OAI CN Side Notes
NFT kernel module
The nft is a kernel module that is usually already installed in the most of the recent Linux versions. This module is important because the SPGWU uses it instead of the classical IP tables.
lsmod | grep nft
nft_nat 16384 41
nft_chain_nat 16384 1
nf_tables 143360 248 nft_nat,nft_chain_nat
nf_nat 40960 4 nft_nat,nft_chain_nat,iptable_nat,xt_MASQUERADE
nf_conntrack 139264 5 xt_conntrack,nf_nat,nft_nat,nf_conntrack_netlink,xt_MASQUERADE
In case of missing:
sudo modprobe nft_nat
sudo modprobe nft_chain_nat
UPF error
It might happen that there is problem in resolving the UPF name. It could happen in a machine in which the CN in snap has never been installed. The error will appear in the SMF logs
Wrong log:
[smf] [smf_n4 ] [debug] handle_receive_pfcp_msg msg type 5 length 36
[smf] [smf_n4 ] [debug] Received N4 ASSOCIATION SETUP REQUEST
[smf] [smf_app] [info ] Node ID Type FQDN: upf0.5gc.oai
[smf] [smf_app] [info ] Add association with node (FQDN) upf0.5gc.oai: cannot resolve the hostname!
Correct log:
[smf] [smf_n4 ] [debug] Received N4 ASSOCIATION SETUP REQUEST
[smf] [smf_app] [info ] Node ID Type FQDN: upf0.5gc.oai
[smf] [smf_app] [info ] Node ID Type FQDN: upf0.5gc.oai, IPv4 Addr: 127.5.4.131
Resolution
sudo vim /etc/hosts
# modify the /etc/hosts file with adding the following line on the top
127.5.4.131 upf0.5gc.oai #added line to solve the UPF issue
Forwarding Rules
It might happen that pinging the outside network from the UE machine is not possible through the Quectel interface. It might be that if the there is docker installed or the same policy set by the IT of your company the packet Foreword is disabled.
To check it run:
sudo iptables -L
## If you have a line of this type:
Chain FORWARD (policy DROP)
target prot opt source destination # ATTENTION it should be changed
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
To resolve it run the command:
sudo iptables --policy FORWARD ACCEPT
To check it running the command sudo iptables -L
the correct line should appear Chain FORWARD (policy ACCEPT)
.