docs: refactor deployment scenarios (#407)

docs/deployments/README.md

@@ -0,0 +1,14 @@
+# Deployment examples
+The eUPF can be integrated with different 5G Core implementations in different scenarios.
+
+eUPF pod outbound connection is pure routed at the node. There is no address translation inside pod, so we avoid such lack of throughtput.
+
+BGP is used to announce the subscriber's subnet to the route table of Kubernetes cluster.
+
+## [Open5GS + Calico BGP](./open5gs-with-bgp/README.md)
+
+## [Open5GS + Calico BGP with Slices](./open5gs-with-bgp-and-slices/README.md)
+
+## [Free5GC + Calico BGP](./free5gc-with-bgp/README.md)
+
+## [Free5GC UpLink CLassifier (ULCL) architecture](./free5gc-ulcl/README.md)

docs/deployments/free5gc-ulcl/Makefile

@@ -3,6 +3,8 @@ HELM_ARGS?=--wait --timeout 100s --create-namespace
 HELM_ACTION?=install
 
 free5gc:
+	phy_if=$(lshw -C network |grep -Fm 1 'logical name:' |awk -- '{print $NF}')
+	sed -i "s/masterIf:.*/masterIf: $phy_if/" global.yaml
 	helm $(HELM_ACTION) \
 		free5gc towards5gs/free5gc \
 		--values global.yaml \
@@ -13,6 +15,8 @@ free5gc:
 		$(HELM_ARGS)
 
 upf:
+	phy_if=$(lshw -C network |grep -Fm 1 'logical name:' |awk -- '{print $NF}')
+	sed -i "s/masterIf:.*/masterIf: $phy_if/" global.yaml
 	helm $(HELM_ACTION) \
 		free5gc-upf towards5gs/free5gc-upf \
 		--values global.yaml \

docs/deployments/free5gc-with-bgp/Makefile

@@ -0,0 +1,42 @@
+NAMESPACE?=free5gc
+HELM_VALUES_DIR?=./values
+
+HELM_ARGS?=--timeout 30s --create-namespace
+HELM_ACTION?=upgrade --install
+
+free5gc:
+	helm $(HELM_ACTION) \
+		free5gc towards5gs/free5gc \
+		--version 1.1.7 \
+		--values $(HELM_VALUES_DIR)/global.yaml \
+		--values $(HELM_VALUES_DIR)/free5gc.yaml \
+		-n $(NAMESPACE) \
+		$(HELM_ARGS)
+
+calico:
+	kubectl apply -f $(HELM_VALUES_DIR)/../manifests/calico-pools.yaml
+	kubectl apply -f $(HELM_VALUES_DIR)/../manifests/calico-bgp.yaml
+
+upf:
+	helm $(HELM_ACTION) \
+		eupf oci://registry-1.docker.io/edgecom/eupf \
+		--version 0.4.0 \
+		--values $(HELM_VALUES_DIR)/eupf.yaml \
+		-n $(NAMESPACE) \
+		$(HELM_ARGS)
+
+ue1:
+	helm $(HELM_ACTION) \
+		ueransim1 towards5gs/ueransim \
+		--values $(HELM_VALUES_DIR)/global.yaml \
+		--values $(HELM_VALUES_DIR)/ueransim.yaml \
+		--version 2.0.17 \
+		-n $(NAMESPACE) \
+		$(HELM_ARGS)
+
+clean:
+	helm delete free5gc -n $(NAMESPACE) || true
+	helm delete eupf -n $(NAMESPACE) || true
+	helm delete ueransim1 -n $(NAMESPACE) || true
+	kubectl delete -f $(HELM_VALUES_DIR)/../manifests/calico-pools.yaml || true
+	kubectl delete -f $(HELM_VALUES_DIR)/../manifests/calico-bgp.yaml || true

docs/deployments/free5gc-with-bgp/README.md

@@ -0,0 +1,69 @@
+# Free5GC + eUPF with Calico BGP
+
+Be careful, this document work in progress
+
+![](./schema.png)
+
+## Requirements
+
+- Kubernetes cluster with Calico and Multus CNI
+- [helm](https://helm.sh/docs/intro/install/) installed
+- calico backend configured as BIRD
+
+    change `calico_backend` parameter to `bird` in configmap with name `calico-config` and then restart all pods with name `calico-node-*`
+
+
+- configure helm repos
+
+    ```
+    helm repo add towards5gs https://raw.githubusercontent.com/Orange-OpenSource/towards5gs-helm/main/repo/
+    helm repo update
+    ```
+
+- update values files, you should set name of network interface in file `global.yaml` (parameter masterIf)
+
+## Deployment steps
+
+1. install free5gc
+
+    `make free5gc`
+
+1. create subscriber in free5gc via WebUI
+
+    redirect port from webui pod to localhost
+
+    ```powershell
+    kubectl port-forward service/webui-service 5000:5000 -n free5gc
+    ```
+
+    open http://127.0.0.1:5000 in your browser (for auth use user "admin" with password "free5gc"), go to menu "subscribers", click "new subscriber", leave all values as is, press "submit"
+
+    close port forward with `Ctrl + C`
+
+1. configure calico BGP settings. Here, we configure Calico BGP peer and create Calico IP Pool (for NAT)
+
+    `make calico`
+
+1. install eupf
+
+    `make upf`
+
+1. install UERANSim
+
+    `make ue1`
+
+## Check steps
+
+1. exec shell in UE pod
+
+    `kubectl -n free5gc exec -ti deployment/ueransim-ue -- /bin/bash`
+
+1. run ICMP test
+
+    `ping -I uesimtun0 1.1.1.1`
+
+## Undeploy steps
+
+1. undeploy all
+
+    `make clean`

docs/examples/open5gs/calico-bgp.yaml → docs/deployments/free5gc-with-bgp/manifests/calico-bgp.yaml

@@ -2,11 +2,11 @@
 apiVersion: crd.projectcalico.org/v1
 kind: BGPPeer
 metadata:
-  name: eupf-10-45-0-0
+  name: eupf-10-11-0-0
 spec:
   nodeSelector: all()
-  peerIP: 10.233.64.1
-  asNumber: 65000
+  peerIP: 10.233.64.11
+  asNumber: 65001
 ---
 apiVersion: crd.projectcalico.org/v1
 kind: BGPConfiguration

docs/examples/open5gs/calico-pools.yaml → docs/deployments/free5gc-with-bgp/manifests/calico-pools.yaml

@@ -2,9 +2,9 @@
 apiVersion: crd.projectcalico.org/v1
 kind: IPPool
 metadata:
-  name: eupf-ue-pool-10-45-0-0
+  name: eupf-ue-pool-10-11-0-0
 spec:
-  cidr: 10.45.0.0/16
+  cidr: 10.11.0.0/16
   ipipMode: Never
   natOutgoing: true
   disabled: false

docs/examples/free5gc/eupf-container-nat.yaml → docs/deployments/free5gc-with-bgp/values/eupf.yaml

@@ -1,69 +1,43 @@
 ---
 
-image:
-  registry: ghcr.io
-  repository: edgecomllc
-  name: eupf
-  tag: main
-  pullPolicy: Always
+global:
+  imagePullPolicy: Always
+
+deploymentStrategy:
+  type: Recreate
 
-command:
-  - /app/conf/run.sh
+image:
+  tag: 0ac3d9fb28808dbca7e123205323e2c09f377971@sha256:a03bdd30efa623b0d3ddc99d9a6472453a43d2d64ed715a9a042e893d82ffb68
 
 args:
   - --config
   - /app/conf/config.yml
 
-securityContext:
-  privileged: true
-
-podSecurityContext:
-  sysctls:
-  - name: net.ipv4.ip_forward
-    value: "1"
+env:
+  UPF_PFCP_NODE_ID: 10.100.50.241
+  UPF_N3_ADDRESS: 10.100.50.233
 
 configMaps:
   config:
     data:
       config.yml: |
-        interface_name: [n3, n6]
+        interface_name: n3
         api_address: :8080
-        pfcp_address: :8805
+        pfcp_address: 10.100.50.241:8805
         metrics_address: :9090
-        n3_address: 10.100.50.233
-      run.sh: |
-        #!/bin/sh
-
-        set -x
-
-        mkdir -p /etc/iproute2
-        echo "1000 n6if" >> /etc/iproute2/rt_tables
-        ip rule add from 10.1.0.0/16 table n6if
-        ip route add default via 10.100.100.254 dev n6 table n6if
-
-        set +x
-
-        exec /app/bin/eupf $@
-
-env:
-  UPF_PFCP_NODE_ID: 10.100.50.241  # address on n4 interface
-  # UPF_N3_ADDRESS: 10.100.50.233
 
 volumes:
   - name: sys
     hostPath:
       path: /sys
   - name: config
     configMap:
-      name: edgecomllc-eupf-universal-chart-config
+      name: eupf-config
       defaultMode: 420
       items:
         - key: config.yml
           mode: 493
           path: config.yml
-        - key: run.sh
-          mode: 493
-          path: run.sh
 
 volumeMounts:
   - name: sys
@@ -72,39 +46,67 @@ volumeMounts:
   - name: config
     mountPath: /app/conf
 
-metrics:
+bird:
   enabled: true
+  env:
+    BIRD_LOCAL_AS: 65001
+    BIRD_LOCAL_PREFIX: 10.11.0.0/16
+
+metrics:
+  enabled: false
   serviceMonitor:
-    enabled: true
+    enabled: false
     additionalLabels:
       release: kube-prometheus-stack
     endpoints:
       port: metrics
       path: "/metrics"
 
-imagePullSecrets:
-  - name: gh-container-registry
+podAnnotations:
+  cni.projectcalico.org/ipv4pools: '["default-pool"]'
+  cni.projectcalico.org/ipAddrs: '["10.233.64.11"]'
+  k8s.v1.cni.cncf.io/networks: |
+    [
+      {
+        "name": "n3network-free5gc-free5gc-upf",
+        "interface": "n3",
+        "ips": [ "10.100.50.233/29" ]
+      },
+      {
+        "name": "n4network-free5gc-free5gc-smf",
+        "interface": "n4",
+        "ips": [ "10.100.50.241/29" ]
+      }
+    ]
+
+podSecurityContext:
+  sysctls:
+  - name: net.ipv4.ip_forward
+    value: "1"
+
+securityContext:
+  privileged: true
 
 extraContainerPorts:
+  - name: gtpu
+    containerPort: 2152
+    protocol: UDP
   - name: pfcp
     containerPort: 8805
     protocol: UDP
-  - name: metrics
-    containerPort: 9090
-    protocol: TCP
 
 service:
   type: ClusterIP
   port: 8080
   extraPorts:
+    - port: 2152
+      targetPort: gtpu
+      protocol: UDP
+      name: gtpu
     - port: 8805
       targetPort: pfcp
       protocol: UDP
       name: pfcp
-    - port: 9090
-      targetPort: metrics
-      protocol: TCP
-      name: metrics
 
 resources:
   limits:
@@ -126,51 +128,11 @@ readinessProbe:
   initialDelaySeconds: 5
   periodSeconds: 10
 
-podAnnotations:
-  k8s.v1.cni.cncf.io/networks: |
-    [
-      {
-        "name": "n3network-upf",
-        "interface": "n3",
-        "ips": [ "10.100.50.233/29" ]
-      },
-      {
-        "name": "n4network-upf",
-        "interface": "n4",
-        "ips": [ "10.100.50.241/29" ]
-      },
-      {
-        "name": "edgecomllc-eupf-nat-n6",
-        "interface": "n6",
-        "ips": [ "10.100.100.12/24" ]
-      }
-    ]
-
 extraDeploy:
   - apiVersion: k8s.cni.cncf.io/v1
     kind: NetworkAttachmentDefinition
     metadata:
-      name: n3network-upf
-    spec:
-      config: |
-        {
-          "cniVersion": "0.3.1",
-          "plugins": [
-            {
-              "type": "ipvlan",
-              "capabilities": { "ips": true },
-              "master": "ens3",
-              "mode": "l2",
-              "ipam": {
-                "type": "static"
-              }
-            }
-          ]
-        }
-  - apiVersion: k8s.cni.cncf.io/v1
-    kind: NetworkAttachmentDefinition
-    metadata:
-      name: n4network-upf
+      name: n3network-free5gc-free5gc-upf
     spec:
       config: |
         {
@@ -179,7 +141,7 @@ extraDeploy:
             {
               "type": "ipvlan",
               "capabilities": { "ips": true },
-              "master": "ens3",
+              "master": "eth0",
               "mode": "l2",
               "ipam": {
                 "type": "static"