181baecb6SMauro Carvalho Chehab.. SPDX-License-Identifier: GPL-2.0 281baecb6SMauro Carvalho Chehab 381baecb6SMauro Carvalho Chehab===================================== 481baecb6SMauro Carvalho ChehabThe Linux kernel GTP tunneling module 581baecb6SMauro Carvalho Chehab===================================== 681baecb6SMauro Carvalho Chehab 781baecb6SMauro Carvalho ChehabDocumentation by 881baecb6SMauro Carvalho Chehab Harald Welte <laforge@gnumonks.org> and 981baecb6SMauro Carvalho Chehab Andreas Schultz <aschultz@tpip.net> 1081baecb6SMauro Carvalho Chehab 1181baecb6SMauro Carvalho ChehabIn 'drivers/net/gtp.c' you are finding a kernel-level implementation 1281baecb6SMauro Carvalho Chehabof a GTP tunnel endpoint. 1381baecb6SMauro Carvalho Chehab 1481baecb6SMauro Carvalho ChehabWhat is GTP 1581baecb6SMauro Carvalho Chehab=========== 1681baecb6SMauro Carvalho Chehab 1781baecb6SMauro Carvalho ChehabGTP is the Generic Tunnel Protocol, which is a 3GPP protocol used for 1881baecb6SMauro Carvalho Chehabtunneling User-IP payload between a mobile station (phone, modem) 1981baecb6SMauro Carvalho Chehaband the interconnection between an external packet data network (such 2081baecb6SMauro Carvalho Chehabas the internet). 2181baecb6SMauro Carvalho Chehab 2281baecb6SMauro Carvalho ChehabSo when you start a 'data connection' from your mobile phone, the 2381baecb6SMauro Carvalho Chehabphone will use the control plane to signal for the establishment of 2481baecb6SMauro Carvalho Chehabsuch a tunnel between that external data network and the phone. The 2581baecb6SMauro Carvalho Chehabtunnel endpoints thus reside on the phone and in the gateway. All 2681baecb6SMauro Carvalho Chehabintermediate nodes just transport the encapsulated packet. 2781baecb6SMauro Carvalho Chehab 2881baecb6SMauro Carvalho ChehabThe phone itself does not implement GTP but uses some other 2981baecb6SMauro Carvalho Chehabtechnology-dependent protocol stack for transmitting the user IP 3081baecb6SMauro Carvalho Chehabpayload, such as LLC/SNDCP/RLC/MAC. 3181baecb6SMauro Carvalho Chehab 3281baecb6SMauro Carvalho ChehabAt some network element inside the cellular operator infrastructure 3381baecb6SMauro Carvalho Chehab(SGSN in case of GPRS/EGPRS or classic UMTS, hNodeB in case of a 3G 3481baecb6SMauro Carvalho Chehabfemtocell, eNodeB in case of 4G/LTE), the cellular protocol stacking 3581baecb6SMauro Carvalho Chehabis translated into GTP *without breaking the end-to-end tunnel*. So 3681baecb6SMauro Carvalho Chehabintermediate nodes just perform some specific relay function. 3781baecb6SMauro Carvalho Chehab 3881baecb6SMauro Carvalho ChehabAt some point the GTP packet ends up on the so-called GGSN (GSM/UMTS) 3981baecb6SMauro Carvalho Chehabor P-GW (LTE), which terminates the tunnel, decapsulates the packet 4081baecb6SMauro Carvalho Chehaband forwards it onto an external packet data network. This can be 4181baecb6SMauro Carvalho Chehabpublic internet, but can also be any private IP network (or even 4281baecb6SMauro Carvalho Chehabtheoretically some non-IP network like X.25). 4381baecb6SMauro Carvalho Chehab 4481baecb6SMauro Carvalho ChehabYou can find the protocol specification in 3GPP TS 29.060, available 4581baecb6SMauro Carvalho Chehabpublicly via the 3GPP website at http://www.3gpp.org/DynaReport/29060.htm 4681baecb6SMauro Carvalho Chehab 4781baecb6SMauro Carvalho ChehabA direct PDF link to v13.6.0 is provided for convenience below: 4881baecb6SMauro Carvalho Chehabhttp://www.etsi.org/deliver/etsi_ts/129000_129099/129060/13.06.00_60/ts_129060v130600p.pdf 4981baecb6SMauro Carvalho Chehab 5081baecb6SMauro Carvalho ChehabThe Linux GTP tunnelling module 5181baecb6SMauro Carvalho Chehab=============================== 5281baecb6SMauro Carvalho Chehab 5381baecb6SMauro Carvalho ChehabThe module implements the function of a tunnel endpoint, i.e. it is 5481baecb6SMauro Carvalho Chehabable to decapsulate tunneled IP packets in the uplink originated by 5581baecb6SMauro Carvalho Chehabthe phone, and encapsulate raw IP packets received from the external 5681baecb6SMauro Carvalho Chehabpacket network in downlink towards the phone. 5781baecb6SMauro Carvalho Chehab 5881baecb6SMauro Carvalho ChehabIt *only* implements the so-called 'user plane', carrying the User-IP 5981baecb6SMauro Carvalho Chehabpayload, called GTP-U. It does not implement the 'control plane', 6081baecb6SMauro Carvalho Chehabwhich is a signaling protocol used for establishment and teardown of 6181baecb6SMauro Carvalho ChehabGTP tunnels (GTP-C). 6281baecb6SMauro Carvalho Chehab 6381baecb6SMauro Carvalho ChehabSo in order to have a working GGSN/P-GW setup, you will need a 6481baecb6SMauro Carvalho Chehabuserspace program that implements the GTP-C protocol and which then 6581baecb6SMauro Carvalho Chehabuses the netlink interface provided by the GTP-U module in the kernel 6681baecb6SMauro Carvalho Chehabto configure the kernel module. 6781baecb6SMauro Carvalho Chehab 6881baecb6SMauro Carvalho ChehabThis split architecture follows the tunneling modules of other 6981baecb6SMauro Carvalho Chehabprotocols, e.g. PPPoE or L2TP, where you also run a userspace daemon 7081baecb6SMauro Carvalho Chehabto handle the tunnel establishment, authentication etc. and only the 7181baecb6SMauro Carvalho Chehabdata plane is accelerated inside the kernel. 7281baecb6SMauro Carvalho Chehab 7381baecb6SMauro Carvalho ChehabDon't be confused by terminology: The GTP User Plane goes through 7481baecb6SMauro Carvalho Chehabkernel accelerated path, while the GTP Control Plane goes to 7581baecb6SMauro Carvalho ChehabUserspace :) 7681baecb6SMauro Carvalho Chehab 7781baecb6SMauro Carvalho ChehabThe official homepage of the module is at 7881baecb6SMauro Carvalho Chehabhttps://osmocom.org/projects/linux-kernel-gtp-u/wiki 7981baecb6SMauro Carvalho Chehab 8081baecb6SMauro Carvalho ChehabUserspace Programs with Linux Kernel GTP-U support 8181baecb6SMauro Carvalho Chehab================================================== 8281baecb6SMauro Carvalho Chehab 8381baecb6SMauro Carvalho ChehabAt the time of this writing, there are at least two Free Software 8481baecb6SMauro Carvalho Chehabimplementations that implement GTP-C and can use the netlink interface 8581baecb6SMauro Carvalho Chehabto make use of the Linux kernel GTP-U support: 8681baecb6SMauro Carvalho Chehab 8781baecb6SMauro Carvalho Chehab* OpenGGSN (classic 2G/3G GGSN in C): 8881baecb6SMauro Carvalho Chehab https://osmocom.org/projects/openggsn/wiki/OpenGGSN 8981baecb6SMauro Carvalho Chehab 9081baecb6SMauro Carvalho Chehab* ergw (GGSN + P-GW in Erlang): 9181baecb6SMauro Carvalho Chehab https://github.com/travelping/ergw 9281baecb6SMauro Carvalho Chehab 9381baecb6SMauro Carvalho ChehabUserspace Library / Command Line Utilities 9481baecb6SMauro Carvalho Chehab========================================== 9581baecb6SMauro Carvalho Chehab 9681baecb6SMauro Carvalho ChehabThere is a userspace library called 'libgtpnl' which is based on 9781baecb6SMauro Carvalho Chehablibmnl and which implements a C-language API towards the netlink 9881baecb6SMauro Carvalho Chehabinterface provided by the Kernel GTP module: 9981baecb6SMauro Carvalho Chehab 10081baecb6SMauro Carvalho Chehabhttp://git.osmocom.org/libgtpnl/ 10181baecb6SMauro Carvalho Chehab 10281baecb6SMauro Carvalho ChehabProtocol Versions 10381baecb6SMauro Carvalho Chehab================= 10481baecb6SMauro Carvalho Chehab 10581baecb6SMauro Carvalho ChehabThere are two different versions of GTP-U: v0 [GSM TS 09.60] and v1 10681baecb6SMauro Carvalho Chehab[3GPP TS 29.281]. Both are implemented in the Kernel GTP module. 10781baecb6SMauro Carvalho ChehabVersion 0 is a legacy version, and deprecated from recent 3GPP 10881baecb6SMauro Carvalho Chehabspecifications. 10981baecb6SMauro Carvalho Chehab 11081baecb6SMauro Carvalho ChehabGTP-U uses UDP for transporting PDUs. The receiving UDP port is 2151 11181baecb6SMauro Carvalho Chehabfor GTPv1-U and 3386 for GTPv0-U. 11281baecb6SMauro Carvalho Chehab 11381baecb6SMauro Carvalho ChehabThere are three versions of GTP-C: v0, v1, and v2. As the kernel 11481baecb6SMauro Carvalho Chehabdoesn't implement GTP-C, we don't have to worry about this. It's the 11581baecb6SMauro Carvalho Chehabresponsibility of the control plane implementation in userspace to 11681baecb6SMauro Carvalho Chehabimplement that. 11781baecb6SMauro Carvalho Chehab 11881baecb6SMauro Carvalho ChehabIPv6 11981baecb6SMauro Carvalho Chehab==== 12081baecb6SMauro Carvalho Chehab 12181baecb6SMauro Carvalho ChehabThe 3GPP specifications indicate either IPv4 or IPv6 can be used both 12281baecb6SMauro Carvalho Chehabon the inner (user) IP layer, or on the outer (transport) layer. 12381baecb6SMauro Carvalho Chehab 12481baecb6SMauro Carvalho ChehabUnfortunately, the Kernel module currently supports IPv6 neither for 12581baecb6SMauro Carvalho Chehabthe User IP payload, nor for the outer IP layer. Patches or other 12681baecb6SMauro Carvalho ChehabContributions to fix this are most welcome! 12781baecb6SMauro Carvalho Chehab 12881baecb6SMauro Carvalho ChehabMailing List 12981baecb6SMauro Carvalho Chehab============ 13081baecb6SMauro Carvalho Chehab 13181baecb6SMauro Carvalho ChehabIf you have questions regarding how to use the Kernel GTP module from 13281baecb6SMauro Carvalho Chehabyour own software, or want to contribute to the code, please use the 13381baecb6SMauro Carvalho Chehabosmocom-net-grps mailing list for related discussion. The list can be 13481baecb6SMauro Carvalho Chehabreached at osmocom-net-gprs@lists.osmocom.org and the mailman 13581baecb6SMauro Carvalho Chehabinterface for managing your subscription is at 13681baecb6SMauro Carvalho Chehabhttps://lists.osmocom.org/mailman/listinfo/osmocom-net-gprs 13781baecb6SMauro Carvalho Chehab 13881baecb6SMauro Carvalho ChehabIssue Tracker 13981baecb6SMauro Carvalho Chehab============= 14081baecb6SMauro Carvalho Chehab 14181baecb6SMauro Carvalho ChehabThe Osmocom project maintains an issue tracker for the Kernel GTP-U 14281baecb6SMauro Carvalho Chehabmodule at 14381baecb6SMauro Carvalho Chehabhttps://osmocom.org/projects/linux-kernel-gtp-u/issues 14481baecb6SMauro Carvalho Chehab 14581baecb6SMauro Carvalho ChehabHistory / Acknowledgements 14681baecb6SMauro Carvalho Chehab========================== 14781baecb6SMauro Carvalho Chehab 14881baecb6SMauro Carvalho ChehabThe Module was originally created in 2012 by Harald Welte, but never 14981baecb6SMauro Carvalho Chehabcompleted. Pablo came in to finish the mess Harald left behind. But 15081baecb6SMauro Carvalho Chehabdoe to a lack of user interest, it never got merged. 15181baecb6SMauro Carvalho Chehab 15281baecb6SMauro Carvalho ChehabIn 2015, Andreas Schultz came to the rescue and fixed lots more bugs, 15381baecb6SMauro Carvalho Chehabextended it with new features and finally pushed all of us to get it 15481baecb6SMauro Carvalho Chehabmainline, where it was merged in 4.7.0. 15581baecb6SMauro Carvalho Chehab 15681baecb6SMauro Carvalho ChehabArchitectural Details 15781baecb6SMauro Carvalho Chehab===================== 15881baecb6SMauro Carvalho Chehab 15981baecb6SMauro Carvalho ChehabLocal GTP-U entity and tunnel identification 16081baecb6SMauro Carvalho Chehab-------------------------------------------- 16181baecb6SMauro Carvalho Chehab 16281baecb6SMauro Carvalho ChehabGTP-U uses UDP for transporting PDU's. The receiving UDP port is 2152 16381baecb6SMauro Carvalho Chehabfor GTPv1-U and 3386 for GTPv0-U. 16481baecb6SMauro Carvalho Chehab 165*a266ef69SRandy DunlapThere is only one GTP-U entity (and therefore SGSN/GGSN/S-GW/PDN-GW 16681baecb6SMauro Carvalho Chehabinstance) per IP address. Tunnel Endpoint Identifier (TEID) are unique 16781baecb6SMauro Carvalho Chehabper GTP-U entity. 16881baecb6SMauro Carvalho Chehab 16981baecb6SMauro Carvalho ChehabA specific tunnel is only defined by the destination entity. Since the 17081baecb6SMauro Carvalho Chehabdestination port is constant, only the destination IP and TEID define 17181baecb6SMauro Carvalho Chehaba tunnel. The source IP and Port have no meaning for the tunnel. 17281baecb6SMauro Carvalho Chehab 17381baecb6SMauro Carvalho ChehabTherefore: 17481baecb6SMauro Carvalho Chehab 17581baecb6SMauro Carvalho Chehab * when sending, the remote entity is defined by the remote IP and 17681baecb6SMauro Carvalho Chehab the tunnel endpoint id. The source IP and port have no meaning and 17781baecb6SMauro Carvalho Chehab can be changed at any time. 17881baecb6SMauro Carvalho Chehab 17981baecb6SMauro Carvalho Chehab * when receiving the local entity is defined by the local 18081baecb6SMauro Carvalho Chehab destination IP and the tunnel endpoint id. The source IP and port 18181baecb6SMauro Carvalho Chehab have no meaning and can change at any time. 18281baecb6SMauro Carvalho Chehab 18381baecb6SMauro Carvalho Chehab[3GPP TS 29.281] Section 4.3.0 defines this so:: 18481baecb6SMauro Carvalho Chehab 18581baecb6SMauro Carvalho Chehab The TEID in the GTP-U header is used to de-multiplex traffic 18681baecb6SMauro Carvalho Chehab incoming from remote tunnel endpoints so that it is delivered to the 18781baecb6SMauro Carvalho Chehab User plane entities in a way that allows multiplexing of different 18881baecb6SMauro Carvalho Chehab users, different packet protocols and different QoS levels. 18981baecb6SMauro Carvalho Chehab Therefore no two remote GTP-U endpoints shall send traffic to a 19081baecb6SMauro Carvalho Chehab GTP-U protocol entity using the same TEID value except 19181baecb6SMauro Carvalho Chehab for data forwarding as part of mobility procedures. 19281baecb6SMauro Carvalho Chehab 19381baecb6SMauro Carvalho ChehabThe definition above only defines that two remote GTP-U endpoints 19481baecb6SMauro Carvalho Chehab*should not* send to the same TEID, it *does not* forbid or exclude 19581baecb6SMauro Carvalho Chehabsuch a scenario. In fact, the mentioned mobility procedures make it 19681baecb6SMauro Carvalho Chehabnecessary that the GTP-U entity accepts traffic for TEIDs from 19781baecb6SMauro Carvalho Chehabmultiple or unknown peers. 19881baecb6SMauro Carvalho Chehab 19981baecb6SMauro Carvalho ChehabTherefore, the receiving side identifies tunnels exclusively based on 20081baecb6SMauro Carvalho ChehabTEIDs, not based on the source IP! 20181baecb6SMauro Carvalho Chehab 20281baecb6SMauro Carvalho ChehabAPN vs. Network Device 20381baecb6SMauro Carvalho Chehab====================== 20481baecb6SMauro Carvalho Chehab 20581baecb6SMauro Carvalho ChehabThe GTP-U driver creates a Linux network device for each Gi/SGi 20681baecb6SMauro Carvalho Chehabinterface. 20781baecb6SMauro Carvalho Chehab 20881baecb6SMauro Carvalho Chehab[3GPP TS 29.281] calls the Gi/SGi reference point an interface. This 20981baecb6SMauro Carvalho Chehabmay lead to the impression that the GGSN/P-GW can have only one such 21081baecb6SMauro Carvalho Chehabinterface. 21181baecb6SMauro Carvalho Chehab 21281baecb6SMauro Carvalho ChehabCorrect is that the Gi/SGi reference point defines the interworking 21381baecb6SMauro Carvalho Chehabbetween +the 3GPP packet domain (PDN) based on GTP-U tunnel and IP 21481baecb6SMauro Carvalho Chehabbased networks. 21581baecb6SMauro Carvalho Chehab 21681baecb6SMauro Carvalho ChehabThere is no provision in any of the 3GPP documents that limits the 21781baecb6SMauro Carvalho Chehabnumber of Gi/SGi interfaces implemented by a GGSN/P-GW. 21881baecb6SMauro Carvalho Chehab 21981baecb6SMauro Carvalho Chehab[3GPP TS 29.061] Section 11.3 makes it clear that the selection of a 22081baecb6SMauro Carvalho Chehabspecific Gi/SGi interfaces is made through the Access Point Name 22181baecb6SMauro Carvalho Chehab(APN):: 22281baecb6SMauro Carvalho Chehab 22381baecb6SMauro Carvalho Chehab 2. each private network manages its own addressing. In general this 22481baecb6SMauro Carvalho Chehab will result in different private networks having overlapping 22581baecb6SMauro Carvalho Chehab address ranges. A logically separate connection (e.g. an IP in IP 22681baecb6SMauro Carvalho Chehab tunnel or layer 2 virtual circuit) is used between the GGSN/P-GW 22781baecb6SMauro Carvalho Chehab and each private network. 22881baecb6SMauro Carvalho Chehab 22981baecb6SMauro Carvalho Chehab In this case the IP address alone is not necessarily unique. The 23081baecb6SMauro Carvalho Chehab pair of values, Access Point Name (APN) and IPv4 address and/or 23181baecb6SMauro Carvalho Chehab IPv6 prefixes, is unique. 23281baecb6SMauro Carvalho Chehab 23381baecb6SMauro Carvalho ChehabIn order to support the overlapping address range use case, each APN 23481baecb6SMauro Carvalho Chehabis mapped to a separate Gi/SGi interface (network device). 23581baecb6SMauro Carvalho Chehab 23681baecb6SMauro Carvalho Chehab.. note:: 23781baecb6SMauro Carvalho Chehab 23881baecb6SMauro Carvalho Chehab The Access Point Name is purely a control plane (GTP-C) concept. 23981baecb6SMauro Carvalho Chehab At the GTP-U level, only Tunnel Endpoint Identifiers are present in 24081baecb6SMauro Carvalho Chehab GTP-U packets and network devices are known 24181baecb6SMauro Carvalho Chehab 24281baecb6SMauro Carvalho ChehabTherefore for a given UE the mapping in IP to PDN network is: 24381baecb6SMauro Carvalho Chehab 24481baecb6SMauro Carvalho Chehab * network device + MS IP -> Peer IP + Peer TEID, 24581baecb6SMauro Carvalho Chehab 24681baecb6SMauro Carvalho Chehaband from PDN to IP network: 24781baecb6SMauro Carvalho Chehab 24881baecb6SMauro Carvalho Chehab * local GTP-U IP + TEID -> network device 24981baecb6SMauro Carvalho Chehab 25081baecb6SMauro Carvalho ChehabFurthermore, before a received T-PDU is injected into the network 25181baecb6SMauro Carvalho Chehabdevice the MS IP is checked against the IP recorded in PDP context. 252