Deploy OAI 5G Core Network using Docker - caprivm/virtualization GitHub Wiki
caprivm ([email protected])
Updated: January 2, 2023
This page explains all the steps required to deploy the OAI-5GCN (OpenAirInterface 5G Core Network) using Docker and Docker Compose. The software it was tested on is:
| Feature | Value |
|---|---|
| OS Used | Ubuntu Server 22.04 LTS |
| vCPU | 4 |
| RAM (GB) | 8 |
| Disk (GB) | 80 |
| Home User | ubuntu |
| Docker Version | Client: 20.10.22, Server: 20.10.22 |
| Docker Compose Version | v2.14.2 |
The contents of the page are:
Before executing the step-by-step of this guide, it is important that in the server that you have to install the cluster, you have the cluster management tools installed:
The list of environment variables used for this implementation are summarized in the following exports:
export NODE_USER="ubuntu"
export DOCKER_NETWORK="192.168.70.128/26"
export NODE_IP="192.168.20.85"
export NODE_MAIN_IF_NAME="enp0s3"NOTE: Replace or configure each of the variables according to your environment.
This section shows how to deploy Core 5G in OAI SA (Stand Alone) mode using docker. The guide that is followed for the installation is described in this link.
Before installing the Core 5G, it is necessary to prepare the environment by downloading the images that make up the Core 5G and the configuration files necessary for its operation. Follow these steps:
# Prepare the server
sudo apt update
sudo apt upgrade -y
sudo apt install net-tools python3
sudo sysctl net.ipv4.conf.all.forwarding=1
sudo iptables -P FORWARD ACCEPT
# Pull docker images
docker pull oaisoftwarealliance/oai-amf:develop
docker pull oaisoftwarealliance/oai-nrf:develop
docker pull oaisoftwarealliance/oai-smf:develop
docker pull oaisoftwarealliance/oai-udr:develop
docker pull oaisoftwarealliance/oai-udm:develop
docker pull oaisoftwarealliance/oai-ausf:develop
docker pull oaisoftwarealliance/oai-spgwu-tiny:develop
docker pull oaisoftwarealliance/trf-gen-cn5g:latest
# Tag docker images
docker image tag oaisoftwarealliance/oai-amf:develop oai-amf:develop
docker image tag oaisoftwarealliance/oai-nrf:develop oai-nrf:develop
docker image tag oaisoftwarealliance/oai-smf:develop oai-smf:develop
docker image tag oaisoftwarealliance/oai-udr:develop oai-udr:develop
docker image tag oaisoftwarealliance/oai-udm:develop oai-udm:develop
docker image tag oaisoftwarealliance/oai-ausf:develop oai-ausf:develop
docker image tag oaisoftwarealliance/oai-spgwu-tiny:develop oai-spgwu-tiny:develop
docker image tag oaisoftwarealliance/trf-gen-cn5g:latest trf-gen-cn5g:latestNow, download the necessary configuration files for the operation of the Core 5G:
git clone https://gitlab.eurecom.fr/oai/cn5g/oai-cn5g-fed.git ~/oai-cn5g-fed
wget -O ~/oai-cn5g-fed/docker-compose/docker-compose-basic-nrf.yaml https://gitlab.eurecom.fr/oai/openairinterface5g/-/raw/develop/doc/tutorial_resources/docker-compose-basic-nrf.yaml?inline=false
wget -O ~/oai-cn5g-fed/docker-compose/database/oai_db.sql https://gitlab.eurecom.fr/oai/openairinterface5g/-/raw/develop/doc/tutorial_resources/oai_db.sql?inline=false
chmod +x ~/oai-cn5g-fed/docker-compose/database/oai_db.sqlNOTE: Before starting Core 5G, you might want to add a user to the AMF database for authentication and authorization. To do this, follow the procedure indicated in the section Configure a User Subscription Profile.
Modify the cipher type in the file ~/oai-cn5g-fed/docker-compose/docker-compose-basic-nrf.yaml by NEA1 to make it compatible with simulators like UERANSIM:
@@ -122,32 +122,32 @@ services:
ipv4_address: 192.168.70.130
oai-amf:
container_name: "oai-amf"
image: oai-amf:develop
@@ -184,6 +185,8 @@ services:
- UDM_PORT=80
- UDM_API_VERSION=v2
- UDM_FQDN=oai-udm
+ - INT_ALGO_LIST=["NIA1", "NIA2"]
+ - CIPH_ALGO_LIST=["NEA1", "NEA2"]Para este ejemplo los parámetros de configuración del core están pensados para conectar una PLMN con la siguiente información:
- MCC
- MNC
- APN
To run Core 5G, consider the following commands:
cd ~/oai-cn5g-fed/docker-compose
python3 core-network.py --type start-basic --scenario 1
docker ps -a
# CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# d1dade8453cb trf-gen-cn5g:latest "/bin/bash -c ' ip r…" 7 hours ago Up 7 hours (healthy) oai-ext-dn
# bce2a5b8751a oai-spgwu-tiny:develop "/bin/bash /openair-…" 7 hours ago Up 7 hours (healthy) 2152/udp, 8805/udp oai-spgwu
# ea2558302a16 oai-smf:develop "/bin/bash /openair-…" 7 hours ago Up 7 hours (healthy) 80/tcp, 8080/tcp, 8805/udp oai-smf
# 4bf4699727d9 oai-amf:develop "/bin/bash /openair-…" 7 hours ago Up 7 hours (healthy) 80/tcp, 9090/tcp, 38412/sctp oai-amf
# 7f697555eb52 oai-ausf:develop "/bin/bash /openair-…" 5 days ago Up 8 hours (healthy) 80/tcp oai-ausf
# 1a4aec8a5f70 oai-udm:develop "/bin/bash /openair-…" 5 days ago Up 8 hours (healthy) 80/tcp oai-udm
# bdacfb26de33 oai-udr:develop "/bin/bash /openair-…" 5 days ago Up 8 hours (healthy) 80/tcp oai-udr
# c089f68ca750 mysql:5.7 "docker-entrypoint.s…" 5 days ago Up 8 hours (healthy) 3306/tcp, 33060/tcp mysql
# 30afd9292053 oai-nrf:develop "/bin/bash /openair-…" 5 days ago Up 8 hours (healthy) 80/tcp, 9090/tcp oai-nrfProbar la conexión después del despliegue.
