|
|
||
|
When a data is transferred from Radio Stack(eNB) to Core Network it goes through various Interfaces as illustrated in Figure 1 of Network Architecture and Interface page. When the data go through these interface, they get encapsulated by various tunnel protocol as in Figure 2 of Network Architecture and Interface page. GTP is a specific type of tunneling protocol by which U-plane data (user data) go through as illustrated below. In 3GPP, GTP is specified in 29.281.
Following is the GTP Header format. User Data (usually IP data) is encapsulated by a GTP packet following this header as shown in example section. < 3GPP 29.281 - Figure 5.1-1: Outline of the GTP-U Header >
Signaling for GTP setup :Signaling for GTP setup does not rely on GTP itself, since the protocol does not include any inherent procedures for handshaking or session establishment. Instead, the setup of GTP tunnels depends on signaling exchanges between various core network elements such as the MME/AMF, SGW/UPF, and PGW/SMF. These signaling procedures ensure that resources are allocated, tunnel identifiers are assigned, and the necessary context information is distributed across the involved nodes. In practice, control-plane signaling protocols like S1-AP, NGAP, and GTP-C carry the coordination messages that instruct network elements to create or release GTP tunnels for user-plane traffic. As a result, while GTP itself functions simply as a tunneling mechanism, its successful operation relies heavily on surrounding signaling frameworks that orchestrate the tunnel configuration and maintain consistency across the network.. Following is an overal signaling procedure to setup GTP pipes in 5G/NR network. The process begins with the UE initiating a PDU session establishment request, which is handled by the AMF and then forwarded to the SMF for session management. Once the session is accepted, the AMF triggers the PDU Session Resource Setup Request toward the gNB, carrying the uplink TEID information allocated by the UPF. The gNB responds with the PDU Session Resource Setup Response, delivering the downlink TEID to complete the mapping. With both TEIDs exchanged, the network can now encapsulate and route user data packets using GTP-U in both uplink and downlink directions. This sequence highlights that GTP setup is the result of higher-layer signaling coordination, ensuring the correct assignment of resources and identifiers before actual GTP packet transmission begins.
Following is an example log snippet from Amarisoft showing the details of this signaling process described above. This is the combined log of Amarisoft gNB and MME
In terms of message hierarchy, NGAP are main message carrier between gNB and Core network. NAS messages are embedded into NGAP messages to shuttle back and forth between gNB and Core network. For example, an Uplink NAS transport (1) carries UL NAS tranport and PDU session establishment request embedded in it. In other words, the NAS message UL NAS transport(2) is extracted from the Uplink NAS transport(1) by 5GMM and PDU session establishement request(3) is extracted from the UL NAS transport(2) by 5GSM. Message: 127.0.1.1:33620 Uplink NAS transport
Data: 0000: 00 2e 40 80 af 00 00 04 00 0a 00 02 00 64 00 55 ..@..........d.U 0010: 00 02 00 01 00 26 00 80 88 80 86 7e 02 39 57 26 .....&.....~.9W& 0020: 98 03 7e 00 67 01 00 6b 2e 01 55 c1 00 00 93 28 ..~.g..k..U....( 0030: 01 00 7b 00 5e 80 c2 23 16 01 00 00 16 10 8c bb ..{.^..#........ 0040: 1d 1d 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 2a c2 ..............*. 0050: 23 16 02 00 00 16 10 c6 00 c0 d1 3b de b9 d7 0b #..........;.... 0060: 68 d9 33 26 ec fe fb 2a 80 21 10 01 00 00 10 81 h.3&...*.!...... 0070: 06 00 00 00 00 83 06 00 00 00 00 00 0d 00 00 03 ................ 0080: 00 00 0a 00 00 05 00 00 10 00 00 11 00 00 23 00 ..............#. 0090: 00 24 00 12 01 81 25 09 08 69 6e 74 65 72 6e 65 .$....