# NGC UP CLIs

## How to build a docker for a offline complie server

```bash
sudo docker build -t upf_dev -f extras/docker/build/Dockerfile.astri
sudo docker save upf_dev > upf_dev.tar
```

Then copy upf_dev.tar to complie server

```bash
sudo docker load < upf_dev.tar
```

Run the docker on the compile server

```bash
sudo docker run -i -d --name=upf_dev -v /home/ubuntu/upf_source_code:/opt upf_dev
sudo docker exec -i -t upf_dev /bin/bash
```

## How to check upf get correct configuration from smf

1. check if upf ping smf, and ‘show upf association’ 
2. tcpdump N4 on smf or upf is simple and direct
3. set upf log level trace , and ‘tail -f’ the log
4. show upf one’s session detail info

## How to check whether UPF is configured correctly or not?

- check if UPF ping SMF ok, and “show upf association”.
- tcpdump N4 messages at SMF side or at UPF side.
- Set UPF log level trace , and “tail -f” the log file.
- show upf session detail info.

## How to debug UPF crash?

```bash
$ gdb install-vpp-native/vpp/bin/vpp -c /tmp/dumps/vpp-xxx
(gdb) bt
```

- 指定 Crash 的 VPP 二进制
- 指定 Crash 的 core dumps 文件

## Set log level, and find the latest log in /var/log/vpp/vpp.log

```bash
upf log level trace
upf log level debug
upf log level info
upf log level warn
upf log level err
```

## set log trace to /var/log/vpp/pfcp.log

再 N4 接口上过滤指定 IMSI 的消息流和原始码流。

```bash
upf trace imsi 466920100001101 range Mon 11 - 17 Tue 7 - 11 Wed - Fri 8 - 18
upf trace imsi 466920100001101 off
```

## set packets trace

在 N3/6/9 接口上过滤指定 IMSI 的 pcap 报文。

```bash
upf pcap imsi 466920100001101 rx tx max 100000 intfc VirtualFunctionEthernet0/8/0 file t1.pcap
upf pcap imsi 466920100001101 off
```

## 设置 N3 MTU

VPP Interface MTU 默认是 9000B，如果 N6 收到 >1500 的包，加上 GTP Header 后，从 N3 出去就超过以太网 1500 的大小了。所以设置 MTU 的目的是从 N3 发出去时，可以做外分片（GTP-U 的分片）。此时，如果基站不支持外分片的重组，就导致访问互联网的大包下行不通。此时，需要 UPF 通过内分片（UPF 将业务数据报文分片为 1400）来解决（ip+udp+gtp+1400 < 1500）。

```
upf gtpu-tunnel-mtu 1400
```

## Show N4 Node

```bash
show upf association
show upf pfcp endpoint
```

## Show N3 or N9 Node

```bash
show upf gtpu endpoint
```

## Show N4 Session

```bash
show upf session
show upf session table_id 0 ue_ip 172.20.231.65
```

## Create UE IP pool on UPF

```bash
upf ue-ip-pool start ipv4 100.10.1.1 size 1000 nwi epc
```

## How to create vitual interface for PFCP N4, if smf and upf share a host.

In linux termial:

```bash
ip link add name vpp1out type veth peer name vpp1host
ip link set dev vpp1out up
ip link set dev vpp1host up
ip addr add 10.10.1.1/24 dev vpp1host
```

In vpp cli:

```bash
create host-interface name vpp1out
set int state host-vpp1out up
set int ip address host-vpp1out 10.10.1.2/24
```

you can write them in upf.conf if needed.

## How to set DSCP to VLAN priority mapping Set VLAN interface TenGigabitEthernet7/0/0.10

```bash
# 1、Open vlan qos mapping feature on interface
set interface feature VirtualFunctionEthernet0/7/0 vlan-ip4-qos-mark arc ip4-output

# 2、qos egress map id <id> [vlan][<DSCP 十进制>]=<Vlan Priority 十进制>
qos egress map id 0 [vlan][14]=3
qos egress map id 0 [vlan][22]=4

# 3、挂载，map id 0 was used on the Interface
qos mark vlan VirtualFunctionEthernet0/7/0 id 0

# 4、查看
show qos egress map id 0
```

## 关闭 flowtable

```
upf flowtable cache disable
```

## Predefine Rule

```
show upf pre-def rules
show upf pre-def rule-name rule1
upf pre-def rule rule_name rule1 app_id 1011 qer_ids 2181038101 far_id 2181038100 urr_ids 2200000000
```

- **FAR**

```
upf pre-def far id 2181038100 action 2 dst-if 0 nwi epc out-header-ip 192.168.30.100
```

- **QER**

```
upf pre-def qer id 2181038101 gate-ul 0 gate-dl 0
```

- **URR**：可以配置 Volume、Time Quota，到达 Quota 后，UPF 会 DROP 掉关联 URR 的 PDR，在 UPF session 中可以看见 over quota 的提示。所以在线计费场景中会在 Quota 80% 的时候 PFCP session report request 到 SMF 请求下发新的 Qouta，然后 SMF 下发 Update URR。（注：如果只有 Threashold 的话，离线计费场景，UPF 在每次 Threashold 到达时都会发 Report 到 SMF；如果同时配置了 Threashold 和 Quota 的话，就是在线计费场景，Quota 到了，UPF 就会阻断流量。）

```
upf pre-def urr [id <>] [method <1|2|4>] [trigers <>] [period <>] [vol-th-ul <>] [vol-th-dl <>] [vol-th-total <>] [vol-quota-ul <>] [vol-quota-dl <>] [vol-quota-total <>] [time-threashold <>] [time-quota <>] [time-idt <>] [monitor-time <>] [linked-urr-ids <1,2,...>]

# method 1：time
# method 2：volume
# method 4：event
# （reporting）trigers：通常是 16，00010110，VOLUME、TIME、START。
# period（周期）

# e.g.
upf pre-def urr id 2000 trigers 16
upf pre-def rule rule_name rule1 app_id 1004 urr_ids 2000
upf dnn name default.mnc092.mcc466.gprs rule_id rule1

upf pre-def urr id 2200000002 trigers 16
upf pre-def rule rule_name rule2 app_id 1004 urr_ids 2200000002
upf dnn name default.mnc092.mcc466.gprs rule_id rule2
```

## PFD & DPI

```bash
show upf pfd

# FTP Control 业务识别
show ndpi protocol

upf dpi name dpi_ftpc id 1
upf dpi name dpi_ftpd id 175
upf pfd-list appid 1012 fd {permit in ip from 172.20.231.0/24 to 192.168.1.1/32} ct {dpi_ftpc}
upf pfd-list appid 1012 fd {permit in ip from 172.20.231.0/24 to 192.168.1.1/32} ct {dpi_ftpd}

upf pre-def qer id 2181038101 gate-ul 1 gate-dl 1
upf pre-def urr id 2200000003 trigers 16
upf pre-def rule rule_name rule1 app_id 1012 qer_ids 2181038101 urr_ids 2200000003
upf dnn name default.mnc092.mcc466.gprs rule_id rule1

show upf pfd-list
show upf pre-def rules

# RTSP 业务识别
show ndpi protocol
upf dpi name dpi_rtsp id 50
upf pfd-list appid 1008 fd {permit in ip from 172.20.231.0/24 to 192.168.1.109/32} ct {dpi_rtsp}
upf pfd-list appid 1008 fd {permit out ip from 192.168.1.109/32 to 172.20.231.0/24} ct {dpi_rtsp}
show upf pfd-list

# DNS 业务识别
upf pfd-list appid 1009 dns dn {www.baidu.com}
upf pfd-list appid 1009 dns dn {www.sina.com.cn}

# MQTT 业务识别
show ndpi protocol
upf dpi name dpi_mqtt id 222
upf pfd-list appid 1010 fd {permit in ip from 172.20.231.0/24 to 192.168.1.109/32} ct {dpi_mqtt}
upf pfd-list appid 1010 fd {permit out ip from 192.168.1.109/32 to 172.20.231.0/24} ct {dpi_mqtt}
show upf pfd-list

# ICMPv4/v6 业务识别
show ndpi protocol

upf dpi name dpi_icmpv4 id 81
upf dpi name dpi_icmpv6 id 102
upf pfd-list appid 1012 fd {permit in ip from 172.20.231.0/24 to 192.168.1.1/32} ct {dpi_icmpv4}
upf pfd-list appid 1012 fd {permit in ip from 172.20.231.0/24 to 192.168.1.1/32} ct {dpi_icmpv6}

upf pre-def qer id 2181038101 gate-ul 1 gate-dl 1
upf pre-def urr id 2200000003 trigers 16
upf pre-def rule rule_name rule1 app_id 1012 qer_ids 2181038101 urr_ids 2200000003
upf dnn name default.mnc092.mcc466.gprs rule_id rule1

show upf pfd-list
show upf pre-def rules

# Check your packet is detected by nDPI
show ndpi flow
show ndpi stat
```

## DNN 绑定

预定义规则需要绑定到 DNN 生效。

```
upf dnn name default.mnc092.mcc466.gprs rule_id rule1
```