docker-playground/ttcn3-ggsn-test/ogs/open5gs-smf.yaml

888 lines
19 KiB
YAML

#
# o Set OGS_LOG_INFO to all domain level
# - If `level` is omitted, the default level is OGS_LOG_INFO)
# - If `domain` is omitted, the all domain level is set from 'level'
# (Default values are used, so no configuration is required)
#
# o Set OGS_LOG_ERROR to all domain level
# - `level` can be set with none, fatal, error, warn, info, debug, trace
# logger:
# level: error
#
# o Set OGS_LOG_DEBUG to mme/emm domain level
# logger:
# level: debug
# domain: mme,emm
#
# o Set OGS_LOG_TRACE to all domain level
# logger:
# level: trace
# domain: core,sbi,ausf,event,tlv,mem,sock
#
logger:
level: info
#
# o TLS enable/disable
# sbi:
# server|client:
# no_tls: false|true
# - false: (Default) Use TLS
# - true: TLS disabled
#
# o Verification enable/disable
# sbi:
# server|client:
# no_verify: false|true
# - false: (Default) Verify the PEER
# - true: Skip the verification step
#
# o Server-side does not use TLS
# sbi:
# server:
# no_tls: true
#
# o Client-side skips the verification step
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
#
# o Use the specified certificate while verifying the client
# sbi:
# server
# cacert: /etc/open5gs/tls/ca.crt
#
# o Use the specified certificate while verifying the server
# sbi:
# client
# cacert: /etc/open5gs/tls/ca.crt
#
sbi:
server:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/smf.key
cert: /etc/open5gs/tls/smf.crt
client:
no_tls: true
cacert: /etc/open5gs/tls/ca.crt
key: /etc/open5gs/tls/smf.key
cert: /etc/open5gs/tls/smf.crt
#
# <SBI Server>
#
# o SBI Server(http://<all address available>:80)
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
#
# o SBI Server(http://<any address>:7777)
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr:
# - 0.0.0.0
# - ::0
# port: 7777
#
# o SBI Server(https://<all address available>:443)
# sbi:
# server:
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# smf:
# sbi:
#
# o SBI Server(https://127.0.0.4:443, https://[::1]:443) without verification
# sbi:
# server:
# no_verify: true
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# smf:
