and so long as your router is happily configured with those static routes, you’ll be set.
If you want access to the Internet, it then just becomes a matter of configuring traffic from that subnet on the router to be NATed out your external interface on the router, rather than performing the NAT on the machine.
In an upcoming post we’ll look at doing this with OSPF and BGP, so you don’t need to statically assign routes in your routers.
Diameter – Insert Subscriber Data Request / Response
A look at how the HSS can update the profile of an already in-use subscription using Insert Subscriber Data Request/Response.