Open RAN - free5gc

Run

As in the case of Installation, excution and test procedure was not complete. At least, GTP / SCTP setup worked and the initial connection with gNB worked OK, but handling NAS message (even the first NAS message) failed.

Nevertheless, I decided to write some note about this before I forget what I have done. It will be very appreciated if there is anybody who can help me with some problems that I faces. You may email me or send me message via my linkedIn.

PDU Session Establishment

Before you Run

Since 5GC is connected to RAN via gtp and sctp as explained in these notes (GTP, SCTP, NGAP), gtp5g and sctp driver should be properly installed and activated.

You can check if gtp5g driver is activated as follows. You would see this without running free5gc if the installation is properly done.

In the same way, you can check if sctp driver is activated.. but you would see this result only after you run free5gc.

TestSetup

The test setup that I used is as shown below. I used Amari callbox as gNB connecting to free5GC.

NOTE : At first I tried with a commercial mobile phone, but soon I noticed that free5gc support milenage authentication algorithm only (not supporting 3gpp XOR algorithm). Since I don't have any test USIM with milenage algorithm, I used Amarisoft UEsimulator where I can configure USIM parameters as I want.

Network Adaptor setting for the virtual box is set as follows.

route setting on Ubuntu Server in the virtual box is as follows.

Configuration

Since this is for testing the initial part of 5GC activity, I only set the configuration in AMF part (amfcfg.yaml) as shown below.

Following is the contents of amfcfg.yaml and the red part is what I have changed from the original configuration. It is import to get not only plmn but aslo tac to match between gNB(Amari Callbox) and amf(free5gc) configuration.

amfcfg.yaml

info:

version: 1.0.2

description: AMF initial local configuration

configuration:

amfName: AMF # the name of this AMF

ngapIpList: # the IP list of N2 interfaces on this AMF

- 10.0.0.230

sbi: # Service-based interface information

scheme: http # the protocol for sbi (http or https)

registerIPv4: 10.0.0.230

bindingIPv4: 10.0.0.230

port: 8000

serviceNameList: # the SBI services provided by this AMF, refer to TS 29.518

- namf-comm # Namf_Communication service

- namf-evts # Namf_EventExposure service

- namf-mt # Namf_MT service

- namf-loc # Namf_Location service

- namf-oam # OAM service

servedGuamiList: # Guami (Globally Unique AMF ID) list supported by this AMF

# <GUAMI> = <MCC><MNC><AMF ID>

- plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>

mcc: 001 # Mobile Country Code (3 digits string, digit: 0~9)

mnc: 01 # Mobile Network Code (2 or 3 digits string, digit: 0~9)

amfId: cafe00 # AMF identifier (3 bytes hex string, range: 000000~FFFFFF)

supportTaiList: # the TAI (Tracking Area Identifier) list supported by this AMF

- plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>

mcc: 001 # Mobile Country Code (3 digits string, digit: 0~9)

mnc: 01 # Mobile Network Code (2 or 3 digits string, digit: 0~9)

tac: 100 # Tracking Area Code (uinteger, range: 0~16777215)

plmnSupportList: # the PLMNs (Public land mobile network) list supported by this AMF

- plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>

mcc: 001 # Mobile Country Code (3 digits string, digit: 0~9)

mnc: 01 # Mobile Network Code (2 or 3 digits string, digit: 0~9)

snssaiList: # the S-NSSAI (Single Network Slice Selection Assistance Information) list supported by this AMF

- sst: 1 # Slice/Service Type (uinteger, range: 0~255)

sd: 010203 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)

- sst: 1 # Slice/Service Type (uinteger, range: 0~255)

sd: 112233 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)

supportDnnList: # the DNN (Data Network Name) list supported by this AMF

- internet

nrfUri: http://127.0.0.10:8000 # a valid URI of NRF

security: # NAS security parameters

integrityOrder: # the priority of integrity algorithms

- NIA2

# - NIA0

cipheringOrder: # the priority of ciphering algorithms

- NEA0

# - NEA2

networkName: # the name of this core network

full: free5GC

short: free

locality: area1 # Name of the location where a set of AMF, SMF and UPFs are located

networkFeatureSupport5GS: # 5gs Network Feature Support IE, refer to TS 24.501

enable: true # append this IE in Registration accept or not

imsVoPS: 0 # IMS voice over PS session indicator (uinteger, range: 0~1)

emc: 0 # Emergency service support indicator for 3GPP access (uinteger, range: 0~3)

emf: 0 # Emergency service fallback indicator for 3GPP access (uinteger, range: 0~3)

iwkN26: 0 # Interworking without N26 interface indicator (uinteger, range: 0~1)

mpsi: 0 # MPS indicator (uinteger, range: 0~1)

emcN3: 0 # Emergency service support indicator for Non-3GPP access (uinteger, range: 0~1)

mcsi: 0 # MCS indicator (uinteger, range: 0~1)

t3502Value: 720 # timer value (seconds) at UE side

t3512Value: 3600 # timer value (seconds) at UE side

non3gppDeregistrationTimerValue: 3240 # timer value (seconds) at UE side

# retransmission timer for paging message

t3513:

enable: true # true or false

expireTime: 6s # default is 6 seconds

maxRetryTimes: 4 # the max number of retransmission

# retransmission timer for NAS Deregistration Request message

t3522:

enable: true # true or false

expireTime: 6s # default is 6 seconds

maxRetryTimes: 4 # the max number of retransmission

# retransmission timer for NAS Registration Accept message

t3550:

enable: true # true or false

expireTime: 6s # default is 6 seconds

maxRetryTimes: 4 # the max number of retransmission

# retransmission timer for NAS Authentication Request/Security Mode Command message

t3560:

enable: true # true or false

expireTime: 6s # default is 6 seconds

maxRetryTimes: 4 # the max number of retransmission

# retransmission timer for NAS Notification message

t3565:

enable: true # true or false

expireTime: 6s # default is 6 seconds

maxRetryTimes: 4 # the max number of retransmission

# retransmission timer for NAS Identity Request message

t3570:

enable: true # true or false

expireTime: 6s # default is 6 seconds

maxRetryTimes: 4 # the max number of retransmission

In the hope of resolving the problem that I am facing, I changed ausfcfg.yaml as below, but still no luck.

ausfcfg.yaml

info:

version: 1.0.0

description: AUSF initial local configuration

configuration:

sbi: # Service-based interface information

scheme: http # the protocol for sbi (http or https)

registerIPv4: 127.0.0.9 # IP used to register to NRF

bindingIPv4: 127.0.0.9 # IP used to bind the service

port: 8000 # Port used to bind the service

serviceNameList: # the SBI services provided by this AUSF, refer to TS 29.509

- nausf-auth # Nausf_UEAuthentication service

nrfUri: http://127.0.0.10:8000 # a valid URI of NRF

plmnSupportList: # the PLMNs (Public Land Mobile Network) list supported by this AUSF

- mcc: 001 # Mobile Country Code (3 digits string, digit: 0~9)

mnc: 01 # Mobile Network Code (2 or 3 digits string, digit: 0~9)

- mcc: 123 # Mobile Country Code (3 digits string, digit: 0~9)

mnc: 45 # Mobile Network Code (2 or 3 digits string, digit: 0~9)

groupId: ausfGroup001 # ID for the group of the AUSF

eapAkaSupiImsiPrefix: false # including "imsi-" prefix or not when using the SUPI to do EAP-AKA' authentication

Run Script

To run the free5gc, I used the run.sh which run multiple components of the core simultaneously.

Following is the contents of run.sh. You may edit to parameter NF_LIST to specify which components you want to run.

run.sh

#!/usr/bin/env bash

PID_LIST=()

sudo -E ./NFs/upf/build/bin/free5gc-upfd -c ./config/upfcfg.yaml -l ./log/nf/upf.log -g ./log/free5gc.log &

PID_LIST+=($!)

sleep 1

NF_LIST="nrf amf smf udr pcf udm nssf ausf"

export GIN_MODE=release

for NF in ${NF_LIST}; do

./bin/${NF} &

PID_LIST+=($!)

sleep 0.1

done

sudo ./bin/n3iwf &

SUDO_N3IWF_PID=$!

sleep 1

N3IWF_PID=$(pgrep -P $SUDO_N3IWF_PID)

PID_LIST+=($SUDO_N3IWF_PID $N3IWF_PID)

function terminate()

{

sudo kill -SIGTERM ${PID_LIST[${#PID_LIST[@]}-2]} ${PID_LIST[${#PID_LIST[@]}-1]}

sleep 2

}

trap terminate SIGINT

wait ${PID_LIST}

Run

Run the 5G Core with the script as shown below.

Initial AMF Activation

Initial part (AMF activation) goes without any problem as shown below.

From this point, I am getting several pages of error message something like below. I don't know exactly what is the root cause of the problem. (NOTE : I don't see this error any more after the mongodb installation problem was fixed)

NG Setup

When I activate gNB and gNB get connected to AMF in 5GC, I get prints as shown below. Actually pretty complicated process should proceed in the background for this. Refer to these notes (GTP, SCTP, NGAP) if you are interested in further details.

Handle Registration Request

When I power on UE and UE send RegistrationRequest, I see following prints but getting problems at this point as shown below.

Following is the logs that I am getting from Amari Callbox. Line (1),(2),(3),(4) is the initial connection process between gNB and 5GC as explained in these notes (GTP, SCTP, NGAP). I see UE send RegistrationRequest at (5), but this has not been processed by 5GC.

[3] NG Setup Request

Message: 10.0.0.230:38412 NG setup request

Data:

initiatingMessage: {

procedureCode id-NGSetup,

criticality reject,

value {

protocolIEs {

{

id id-GlobalRANNodeID,

criticality reject,

value globalGNB-ID: {

pLMNIdentity '00F110'H,

gNB-ID gNB-ID: '0012345'H

}

{

id id-RANNodeName,

criticality ignore,

value "gnb0012345"

{

id id-SupportedTAList,

criticality reject,

value {

{

tAC '000064'H,

broadcastPLMNList {

{

pLMNIdentity '00F110'H,

tAISliceSupportList {

{

s-NSSAI {

sST '01'H

}

{

id id-DefaultPagingDRX,

criticality ignore,

value v128

}

[4] NG Setup Response

Message: 10.0.0.230:38412 NG setup response

Data:

successfulOutcome: {

procedureCode id-NGSetup,

criticality reject,

value {

protocolIEs {

{

id id-AMFName,

criticality reject,

value "AMF"

{

id id-ServedGUAMIList,

criticality reject,

value {

{

gUAMI {

pLMNIdentity '00F110'H,

aMFRegionID 'CA'H,

aMFSetID '1111111000'B,

aMFPointer '000000'B

}

{

id id-RelativeAMFCapacity,

criticality ignore,

value 255

{

id id-PLMNSupportList,

criticality reject,

value {

{

pLMNIdentity '00F110'H,

sliceSupportList {

{

s-NSSAI {

sST '01'H,

sD '010203'H

}

{

s-NSSAI {

sST '01'H,

sD '112233'H

}

< 1 st Troubleshoot >

After mongdodb installation problem is fixed, the procedure went a few step further but the registration request got rejected as follows.

[5] Registration Request

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x1 (Integrity protected)

Auth code = 0xf4365440

Sequence number = 0x0d

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x41 (Registration request)

5GS registration type:

Follow-on request bit = 1

Value = 1 (initial registration)

ngKSI:

TSC = 0

NAS key set identifier = 0

5GS mobile identity:

5G-GUTI

MCC = 001

MNC = 01

AMF Region ID = 128

AMF Set ID = 4

AMF Pointer = 1

5G-TMSI = 0xee2ceef7

UE security capability:

0xf0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=1, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)

0x70 (5G-IA0=0, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=1, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)

0xf0 (EEA0=1, 128-EEA1=1, 128-EEA2=1, 128-EEA3=1, EEA4=0, EEA5=0, EEA6=0, EEA7=0)

0x70 (EIA0=0, 128-EIA1=1, 128-EIA2=1, 128-EIA3=1, EIA4=0, EIA5=0, EIA6=0, EIA7=0)

NAS message container:

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x41 (Registration request)

5GS registration type:

Follow-on request bit = 1

Value = 1 (initial registration)

ngKSI:

TSC = 0

NAS key set identifier = 0

5GS mobile identity:

5G-GUTI

MCC = 001

MNC = 01

AMF Region ID = 128

AMF Set ID = 4

AMF Pointer = 1

5G-TMSI = 0xee2ceef7

5GMM capability:

0x03 (SGC=0, 5G-IPHC-CP CIoT=0, N3 data=0, 5G-CP CIoT=0, RestrictEC=0, LPP=0, HO attach=1, S1 mode=1)

UE security capability:

0xf0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=1, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)

0x70 (5G-IA0=0, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=1, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)

0xf0 (EEA0=1, 128-EEA1=1, 128-EEA2=1, 128-EEA3=1, EEA4=0, EEA5=0, EEA6=0, EEA7=0)

0x70 (EIA0=0, 128-EIA1=1, 128-EIA2=1, 128-EIA3=1, EIA4=0, EIA5=0, EIA6=0, EIA7=0)

Requested NSSAI:

S-NSSAI

Length of S-NSSAI contents = 1 (SST)

SST = 0x01

Last visited registered TAI:

MCC = 001

MNC = 01

TAC = 0x000064

S1 UE network capability:

0xf0 (EEA0=1, 128-EEA1=1, 128-EEA2=1, 128-EEA3=1, EEA4=0, EEA5=0, EEA6=0, EEA7=0)

0x70 (EIA0=0, 128-EIA1=1, 128-EIA2=1, 128-EIA3=1, EIA4=0, EIA5=0, EIA6=0, EIA7=0)

0xc0 (UEA0=1, UEA1=1, UEA2=0, UEA3=0, UEA4=0, UEA5=0, UEA6=0, UEA7=0)

0x40 (UCS2=0, UIA1=1, UIA2=0, UIA3=0, UIA4=0, UIA5=0, UIA6=0, UIA7=0)

0x19 (ProSe-dd=0, ProSe=0, H.245-ASH=0, ACC-CSFB=1, LPP=1, LCS=0, 1xSRVCC=0, NF=1)

0x80 (ePCO=1, HC-CP CIoT=0, ERw/oPDN=0, S1-U data=0, UP CIoT=0, CP CIoT=0, ProSe-relay=0, ProSe-dc=0)

0xb0 (15 bearers=1, SGC=0, N1mode=1, DCNR=1, CP backoff=0, RestrictEC=0, V2X PC5=0, multipleDRB=0)

UE's usage setting = 0x01 (Data centric)

LADN indication:

Length = 0

Data =

Network slicing indication = 0x00 (DCNI=0, NSSCI=0)

5GS update type = 0x01 (EPS-PNB-CIoT=no additional information, 5GS-PNB-CIoT=no additional information, NG-RAN-RCU=0, SMS requested=1)

[6] Initial UE Messages

Message: 10.0.0.230:38412 Initial UE message

initiatingMessage: {

procedureCode id-InitialUEMessage,

criticality ignore,

value {

protocolIEs {

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E01F43654400D7E004109000BF200F.....'H

{

id id-UserLocationInformation,

criticality reject,

value userLocationInformationNR: {

nR-CGI {

pLMNIdentity '00F110'H,

nRCellIdentity '001234501'H

tAI {

pLMNIdentity '00F110'H,

tAC '000064'H

}

{

id id-RRCEstablishmentCause,

criticality ignore,

value mo-Signalling

{

id id-UEContextRequest,

criticality ignore,

value requested

}

[7] Downlink NAS Transport

Message: 10.0.0.230:38412 Downlink NAS transport

Data:

initiatingMessage: {

procedureCode id-DownlinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E004409'H

}

[8] Registration Reject

Message: Registration reject

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x44 (Registration reject)

5GMM cause = 0x09 (UE identity cannot be derived by the network)

< 2nd Troubleshooting >

Again with the help of Chlosta, Merlin, I learned that free5gc does not allow the registration with TMSI.

==> This behavior of free5gc does not seems to be correct. Chlosta raised a PR for this on Feb 24 2022.

The UE that I used(OnePLUS) was trying to register with TMSI and I didn't know how to get the UE to register with IMSI. So I used Amari UEsim as a DUT. It registered with IMSI and free5gc didn't rejected the initial Registration Request, but it reached another point of error as shown below.

< 3rd Trougleshooting >

It looks obvious that this error comes from the missing UE information (SIM parameter etc) and I didn't know how to add UE information to free5gc. Again, with the help of Chlosta, Merlin, I learned that I should add UE information with webconsole.

First added the Subcribers to free5gc in webconsole as shown below. I put only those parameters as shown below and all the others remain as default without any change. The goal at this step is only to pass authentication step and did not focus much on the steps afterwards. Of course, you need to configure same settings on UE side SIM (In my case, I configured the same in Amari UEsim configuration file).

Then tested again and it reaches to following point. Obviously it passed authentication and you would see some DNN / Network slice related problems which will be described in next setion. The full log from free5gc is here.

I collected the log from Amari Callbox (gNB) as shown below.

[5] Registration request

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x41 (Registration request)

5GS registration type:

Follow-on request bit = 1

Value = 1 (initial registration)

ngKSI:

TSC = 0

NAS key set identifier = 7

5GS mobile identity:

SUCI

SUPI format = 0 (IMSI)

MCC = 001

MNC = 01

Routing indicator = 0

Protection sheme id = 0 (Null scheme)

Home network public key identifier = 0

MSIN = 0000000001

UE security capability:

0xe0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=0, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)

0xe0 (5G-IA0=1, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=0, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)

[6] Initial UE message

initiatingMessage: {

procedureCode id-InitialUEMessage,

criticality ignore,

value {

protocolIEs {

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E004179000D0100F110F0FF000000000000102E02E0E0'H

{

id id-UserLocationInformation,

criticality reject,

value userLocationInformationNR: {

nR-CGI {

pLMNIdentity '00F110'H,

nRCellIdentity '001234501'H

tAI {

pLMNIdentity '00F110'H,

tAC '000064'H

}

{

id id-RRCEstablishmentCause,

criticality ignore,

value mo-Signalling

{

id id-UEContextRequest,

criticality ignore,

value requested

}

[7] Downlink NAS transport

initiatingMessage: {

procedureCode id-DownlinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E005600020000217080C76C04D9B6BD7134BC81F67DF.....'H

}

[8] Authentication request

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x56 (Authentication request)

ngKSI:

TSC = 0

NAS key set identifier = 0

ABBA:

Length = 2

Data = 00 00

Authentication parameter RAND:

Data = 70 80 c7 6c 04 d9 b6 bd 71 34 bc 81 f6 7d f5 6e

Authentication parameter AUTN:

Length = 16

Data = 1d d0 86 ca 6d eb 80 00 fd af d9 b0 31 57 9f 54

[9] Authentication response

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x57 (Authentication response)

Authentication response parameter:

Length = 16

Data = 0e 17 9d 79 f8 da 44 93 f1 4f 02 a8 f7 b6 77 82

[10] Uplink NAS transport

initiatingMessage: {

procedureCode id-UplinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E00572D100E179D79F8DA4493F14F02A8F7B67782'H

{

id id-UserLocationInformation,

criticality ignore,

value userLocationInformationNR: {

nR-CGI {

pLMNIdentity '00F110'H,

nRCellIdentity '001234501'H

tAI {

pLMNIdentity '00F110'H,

tAC '000064'H

}

[11] Downlink NAS transport

initiatingMessage: {

procedureCode id-DownlinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E036BC9DC66007E005D020002E0E0E1360100'H

}

[12] Security mode command

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x3 (Integrity protected with new 5G NAS security context)

Auth code = 0x6bc9dc66

Sequence number = 0x00

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x5d (Security mode command)

Selected NAS security algorithms = 0x02 (5G-EA0, 5G-IA2)

ngKSI:

TSC = 0

NAS key set identifier = 0

Replayed UE security capabilities:

0xe0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=0, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)

0xe0 (5G-IA0=1, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=0, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)

IMEISV request = 1

Additional 5G security information = 0x00 (RINMR=0, HDP=0)

[13] Security mode complete

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x4 (Integrity protected and ciphered with new 5G NAS security context)

Auth code = 0x34006c9a

Sequence number = 0x00

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x5e (Security mode complete)

IMEISV:

IMEISV = 0123456700000101

NAS message container:

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x41 (Registration request)

5GS registration type:

Follow-on request bit = 1

Value = 1 (initial registration)

ngKSI:

TSC = 0

NAS key set identifier = 7

5GS mobile identity:

SUCI

SUPI format = 0 (IMSI)

MCC = 001

MNC = 01

Routing indicator = 0

Protection sheme id = 0 (Null scheme)

Home network public key identifier = 0

MSIN = 0000000001

5GMM capability:

0x00 (SGC=0, 5G-IPHC-CP CIoT=0, N3 data=0, 5G-CP CIoT=0, RestrictEC=0, LPP=0, HO attach=0, S1 mode=0)

UE security capability:

0xe0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=0, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)

0xe0 (5G-IA0=1, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=0, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)

UE's usage setting = 0x01 (Data centric)

5GS update type = 0x01 (EPS-PNB-CIoT=no additional information, 5GS-PNB-CIoT=no additional information,

NG-RAN-RCU=0, SMS requested=1)

[14] Uplink NAS transport

initiatingMessage: {

procedureCode id-UplinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E0434006C9A007E005E770009052143650700000...'H

{

id id-UserLocationInformation,

criticality ignore,

value userLocationInformationNR: {

nR-CGI {

pLMNIdentity '00F110'H,

nRCellIdentity '001234501'H

tAI {

pLMNIdentity '00F110'H,

tAC '000064'H

}

[15] Initial context setup request

initiatingMessage: {

procedureCode id-InitialContextSetup,

criticality reject,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-GUAMI,

criticality reject,

value {

pLMNIdentity '00F110'H,

aMFRegionID 'CA'H,

aMFSetID '1111111000'B,

aMFPointer '000000'B

}

{

id id-AllowedNSSAI,

criticality reject,

value {

{

s-NSSAI {

sST '01'H,

sD '010203'H

}

{

s-NSSAI {

sST '01'H,

sD '010203'H

}

{

id id-UESecurityCapabilities,

criticality reject,

value {

nRencryptionAlgorithms 'C000'H,

nRintegrityProtectionAlgorithms 'C000'H,

eUTRAencryptionAlgorithms '0000'H,

eUTRAintegrityProtectionAlgorithms '0000'H

}

{

id id-SecurityKey,

criticality reject,

value 'CB40645A12BACB4867C0615B9A7380FFCACBF4CB750F01239163EBF51409BEDE'H

{

id id-MobilityRestrictionList,

criticality ignore,

value {

servingPLMN '00F110'H

}

{

id id-MaskedIMEISV,

criticality ignore,

value '0123456700FFFF01'H

{

id id-NAS-PDU,

criticality ignore,

value '7E0226230C3C017E0042010177000BF200F110CA....'H

}

[16] unsupported allowed S-NSSAI, reject request

[17] Initial context setup failure

unsuccessfulOutcome: {

procedureCode id-InitialContextSetup,

criticality reject,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality ignore,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality ignore,

value 1

{

id id-Cause,

criticality ignore,

value radioNetwork: slice-not-supported

}

[18] Downlink NAS transport

initiatingMessage: {

procedureCode id-DownlinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E0226230C3C017E0042010177000BF200F110CAFE0....'H

}

[19] Registration accept

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x2 (Integrity protected and ciphered)

Auth code = 0x26230c3c

Sequence number = 0x01

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x42 (Registration accept)

5GS registration result = 0x01 (Emergency registered=0, NSSAA to be performed=0, SMS allowed=0, 3GPP access)

5G-GUTI:

5G-GUTI

MCC = 001

MNC = 01

AMF Region ID = 202

AMF Set ID = 1016

AMF Pointer = 0

5G-TMSI = 0x00000001

TAI list:

Length = 7

Data = 00 00 f1 10 00 00 64

Allowed NSSAI:

S-NSSAI

Length of S-NSSAI contents = 4 (SST and SD)

SST = 0x01

SD = 0x010203

S-NSSAI

Length of S-NSSAI contents = 4 (SST and SD)

SST = 0x01

SD = 0x010203

5GS network feature support:

0x00 (MPSI=0, IWK N26=0, EMF=not supported, EMC=not supported, IMS-VoPS-N3GPP=0, IMS-VoPS-3GPP=0)

0x00 (5G-UP CIoT=0, 5G-IPHC-CP CIoT=0, N3 data=0, 5G-CP CIoT=0,

RestrictEC=both CE mode A and CE mode B are not restricted, MCSI=0, EMCN3=0)

T3512 value:

Value = 6

Unit = 0 (10 minutes)

T3502 value:

Value = 12

Unit = 1 (1 minute)

[20] Registration complete

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x2 (Integrity protected and ciphered)

Auth code = 0x52279dc3

Sequence number = 0x01

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x43 (Registration complete)

[21] Uplink NAS transport

initiatingMessage: {

procedureCode id-UplinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E0252279DC3017E0043'H

{

id id-UserLocationInformation,

criticality ignore,

value userLocationInformationNR: {

nR-CGI {

pLMNIdentity '00F110'H,

nRCellIdentity '001234501'H

tAI {

pLMNIdentity '00F110'H,

tAC '000064'H

}

[23] UL NAS transport

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x2 (Integrity protected and ciphered)

Auth code = 0x09371cdb

Sequence number = 0x02

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x67 (UL NAS transport)

Payload container type = 1 (N1 SM information)

Payload container:

Protocol discriminator = 0x2e (5GS Session Management)

PDU session identity = 1

Procedure transaction identity = 1

Message type = 0xc1 (PDU session establishment request)

Integrity protection maximum data data:

Maximum data rate per UE for user-plane integrity protection for uplink = 0xff (Full data rate)

Maximum data rate per UE for user-plane integrity protection for downlink = 0xff (Full data rate)

PDU session type = 0x3 (IPv4v6)

Always-on PDU session requested = 1

Extended protocol configuration options:

Ext = 1

Configuration protocol = 0

Protocol ID = 0x8021 (IPCP)

Data = 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00

Protocol ID = 0x0001 (P-CSCF IPv6 Address Request)

Data =

Protocol ID = 0x0003 (DNS Server IPv6 Address Request)

Data =

Protocol ID = 0x000a (IP address allocation via NAS signalling)

Data =

Protocol ID = 0x000c (P-CSCF IPv4 Address Request)

Data =

Protocol ID = 0x000d (DNS Server IPv4 Address Request)

Data =

PDU session ID = 1

Request type = 0x1 (initial request)

[24] Uplink NAS transport

initiatingMessage: {

procedureCode id-UplinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E0209371CDB027E006701002E2E0101C1FFFF93...'H

{

id id-UserLocationInformation,

criticality ignore,

value userLocationInformationNR: {

nR-CGI {

pLMNIdentity '00F110'H,

nRCellIdentity '001234501'H

tAI {

pLMNIdentity '00F110'H,

tAC '000064'H

}

[25] Downlink NAS transport

initiatingMessage: {

procedureCode id-DownlinkNASTransport,

criticality ignore,

value {

protocolIEs {

{

id id-AMF-UE-NGAP-ID,

criticality reject,

value 1

{

id id-RAN-UE-NGAP-ID,

criticality reject,

value 1

{

id id-NAS-PDU,

criticality reject,

value '7E02C0288170027E006801002E2E0101C1FFF...'H

}

[26] DL NAS transport

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x2 (Integrity protected and ciphered)

Auth code = 0xc0288170

Sequence number = 0x02

Protocol discriminator = 0x7e (5GS Mobility Management)

Security header = 0x0 (Plain 5GS NAS message, not security protected)

Message type = 0x68 (DL NAS transport)

Payload container type = 1 (N1 SM information)

Payload container:

Protocol discriminator = 0x2e (5GS Session Management)

PDU session identity = 1

Procedure transaction identity = 1

Message type = 0xc1 (PDU session establishment request)

Integrity protection maximum data data:

Maximum data rate per UE for user-plane integrity protection for uplink = 0xff (Full data rate)

Maximum data rate per UE for user-plane integrity protection for downlink = 0xff (Full data rate)

PDU session type = 0x3 (IPv4v6)

Always-on PDU session requested = 1

Extended protocol configuration options:

Ext = 1

Configuration protocol = 0

Protocol ID = 0x8021 (IPCP)

Data = 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00

Protocol ID = 0x0001 (P-CSCF IPv6 Address Request)

Data =

Protocol ID = 0x0003 (DNS Server IPv6 Address Request)

Data =

Protocol ID = 0x000a (IP address allocation via NAS signalling)

Data =

Protocol ID = 0x000c (P-CSCF IPv4 Address Request)

Data =

Protocol ID = 0x000d (DNS Server IPv4 Address Request)

Data =

PDU session ID = 1

5GMM cause = 0x5b (DNN not supported or not subscribed in the slice)

PDU Session Establishment

From previous log, I spotted several points that I need to clarify. It can be summarized as follows.

[5] UE send Registration request without Requested NSSAI
[13] UE send Registration request without Requested NSSAI
[15] CORE NETWORK send Initial Context Setup Request with AllowedNSSAI
[16]/[17] gNB sends Initial Context Setup Failure with the cause of slice-not-supported <== this is because the NSSAI configured in free5GC and configured in Amari gNB is different. This can be fixed easily later.
[23] gNB/UE send PDU Session Establishment without DNN Specified.
[26] Core Network sends gNB/UE send PDU Session Establishment with 5GMM Cause of DNN not supported or not subscribed in the slice ==> I think this is difference between free5GC and Amari Core. In Amarisoft core, [23] is accepted and the core send PDU Session Establishement with dnn=default, but free5GC does not.

I think [26] is related to following specification described in 24.501-5.4.5.3.2

In case e) in subclause 5.4.5.3.1, i.e. upon sending a single uplink 5GSM message which was not forwarded due to routing failure, the AMF shall:

a) include the PDU session ID in the PDU session ID IE;

b) set the Payload container type IE to "N1 SM information";

c) set the Payload container IE to the 5GSM message which was not forwarded; and

d) set the 5GMM cause IE to the 5GMM cause #90 "payload was not forwarded" or 5GMM cause #91 "DNN not supported or not subscribed in the slice".

The AMF sets the 5GMM cause IE to the 5GMM cause #91 "DNN not supported or not subscribed in the slice",

if the 5GSM message could not be forwarded since SMF selection fails because:

1) the DNN is not supported in the slice identified by the S-NSSAI used by the AMF; or

2) neither the DNN provided by the UE nor the wildcard DNN are in the subscribed DNN list of the UE for the S-NSSAI used by the AMF.

Otherwise, the AMF sets the 5GMM cause IE to the 5GMM cause #90 "payload was not forwarded".