# # logger: # # o Set OGS_LOG_INFO to all domain level # - If `level` is omitted, the default level is OGS_LOG_INFO) # - If `domain` is omitted, the all domain level is set from 'level' # (Nothing is needed) # # o Set OGS_LOG_ERROR to all domain level # - `level` can be set with none, fatal, error, warn, info, debug, trace # level: error # # o Set OGS_LOG_DEBUG to mme/emm domain level # level: debug # domain: mme,emm # # o Set OGS_LOG_TRACE to all domain level # level: trace # domain: core,sbi,udm,event,tlv,mem,sock # logger: file: @localstatedir@/log/open5gs/udm.log # # tls: # enabled: auto|yes|no # - auto: Default. Use TLS only if key/cert is available # - yes: Use TLS always; # reject if no key/cert available # - no: Don't use TLS if there is an key/cert available # # o Server-side Key and Certficiate # server: # key: /etc/open5gs/tls/udm.key # cert: /etc/open5gs/tls/udm.crt # # o Client-side does not use TLS # client: # enabled: no # key: /etc/open5gs/tls/udm.key # cert: /etc/open5gs/tls/udm.crt # # o Use the specified certificate to verify client # server # cacert: /etc/open5gs/tls/ca.crt # # o Use the specified certificate to verify server # client # cacert: /etc/open5gs/tls/ca.crt # tls: enabled: no server: cacert: @sysconfdir@/open5gs/tls/ca.crt key: @sysconfdir@/open5gs/tls/udm.key cert: @sysconfdir@/open5gs/tls/udm.crt client: cacert: @sysconfdir@/open5gs/tls/ca.crt key: @sysconfdir@/open5gs/tls/udm.key cert: @sysconfdir@/open5gs/tls/udm.crt # # o Generate the private key as below. # $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key # $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key # # o The private and public keys can be viewed with the command. # The public key is used when creating the SIM. # $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text # $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text # # hnet: # o Home network public key identifier(PKI) value : 1 # Protection scheme identifier : ECIES scheme profile A # - id: 1 # scheme: 1 # key: /etc/open5gs/hnet/curve25519-1.key # # o Home network public key identifier(PKI) value : 2 # Protection scheme identifier : ECIES scheme profile B # - id: 2 # scheme: 2 # key: /etc/open5gs/hnet/secp256r1-2.key # # o Home network public key identifier(PKI) value : 3 # Protection scheme identifier : ECIES scheme profile A # - id: 3 # scheme: 1 # key: /etc/open5gs/hnet/curve25519-1.key # # o Home network public key identifier(PKI) value : 4 # Protection scheme identifier : ECIES scheme profile B # - id: 4 # scheme: 2 # key: /etc/open5gs/hnet/secp256r1-2.key # hnet: - id: 1 scheme: 1 key: @sysconfdir@/open5gs/hnet/curve25519-1.key - id: 2 scheme: 2 key: @sysconfdir@/open5gs/hnet/secp256r1-2.key - id: 3 scheme: 1 key: @sysconfdir@/open5gs/hnet/curve25519-3.key - id: 4 scheme: 2 key: @sysconfdir@/open5gs/hnet/secp256r1-4.key - id: 5 scheme: 1 key: @sysconfdir@/open5gs/hnet/curve25519-5.key - id: 6 scheme: 2 key: @sysconfdir@/open5gs/hnet/secp256r1-6.key # # udm: # # # # o SBI Server(http://:80) # sbi: # # o SBI Server(http://:7777) # sbi: # - addr: # - 0.0.0.0 # - ::0 # port: 7777 # # o SBI Server(https://:443) # tls: # server: # key: /etc/open5gs/tls/udm.key # cert: /etc/open5gs/tls/udm.crt # udm: # sbi: # # o SBI Server(http://127.0.0.5:80, http://[::1]:80) # tls: # enabled: no # server: # key: /etc/open5gs/tls/udm.key # cert: /etc/open5gs/tls/udm.crt # udm: # sbi: # - addr: 127.0.0.5 # - addr: ::1 # # o SBI Server(https://udm.open5gs.org:443) # Use the specified certificate to verify client # # tls: # server: # cacert: /etc/open5gs/tls/ca.crt # udm: # sbi: # - name: udm.open5gs.org # # o SBI Server(http://127.0.0.12:7777) # sbi: # - addr: 127.0.0.12 # port: 7777 # # o SBI Server(http://:80) # sbi: # - dev: eth0 # # o Provide custom SBI address to be advertised to NRF # sbi: # - dev: eth0 # advertise: open5gs-udm.svc.local # # sbi: # - addr: localhost # advertise: # - 127.0.0.99 # - ::1 # # o SBI Option (Default) # - tcp_nodelay : true # - so_linger.l_onoff : false # # sbi: # addr: 127.0.0.12 # option: # tcp_nodelay: false # so_linger: # l_onoff: true # l_linger: 10 # # # # o NF Service Name(Default : all NF services available) # service_name: # # o NF Service Name(Only some NF services are available) # service_name: # - nudm-sdm # - nudm-uecm # - nudm-ueau # # # # o (Default) If you do not set Query Parameter as shown below, # # sbi: # - addr: 127.0.0.12 # port: 7777 # # - 'service-names' is included. # # sbi: # - addr: 127.0.0.12 # port: 7777 # discovery: # option: # no_service_names: false # # o To remove 'service-names' from URI query parameters in NS Discovery # no_service_names: true # # * For Indirect Communication with Delegated Discovery, # 'service-names' is always included in the URI query parameter. # * That is, 'no_service_names' has no effect. # # # # o (Default) If you do not set Delegated Discovery as shown below, # # sbi: # - addr: 127.0.0.12 # port: 7777 # # - Use SCP if SCP avaiable. Otherwise NRF is used. # => App fails if both NRF and SCP are unavailable. # # sbi: # - addr: 127.0.0.12 # port: 7777 # discovery: # delegated: auto # # o To use SCP always => App fails if no SCP available. # delegated: yes # # o Don't use SCP server => App fails if no NRF available. # delegated: no # udm: sbi: - addr: 127.0.0.12 port: 7777 # # scp: # # > # # o SBI Client(http://127.0.1.10:7777) # sbi: # addr: 127.0.1.10 # port: 7777 # # o SBI Client(https://127.0.1.10:443, http://scp.open5gs.org:80) # sbi: # - addr: 127.0.1.10 # tls: # key: /etc/open5gs/tls/udm.key # cert: /etc/open5gs/tls/udm.crt # - name: scp.open5gs.org # # o SBI Client(https://scp.open5gs.org:443) # Use the specified certificate to verify peer # # sbi: # - name: scp.open5gs.org # tls: # cacert: /etc/open5gs/tls/ca.crt # # o SBI Client(http://[fd69:f21d:873c:fb::1]:80) # If prefer_ipv4 is true, http://127.0.1.10:80 is selected. # # sbi: # addr: # - 127.0.1.10 # - fd69:f21d:873c:fb::1 # # o SBI Option (Default) # - tcp_nodelay : true # - so_linger.l_onoff : false # # sbi: # addr: 127.0.1.10 # option: # tcp_nodelay: false # so_linger: # l_onoff: true # l_linger: 10 # # scp: sbi: - addr: 127.0.1.10 port: 7777 # # nrf: # # > # # o SBI Client(http://127.0.0.10:7777) # sbi: # addr: 127.0.0.10 # port: 7777 # # o SBI Client(https://127.0.0.10:443, https://[::1]:443) # tls: # client: # key: /etc/open5gs/tls/udm.key # cert: /etc/open5gs/tls/udm.crt # nrf: # sbi: # - addr: 127.0.0.10 # - addr: ::1 # # o SBI Client(https://nrf.open5gs.org:443) # Use the specified certificate to verify server # # tls: # client: # cacert: /etc/open5gs/tls/ca.crt # nrf: # sbi: # - name: nrf.open5gs.org # # o SBI Client(http://[fd69:f21d:873c:fa::1]:80) # If prefer_ipv4 is true, http://127.0.0.10:80 is selected. # # sbi: # addr: # - 127.0.0.10 # - fd69:f21d:873c:fa::1 # # o SBI Option (Default) # - tcp_nodelay : true # - so_linger.l_onoff : false # # sbi: # addr: 127.0.0.10 # option: # tcp_nodelay: false # so_linger: # l_onoff: true # l_linger: 10 # #nrf: # sbi: # - addr: # - 127.0.0.10 # - ::1 # port: 7777 # # parameter: # # o Disable use of IPv4 addresses (only IPv6) # no_ipv4: true # # o Disable use of IPv6 addresses (only IPv4) # no_ipv6: true # # o Prefer IPv4 instead of IPv6 for estabishing new GTP connections. # prefer_ipv4: true # parameter: # # max: # # o Maximum Number of UE # ue: 1024 # o Maximum Number of Peer(S1AP/NGAP, DIAMETER, GTP, PFCP or SBI) # peer: 64 # max: # # time: # # o NF Instance Heartbeat (Default : 0) # NFs will not send heart-beat timer in NFProfile # NRF will send heart-beat timer in NFProfile # # o NF Instance Heartbeat (20 seconds) # NFs will send heart-beat timer (20 seconds) in NFProfile # NRF can change heart-beat timer in NFProfile # # nf_instance: # heartbeat: 20 # # o Message Wait Duration (Default : 10,000 ms = 10 seconds) # # o Message Wait Duration (3000 ms) # message: # duration: 3000 time: