Simple single AMF config RerouteNASRequest problem

Q/A
#1

I’m trying to setup a very basic 5G NPN using free5gc and node-h gNodeB:
mcc: 999, mnc: 99, tac: 000007
single slice (sst: 1, sd: FFFFFF)
amf id region: 2 and set: 1 (amfId: 020040)

The node-h finds the free5gc AMF ok, but with an auth warning about the certificate signed by unknown authority.

When I try and connect a UE, it attempts to register, but there is an attempt to reroute to another AMF using a NG Application Protocol (RerouteNASRequest) message to the node-h:

image
image827×637 145 KB

Reading various topics on the forum suggests that I have made a mistake in my amfcfg.yaml or my nssfcfg.yaml.

I’ve copied my amfcfg anf nssfcfg below. Can anyone tell me what I am doing wrong.

My amfcfg.yaml:
info:
version: 1.0.9
description: AMF initial local configuration

configuration:
  amfName: AMF # the name of this AMF
  ngapIpList:  # the IP list of N2 interfaces on this AMF
    - 192.168.12.126
#    - 127.0.0.18 # changed DPB 26/8/2025
  ngapPort: 38412 # the SCTP port listened by NGAP

  # Service-based Interface (SBI) Configuration
  sbi:
    scheme: http # the protocol for sbi (http or https)
#    registerIPv4: 192.168.12.126 # IP used to register to NRF
    registerIPv4: 127.0.0.18 # IP used to register to NRF
    bindingIPv4: 127.0.0.18  # IP used to bind the service
    port: 8000 # port used to bind the service
    tls: # the local path of TLS key
      pem: cert/amf.pem # AMF TLS Certificate
      key: cert/amf.key # AMF TLS Private key

  # SBI Services offered by this AMF, as per TS 29.518
  serviceNameList:
    - namf-comm # Namf_Communication service
    - namf-evts # Namf_EventExposure service
    - namf-mt   # Namf_MT service
    - namf-loc  # Namf_Location service
    - namf-oam  # OAM service

  # Guami (Globally Unique AMF ID) list supported by this AMF
  servedGuamiList:
    # <GUAMI> = <MCC><MNC><AMF ID>
    - plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>
        mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
        mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
      #amfId: cafe00 # AMF identifier (3 bytes hex string, range: 000000~FFFFFF)
      amfId: 020040 # AMF identifier (3 bytes hex string, range: 000000~FFFFFF)

  # the TAI (Tracking Area Identifier) list supported by this AMF
  supportTaiList:
    - plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>
        mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
        mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
      tac: 000007 # Tracking Area Code (3 bytes hex string, range: 000000~FFFFFF)

  # the PLMNs (Public land mobile network) list supported by this AMF
  plmnSupportList:
    - plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>
        mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
        mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
      snssaiList: # the S-NSSAI (Single Network Slice Selection Assistance Information) list supported by this AMF
        - sst: 1 # Slice/Service Type (uinteger, range: 0~255)
          sd: FFFFFF # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)
      #  - sst: 1 # Slice/Service Type (uinteger, range: 0~255)
      #    sd: 112233 # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)

  # the DNN (Data Network Name) list supported by this AMF
  supportDnnList:
    - internet
  nrfUri: http://127.0.0.10:8000 # a valid URI of NRF
  nrfCertPem: cert/nrf.pem # NRF Certificate

  # NAS Security Configuration
  # the priority of integrity algorithms
  # the priority of ciphering algorithms
  security:
    integrityOrder:
      - NIA2
      # - NIA0
    cipheringOrder:
      - NEA0
      - NEA2

  # Network Name Information
  networkName:
    full: free5GC
    short: free

  # Optional NGAP Information Elements (IE)
  ngapIE:
    mobilityRestrictionList: # Mobility Restriction List IE, refer to TS 38.413
      enable: true # append this IE in related message or not
    maskedIMEISV: # Masked IMEISV IE, refer to TS 38.413
      enable: true # append this IE in related message or not
    redirectionVoiceFallback: # Redirection Voice Fallback IE, refer to TS 38.413
      enable: false # append this IE in related message or not

  # Optional NAS Information Elements (IE)
  nasIE:
    networkFeatureSupport5GS: # 5gs Network Feature Support IE, refer to TS 24.501
      enable: true # append this IE in Registration accept or not
      length: 1 # IE content length (uinteger, range: 1~3)
      imsVoPS: 0 # IMS voice over PS session indicator (uinteger, range: 0~1)
      emc: 0 # Emergency service support indicator for 3GPP access (uinteger, range: 0~3)
      emf: 0 # Emergency service fallback indicator for 3GPP access (uinteger, range: 0~3)
      iwkN26: 0 # Interworking without N26 interface indicator (uinteger, range: 0~1)
      mpsi: 0 # MPS indicator (uinteger, range: 0~1)
      emcN3: 0 # Emergency service support indicator for Non-3GPP access (uinteger, range: 0~1)
      mcsi: 0 # MCS indicator (uinteger, range: 0~1)
  t3502Value: 720  # timer value (seconds) at UE side
  t3512Value: 3600 # timer value (seconds) at UE side
  non3gppDeregTimerValue: 3240 # timer value (seconds) at UE side
  # retransmission timer for paging message
  t3513:
    enable: true     # true or false
    expireTime: 6s   # default is 6 seconds
    maxRetryTimes: 4 # the max number of retransmission
  # retransmission timer for NAS Deregistration Request message
  t3522:
    enable: true     # true or false
    expireTime: 6s   # default is 6 seconds
    maxRetryTimes: 4 # the max number of retransmission
  # retransmission timer for NAS Registration Accept message
  t3550:
    enable: true     # true or false
    expireTime: 6s   # default is 6 seconds
    maxRetryTimes: 4 # the max number of retransmission
  # retransmission timer for NAS Configuration Update Command message
  t3555:
    enable: true     # true or false
    expireTime: 6s   # default is 6 seconds
    maxRetryTimes: 4 # the max number of retransmission
  # retransmission timer for NAS Authentication Request/Security Mode Command message
  t3560:
    enable: true     # true or false
    expireTime: 6s   # default is 6 seconds
    maxRetryTimes: 4 # the max number of retransmission
  # retransmission timer for NAS Notification message
  t3565:
    enable: true     # true or false
    expireTime: 6s   # default is 6 seconds
    maxRetryTimes: 4 # the max number of retransmission
  # retransmission timer for NAS Identity Request message
  t3570:
    enable: true     # true or false
    expireTime: 6s   # default is 6 seconds
    maxRetryTimes: 4 # the max number of retransmission
  locality: area1 # Name of the location where a set of AMF, SMF, PCF and UPFs are located

  # set the sctp server setting <optinal>, once this field is set, please also add maxInputStream, maxOsStream, maxAttempts, maxInitTimeOut
  sctp:
    numOstreams: 3 # the maximum out streams of each sctp connection
    maxInstreams: 5 # the maximum in streams of each sctp connection
    maxAttempts: 2 # the maximum attempts of each sctp connection
    maxInitTimeout: 2 # the maximum init timeout of each sctp connection
  defaultUECtxReq: false # the default value of UE Context Request to decide when triggering Initial Context Setup procedure

logger: # log output setting
  enable: true # true or false
  level: debug # how detailed to output, value: trace, debug, info, warn, error, fatal, panic
  reportCaller: false # enable the caller report or not, value: true or false

My nssfcfg.yam
info:
version: 1.0.2
description: NSSF initial local configuration

configuration:
  nssfName: NSSF # the name of this NSSF
  sbi: # Service-based interface information
    scheme: http # the protocol for sbi (http or https)
    registerIPv4: 127.0.0.31 # IP used to register to NRF
    bindingIPv4: 127.0.0.31  # IP used to bind the service
    port: 8000 # Port used to bind the service
    tls: # the local path of TLS key
      pem: cert/nssf.pem # NSSF TLS Certificate
      key: cert/nssf.key # NSSF TLS Private key
  serviceNameList: # the SBI services provided by this SMF, refer to TS 29.531
    - nnssf-nsselection # Nnssf_NSSelection service
    - nnssf-nssaiavailability # Nnssf_NSSAIAvailability service
  nrfUri: http://127.0.0.10:8000 # a valid URI of NRF
  nrfCertPem: cert/nrf.pem # NRF Certificate
  supportedPlmnList: # the PLMNs (Public land mobile network) list supported by this NSSF
    - mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
      mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
  supportedNssaiInPlmnList: # Supported S-NSSAI List for each PLMN
    - plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>
        mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
        mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
      supportedSnssaiList: # Supported S-NSSAIs of the PLMN
        - sst: 1 # Slice/Service Type (uinteger, range: 0~255)
          sd: FFFFFF # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)
    - snssai: # S-NSSAI of this NSI
        sst: 1 # Slice/Service Type (uinteger, range: 0~255)
      nsiInformationList: # Information list of this NSI
        # the NRF to be used to select the NFs/services within the selected NSI, and an optonal ID
        - nrfId: http://127.0.0.10:8000/nnrf-nfm/v1/nf-instances
          nsiId: 10
    - snssai: # S-NSSAI of this NSI
        sst: 1 # Slice/Service Type (uinteger, range: 0~255)
        sd: FFFFFF # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)

  amfSetList: # List of AMF Sets that my be assigned by this NSSF
    - amfSetId: 1 # the AMF Set identifier
      amfList: # Instance ID of the AMFs in this set
        - ffa2e8d7-3275-49c7-8631-6af1df1d9d26
      # URI of the NRF used to determine the list of candidate AMF(s) from the AMF Set
      nrfAmfSet: http://127.0.0.10:8000/nnrf-nfm/v1/nf-instances
      # the Nssai availability data information per TA supported by the AMF
      supportedNssaiAvailabilityData:
        - tai: # Tracking Area Identifier
            plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>
              mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
              mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
            tac: 000007 # Tracking Area Code (uinteger, range: 0~16777215)
          supportedSnssaiList: # Supported S-NSSAIs of the tracking area
            - sst: 1 # Slice/Service Type (uinteger, range: 0~255)
              sd: FFFFFF # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)

  amfList: # List of AMFs that may be assigned by this NSSF
    - nfId: 469de254-2fe5-4ca0-8381-af3f500af77c # ID of this AMF
      # The NSSAI availability data information per TA supported by the AMF
      supportedNssaiAvailabilityData:
        - tai: # Tracking Area Identifier
            plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>
              mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
              mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
            tac: 000007 # Tracking Area Code (uinteger, range: 0~16777215)
          supportedSnssaiList: # Supported S-NSSAIs of the tracking area
            - sst: 1 # Slice/Service Type (uinteger, range: 0~255)
              sd: FFFFFF # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)

  taList: # List of supported tracking area and their related information of this NSSF instance
    - tai: # Tracking Area Identity
        plmnId: # Public Land Mobile Network ID, <PLMN ID> = <MCC><MNC>
          mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
          mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
        tac: 000007 # Tracking Area Code (uinteger, range: 0~16777215)
      accessType: 3GPP_ACCESS # Access type of the tracking area
      supportedSnssaiList: # List of supported S-NSSAIs of the tracking area
        - sst: 1 # Slice/Service Type (uinteger, range: 0~255)
          sd: FFFFFF # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)

  # List of mappings of S-NSSAI in the serving network and the value of the home network
  mappingListFromPlmn:
    - operatorName: internet # Home PLMN name
      homePlmnId: # Home PLMN identifier
        mcc: 999 # Mobile Country Code (3 digits string, digit: 0~9)
        mnc: 99 # Mobile Network Code (2 or 3 digits string, digit: 0~9)
      mappingOfSnssai: # List of S-NSSAIs mapping
        - servingSnssai: # S-NSSAI in the serving network
            sst: 1 # Slice/Service Type (uinteger, range: 0~255)
            sd: FFFFFF # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)
          homeSnssai: # S-NSSAI in the home network
            sst: 1 # Slice/Service Type (uinteger, range: 0~255)
            sd: FFFFFF # Slice Differentiator (3 bytes hex string, range: 000000~FFFFFF)

logger: # log output setting
  enable: true # true or false
  level: debug # how detailed to output, value: trace, debug, info, warn, error, fatal, panic
  reportCaller: false # enable the caller report or not, value: true or false
#2

Hi @davidpb,
Could you provide the log message from both free5GC and the UE-RAN, and the configuration of your UE?
It would be helpful for identifying the cause.

#3

Hi,
I’ve since removed all the yaml associated with additional AMF and the problem appears to be due to either and authentication issue and/or the tracking area not being allowed.

Please see the free5gc.logfree5gc_log.txt (136.2 KB)

I haven’t found a way for node-h gNodeB to provide a log file, but here are my settings:

image
image768×494 90.4 KB

image
image709×840 84 KB

ubuntu@nuc-0:~$ sudo tshark -i eno1 -f "host 192.168.12.197"
   63 83.204406721 192.168.12.126 → 192.168.12.197 SCTP 98 HEARTBEAT_ACK 
   64 86.784440850 192.168.12.197 → 192.168.12.126 SCTP 98 HEARTBEAT 
   65 86.784516239 192.168.12.126 → 192.168.12.197 SCTP 98 HEARTBEAT_ACK 
   66 88.181874174 192.168.12.197 → 192.168.12.126 NGAP/NAS-5GS/NAS-5GS 198 InitialUEMessage, Registration request, Registration request
   67 88.245534305 192.168.12.126 → 192.168.12.197 NGAP/NAS-5GS 146 SACK (Ack=5, Arwnd=106496) , DownlinkNASTransport, Authentication request
   68 88.261826767 192.168.12.197 → 192.168.12.126 NGAP/NAS-5GS 134 SACK (Ack=3, Arwnd=67108864) , UplinkNASTransport, Authentication failure (ngKSI already in use)
   69 88.262786218 192.168.12.126 → 192.168.12.197 NGAP/NAS-5GS 146 SACK (Ack=6, Arwnd=106496) , DownlinkNASTransport, Authentication request
   70 88.284380323 192.168.12.197 → 192.168.12.126 SCTP 62 SACK (Ack=4, Arwnd=67108864) 
   71 88.381854836 192.168.12.197 → 192.168.12.126 NGAP/NAS-5GS 138 UplinkNASTransport, Authentication response
   72 88.445860626 192.168.12.126 → 192.168.12.197 NGAP/NAS-5GS 126 SACK (Ack=7, Arwnd=106496) , DownlinkNASTransport, Security mode command
   73 88.461820938 192.168.12.197 → 192.168.12.126 NGAP/NAS-5GS 202 SACK (Ack=5, Arwnd=67108864) , UplinkNASTransport
   74 88.666421018 192.168.12.126 → 192.168.12.197 SCTP 62 SACK (Ack=8, Arwnd=106496) 
   75 90.959666466 192.168.12.197 → 192.168.12.126 NGAP 90 UEContextReleaseRequest
   76 90.961614782 192.168.12.126 → 192.168.12.197 NGAP 102 SACK (Ack=9, Arwnd=106496) , UEContextReleaseCommand
   77 90.962310805 192.168.12.197 → 192.168.12.126 NGAP 102 SACK (Ack=6, Arwnd=67108864) , UEContextReleaseComplete
   78 91.170345855 192.168.12.126 → 192.168.12.197 SCTP 62 SACK (Ack=10, Arwnd=106496) 
   79 94.464464205 192.168.12.197 → 192.168.12.126 SCTP 98 HEARTBEAT

Wireshark capture between AMF and node-h

image
image768×512 68.8 KB

image
image768×512 74.8 KB