%..interne 00a0: 74 00 79 40 0f 40 00 f1 10 00 12 34 50 10 00 f1 t.y@.@.....4P... 00b0: 10 00 00 64 ...d initiatingMessage: { procedureCode id-UplinkNASTransport, criticality ignore, value { protocolIEs { { id id-AMF-UE-NGAP-ID, criticality reject, value 100 }, { id id-RAN-UE-NGAP-ID, criticality reject, value 1 }, { id id-NAS-PDU, criticality reject, value '7E0239572698037E00....74'H }, { id id-UserLocationInformation, criticality ignore, value userLocationInformationNR: { nR-CGI { pLMNIdentity '00F110'H, nRCellIdentity '001234501'H }, tAI { pLMNIdentity '00F110'H, tAC '000064'H } } } } } } Message: UL NAS transport
Data: 0000: 7e 02 39 57 26 98 03 7e 00 67 01 00 6b 2e 01 55 ~.9W&..~.g..k..U 0010: c1 00 00 93 28 01 00 7b 00 5e 80 c2 23 16 01 00 ....(..{.^..#... 0020: 00 16 10 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 8c ................ 0030: bb 1d 1d 2a c2 23 16 02 00 00 16 10 c6 00 c0 d1 ...*.#.......... 0040: 3b de b9 d7 0b 68 d9 33 26 ec fe fb 2a 80 21 10 ;....h.3&...*.!. 0050: 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00 ................ 0060: 00 0d 00 00 03 00 00 0a 00 00 05 00 00 10 00 00 ................ 0070: 11 00 00 23 00 00 24 00 12 01 81 25 09 08 69 6e ...#..$....%..in 0080: 74 65 72 6e 65 74 ternet Protocol discriminator = 0x7e (5GS Mobility Management) Security header = 0x2 (Integrity protected and ciphered) Auth code = 0x39572698 Sequence number = 0x03 Protocol discriminator = 0x7e (5GS Mobility Management) Security header = 0x0 (Plain 5GS NAS message, not security protected) Message type = 0x67 (UL NAS transport) Payload container type = 1 (N1 SM information) Payload container: Protocol discriminator = 0x2e (5GS Session Management) PDU session identity = 1 Procedure transaction identity = 85 Message type = 0xc1 (PDU session establishment request) Integrity protection maximum data data: Maximum data rate per UE for user-plane integrity protection for uplink = 0x00 (64 kbps) Maximum data rate per UE for user-plane integrity protection for downlink = 0x00 (64 kbps) PDU session type = 0x3 (IPv4v6) 5GSM capability: 0x00 (TPMIC=0, ATSSS-ST=0, EPT-S1=0, MH6-PDU=0, RqoS=0) Extended protocol configuration options: Ext = 1 Configuration protocol = 0 Protocol ID = 0xc223 (CHAP) Data = 01 00 00 16 10 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 2a Protocol ID = 0xc223 (CHAP) Data = 02 00 00 16 10 c6 00 c0 d1 3b de b9 d7 0b 68 d9 33 26 ec fe fb 2a Protocol ID = 0x8021 (IPCP) Data = 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00 Protocol ID = 0x000d (DNS Server IPv4 Address Request) Data = Protocol ID = 0x0003 (DNS Server IPv6 Address Request) Data = Protocol ID = 0x000a (IP address allocation via NAS signalling) Data = Protocol ID = 0x0005 (MS Support of Network Requested Bearer Control indicator) Data = Protocol ID = 0x0010 (IPv4 Link MTU Request) Data = Protocol ID = 0x0011 (MS support of Local address in TFT indicator) Data = Protocol ID = 0x0023 (QoS rules with the length of two octets support indicator) Data = Protocol ID = 0x0024 (QoS flow descriptions with the length of two octets support indicator) Data = PDU session ID = 1 Request type = 0x1 (initial request) DNN = "internet" Message: PDU session establishment request
Data: 0000: 2e 01 55 c1 00 00 93 28 01 00 7b 00 5e 80 c2 23 ..U....(..{.^..# 0010: 16 01 00 00 16 10 8c bb 1d 1d 8c bb 1d 1d 8c bb ................ 0020: 1d 1d 8c bb 1d 1d 2a c2 23 16 02 00 00 16 10 c6 ......*.#....... 0030: 00 c0 d1 3b de b9 d7 0b 68 d9 33 26 ec fe fb 2a ...;....h.3&...* 0040: 80 21 10 01 00 00 10 81 06 00 00 00 00 83 06 00 .!.............. 0050: 00 00 00 00 0d 00 00 03 00 00 0a 00 00 05 00 00 ................ 0060: 10 00 00 11 00 00 23 00 00 24 00 ......#..$. Protocol discriminator = 0x2e (5GS Session Management) PDU session identity = 1 Procedure transaction identity = 85 Message type = 0xc1 (PDU session establishment request) Integrity protection maximum data data: Maximum data rate per UE for user-plane integrity protection for uplink = 0x00 (64 kbps) Maximum data rate per UE for user-plane integrity protection for downlink = 0x00 (64 kbps) PDU session type = 0x3 (IPv4v6) 5GSM capability: 0x00 (TPMIC=0, ATSSS-ST=0, EPT-S1=0, MH6-PDU=0, RqoS=0) Extended protocol configuration options: Ext = 1 Configuration protocol = 0 Protocol ID = 0xc223 (CHAP) Data = 01 00 00 16 10 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 2a Protocol ID = 0xc223 (CHAP) Data = 02 00 00 16 10 c6 00 c0 d1 3b de b9 d7 0b 68 d9 33 26 ec fe fb 2a Protocol ID = 0x8021 (IPCP) Data = 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00 Protocol ID = 0x000d (DNS Server IPv4 Address Request) Data = Protocol ID = 0x0003 (DNS Server IPv6 Address Request) Data = Protocol ID = 0x000a (IP address allocation via NAS signalling) Data = Protocol ID = 0x0005 (MS Support of Network Requested Bearer Control indicator) Data = Protocol ID = 0x0010 (IPv4 Link MTU Request) Data = Protocol ID = 0x0011 (MS support of Local address in TFT indicator) Data = Protocol ID = 0x0023 (QoS rules with the length of two octets support indicator) Data = Protocol ID = 0x0024 (QoS flow descriptions with the length of two octets support indicator) Data = Message: PDU session establishment accept
Data: 0000: 2e 01 55 c2 11 00 09 01 00 06 31 3f 01 01 ff 01 ..U.......1?.... 0010: 06 04 b7 1b 03 f4 24 59 32 29 05 01 c0 a8 03 02 ......$Y2)...... 0020: 22 01 01 75 00 0f 50 00 0c 52 01 01 09 04 06 fe "..u..P..R...... 0030: fe fa fa 0a 02 79 00 09 01 20 42 01 01 09 07 01 .....y... B..... 0040: 50 7b 00 15 80 80 21 0a 03 00 00 0a 81 06 08 08 P{....!......... 0050: 08 08 00 0d 04 08 08 08 08 25 1c 08 69 6e 74 65 .........%..inte 0060: 72 6e 65 74 06 6d 6e 63 30 30 31 06 6d 63 63 30 rnet.mnc001.mcc0 0070: 30 31 04 67 70 72 73 01.gprs Protocol discriminator = 0x2e (5GS Session Management) PDU session identity = 1 Procedure transaction identity = 85 Message type = 0xc2 (PDU session establishment accept) Selected PDU session type = 0x1 (IPv4) Selected SSC mode = 0x1 (1) Authorized QoS rules: QoS rule 1: QoS rule identifier = 1 Rule operation code = 1 (create new QoS rule) DQR = 1 (the QoS rule is the default QoS rule) Number of packet filters = 1 Packet filter identifier = 15 Packet filter direction = 3 (bidirectional) Match-all QoS rule precedence = 255 QFI = 1 Session AMBR: Session-AMBR for downlink = 3000000 kbps Session-AMBR for uplink = 1000000 kbps 5GSM cause = 0x32 (PDU session type IPv4 only allowed) PDU address: SI6LLA = 0 PDU session type = 1 (IPv4) IPv4 = 192.168.3.2 S-NSSAI: Length of S-NSSAI contents = 1 (SST) SST = 0x01 Mapped EPS bearer contexts: Mapped EPS bearer context 1: EPS bearer identity = 5 Operation code = 1 (create new EPS bearer) E = 1 (parameters list is included) Number of EPS parameters = 2 Mapped EPS QoS parameters: QCI = 9 APN-AMBR: APN-AMBR for downlink = 2816000000 bits APN-AMBR for uplink = 768000000 bits Authorized QoS flow descriptions: QoS flow description 1: QFI = 1 Operation code = 1 (create new QoS flow description) E = 1 (parameters list is included) Number of parameters = 2 5QI = 9 EPS bearer identity = 5 Extended protocol configuration options: Ext = 1 Configuration protocol = 0 Protocol ID = 0x8021 (IPCP) Data = 03 00 00 0a 81 06 08 08 08 08 Protocol ID = 0x000d (DNS Server IPv4 Address) Data = 8.8.8.8 DNN = "internet.mnc001.mcc001.gprs" Message: DL NAS transport
Data: 0000: 7e 02 75 b7 5e 84 04 7e 00 68 01 00 77 2e 01 55 ~.u.^..~.h..w..U 0010: c2 11 00 09 01 00 06 31 3f 01 01 ff 01 06 04 b7 .......1?....... 0020: 1b 03 f4 24 59 32 29 05 01 c0 a8 03 02 22 01 01 ...$Y2)......".. 0030: 75 00 0f 50 00 0c 52 01 01 09 04 06 fe fe fa fa u..P..R......... 0040: 0a 02 79 00 09 01 20 42 01 01 09 07 01 50 7b 00 ..y... B.....P{. 0050: 15 80 80 21 0a 03 00 00 0a 81 06 08 08 08 08 00 ...!............ 0060: 0d 04 08 08 08 08 25 1c 08 69 6e 74 65 72 6e 65 ......%..interne 0070: 74 06 6d 6e 63 30 30 31 06 6d 63 63 30 30 31 04 t.mnc001.mcc001. 0080: 67 70 72 73 12 01 gprs.. Protocol discriminator = 0x7e (5GS Mobility Management) Security header = 0x2 (Integrity protected and ciphered) Auth code = 0x75b75e84 Sequence number = 0x04 Protocol discriminator = 0x7e (5GS Mobility Management) Security header = 0x0 (Plain 5GS NAS message, not security protected) Message type = 0x68 (DL NAS transport) Payload container type = 1 (N1 SM information) Payload container: Protocol discriminator = 0x2e (5GS Session Management) PDU session identity = 1 Procedure transaction identity = 85 Message type = 0xc2 (PDU session establishment accept) Selected PDU session type = 0x1 (IPv4) Selected SSC mode = 0x1 (1) Authorized QoS rules: QoS rule 1: QoS rule identifier = 1 Rule operation code = 1 (create new QoS rule) DQR = 1 (the QoS rule is the default QoS rule) Number of packet filters = 1 Packet filter identifier = 15 Packet filter direction = 3 (bidirectional) Match-all QoS rule precedence = 255 QFI = 1 Session AMBR: Session-AMBR for downlink = 3000000 kbps Session-AMBR for uplink = 1000000 kbps 5GSM cause = 0x32 (PDU session type IPv4 only allowed) PDU address: SI6LLA = 0 PDU session type = 1 (IPv4) IPv4 = 192.168.3.2 S-NSSAI: Length of S-NSSAI contents = 1 (SST) SST = 0x01 Mapped EPS bearer contexts: Mapped EPS bearer context 1: EPS bearer identity = 5 Operation code = 1 (create new EPS bearer) E = 1 (parameters list is included) Number of EPS parameters = 2 Mapped EPS QoS parameters: QCI = 9 APN-AMBR: APN-AMBR for downlink = 2816000000 bits APN-AMBR for uplink = 768000000 bits Authorized QoS flow descriptions: QoS flow description 1: QFI = 1 Operation code = 1 (create new QoS flow description) E = 1 (parameters list is included) Number of parameters = 2 5QI = 9 EPS bearer identity = 5 Extended protocol configuration options: Ext = 1 Configuration protocol = 0 Protocol ID = 0x8021 (IPCP) Data = 03 00 00 0a 81 06 08 08 08 08 Protocol ID = 0x000d (DNS Server IPv4 Address) Data = 8.8.8.8 DNN = "internet.mnc001.mcc001.gprs" PDU session ID = 1 Message: 127.0.1.1:33620 PDU session resource setup request
Data: 0000: 00 1d 00 80 df 00 00 04 00 0a 00 02 00 64 00 55 .............d.U 0010: 00 02 00 01 00 4a 00 80 bd 00 40 01 80 86 7e 02 .....J....@...~. 0020: 75 b7 5e 84 04 7e 00 68 01 00 77 2e 01 55 c2 11 u.^..~.h..w..U.. 0030: 00 09 01 00 06 31 3f 01 01 ff 01 06 04 b7 1b 03 .....1?......... 0040: f4 24 59 32 29 05 01 c0 a8 03 02 22 01 01 75 00 .$Y2)......"..u. 0050: 0f 50 00 0c 52 01 01 09 04 06 fe fe fa fa 0a 02 .P..R........... 0060: 79 00 09 01 20 42 01 01 09 07 01 50 7b 00 15 80 y... B.....P{... 0070: 80 21 0a 03 00 00 0a 81 06 08 08 08 08 00 0d 04 .!.............. 0080: 08 08 08 08 25 1c 08 69 6e 74 65 72 6e 65 74 06 ....%..internet. 0090: 6d 6e 63 30 30 31 06 6d 63 63 30 30 31 04 67 70 mnc001.mcc001.gp 00a0: 72 73 12 01 00 20 2f 00 00 04 00 82 00 0a 0c b2 rs... /......... 00b0: d0 5e 00 30 3b 9a ca 00 00 8b 00 0a 01 f0 7f 00 .^.0;........... 00c0: 01 64 59 ef 73 10 00 86 00 01 00 00 88 00 07 01 .dY.s........... 00d0: 01 00 00 09 38 0a 00 6e 40 0a 0c b2 d0 5e 00 30 ....8..n@....^.0 00e0: 3b 9a ca 00 ;... initiatingMessage: { procedureCode id-PDUSessionResourceSetup, criticality reject, value { protocolIEs { { id id-AMF-UE-NGAP-ID, criticality reject, value 100 }, { id id-RAN-UE-NGAP-ID, criticality reject, value 1 }, { id id-PDUSessionResourceSetupListSUReq, criticality reject, value { { pDUSessionID 1, pDUSessionNAS-PDU '7E0275B75E84047E00680100772...1201'H, s-NSSAI { sST '01'H }, pDUSessionResourceSetupRequestTransfer { protocolIEs { { id id-PDUSessionAggregateMaximumBitRate, criticality reject, value { pDUSessionAggregateMaximumBitRateDL 3000000000, pDUSessionAggregateMaximumBitRateUL 1000000000 } }, { id id-UL-NGU-UP-TNLInformation, criticality reject, value gTPTunnel: { transportLayerAddress '7F000164'H, gTP-TEID '59EF7310'H } }, { id id-PDUSessionType, criticality reject, value ipv4 }, { id id-QosFlowSetupRequestList, criticality reject, value { { qosFlowIdentifier 1, qosFlowLevelQosParameters { qosCharacteristics nonDynamic5QI: { fiveQI 9 }, allocationAndRetentionPriority { priorityLevelARP 15, pre-emptionCapability shall-not-trigger-pre-emption, pre-emptionVulnerability not-pre-emptable } }, e-RAB-ID 5 } } } } } } } }, { id id-UEAggregateMaximumBitRate, criticality ignore, value { uEAggregateMaximumBitRateDL 3000000000, uEAggregateMaximumBitRateUL 1000000000 } } } } } Message: UL NAS transport
Data: 0000: 7e 02 39 57 26 98 03 7e 00 67 01 00 6b 2e 01 55 ~.9W&..~.g..k..U 0010: c1 00 00 93 28 01 00 7b 00 5e 80 c2 23 16 01 00 ....(..{.^..#... 0020: 00 16 10 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 8c ................ 0030: bb 1d 1d 2a c2 23 16 02 00 00 16 10 c6 00 c0 d1 ...*.#.......... 0040: 3b de b9 d7 0b 68 d9 33 26 ec fe fb 2a 80 21 10 ;....h.3&...*.!. 0050: 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00 ................ 0060: 00 0d 00 00 03 00 00 0a 00 00 05 00 00 10 00 00 ................ 0070: 11 00 00 23 00 00 24 00 12 01 81 25 09 08 69 6e ...#..$....%..in 0080: 74 65 72 6e 65 74 ternet Protocol discriminator = 0x7e (5GS Mobility Management) Security header = 0x2 (Integrity protected and ciphered) Auth code = 0x39572698 Sequence number = 0x03 Protocol discriminator = 0x7e (5GS Mobility Management) Security header = 0x0 (Plain 5GS NAS message, not security protected) Message type = 0x67 (UL NAS transport) Payload container type = 1 (N1 SM information) Payload container: Protocol discriminator = 0x2e (5GS Session Management) PDU session identity = 1 Procedure transaction identity = 85 Message type = 0xc1 (PDU session establishment request) Integrity protection maximum data data: Maximum data rate per UE for user-plane integrity protection for uplink = 0x00 (64 kbps) Maximum data rate per UE for user-plane integrity protection for downlink = 0x00 (64 kbps) PDU session type = 0x3 (IPv4v6) 5GSM capability: 0x00 (TPMIC=0, ATSSS-ST=0, EPT-S1=0, MH6-PDU=0, RqoS=0) Extended protocol configuration options: Ext = 1 Configuration protocol = 0 Protocol ID = 0xc223 (CHAP) Data = 01 00 00 16 10 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 2a Protocol ID = 0xc223 (CHAP) Data = 02 00 00 16 10 c6 00 c0 d1 3b de b9 d7 0b 68 d9 33 26 ec fe fb 2a Protocol ID = 0x8021 (IPCP) Data = 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00 Protocol ID = 0x000d (DNS Server IPv4 Address Request) Data = Protocol ID = 0x0003 (DNS Server IPv6 Address Request) Data = Protocol ID = 0x000a (IP address allocation via NAS signalling) Data = Protocol ID = 0x0005 (MS Support of Network Requested Bearer Control indicator) Data = Protocol ID = 0x0010 (IPv4 Link MTU Request) Data = Protocol ID = 0x0011 (MS support of Local address in TFT indicator) Data = Protocol ID = 0x0023 (QoS rules with the length of two octets support indicator) Data = Protocol ID = 0x0024 (QoS flow descriptions with the length of two octets support indicator) Data = PDU session ID = 1 Request type = 0x1 (initial request) DNN = "internet" Message: 127.0.1.100:38412 Uplink NAS transport
Data: 0000: 00 2e 40 80 af 00 00 04 00 0a 00 02 00 64 00 55 ..@..........d.U 0010: 00 02 00 01 00 26 00 80 88 80 86 7e 02 39 57 26 .....&.....~.9W& 0020: 98 03 7e 00 67 01 00 6b 2e 01 55 c1 00 00 93 28 ..~.g..k..U....( 0030: 01 00 7b 00 5e 80 c2 23 16 01 00 00 16 10 8c bb ..{.^..#........ 0040: 1d 1d 8c bb 1d 1d 8c bb 1d 1d 8c bb 1d 1d 2a c2 ..............*. 0050: 23 16 02 00 00 16 10 c6 00 c0 d1 3b de b9 d7 0b #..........;.... 0060: 68 d9 33 26 ec fe fb 2a 80 21 10 01 00 00 10 81 h.3&...*.!...... 0070: 06 00 00 00 00 83 06 00 00 00 00 00 0d 00 00 03 ................ 0080: 00 00 0a 00 00 05 00 00 10 00 00 11 00 00 23 00 ..............#. 0090: 00 24 00 12 01 81 25 09 08 69 6e 74 65 72 6e 65 .$....%..interne 00a0: 74 00 79 40 0f 40 00 f1 10 00 12 34 50 10 00 f1 t.y@.@.....4P... 00b0: 10 00 00 64 ...d initiatingMessage: { procedureCode id-UplinkNASTransport, criticality ignore, value { protocolIEs { { id id-AMF-UE-NGAP-ID, criticality reject, value 100 }, { id id-RAN-UE-NGAP-ID, criticality reject, value 1 }, { id id-NAS-PDU, criticality reject, value '7E0239572698037E00670...574'H }, { id id-UserLocationInformation, criticality ignore, value userLocationInformationNR: { nR-CGI { pLMNIdentity '00F110'H, nRCellIdentity '001234501'H }, tAI { pLMNIdentity '00F110'H, tAC '000064'H } } } } } } Message: 127.0.1.1:33620 PDU session resource setup response
Data: 0000: 20 1d 00 24 00 00 03 00 0a 40 02 00 64 00 55 40 ..$.....@..d.U@ 0010: 02 00 01 00 4b 40 11 00 00 01 0d 00 03 e0 7f 00 ....K@.......... 0020: 01 01 5c 9a 65 8c 00 01 ..\.e... successfulOutcome: { procedureCode id-PDUSessionResourceSetup, criticality reject, value { protocolIEs { { id id-AMF-UE-NGAP-ID, criticality ignore, value 100 }, { id id-RAN-UE-NGAP-ID, criticality ignore, value 1 }, { id id-PDUSessionResourceSetupListSURes, criticality ignore, value { { pDUSessionID 1, pDUSessionResourceSetupResponseTransfer { dLQosFlowPerTNLInformation { uPTransportLayerInformation gTPTunnel: { transportLayerAddress '7F000101'H, gTP-TEID '5C9A658C'H }, associatedQosFlowList { { qosFlowIdentifier 1 } } } } } } } } } } Message: 127.0.1.1:2152 G-PDU TEID=0x59ef7310 QFI=1 SDU_len=60: IP/UDP 192.168.3.2:58701 > 8.8.8.8:53
Data: 0000: 34 ff 00 44 59 ef 73 10 00 00 00 85 01 10 01 00 4..DY.s......... 0010: 45 00 00 3c f3 c0 40 00 40 11 73 36 c0 a8 03 02 E..<..@.@.s6.... ... Message: 127.0.1.1:2152 G-PDU TEID=0x5c9a658c QFI=1 SDU_len=76: IP/UDP 8.8.8.8:53 > 192.168.3.2:58701
Data: 0000: 34 ff 00 54 5c 9a 65 8c 00 00 00 85 01 00 01 00 4..T\.e......... 0010: 45 00 00 4c 6d cc 00 00 77 11 02 1b 08 08 08 08 E..Lm...w....... ... Examples :In this section, the focus is on illustrating a real-life situation where a GTP tunnel, often referred to as a GTP pipe, is established within a mobile network. The intention is to demonstrate how the setup process enables a continuous path for user data, starting from the UE and passing through the gNB, AMF, SMF, and UPF, before reaching external data networks. By using this examples, the key benefit is that it makes the otherwise abstract concept of GTP tunneling concrete and observable
This example is from my test setup with Amarisoft Callbox. Usually it is running gNB and MME on the same PC (Callbox PC), but it has flexible architecture to allow the eNB/gNB to get connected to MME installed on another PC as shown below or even to any MME(e.g,live network MME) that support standard S1 or NG interface. In this example, we look at a practical case where a mobile phone, acting as the UE, performs a simple DNS query to Google’s public DNS server at 8.8.8.8 while connected over a 5G cellular link. Although the user sees only the request going out from the phone, inside the mobile core network a series of mechanisms ensure that the packet is properly transported. The gNB and the MME PC are both involved in this process, handling NAT and encapsulating the traffic using GTP tunneling. A Wireshark capture taken at the MME PC reveals how the DNS query and response are carried within GTP packets across the core, showing both uplink and downlink flows as they traverse the tunnel. This example provides a concrete view of how GTP pipes operate in a live data flow scenario, making it easier to understand how ordinary user traffic such as DNS resolution is encapsulated, transported, and delivered through the mobile network infrastructure. By using this example, the key benefit is that it makes the otherwise abstract concept of GTP tunneling concrete and observable. Instead of only discussing signaling flows in theory, the DNS query scenario shows exactly how user data is encapsulated and transported along the GTP pipe, step by step, across the different nodes of the mobile core. This provides practical visibility into how TEIDs are assigned and used, how packets are carried inside tunnels, and how NAT and encapsulation work together to deliver traffic reliably. For engineers, this kind of trace not only builds intuition about the interaction between control-plane signaling and user-plane forwarding but also serves as a useful troubleshooting and validation tool, since it connects the signaling diagrams with real packet captures. Ultimately, it bridges the gap between theoretical architecture and hands-on operation, demonstrating the end-to-end role of GTP in enabling everyday services like DNS resolution.
The situation is that UE(192.168.3.2) perform DNS enquiry to google DNS Sever(8.8.8.8). In this situation, on gNB and MME both NAT(Network Address Translation) and GTP tunneing happens on both gNB PC and MME PC. Following is the Wireshark log captured on MME PC. (NOTE : Since this log is captured on MME PC, it does not show exactly what's happening in gNB PC, but you may easily guess about the gNB PC procedure from this example)
The traffic between gNB and MME can be illustrated as below. Step (1) and Step (8) belong to this type of traffic.
The traffic between MME and Google DNS Server can be illustrated as below. Step (2) and Step (7) belong to this type of traffic.
Internet Protocol Version 4, Src: 10.0.0.185, Dst: 10.0.0.162 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 104 Identification: 0x6736 (26422) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 64 Protocol: UDP (17) Header Checksum: 0xbdf4 [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.0.185 Destination Address: 10.0.0.162 User Datagram Protocol, Src Port: 2152, Dst Port: 2152 Source Port: 2152 Destination Port: 2152 Length: 84 Checksum: 0xc92b [unverified] [Checksum Status: Unverified] [Stream index: 19] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (76 bytes) GPRS Tunneling Protocol Flags: 0x34 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .1.. = Is Next Extension Header present?: Yes .... ..0. = Is Sequence Number present?: No .... ...0 = Is N-PDU number present?: No Message Type: T-PDU (0xff) Length: 68 TEID: 0x4f485cc3 (1330142403) Next extension header type: PDU Session container (0x85) Extension header (PDU Session container) Extension Header Length: 1 PDU Session Container 0001 .... = PDU Type: UL PDU SESSION INFORMATION (1) .... 0000 = Spare: 0x0 00.. .... = Spare: 0x0 ..00 0001 = QoS Flow Identifier (QFI): 1 Next extension header type: No more extension headers (0x00) Internet Protocol Version 4, Src: 192.168.3.2, Dst: 8.8.8.8 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60 Identification: 0x3663 (13923) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 64 Protocol: UDP (17) Header Checksum: 0x3094 [validation disabled] [Header checksum status: Unverified] Source Address: 192.168.3.2 Destination Address: 8.8.8.8 User Datagram Protocol, Src Port: 45843, Dst Port: 53 Source Port: 45843 Destination Port: 53 Length: 40 Checksum: 0x397b [unverified] [Checksum Status: Unverified] [Stream index: 20] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (32 bytes) Domain Name System (query) Transaction ID: 0xb078 Flags: 0x0100 Standard query 0... .... .... .... = Response: Message is a query .000 0... .... .... = Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... .0.. .... = Z: reserved (0) .... .... ...0 .... = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) [Response In: 939] Internet Protocol Version 4, Src: 10.0.0.162, Dst: 8.8.8.8 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60 Identification: 0x3663 (13923) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 63 Protocol: UDP (17) Header Checksum: 0xea9c [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.0.162 Destination Address: 8.8.8.8 User Datagram Protocol, Src Port: 45843, Dst Port: 53 Source Port: 45843 Destination Port: 53 Length: 40 Checksum: 0xf283 [unverified] [Checksum Status: Unverified] [Stream index: 21] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (32 bytes) Domain Name System (query) Transaction ID: 0xb078 Flags: 0x0100 Standard query 0... .... .... .... = Response: Message is a query .000 0... .... .... = Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... .0.. .... = Z: reserved (0) .... .... ...0 .... = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) [Response In: 938] Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.0.0.162 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 76 Identification: 0x1b01 (6913) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 122 Protocol: UDP (17) Header Checksum: 0x0aef [validation disabled] [Header checksum status: Unverified] Source Address: 8.8.8.8 Destination Address: 10.0.0.162 User Datagram Protocol, Src Port: 53, Dst Port: 45843 Source Port: 53 Destination Port: 45843 Length: 56 Checksum: 0x03c6 [unverified] [Checksum Status: Unverified] [Stream index: 21] [Timestamps] [Time since first frame: 0.011497757 seconds] [Time since previous frame: 0.011497757 seconds] UDP payload (48 bytes) Domain Name System (response) Transaction ID: 0xb078 Flags: 0x8180 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Answers www.google.com: type A, class IN, addr 172.217.1.4 Name: www.google.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 44 (44 seconds) Data length: 4 Address: 172.217.1.4 [Request In: 933] [Time: 0.011497757 seconds] Internet Protocol Version 4, Src: 10.0.0.162, Dst: 10.0.0.185 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 120 Identification: 0x93c4 (37828) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 64 Protocol: UDP (17) Header Checksum: 0x9156 [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.0.162 Destination Address: 10.0.0.185 User Datagram Protocol, Src Port: 2152, Dst Port: 2152 Source Port: 2152 Destination Port: 2152 Length: 100 Checksum: 0x15d0 [unverified] [Checksum Status: Unverified] [Stream index: 19] [Timestamps] [Time since first frame: 0.012275971 seconds] [Time since previous frame: 0.011631151 seconds] UDP payload (92 bytes) GPRS Tunneling Protocol Flags: 0x34 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .1.. = Is Next Extension Header present?: Yes .... ..0. = Is Sequence Number present?: No .... ...0 = Is N-PDU number present?: No Message Type: T-PDU (0xff) Length: 84 TEID: 0xa968d0db (2842218715) Next extension header type: PDU Session container (0x85) Extension header (PDU Session container) Extension Header Length: 1 PDU Session Container 0000 .... = PDU Type: DL PDU SESSION INFORMATION (0) .... 0000 = Spare: 0x0 0... .... = Paging Policy Presence (PPP): Not Present .0.. .... = Reflective QoS Indicator (RQI): Not Present ..00 0001 = QoS Flow Identifier (QFI): 1 Next extension header type: No more extension headers (0x00) Internet Protocol Version 4, Src: 8.8.8.8, Dst: 192.168.3.2 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 76 Identification: 0x1b01 (6913) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 121 Protocol: UDP (17) Header Checksum: 0x52e6 [validation disabled] [Header checksum status: Unverified] Source Address: 8.8.8.8 Destination Address: 192.168.3.2 User Datagram Protocol, Src Port: 53, Dst Port: 45843 Source Port: 53 Destination Port: 45843 Length: 56 Checksum: 0x4abd [unverified] [Checksum Status: Unverified] [Stream index: 20] [Timestamps] [Time since first frame: 0.012275971 seconds] [Time since previous frame: 0.012275971 seconds] UDP payload (48 bytes) Domain Name System (response) Transaction ID: 0xb078 Flags: 0x8180 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Answers www.google.com: type A, class IN, addr 172.217.1.4 Name: www.google.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 44 (44 seconds) Data length: 4 Address: 172.217.1.4 [Request In: 932] [Time: 0.012275971 seconds]
|
||
