NGC UP CLIs
How to build a docker for a offline complie server
sudo docker build -t upf_dev -f extras/docker/build/Dockerfile.astri
sudo docker save upf_dev > upf_dev.tar
Then copy upf_dev.tar to complie server
sudo docker load < upf_dev.tar
Run the docker on the compile server
sudo docker run -i -d --name=upf_dev -v /home/ubuntu/upf_source_code:/opt upf_dev
sudo docker exec -i -t upf_dev /bin/bash
How to check upf get correct configuration from smf
check if upf ping smf, and ‘show upf association’
tcpdump N4 on smf or upf is simple and direct
set upf log level trace , and ‘tail -f’ the log
show upf one’s session detail info
How to check whether UPF is configured correctly or not?
check if UPF ping SMF ok, and “show upf association”.
tcpdump N4 messages at SMF side or at UPF side.
Set UPF log level trace , and “tail -f” the log file.
show upf session detail info.
How to debug UPF crash?
$ gdb install-vpp-native/vpp/bin/vpp -c /tmp/dumps/vpp-xxx
(gdb) bt
指定 Crash 的 VPP 二进制
指定 Crash 的 core dumps 文件
Set log level, and find the latest log in /var/log/vpp/vpp.log
upf log level trace
upf log level debug
upf log level info
upf log level warn
upf log level err
set log trace to /var/log/vpp/pfcp.log
再 N4 接口上过滤指定 IMSI 的消息流和原始码流。
upf trace imsi 466920100001101 range Mon 11 - 17 Tue 7 - 11 Wed - Fri 8 - 18
upf trace imsi 466920100001101 off
set packets trace
在 N3/6/9 接口上过滤指定 IMSI 的 pcap 报文。
upf pcap imsi 466920100001101 rx tx max 100000 intfc VirtualFunctionEthernet0/8/0 file t1.pcap
upf pcap imsi 466920100001101 off
设置 N3 MTU
VPP Interface MTU 默认是 9000B,如果 N6 收到 >1500 的包,加上 GTP Header 后,从 N3 出去就超过以太网 1500 的大小了。所以设置 MTU 的目的是从 N3 发出去时,可以做外分片(GTP-U 的分片)。此时,如果基站不支持外分片的重组,就导致访问互联网的大包下行不通。此时,需要 UPF 通过内分片(UPF 将业务数据报文分片为 1400)来解决(ip+udp+gtp+1400 < 1500)。
upf gtpu-tunnel-mtu 1400
Show N4 Node
show upf association
show upf pfcp endpoint
Show N3 or N9 Node
show upf gtpu endpoint
Show N4 Session
show upf session
show upf session table_id 0 ue_ip 172.20.231.65
Create UE IP pool on UPF
upf ue-ip-pool start ipv4 100.10.1.1 size 1000 nwi epc
How to set DSCP to VLAN priority mapping Set VLAN interface TenGigabitEthernet7/0/0.10
# 1、Open vlan qos mapping feature on interface
set interface feature VirtualFunctionEthernet0/7/0 vlan-ip4-qos-mark arc ip4-output
# 2、qos egress map id <id> [vlan][<DSCP 十进制>]=<Vlan Priority 十进制>
qos egress map id 0 [vlan][14]=3
qos egress map id 0 [vlan][22]=4
# 3、挂载,map id 0 was used on the Interface
qos mark vlan VirtualFunctionEthernet0/7/0 id 0
# 4、查看
show qos egress map id 0
关闭 flowtable
upf flowtable cache disable
Predefine Rule
show upf pre-def rules
show upf pre-def rule-name rule1
upf pre-def rule rule_name rule1 app_id 1011 qer_ids 2181038101 far_id 2181038100 urr_ids 2200000000
FAR
upf pre-def far id 2181038100 action 2 dst-if 0 nwi epc out-header-ip 192.168.30.100
QER
upf pre-def qer id 2181038101 gate-ul 0 gate-dl 0
URR:可以配置 Volume、Time Quota,到达 Quota 后,UPF 会 DROP 掉关联 URR 的 PDR,在 UPF session 中可以看见 over quota 的提示。所以在线计费场景中会在 Quota 80% 的时候 PFCP session report request 到 SMF 请求下发新的 Qouta,然后 SMF 下发 Update URR。(注:如果只有 Threashold 的话,离线计费场景,UPF 在每次 Threashold 到达时都会发 Report 到 SMF;如果同时配置了 Threashold 和 Quota 的话,就是在线计费场景,Quota 到了,UPF 就会阻断流量。)
upf pre-def urr [id <>] [method <1|2|4>] [trigers <>] [period <>] [vol-th-ul <>] [vol-th-dl <>] [vol-th-total <>] [vol-quota-ul <>] [vol-quota-dl <>] [vol-quota-total <>] [time-threashold <>] [time-quota <>] [time-idt <>] [monitor-time <>] [linked-urr-ids <1,2,...>]
# method 1:time
# method 2:volume
# method 4:event
# (reporting)trigers:通常是 16,00010110,VOLUME、TIME、START。
# period(周期)
# e.g.
upf pre-def urr id 2000 trigers 16
upf pre-def rule rule_name rule1 app_id 1004 urr_ids 2000
upf dnn name default.mnc092.mcc466.gprs rule_id rule1
upf pre-def urr id 2200000002 trigers 16
upf pre-def rule rule_name rule2 app_id 1004 urr_ids 2200000002
upf dnn name default.mnc092.mcc466.gprs rule_id rule2
PFD & DPI
show upf pfd
# FTP Control 业务识别
show ndpi protocol
upf dpi name dpi_ftpc id 1
upf dpi name dpi_ftpd id 175
upf pfd-list appid 1012 fd {permit in ip from 172.20.231.0/24 to 192.168.1.1/32} ct {dpi_ftpc}
upf pfd-list appid 1012 fd {permit in ip from 172.20.231.0/24 to 192.168.1.1/32} ct {dpi_ftpd}
upf pre-def qer id 2181038101 gate-ul 1 gate-dl 1
upf pre-def urr id 2200000003 trigers 16
upf pre-def rule rule_name rule1 app_id 1012 qer_ids 2181038101 urr_ids 2200000003
upf dnn name default.mnc092.mcc466.gprs rule_id rule1
show upf pfd-list
show upf pre-def rules
# RTSP 业务识别
show ndpi protocol
upf dpi name dpi_rtsp id 50
upf pfd-list appid 1008 fd {permit in ip from 172.20.231.0/24 to 192.168.1.109/32} ct {dpi_rtsp}
upf pfd-list appid 1008 fd {permit out ip from 192.168.1.109/32 to 172.20.231.0/24} ct {dpi_rtsp}
show upf pfd-list
# DNS 业务识别
upf pfd-list appid 1009 dns dn {www.baidu.com}
upf pfd-list appid 1009 dns dn {www.sina.com.cn}
# MQTT 业务识别
show ndpi protocol
upf dpi name dpi_mqtt id 222
upf pfd-list appid 1010 fd {permit in ip from 172.20.231.0/24 to 192.168.1.109/32} ct {dpi_mqtt}
upf pfd-list appid 1010 fd {permit out ip from 192.168.1.109/32 to 172.20.231.0/24} ct {dpi_mqtt}
show upf pfd-list
# ICMPv4/v6 业务识别
show ndpi protocol
upf dpi name dpi_icmpv4 id 81
upf dpi name dpi_icmpv6 id 102
upf pfd-list appid 1012 fd {permit in ip from 172.20.231.0/24 to 192.168.1.1/32} ct {dpi_icmpv4}
upf pfd-list appid 1012 fd {permit in ip from 172.20.231.0/24 to 192.168.1.1/32} ct {dpi_icmpv6}
upf pre-def qer id 2181038101 gate-ul 1 gate-dl 1
upf pre-def urr id 2200000003 trigers 16
upf pre-def rule rule_name rule1 app_id 1012 qer_ids 2181038101 urr_ids 2200000003
upf dnn name default.mnc092.mcc466.gprs rule_id rule1
show upf pfd-list
show upf pre-def rules
# Check your packet is detected by nDPI
show ndpi flow
show ndpi stat
DNN 绑定
预定义规则需要绑定到 DNN 生效。
upf dnn name default.mnc092.mcc466.gprs rule_id rule1