diff --git a/docs/deployments/open5gs-compose/README.md b/docs/deployments/open5gs-compose/README.md index 9d95bbe7..b12b40f0 100644 --- a/docs/deployments/open5gs-compose/README.md +++ b/docs/deployments/open5gs-compose/README.md @@ -1,65 +1,38 @@ # open5gs-compose -# install docker, docker-compose +This deployment starts Open5gs 5G mobile core with eUPF and UERANSIM using docker-compose. -https://docs.docker.com/engine/install/ - -# configure docker daemon for disable iptables - -https://docs.docker.com/network/packet-filtering-firewalls/#prevent-docker-from-manipulating-iptables - -# create network for containers - -``` -docker network create \ - --driver=bridge \ - --subnet=172.20.0.0/24 \ - --gateway=172.20.0.1 \ - -o "com.docker.network.bridge.name"="br-open5gs-main" \ - open5gs-main -sudo ethtool -K br-open5gs-main tx off -``` - -
Here we turn off tx offload to avoid TCP checksum error in internal packets for iperf tests. -

- -Apparently, checksum offloading is enabled by default and the kernel postpones csum calculation until the last moment, expecting csum to be calculated in the driver when the packet is sent. But we have a virtual environment and the packet eventually goes to the GTP tunnel on UPF. Obviously, this is the reason why csum is not calculated correctly. - -However, if we disable offloading, the checksum is calculated immediately on iperf and everything works. -

-
+## 1. Install docker, docker-compose -
-# To run multiple iperf servers, use this command - -`sudo apt install iperf3` - -`for i in $(seq 5201 5208); do (iperf3 -s -p $i &) ; done` - -# start Open5GS - -1. pull all docker images +https://docs.docker.com/engine/install/ -docker-compose pull +## 2. Start services -2. start services +Run `docker-compose up -d` -docker-compose up -d +## 3. Verify environment up and running -# run iperf tests +Run `docker-compose logs ue` and check UE logs. -1. run iperf test in every UERANSim containers +If UE have successfully connected you'll see message like below: -`make test` +``` +[2025-01-31 15:09:30.550] [app] [info] Connection setup for PDU session[1] is successful, TUN interface[uesimtun0, 10.46.0.2] is up. +``` -when test ended, you can see reports in directory `.deploy/docker/local-data/iperf` +## 4. Test UE connectivity -# stop and remove all containers +Fall into UE container `docker-compose exec ue bash`. -`make clean` +And use `uesimtun0` interface to send packets via it: -`docker network rm open5gs-main` \ No newline at end of file +``` +# ping -I uesimtun0 8.8.8.8 +PING 8.8.8.8 (8.8.8.8) from 10.46.0.2 uesimtun0: 56(84) bytes of data. +64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=15.2 ms +64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=15.2 ms +... + +curl --interface uesimtun0 -vv http://google.com +... +``` \ No newline at end of file diff --git a/docs/deployments/open5gs-compose/fw.sh b/docs/deployments/open5gs-compose/fw.sh deleted file mode 100644 index 589bc282..00000000 --- a/docs/deployments/open5gs-compose/fw.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -# flush rules -iptables -F -iptables -X -iptables -t raw -F -iptables -t raw -X -iptables -t nat -F -iptables -t nat -X -iptables -t mangle -F -iptables -t mangle -X - -# 001 default policies -iptables -P INPUT DROP -iptables -P OUTPUT ACCEPT -iptables -P FORWARD DROP - -# 002 allow loopback -iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT - -# 003 allow ping replies -iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT -iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT - -# INPUT (all) -iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -iptables -A INPUT -m conntrack --ctstate NEW -p tcp --dport 22 -j ACCEPT -iptables -A INPUT -m conntrack --ctstate NEW -p tcp --dport 3000 -j ACCEPT -# iperf -iptables -A INPUT -m conntrack --ctstate NEW -p tcp --dport 5201 -j ACCEPT -iptables -A INPUT -p udp --dport 5201 -j ACCEPT - -# FORWARD (all) -iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -iptables -A FORWARD -m conntrack --ctstate NEW -p tcp -s 172.20.0.0/16 -j ACCEPT -iptables -A FORWARD -p udp -s 172.20.0.0/16 -j ACCEPT -iptables -A FORWARD -p icmp -s 172.20.0.0/16 -j ACCEPT -iptables -A FORWARD -p sctp -s 172.20.0.0/16 -j ACCEPT -iptables -A FORWARD -m conntrack --ctstate NEW -p tcp -s 10.0.0.0/8 -j ACCEPT -iptables -A FORWARD -p udp -s 10.0.0.0/8 -j ACCEPT -iptables -A FORWARD -p icmp -s 10.0.0.0/8 -j ACCEPT -iptables -A FORWARD -p sctp -s 10.0.0.0/8 -j ACCEPT - -# NAT (snat) -iptables -t nat -A POSTROUTING -s 172.20.0.0/16 -d 0.0.0.0/0 -o eth0 -j MASQUERADE -iptables -t nat -A POSTROUTING -s 10.46.0.0/16 -o eth0 -j MASQUERADE