# # o Set OGS_LOG_INFO to all domain level # - If `level` is omitted, the default level is OGS_LOG_INFO) # - If `domain` is omitted, the all domain level is set from 'level' # (Default values are used, so no configuration is required) # # o Set OGS_LOG_ERROR to all domain level # - `level` can be set with none, fatal, error, warn, info, debug, trace # logger: # level: error # # o Set OGS_LOG_DEBUG to mme/emm domain level # logger: # level: debug # domain: mme,emm # # o Set OGS_LOG_TRACE to all domain level # logger: # level: trace # domain: core,sbi,ausf,event,tlv,mem,sock # logger: level: info # # o TLS enable/disable # sbi: # server|client: # no_tls: false|true # - false: (Default) Use TLS # - true: TLS disabled # # o Verification enable/disable # sbi: # server|client: # no_verify: false|true # - false: (Default) Verify the PEER # - true: Skip the verification step # # o Server-side does not use TLS # sbi: # server: # no_tls: true # # o Client-side skips the verification step # sbi: # client: # no_verify: true # key: /etc/open5gs/tls/amf.key # cert: /etc/open5gs/tls/amf.crt # # o Use the specified certificate while verifying the client # sbi: # server # cacert: /etc/open5gs/tls/ca.crt # # o Use the specified certificate while verifying the server # sbi: # client # cacert: /etc/open5gs/tls/ca.crt # sbi: server: no_tls: true cacert: /etc/open5gs/tls/ca.crt key: /etc/open5gs/tls/smf.key cert: /etc/open5gs/tls/smf.crt client: no_tls: true cacert: /etc/open5gs/tls/ca.crt key: /etc/open5gs/tls/smf.key cert: /etc/open5gs/tls/smf.crt # # # # o SBI Server(http://:80) # sbi: # server: # no_tls: true # smf: # sbi: # # o SBI Server(http://:7777) # sbi: # server: # no_tls: true # smf: # sbi: # - addr: # - 0.0.0.0 # - ::0 # port: 7777 # # o SBI Server(https://:443) # sbi: # server: # key: /etc/open5gs/tls/smf.key # cert: /etc/open5gs/tls/smf.crt # smf: # sbi: # # o SBI Server(https://127.0.0.4:443, https://[::1]:443) without verification # sbi: # server: # no_verify: true # key: /etc/open5gs/tls/smf.key # cert: /etc/open5gs/tls/smf.crt # smf: # sbi: # - addr: 127.0.0.4 # - addr: ::1 # # o SBI Server(https://smf.open5gs.org:443) # Use the specified certificate while verifying the client # # sbi: # server: # cacert: /etc/open5gs/tls/ca.crt # key: /etc/open5gs/tls/smf.key # cert: /etc/open5gs/tls/smf.crt # smf: # sbi: # - name: smf.open5gs.org # # o SBI Server(http://127.0.0.4:7777) # sbi: # server: # no_tls: true # smf: # sbi: # - addr: 127.0.0.4 # port: 7777 # # o SBI Server(http://:80) # sbi: # server: # no_tls: true # smf: # sbi: # - dev: eth0 # # o Provide custom SBI address to be advertised to NRF # sbi: # server: # no_tls: true # smf: # sbi: # - dev: eth0 # advertise: open5gs-smf.svc.local # # o Another example of advertising on NRF # sbi: # server: # no_tls: true # smf: # sbi: # - addr: localhost # advertise: # - 127.0.0.99 # - ::1 # # o SBI Option (Default) # - tcp_nodelay : true # - so_linger.l_onoff : false # # sbi: # server: # no_tls: true # smf: # sbi: # addr: 127.0.0.4 # option: # tcp_nodelay: false # so_linger: # l_onoff: true # l_linger: 10 # # # # # o NF Service Name(Default : all NF services available) # smf: # service_name: # # o NF Service Name(Only some NF services are available) # smf: # service_name: # - nsmf-pdusession # # # # o (Default) If you do not set Query Parameter as shown below, # # sbi: # server: # no_tls: true # smf: # sbi: # - addr: 127.0.0.4 # port: 7777 # # - 'service-names' is included. # # o Service-Names are not included # sbi: # server: # no_tls: true # smf: # sbi: # - addr: 127.0.0.4 # port: 7777 # discovery: # option: # no_service_names: false # # o To remove 'service-names' from URI query parameters in NS Discovery # no_service_names: true # # * For Indirect Communication with Delegated Discovery, # 'service-names' is always included in the URI query parameter. # * That is, 'no_service_names' has no effect. # # # # o (Default) If you do not set Delegated Discovery as shown below, # # sbi: # server: # no_tls: true # smf: # sbi: # - addr: 127.0.0.4 # port: 7777 # # - Use SCP if SCP avaiable. Otherwise NRF is used. # => App fails if both NRF and SCP are unavailable. # # sbi: # server: # no_tls: true # smf: # sbi: # - addr: 127.0.0.4 # port: 7777 # discovery: # delegated: auto # # o To use SCP always => App fails if no SCP available. # delegated: yes # # o Don't use SCP server => App fails if no NRF available. # delegated: no # # # # o PFCP Server(127.0.0.4:8805, ::1:8805) # smf: # pfcp: # - addr: 127.0.0.4 # - addr: ::1 # # o PFCP-U Server(127.0.0.1:2152, [::1]:2152) # smf: # pfcp: # name: localhost # # o PFCP Option (Default) # - so_bindtodevice : NULL # # smf: # pfcp: # addr: 127.0.0.4 # option: # so_bindtodevice: vrf-blue # # # # o GTP-C Server(127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123) # smf: # gtpc: # addr: # - 127.0.0.4 # - fd69:f21d:873c:fa::3 # # o On SMF, Same configuration # (127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123). # smf: # gtpc: # - addr: 127.0.0.4 # - addr: fd69:f21d:873c:fa::3 # # o GTP-C Option (Default) # - so_bindtodevice : NULL # # smf: # gtpc: # addr: 127.0.0.4 # option: # so_bindtodevice: vrf-blue # # > # # o GTP-U Server(127.0.0.4:2152, [::1]:2152) # smf: # gtpu: # - addr: 127.0.0.4 # - addr: ::1 # # o GTP-U Server(127.0.0.1:2152, [::1]:2152) # smf: # gtpu: # name: localhost # # o GTP-U Option (Default) # - so_bindtodevice : NULL # # smf: # gtpu: # addr: 127.0.0.4 # option: # so_bindtodevice: vrf-blue # # # # o Metrics Server(http://:9090) # smf: # metrics: # - addr: 0.0.0.0 # port: 9090 # # # # o IPv4 Pool # smf: # subnet: # addr: 10.45.0.1/16 # # o IPv4/IPv6 Pool # smf: # subnet: # - addr: 10.45.0.1/16 # - addr: 2001:db8:cafe::1/48 # # # o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48 # ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash. # # smf: # subnet: # - addr: 10.45.0.1/16 # dnn: internet # - addr: 2001:db8:cafe::1/48 # dnn: internet # - addr: 10.46.0.1/16 # dnn: ims # - addr: 2001:db8:babe::1/48 # dnn: ims # # o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16) # ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash. # # smf: # subnet: # - addr: 10.45.0.1/16 # dnn: internet # - addr: 10.46.0.1/16 # dnn: ims # - addr: 10.50.0.1/16 ## FALLBACK SUBNET # # o Pool Range Sample # smf: # subnet: # - addr: 10.45.0.1/24 # range: 10.45.0.100-10.45.0.200 # # smf: # subnet: # - addr: 10.45.0.1/24 # range: # - 10.45.0.5-10.45.0.50 # - 10.45.0.100- # # smf: # subnet: # - addr: 10.45.0.1/24 # range: # - -10.45.0.200 # - 10.45.0.210-10.45.0.220 # # smf: # subnet: # - addr: 10.45.0.1/16 # range: # - 10.45.0.100-10.45.0.200 # - 10.45.1.100-10.45.1.200 # - addr: 2001:db8:cafe::1/48 # range: # - 2001:db8:cafe:a0::0-2001:db8:cafe:b0::0 # - 2001:db8:cafe:c0::0-2001:db8:cafe:d0::0 # # # # o Primary/Secondary can be configured. Others are ignored. # # smf: # dns: # - 8.8.8.8 # - 8.8.4.4 # - 2001:4860:4860::8888 # - 2001:4860:4860::8844 # # # # o Provisioning a limit on the size of the packets sent by the MS # to avoid packet fragmentation in the backbone network # between the MS and the GGSN/PGW and/or across the (S)Gi reference point) # when some of the backbone links does not support # packets larger then 1500 octets # # # # o Proxy Call Session Control Function # # smf: # p-cscf: # - 127.0.0.1 # - ::1 # # # # o Gy interface parameters towards OCS. # o enabled: # o auto: Default. Use Gy only if OCS available among Diameter peers # o yes: Use Gy always; # reject subscribers if no OCS available among Diameter peers # o no: Don't use Gy interface if there is an OCS available # # smf: # ctf: # enabled: auto|yes|no # # # # 1. SMF sends SmfInfo(S-NSSAI, DNN, TAI) to the NRF # 2. NRF responds to AMF with SmfInfo during NF-Discovery. # 3. AMF selects SMF based on S-NSSAI, DNN and TAI in SmfInfo. # # Note that if there is no SmfInfo, any AMF can select this SMF. # # o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI # smf: # info: # - s_nssai: # - sst: 1 # dnn: # - internet # # o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims] # smf: # info: # - s_nssai: # - sst: 1 # sd: 009000 # dnn: # - internet # - ims # # o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1] # smf: # info: # - s_nssai: # - sst: 1 # dnn: # - internet # tai: # - plmn_id: # mcc: 999 # mnc: 70 # tac: 1 # # o If any of conditions below are met: # - S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1-9] # - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims] # - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40] # # smf: # info: # - s_nssai: # - sst: 1 # dnn: # - internet # tai: # - plmn_id: # mcc: 999 # mnc: 70 # range: # - 1-9 # - s_nssai: # - sst: 2 # sd: 000080 # dnn: # - internet # - ims # - s_nssai: # - sst: 4 # dnn: # - internet # tai: # - plmn_id: # mcc: 999 # mnc: 70 # range: # - 10-20 # - 30-40 # # o Complex Example # smf: # info: # - s_nssai: # - sst: 1 # dnn: # - internet # - sst: 1 # sd: 000080 # dnn: # - internet # - ims # - sst: 1 # sd: 009000 # dnn: # [internet, ims] # - sst: 2 # dnn: # - internet # - sst: 3 # sd: 123456 # dnn: # - internet # tai: # - plmn_id: # mcc: 999 # mnc: 70 # tac: [1, 2, 3] # - plmn_id: # mcc: 999 # mnc: 70 # tac: 4 # - plmn_id: # mcc: 999 # mnc: 70 # tac: # - 5 # - 6 # - plmn_id: # mcc: 999 # mnc: 70 # range: # - 100-200 # - 300-400 # - plmn_id: # mcc: 999 # mnc: 70 # range: # - 500-600 # - 700-800 # - 900-1000 # - s_nssai: # - sst: 4 # dnn: # - internet # tai: # - plmn_id: # mcc: 999 # mnc: 70 # tac: 99 # # # # According to 3GPP TS38.413 Section 9.3.1.27, # Security Indication IE may be instructed to 5G gNB. # # If you set the security_indication in smf.yaml, # this information is delivered using PDU Session Resource Request Transfer IE # # smf: # security_indication: # integrity_protection_indication: required|preferred|not-needed # confidentiality_protection_indication: required|preferred|not-needed # maximum_integrity_protected_data_rate_uplink: bitrate64kbs|maximum-UE-rate # maximum_integrity_protected_data_rate_downlink: bitrate64kbs|maximum-UE-rate # smf: sbi: - addr: 172.18.18.4 port: 7777 pfcp: - addr: 172.18.18.4 gtpc: - addr: 172.18.18.4 gtpu: - addr: 172.18.18.4 metrics: addr: 172.18.18.4 port: 9090 subnet: - addr: 10.45.0.1/16 dnn: internet - addr: cafe::1/64 dnn: internet dns: - 8.8.8.8 - 8.8.4.4 - 2001:4860:4860::8888 - 2001:4860:4860::8844 mtu: 1400 ctf: enabled: auto freeDiameter: /data/freeDiameter-smf.conf # # > # # o SBI Client(http://127.0.1.10:7777) # sbi: # client: # no_tls: true # scp: # sbi: # addr: 127.0.1.10 # port: 7777 # # o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification # sbi: # client: # no_verify: true # key: /etc/open5gs/tls/amf.key # cert: /etc/open5gs/tls/amf.crt # scp: # sbi: # - addr: 127.0.1.10 # - addr: ::1 # # o SBI Client(https://scp.open5gs.org:443) # Use the specified certificate while verifying the server # # sbi: # client: # cacert: /etc/open5gs/tls/ca.crt # key: /etc/open5gs/tls/amf.key # cert: /etc/open5gs/tls/amf.crt # scp: # sbi: # - name: scp.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) # If prefer_ipv4 is true, http://127.0.1.10:80 is selected. # # sbi: # client: # no_tls: true # scp: # sbi: # addr: # - 127.0.1.10 # - fd69:f21d:873c:fb::1 # # o SBI Option (Default) # - tcp_nodelay : true # - so_linger.l_onoff : false # # sbi: # client: # no_tls: true # scp: # sbi: # addr: 127.0.1.10 # option: # tcp_nodelay: false # so_linger: # l_onoff: true # l_linger: 10 # # scp: sbi: - addr: 127.0.1.10 port: 7777 # # > # # o SBI Client(http://127.0.0.10:7777) # sbi: # client: # no_tls: true # nrf: # sbi: # addr: 127.0.0.10 # port: 7777 # # o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification # sbi: # client: # no_verify: true # key: /etc/open5gs/tls/amf.key # cert: /etc/open5gs/tls/amf.crt # nrf: # sbi: # - addr: 127.0.0.10 # - addr: ::1 # # o SBI Client(https://nrf.open5gs.org:443) # Use the specified certificate while verifying the server # # sbi: # client: # cacert: /etc/open5gs/tls/ca.crt # key: /etc/open5gs/tls/amf.key # cert: /etc/open5gs/tls/amf.crt # nrf: # sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) # If prefer_ipv4 is true, http://127.0.0.10:80 is selected. # # sbi: # addr: # - 127.0.0.10 # - fd69:f21d:873c:fa::1 # # o SBI Option (Default) # - tcp_nodelay : true # - so_linger.l_onoff : false # # sbi: # client: # no_tls: true # nrf: # sbi: # addr: 127.0.0.10 # option: # tcp_nodelay: false # so_linger: # l_onoff: true # l_linger: 10 # nrf: sbi: - addr: - 172.18.18.10 port: 7777 # # > # # o PFCP Client(127.0.0.7:8805) # upf: # pfcp: # addr: 127.0.0.7 # # # # o Round-Robin # (note that round robin can be disabled for a particular node # by setting flag 'rr' to 0) # # upf: # pfcp: # - addr: 127.0.0.7 # - addr: 127.0.0.12 # rr: 0 # - addr: 127.0.0.19 # # o UPF selection by eNodeB TAC # (either single TAC or multiple TACs, DECIMAL representation) # # upf: # pfcp: # - addr: 127.0.0.7 # tac: 1 # - addr: 127.0.0.12 # tac: [3,5,8] # # o UPF selection by UE's DNN/APN (either single DNN/APN or multiple DNNs/APNs) # # upf: # pfcp: # - addr: 127.0.0.7 # dnn: ims # - addr: 127.0.0.12 # dnn: [internet, web] # # o UPF selection by CellID(e_cell_id: 28bit, nr_cell_id: 36bit) # (either single enb_id or multiple enb_ids, HEX representation) # # upf: # pfcp: # - addr: 127.0.0.7 # e_cell_id: 463 # - addr: 127.0.0.12 # nr_cell_id: [123456789, 9413] # upf: pfcp: - addr: 172.18.18.7 # # o Disable use of IPv4 addresses (only IPv6) # parameter: # no_ipv4: true # # o Disable use of IPv6 addresses (only IPv4) # parameter: # no_ipv6: true # # o Prefer IPv4 instead of IPv6 for estabishing new GTP connections. # parameter: # prefer_ipv4: true # # o Disable selection of UPF PFCP in Round-Robin manner # parameter: # no_pfcp_rr_select: true # # o Legacy support for pre-release LTE 11 devices # - Omits adding local address in packet filters for compatibility # parameter: # no_ipv4v6_local_addr_in_packet_filter: true # parameter: # # o Maximum Number of UE # max: # ue: 1024 # # o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI) # max: # peer: 64 # # o Maximum Number of GTP peer nodes per SGWC/SMF # max: # gtp_peer: 64 # max: # # o NF Instance Heartbeat (Default : 0) # NFs will not send heart-beat timer in NFProfile # NRF will send heart-beat timer in NFProfile # (Default values are used, so no configuration is required) # # o NF Instance Heartbeat (20 seconds) # NFs will send heart-beat timer (20 seconds) in NFProfile # NRF can change heart-beat timer in NFProfile # time: # nf_instance: # heartbeat: 20 # # o Message Wait Duration (Default : 10,000 ms = 10 seconds) # (Default values are used, so no configuration is required) # # o Message Wait Duration (3000 ms) # time: # message: # duration: 3000 # # o Handover Wait Duration (Default : 300 ms) # Time to wait for SMF to send # PFCP Session Modification Request(Remove Indirect Tunnel) to the UPF # after sending Nsmf_PDUSession_UpdateSMContext Response(hoState:COMPLETED) # (Default values are used, so no configuration is required) # # o Handover Wait Duration (500ms) # time: # handover: # duration: 500 time: