5G SA: SMF における monitor subscriber/protocol

Tomonobu Okada · ‎2022-01-27

はじめに
SMF の CLI
Monitor subscriber
Monitor protocol
Hex dump を PCAP に変換してみる（オプション）

はじめに

Cisco StarOS ではユーザのセッション確立に関する問題をトラブルシュートするために monitor subscriber/protocol というツールがあります。5G SA 構成における Cisco SMF(Session Management Function) は Kubernetes をベースにしたクラウドネイティブなアプリケーションなので StarOS とは全く別のものですが、同様のツールが用意されています。本記事では SMF の monitor subscriber/protocol 機能について紹介します。

SMF の CLI

SMF はクラウドネイティブなマイクロサービスアプリケーションとして開発されているので実際にはコンテナの集合体ですが、Ops Center という Pod が CLI の機能を提供していて SMF 全体の各種オペレーションやコンフィグが可能です。

[root@master1 ~]# kubectl get svc -n smf-data | grep ops-center-smf-ops-center
ops-center-smf-ops-center ClusterIP 192.168.0.203 <none> 8008/TCP,8080/TCP,2024/TCP,2022/TCP,7681/TCP 8h
[root@master1 ~]# ssh admin@192.168.0.203 -p 2024
admin@10.104.29.203's password:

Welcome to the smf CLI on unknown
Copyright © 2016-2020, Cisco Systems, Inc.
All rights reserved.

admin connected from 192.168.137.64 using ssh on ops-center-smf-ops-center-6ccb4fdbd9-rl5pq
[unknown] smf#

Ops Center の CLI 上から monitor subscriber/protocol を実行することができます。

Monitor subscriber

SMF における monitor subscriber は SUPI を指定することで特定サブスクライバの情報を取得することができます。

[unknown] smf# monitor subscriber supi ?
Possible completions:
Subscriber Identifier, Example: imsi-123456789, imsi-123*

その他には以下のようなオプションがあります。transaction-logs と internal-messages を指定すると SMF 内の Pod 間のメッセージも表示されますのでより詳細な情報を得ることができます。

[unknown] smf# monitor subscriber supi imsi-* ?
Possible completions:
  capture-duration Optional parameter: duration in seconds during which monitor subscriber is enabled, default value 300 secs
  internal-messages Optional parameter: set to yes in order to enable internal messages, by default it is disabled
  transaction-logs Optional parameter: set to yes in order to enable transaction logging, by default it is disabled
  | Output modifiers
  <cr>

＜実行例＞

[unknown] smf# monitor subscriber supi imsi-* transaction-logs yes internal-messages yes
supi: imsi-*
captureDuraiton: 300
enableInternalMsg: true
enableTxnLog: true
  % Total % Received % Xferd Average Speed Time Time Time Current
                             Dload Upload Total Spent Left Speed
100 225 100 92 100 133 2243 3243 --:--:-- --:--:-- --:--:-- 5487
Command: --header Content-type:application/json --request POST --data {"commandname":"mon_sub","parameters":{"supi":"imsi-*","duration":300,"enableTxnLog":true,"enableInternalMsg":true,"action":"start"}} http://oam-pod:8879/commands
Result start mon_sub, fileName ->monsublogs/imsi-*_WithTxnLogs_TS_2022-01-26T15:16:23.888195323.txt
Starting to tail the monsub messages from file: monsublogs/imsi-*_WithTxnLogs_TS_2022-01-26T15:16:23.888195323.txt
    2022/01/26 15:16:30.795 [DEBUG] [smf-service.smf-app.gen] Adding CDL Labels: [qos_5qi_9_rat_type:NR qos_5qi_8_rat_type:NR]
    2022/01/26 15:16:30.796 [WARN] [smf-service.smf-app.messageprocessor] Msg Processing Failed for message [106], Sending -ve rsp
***********************************************
Transaction Log received from Instance: smf-data.smf-nodemgr.smf-data.Local.0

以下は実行例からの抜粋ですが、各メッセージが SBI(Service Based Interface) を通じてやりとりされる様子が確認できます。

2022/01/26 23:23:29.303 [DEBUG] [rest_ep.app.n10] Sending registration request to udm: /imsi-123456789012345/registrations/smf-registrations/5 with payload {"dnn":"data.com","pduSessionId":5,"pgwFqdn":"192.168.20.21","plmnId":{"mcc":"123","mnc":"456"},"singleNssai":{"sd":"000003","sst":1},"smfInstanceId":"cf6abc02-209d-4e1f-ab90-f38034101940","supportedFeatures":"0"}
2022/01/26 23:23:29.330 [INFO] [rest_ep.app.n10] Received registration success response with status = 201 and body = {"smfInstanceId": "cf6abc02-209d-4e1f-ab90-f38034101940", "pduSessionId": 5, "plmnId": {"mcc": "123", "mnc": "456"}, "singleNssai": {"sd": "000003", "sst": 1}, "dnn": "data.com", "pgwFqdn": "192.168.20.21"}

2022/01/26 23:23:29.339 [DEBUG] [rest_ep.app.n10] Sending sm subscription request to udm: /imsi-123456789012345/sm-data?dnn=data.com&plmn-id=%7B%22mcc%22%3A%22123%22%2C%22mnc%22%3A%22456%22%7D&single-nssai=%7B%22sd%22%3A%22000003%22%2C%22sst%22%3A1%7D&supported-features=0
2022/01/26 23:23:29.435 [INFO] [rest_ep.app.n10] Received sm subscription success response with status = 200 and body = [{"dnnConfigurations": {"data.com": {"pduSessionTypes": {"defaultSessionType": "IPV4", "allowedSessionTypes": ["IPV4", "IPV6", "IPV4V6", "UNSTRUCTURED", "ETHERNET"]}, "sscModes": {"defaultSscMode": "SSC_MODE_1", "allowedSscModes": ["SSC_MODE_1", "SSC_MODE_2"]}, "5gQosProfile": {"5qi": 5, "arp": {"priorityLevel": 15, "preemptCap": "NOT_PREEMPT", "preemptVuln": "NOT_PREEMPTABLE"}}, "sessionAmbr": {"uplink": "100 Mbps", "downlink": "125 Mbps"}, "3gppChargingCharacteristics": "1"}}, "singleNssai": {"sd": "000003", "sst": 1}}]

2022/01/26 23:23:29.472 [DEBUG] [rest_ep.app.n10] Sending sm subscribe-to-notification request to udm: /imsi-123456789012345/sdm-subscriptions with payload {"callbackReference":"http://192.168.20.23:8090/callbacks/v2/smUdmDataChangeNotification/imsi-123456789012345:5:1643239409267260186","dnn":"data.com","implicitUnsubscribe":true,"monitoredResourceUris":["/nudm-sdm/v2/imsi-123456789012345/sm-data"],"nfInstanceId":"cf6abc02-209d-4e1f-ab90-f38034101940","plmnId":{"mcc":"123","mnc":"456"},"singleNssai":{"sd":"000003","sst":1}}
2022/01/26 23:23:29.510 [INFO] [rest_ep.app.n10] Received Subscribe-to-Notification success response with status = 201 and body = {"nfInstanceId": "cf6abc02-209d-4e1f-ab90-f38034101940", "monitoredResourceUris": [], "callbackReference": "/callbacks/v2/smUdmDataChangeNotification/imsi-123456789012345:5:1643239409267260186"}

2022/01/26 15:16:30.734 [DEBUG] [rest_ep.app.n11] Sending n1n2 transfer request to amf: /ue-contexts/imsi-123456789012345/n1-n2-messages with payload {"n1MessageContainer":{"n1MessageClass":"SM","n1MessageContent":{"contentId":"n1msg"}},"n1n2FailureTxfNotifURI":"http://192.168.20.21:8090/callbacks/v1/N1N2MsgTxfrFailureNotification/imsi-123456789012345:5:1643210190451667780","n2InfoContainer":{"n2InformationClass":"SM","smInfo":{"n2InfoContent":{"ngapData":{"contentId":"n2msg"},"ngapIeType":"PDU_RES_SETUP_REQ","ngapMessageType":29},"pduSessionId":5,"sNssai":{"sd":"000003","sst":1}}},"pduSessionId":5}

エラーが発生した場合はイベントトレースが出力されます。

2022/01/25 08:36:12.275 [ERROR] [smf-service.smf-app.event-trace] nasEncodePduSessionEstbReject(Cause-REQUEST_REJECTED_UNSPECIFIED) - EVENT TRACE - SessionKeys[[imsi-123456789012345:5 (pk) pcfGroupId:PCF-dnn=data.com; (nuk) policy:2 (nuk) pcf:192.168.20.106 (nuk)]]
CurIndex:[19], CurProcInst:[0], CreateTimeStamp:[2022-01-25 08:36:12.038 +0000 UTC], BaseTimeStamp:[2022-01-25 08:36:12.038 +0000 UTC]

|INDEX|EVENT NAME |EVENT TYPE |PROC NAME |PROC INST |TXN ID |TIMESTAMP |
|1 |N11SmContextCreateReq |INCOMING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.039 +0000 UTC |
|2 |N10RegistrationRequest |OUTGOING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.042 +0000 UTC |
|3 |NIntUdmRegBgIpcRspMsg |INCOMING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.105 +0000 UTC |
|4 |N10RegistrationSuccess |INCOMING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.105 +0000 UTC |
|5 |N10SubscriptionFetchReq |OUTGOING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.105 +0000 UTC |
|6 |NIntUdmSubBgIpcRspMsg |INCOMING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.155 +0000 UTC |
|7 |N10SubscriptionFetchSuccess |INCOMING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.155 +0000 UTC |
|8 |N10SubscribeForNotificationReq |OUTGOING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.156 +0000 UTC |
|9 |NIntUdmSubNotifyBgIpcRspMsg |INCOMING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.183 +0000 UTC |
|10 |N10SubscribeForNotificationSuccess |INCOMING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.184 +0000 UTC |
|11 |NIntSelfTxnPduSetup |INTERNAL_EVENT |PDU Session Establishment |1 |17 |2022-01-25 08:36:12.184 +0000 UTC |
|12 |UNKNOWN_EVENT : 0 |LOCAL_2_DB |Unknown |0 |0 |2022-01-25 08:36:12.185 +0000 UTC |
|13 |N11SmContextCreateSuccess |OUTGOING_EVENT |PDU Session Establishment |1 |16 |2022-01-25 08:36:12.203 +0000 UTC |
|14 |NIntSelfTxnPduSetup |INCOMING_EVENT |PDU Session Establishment |1 |17 |2022-01-25 08:36:12.205 +0000 UTC |
|15 |N7SmPolicyCreateReq |OUTGOING_EVENT |PDU Session Establishment |1 |17 |2022-01-25 08:36:12.205 +0000 UTC |
|16 |NIntSelfTxnPolicyBGIPCRspMsg |INCOMING_EVENT |PDU Session Establishment |1 |17 |2022-01-25 08:36:12.271 +0000 UTC |
|17 |N7SmPolicyCreateSuccess |INCOMING_EVENT |PDU Session Establishment |1 |17 |2022-01-25 08:36:12.272 +0000 UTC |
|18 |NIntErrPduSetup |INTERNAL_EVENT |PDU Session Establishment |1 |17 |2022-01-25 08:36:12.275 +0000 UTC |
|19 |NIntSelfTxnPduSetup |OUTGOING_EVENT |PDU Session Establishment |1 |17 |2022-01-25 08:36:12.275 +0000 UTC |

Monitor protocol

Monitor subscriber は SUPI を指定して実行しましたが、monitor protocol はインターフェース指定で実行することができます。

[unknown] smf# monitor protocol interface ?
Possible completions:
Interface on which pcap is captured: sbi, pfcp, gtpu, gtpc, gtp

指定できるインターフェース名は show endpoint コマンドで確認可能です。

[unknown] smf# show endpoint
                                                                                   START     STOPPED
ENDPOINT                 ADDRESS               TYPE  STATUS   INTERFACE  INTERNAL  TIME      TIME
------------------------------------------------------------------------------------------------------
192.168.20.20:2123       192.168.20.20:2123    Udp   Started             false     17 hours  <none>
192.168.20.25:10000      192.168.20.25:10000   Udp   Started             false     17 hours  <none>
192.168.20.25:11000      192.168.20.25:11000   Udp   Started             false     17 hours  <none>
192.168.20.25:12000      192.168.20.25:12000   Udp   Started             false     17 hours  <none>
192.168.20.25:13000      192.168.20.25:13000   Udp   Started             false     17 hours  <none>
192.168.20.25:14000      192.168.20.25:14000   Udp   Started             false     17 hours  <none>
Gtpu:192.168.20.25:2152  192.168.20.25:2152    Udp   Started  GTPU       false     17 hours  <none>
N4:192.168.20.25:8805    192.168.20.25:8805    Udp   Started  N4         false     17 hours  <none>
n10                      192.168.235.140:9010  Rest  Started  N10        false     17 hours  <none>
n11                      192.168.235.140:9011  Rest  Started  N11        false     17 hours  <none>
n40                      192.168.235.140:9040  Rest  Started  N40        false     17 hours  <none>
n7                       192.168.235.140:9007  Rest  Started  N7         false     17 hours  <none>
nrflib_rest_ep           192.168.235.140:9201  Rest  Started             false     17 hours  <none>
rad-dns-rest-svr         192.168.235.156:8881  Rest  Started             false     17 hours  <none>
sbi                      192.168.235.140:8090  Rest  Started  SBI        false     17 hours  <none>

