PFCP association

This chapter provides an overview of the BNG CUPS UPF Packet Forwarding Control Protocol (PFCP) association configuration, heartbeat and headless mode operation, and operational management and debugging options.

UPF PFCP association

A BNG CUPS UPF requires an active PFCP association with the BNG CUPS CPF. Through the PFCP association, the BNG CPF installs the rules that determine how the BNG UPF forwards subscriber traffic.

The BNG UPF requires the PFCP association to be preconfigured using the configure subscriber-mgmt pfcp association command.

Each PFCP association is linked to a specific peer, interface, and router instance. The loopback interface is the recommended interface because it allows resiliency over multiple physical interfaces.

As soon as the PFCP association is configured and administratively enabled, the UPF connects to the BNG CPF by sending PFCP Association Setup Request messages. The UPF sends the messages periodically, until the association is either set up or administratively disabled.

To configure the retry interval for the PFCP association setup, the association-setup-retry command is used.

The UPF can also set up the PFCP association when it receives a PFCP Association Setup Request from the configured peer. However, the UPF does not accept an association setup from a non-configured peer.

BNG UPF PFCP association setup flow shows the PFCP association setup flow for the BNG UPF.

Figure 1. BNG UPF PFCP association setup flow

The PFCP protocol supports node identification using node IDs. The node ID can be either an IP address or a FQDN. By default, the IP address of the linked interface is chosen; however, this can be overridden using the node-id command. All the UPFs in a deployment require different node IDs.

PFCP messages sent for an active association use the following configuration under the PFCP association tx command:

  • The ttl command defines the outgoing TTL.

  • The timeout command defines the request message timeout (T1).

  • The retries command defines the number of times a request message is retried (N1).

Note: For heartbeat messages, N1 and T1 are configured separately. For correct operation, N1 and T1 must be configured identically on both the BNG CPF and UPF. See the CMG BNG CUPS Control Plane Function Guide and the 7750 SR MG and CMG CLI Reference Guide for more information about the BNG CUPS CPF configuration.

The QoS of the outgoing PFCP messages is managed through sgt-qos command configuration in the routing instance used by the PFCP. In the application list command, a pfcp keyword can be mapped to its own DSCP value (default NC2), after which that DSCP value can be mapped to a specific Forwarding Class (FC).

See the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide, section "QoS for Self-Generated (CPU) Traffic on Network Interfaces" for more information about QoS configuration.

When a PFCP association is administratively disabled, it is not immediately brought down. The BNG UPF requests a graceful CPF release and keeps the PFCP association up until the BNG CPF removes it, or the association release timeout expires.

To configure the PFCP association release timeout, use the association-release-timeout command.

To force an immediate PFCP association removal, configure the association-release-timeout to none.

The following example shows a BNG UPF PFCP association configuration.

[gl:configure subscriber-mgmt pfcp association "BNG-CPF"]
A:admin@DUT-B# info detail 
    admin-state enable
 ## description
    association-setup-retry 1
    association-release-timeout 3600
    path-restoration-time 180
    node-id {
     ## fqdn
     ## use-ip-address
    }
    interface {
        router-instance "to_cp"
        name "endpoint"
    }
    peer {
        ip-address 17.17.17.10
    }
    heartbeat {
        interval 60
        timeout 5
        retries 4
    }
    tx {
        timeout 5
        retries 3
        ttl 255
    }

PFCP heartbeats and headless mode

The following concepts define the connectivity between the BNG UPF and the BNG CPF:

  • PFCP association

    One PFCP association is allowed per BNG UPF and BNG CPF. The identifiers of the association are the BNG UPF and BNG CPF node IDs.

  • PFCP path

    Multiple PFCP paths are possible per association. The identifier of a PFCP path is the pair of IP addresses that are used to communicate between the BNG UPF and the BNG CPF. Paths are not negotiated but are learned while using PFCP signaling.

    See UPF PFCP association for information about how PFCP associations are negotiated.

Note: The terms PFCP path and PFCP association are often used interchangeably because there is typically only one PFCP path per PFCP association.

The BNG UPF only uses one IP address, but starts heartbeats for each PFCP path it learns. The frequency, timeout, and retry values of the heartbeats are configured for the PFCP association using the interval, retries, and timeout commands in the configure subscriber-mgmt pfcp association heartbeat context.

If a heartbeat fails, the BNG UPF starts a timer based on the path-restoration-time command configuration under the PFCP association. If the timer expires or is not configured, all sessions associated with that path are removed. If the path recovers before the timer expires, the timer is canceled, and no sessions are removed.

Note: For correct operation, the heartbeat configuration must be identical on both the BNG UPF and BNG CPF. Nokia strongly recommends configuring the path-restoration-time to at least twice the sum of the heartbeat interval plus the total timeout (heartbeat retries x heartbeat timeout = N1 x T1).

To expedite the detection of path failures, enable BFD using the bfd-expedited-path-down command in the configure subscriber-mgmt pfcp association context. When enabled, the system starts a BFD session for each known PFCP path on the BNG UPF. If the system detects a BFD failure, it immediately brings down the associated path. BFD does not affect the path recovery detection, which requires the configuration of PFCP heartbeats. BFD-based path down detection requires the configuration of the path-restoration-time command under the PFCP association.

Default IBCP session

The BNG UPF always enables the IPoE and PPPoE BBF function features. A compatible BNG CPF uses this as an indication to set up a default IBCP tunnel to send control plane packets, such as DHCP discover or PADI, that do not match an existing session. The default tunnel is signaled as a special PFCP session without a PDN type. The special PFCP session can apply traffic-matching rules the same as any other PFCP session for which the BNG UPF applies rules.

Packets sent over the default In-band Control Plane (IBCP) tunnel include local BNG UPF parameters that are inserted in a network service header. The network service header is inserted between the GTP-U header and the encapsulated control packet. These parameters include the following:

  • MAC address

    This is the MAC address that is associated with the capture SAP on which the IBCP packet was received. The BNG CPF uses the MAC address as a source MAC address when sending control packet responses. In case of inter-UPF resiliency, the BNG CPF can ignore this MAC address and use the FSG MAC address instead. For more information about inter-UPF resiliency, see BNG UPF resiliency.

  • Layer 2 access ID

    The Layer 2 access ID (also known as the logical port) identifies the local port, the LAG, or the pw-port that is used by the capture SAP. The BNG CPF reflects this parameter as is when setting up a session so the BNG UPF installs the session in this context. To simplify provisioning on the BNG CPF, you can provide an alias for the L2 access ID. The alias must be unique within the BNG UPF and cannot overlap with any identifier such as a port or a LAG name.

    To configure the L2 access ID alias, use the configure service vpls capture-sap pfcp l2-access-id-alias command.

See IBCP for more information about IBCP.

Operational commands and debugging

This section describes commands that can be used for operational and debugging purposes.

To display the number of PFCP associations and sessions, use the show subscriber-mgmt pfcp summary command.

To display PFCP message statistics, including information about packets that are received and transmitted and any transmission errors, use the show subscriber-mgmt pfcp statistics command.

To reset the PFCP association statistics to zero, use the clear subscriber-mgmt pfcp-association statistics command.

To display information including association-level parameters such as function features and node IDs, use the show subscriber-mgmt pfcp association command.

To display path state information, use the show subscriber-mgmt pfcp peer command.

See PFCP heartbeats and headless mode for information about the distinction between PFCP association and path.

To display default IBCP tunnel information, use the show subscriber-mgmt pfcp session default-tunnel command.

To display details about a specific PFCP session, use the show subscriber-mgmt pfcp session detail command. This command provides an overview for the PFCP parameters of the session. Various filters can be applied to narrow a specific session or set of sessions.

See Operational commands for more information about basic operational commands.

To forcefully remove a PFCP session, use the clear subscriber-mgmt pfcp-session command.

Caution: Although it is possible to forcefully remove a PFCP session, Nokia does not recommend invoking this command in a live network because this may cause the BNG CPF to be out of sync with the UPF. If the UPF contains a session that is not on the CPF, it is preferable to first run a manual PFCP audit.

To perform basic PFCP debugging, use the debug subscriber-mgmt pfcp command. The output of this command allows inspection of PFCP packets received and transmitted. As well, any session-specific failure is reported in the PFCP response to the BNG CPF, which can display the specific error as part of session debugging.