5G-ovs-integration with MEC & slicing capability

This experiment has been performed by 5G use case lab (5GUCL) IDRBT. Requirements: USRP B210, PC with 16GB RAM and a hexacore processor

Prerequisites

Docker: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04 Docker-compose : https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-20-04 Link to the blog: https://5guclidrbt.blogspot.com/2023/09/5g-slicing-for-secure-banking-edge.htmlF

Refer these links to setup core in VM and Physical gNB

In developv4 branch we are using physical devices to test the setup core version v1.5.1, while developv2 and developv3 use simulated environment. In the develop branch we are using version 1.4.0 of OAI core. Here in developv2 and developv3 we are using version 1.5.1 from master branch.

Clone the repo

cd
git clone https://github.com/5g-ucl-idrbt/5G-ovs-slicing.git
git branch -a
git checkout developv4

Build the required images

for RYU

 sudo docker build -f Dockerfile.Ryu -t osrg/ryu:latest --network host .

for SPGWU

sudo docker build -f Dockerfile.SPGWU -t oaisoftwarealliance/oai-spgwu-tiny:v1.5.1  --network host .  

for UBUNTU

sudo docker build -f Dockerfile.Ubuntu -t ubuntu:latest --network host . 

for RTMP Server & Speedtest server

cd component
sudo ./mergeAndCreate.sh

Pull the required images

sudo docker pull openvswitch/ovs:2.11.2_debian
sudo docker tag openvswitch/ovs:2.11.2_debian openvswitch/ovs:latest

Running the Core

cd 5G-ovs-slicing/docker-compose
sudo docker compose -f docker-compose-basic-nrf-ovs.yaml up -d
sudo docker ps -a

OR If you want to use the speed testerserver as well as the rtmp server you can use these commands

cd 5G-ovs-slicing/docker-compose
sudo docker compose -f docker-compose-basic-nrf-ovs-streaming.yaml up -d
sudo docker ps -a

OR For Banking app deployment

Click Banking Secure Slice

Run the script file to create bridge, connections and to add IPs & routes

cd oai-cn5g-fed/docker-compose
chmod +x run.sh
sudo ./run.sh

Slicing

For running the slicing code

sudo docker exec ryu ryu-manager --observe-links ryu/ryu/app/ryucode.py

Test to check if the ovs is properly configure

In a new terminal

sudo docker exec oai-spgwu ping -c3 10.0.0.2
sudo docker exec oai-spgwu ping -c3 10.0.0.3
sudo docker exec server ping -c3 10.0.0.1
sudo docker exec router ping -c3 10.0.0.1

Hosting a simple python server in server docker

In a new terminal

sudo docker exec server python3 -m http.server 9999

OR

sudo docker exec -it server bash

python3 -m http.server 9999

Commmands to be executed in Core VM in order to connect to the gNB

sudo sysctl net.ipv4.ip_forward=1
sudo iptables -P FORWARD ACCEPT
sudo ip route add 192.168.71.194 via <GNB Baremetal IP>
sudo ip route add 12.1.1.0/24 via 192.168.70.134 # Forward packets to Mobiles from external sources

To check if the devices are connected to core follow the AMF logs

sudo docker logs --follow oai-amf

Setting up gNB

Clone this repo and follow the instructions ref: https://github.com/5g-ucl-idrbt/oai-gnodeb-b210

Commands to be executed in gNB

sudo sysctl net.ipv4.ip_forward=1
sudo iptables -P FORWARD ACCEPT
sudo ip route add 192.168.70.128/26 via <Bridge IP of Core VM>

cd ci-scripts/yaml_files/sa_b200_gnb/
sudo docker-compose up -d

sudo docker exec -it sa-b200-gnb bash

bash bin/entrypoint.sh
/opt/oai-gnb/bin/nr-softmodem -O /opt/oai-gnb/etc/gnb.conf $USE_ADDITIONAL_OPTIONS

Ping tests to perform in UE

ping 8.8.8.8

ping 10.0.0.1
ping 10.0.0.2
ping 10.0.0.3

To verify that network slicing is working

In the UE open the terminal (termux app) and use the command wget to reach server. But here, we are performing application based slicing we will "wget" the server with the IP of the router which goes towards the internet but not with the actual IP of the server.

wget 10.0.0.3:9999 #IP of the router

Here we have used the Ip of the router,but the port number is 9999. ie., if the UE is trying to reach the internet via the port 9999 it can communicate with the server. we can observe the logs in the tab where we ran the sudo docker exec server python3 -m http.server 9999 command. By looking at these logs we can conclude that the UE reached the server ie., 10.0.0.2.

To verify that the UE is going through the router towards the internet

sudo docker exec -it router bash
ifconfig 
tcpdump -i <interface_name> #interface starting with dcp 

To verify that the UE is reaching the server

sudo docker exec -it server bash
ifconfig
tcpdump -i <interface_name> #interface starting with dcp

For running the speed test in UE

Go to a browser in the UE and type the following ip

http://192.168.70.140:3000

For running and viewing the rtmp server stream

to view the stream go to your browser in a pc

http://192.168.70.141:9080/players/hls.html

OR

http://<CORE_VM IP>:9080/players/hls.html

OR

http://localhost:9080/players/hls.html

in mobile phone you have to use astra app add this as rtmp server

192.168.70.141:1935/live

key is test

For stopping the processes

For shutting down gNB

sudo docker-compose down

For shutting down the core

sudo docker compose -f docker-compose-basic-nrf-ovs.yaml down

OR

sudo docker compose -f docker-compose-basic-nrf-ovs-streaming.yaml down

----------------------------------------------------------

Secured Banking Slice Demo

----------------------------------------------------------

Prerequisites

Before you run for your personalized requirement you have to change :

• the port number as well as IP addreses in the RYU code. The path is 5G-ovs-integration/docker-compose/ryuctrlr /automac_UEbind.py Change the UE Ip accordingly which you want in the slice & change the port according to the servers hosted port

   Line 80: if (pkt.get_protocol(tcp.tcp) and pkt.get_protocol(tcp.tcp).dst_port == 9999 and pkt.get_protocol(ipv4.ipv4).src=="12.1.1.2"):     #### change the UE Ip accordingly which you want in the slice & change the port according to the servers hosted port ####

Change the IP of the server (you also have to change the ip in the run.sh file)

Line 91: parser.OFPActionSetField(ipv4_dst="10.0.0.2"),    ### change the IP of the server (you also have to change the ip in the run.sh file) ###

Change the port according to the servers hosted port

Line 98: elif (pkt.get_protocol(tcp.tcp) and pkt.get_protocol(tcp.tcp).src_port == 9999): ### change the port according to the servers hosted port ###

Change the IP of the router (you also have to change the ip in the run.sh file)

Line 108: parser.OFPActionSetField(ipv4_src="10.0.0.3"),  ### change the IP of the router (you also have to change the ip in the run.sh file) ###

Change the port according to the servers hosted port

Line 115: elif (pkt.get_protocol(tcp.tcp) and pkt.get_protocol(tcp.tcp).src_port != 9999 and pkt.get_protocol(tcp.tcp).dst_port != 9999):   ### change the port according to the servers hosted port ###

Make sure you have built the banking-app image using the docker file present in the /dockerfiles folder

• run the scenario

cd 5G-ovs-integration/docker-compose
sudo docker compose -f docker-compose-slicing-bank-nrf.yaml up -d

• Run the slicing setup script

cd oai-cn5g-fed/docker-compose
chmod +x run.sh
sudo ./run.sh

• Run the slicing code in the RYU controller

sudo docker exec ryu ryu-manager --observe-links ryu/ryu/app/ryucode.py

• In a new tab observe the AMF logs To check if the devices are connected to core

sudo docker logs --follow oai-amf

• Commmands to be executed in Core VM in order to connect to the gNB

sudo sysctl net.ipv4.ip_forward=1
sudo iptables -P FORWARD ACCEPT
sudo ip route add 192.168.71.194 via <GNB Baremetal IP>
sudo ip route add 12.1.1.0/24 via 192.168.70.134 # Forward packets to Mobiles from external sources

• Setting up gNB in a diffrent PC Clone this repo and follow the instructions ref: https://github.com/5g-ucl-idrbt/oai-gnodeb-b210
• Commands to be executed in gNB Plug in the USRP B210 in USB 3.0 port

sudo sysctl net.ipv4.ip_forward=1
sudo iptables -P FORWARD ACCEPT
sudo ip route add 192.168.70.128/26 via <Bridge IP of Core VM>

• To run the gNB docker

cd ci-scripts/yaml_files/sa_b200_gnb/
sudo docker-compose up -d

• To get into the gNB shell

sudo docker exec -it sa-b200-gnb bash

• Execute the commands to run the gNB

bash bin/entrypoint.sh
/opt/oai-gnb/bin/nr-softmodem -O /opt/oai-gnb/etc/gnb.conf $USE_ADDITIONAL_OPTIONS

Testing The Slice

• Now the very first UE device which latches to the network will latch to the banking security slice. It can be configured at 5G-ovs-integration/docker-compose/ryuctrlr/automac_UEbind.py at LINE:80
• On the first UE device open a browser and go the url http://10.0.0.3:3000 you will be able to get the website and you can use the credentials to check account number: 713047 and password: abhi123
• Now connect the 2nd UE to the network and try to go to the same url, you will see that the 2nd UE will not fetch the website.
• Due to slicing we have isolated the 1st UE with the access to the banking portal website

Observation

Even if the server is being hosted on 10.0.0.2:3000 the UE is able to access the server via 10.0.0.3:3000 which is the ip of the router which is going towards the internet. Here, we have isolated the server on the network layer level.

To down the setup

In Core pc

cd 5G-ovs-integration/docker-compose
sudo docker compose -f docker-compose-slicing-bank-nrf.yaml down

In gNB PC

cd ci-scripts/yaml_files/sa_b200_gnb/
sudo docker-compose down