＜実行例＞

[unknown] smf# monitor protocol interface sbi,n11,N4:192.168.20.25:8805 capture-duration 60
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 251 100 116 100 135 128 149 --:--:-- --:--:-- --:--:-- 277
Command: --header Content-type:application/json --request POST --data {"commandname":"mon_pro","parameters":{"interface":"sbi,n11,N4:192.168.20.25:8805","duration":60,"action":"start","enable_pcap":false}} http://oam-pod:8879/commands
Result start mon_pro, fileName ->monprologs/sessintfname_sbi,n11,N4:192.168.20.25:8805_at_2022-01-26T23:49:01.570288995.txt
Starting to tail the monpro messages from file: monprologs/sessintfname_sbi,n11,N4:192.168.20.25:8805_at_2022-01-26T23:49:01.570288995.txt
InterfaceName = n11 | InterfaceIP = 192.168.235.140 | Filter = (tcp or udp) and (port 9011 or (host 192.168.20.104 and port 8086))
INBOUND>>>>>
from 100.0.0.11:48301 to 192.168.235.140:9011
Protocol: TCP | Sequence Number: 1180600311
Packet Metadata: {Timestamp:2022-01-26 23:49:09.335073 +0000 UTC CaptureLength:105 Length:105 InterfaceIndex:4 AncillaryData:[]}

Packet Raw Bytes:
c6b7c314b33eeeeeeeeeeeee08004500005b482e40004006e22e6400000bc0a8eb8cbcad2333465e87f7b1820dc680180016108e00000101080a0940cfda0940cfda505249202a20485454502f322e300d0a0d0a534d0d0a0d0a000006040000000000000300000064

Packet Dump:
-- FULL PACKET DATA (105 bytes) ------------------------------------
00000000 c6 b7 c3 14 b3 3e ee ee ee ee ee ee 08 00 45 00 |.....>........E.|
00000010 00 5b 48 2e 40 00 40 06 e2 2e 64 00 00 0b c0 a8 |.[H.@.@...d.....|
00000020 eb 8c bc ad 23 33 46 5e 87 f7 b1 82 0d c6 80 18 |....#3F^........|
00000030 00 16 10 8e 00 00 01 01 08 0a 09 40 cf da 09 40 |...........@...@|
00000040 cf da 50 52 49 20 2a 20 48 54 54 50 2f 32 2e 30 |..PRI * HTTP/2.0|
00000050 0d 0a 0d 0a 53 4d 0d 0a 0d 0a 00 00 06 04 00 00 |....SM..........|
00000060 00 00 00 00 03 00 00 00 64 |........d|

Hex dump を PCAP に変換してみる（オプション）

Monitor protocol の出力結果は Packet Dump を含んでいます。せっかくなので簡単な Python スクリプトで PCAP に変換できるようにしてみます。

#mon2pcap_smf.py

import re
import sys
import os

monpro = sys.argv[1]

with open(monpro, encoding="utf8", errors='ignore') as src_f, open('./smf_monpro.txt', mode='w') as dst_f:
    found = False
    lines = src_f.readlines()
    for line in lines:
        if found == True:
            if "--- Layer" in line:
                found = False
            else:
                dst_f.write(line)
        elif "FULL PACKET DATA" in line:
            found = True

# generate pcap file
os.system('text2pcap smf_monpro.txt smf_dump.pcap')

PCAP に変換するために text2pcap を使用していますので、実行には text2pcap がインストールされている必要があります。

＜実行例＞

python mon2pcap_smf.py monpro_output.txt

Wireshark でメッセージのやり取りが確認できるようになりました。

Screen Shot 2022-01-27 at 10.21.37.png