ping 192.168.70.132 # Ping AMF service
nc -zv 192.168.70.132 80 # Validate connection to a test portExec the container mysql and get the information from the AuthenticationSubscription table by following these steps:
docker exec -it mysql mysql -u root -p
# Enter password: linux
mysql> show databases;
mysql> use oai_db;
mysql> show tables;
mysql> select * from AuthenticationSubscription;
# +-----------------+----------------------+----------------------------------+----------------------------------+------------------------------------------------------------------------------------+-------------------------------+-------------+----------------------------------+------------+-----------------------+----------------+---------------------+-----------------+
# | ueid | authenticationMethod | encPermanentKey | protectionParameterId | sequenceNumber | authenticationManagementField | algorithmId | encOpcKey | encTopcKey | vectorGenerationInHss | n5gcAuthMethod | rgAuthenticationInd | supi |
# +-----------------+----------------------+----------------------------------+----------------------------------+------------------------------------------------------------------------------------+-------------------------------+-------------+----------------------------------+------------+-----------------------+----------------+---------------------+-----------------+
# | 001010000000001 | 5G_AKA | fec86ba6eb707ed08905757b1bb44b8f | fec86ba6eb707ed08905757b1bb44b8f | {"sqn": "000000000180", "sqnScheme": "NON_TIME_BASED", "lastIndexes": {"ausf": 0}} | 8000 | milenage | C42449363BBAD02B66D16BC975D77CC1 | NULL | NULL | NULL | NULL | 001010000000001 |
# | 001010000000002 | 5G_AKA | fec86ba6eb707ed08905757b1bb44b8f | fec86ba6eb707ed08905757b1bb44b8f | {"sqn": "000000000000", "sqnScheme": "NON_TIME_BASED", "lastIndexes": {"ausf": 0}} | 8000 | milenage | C42449363BBAD02B66D16BC975D77CC1 | NULL | NULL | NULL | NULL | 001010000000002 |
# | 001010000000003 | 5G_AKA | fec86ba6eb707ed08905757b1bb44b8f | fec86ba6eb707ed08905757b1bb44b8f | {"sqn": "000000000000", "sqnScheme": "NON_TIME_BASED", "lastIndexes": {"ausf": 0}} | 8000 | milenage | C42449363BBAD02B66D16BC975D77CC1 | NULL | NULL | NULL | NULL | 001010000000003 |
# +-----------------+----------------------+----------------------------------+----------------------------------+------------------------------------------------------------------------------------+-------------------------------+-------------+----------------------------------+------------+-----------------------+----------------+---------------------+-----------------+As you can see, the Core 5G deployment brings by default some users loaded in the database. The information displayed is used to configure tests on the RAN.
There are two ways to configure the User Subscription Profile:
- Pre-configure all the users in the database file. This way when the core network starts it will have all the users.
- Add a new user when the Core 5G is already running using the
mysqlcontainer.
For the first method, you have to edit the database file and add or change the entries in table AuthenticationSubscription, either remove the already present entries or add a new one like below:
INSERT INTO `AuthenticationSubscription` (`ueid`, `authenticationMethod`, `encPermanentKey`, `protectionParameterId`, `sequenceNumber`, `authenticationManagementField`, `algorithmId`, `encOpcKey`, `encTopcKey`, `vectorGenerationInHss`, `n5gcAuthMethod`, `rgAuthenticationInd`, `supi`) VALUES
('208950000000031', '5G_AKA', '0C0A34601D4F07677303652C0462535B', '0C0A34601D4F07677303652C0462535B', '{\"sqn\": \"000000000020\", \"sqnScheme\": \"NON_TIME_BASED\", \"lastIndexes\": {\"ausf\": 0}}', '8000', 'milenage', '63bfa50ee6523365ff14c1f45f88737d', NULL, NULL, NULL, NULL, '208950000000031'),Next restart the mysql container:
docker restart mysqlFor the second method, you have to add the entry when the core network is already running. This step can only be performed after deploying the Core 5G.
docker exec -it mysql mysql -u root -p
# Enter password: linux
mysql> show databases;
mysql> use oai_db;
mysql> INSERT INTO `AuthenticationSubscription` (`ueid`, `authenticationMethod`, `encPermanentKey`, `protectionParameterId`, `sequenceNumber`, `authenticationManagementField`, `algorithmId`, `encOpcKey`, `encTopcKey`, `vectorGenerationInHss`, `n5gcAuthMethod`, `rgAuthenticationInd`, `supi`) VALUES
('208930100001102', '5G_AKA', '8baf473f2f8fd09487cccbd7097c6862', '8baf473f2f8fd09487cccbd7097c6862', '{\"sqn\": \"000000000000\", \"sqnScheme\": \"NON_TIME_BASED\", \"lastIndexes\": {\"ausf\": 0}}', '8000', 'milenage', '8e27b6af0e692e750f32667a3b14605d', NULL, NULL, NULL, NULL, '208930100001102'),Make sure you edit the IMSI, opc and key according to the settings of your user device.