paulmataruso/nextepc-oss
1
0
Fork 0
mirror of https://github.com/nextepc/nextepc-oss.git synced 2025-11-03 05:13:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

FAQ update

Browse Source
This commit is contained in:
Sukchan Lee
2019-06-02 00:50:46 +09:00
parent 5f4b42cbfc
commit f7ef0f3aab
1 changed files with 205 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

205
docs/_pages/faq.md
View File

@@ -4,6 +4,211 @@ title: FAQ
permalink: /faq/
---
#### Is it possible to setup IP/NAT table along with Docker?
The following is the default docker IP/NAT table.
```
$ sudo iptables-save
# Generated by iptables-save v1.6.1 on Sat Jun 1 23:43:50 2019
*nat
:PREROUTING ACCEPT [74:4820]
:INPUT ACCEPT [4:208]
:OUTPUT ACCEPT [49:3659]
:POSTROUTING ACCEPT [49:3659]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Sat Jun 1 23:43:50 2019
# Generated by iptables-save v1.6.1 on Sat Jun 1 23:43:50 2019
*filter
:INPUT ACCEPT [651:514108]
:FORWARD DROP [70:4612]
:OUTPUT ACCEPT [590:63846]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Sat Jun 1 23:43:50 2019
```
Create **newtables** file as below.
```diff
$ diff -u oldtables newtables
--- oldtables 2019-06-01 23:43:50.354974226 +0900
+++ newtables 2019-06-01 23:44:16.110931684 +0900
@@ -8,6 +8,7 @@
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
+-A POSTROUTING -s 45.45.0.0/16 ! -o pgwtun -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Sat Jun 1 23:43:50 2019
@@ -26,6 +27,10 @@
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
+-A FORWARD -o pgwtun -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o pgwtun -j DOCKER
+-A FORWARD -i pgwtun ! -o pgwtun -j ACCEPT
+-A FORWARD -i pgwtun -o pgwtun -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
```
And then, apply **newtables** as below.
```
$ sudo iptables-restore < newtables
```
The above operation is the same as described in the following manuals.
```
### Check IP Tables
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
### Check NAT Tables
$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
### Enable IPv4 Forwarding
$ sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
### Add NAT Rule
$ sudo iptables -t nat -A POSTROUTING -s 45.45.0.0/16 ! -o pgwtun -j MASQUERADE
```
#### How to use a different APN for each PGW
By default, MME selects the PGW as the first PGW node. To use a different APN for each PGW, specify gtpc.apn as the APN name. If the HSS uses WebUI to set the PGW IP for each UE, you can use a specific PGW node for each UE.
See the following example.
```
### For reference, see `nextepc.conf`
#------------------------ MME --------------------------
#
# o Two PGW are defined. 127.0.0.3:2123 is used.
# [fe80::3%lo]:2123 is ignored.
# gtpc:
# - addr: 127.0.0.3
# - addr: fe80::3%lo
#
# o One PGW is defined. if prefer_ipv4 is not true,
# [fe80::3%lo] is selected.
# gtpc:
# - addr:
# - 127.0.0.3
# - fe80::3%lo
#
# o Two PGW are defined with a different APN.
# - Note that if PGW IP for UE is configured in HSS,
# the following configurion for this UE is ignored.
# gtpc:
# - addr: 127.0.0.3
# apn: internet
# - addr: 127.0.0.5
# apn: volte
#
# o If APN is omitted, the default APN uses the first PGW node.
# gtpc:
# - addr: 127.0.0.3
# - addr: 127.0.0.5
# apn: volte
#
```
The IP address of the UE can also use a different UE pool depending on the APN.
```
### For reference, see `nextepc.conf`
#
# <UE Pool>
#
# o IPv4 Pool
# $ sudo ip addr add 45.45.0.1/16 dev pgwtun
#
# ue_pool:
# addr: 45.45.0.1/16
#
# o IPv4/IPv6 Pool
# $ sudo ip addr add 45.45.0.1/16 dev pgwtun
# $ sudo ip addr add cafe:1::1/64 dev pgwtun
#
# ue_pool:
# - addr: 45.45.0.1/16
# - addr: cafe:1::1/64
#
#
# o Specific APN(e.g 'volte') uses 45.46.0.1/16, cafe:2::1/64
# All other APNs use 45.45.0.1/16, cafe:1::1/64
# $ sudo ip addr add 45.45.0.1/16 dev pgwtun
# $ sudo ip addr add 45.46.0.1/16 dev pgwtun
# $ sudo ip addr add cafe:1::1/64 dev pgwtun
# $ sudo ip addr add cafe:2::1/64 dev pgwtun
#
# ue_pool:
# - addr: 45.45.0.1/16
# - addr: cafe:1::1/64
# - addr: 45.46.0.1/16
# apn: volte
# - addr: cafe:2::1/64
# apn: volte
#
# o Multiple Devices (default: pgwtun)
# $ sudo ip addr add 45.45.0.1/16 dev pgwtun
# $ sudo ip addr add cafe:1::1/64 dev pgwtun2
# $ sudo ip addr add 45.46.0.1/16 dev pgwtun3
# $ sudo ip addr add cafe:2::1/64 dev pgwtun3
#
# ue_pool:
# - addr: 45.45.0.1/16
# - addr: cafe:1::1/64
# dev: pgwtun2
# - addr: 45.46.0.1/16
# apn: volte
# dev: pgwtun3
# - addr: cafe:2::1/64
# apn: volte
# dev: pgwtun3
#
```
#### How to connect MongoDB server
If you do not start MongoDB, you will get the following error: