Skip to main content

OAI CN Side Notes

NFT kernel module

The nft is a kernel module that is usually already installed in the most of the recent Linux versions. This module is important because the SPGWU uses it instead of the classical IP tables.

lsmod | grep nft
nft_nat                16384  41
nft_chain_nat          16384  1
nf_tables             143360  248 nft_nat,nft_chain_nat
nf_nat                 40960  4 nft_nat,nft_chain_nat,iptable_nat,xt_MASQUERADE
nf_conntrack          139264  5 xt_conntrack,nf_nat,nft_nat,nf_conntrack_netlink,xt_MASQUERADE

In case of missing:

sudo modprobe nft_nat
sudo modprobe nft_chain_nat

UPF error

It might happen that there is problem in resolving the UPF name. It could happen in a machine in which the CN in snap has never been installed. The error will appear in the SMF logs

Wrong log:

[smf] [smf_n4 ] [debug] handle_receive_pfcp_msg msg type 5 length 36
[smf] [smf_n4 ] [debug] Received N4 ASSOCIATION SETUP REQUEST
[smf] [smf_app] [info ] Node ID Type FQDN: upf0.5gc.oai
[smf] [smf_app] [info ] Add association with node (FQDN) upf0.5gc.oai: cannot resolve the hostname!

Correct log:

[smf] [smf_n4 ] [debug] Received N4 ASSOCIATION SETUP REQUEST
[smf] [smf_app] [info ] Node ID Type FQDN: upf0.5gc.oai
[smf] [smf_app] [info ] Node ID Type FQDN: upf0.5gc.oai, IPv4 Addr: 127.5.4.131

Resolution

sudo vim /etc/hosts

# modify the /etc/hosts file with adding the following line on the top
127.5.4.131 upf0.5gc.oai      #added line to solve the UPF issue

Forwarding Rules

It might happen that pinging the outside network from the UE machine is not possible through the Quectel interface. It might be that if the there is docker installed or the same policy set by the IT of your company the packet Foreword is disabled.

To check it run:

sudo iptables -L

## If you have a line of this type:
Chain FORWARD (policy DROP)
target     prot opt source               destination          # ATTENTION it should be changed
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere       ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

To resolve it run the command:

sudo iptables --policy FORWARD ACCEPT

To check it running the command sudo iptables -L the correct line should appear Chain FORWARD (policy ACCEPT).

Last updated on by Alireza Mohammadi