CentOS6によるfree Daimeterのビルドとインストール方法について記載しました。
PCEFとPCRFの双方を構築しGxインターフェースの動きを確認します。
1.構成
1-1.環境
HostOS : Windows10pro Ver:1809 Build:17763.503 VMWare : VMware(R) Workstation 15 Pro 15.1.0 build-13591040 GuestOS : CentOS6.10 Installed Environment Groups : minimal Kernel : 2.6.32-754
上記GuestOS上でPCEFとPCRFを稼働させます。*1
1-2.構成概要
1-3.全体の流れ
事前準備
ビルド&インストール
CAの構築
PCEFの設定
PCRFの設定
動作確認
2.事前準備
必要となるアプリなどのインストール
yum -y install gcc gcc-c++ cmake make flex bison lksctp-tools-devel gnutls-devel libidn-devel openssl libgcrypt-devel wget git
3.ビルド&インストール
freeDiameterのインストールを行います。
mkdir tmp cd /root/tmp wget http://www.freediameter.net/hg/freeDiameter/archive/1.2.0.tar.gz tar zxvf 1.2.0.tar.gz cd /root/tmp/freeDiameter-1.2.0 mkdir build cd /root/tmp/freeDiameter-1.2.0/build
任意のPathにfreedaimeterのソースをDL
解凍後、ビルド用ディレクトリを作成してcd
cmake -D CMAKE_INSTALL_PREFIX:PATH=/opt/freeDiameter .. make && make install
makeファイル作成後、ビルド&インストール
多少時間は掛かりますが、最後の方は以下のように出力されれば正常にインストールが完了しています。
cmake後の出力例
-- Generating done
-- Build files have been written to: /root/tmp/freeDiameter-1.2.0/build
make install後の出力例
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_nasreq.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_eap.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_dcca.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_dcca_3gpp.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_dcca_starent.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_sip.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_mip6a.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_mip6i.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_nas_mipv6.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dict_rfc5777.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/rt_default.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/rt_redirect.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/rt_busypeers.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/rt_ignore_dh.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/rt_load_balance.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/acl_wl.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dbg_monitor.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dbg_msg_timings.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dbg_msg_dumps.fdx
-- Installing: /opt/freeDiameter/lib/freeDiameter/dbg_rt.fdx
4.CAの構築
freedaimeterは互いに証明書を使用して認証するためCAを構築します。
4-1.CAの構築前準備1
vi /etc/pki/tls/openssl.cnf 以下を修正 [ CA_default ] #dir = /etc/pki/CA # Where everything is kept dir = .
4-2.CAの構築前準備2
mkdir -p /opt/CA cd /opt/CA mkdir certs private newcerts echo '01' > serial touch index.txt
4-3.CAの構築
openssl req -new -x509 -newkey rsa:512 -out cacert.pem -keyout private/cakey-pass.pem openssl rsa < private/cakey-pass.pem > private/cakey.pem
CA証明書の作成
CA証明書の鍵からパスフレーズの除外
以下出力例
[root@c610diam01 CA]# openssl req -new -x509 -newkey rsa:512 -out cacert.pem -keyout private/cakey-pass.pem Generating a 512 bit RSA private key .++++++++++++ ..++++++++++++ writing new private key to 'private/cakey-pass.pem' Enter PEM pass phrase: 任意のパスワードを入力 Verifying - Enter PEM pass phrase: 任意のパスワードを入力 ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP State or Province Name (full name) :Tokyo Locality Name (eg, city) [Default City]:Minato-ku Organization Name (eg, company) [Default Company Ltd]:local.jp Organizational Unit Name (eg, section) : 空Enter Common Name (eg, your name or your server's hostname) : ca.local.jp Email Address : 空Enter [root@c610diam01 CA]# openssl rsa < private/cakey-pass.pem > private/cakey.pem Enter pass phrase: 上記のパスワードを入力 writing RSA key
5.PCEFの設定
5-1.PCEF用の証明書発行
cd /opt/CA openssl req -new -newkey rsa:512 -keyout private/c610diam01-pass.key -out private/c610diam01.csr openssl rsa < private/c610diam01-pass.key > private/c610diam01.key openssl ca -in private/c610diam01.csr -out newcerts/c610diam01.crt
PCEF用CSR&鍵の作成
鍵からパスフレーズの除外
PCEF用CSRに署名
以下、出力例
[root@c610diam01 CA]# openssl req -new -newkey rsa:512 -keyout private/c610diam01-pass.key -out private/c610diam01.csr Generating a 512 bit RSA private key .++++++++++++ ...........++++++++++++ writing new private key to 'private/c610diam01-pass.key' Enter PEM pass phrase: 任意のパスワードを入力 Verifying - Enter PEM pass phrase: 任意のパスワードを入力----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP State or Province Name (full name) :Tokyo Locality Name (eg, city) [Default City]:Minato-ku Organization Name (eg, company) [Default Company Ltd]:local.jp Organizational Unit Name (eg, section) : 空Enter Common Name (eg, your name or your server's hostname) :c610diam01.local.jp Email Address : 空Enter Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : 空Enter An optional company name : 空Enter [root@c610diam01 CA]# openssl rsa < private/c610diam01-pass.key > private/c610diam01.key Enter pass phrase: 上記のパスワードを入力 writing RSA key [root@c610diam01 CA]# openssl ca -in private/c610diam01.csr -out newcerts/c610diam01.crt Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Jun 8 02:41:08 2019 GMT Not After : Jun 7 02:41:08 2020 GMT Subject: countryName = JP stateOrProvinceName = Tokyo organizationName = local.jp commonName = c610diam01.local.jp X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 60:37:2C:A4:B6:7F:49:1D:A6:4C:22:D3:BE:BC:7F:88:1D:D4:D6:0C X509v3 Authority Key Identifier: keyid:8F:0F:1D:B8:82:F6:9F:84:26:2B:95:56:C5:7C:16:EB:55:F6:4E:DF Certificate is to be certified until Jun 7 02:41:08 2020 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
5-2.PCEF用拡張モジュールの追加
cd /root/tmp git clone https://github.com/kamome-e/fd_extensions.git cd /root/tmp/fd_extensions/bin/ tar zxvf pcef.tar.gz cd /root/tmp/fd_extensions/bin/pcef/ cp -p app_pcef.fdx dict_gx.fdx /opt/freeDiameter/lib/freeDiameter/ cp pcef-ctl.sh /opt/freeDiameter/bin/
任意のディレクトリ作成
git clone後にcd
解凍後にcd
fdx(拡張モジュール)ファイルのコピー
shファイルのコピー
5-3.freeDaimeter.confの設定
mkdir /opt/freeDiameter/etc cd /opt/freeDiameter/etc/ vi freeDiameter.conf #freeDiameter.conf Identity = "c610diam01.local.jp"; Realm = "local.jp"; TcTimer = 30; TwTimer = 30; AppServThreads = 4; Port = 3868; SecPort = 5868; SCTP_streams = 30; ListenOn = "0.0.0.0"; TLS_Cred = "/opt/CA/newcerts/c610diam01.crt", "/opt/CA/private/c610diam01.key"; TLS_CA = "/opt/CA/cacert.pem"; LoadExtension = "/opt/freeDiameter/lib/freeDiameter/dict_nasreq.fdx"; LoadExtension = "/opt/freeDiameter/lib/freeDiameter/dict_gx.fdx"; LoadExtension = "/opt/freeDiameter/lib/freeDiameter/app_pcef.fdx" : "/opt/freeDiameter/etc/app_pcef.conf"; ConnectPeer = "c610diam02.local.jp"{NO_TLS; No_SCTP; };
<補足>
最終行の
No_SCTP;
について。
本当はSCTPでやり取りしている様をPcapしたかったもののライブラリへのリンクが上手くいってないようでエラーが出力されたため、泣く泣く設定を入れました。*2
5-4.pcef.confの設定
destination_realmのみ変更してください。
cd /root/tmp/fd_extensions/bin/pcef/ cp -p app_pcef.conf /opt/freeDiameter/etc/ vi /opt/freeDiameter/etc/app_pcef.conf signal = 10; work_dir = "/tmp/freeDiameter"; destination_realm = "local.jp"; imsi = "017635273633"; default_charging_rule_name = "default-policy";
5-5.PCEF起動確認
export LD_LIBRARY_PATH=/opt/freeDiameter/lib /opt/freeDiameter/bin/freeDiameterd -c /opt/freeDiameter/etc/freeDiameter.conf
以下出力例です。
[root@c610diam01 pcef]# /opt/freeDiameter/bin/freeDiameterd -c /opt/freeDiameter/etc/freeDiameter.conf 06/08/19,11:52:45.172063 NOTI libfdproto '1.2.0' initialized. 06/08/19,11:52:45.173929 NOTI libgnutls '2.12.23' initialized. 06/08/19,11:52:45.174303 NOTI libfdcore '1.2.0' initialized. 06/08/19,11:52:45.316111 NOTI All extensions loaded. 06/08/19,11:52:45.316133 NOTI freeDiameter configuration: 06/08/19,11:52:45.316136 NOTI Default trace level .... : +3 06/08/19,11:52:45.316138 NOTI Configuration file ..... : /opt/freeDiameter/etc/freeDiameter.conf 06/08/19,11:52:45.316140 NOTI Diameter Identity ...... : c610diam01.local.jp (l:19) 06/08/19,11:52:45.316142 NOTI Diameter Realm ......... : local.jp (l:8) 06/08/19,11:52:45.316144 NOTI Tc Timer ............... : 30 06/08/19,11:52:45.316146 NOTI Tw Timer ............... : 30 06/08/19,11:52:45.316148 NOTI Local port ............. : 3868 06/08/19,11:52:45.316150 NOTI Local secure port ...... : 5868 06/08/19,11:52:45.316152 NOTI Number of SCTP streams . : 30 06/08/19,11:52:45.316154 NOTI Number of clients thr .. : 5 06/08/19,11:52:45.316156 NOTI Number of app threads .. : 4 06/08/19,11:52:45.316158 NOTI Local endpoints ........ : Default (use all available) 06/08/19,11:52:45.316160 NOTI Local applications ..... : App: 16777238,AuAc,Vnd:0 06/08/19,11:52:45.316162 NOTI Flags : - IP ........... : Enabled 06/08/19,11:52:45.316164 NOTI - IPv6 ......... : Enabled 06/08/19,11:52:45.316184 NOTI - Relay app .... : Enabled 06/08/19,11:52:45.316187 NOTI - TCP .......... : Enabled 06/08/19,11:52:45.316189 NOTI - SCTP ......... : Enabled 06/08/19,11:52:45.316191 NOTI - Pref. proto .. : SCTP 06/08/19,11:52:45.316193 NOTI - TLS method ... : Separate port 06/08/19,11:52:45.316195 NOTI TLS : - Certificate .. : /opt/CA/newcerts/c610diam01.crt 06/08/19,11:52:45.316197 NOTI - Private key .. : /opt/CA/private/c610diam01.key 06/08/19,11:52:45.316199 NOTI - CA (trust) ... : /opt/CA/cacert.pem (1 certs) 06/08/19,11:52:45.316201 NOTI - CRL .......... : (none) 06/08/19,11:52:45.316203 NOTI - Priority ..... : (default: 'NORMAL') 06/08/19,11:52:45.316205 NOTI - DH bits ...... : 1024 06/08/19,11:52:45.316207 NOTI Origin-State-Id ........ : 1559962365 06/08/19,11:52:45.316211 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/dict_nasreq.fdx'[(no config file)], loaded 06/08/19,11:52:45.316213 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/dict_gx.fdx'[(no config file)], loaded 06/08/19,11:52:45.316215 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/app_pcef.fdx'[/opt/freeDiameter/etc/app_pcef.conf], loaded 06/08/19,11:52:45.316219 NOTI {signal:10}'app_pcef'->0x7f2921bcfa20 06/08/19,11:52:45.342450 NOTI Local server address(es): 192.168.11.161{---L-} 192.168.30.161{---L-} 06/08/19,11:52:45.342506 NOTI freeDiameterd daemon initialized.
6.PCRFの設定
6-1.PCRF用の証明書発行
cd /opt/CA openssl req -new -newkey rsa:512 -keyout private/c610diam02-pass.key -out private/c610diam02.csr openssl rsa < private/c610diam02-pass.key > private/c610diam02.key openssl ca -in private/c610diam02.csr -out newcerts/c610diam02.crt
PCRF用CSR&鍵の作成
鍵からパスフレーズの除外
PCRF用CSRに署名
以下、出力例
[root@c610diam02 CA]# openssl req -new -newkey rsa:512 -keyout private/c610diam02-pass.key -out private/c610diam02.csr Generating a 512 bit RSA private key .....++++++++++++ ...............................++++++++++++ writing new private key to 'private/c610diam02-pass.key' Enter PEM pass phrase: 任意のパスワードを入力 Verifying - Enter PEM pass phrase: 任意のパスワードを入力 ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP State or Province Name (full name) :Tokyo Locality Name (eg, city) [Default City]:Minato-ku Organization Name (eg, company) [Default Company Ltd]:local.jp Organizational Unit Name (eg, section) : 空Enter Common Name (eg, your name or your server's hostname) :c610diam02.local.jp Email Address : 空Enter Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : 空Enter An optional company name : 空Enter [root@c610diam02 CA]# openssl rsa < private/c610diam02-pass.key > private/c610diam02.key Enter pass phrase: 上記のパスワードを入力 writing RSA key [root@c610diam02 CA]# openssl ca -in private/c610diam02.csr -out newcerts/c610diam02.crt Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 2 (0x2) Validity Not Before: Jun 8 02:58:22 2019 GMT Not After : Jun 7 02:58:22 2020 GMT Subject: countryName = JP stateOrProvinceName = Tokyo organizationName = local.jp commonName = c610diam02.local.jp X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 58:48:A9:29:C0:63:60:17:EA:79:49:ED:3C:62:71:69:3C:E1:9D:92 X509v3 Authority Key Identifier: keyid:8F:0F:1D:B8:82:F6:9F:84:26:2B:95:56:C5:7C:16:EB:55:F6:4E:DF Certificate is to be certified until Jun 7 02:58:22 2020 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
6-2.PCRF用拡張モジュールの追加
cd /root/tmp/fd_extensions/bin/ tar zxvf pcrf.tar.gz cd /root/tmp/fd_extensions/bin/pcrf/ cp -p app_pcrf.fdx dict_gx.fdx /opt/freeDiameter/lib/freeDiameter/
cd後にpcrfのtarファイル解凍
cd後にコピー*3
6-3.freeDaimeter.confの設定
vi /opt/freeDiameter/etc/freeDiameter.conf [root@c610diam02 ~]# vi /opt/freeDiameter/etc/freeDiameter.conf #freeDiameter.conf Identity = "c610diam02.local.jp"; Realm = "local.jp"; TcTimer = 30; TwTimer = 30; AppServThreads = 4; Port = 3868; SecPort = 5868; SCTP_streams = 30; ListenOn = "0.0.0.0"; TLS_Cred = "/opt/CA/newcerts/c610diam02.crt", "/opt/CA/private/c610diam02.key"; TLS_CA = "/opt/CA/cacert.pem"; LoadExtension = "/opt/freeDiameter/lib/freeDiameter/dict_nasreq.fdx"; LoadExtension = "/opt/freeDiameter/lib/freeDiameter/dict_gx.fdx"; LoadExtension = "/opt/freeDiameter/lib/freeDiameter/app_pcrf.fdx" : "/opt/freeDiameter/etc/app_pcrf.conf"; ConnectPeer = "c610diam01.local.jp"{NO_TLS; No_SCTP; };
6-4.pcrf.confの設定
特に変更する箇所はありません。
cd /root/tmp/fd_extensions/bin/pcrf/ cp app_pcrf.conf /opt/freeDiameter/etc/ vi /opt/freeDiameter/etc/app_pcrf.conf [root@c610diam02 pcrf]# vi /opt/freeDiameter/etc/app_pcrf.conf monitoring_key = "test-monitoring-key"; initial_charging_rule_name = "high-speed-policy"; restricted_charging_rule_name = "low-speed-policy"; total_octets_threshold = 20; input_octets_threshold = 10; output_octets_threshold = 10;
6-5.PCRF起動確認
export LD_LIBRARY_PATH=/opt/freeDiameter/lib /opt/freeDiameter/bin/freeDiameterd -c /opt/freeDiameter/etc/freeDiameter.conf
以下、出力例です。
[root@c610diam02 pcrf]# /opt/freeDiameter/bin/freeDiameterd -c /opt/freeDiameter/etc/freeDiameter.conf 06/08/19,12:04:05.801044 NOTI libfdproto '1.2.0' initialized. 06/08/19,12:04:05.801570 NOTI libgnutls '2.12.23' initialized. 06/08/19,12:04:05.801772 NOTI libfdcore '1.2.0' initialized. 06/08/19,12:04:05.911066 NOTI All extensions loaded. 06/08/19,12:04:05.911114 NOTI freeDiameter configuration: 06/08/19,12:04:05.911120 NOTI Default trace level .... : +3 06/08/19,12:04:05.911122 NOTI Configuration file ..... : /opt/freeDiameter/etc/freeDiameter.conf 06/08/19,12:04:05.911124 NOTI Diameter Identity ...... : c610diam02.local.jp (l:19) 06/08/19,12:04:05.911126 NOTI Diameter Realm ......... : local.jp (l:8) 06/08/19,12:04:05.911128 NOTI Tc Timer ............... : 30 06/08/19,12:04:05.911130 NOTI Tw Timer ............... : 30 06/08/19,12:04:05.911132 NOTI Local port ............. : 3868 06/08/19,12:04:05.911134 NOTI Local secure port ...... : 5868 06/08/19,12:04:05.911136 NOTI Number of SCTP streams . : 30 06/08/19,12:04:05.911138 NOTI Number of clients thr .. : 5 06/08/19,12:04:05.911140 NOTI Number of app threads .. : 4 06/08/19,12:04:05.911142 NOTI Local endpoints ........ : Default (use all available) 06/08/19,12:04:05.911144 NOTI Local applications ..... : App: 16777238,AuAc,Vnd:0 06/08/19,12:04:05.911147 NOTI Flags : - IP ........... : Enabled 06/08/19,12:04:05.911149 NOTI - IPv6 ......... : Enabled 06/08/19,12:04:05.911151 NOTI - Relay app .... : Enabled 06/08/19,12:04:05.911153 NOTI - TCP .......... : Enabled 06/08/19,12:04:05.911155 NOTI - SCTP ......... : Enabled 06/08/19,12:04:05.911157 NOTI - Pref. proto .. : SCTP 06/08/19,12:04:05.911159 NOTI - TLS method ... : Separate port 06/08/19,12:04:05.911161 NOTI TLS : - Certificate .. : /opt/CA/newcerts/c610diam02.crt 06/08/19,12:04:05.911163 NOTI - Private key .. : /opt/CA/private/c610diam02.key 06/08/19,12:04:05.911165 NOTI - CA (trust) ... : /opt/CA/cacert.pem (1 certs) 06/08/19,12:04:05.911168 NOTI - CRL .......... : (none) 06/08/19,12:04:05.911170 NOTI - Priority ..... : (default: 'NORMAL') 06/08/19,12:04:05.911172 NOTI - DH bits ...... : 1024 06/08/19,12:04:05.911174 NOTI Origin-State-Id ........ : 1559963045 06/08/19,12:04:05.911178 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/dict_nasreq.fdx'[(no config file)], loaded 06/08/19,12:04:05.911180 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/dict_gx.fdx'[(no config file)], loaded 06/08/19,12:04:05.911182 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/app_pcrf.fdx'[/opt/freeDiameter/etc/app_pcrf.conf], loaded 06/08/19,12:04:05.938652 NOTI Local server address(es): 192.168.11.162{---L-} 192.168.30.162{---L-} 06/08/19,12:04:05.938693 NOTI freeDiameterd daemon initialized.
既にPCEFが起動中であれば、接続が開始されると思いますが、上記の出力例はPCEFが起動していない状態での出力となります。
7.動作確認
7-1.PCRF起動
[root@c610diam02 ~]# /opt/freeDiameter/bin/freeDiameterd -c /opt/freeDiameter/etc/freeDiameter.conf 06/08/19,12:08:49.011248 NOTI libfdproto '1.2.0' initialized. 06/08/19,12:08:49.011937 NOTI libgnutls '2.12.23' initialized. 06/08/19,12:08:49.012197 NOTI libfdcore '1.2.0' initialized. 06/08/19,12:08:49.114938 NOTI All extensions loaded. 06/08/19,12:08:49.114959 NOTI freeDiameter configuration: 06/08/19,12:08:49.114963 NOTI Default trace level .... : +3 06/08/19,12:08:49.114965 NOTI Configuration file ..... : /opt/freeDiameter/etc/freeDiameter.conf 06/08/19,12:08:49.114967 NOTI Diameter Identity ...... : c610diam02.local.jp (l:19) 06/08/19,12:08:49.114969 NOTI Diameter Realm ......... : local.jp (l:8) 06/08/19,12:08:49.114971 NOTI Tc Timer ............... : 30 06/08/19,12:08:49.114973 NOTI Tw Timer ............... : 30 06/08/19,12:08:49.114975 NOTI Local port ............. : 3868 06/08/19,12:08:49.114977 NOTI Local secure port ...... : 5868 06/08/19,12:08:49.114979 NOTI Number of SCTP streams . : 30 06/08/19,12:08:49.114981 NOTI Number of clients thr .. : 5 06/08/19,12:08:49.114983 NOTI Number of app threads .. : 4 06/08/19,12:08:49.114985 NOTI Local endpoints ........ : Default (use all available) 06/08/19,12:08:49.114987 NOTI Local applications ..... : App: 16777238,AuAc,Vnd:0 06/08/19,12:08:49.114989 NOTI Flags : - IP ........... : Enabled 06/08/19,12:08:49.114991 NOTI - IPv6 ......... : Enabled 06/08/19,12:08:49.114993 NOTI - Relay app .... : Enabled 06/08/19,12:08:49.114995 NOTI - TCP .......... : Enabled 06/08/19,12:08:49.114997 NOTI - SCTP ......... : Enabled 06/08/19,12:08:49.114999 NOTI - Pref. proto .. : SCTP 06/08/19,12:08:49.115001 NOTI - TLS method ... : Separate port 06/08/19,12:08:49.115003 NOTI TLS : - Certificate .. : /opt/CA/newcerts/c610diam02.crt 06/08/19,12:08:49.115005 NOTI - Private key .. : /opt/CA/private/c610diam02.key 06/08/19,12:08:49.115007 NOTI - CA (trust) ... : /opt/CA/cacert.pem (1 certs) 06/08/19,12:08:49.115010 NOTI - CRL .......... : (none) 06/08/19,12:08:49.115011 NOTI - Priority ..... : (default: 'NORMAL') 06/08/19,12:08:49.115014 NOTI - DH bits ...... : 1024 06/08/19,12:08:49.115016 NOTI Origin-State-Id ........ : 1559963329 06/08/19,12:08:49.115019 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/dict_nasreq.fdx'[(no config file)], loaded 06/08/19,12:08:49.115021 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/dict_gx.fdx'[(no config file)], loaded 06/08/19,12:08:49.115023 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/app_pcrf.fdx'[/opt/freeDiameter/etc/app_pcrf.conf], loaded 06/08/19,12:08:49.115728 NOTI Local server address(es): 192.168.11.162{---L-} 192.168.30.162{---L-} 06/08/19,12:08:49.115774 NOTI freeDiameterd daemon initialized.
7-2.PCEF起動
[root@c610diam01 ~]# /opt/freeDiameter/bin/freeDiameterd -c /opt/freeDiameter/etc/freeDiameter.conf 06/08/19,12:09:04.765012 NOTI libfdproto '1.2.0' initialized. 06/08/19,12:09:04.765733 NOTI libgnutls '2.12.23' initialized. 06/08/19,12:09:04.766007 NOTI libfdcore '1.2.0' initialized. 06/08/19,12:09:04.949999 NOTI All extensions loaded. 06/08/19,12:09:04.950020 NOTI freeDiameter configuration: 06/08/19,12:09:04.950023 NOTI Default trace level .... : +3 06/08/19,12:09:04.950026 NOTI Configuration file ..... : /opt/freeDiameter/etc/freeDiameter.conf 06/08/19,12:09:04.950028 NOTI Diameter Identity ...... : c610diam01.local.jp (l:19) 06/08/19,12:09:04.950030 NOTI Diameter Realm ......... : local.jp (l:8) 06/08/19,12:09:04.950032 NOTI Tc Timer ............... : 30 06/08/19,12:09:04.950034 NOTI Tw Timer ............... : 30 06/08/19,12:09:04.950036 NOTI Local port ............. : 3868 06/08/19,12:09:04.950038 NOTI Local secure port ...... : 5868 06/08/19,12:09:04.950040 NOTI Number of SCTP streams . : 30 06/08/19,12:09:04.950042 NOTI Number of clients thr .. : 5 06/08/19,12:09:04.950044 NOTI Number of app threads .. : 4 06/08/19,12:09:04.950046 NOTI Local endpoints ........ : Default (use all available) 06/08/19,12:09:04.950048 NOTI Local applications ..... : App: 16777238,AuAc,Vnd:0 06/08/19,12:09:04.950050 NOTI Flags : - IP ........... : Enabled 06/08/19,12:09:04.950052 NOTI - IPv6 ......... : Enabled 06/08/19,12:09:04.950055 NOTI - Relay app .... : Enabled 06/08/19,12:09:04.950057 NOTI - TCP .......... : Enabled 06/08/19,12:09:04.950058 NOTI - SCTP ......... : Enabled 06/08/19,12:09:04.950061 NOTI - Pref. proto .. : SCTP 06/08/19,12:09:04.950062 NOTI - TLS method ... : Separate port 06/08/19,12:09:04.950065 NOTI TLS : - Certificate .. : /opt/CA/newcerts/c610diam01.crt 06/08/19,12:09:04.950067 NOTI - Private key .. : /opt/CA/private/c610diam01.key 06/08/19,12:09:04.950069 NOTI - CA (trust) ... : /opt/CA/cacert.pem (1 certs) 06/08/19,12:09:04.950071 NOTI - CRL .......... : (none) 06/08/19,12:09:04.950073 NOTI - Priority ..... : (default: 'NORMAL') 06/08/19,12:09:04.950075 NOTI - DH bits ...... : 1024 06/08/19,12:09:04.950077 NOTI Origin-State-Id ........ : 1559963344 06/08/19,12:09:04.950080 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/dict_nasreq.fdx'[(no config file)], loaded 06/08/19,12:09:04.950083 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/dict_gx.fdx'[(no config file)], loaded 06/08/19,12:09:04.950085 NOTI Loaded extensions: '/opt/freeDiameter/lib/freeDiameter/app_pcef.fdx'[/opt/freeDiameter/etc/app_pcef.conf], loaded 06/08/19,12:09:04.950089 NOTI {signal:10}'app_pcef'->0x7f641a9f5a20 06/08/19,12:09:04.950797 NOTI Local server address(es): 192.168.11.161{---L-} 192.168.30.161{---L-} 06/08/19,12:09:04.950838 NOTI freeDiameterd daemon initialized. 以下はPCRFへの接続時に出力されます。 06/08/19,12:09:04.953215 NOTI Connected to 'c610diam02.local.jp' (TCP,soc#16), remote capabilities: 06/08/19,12:09:04.953224 NOTI 'Capabilities-Exchange-Answer' 06/08/19,12:09:04.953245 NOTI Version: 0x01 06/08/19,12:09:04.953247 NOTI Length: 236 06/08/19,12:09:04.953249 NOTI Flags: 0x00 (----) 06/08/19,12:09:04.953251 NOTI Command Code: 257 06/08/19,12:09:04.953253 NOTI ApplicationId: 0 06/08/19,12:09:04.953255 NOTI Hop-by-Hop Identifier: 0x40404F68 06/08/19,12:09:04.953257 NOTI End-to-End Identifier: 0x6D04E4B6 06/08/19,12:09:04.953259 NOTI {internal data}: src:c610diam02.local.jp(19) rwb:(nil) rt:2 cb:(nil),(nil)(nil) qry:0x7f6420000ba0 asso:0 sess:(nil) 06/08/19,12:09:04.953262 NOTI AVP: 'Result-Code'(268) l=12 f=-M val='DIAMETER_SUCCESS' (2001 (0x7d1)) 06/08/19,12:09:04.953264 NOTI AVP: 'Origin-Host'(264) l=27 f=-M val="c610diam02.local.jp" 06/08/19,12:09:04.953266 NOTI AVP: 'Origin-Realm'(296) l=16 f=-M val="local.jp" 06/08/19,12:09:04.953268 NOTI AVP: 'Origin-State-Id'(278) l=12 f=-M val=1559963329 (0x5cfb26c1) 06/08/19,12:09:04.953271 NOTI AVP: 'Host-IP-Address'(257) l=14 f=-M val=192.168.11.162 06/08/19,12:09:04.953273 NOTI AVP: 'Host-IP-Address'(257) l=14 f=-M val=192.168.30.162 06/08/19,12:09:04.953275 NOTI AVP: 'Vendor-Id'(266) l=12 f=-M val=0 (0x0) 06/08/19,12:09:04.953277 NOTI AVP: 'Product-Name'(269) l=20 f=-- val="freeDiameter" 06/08/19,12:09:04.953279 NOTI AVP: 'Firmware-Revision'(267) l=12 f=-- val=10200 (0x27d8) 06/08/19,12:09:04.953281 NOTI AVP: 'Auth-Application-Id'(258) l=12 f=-M val=16777238 (0x1000016) 06/08/19,12:09:04.953284 NOTI AVP: 'Acct-Application-Id'(259) l=12 f=-M val=16777238 (0x1000016) 06/08/19,12:09:04.953286 NOTI AVP: 'Auth-Application-Id'(258) l=12 f=-M val=4294967295 (0xffffffff) 06/08/19,12:09:04.953288 NOTI AVP: 'Supported-Vendor-Id'(265) l=12 f=-M val=5535 (0x159f) 06/08/19,12:09:04.953290 NOTI AVP: 'Supported-Vendor-Id'(265) l=12 f=-M val=10415 (0x28af) 06/08/19,12:09:04.953292 NOTI AVP: 'Supported-Vendor-Id'(265) l=12 f=-M val=13019 (0x32db) 06/08/19,12:09:04.953299 NOTI No TLS protection negotiated with peer 'c610diam02.local.jp'. 06/08/19,12:09:04.953396 NOTI 'STATE_WAITCEA' -> 'STATE_OPEN' 'c610diam02.local.jp'
7-3.PCEF起動後のPCRF側の出力
06/08/19,12:09:05.045712 NOTI Connected to 'c610diam01.local.jp' (TCP,soc#12), remote capabilities: 06/08/19,12:09:05.045726 NOTI 'Capabilities-Exchange-Request' 06/08/19,12:09:05.045729 NOTI Version: 0x01 06/08/19,12:09:05.045731 NOTI Length: 236 06/08/19,12:09:05.045733 NOTI Flags: 0x80 (R---) 06/08/19,12:09:05.045735 NOTI Command Code: 257 06/08/19,12:09:05.045737 NOTI ApplicationId: 0 06/08/19,12:09:05.045739 NOTI Hop-by-Hop Identifier: 0x40404F68 06/08/19,12:09:05.045741 NOTI End-to-End Identifier: 0x6D04E4B6 06/08/19,12:09:05.045743 NOTI {internal data}: src:(nil)(0) rwb:(nil) rt:0 cb:(nil),(nil)(nil) qry:(nil) asso:1 sess:(nil) 06/08/19,12:09:05.045746 NOTI AVP: 'Origin-Host'(264) l=27 f=-M val="c610diam01.local.jp" 06/08/19,12:09:05.045748 NOTI AVP: 'Origin-Realm'(296) l=16 f=-M val="local.jp" 06/08/19,12:09:05.045750 NOTI AVP: 'Origin-State-Id'(278) l=12 f=-M val=1559963344 (0x5cfb26d0) 06/08/19,12:09:05.045752 NOTI AVP: 'Host-IP-Address'(257) l=14 f=-M val=192.168.11.161 06/08/19,12:09:05.045754 NOTI AVP: 'Host-IP-Address'(257) l=14 f=-M val=192.168.30.161 06/08/19,12:09:05.045756 NOTI AVP: 'Vendor-Id'(266) l=12 f=-M val=0 (0x0) 06/08/19,12:09:05.045758 NOTI AVP: 'Product-Name'(269) l=20 f=-- val="freeDiameter" 06/08/19,12:09:05.045761 NOTI AVP: 'Firmware-Revision'(267) l=12 f=-- val=10200 (0x27d8) 06/08/19,12:09:05.045763 NOTI AVP: 'Inband-Security-Id'(299) l=12 f=-M val='NO_INBAND_SECURITY' (0 (0x0)) 06/08/19,12:09:05.045765 NOTI AVP: 'Auth-Application-Id'(258) l=12 f=-M val=16777238 (0x1000016) 06/08/19,12:09:05.045767 NOTI AVP: 'Acct-Application-Id'(259) l=12 f=-M val=16777238 (0x1000016) 06/08/19,12:09:05.045769 NOTI AVP: 'Auth-Application-Id'(258) l=12 f=-M val=4294967295 (0xffffffff) 06/08/19,12:09:05.045771 NOTI AVP: 'Supported-Vendor-Id'(265) l=12 f=-M val=5535 (0x159f) 06/08/19,12:09:05.045774 NOTI AVP: 'Supported-Vendor-Id'(265) l=12 f=-M val=10415 (0x28af) 06/08/19,12:09:05.045776 NOTI AVP: 'Supported-Vendor-Id'(265) l=12 f=-M val=13019 (0x32db) 06/08/19,12:09:05.045858 NOTI No TLS protection negotiated with peer 'c610diam01.local.jp'. 06/08/19,12:09:05.046000 NOTI 'STATE_CLOSED' -> 'STATE_OPEN' 'c610diam01.local.jp'
7-4.PCEF側のテストコマンド
以下のコマンドは全てPCEF側で投入します。
Daimeterサービスはフォアグラウンドで起動するため、以下のコマンドを打つためには、PCEF側でもう一つターミナル画面を出してください。
/opt/freeDiameter/bin/pcef-ctl.sh dump /opt/freeDiameter/bin/pcef-ctl.sh init /opt/freeDiameter/bin/pcef-ctl.sh update-input /opt/freeDiameter/bin/pcef-ctl.sh update-output
7-5.状態確認
コマンドを打つと、Daimeterサービスがフォアグラウンドで起動しているターミナル画面に以下の出力が出ます。
何もポリシーが当たっていない状態です。
/opt/freeDiameter/bin/pcef-ctl.sh dump 06/08/19,12:10:02.779425 NOTI -------------- User session state dump -------------- 06/08/19,12:10:02.779452 NOTI IMSI: 017635273633 06/08/19,12:10:02.779456 NOTI Charging rule name: default-policy 06/08/19,12:10:02.779458 NOTI Used total octets: 0 06/08/19,12:10:02.779460 NOTI Used input octets: 0 06/08/19,12:10:02.779480 NOTI Used output octets: 0 06/08/19,12:10:02.779482 NOTI =================== Dump complete ===================
7-6.初期化
以下のコマンドにて初期のポリシーを当てます。
/opt/freeDiameter/bin/pcef-ctl.sh init
06/08/19,12:11:22.635425 NOTI Sending initial request...
06/08/19,12:11:22.636343 NOTI Received initial answer.
/opt/freeDiameter/bin/pcef-ctl.sh dump
06/08/19,12:11:57.275226 NOTI -------------- User session state dump --------------
06/08/19,12:11:57.275234 NOTI IMSI: 017635273633
06/08/19,12:11:57.275236 NOTI Charging rule name: default-policy
06/08/19,12:11:57.275239 NOTI Charging rule name: high-speed-policy
06/08/19,12:11:57.275241 NOTI Monitoring key: test-monitoring-key
06/08/19,12:11:57.275243 NOTI Total octets threshold: 20
06/08/19,12:11:57.275245 NOTI Input octets threshold: 10
06/08/19,12:11:57.275246 NOTI Output octets threshold: 10
06/08/19,12:11:57.275248 NOTI Used total octets: 0
06/08/19,12:11:57.275250 NOTI Used input octets: 0
06/08/19,12:11:57.275252 NOTI Used output octets: 0
06/08/19,12:11:57.275254 NOTI =================== Dump complete ===================
7-7.アップデート
以下のコマンドにてアップデートしていきます。
例えるなら、PGWやDPI装置にパケットが流れることにより、データ量がカウントされているようなイメージです。*4
/opt/freeDiameter/bin/pcef-ctl.sh update-input 06/08/19,12:12:24.735514 NOTI Updated used input octets. [0->1]
上記コマンドを繰り返し打つと以下のように閾値(Input octets threshold: 10)に近づいていきます。
06/08/19,12:12:24.735514 NOTI Updated used input octets. [0->1] 06/08/19,12:12:48.084391 NOTI Updated used input octets. [1->2] 06/08/19,12:12:48.668832 NOTI Updated used input octets. [2->3] 06/08/19,12:12:49.141213 NOTI Updated used input octets. [3->4] 06/08/19,12:12:49.624475 NOTI Updated used input octets. [4->5] 06/08/19,12:12:50.142395 NOTI Updated used input octets. [5->6] 06/08/19,12:12:50.669159 NOTI Updated used input octets. [6->7] 06/08/19,12:12:51.189578 NOTI Updated used input octets. [7->8] 06/08/19,12:12:51.743437 NOTI Updated used input octets. [8->9] 06/08/19,12:12:52.278174 NOTI Updated used input octets. [9->10] 06/08/19,12:12:52.278194 NOTI Sending update request... 06/08/19,12:12:52.278843 NOTI Received update answer.
閾値に到達した後、状態確認をすると、新しいルールが適用されています。
/opt/freeDiameter/bin/pcef-ctl.sh dump
06/08/19,12:13:18.653228 NOTI -------------- User session state dump --------------
06/08/19,12:13:18.653236 NOTI IMSI: 017635273633
06/08/19,12:13:18.653239 NOTI Charging rule name: default-policy
06/08/19,12:13:18.653241 NOTI Charging rule name: low-speed-policy
06/08/19,12:13:18.653243 NOTI Used total octets: 10
06/08/19,12:13:18.653245 NOTI Used input octets: 10
06/08/19,12:13:18.653247 NOTI Used output octets: 0
06/08/19,12:13:18.653249 NOTI =================== Dump complete ===================
以上です。
8.最後に
以下の書籍を参考にさせて頂きました。
O'Reilly Japan - Diameterプロトコルガイド
以下のサイトを参考にさせて頂きました。
freeDiameterdのインストール記録 第1回:ITエンジニア兼きもの屋のフリーライフ:エンジニアライフ
上記の書籍は、Diameterプロトコルや機能拡張に関するアーキテクチャについて理解するという点では、大変よくまとまっているため本当にお勧めです。
また、最近出版された以下の書籍もちょっと気になっています。
Diameter: New Generation AAA Protocol - Design, Practice and Applications
つい先日(6/2)、freeDiameterの1.3.2がリリースされていましたので、ちょっとキャッチアップしていこうかなと考えています。
