As in the case of Installation, excution and test procedure was not complete. At least, GTP / SCTP setup worked and the initial connection with gNB worked OK, but handling NAS message (even the first NAS message) failed.
Nevertheless, I decided to write some note about this before I forget what I have done. It will be very appreciated if there is anybody who can help me with some problems that I faces. You may email me or send me message via my linkedIn.
Before you Run
Since 5GC is connected to RAN via gtp and sctp as explained in these notes (GTP, SCTP, NGAP), gtp5g and sctp driver should be properly installed and activated.
You can check if gtp5g driver is activated as follows. You would see this without running free5gc if the installation is properly done.

In the same way, you can check if sctp driver is activated.. but you would see this result only after you run free5gc.

TestSetup
The test setup that I used is as shown below. I used Amari callbox as gNB connecting to free5GC.

NOTE : At first I tried with a commercial mobile phone, but soon I noticed that free5gc support milenage authentication algorithm only (not supporting 3gpp XOR algorithm). Since I don't have any test USIM with milenage algorithm, I used Amarisoft UEsimulator where I can configure USIM parameters as I want.
Network Adaptor setting for the virtual box is set as follows.

route setting on Ubuntu Server in the virtual box is as follows.

Configuration
Since this is for testing the initial part of 5GC activity, I only set the configuration in AMF part (amfcfg.yaml) as shown below.

Following is the contents of amfcfg.yaml and the red part is what I have changed from the original configuration. It is import to get not only plmn but aslo tac to match between gNB(Amari Callbox) and amf(free5gc) configuration.
|
amfcfg.yaml |
|
info: version: 1.0.2 description: AMF initial local configuration
configuration: amfName: AMF # the name of this AMF ngapIpList: # the IP list of N2 interfaces on this AMF - 10.0.0.230 sbi: # Service-based interface information scheme: http # the protocol for sbi (http or https) registerIPv4: 10.0.0.230 bindingIPv4: 10.0.0.230 port: 8000 serviceNameList: # the SBI services provided by this AMF, refer to TS 29.518 - namf-comm # Namf_Communication service - namf-evts # Namf_EventExposure service - namf-mt # Namf_MT service - namf-loc # Namf_Location service - namf-oam # OAM service servedGuamiList: # Guami (Globally Unique AMF ID) list supported by this AMF # <GUAMI> = <MCC><MNC><AMF ID> - plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC> mcc: 001 # Mobile Country Code (3 digits string, digit: 0~9) mnc: 01 # Mobile Network Code (2 or 3 digits string, digit: 0~9) amfId: cafe00 # AMF identifier (3 bytes hex string, range: 000000~FFFFFF) supportTaiList: # the TAI (Tracking Area Identifier) list supported by this AMF - plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC> mcc: 001 # Mobile Country Code (3 digits string, digit: 0~9) mnc: 01 # Mobile Network Code (2 or 3 digits string, digit: 0~9) tac: 100 # Tracking Area Code (uinteger, range: 0~16777215) plmnSupportList: # the PLMNs (Public land mobile network) list supported by this AMF - plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC> mcc: 001 # Mobile Country Code (3 digits string, digit: 0~9) mnc: 01 # Mobile Network Code (2 or 3 digits string, digit: 0~9) snssaiList: # the S-NSSAI (Single Network Slice Selection Assistance Information) list supported by this AMF - sst: 1 # Slice/Service Type (uinteger, range: 0~255) sd: 010203 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF) - sst: 1 # Slice/Service Type (uinteger, range: 0~255) sd: 112233 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF) supportDnnList: # the DNN (Data Network Name) list supported by this AMF - internet nrfUri: http://127.0.0.10:8000 # a valid URI of NRF security: # NAS security parameters integrityOrder: # the priority of integrity algorithms - NIA2 # - NIA0 cipheringOrder: # the priority of ciphering algorithms - NEA0 # - NEA2 networkName: # the name of this core network full: free5GC short: free locality: area1 # Name of the location where a set of AMF, SMF and UPFs are located networkFeatureSupport5GS: # 5gs Network Feature Support IE, refer to TS 24.501 enable: true # append this IE in Registration accept or not imsVoPS: 0 # IMS voice over PS session indicator (uinteger, range: 0~1) emc: 0 # Emergency service support indicator for 3GPP access (uinteger, range: 0~3) emf: 0 # Emergency service fallback indicator for 3GPP access (uinteger, range: 0~3) iwkN26: 0 # Interworking without N26 interface indicator (uinteger, range: 0~1) mpsi: 0 # MPS indicator (uinteger, range: 0~1) emcN3: 0 # Emergency service support indicator for Non-3GPP access (uinteger, range: 0~1) mcsi: 0 # MCS indicator (uinteger, range: 0~1) t3502Value: 720 # timer value (seconds) at UE side t3512Value: 3600 # timer value (seconds) at UE side non3gppDeregistrationTimerValue: 3240 # timer value (seconds) at UE side # retransmission timer for paging message t3513: enable: true # true or false expireTime: 6s # default is 6 seconds maxRetryTimes: 4 # the max number of retransmission # retransmission timer for NAS Deregistration Request message t3522: enable: true # true or false expireTime: 6s # default is 6 seconds maxRetryTimes: 4 # the max number of retransmission # retransmission timer for NAS Registration Accept message t3550: enable: true # true or false expireTime: 6s # default is 6 seconds maxRetryTimes: 4 # the max number of retransmission # retransmission timer for NAS Authentication Request/Security Mode Command message t3560: enable: true # true or false expireTime: 6s # default is 6 seconds maxRetryTimes: 4 # the max number of retransmission # retransmission timer for NAS Notification message t3565: enable: true # true or false expireTime: 6s # default is 6 seconds maxRetryTimes: 4 # the max number of retransmission # retransmission timer for NAS Identity Request message t3570: enable: true # true or false expireTime: 6s # default is 6 seconds maxRetryTimes: 4 # the max number of retransmission |
In the hope of resolving the problem that I am facing, I changed ausfcfg.yaml as below, but still no luck.
|
ausfcfg.yaml |
|
info: version: 1.0.0 description: AUSF initial local configuration
configuration: sbi: # Service-based interface information scheme: http # the protocol for sbi (http or https) registerIPv4: 127.0.0.9 # IP used to register to NRF bindingIPv4: 127.0.0.9 # IP used to bind the service port: 8000 # Port used to bind the service serviceNameList: # the SBI services provided by this AUSF, refer to TS 29.509 - nausf-auth # Nausf_UEAuthentication service nrfUri: http://127.0.0.10:8000 # a valid URI of NRF plmnSupportList: # the PLMNs (Public Land Mobile Network) list supported by this AUSF - mcc: 001 # Mobile Country Code (3 digits string, digit: 0~9) mnc: 01 # Mobile Network Code (2 or 3 digits string, digit: 0~9) - mcc: 123 # Mobile Country Code (3 digits string, digit: 0~9) mnc: 45 # Mobile Network Code (2 or 3 digits string, digit: 0~9) groupId: ausfGroup001 # ID for the group of the AUSF eapAkaSupiImsiPrefix: false # including "imsi-" prefix or not when using the SUPI to do EAP-AKA' authentication |
Run Script
To run the free5gc, I used the run.sh which run multiple components of the core simultaneously.

Following is the contents of run.sh. You may edit to parameter NF_LIST to specify which components you want to run.
|
run.sh |
|
#!/usr/bin/env bash
PID_LIST=()
sudo -E ./NFs/upf/build/bin/free5gc-upfd -c ./config/upfcfg.yaml -l ./log/nf/upf.log -g ./log/free5gc.log & PID_LIST+=($!)
sleep 1
NF_LIST="nrf amf smf udr pcf udm nssf ausf" export GIN_MODE=release
for NF in ${NF_LIST}; do ./bin/${NF} & PID_LIST+=($!) sleep 0.1 done
sudo ./bin/n3iwf & SUDO_N3IWF_PID=$! sleep 1 N3IWF_PID=$(pgrep -P $SUDO_N3IWF_PID) PID_LIST+=($SUDO_N3IWF_PID $N3IWF_PID)
function terminate() { sudo kill -SIGTERM ${PID_LIST[${#PID_LIST[@]}-2]} ${PID_LIST[${#PID_LIST[@]}-1]} sleep 2 }
trap terminate SIGINT wait ${PID_LIST} |
Run
Run the 5G Core with the script as shown below.
![]()
Initial AMF Activation
Initial part (AMF activation) goes without any problem as shown below.






