|
4G/LTE - Core Network |
||
|
GTP (GPRS Tunneling Protocol)
When a data is transferred from Radio Stack(eNB) to Core Network it goes through various Interfaces as illustrated in Figure 1 of Network Architecture and Interface page. When the data go through these interface, they get encapsulated by various tunnel protocol as in Figure 2 of Network Architecture and Interface page. GTP is a specific type of tunneling protocol by which U-plane data (user data) go through as illustrated below. In 3GPP, GTP is specified in 29.281. NOTE : GTP is used mainly for data traffic between eNB/gNB and core network. The control message between eNB/gNB and core network is going through SCTP.
Following is the GTP Header format. User Data (usually IP data) is encapsulated by a GTP packet following this header as shown in example section.
< 3GPP 29.281 - Figure 5.1-1: Outline of the GTP-U Header >
Examples :
This example is from my test setup with Amarisoft Callbox. Usually it is running gNB and MME on the same PC (Callbox PC), but it has flexible architecture to allow the eNB/gNB to get connected to MME installed on another PC as shown below or even to any MME(e.g,live network MME) that support standard S1 or NG interface.
The situation is that UE(192.168.3.2) perform DNS enquiry to google DNS Sever(8.8.8.8). In this situation, on gNB and MME both NAT(Network Address Translation) and GTP tunneing happens on both gNB PC and MME PC.
Following is the Wireshark log captured on MME PC. (NOTE : Since this log is captured on MME PC, it does not show exactly what's happening in gNB PC, but you may easily guess about the gNB PC procedure from this example)
The traffic between gNB and MME can be illustrated as below. Step (1) and Step (8) belong to this type of traffic.
The traffic between MME and Google DNS Server can be illustrated as below. Step (2) and Step (7) belong to this type of traffic.
(1) GTP <DNS>
Internet Protocol Version 4, Src: 10.0.0.185, Dst: 10.0.0.162 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 104 Identification: 0x6736 (26422) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 64 Protocol: UDP (17) Header Checksum: 0xbdf4 [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.0.185 Destination Address: 10.0.0.162 User Datagram Protocol, Src Port: 2152, Dst Port: 2152 Source Port: 2152 Destination Port: 2152 Length: 84 Checksum: 0xc92b [unverified] [Checksum Status: Unverified] [Stream index: 19] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (76 bytes) GPRS Tunneling Protocol Flags: 0x34 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .1.. = Is Next Extension Header present?: Yes .... ..0. = Is Sequence Number present?: No .... ...0 = Is N-PDU number present?: No Message Type: T-PDU (0xff) Length: 68 TEID: 0x4f485cc3 (1330142403) Next extension header type: PDU Session container (0x85) Extension header (PDU Session container) Extension Header Length: 1 PDU Session Container 0001 .... = PDU Type: UL PDU SESSION INFORMATION (1) .... 0000 = Spare: 0x0 00.. .... = Spare: 0x0 ..00 0001 = QoS Flow Identifier (QFI): 1 Next extension header type: No more extension headers (0x00) Internet Protocol Version 4, Src: 192.168.3.2, Dst: 8.8.8.8 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60 Identification: 0x3663 (13923) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 64 Protocol: UDP (17) Header Checksum: 0x3094 [validation disabled] [Header checksum status: Unverified] Source Address: 192.168.3.2 Destination Address: 8.8.8.8 User Datagram Protocol, Src Port: 45843, Dst Port: 53 Source Port: 45843 Destination Port: 53 Length: 40 Checksum: 0x397b [unverified] [Checksum Status: Unverified] [Stream index: 20] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (32 bytes) Domain Name System (query) Transaction ID: 0xb078 Flags: 0x0100 Standard query 0... .... .... .... = Response: Message is a query .000 0... .... .... = Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... .0.. .... = Z: reserved (0) .... .... ...0 .... = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) [Response In: 939]
(2) DNS
Internet Protocol Version 4, Src: 10.0.0.162, Dst: 8.8.8.8 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60 Identification: 0x3663 (13923) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 63 Protocol: UDP (17) Header Checksum: 0xea9c [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.0.162 Destination Address: 8.8.8.8 User Datagram Protocol, Src Port: 45843, Dst Port: 53 Source Port: 45843 Destination Port: 53 Length: 40 Checksum: 0xf283 [unverified] [Checksum Status: Unverified] [Stream index: 21] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] UDP payload (32 bytes) Domain Name System (query) Transaction ID: 0xb078 Flags: 0x0100 Standard query 0... .... .... .... = Response: Message is a query .000 0... .... .... = Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... .0.. .... = Z: reserved (0) .... .... ...0 .... = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) [Response In: 938]
(7) DNS
Internet Protocol Version 4, Src: 8.8.8.8, Dst: 10.0.0.162 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 76 Identification: 0x1b01 (6913) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 122 Protocol: UDP (17) Header Checksum: 0x0aef [validation disabled] [Header checksum status: Unverified] Source Address: 8.8.8.8 Destination Address: 10.0.0.162 User Datagram Protocol, Src Port: 53, Dst Port: 45843 Source Port: 53 Destination Port: 45843 Length: 56 Checksum: 0x03c6 [unverified] [Checksum Status: Unverified] [Stream index: 21] [Timestamps] [Time since first frame: 0.011497757 seconds] [Time since previous frame: 0.011497757 seconds] UDP payload (48 bytes) Domain Name System (response) Transaction ID: 0xb078 Flags: 0x8180 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Answers www.google.com: type A, class IN, addr 172.217.1.4 Name: www.google.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 44 (44 seconds) Data length: 4 Address: 172.217.1.4 [Request In: 933] [Time: 0.011497757 seconds]
(8) GTP <DNS>
Internet Protocol Version 4, Src: 10.0.0.162, Dst: 10.0.0.185 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 120 Identification: 0x93c4 (37828) Flags: 0x40, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 64 Protocol: UDP (17) Header Checksum: 0x9156 [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.0.162 Destination Address: 10.0.0.185 User Datagram Protocol, Src Port: 2152, Dst Port: 2152 Source Port: 2152 Destination Port: 2152 Length: 100 Checksum: 0x15d0 [unverified] [Checksum Status: Unverified] [Stream index: 19] [Timestamps] [Time since first frame: 0.012275971 seconds] [Time since previous frame: 0.011631151 seconds] UDP payload (92 bytes) GPRS Tunneling Protocol Flags: 0x34 001. .... = Version: GTP release 99 version (1) ...1 .... = Protocol type: GTP (1) .... 0... = Reserved: 0 .... .1.. = Is Next Extension Header present?: Yes .... ..0. = Is Sequence Number present?: No .... ...0 = Is N-PDU number present?: No Message Type: T-PDU (0xff) Length: 84 TEID: 0xa968d0db (2842218715) Next extension header type: PDU Session container (0x85) Extension header (PDU Session container) Extension Header Length: 1 PDU Session Container 0000 .... = PDU Type: DL PDU SESSION INFORMATION (0) .... 0000 = Spare: 0x0 0... .... = Paging Policy Presence (PPP): Not Present .0.. .... = Reflective QoS Indicator (RQI): Not Present ..00 0001 = QoS Flow Identifier (QFI): 1 Next extension header type: No more extension headers (0x00) Internet Protocol Version 4, Src: 8.8.8.8, Dst: 192.168.3.2 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 76 Identification: 0x1b01 (6913) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment Offset: 0 Time to Live: 121 Protocol: UDP (17) Header Checksum: 0x52e6 [validation disabled] [Header checksum status: Unverified] Source Address: 8.8.8.8 Destination Address: 192.168.3.2 User Datagram Protocol, Src Port: 53, Dst Port: 45843 Source Port: 53 Destination Port: 45843 Length: 56 Checksum: 0x4abd [unverified] [Checksum Status: Unverified] [Stream index: 20] [Timestamps] [Time since first frame: 0.012275971 seconds] [Time since previous frame: 0.012275971 seconds] UDP payload (48 bytes) Domain Name System (response) Transaction ID: 0xb078 Flags: 0x8180 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries www.google.com: type A, class IN Name: www.google.com [Name Length: 14] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Answers www.google.com: type A, class IN, addr 172.217.1.4 Name: www.google.com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 44 (44 seconds) Data length: 4 Address: 172.217.1.4 [Request In: 932] [Time: 0.012275971 seconds]
Reference :
|
||