# sbi:
# - addr: 127.0.0.4
# - addr: ::1
#
# o SBI Server(https://smf.open5gs.org:443)
# Use the specified certificate while verifying the client
#
# sbi:
# server:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/smf.key
# cert: /etc/open5gs/tls/smf.crt
# smf:
# sbi:
# - name: smf.open5gs.org
#
# o SBI Server(http://127.0.0.4:7777)
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
#
# o SBI Server(http://<eth0 IP address>:80)
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - dev: eth0
#
# o Provide custom SBI address to be advertised to NRF
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - dev: eth0
# advertise: open5gs-smf.svc.local
#
# o Another example of advertising on NRF
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: localhost
# advertise:
# - 127.0.0.99
# - ::1
#
# o SBI Option (Default)
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# addr: 127.0.0.4
# option:
# tcp_nodelay: false
# so_linger:
# l_onoff: true
# l_linger: 10
#
#
# <NF Service>
#
# o NF Service Name(Default : all NF services available)
# smf:
# service_name:
#
# o NF Service Name(Only some NF services are available)
# smf:
# service_name:
# - nsmf-pdusession
#
# <NF Discovery Query Parameter>
#
# o (Default) If you do not set Query Parameter as shown below,
#
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
#
# - 'service-names' is included.
#
# o Service-Names are not included
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
# discovery:
# option:
# no_service_names: false
#
# o To remove 'service-names' from URI query parameters in NS Discovery
# no_service_names: true
#
# * For Indirect Communication with Delegated Discovery,
# 'service-names' is always included in the URI query parameter.
# * That is, 'no_service_names' has no effect.
#
# <For Indirect Communication with Delegated Discovery>
#
# o (Default) If you do not set Delegated Discovery as shown below,
#
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
#
# - Use SCP if SCP available. Otherwise NRF is used.
# => App fails if both NRF and SCP are unavailable.
#
# sbi:
# server:
# no_tls: true
# smf:
# sbi:
# - addr: 127.0.0.4
# port: 7777
# discovery:
# delegated: auto
#
# o To use SCP always => App fails if no SCP available.
# delegated: yes
#
# o Don't use SCP server => App fails if no NRF available.
# delegated: no
#
# <PFCP Server>
#
# o PFCP Server(127.0.0.4:8805, ::1:8805)
# smf:
# pfcp:
# - addr: 127.0.0.4
# - addr: ::1
#
# o PFCP-U Server(127.0.0.1:2152, [::1]:2152)
# smf:
# pfcp:
# name: localhost
#
# o PFCP Option (Default)
# - so_bindtodevice : NULL
#
# smf:
# pfcp:
# addr: 127.0.0.4
# option:
# so_bindtodevice: vrf-blue
#
# <GTP-C Server>
#
# o GTP-C Server(127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123)
# smf:
# gtpc:
# addr:
# - 127.0.0.4
# - fd69:f21d:873c:fa::3
#
# o On SMF, Same configuration
# (127.0.0.4:2123, [fd69:f21d:873c:fa::3]:2123).
# smf:
# gtpc:
# - addr: 127.0.0.4
# - addr: fd69:f21d:873c:fa::3
#
# o GTP-C Option (Default)
# - so_bindtodevice : NULL
#
# smf:
# gtpc:
# addr: 127.0.0.4
# option:
# so_bindtodevice: vrf-blue
#
# <GTP-U Server>>
#
# o GTP-U Server(127.0.0.4:2152, [::1]:2152)
# smf:
# gtpu:
# - addr: 127.0.0.4
# - addr: ::1
#
# o GTP-U Server(127.0.0.1:2152, [::1]:2152)
# smf:
# gtpu:
# name: localhost
#
# o GTP-U Option (Default)
# - so_bindtodevice : NULL
#
# smf:
# gtpu:
# addr: 127.0.0.4
# option:
# so_bindtodevice: vrf-blue
#
# <Metrics Server>
#
# o Metrics Server(http://<any address>:9090)
# smf:
# metrics:
# - addr: 0.0.0.0
# port: 9090
#
# <Subnet for UE Pool>
#
# o IPv4 Pool
# smf:
# subnet:
# addr: 10.45.0.1/16
#
# o IPv4/IPv6 Pool
# smf:
# subnet:
# - addr: 10.45.0.1/16
# - addr: 2001:db8:cafe::1/48
#
#
# o Specific DNN/APN(e.g 'ims') uses 10.46.0.1/16, 2001:db8:babe::1/48
# ; If the UE has unknown DNN/APN(not internet/ims), SMF/UPF will crash.
#
# smf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
# - addr: 2001:db8:cafe::1/48
# dnn: internet
# - addr: 10.46.0.1/16
# dnn: ims
# - addr: 2001:db8:babe::1/48
# dnn: ims
#
# o Specific DNN/APN with the FALLBACK SUBNET(10.47.0.1/16)
# ; Note that put the FALLBACK SUBNET last to avoid SMF/UPF crash.
#
# smf:
# subnet:
# - addr: 10.45.0.1/16
# dnn: internet
# - addr: 10.46.0.1/16
# dnn: ims
# - addr: 10.50.0.1/16 ## FALLBACK SUBNET
#
# o Pool Range Sample
# smf:
# subnet:
# - addr: 10.45.0.1/24
# range: 10.45.0.100-10.45.0.200
#
# smf:
# subnet:
# - addr: 10.45.0.1/24
# range:
# - 10.45.0.5-10.45.0.50
# - 10.45.0.100-
#
# smf:
# subnet:
# - addr: 10.45.0.1/24
# range:
# - -10.45.0.200
# - 10.45.0.210-10.45.0.220
#
# smf:
# subnet:
# - addr: 10.45.0.1/16
# range:
# - 10.45.0.100-10.45.0.200
# - 10.45.1.100-10.45.1.200
# - addr: 2001:db8:cafe::1/48
# range:
# - 2001:db8:cafe:a0::0-2001:db8:cafe:b0::0
# - 2001:db8:cafe:c0::0-2001:db8:cafe:d0::0
#
# <Domain Name Server>
#
# o Primary/Secondary can be configured. Others are ignored.
#
# smf:
# dns:
# - 8.8.8.8
# - 8.8.4.4
# - 2001:4860:4860::8888
# - 2001:4860:4860::8844
#
# <MTU Size>
#
# o Provisioning a limit on the size of the packets sent by the MS
# to avoid packet fragmentation in the backbone network
# between the MS and the GGSN/PGW and/or across the (S)Gi reference point)
# when some of the backbone links does not support
# packets larger then 1500 octets
#
# <P-CSCF>
#
# o Proxy Call Session Control Function
#
# smf:
# p-cscf:
# - 127.0.0.1
# - ::1
#
# <CTF>
#
# o Gy interface parameters towards OCS.
# o enabled:
# o auto: Default. Use Gy only if OCS available among Diameter peers
# o yes: Use Gy always;
# reject subscribers if no OCS available among Diameter peers
# o no: Don't use Gy interface if there is an OCS available
#
# smf:
# ctf:
# enabled: auto|yes|no
#
#
# <SMF Selection - 5G Core only>
# 1. SMF sends SmfInfo(S-NSSAI, DNN, TAI) to the NRF
# 2. NRF responds to AMF with SmfInfo during NF-Discovery.
# 3. AMF selects SMF based on S-NSSAI, DNN and TAI in SmfInfo.
#
# Note that if there is no SmfInfo, any AMF can select this SMF.
#
# o S-NSSAI[SST:1] and DNN[internet] - At least 1 DNN is required in S-NSSAI
# smf:
# info:
# - s_nssai:
# - sst: 1
# dnn:
# - internet
#
# o S-NSSAI[SST:1 SD:009000] and DNN[internet or ims]
# smf:
# info:
# - s_nssai:
# - sst: 1
# sd: 009000
# dnn:
# - internet
# - ims
#
# o S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1]
# smf:
# info:
# - s_nssai:
# - sst: 1
# dnn:
# - internet
# tai:
# - plmn_id:
# mcc: 999
# mnc: 70
# tac: 1
#
# o If any of conditions below are met:
# - S-NSSAI[SST:1] and DNN[internet] and TAI[PLMN-ID:99970 TAC:1-9]
# - S-NSSAI[SST:2 SD:000080] and DNN[internet or ims]
# - S-NSSAI[SST:4] and DNN[internet] and TAI[PLMN-ID:99970 TAC:10-20,30-40]
#
# smf:
# info:
# - s_nssai:
# - sst: 1
# dnn:
# - internet
# tai:
# - plmn_id:
# mcc: 999
# mnc: 70
# range:
# - 1-9
# - s_nssai:
# - sst: 2
# sd: 000080
# dnn:
# - internet
# - ims
# - s_nssai:
# - sst: 4
# dnn:
# - internet
# tai:
# - plmn_id:
# mcc: 999
# mnc: 70
# range:
# - 10-20
# - 30-40
#
# o Complex Example
# smf:
# info:
# - s_nssai:
# - sst: 1
# dnn:
# - internet
# - sst: 1
# sd: 000080
# dnn:
# - internet
# - ims
# - sst: 1
# sd: 009000
# dnn:
# [internet, ims]
# - sst: 2
# dnn:
# - internet
# - sst: 3
# sd: 123456
# dnn:
# - internet
# tai:
# - plmn_id:
# mcc: 999
# mnc: 70
# tac: [1, 2, 3]
# - plmn_id:
# mcc: 999
# mnc: 70
# tac: 4
# - plmn_id:
# mcc: 999
# mnc: 70
# tac:
# - 5
# - 6
# - plmn_id:
# mcc: 999
# mnc: 70
# range:
# - 100-200
# - 300-400
# - plmn_id:
# mcc: 999
# mnc: 70
# range:
# - 500-600
# - 700-800
# - 900-1000
# - s_nssai:
# - sst: 4
# dnn:
# - internet
# tai:
# - plmn_id:
# mcc: 999
# mnc: 70
# tac: 99
#
# <Security Indication - 5G Core only>
#
# According to 3GPP TS38.413 Section 9.3.1.27,
# Security Indication IE may be instructed to 5G gNB.
#
# If you set the security_indication in smf.yaml,
# this information is delivered using PDU Session Resource Request Transfer IE
#
# smf:
# security_indication:
# integrity_protection_indication: required|preferred|not-needed
# confidentiality_protection_indication: required|preferred|not-needed
# maximum_integrity_protected_data_rate_uplink: bitrate64kbs|maximum-UE-rate
# maximum_integrity_protected_data_rate_downlink: bitrate64kbs|maximum-UE-rate
#
smf:
sbi:
- addr: 172.18.3.201
port: 7777
pfcp:
- addr: 172.18.3.201
gtpc:
- addr: 172.18.3.201
option:
so_bindtodevice: eth0
gtpu:
- addr: 172.18.3.201
port: 2152
option:
so_bindtodevice: eth0
metrics:
addr: 172.18.3.201
port: 9090
subnet:
- addr: 176.16.16.1/20
dnn: internet
- addr: 2001:780:44:2000:0:0:0:1/56
dnn: inet6
- addr: 176.16.32.1/20
dnn: inet46
- addr: 2001:780:44:2100:0:0:0:1/56
dnn: inet46
dns:
- 172.18.3.222
- 8.8.8.8
- fd02:db8:3::222
- 2001:4860:4860::8844
mtu: 1400
ctf:
enabled: auto
freeDiameter: /data/freediameter.conf
#
# <SBI Client>>
#
# o SBI Client(http://127.0.1.10:7777)
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# port: 7777
#
# o SBI Client(https://127.0.1.10:443, https://[::1]:443) without verification
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - addr: 127.0.1.10
# - addr: ::1
#
# o SBI Client(https://scp.open5gs.org:443)
# Use the specified certificate while verifying the server
#
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# scp:
# sbi:
# - name: scp.open5gs.org
#
# o SBI Client(http://[fd69:f21d:873c:fb::1]:80)
# If prefer_ipv4 is true, http://127.0.1.10:80 is selected.
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr:
# - 127.0.1.10
# - fd69:f21d:873c:fb::1
#
# o SBI Option (Default)
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# scp:
# sbi:
# addr: 127.0.1.10
# option:
# tcp_nodelay: false
# so_linger:
# l_onoff: true
# l_linger: 10
#
#
scp:
sbi:
