Building a 5G Core Network with Open5GS and UERANSIM

Good afternoon, dear Khabrovites!

Today and in the following days, I will translate articles on the deployment of 5G network architecture for further study. The purpose of this article is to show that the most advanced technologies are available to everyone and that the future can be created with your own hands and not wait. I believe that the engineering staff in our country are talented people who can level the technological gap that we have missed over the past 30 years.

parting word

In this post, I will talk about deploying a 5G core network using Open5GS, which is an open source implementation of a basic 5G mobile network. To test the functionality of the 5G core network, I used UERANSIM, an open source 5G UE and RAN (gNodeB) simulator. All source codes/deployments associated with this post are available at gitlab. Please clone the repository. In this post, I installed Open5GS as a Linux daemon service. In the next post, I will cover installing Open5GS with Kubernets and Helm Charts.

5G architecture

The 5th generation mobile network (5G) is the new global wireless standard after 1G, 2G, 3G and 4G networks. 5G provides a new type of network designed to connect almost anyone and everything, including machines, objects, and devices. 5G wireless technology is designed to provide faster multi-Gbps peak data rates, ultra-low latency, greater reliability, greater network bandwidth, higher availability, and a more consistent user experience for more users. Higher performance and greater efficiency are empowering users and connecting new industries.

The 3GPP partnership project defines standards for 5G. 3GPP is a generic term for a number of standards organizations that develop protocols for mobile communications. According to 3GPP, the 5G (5GS) system will consist of three main components

1. User Equipment (UE)

2. 5G Radio Access Network (5G-RAN)

3. 5G Core Network (5GC)

UEs are 5G enabled devices (user equipment). 5G-RAN (also known as gNB) is a type of network infrastructure commonly used for mobile networks consisting of radio base stations with large antennas. The RAN wirelessly connects the user equipment to the core network. The 5G core network simplifies various network functions such as session management, authentication, policy control, data storage, etc. Several open source implementations of the 5G core network are available. Free5GC, Open5GS are the two most popular implementations of the 5G core network.

5G Core architecture

Unlike previous cellular networks, the 5G core network architecture is designed using network function virtualization and software-defined networking. Basically, the core 5G network is designed using a microservices-based design pattern. Various data services and 5GC requirements (also called network functions) are implemented as microservices. These microservices (network functions) will be deployed as native cloud applications. The basic 5G system consists of the following network functions (NF). These functions are divided into two main planes: the control plane and the user plane:

1. User plane Function (UPF)

2. Data network (DN), eg operator services, Internet access or 3rd party services

3. Core Access and Mobility Management Function (AMF)

4. Authentication Server Function (AUSF)

5. Session Management Function (SMF)

6. Network Slice Selection Function (NSSF)

7. Network Exposure Function (NEF)

8. NF Repository Function (NRF)

9. Policy Control Function (PCF)

10. Unified Data Management (UDM)

11. Application Function (AF)

The interaction of these services (with UE and 5G-RAN) and their respective interfaces are described in the following figure. When deploying the 5G core network, we basically deploy all these services in the cloud as a native cloud application.

Open5GS

Open5GS is an open source implementation of the core 5G mobile network. The ultimate goal of this project is to implement the 5G core network defined in the 3GPP release. It currently supports 3GPP Release 16 with 5G Core Provision (AMF, SMF+PGW-c, UPF+PGW-u, PCF, UDR, UDM, AUSF Network Functions, NRF) and Evolved Packet Core Network Functions (MME, SGW- c, SGW-u, HSS and PCRF).

UERANSIM

UERANSIM is an open source implementation of 5G UE and 5G RAN (gNodeB). In general terms, it can be thought of as a 5G mobile phone and a base station. From the UE/RAN point of view, there are 3 main interfaces:

1. management interface (between RAN and AMF)

2. user interface (between RAN and UPF)

3. air interface (between UE and RAN)

UERANSIM supports Open5GS and Free5GC 5G core networks. We can connect UERANSIM to one of these 5G Core networks and test the functionality.

5G Core Deployment

In this scenario, I deployed a 5G core network with Open5GS and modeled gNB/UE using UERANSIM. Open5GS is deployed on one server (IP 172.31.13.16) and UERANSIM is deployed on another server (IP 172.31.13.37). The deployment architecture is described in the following figure.

The following are the main steps to follow when deploying. If you are setting up this environment in the cloud (e.g. AWS, gGloud), be sure to open all TCP and SCTP ports between servers on the local network (gNB and AMF communication happens over SCTP).

1. Install Open5GS

Open5GS can be installed as a native Linux daemon service. It can also be deployed using Docker, Kubernetes and Helm Charts. I deployed it as my own Linux daemon service application. When it starts, the 5G network runs as Linux daemon services. Following is the method to install Open5GS on server1.

# install open5gs as daemon service
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository ppa:open5gs/latest
sudo apt update
sudo apt install open5gs

2. Setup Open5GS

I am deploying 5G Core and gNB on separate servers. So I need to configure the NGAP bind address for AMF (5G core running IP) and the GTPU bind address for UPF (5G core running IP). Then only gNB and UE will be able to connect to the core 5G network. If you’re running a gNB stack and 5G Core on the same server, you don’t need to make these changes. Below are the configurations I made. After making these settings, I restarted the AMF and UPF services.

# amf config file locates in /etc/open5gs/amf.yaml
# ngap addr configured to 5g core server ip
amf:
    sbi:
      - addr: 127.0.0.5
        port: 7777
    ngap:
      - addr: 172.31.10.16
     
---

# restart amf services
sudo systemctl restart open5gs-amfd

---

# amf logs can be found in /var/log/open5gs/amf.log
sudo tail -f /var/log/open5gs/amf.log

11/07 04:17:26.737: [amf] INFO: [Removed] Number of AMF-UEs is now 0 (../src/amf/context.c:1268)
11/07 04:17:26.738: [sctp] INFO: AMF terminate...done (../src/amf/app.c:42)
Open5GS daemon v2.3.6
11/07 04:17:26.762: [app] INFO: Configuration: '/etc/open5gs/amf.yaml' (../lib/app/ogs-init.c:129)
11/07 04:17:26.762: [app] INFO: File Logging: '/var/log/open5gs/amf.log' (../lib/app/ogs-init.c:132)
11/07 04:17:26.764: [sbi] INFO: nghttp2_server() [127.0.0.5]:7777 (../lib/sbi/nghttp2-server.c:144)
11/07 04:17:26.764: [amf] INFO: ngap_server() [172.31.10.16]:38412 (../src/amf/ngap-sctp.c:53)
11/07 04:17:26.764: [sctp] INFO: AMF initialize...done (../src/amf/app.c:33)
11/07 04:17:26.766: [amf] INFO: [9d83b430-3f81-41ec-9db3-4f03c19e0a68] NF registred [Heartbeat:10s] (../src/amf/nf-sm.c:198)

# upf config file locates in /etc/open5gs/upf.yaml
# gtpu addr configured to 5g core server ip
upf:
    pfcp:
      - addr: 127.0.0.7
    gtpu:
      - addr: 172.31.10.16
    subnet:
      - addr: 10.45.0.1/16
      - addr: 2001:230:cafe::1/48
      
---

# restart upf services
sudo systemctl restart open5gs-upfd

---

# upf logs can be found in /var/log/open5gs/upf.log
sudo tail -f /var/log/open5gs/upf.log

11/07 04:18:19.224: [app] INFO: SIGTERM received (../src/main.c:53)
11/07 04:18:19.224: [app] INFO: Open5GS daemon terminating... (../src/main.c:212)
11/07 04:18:19.225: [upf] INFO: PFCP de-associated (../src/upf/pfcp-sm.c:178)
11/07 04:18:19.225: [upf] INFO: [Removed] Number of UPF-sessions is now 0 (../src/upf/context.c:190)
11/07 04:18:19.226: [app] INFO: UPF terminate...done (../src/upf/app.c:39)
Open5GS daemon v2.3.6
11/07 04:18:19.243: [app] INFO: Configuration: '/etc/open5gs/upf.yaml' (../lib/app/ogs-init.c:129)
11/07 04:18:19.243: [app] INFO: File Logging: '/var/log/open5gs/upf.log' (../lib/app/ogs-init.c:132)
11/07 04:18:19.256: [pfcp] INFO: pfcp_server() [127.0.0.7]:8805 (../lib/pfcp/path.c:30)
11/07 04:18:19.256: [gtp] INFO: gtp_server() [172.31.10.16]:2152 (../lib/gtp/path.c:30)
11/07 04:18:19.257: [app] INFO: UPF initialize...done (../src/upf/app.c:31)
11/07 04:18:22.553: [pfcp] INFO: ogs_pfcp_connect() [127.0.0.4]:8805 (../lib/pfcp/path.c:59)
11/07 04:18:22.553: [upf] WARNING: cannot handle PFCP message type[1] (../src/upf/pfcp-sm.c:139)
11/07 04:18:25.054: [pfcp] WARNING: [5341] REMOTE Request Duplicated. Discard! for step 1 type 1 peer [127.0.0.4]:8805 (../lib/pfcp/xact.c:403)
11/07 04:18:27.557: [pfcp] WARNING: [5341] REMOTE Request Duplicated. Discard! for step 1 type 1 peer [127.0.0.4]:8805 (../lib/pfcp/xact.c:403)
11/07 04:18:30.060: [upf] INFO: PFCP associated (../src/upf/pfcp-sm.c:173)

3. NAT Port Forwarding

In order to bridge between 5G Core UPF and WAN (Internet), I need to enable IP forwarding and add a NAT rule to the IP tables. Below are the NAT port forwardings I did. Without this port, connection forwarding from 5G Core to the Internet would not work.

# nat port forwarding 
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
sudo systemctl stop ufw
sudo iptables -I FORWARD 1 -j ACCEPT

# if above setup not works try to manually create tun interface and do nat forwarding
sudo ip tuntap add name ogstun mode tun
sudo ip addr add 10.45.0.1/16 dev ogstun
sudo ip addr add 2001:230:cafe::1/48 dev ogstun
sudo ip link set ogstun up

4.Register UE Device

Next, I need to register the UE device on the 5G Core. Open5GS provides a WebUI application. I can register a UE device through WebUI connection. Below is the way how to do it.

# install nodejs
sudo apt update
sudo apt install curl
curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -
sudo apt install nodejs

# clone webui
git clone https://github.com/open5gs/open5gs.git

# run webui with npm
cd webui
npm run dev --host 0.0.0.0

# the web interface will start on
http://localhost:3000

# webui login credentials
username - admin
password - 1423

# add new subscriber
# the default device information can be found in open5gs config on UERANSIM
IMSI: 901700000000001
Subscriber Key: 465B5CE8B199B49FAA5F0A2EE238A6BC
USIM Type: OPc
Operator Key: E8ED289DEBA952E4283B54E88E6183CA

WebUI runs on port 3000 on server1. Connect to WebUI and log in with credentials admin/1423. Then add a new subscriber with IMSI: 901700000000001 and other default information.

5. Install UERANSIM

Then I installed UERANSIM on server2. Installation is done using a file available in the URANSIM repository. Following is the way to install UERANSIM.

# install cmake
# UERANSIM does not work with the apt version of cmake, that's why we need to install snap and the snap version of cmake:
sudo apt update 
sudo apt upgrade 
sudo apt install make g++ libsctp-dev lksctp-tools 
iproute2 sudo snap install cmake --classic

# install ueransim
git clone https://github.com/aligungr/UERANSIM
cd UERANSIM
make

6. Setup gNB

UERANSIM consists of two parts gNB and UE. The gNB configuration files related to Open5GS are located in URANSIM/config/open5gs-gnb.yaml. I need to configure linkIp, ngapIp, gtpIp and amfConfigs: address in config file. linkIp, ngapIp, gtpIp configured with IP address server2 (IP address of running UERANSIM server). amfConfigs: address is the IP address of server1 (the IP address of the running Open5GC server). gNB can be launched with the UERANSIM/build/nr-gnb script using the UERANSIM/config/open5gs-gnb.yaml configuration file.

# configure with server1 IP
linkIp: 172.31.13.37  # gNB's local IP address for Radio Link Simulation (Usually same with local IP)
ngapIp: 172.31.13.37  # gNB's local IP address for N2 Interface (Usually same with local IP)
gtpIp: 172.31.13.37   # gNB's local IP address for N3 Interface (Usually same with local IP)

# list of AMF address information
# configure with server2 IP
amfConfigs:
  - address: 172.31.10.16
    port: 38412
    
---

# start gnb with open5gc-gnb.yaml config file
./build/nr-gnb -c config/open5gs-gnb.yaml

# output
UERANSIM v3.2.4
[2021-11-07 04:39:11.240] [sctp] [info] Trying to establish SCTP connection... (172.31.10.16:38412)
[2021-11-07 04:39:11.243] [sctp] [info] SCTP connection established (172.31.10.16:38412)
[2021-11-07 04:39:11.244] [sctp] [debug] SCTP association setup ascId[4]
[2021-11-07 04:39:11.244] [ngap] [debug] Sending NG Setup Request
[2021-11-07 04:39:11.245] [ngap] [debug] NG Setup Response received
[2021-11-07 04:39:11.245] [ngap] [info] NG Setup procedure is successful

7. Setup UE

The UERANSIM UE configuration files related to Open5GS are located in UERANSIM/config/open5gs-ue.yaml. I need to set up a gnbSearchList with the IP address of server2 (the IP address of the running UERANSIM server). The UE can be started with the UERANSIM/build/nr-ue script using the UERANSIM/config/open5gs-ue.yaml configuration file. Another thing to note is that open5gs-ue.yaml defines UE device configurations. We used these configurations when registering a subscriber in the Open5GC 5G core via WebUI.

# ue device config
# IMSI number of the UE. IMSI = [MCC|MNC|MSISDN] (In total 15 digits)
supi: 'imsi-901700000000001'
# Mobile Country Code value of HPLMN
mcc: '901'
# Mobile Network Code value of HPLMN (2 or 3 digits)
mnc: '70'

# Permanent subscription key
key: '465B5CE8B199B49FAA5F0A2EE238A6BC'
# Operator code (OP or OPC) of the UE
op: 'E8ED289DEBA952E4283B54E88E6183CA'
# This value specifies the OP type and it can be either 'OP' or 'OPC'
opType: 'OPC'
# Authentication Management Field (AMF) value
amf: '8000'
# IMEI number of the device. It is used if no SUPI is provided
imei: '356938035643803'
# IMEISV number of the device. It is used if no SUPI and IMEI is provided
imeiSv: '4370816125816151'
# IMEISV number of the device. It is used if no SUPI and IMEI is provided
imeiSv: '4370816125816151'

---

# List of gNB IP addresses for Radio Link Simulation
# configure with server2 IP
gnbSearchList:
  - 172.31.13.37
  
---

# start gnb with open5gc-ue.yaml config file
sudo ./build/nr-ue -c config/open5gs-ue.yaml

# output
UERANSIM v3.2.4
[2021-11-07 04:50:08.323] [nas] [info] UE switches to state [MM-DEREGISTERED/PLMN-SEARCH]
[2021-11-07 04:50:08.323] [rrc] [debug] New signal detected for cell[1], total [1] cells in coverage
[2021-11-07 04:50:08.323] [nas] [info] Selected plmn[901/70]
[2021-11-07 04:50:08.323] [rrc] [info] Selected cell plmn[901/70] tac[1] category[SUITABLE]
[2021-11-07 04:50:08.323] [nas] [info] UE switches to state [MM-DEREGISTERED/PS]
[2021-11-07 04:50:08.323] [nas] [info] UE switches to state [MM-DEREGISTERED/NORMAL-SERVICE]
[2021-11-07 04:50:08.323] [nas] [debug] Initial registration required due to [MM-DEREG-NORMAL-SERVICE]
[2021-11-07 04:50:08.324] [nas] [debug] UAC access attempt is allowed for identity[0], category[MO_sig]
[2021-11-07 04:50:08.324] [nas] [debug] Sending Initial Registration
[2021-11-07 04:50:08.324] [nas] [info] UE switches to state [MM-REGISTER-INITIATED]
[2021-11-07 04:50:08.324] [rrc] [debug] Sending RRC Setup Request
[2021-11-07 04:50:08.325] [rrc] [info] RRC connection established
[2021-11-07 04:50:08.325] [rrc] [info] UE switches to state [RRC-CONNECTED]
[2021-11-07 04:50:08.325] [nas] [info] UE switches to state [CM-CONNECTED]
[2021-11-07 04:50:08.330] [nas] [debug] Authentication Request received
[2021-11-07 04:50:08.333] [nas] [debug] Security Mode Command received
[2021-11-07 04:50:08.333] [nas] [debug] Selected integrity[2] ciphering[0]
[2021-11-07 04:50:08.339] [nas] [debug] Registration accept received
[2021-11-07 04:50:08.339] [nas] [info] UE switches to state [MM-REGISTERED/NORMAL-SERVICE]
[2021-11-07 04:50:08.339] [nas] [debug] Sending Registration Complete
[2021-11-07 04:50:08.339] [nas] [info] Initial Registration is successful
[2021-11-07 04:50:08.339] [nas] [debug] Sending PDU Session Establishment Request
[2021-11-07 04:50:08.339] [nas] [debug] UAC access attempt is allowed for identity[0], category[MO_sig]
[2021-11-07 04:50:08.542] [nas] [debug] Configuration Update Command received
[2021-11-07 04:50:08.551] [nas] [debug] PDU Session Establishment Accept received
[2021-11-07 04:50:08.551] [nas] [info] PDU Session establishment is successful PSI[1]
[2021-11-07 04:50:08.560] [app] [info] Connection setup for PDU session[1] is successful, TUN interface[uesimtun0, 10.45.0.5] is up.

8. Test 5G Network

When the UERANSIM UE starts, it creates a PDU session and a TUN uesimtun0 network interface. You can find PDU session IP address and TUN address in UE logs (TUN interface [uesimtun0, 10.45.0.3]). We can use the UE’s internet connection from another application through this TUN interface. For example, if we use a simple curl command with interface uesimtun0 (e.g. curl –interface uesimtun0 “https://httpbin.org/get“), it will route the packet to the Internet through the Open5GC 5G core network, as shown in the following diagram.

In addition, UERANSIM provides the UERANSIM/build/nr-binder tool to bind external applications to the TUN interface. We can bind the uesimtun0 interface to almost any application using UERANSIM/build/nr-binder. Below is the way to use UERANSIM/build/nr-binder with various applications. I tested it with ping, curl, docker, python applications.

# ping command bind direcly to uesimtun0
ping -I uesimtun0 google.com

# curl command bind direcly to uesimtun0 
curl \
  --interface uesimtun0 \
  -X GET "https://httpbin.org/get"
  
--- 

# bind curl command via nr-binder
# nr-binder use pdu session ip
./nr-binder 10.45.0.3 curl -X GET "https://httpbin.org/get"

--- 

# run docker container via nr-binder
./nr-binder 10.45.0.3 docker run -d -p 9091:80 kennethreitz/httpbin

---

# bind python application via nr-binder
# request.pyt is simple python program which send http GET request
./nr-binder 10.45.0.3 python3 request.py

---

# bind shell scrip via nr-binder
# httpbin.sh is simple shell script which runs httpbin as docker container
./nr-binder 10.45.0.3 ./httpbin.sh

9. Image Streaming via 5G Core

In the configuration above, the UERANSIM UE TUN (uesimtun0) interface can only be accessed through a running UERANSIM machine. This means that we can only connect to the 5G core network from a running UERANSIM machine. In my scenario, I wanted to stream images to a TCP server (which is on the public internet) from an external client (which is outside of the URANSIM server) over the 5G core network. An example scenario would be streaming images from a VR device to a streaming server over a 5G core network. To achieve this setup, I implemented a workaround using a TCP proxy. Below is the installation architecture.

The UERANSIM service runs on a server with a public IP of 3.237.100.204. The image streaming service runs on a server with a public IP address of 100.27.44.103. I ran a TCP proxy on port 7654 inside server 3.237.100.204. The image streaming service runs on port 7654 on server 100.27.44.103. The TCP proxy redirects incoming packets from 3.237.100.204:7654 to 100.27.44.103:7654. I used the following docker command to start the TCP proxy.

# tcp proxy server forward the incoming traffic of port 7654 to 100.27.44.103:7654
docker run -d -it --rm -p 7654:7654 hpello/tcp-proxy 100.27.44.103 7654

This docker command is added to a shell script named tcp-proxy.sh and run with nr-binder. All TCP proxy service traffic then goes through the 5G core network.

# run tcp proxy server with nr-biner
# all traffic of tcp proxy server will goes through the 5g core
sudo ./nr-binder 10.45.0.13 ./tcp-proxy.sh

Below is a simple image streaming server written in Python. It listens on port 7654 and on incoming images stored in the called directory. I started streaming server with python3 command streamserver.py.

import socket
import time

s = socket.socket()
host = socket.gethostname()
port = 7654
s.bind((host, port))
s.listen(5)
while True:
    c, addr = s.accept()
    print('Got connection from', addr)

    # create image file
    n = 'out/' + str(int(time.time())) + '.png'
    f = open(n,'wb')

    # recive image
    l = c.recv(1024)
    while (l):
        f.write(l)
        l = c.recv(1024)
    f.close()
    print('Done Receiving')
    c.close()

Following is an image streaming client application written with Python. It reads the image from disk and sends streams to a TCP proxy running on server 3.237.100.204:7654. The proxy server then forwards the image streams to the image streaming server 100.27.44.103:7654 over the 5G core network. I started streaming client with python3 command stream-client.py.

import socket

# client socker
s = socket.socket()
host="3.237.100.204"
port = 7654
s.connect((host, port))

print('Connected to server')

# send image
f = open('hak.png','rb')
l = f.read(1024)
while (l):
    s.send(l)
    l = f.read(1024)
print('Sent image')

# image sent close connection
f.close()
s.close

Reference

1. https://www.rajarshipathak.com/2020/01/beginners-guide-for-5g-core-network-architecture.html

2. https://www.grandmetric.com/2017/06/05/5g-core-network-a-short-overview/

3. https://open5gs.org/open5gs/docs/guide/01-quickstart/

4. https://www.free5gc.org/installations/stage-3-sim-install/

5. https://nickvsnetworking.com/my-first-5g-core-open5gs-and-ueransim/

6. https://www.viavisolutions.com/en-us/5g-architecture

7. https://frontjang.info/entry/Open5GC-UERANSIM-%EC%9C%BC%EB%A1%9C-5G-%EB%84%A4%ED%8A%B8%EC%9B%8C%ED% 81%AC-%EA%B5%AC%EC%B6%95%ED%95%98%EA%B8%B0-1-%EA%B5%AC%EC%84%B1-%EB%B0%8F -%EC%84%A4%EC%B9%98