From this point, I am getting several pages of error message something like below. I don't know exactly what is the root cause of the problem. (NOTE : I don't see this error any more after the mongodb installation problem was fixed)

NG Setup
When I activate gNB and gNB get connected to AMF in 5GC, I get prints as shown below. Actually pretty complicated process should proceed in the background for this. Refer to these notes (GTP, SCTP, NGAP) if you are interested in further details.

Handle Registration Request
When I power on UE and UE send RegistrationRequest, I see following prints but getting problems at this point as shown below.

Following is the logs that I am getting from Amari Callbox. Line (1),(2),(3),(4) is the initial connection process between gNB and 5GC as explained in these notes (GTP, SCTP, NGAP). I see UE send RegistrationRequest at (5), but this has not been processed by 5GC.

[3] NG Setup Request
Message: 10.0.0.230:38412 NG setup request
Data:
initiatingMessage: {
procedureCode id-NGSetup,
criticality reject,
value {
protocolIEs {
{
id id-GlobalRANNodeID,
criticality reject,
value globalGNB-ID: {
pLMNIdentity '00F110'H,
gNB-ID gNB-ID: '0012345'H
}
},
{
id id-RANNodeName,
criticality ignore,
value "gnb0012345"
},
{
id id-SupportedTAList,
criticality reject,
value {
{
tAC '000064'H,
broadcastPLMNList {
{
pLMNIdentity '00F110'H,
tAISliceSupportList {
{
s-NSSAI {
sST '01'H
}
}
}
}
}
}
}
},
{
id id-DefaultPagingDRX,
criticality ignore,
value v128
}
}
}
}
[4] NG Setup Response
Message: 10.0.0.230:38412 NG setup response
Data:
successfulOutcome: {
procedureCode id-NGSetup,
criticality reject,
value {
protocolIEs {
{
id id-AMFName,
criticality reject,
value "AMF"
},
{
id id-ServedGUAMIList,
criticality reject,
value {
{
gUAMI {
pLMNIdentity '00F110'H,
aMFRegionID 'CA'H,
aMFSetID '1111111000'B,
aMFPointer '000000'B
}
}
}
},
{
id id-RelativeAMFCapacity,
criticality ignore,
value 255
},
{
id id-PLMNSupportList,
criticality reject,
value {
{
pLMNIdentity '00F110'H,
sliceSupportList {
{
s-NSSAI {
sST '01'H,
sD '010203'H
}
},
{
s-NSSAI {
sST '01'H,
sD '112233'H
}
}
}
}
}
}
}
}
}
After mongdodb installation problem is fixed, the procedure went a few step further but the registration request got rejected as follows.


[5] Registration Request
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x1 (Integrity protected)
Auth code = 0xf4365440
Sequence number = 0x0d
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x41 (Registration request)
5GS registration type:
Follow-on request bit = 1
Value = 1 (initial registration)
ngKSI:
TSC = 0
NAS key set identifier = 0
5GS mobile identity:
5G-GUTI
MCC = 001
MNC = 01
AMF Region ID = 128
AMF Set ID = 4
AMF Pointer = 1
5G-TMSI = 0xee2ceef7
UE security capability:
0xf0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=1, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)
0x70 (5G-IA0=0, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=1, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)
0xf0 (EEA0=1, 128-EEA1=1, 128-EEA2=1, 128-EEA3=1, EEA4=0, EEA5=0, EEA6=0, EEA7=0)
0x70 (EIA0=0, 128-EIA1=1, 128-EIA2=1, 128-EIA3=1, EIA4=0, EIA5=0, EIA6=0, EIA7=0)
NAS message container:
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x41 (Registration request)
5GS registration type:
Follow-on request bit = 1
Value = 1 (initial registration)
ngKSI:
TSC = 0
NAS key set identifier = 0
5GS mobile identity:
5G-GUTI
MCC = 001
MNC = 01
AMF Region ID = 128
AMF Set ID = 4
AMF Pointer = 1
5G-TMSI = 0xee2ceef7
5GMM capability:
0x03 (SGC=0, 5G-IPHC-CP CIoT=0, N3 data=0, 5G-CP CIoT=0, RestrictEC=0, LPP=0, HO attach=1, S1 mode=1)
UE security capability:
0xf0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=1, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)
0x70 (5G-IA0=0, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=1, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)
0xf0 (EEA0=1, 128-EEA1=1, 128-EEA2=1, 128-EEA3=1, EEA4=0, EEA5=0, EEA6=0, EEA7=0)
0x70 (EIA0=0, 128-EIA1=1, 128-EIA2=1, 128-EIA3=1, EIA4=0, EIA5=0, EIA6=0, EIA7=0)
Requested NSSAI:
S-NSSAI
Length of S-NSSAI contents = 1 (SST)
SST = 0x01
Last visited registered TAI:
MCC = 001
MNC = 01
TAC = 0x000064
S1 UE network capability:
0xf0 (EEA0=1, 128-EEA1=1, 128-EEA2=1, 128-EEA3=1, EEA4=0, EEA5=0, EEA6=0, EEA7=0)
0x70 (EIA0=0, 128-EIA1=1, 128-EIA2=1, 128-EIA3=1, EIA4=0, EIA5=0, EIA6=0, EIA7=0)
0xc0 (UEA0=1, UEA1=1, UEA2=0, UEA3=0, UEA4=0, UEA5=0, UEA6=0, UEA7=0)
0x40 (UCS2=0, UIA1=1, UIA2=0, UIA3=0, UIA4=0, UIA5=0, UIA6=0, UIA7=0)
0x19 (ProSe-dd=0, ProSe=0, H.245-ASH=0, ACC-CSFB=1, LPP=1, LCS=0, 1xSRVCC=0, NF=1)
0x80 (ePCO=1, HC-CP CIoT=0, ERw/oPDN=0, S1-U data=0, UP CIoT=0, CP CIoT=0, ProSe-relay=0, ProSe-dc=0)
0xb0 (15 bearers=1, SGC=0, N1mode=1, DCNR=1, CP backoff=0, RestrictEC=0, V2X PC5=0, multipleDRB=0)
UE's usage setting = 0x01 (Data centric)
LADN indication:
Length = 0
Data =
Network slicing indication = 0x00 (DCNI=0, NSSCI=0)
5GS update type = 0x01 (EPS-PNB-CIoT=no additional information, 5GS-PNB-CIoT=no additional information, NG-RAN-RCU=0, SMS requested=1)
[6] Initial UE Messages
Message: 10.0.0.230:38412 Initial UE message
initiatingMessage: {
procedureCode id-InitialUEMessage,
criticality ignore,
value {
protocolIEs {
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E01F43654400D7E004109000BF200F.....'H
},
{
id id-UserLocationInformation,
criticality reject,
value userLocationInformationNR: {
nR-CGI {
pLMNIdentity '00F110'H,
nRCellIdentity '001234501'H
},
tAI {
pLMNIdentity '00F110'H,
tAC '000064'H
}
}
},
{
id id-RRCEstablishmentCause,
criticality ignore,
value mo-Signalling
},
{
id id-UEContextRequest,
criticality ignore,
value requested
}
}
}
}
[7] Downlink NAS Transport
Message: 10.0.0.230:38412 Downlink NAS transport
Data:
initiatingMessage: {
procedureCode id-DownlinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E004409'H
}
}
}
}
[8] Registration Reject
Message: Registration reject
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x44 (Registration reject)
5GMM cause = 0x09 (UE identity cannot be derived by the network)
Again with the help of Chlosta, Merlin, I learned that free5gc does not allow the registration with TMSI.
==> This behavior of free5gc does not seems to be correct. Chlosta raised a PR for this on Feb 24 2022.
The UE that I used(OnePLUS) was trying to register with TMSI and I didn't know how to get the UE to register with IMSI. So I used Amari UEsim as a DUT. It registered with IMSI and free5gc didn't rejected the initial Registration Request, but it reached another point of error as shown below.

It looks obvious that this error comes from the missing UE information (SIM parameter etc) and I didn't know how to add UE information to free5gc. Again, with the help of Chlosta, Merlin, I learned that I should add UE information with webconsole.
First added the Subcribers to free5gc in webconsole as shown below. I put only those parameters as shown below and all the others remain as default without any change. The goal at this step is only to pass authentication step and did not focus much on the steps afterwards. Of course, you need to configure same settings on UE side SIM (In my case, I configured the same in Amari UEsim configuration file).

Then tested again and it reaches to following point. Obviously it passed authentication and you would see some DNN / Network slice related problems which will be described in next setion. The full log from free5gc is here.

I collected the log from Amari Callbox (gNB) as shown below.


[5] Registration request
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x41 (Registration request)
5GS registration type:
Follow-on request bit = 1
Value = 1 (initial registration)
ngKSI:
TSC = 0
NAS key set identifier = 7
5GS mobile identity:
SUCI
SUPI format = 0 (IMSI)
MCC = 001
MNC = 01
Routing indicator = 0
Protection sheme id = 0 (Null scheme)
Home network public key identifier = 0
MSIN = 0000000001
UE security capability:
0xe0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=0, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)
0xe0 (5G-IA0=1, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=0, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)
[6] Initial UE message
initiatingMessage: {
procedureCode id-InitialUEMessage,
criticality ignore,
value {
protocolIEs {
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E004179000D0100F110F0FF000000000000102E02E0E0'H
},
{
id id-UserLocationInformation,
criticality reject,
value userLocationInformationNR: {
nR-CGI {
pLMNIdentity '00F110'H,
nRCellIdentity '001234501'H
},
tAI {
pLMNIdentity '00F110'H,
tAC '000064'H
}
}
},
{
id id-RRCEstablishmentCause,
criticality ignore,
value mo-Signalling
},
{
id id-UEContextRequest,
criticality ignore,
value requested
}
}
}
}
[7] Downlink NAS transport
initiatingMessage: {
procedureCode id-DownlinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E005600020000217080C76C04D9B6BD7134BC81F67DF.....'H
}
}
}
}
[8] Authentication request
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x56 (Authentication request)
ngKSI:
TSC = 0
NAS key set identifier = 0
ABBA:
Length = 2
Data = 00 00
Authentication parameter RAND:
Data = 70 80 c7 6c 04 d9 b6 bd 71 34 bc 81 f6 7d f5 6e
Authentication parameter AUTN:
Length = 16
Data = 1d d0 86 ca 6d eb 80 00 fd af d9 b0 31 57 9f 54
[9] Authentication response
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x57 (Authentication response)
Authentication response parameter:
Length = 16
Data = 0e 17 9d 79 f8 da 44 93 f1 4f 02 a8 f7 b6 77 82
[10] Uplink NAS transport
initiatingMessage: {
procedureCode id-UplinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E00572D100E179D79F8DA4493F14F02A8F7B67782'H
},
{
id id-UserLocationInformation,
criticality ignore,
value userLocationInformationNR: {
nR-CGI {
pLMNIdentity '00F110'H,
nRCellIdentity '001234501'H
},
tAI {
pLMNIdentity '00F110'H,
tAC '000064'H
}
}
}
}
}
}
[11] Downlink NAS transport
initiatingMessage: {
procedureCode id-DownlinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E036BC9DC66007E005D020002E0E0E1360100'H
}
}
}
}
[12] Security mode command
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x3 (Integrity protected with new 5G NAS security context)
Auth code = 0x6bc9dc66
Sequence number = 0x00
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x5d (Security mode command)
Selected NAS security algorithms = 0x02 (5G-EA0, 5G-IA2)
ngKSI:
TSC = 0
NAS key set identifier = 0
Replayed UE security capabilities:
0xe0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=0, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)
0xe0 (5G-IA0=1, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=0, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)
IMEISV request = 1
Additional 5G security information = 0x00 (RINMR=0, HDP=0)
[13] Security mode complete
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x4 (Integrity protected and ciphered with new 5G NAS security context)
Auth code = 0x34006c9a
Sequence number = 0x00
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x5e (Security mode complete)
IMEISV:
IMEISV = 0123456700000101
NAS message container:
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x41 (Registration request)
5GS registration type:
Follow-on request bit = 1
Value = 1 (initial registration)
ngKSI:
TSC = 0
NAS key set identifier = 7
5GS mobile identity:
SUCI
SUPI format = 0 (IMSI)
MCC = 001
MNC = 01
Routing indicator = 0
Protection sheme id = 0 (Null scheme)
Home network public key identifier = 0
MSIN = 0000000001
5GMM capability:
0x00 (SGC=0, 5G-IPHC-CP CIoT=0, N3 data=0, 5G-CP CIoT=0, RestrictEC=0, LPP=0, HO attach=0, S1 mode=0)
UE security capability:
0xe0 (5G-EA0=1, 128-5G-EA1=1, 128-5G-EA2=1, 128-5G-EA3=0, 5G-EA4=0, 5G-EA5=0, 5G-EA6=0, 5G-EA7=0)
0xe0 (5G-IA0=1, 128-5G-IA1=1, 128-5G-IA2=1, 128-5G-IA3=0, 5G-IA4=0, 5G-IA5=0, 5G-IA6=0, 5G-IA7=0)
UE's usage setting = 0x01 (Data centric)
5GS update type = 0x01 (EPS-PNB-CIoT=no additional information, 5GS-PNB-CIoT=no additional information,
NG-RAN-RCU=0, SMS requested=1)
[14] Uplink NAS transport
initiatingMessage: {
procedureCode id-UplinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E0434006C9A007E005E770009052143650700000...'H
},
{
id id-UserLocationInformation,
criticality ignore,
value userLocationInformationNR: {
nR-CGI {
pLMNIdentity '00F110'H,
nRCellIdentity '001234501'H
},
tAI {
pLMNIdentity '00F110'H,
tAC '000064'H
}
}
}
}
}
}
[15] Initial context setup request
initiatingMessage: {
procedureCode id-InitialContextSetup,
criticality reject,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-GUAMI,
criticality reject,
value {
pLMNIdentity '00F110'H,
aMFRegionID 'CA'H,
aMFSetID '1111111000'B,
aMFPointer '000000'B
}
},
{
id id-AllowedNSSAI,
criticality reject,
value {
{
s-NSSAI {
sST '01'H,
sD '010203'H
}
},
{
s-NSSAI {
sST '01'H,
sD '010203'H
}
}
}
},
{
id id-UESecurityCapabilities,
criticality reject,
value {
nRencryptionAlgorithms 'C000'H,
nRintegrityProtectionAlgorithms 'C000'H,
eUTRAencryptionAlgorithms '0000'H,
eUTRAintegrityProtectionAlgorithms '0000'H
}
},
{
id id-SecurityKey,
criticality reject,
value 'CB40645A12BACB4867C0615B9A7380FFCACBF4CB750F01239163EBF51409BEDE'H
},
{
id id-MobilityRestrictionList,
criticality ignore,
value {
servingPLMN '00F110'H
}
},
{
id id-MaskedIMEISV,
criticality ignore,
value '0123456700FFFF01'H
},
{
id id-NAS-PDU,
criticality ignore,
value '7E0226230C3C017E0042010177000BF200F110CA....'H
}
}
}
}
[16] unsupported allowed S-NSSAI, reject request
[17] Initial context setup failure
unsuccessfulOutcome: {
procedureCode id-InitialContextSetup,
criticality reject,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality ignore,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality ignore,
value 1
},
{
id id-Cause,
criticality ignore,
value radioNetwork: slice-not-supported
}
}
}
}
[18] Downlink NAS transport
initiatingMessage: {
procedureCode id-DownlinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E0226230C3C017E0042010177000BF200F110CAFE0....'H
}
}
}
}
[19] Registration accept
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x2 (Integrity protected and ciphered)
Auth code = 0x26230c3c
Sequence number = 0x01
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x42 (Registration accept)
5GS registration result = 0x01 (Emergency registered=0, NSSAA to be performed=0, SMS allowed=0, 3GPP access)
5G-GUTI:
5G-GUTI
MCC = 001
MNC = 01
AMF Region ID = 202
AMF Set ID = 1016
AMF Pointer = 0
5G-TMSI = 0x00000001
TAI list:
Length = 7
Data = 00 00 f1 10 00 00 64
Allowed NSSAI:
S-NSSAI
Length of S-NSSAI contents = 4 (SST and SD)
SST = 0x01
SD = 0x010203
S-NSSAI
Length of S-NSSAI contents = 4 (SST and SD)
SST = 0x01
SD = 0x010203
5GS network feature support:
0x00 (MPSI=0, IWK N26=0, EMF=not supported, EMC=not supported, IMS-VoPS-N3GPP=0, IMS-VoPS-3GPP=0)
0x00 (5G-UP CIoT=0, 5G-IPHC-CP CIoT=0, N3 data=0, 5G-CP CIoT=0,
RestrictEC=both CE mode A and CE mode B are not restricted, MCSI=0, EMCN3=0)
T3512 value:
Value = 6
Unit = 0 (10 minutes)
T3502 value:
Value = 12
Unit = 1 (1 minute)
[20] Registration complete
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x2 (Integrity protected and ciphered)
Auth code = 0x52279dc3
Sequence number = 0x01
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x43 (Registration complete)
[21] Uplink NAS transport
initiatingMessage: {
procedureCode id-UplinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E0252279DC3017E0043'H
},
{
id id-UserLocationInformation,
criticality ignore,
value userLocationInformationNR: {
nR-CGI {
pLMNIdentity '00F110'H,
nRCellIdentity '001234501'H
},
tAI {
pLMNIdentity '00F110'H,
tAC '000064'H
}
}
}
}
}
}
[23] UL NAS transport
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x2 (Integrity protected and ciphered)
Auth code = 0x09371cdb
Sequence number = 0x02
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x67 (UL NAS transport)
Payload container type = 1 (N1 SM information)
Payload container:
Protocol discriminator = 0x2e (5GS Session Management)
PDU session identity = 1
Procedure transaction identity = 1
Message type = 0xc1 (PDU session establishment request)
Integrity protection maximum data data:
Maximum data rate per UE for user-plane integrity protection for uplink = 0xff (Full data rate)
Maximum data rate per UE for user-plane integrity protection for downlink = 0xff (Full data rate)
PDU session type = 0x3 (IPv4v6)
Always-on PDU session requested = 1
Extended protocol configuration options:
Ext = 1
Configuration protocol = 0
Protocol ID = 0x8021 (IPCP)
Data = 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00
Protocol ID = 0x0001 (P-CSCF IPv6 Address Request)
Data =
Protocol ID = 0x0003 (DNS Server IPv6 Address Request)
Data =
Protocol ID = 0x000a (IP address allocation via NAS signalling)
Data =
Protocol ID = 0x000c (P-CSCF IPv4 Address Request)
Data =
Protocol ID = 0x000d (DNS Server IPv4 Address Request)
Data =
PDU session ID = 1
Request type = 0x1 (initial request)
[24] Uplink NAS transport
initiatingMessage: {
procedureCode id-UplinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E0209371CDB027E006701002E2E0101C1FFFF93...'H
},
{
id id-UserLocationInformation,
criticality ignore,
value userLocationInformationNR: {
nR-CGI {
pLMNIdentity '00F110'H,
nRCellIdentity '001234501'H
},
tAI {
pLMNIdentity '00F110'H,
tAC '000064'H
}
}
}
}
}
}
[25] Downlink NAS transport
initiatingMessage: {
procedureCode id-DownlinkNASTransport,
criticality ignore,
value {
protocolIEs {
{
id id-AMF-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-RAN-UE-NGAP-ID,
criticality reject,
value 1
},
{
id id-NAS-PDU,
criticality reject,
value '7E02C0288170027E006801002E2E0101C1FFF...'H
}
}
}
}
[26] DL NAS transport
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x2 (Integrity protected and ciphered)
Auth code = 0xc0288170
Sequence number = 0x02
Protocol discriminator = 0x7e (5GS Mobility Management)
Security header = 0x0 (Plain 5GS NAS message, not security protected)
Message type = 0x68 (DL NAS transport)
Payload container type = 1 (N1 SM information)
Payload container:
Protocol discriminator = 0x2e (5GS Session Management)
PDU session identity = 1
Procedure transaction identity = 1
Message type = 0xc1 (PDU session establishment request)
Integrity protection maximum data data:
Maximum data rate per UE for user-plane integrity protection for uplink = 0xff (Full data rate)
Maximum data rate per UE for user-plane integrity protection for downlink = 0xff (Full data rate)
PDU session type = 0x3 (IPv4v6)
Always-on PDU session requested = 1
Extended protocol configuration options:
Ext = 1
Configuration protocol = 0
Protocol ID = 0x8021 (IPCP)
Data = 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00
Protocol ID = 0x0001 (P-CSCF IPv6 Address Request)
Data =
Protocol ID = 0x0003 (DNS Server IPv6 Address Request)
Data =
Protocol ID = 0x000a (IP address allocation via NAS signalling)
Data =
Protocol ID = 0x000c (P-CSCF IPv4 Address Request)
Data =
Protocol ID = 0x000d (DNS Server IPv4 Address Request)
Data =
PDU session ID = 1
5GMM cause = 0x5b (DNN not supported or not subscribed in the slice)
PDU Session Establishment
From previous log, I spotted several points that I need to clarify. It can be summarized as follows.
- [5] UE send Registration request without Requested NSSAI
- [13] UE send Registration request without Requested NSSAI
- [15] CORE NETWORK send Initial Context Setup Request with AllowedNSSAI
- [16]/[17] gNB sends Initial Context Setup Failure with the cause of slice-not-supported <== this is because the NSSAI configured in free5GC and configured in Amari gNB is different. This can be fixed easily later.
- [23] gNB/UE send PDU Session Establishment without DNN Specified.
- [26] Core Network sends gNB/UE send PDU Session Establishment with 5GMM Cause of DNN not supported or not subscribed in the slice ==> I think this is difference between free5GC and Amari Core. In Amarisoft core, [23] is accepted and the core send PDU Session Establishement with dnn=default, but free5GC does not.
I think [26] is related to following specification described in 24.501-5.4.5.3.2
In case e) in subclause 5.4.5.3.1, i.e. upon sending a single uplink 5GSM message which was not forwarded due to routing failure, the AMF shall:
a) include the PDU session ID in the PDU session ID IE;
b) set the Payload container type IE to "N1 SM information";
c) set the Payload container IE to the 5GSM message which was not forwarded; and
d) set the 5GMM cause IE to the 5GMM cause #90 "payload was not forwarded" or 5GMM cause #91 "DNN not supported or not subscribed in the slice".
The AMF sets the 5GMM cause IE to the 5GMM cause #91 "DNN not supported or not subscribed in the slice",
if the 5GSM message could not be forwarded since SMF selection fails because:
1) the DNN is not supported in the slice identified by the S-NSSAI used by the AMF; or
2) neither the DNN provided by the UE nor the wildcard DNN are in the subscribed DNN list of the UE for the S-NSSAI used by the AMF.
Otherwise, the AMF sets the 5GMM cause IE to the 5GMM cause #90 "payload was not forwarded".