- addr: 127.0.1.10
port: 7777
#
# <SBI Client>>
#
# o SBI Client(http://127.0.0.10:7777)
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# port: 7777
#
# o SBI Client(https://127.0.0.10:443, https://[::1]:443) without verification
# sbi:
# client:
# no_verify: true
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - addr: 127.0.0.10
# - addr: ::1
#
# o SBI Client(https://nrf.open5gs.org:443)
# Use the specified certificate while verifying the server
#
# sbi:
# client:
# cacert: /etc/open5gs/tls/ca.crt
# key: /etc/open5gs/tls/amf.key
# cert: /etc/open5gs/tls/amf.crt
# nrf:
# sbi:
# - name: nrf.open5gs.org
#
# o SBI Client(http://[fd69:f21d:873c:fa::1]:80)
# If prefer_ipv4 is true, http://127.0.0.10:80 is selected.
#
# sbi:
# addr:
# - 127.0.0.10
# - fd69:f21d:873c:fa::1
#
# o SBI Option (Default)
# - tcp_nodelay : true
# - so_linger.l_onoff : false
#
# sbi:
# client:
# no_tls: true
# nrf:
# sbi:
# addr: 127.0.0.10
# option:
# tcp_nodelay: false
# so_linger:
# l_onoff: true
# l_linger: 10
#
nrf:
sbi:
- addr:
- 172.18.3.201
port: 7777
#
# <PFCP Client>>
#
# o PFCP Client(127.0.0.7:8805)
# upf:
# pfcp:
# addr: 127.0.0.7
#
# <UPF Selection>
#
# o Round-Robin
# (note that round robin can be disabled for a particular node
# by setting flag 'rr' to 0)
#
# upf:
# pfcp:
# - addr: 127.0.0.7
# - addr: 127.0.0.12
# rr: 0
# - addr: 127.0.0.19
#
# o UPF selection by eNodeB TAC
# (either single TAC or multiple TACs, DECIMAL representation)
#
# upf:
# pfcp:
# - addr: 127.0.0.7
# tac: 1
# - addr: 127.0.0.12
# tac: [3,5,8]
#
# o UPF selection by UE's DNN/APN (either single DNN/APN or multiple DNNs/APNs)
#
# upf:
# pfcp:
# - addr: 127.0.0.7
# dnn: ims
# - addr: 127.0.0.12
# dnn: [internet, web]
#
# o UPF selection by CellID(e_cell_id: 28bit, nr_cell_id: 36bit)
# (either single enb_id or multiple enb_ids, HEX representation)
#
# upf:
# pfcp:
# - addr: 127.0.0.7
# e_cell_id: 463
# - addr: 127.0.0.12
# nr_cell_id: [123456789, 9413]
#
upf:
pfcp:
- addr: 172.18.3.222
#
# o Disable use of IPv4 addresses (only IPv6)
# parameter:
# no_ipv4: true
#
# o Disable use of IPv6 addresses (only IPv4)
# parameter:
# no_ipv6: true
#
# o Prefer IPv4 instead of IPv6 for estabishing new GTP connections.
# parameter:
# prefer_ipv4: true
#
# o Disable selection of UPF PFCP in Round-Robin manner
# parameter:
# no_pfcp_rr_select: true
#
# o Legacy support for pre-release LTE 11 devices
# - Omits adding local address in packet filters for compatibility
# parameter:
# no_ipv4v6_local_addr_in_packet_filter: true
#
parameter:
#
# o Maximum Number of UE
# max:
# ue: 1024
#
# o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI)
# max:
# peer: 64
#
# o Maximum Number of GTP peer nodes per SGWC/SMF
# max:
# gtp_peer: 64
#
max:
#
# o NF Instance Heartbeat (Default : 0)
# NFs will not send heart-beat timer in NFProfile
# NRF will send heart-beat timer in NFProfile
# (Default values are used, so no configuration is required)
#
# o NF Instance Heartbeat (20 seconds)
# NFs will send heart-beat timer (20 seconds) in NFProfile
# NRF can change heart-beat timer in NFProfile
# time:
# nf_instance:
# heartbeat: 20
#
# o Message Wait Duration (Default : 10,000 ms = 10 seconds)
# (Default values are used, so no configuration is required)
#
# o Message Wait Duration (3000 ms)
# time:
# message:
# duration: 3000
#
# o Handover Wait Duration (Default : 300 ms)
# Time to wait for SMF to send
# PFCP Session Modification Request(Remove Indirect Tunnel) to the UPF
# after sending Nsmf_PDUSession_UpdateSMContext Response(hoState:COMPLETED)
# (Default values are used, so no configuration is required)
#
# o Handover Wait Duration (500ms)
# time:
# handover:
# duration: 500
time: