From 68b4a1cb8c58a1584b26ccc405c8320f1df00acf Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Wed, 29 Sep 2021 00:34:22 +0200 Subject: 2019/20/21 updated version of 'running osmocom gsm' --- 2021/running_osmo_gsm-2021/Gsm_structures.svg | 15874 +++++++++++++++++++ .../arch-sysmobts-allinone.dot | 33 + 2021/running_osmo_gsm-2021/arch-sysmobts.dot | 36 + 2021/running_osmo_gsm-2021/arch-usrp-allinone.dot | 36 + 2021/running_osmo_gsm-2021/arch-usrp.dot | 38 + 2021/running_osmo_gsm-2021/gprs_user_stack.svg | 1357 ++ 2021/running_osmo_gsm-2021/osmo-bts.svg | 342 + 2021/running_osmo_gsm-2021/osmocom-cni.png | Bin 0 -> 79889 bytes 2021/running_osmo_gsm-2021/osmocom-gprs.svg | 1191 ++ 2021/running_osmo_gsm-2021/osmocom-gsm.svg | 1980 +++ 2021/running_osmo_gsm-2021/running-osmo-gsm.adoc | 418 + 2021/running_osmo_gsm-2021/running-osmo-gsm.html | 4923 ++++++ 12 files changed, 26228 insertions(+) create mode 100644 2021/running_osmo_gsm-2021/Gsm_structures.svg create mode 100644 2021/running_osmo_gsm-2021/arch-sysmobts-allinone.dot create mode 100644 2021/running_osmo_gsm-2021/arch-sysmobts.dot create mode 100644 2021/running_osmo_gsm-2021/arch-usrp-allinone.dot create mode 100644 2021/running_osmo_gsm-2021/arch-usrp.dot create mode 100644 2021/running_osmo_gsm-2021/gprs_user_stack.svg create mode 100644 2021/running_osmo_gsm-2021/osmo-bts.svg create mode 100644 2021/running_osmo_gsm-2021/osmocom-cni.png create mode 100644 2021/running_osmo_gsm-2021/osmocom-gprs.svg create mode 100644 2021/running_osmo_gsm-2021/osmocom-gsm.svg create mode 100644 2021/running_osmo_gsm-2021/running-osmo-gsm.adoc create mode 100644 2021/running_osmo_gsm-2021/running-osmo-gsm.html (limited to '2021/running_osmo_gsm-2021') diff --git a/2021/running_osmo_gsm-2021/Gsm_structures.svg b/2021/running_osmo_gsm-2021/Gsm_structures.svg new file mode 100644 index 0000000..cd68155 --- /dev/null +++ b/2021/running_osmo_gsm-2021/Gsm_structures.svg @@ -0,0 +1,15874 @@ + + + + + GSM structureimage/svg+xml + + GSM structure + 2012-08-14 + + + Kevin Redon + + + structure of a GSM network, based on 3GPP TS 23.002 version 9.2.0 Release 9 + + + + icons from gnome + + + https://secure.wikimedia.org/wikipedia/commons/wiki/File:Gsm_structures.svg, https://commons.wikimedia.org/w/index.php?title=File:UMTS_structures.svg + + + + + + + + Structure of a GSM network + CN: Core Network + + MS: Mobile Station + + UE: UserEquipment + + ME: MobileEquipment + + ICC + + GERAN: GSM EDGE RadioAccess Network BSS: Base Station System + + GPRS PS:Packet Switched + + PS & CS + CS: CircuitSwitched + AN: Access Network + + + MSC: MobileSwitching Centre + HSS + + + + + + + Um + + SIM-ME + + Abis + + Gb + PSTN + A + + + + + Nb + Mc + + Nc + E + + B + C + + H + + D + G + + F + + Gf,Sv + + Gd + + Gn + + + Gc + Gp + Gi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + PSTN + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Internet + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + # + 0 + * + + + + + + + + + + + + BTS: BaseTransceiverStation + BSC:Base StationController + CS-MGW + SGSN + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + MT/TE + + + + + + + + + + + + SIM + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + GGSN + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + VLR + EIR + MSC server + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + # + 0 + * + + + + + + + + + + + + + + + + HLR + Audiff --git a/2021/running_osmo_gsm-2021/arch-sysmobts-allinone.dot b/2021/running_osmo_gsm-2021/arch-sysmobts-allinone.dot new file mode 100644 index 0000000..d8bf8dd --- /dev/null +++ b/2021/running_osmo_gsm-2021/arch-sysmobts-allinone.dot @@ -0,0 +1,33 @@ +graph G { + rankdir=LR; + MS0 [label="MS",shape=box] + MS1 [label="MS",shape=box] + MS2 [label="MS",shape=box] + + MS0--PHY [label="Um"] + MS1--PHY [label="Um"] + MS2--PHY [label="Um"] + + subgraph cluster_0 { + label = "sysmoBTS (all-in-one)" + OsmoBTS + OsmoPCU [style="dashed"] + PHY -- OsmoBTS [label="shmem msgq"] + PHY -- OsmoPCU [label="shmem msgq"] + OsmoPCU -- OsmoBTS [label="pcu_sock"] + { rank=same; OsmoBTS OsmoPCU } + + OsmoBSC + OsmoMSC + OsmoHLR + OsmoSGSN [style="dashed"] + OsmoGGSN [style="dashed"] + OsmoBTS -- OsmoBSC [label="Abis/IP\n(lo)"] + OsmoPCU -- OsmoSGSN [label="Gb/IP\n(lo)"] + OsmoSGSN -- OsmoGGSN [label="Gn/IP\n(lo)"] + OsmoBSC -- OsmoMSC [label="A/IP\n(lo)"] + OsmoMSC -- OsmoHLR [label="GSUP/IP\n(lo)"] + + { rank=same; OsmoMSC OsmoSGSN } + } +} diff --git a/2021/running_osmo_gsm-2021/arch-sysmobts.dot b/2021/running_osmo_gsm-2021/arch-sysmobts.dot new file mode 100644 index 0000000..a5ef54e --- /dev/null +++ b/2021/running_osmo_gsm-2021/arch-sysmobts.dot @@ -0,0 +1,36 @@ +graph G { + rankdir=LR; + MS0 [label="MS",shape=box] + MS1 [label="MS",shape=box] + MS2 [label="MS",shape=box] + + MS0--PHY [label="Um"] + MS1--PHY [label="Um"] + MS2--PHY [label="Um"] + + subgraph cluster_0 { + label = "sysmoBTS" + OsmoBTS + OsmoPCU [style="dashed"] + PHY -- OsmoBTS [label="shmem msgq"] + PHY -- OsmoPCU [label="shmem msgq"] + OsmoPCU -- OsmoBTS [label="pcu_sock"] + { rank=same; OsmoBTS OsmoPCU } + } + + subgraph cluster_1 { + label = "Linux PC" + OsmoBSC + OsmoMSC + OsmoHLR + OsmoSGSN [style="dashed"] + OsmoGGSN [style="dashed"] + OsmoBTS -- OsmoBSC [label="Abis/IP"] + OsmoBSC -- OsmoMSC [label="A/IP"] + OsmoMSC -- OsmoHLR [label="GSUP/IP"] + OsmoPCU -- OsmoSGSN [label="Gb/IP"] + OsmoSGSN -- OsmoGGSN [label="Gn/IP"] + + { rank=same; OsmoMSC OsmoSGSN } + } +} diff --git a/2021/running_osmo_gsm-2021/arch-usrp-allinone.dot b/2021/running_osmo_gsm-2021/arch-usrp-allinone.dot new file mode 100644 index 0000000..d688398 --- /dev/null +++ b/2021/running_osmo_gsm-2021/arch-usrp-allinone.dot @@ -0,0 +1,36 @@ +graph G { + rankdir=LR; + MS0 [label="MS",shape=box] + MS1 [label="MS",shape=box] + MS2 [label="MS",shape=box] + + USRP [label="USRP Bxxx",shape=box] + USRP -- OsmoTRX [label="USB"] + + MS0--USRP [label="Um"] + MS1--USRP [label="Um"] + MS2--USRP [label="Um"] + + subgraph cluster_0 { + label = "Linux PC (all-in-one)" + OsmoTRX + OsmoBTS + OsmoPCU [style="dashed"] + OsmoPCU -- OsmoBTS [label="pcu_sock"] + OsmoTRX -- OsmoBTS [label="UDP"] + { rank=same; OsmoBTS OsmoPCU } + + OsmoBSC + OsmoMSC + OsmoHLR + OsmoSGSN [style="dashed"] + OsmoGGSN [style="dashed"] + OsmoBTS -- OsmoBSC [label="Abis/IP\n(lo)"] + OsmoBSC -- OsmoMSC [label="A/IP\n(lo)"] + OsmoMSC -- OsmoHLR [label="GSUP/IP\n(lo)"] + OsmoPCU -- OsmoSGSN [label="Gb/IP\n(lo)"] + OsmoSGSN -- OsmoGGSN [label="Gn/IP\n(lo)"] + + { rank=same; OsmoMSC OsmoSGSN } + } +} diff --git a/2021/running_osmo_gsm-2021/arch-usrp.dot b/2021/running_osmo_gsm-2021/arch-usrp.dot new file mode 100644 index 0000000..b20042d --- /dev/null +++ b/2021/running_osmo_gsm-2021/arch-usrp.dot @@ -0,0 +1,38 @@ +graph G { + rankdir=LR; + MS0 [label="MS",shape=box] + MS1 [label="MS",shape=box] + MS2 [label="MS",shape=box] + + USRP [label="USRP Bxxx",shape=box] + USRP --OsmoTRX [label="USB"] + + MS0--USRP [label="Um"] + MS1--USRP [label="Um"] + MS2--USRP [label="Um"] + + subgraph cluster_0 { + label = "Linux PC (BTS)" + OsmoTRX + OsmoBTS + OsmoPCU [style="dashed"] + OsmoPCU -- OsmoBTS [label="pcu_sock"] + OsmoTRX -- OsmoBTS + { rank=same; OsmoBTS OsmoPCU } + } + + subgraph cluster_1 { + label = "Linux PC (Core)" + OsmoBSC + OsmoMSC + OsmoHLR + OsmoSGSN [style="dashed"] + OsmoGGSN [style="dashed"] + OsmoBTS -- OsmoBSC [label="Abis/IP"] + OsmoBSC -- OsmoMSC [label="A/IP"] + OsmoMSC -- OsmoHLR [label="GSUP/IP"] + OsmoPCU -- OsmoSGSN [label="Gb/IP"] + OsmoSGSN -- OsmoGGSN [label="Gn/IP"] + { rank=same; OsmoMSC OsmoSGSN } + } +} diff --git a/2021/running_osmo_gsm-2021/gprs_user_stack.svg b/2021/running_osmo_gsm-2021/gprs_user_stack.svg new file mode 100644 index 0000000..6b702a2 --- /dev/null +++ b/2021/running_osmo_gsm-2021/gprs_user_stack.svg @@ -0,0 +1,1357 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + MAC + RLC + LLC + + LLC + + E1 + + + IP + Ethernet + + GTP-U + + + IP + Ethernet + + GTP-U + + + + + + PhysicalLayer + + + + + + + Um + A-bis + Gb + Gn + MS + BTS+CCU + BSC+PCU + SGSN + GGSN + GPRS User Plane + + + FrameRelay + NS + + BSSGP + + + E1 + + PhysicalLayer + TRAUFraming + + + MAC + RLC + + + E1 + + + + E1 + FrameRelay + NS + + BSSGP + TRAUFraming + + + UDP + + UDP + SNDCP + + SNDCP + + + + IP + + + + IP + + + + + TCP + + + + TCP + + + + HTTP + + + + HTTP + + + + + + + diff --git a/2021/running_osmo_gsm-2021/osmo-bts.svg b/2021/running_osmo_gsm-2021/osmo-bts.svg new file mode 100644 index 0000000..5f24c35 --- /dev/null +++ b/2021/running_osmo_gsm-2021/osmo-bts.svg @@ -0,0 +1,342 @@ + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + Abis/IP + + + + SDR Hardware + + + + OsmoTRX + + + + Transceiver + + + + + + + + VTY + OsmoBTS + + + osmo-bts-trx + + + + osmo-bts-sysmo + + + + CTRL + + + + + sysmoBTS PHYsysmoBTS Hardware + + + + + diff --git a/2021/running_osmo_gsm-2021/osmocom-cni.png b/2021/running_osmo_gsm-2021/osmocom-cni.png new file mode 100644 index 0000000..5f2e2d6 Binary files /dev/null and b/2021/running_osmo_gsm-2021/osmocom-cni.png differ diff --git a/2021/running_osmo_gsm-2021/osmocom-gprs.svg b/2021/running_osmo_gsm-2021/osmocom-gprs.svg new file mode 100644 index 0000000..0506053 --- /dev/null +++ b/2021/running_osmo_gsm-2021/osmocom-gprs.svg @@ -0,0 +1,1191 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + Gb/IP + + + sysmoBTS direct PHY access + PCU Sock + + + SDR Hardware + + + + OsmoTRX + + + + Transceiver + + + + + + + + VTY + OsmoBTS + + + osmo-bts-trx + + + + osmo-bts-sysmo + + + + CTRL + + + + + sysmoBTS PHYsysmoBTS Hardware + + + + + Abis/IP + + + + + VTY + + + + CTRL + + + OsmoSGSN + + OsmoNITB + + + VTY + + + + CTRL + + Includes functionality of* BSC* MSC/VLR* HLR/AUC* SMSC + + OsmoPCU + + + CTRL + + + + VTY + + + + + + GTP/IP + + + + OpenGGSN + + + + + + SMPP + + + + MNCC + + + diff --git a/2021/running_osmo_gsm-2021/osmocom-gsm.svg b/2021/running_osmo_gsm-2021/osmocom-gsm.svg new file mode 100644 index 0000000..8f2ac6d --- /dev/null +++ b/2021/running_osmo_gsm-2021/osmocom-gsm.svg @@ -0,0 +1,1980 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + Gb/IP + + + + Abis/IP + + + sysmoBTS direct PHY access + PCU Sock + + + SDR Hardware + + + + OsmoTRX + + + + Transceiver + + + + + + + + VTY + OsmoBTS + + + osmo-bts-trx + + + + osmo-bts-sysmo + + + + CTRL + + + + + sysmoBTS PHYsysmoBTS Hardware + + + + + Abis/IP + + + OsmoBSC + + + VTY + + + + CTRL + + + + + + + VTY + + + + CTRL + + + OsmoSGSN + + + + A/IP + + OsmoNITB + + + VTY + + + + CTRL + + Includes functionality of* BSC* MSC/VLR* HLR/AUC* SMSC + + OsmoPCU + + + CTRL + + + + VTY + + + + + + Gb/IP + + + + 3rd Party SGSN + + + + GTP/IP + + + + GTP/IP + + + + OpenGGSN + + + + 3rd PartyGGSN + + + + GTP/IP + + + + GTP/IP + + + + OpenGGSN + + + + 3rd PartyGGSN + + + + 3rd Party MSC + and/or existing othercore network elements + + + + + Linux Call Router + SoftSwitch / PBX + + SIP + + + + + E1/PRI + + + + BRI + + + External SMSApplications + + + SS7 + + + + SS7 + + + + SS7 + + + + 3rd Party BTS + Some support for* Siemens* Nokia* Ericsson* ip.access + + + + + Abis/IP + + + + Abis/E1 + + + + SMPP + + + + MNCC + + + diff --git a/2021/running_osmo_gsm-2021/running-osmo-gsm.adoc b/2021/running_osmo_gsm-2021/running-osmo-gsm.adoc new file mode 100644 index 0000000..a884d5b --- /dev/null +++ b/2021/running_osmo_gsm-2021/running-osmo-gsm.adoc @@ -0,0 +1,418 @@ +Running a basic Osmocom GSM network +=================================== +:author: Harald Welte +:copyright: sysmocom - s.f.m.c. GmbH (License: CC-BY-SA) +:backend: slidy +:max-width: 45em +//:data-uri: +//:icons: + + +== What this talk is about + +[role="incremental"] +* Implementing GSM/GPRS network elements as FOSS +* Applied Protocol Archaeology +* Doing all of that on top of Linux (in userspace) + + +== Running your own Internet-style network + +* use off-the-shelf hardware (x86, Ethernet card) +* use any random Linux distribution +* configure Linux kernel TCP/IP network stack +** enjoy fancy features like netfilter/iproute2/tc +* use apache/lighttpd/nginx on the server +* use Firefox/chromium/konqueor/lynx on the client +* do whatever modification/optimization on any part of the stack + + +== Running your own GSM network + +Until 2009 the situation looked like this: + +* go to Ericsson/Huawei/ZTE/Nokia/Alcatel/... +* spend lots of time convincing them that you're an eligible customer +* spend a six-digit figure for even the most basic full network +* end up with black boxes you can neither study nor improve + +[role="incremental"] +- WTF? +- I've grown up with FOSS and the Internet. I know a better world. + + +== Why no cellular FOSS? + +- both cellular (2G/3G/4G) and TCP/IP/HTTP protocol specs are publicly + available for decades. Can you believe it? +- Internet protocol stacks have lots of FOSS implementations +- cellular protocol stacks have no FOSS implementations for the + first almost 20 years of their existence? +[role="incremental"] +- it's the classic conflict + * classic circuit-switched telco vs. the BBS community + * ITU-T/OSI/ISO vs. Arpanet and TCP/IP + + +== Enter Osmocom + +In 2008, some people (most present in this room) started to write FOSS +for GSM + +- to boldly go where no FOSS hacker has gone before +[role="incremental"] +** where protocol stacks are deep +** and acronyms are plentiful +** we went from `bs11-abis` to `bsc_hack` to 'OpenBSC' +** many other related projects were created +** finally leading to the 'Osmocom' umbrella project + + +== Classic GSM network architecture + +image::Gsm_structures.svg[width=850] + + +== GSM Acronyms, Radio Access Network + +MS:: + Mobile Station (your phone) +BTS:: + Base Transceiver Station, consists of 1..n TRX +TRX:: + Transceiver for one radio channel, serves 8 TS +TS:: + Timeslots in the GSM radio interface; each runs a specific combination of logical channels +BSC:: + Base Station Controller + + +== GSM Acronyms, Core Network + +MSC:: + Mobile Switching Center; Terminates MM + CC Sub-layers + +HLR:: + Home Location Register; Subscriber Database + +SMSC:: + SMS Service Center + + +== GSM Acronyms, Layer 2 + 3 + +LAPDm:: + Link Access Protocol, D-Channel. Like LAPD in ISDN +RR:: + Radio Resource (establish/release dedicated channels) +MM:: + Mobility Management (registration, location, authentication) +CC:: + Call Control (voice, circuit switched data, fax) +CM:: + Connection Management + + +== Osmocom GSM components + +image::osmocom-cni.png[width=850] + + +== Classic GSM network as digraph + +[graphviz] +---- +digraph G { + rankdir=LR; + MS0 [label="MS"] + MS1 [label="MS"] + MS2 [label="MS"] + MS3 [label="MS"] + BTS0 [label="BTS"] + BTS1 [label="BTS"] + MSC [label="MSC/VLR"] + HLR [label="HLR/AUC"] + MS0->BTS0 [label="Um"] + MS1->BTS0 [label="Um"] + MS2->BTS1 [label="Um"] + MS3->BTS1 [label="Um"] + BTS0->BSC [label="Abis"] + BTS1->BSC [label="Abis"] + BSC->MSC [label="A"] + MSC->HLR [label="C"] + MSC->EIR [label="F"] + MSC->SMSC +} +---- + +== Osmocom GSM network + +[graphviz] +---- +digraph G { + rankdir=LR; + MS0 [label="MS"] + MS1 [label="MS"] + MS2 [label="MS"] + MS3 [label="MS"] + BTS0 [label="OsmoBTS"] + BTS1 [label="OsmoBTS"] + MS0->BTS0 [label="Um"] + MS1->BTS0 [label="Um"] + MS2->BTS1 [label="Um"] + MS3->BTS1 [label="Um"] + BTS0->BSC [label="Abis"] + BTS1->BSC [label="Abis"] + subgraph cluster_cni { + label = "Osmocom CNI"; + BSC [label="OsmoBSC"] + MSC [label="OsmoMSC (SMSC inside)"] + HLR [label="OsmoHLR"] + BSC->MSC [label="AoIP"] + MSC->HLR [label="GSUP"] + } +} +---- + +== Which BTS to use? + +* Proprietary BTS of classic vendor +** Siemens BS-11 is what we started with +** Nokia, Ericsson, and others available 2nd hand +* 'OsmoBTS' software implementation, running with +** Proprietary HW + PHY (DSP): 'sysmoBTS', or +** General purpose SDR (like USRP) + 'OsmoTRX' + +We assume a sysmoBTS in the following tutorial + + +== OsmoBTS Overview + +image::osmo-bts.svg[] + +* Implementation of GSM BTS +* supports variety of hardware/PHY options +** `osmo-bts-sysmo`: BTS family by sysmocom +** `osmo-bts-trx`: Used with 'OsmoTRX' + general-purpose SDR +** `osmo-bts-octphy`: Octasic OCTBTS hardware / OCTSDR-2G PHY +** `osmo-bts-litecell15`: Nutaq Litecell 1.5 hardware/PHY + +See separate talk about BTS hardware options later today. + +== BTS Hardware vs. BTS software + +* A classic GSM BTS is hardware + software +* It has two interfaces +** Um to the radio side, towards phones +** Abis to the wired back-haul side, towards BSC +* with today's flexible architecture, this is not always true +** the hardware might just be a network-connected SDR and BTS software +runs o a different CPU/computer, _or_ +** the BTS and BSC, or even the NITB may run on the same board + + +== Physical vs. Logical Arch (sysmoBTS) + +[graphviz] +---- +include::arch-sysmobts.dot[] +---- + +[graphviz] +---- +include::arch-sysmobts-allinone.dot[] +---- + +== Physical vs. Logical Arch (SDR e.g. USRP B2xx) + +[graphviz] +---- +include::arch-usrp.dot[] +---- + +[graphviz] +---- +include::arch-usrp-allinone.dot[] +---- + +== IP layer traffic + +* Abis/IP signaling runs inside IPA multiplex inside TCP +** Port 3002 and 3003 betewen BTS and BSC +** Connections initiated from BTS to BSC +* Voice data is carried in RTP/UDP on dynamic ports + +=> Make sure you permit the above communication in your +network/firewall config + +== Configuring Osmocom software + +* all _native_ Osmo* GSM infrastructure programs share common architecture, as + defined by various libraries 'libosmo{core,gsm,vty,abis,netif,...}' +* part of this is configuration handling +** interactive configuration via command line interface (*vty*), similar + to Cisco routers +** based on a fork of the VTY code from Zebra/Quagga, now 'libosmovty' +* you can manually edit the config file, +* or use `configure terminal` and interactively change it + + +== Configuring OsmoBTS + +* 'OsmoBTS' in our example scenario runs on the embedded ARM/Linux system + inside the 'sysmoBTS' +* we access the 'sysmoBTS' via serial console or ssh +* we then edit the configuration file `/etc/osmocom/osmo-bts.cfg` as + described in the following slide + + +== Configuring OsmoBTS + +---- +bts 0 + band DCS1800 <1> + ipa unit-id 1801 0 <2> + oml remote-ip 192.168.100.11 <3> +---- +<1> the GSM frequency band in which the BTS operates +<2> the unit-id by which this BTS identifies itself to the BSC +<3> the IP address of the BSC (to establish the OML connection towards it) + +NOTE: All other configuration is downloaded by the BSC via OML. So most +BTS settings are configured in the BSC/NITB configuration file. + + +== Purpose of Unit ID + +* Unit IDs consist of three parts: +** Site Number, BTS Number, TRX Number + +[graphviz] +---- +graph G { + rankdir=LR; + BTS0 [label="BTS\nUnit 5/0[/0]"] + BTS1 [label="BTS\nUnit 23/0[/0]"] + BTS2 [label="BTS\nUnit 42/0[/0]"] + NAT + BSC [label="BSC/NITB"] + + BTS0 -- NAT [label="10.9.23.5"] + BTS1 -- NAT [label="10.9.23.23"] + BTS2 -- NAT [label="10.9.23.42"] + NAT -- BSC [label="172.16.23.42"] +} +---- + +* source IP of all BTSs would be identical + +=> BSC identifies BTS on Unit ID, not on Source IP! + + +== Configuring Osmocom CNI + +* 'Osmocom CNI' is the collection of all the non-BTS Osmocom projects for 3GPP network operation, of which + the minimally required are osmo-bsc, osmo-msc and osmo-hlr. You also will need osmo-stp for SIGTRAN and osmo-mgw for user plane. +** just your usual `git clone && autoreconf -fi && ./configure && make install` +** (in reality, the `libosmo*` dependencies are required first...) +** nightly packages for Debian 9-11, buntu 19.x/20.x/21.x available +* runs on any Linux system, like your speakers' laptop +** you can actually also run it on the ARM/Linux of the 'sysmoBTS' itself, + having a literal 'Network In The Box' with power as only external + dependency + + +== Configuring Osmocom CNI + +* each program has a config file +* simple example given in `doc/examples/osmo-*.cfg` of each git repo +* each program has a user manual and a VTY command reference manual +** asciidoc is part of the source +** PDF renderings at https://downloads.osmocom.org/docs/latest/ + + +== What a GSM phone does after power-up + +* Check SIM card for last cell before switch-off +** if that cell is found again, use that +** if not, perform a network scan +*** try to find strong carriers, check if they contain BCCH +*** create a list of available cells + networks +*** if one of the networks MCC+MNC matches first digits of 'IMSI', this is +the home network, which has preference over others +* perform 'LOCATION UPDATE' (TYPE=IMSI ATTACH) procedure to network +* when network sends 'LOCATION UPDATE ACCEPT', *camp* on that cell + +-> let's check if we can perform 'LOCATION UPDATE' on our own network + + +== Verifying our network + +* look at log output of Osmocom programs +** 'OsmoBTS' will terminate if Abis cannot be set-up, expected to be re-spawned by init / systemd +* use MS to search for networks, try manual registration +* observe registration attempts `logging level mm info` + +-> should show 'LOCATION UPDATE' request / reject / accept + +* use the VTY to explore system state (`show *`) +* use the VTY to change subscriber parameters like extension number + + +== Exploring your GSM networks services + +* use `*#100#` from any registered MS to obtain own number +* voice calls from mobile to mobile +* SMS from mobile to mobile +* SMS to/from external applications (via SMPP) +* voice to/from external PBX (via MNCC) +* explore the VTY interfaces of all network elements +** send SMS from the command line +** experiment with 'silent call' feature +** experiment with logging levels +* use wireshark to investigate GSM protocols + + +== Using the VTY + +* The VTY can be used not only to configure, but also to interactively + explore the system status (`show` commands) +* Every Osmo* program has its own telnet port +|=== +|Program|Telnet Port +|OsmoBTS|4241 +|OsmoBSC|4242 +|OsmoMSC|4254 +|OsmoHLR|4258 +|=== +* https://osmocom.org/projects/cellular-infrastructure/wiki/Port_Numbers +* ports are bound to 127.0.0.1 by default +** can be bound to other IPs or ANY via config file +* try tab-completion, `?` and `list` commands + +== Using the VTY (continued) + +* context-sensitive command line interface like Cisco and many others +* `show` commands to introspect +** try `show bts`, `show trx`, `show lchan`, `show statistics`, ... +* `enable` + `configure terminal` for configuration mode +* interactive reference, tab-completion +* `logging enable` adds log target to VTY session + +== Further Reading + +User Manuals:: +See http://ftp.osmocom.org/docs/latest/ +Wiki:: +See https://osmocom.org/projects/cellular-infrastructure/wiki + +== The End + +* so long, and thanks for all the fish +* I hope you have questions! + +[role="incremental"] +* have fun exploring mobile technologies using Osmocom +* interested in working with more acronyms? Come join the project! + +* Check out https://osmocom.org/ and openbsc@lists.osmocom.org diff --git a/2021/running_osmo_gsm-2021/running-osmo-gsm.html b/2021/running_osmo_gsm-2021/running-osmo-gsm.html new file mode 100644 index 0000000..31dd73e --- /dev/null +++ b/2021/running_osmo_gsm-2021/running-osmo-gsm.html @@ -0,0 +1,4923 @@ + + + + +Running a basic Osmocom GSM network + + + + + + + + +
+

What this talk is about

+
+
    +
  • + +Implementing GSM/GPRS network elements as FOSS + +
  • +
  • + +Applied Protocol Archaeology + +
  • +
  • + +Doing all of that on top of Linux (in userspace) + +
  • +
+
+
+
+

Running your own Internet-style network

+
+
    +
  • + +use off-the-shelf hardware (x86, Ethernet card) + +
  • +
  • + +use any random Linux distribution + +
  • +
  • + +configure Linux kernel TCP/IP network stack + +
      +
    • + +enjoy fancy features like netfilter/iproute2/tc + +
    • +
    +
  • +
  • + +use apache/lighttpd/nginx on the server + +
  • +
  • + +use Firefox/chromium/konqueor/lynx on the client + +
  • +
  • + +do whatever modification/optimization on any part of the stack + +
  • +
+
+
+
+

Running your own GSM network

+
+

Until 2009 the situation looked like this:

+
    +
  • + +go to Ericsson/Huawei/ZTE/Nokia/Alcatel/… + +
  • +
  • + +spend lots of time convincing them that you’re an eligible customer + +
  • +
  • + +spend a six-digit figure for even the most basic full network + +
  • +
  • + +end up with black boxes you can neither study nor improve + +
      +
    • + +WTF? + +
    • +
    • + +I’ve grown up with FOSS and the Internet. I know a better world. + +
    • +
    +
  • +
+
+
+
+

Why no cellular FOSS?

+
+
    +
  • + +both cellular (2G/3G/4G) and TCP/IP/HTTP protocol specs are publicly + available for decades. Can you believe it? + +
  • +
  • + +Internet protocol stacks have lots of FOSS implementations + +
  • +
  • + +cellular protocol stacks have no FOSS implementations for the + first almost 20 years of their existence? + +
  • +
  • + +it’s the classic conflict + +
      +
    • + +classic circuit-switched telco vs. the BBS community + +
    • +
    • + +ITU-T/OSI/ISO vs. Arpanet and TCP/IP + +
    • +
    +
  • +
+
+
+
+

Enter Osmocom

+
+

In 2008, some people (most present in this room) started to write FOSS +for GSM

+
    +
  • + +to boldly go where no FOSS hacker has gone before + +
      +
    • + +where protocol stacks are deep + +
    • +
    • + +and acronyms are plentiful + +
    • +
    • + +we went from bs11-abis to bsc_hack to OpenBSC + +
    • +
    • + +many other related projects were created + +
    • +
    • + +finally leading to the Osmocom umbrella project + +
    • +
    +
  • +
+
+
+
+

Classic GSM network architecture

+
+
+
+Gsm_structures.svg +
+
+
+
+
+

GSM Acronyms, Radio Access Network

+
+
+
+MS +
+
+

+ Mobile Station (your phone) +

+
+
+BTS +
+
+

+ Base Transceiver Station, consists of 1..n TRX +

+
+
+TRX +
+
+

+ Transceiver for one radio channel, serves 8 TS +

+
+
+TS +
+
+

+ Timeslots in the GSM radio interface; each runs a specific combination of logical channels +

+
+
+BSC +
+
+

+ Base Station Controller +

+
+
+
+
+
+

GSM Acronyms, Core Network

+
+
+
+MSC +
+
+

+ Mobile Switching Center; Terminates MM + CC Sub-layers +

+
+
+HLR +
+
+

+ Home Location Register; Subscriber Database +

+
+
+SMSC +
+
+

+ SMS Service Center +

+
+
+
+
+
+

GSM Acronyms, Layer 2 + 3

+
+
+
+LAPDm +
+
+

+ Link Access Protocol, D-Channel. Like LAPD in ISDN +

+
+
+RR +
+
+

+ Radio Resource (establish/release dedicated channels) +

+
+
+MM +
+
+

+ Mobility Management (registration, location, authentication) +

+
+
+CC +
+
+

+ Call Control (voice, circuit switched data, fax) +

+
+
+CM +
+
+

+ Connection Management +

+
+
+
+
+
+

Osmocom GSM components

+
+
+
+osmocom-cni.png +
+
+
+
+
+

Classic GSM network as digraph

+
+
+
+running-osmo-gsm__1.png +
+
+
+
+
+

Osmocom GSM network

+
+
+
+running-osmo-gsm__2.png +
+
+
+
+
+

Which BTS to use?

+
+
    +
  • + +Proprietary BTS of classic vendor + +
      +
    • + +Siemens BS-11 is what we started with + +
    • +
    • + +Nokia, Ericsson, and others available 2nd hand + +
    • +
    +
  • +
  • + +OsmoBTS software implementation, running with + +
      +
    • + +Proprietary HW + PHY (DSP): sysmoBTS, or + +
    • +
    • + +General purpose SDR (like USRP) + OsmoTRX + +
    • +
    +
  • +
+

We assume a sysmoBTS in the following tutorial

+
+
+
+

OsmoBTS Overview

+
+
+
+osmo-bts.svg +
+
+
    +
  • + +Implementation of GSM BTS + +
  • +
  • + +supports variety of hardware/PHY options + +
      +
    • + +osmo-bts-sysmo: BTS family by sysmocom + +
    • +
    • + +osmo-bts-trx: Used with OsmoTRX + general-purpose SDR + +
    • +
    • + +osmo-bts-octphy: Octasic OCTBTS hardware / OCTSDR-2G PHY + +
    • +
    • + +osmo-bts-litecell15: Nutaq Litecell 1.5 hardware/PHY + +
    • +
    +
  • +
+

See separate talk about BTS hardware options later today.

+
+
+
+

BTS Hardware vs. BTS software

+
+
    +
  • + +A classic GSM BTS is hardware + software + +
  • +
  • + +It has two interfaces + +
      +
    • + +Um to the radio side, towards phones + +
    • +
    • + +Abis to the wired back-haul side, towards BSC + +
    • +
    +
  • +
  • + +with today’s flexible architecture, this is not always true + +
      +
    • + +the hardware might just be a network-connected SDR and BTS software +runs o a different CPU/computer, or + +
    • +
    • + +the BTS and BSC, or even the NITB may run on the same board + +
    • +
    +
  • +
+
+
+
+

Physical vs. Logical Arch (sysmoBTS)

+
+
+
+running-osmo-gsm__3.png +
+
+
+
+running-osmo-gsm__4.png +
+
+
+
+
+

Physical vs. Logical Arch (SDR e.g. USRP B2xx)

+
+
+
+running-osmo-gsm__5.png +
+
+
+
+running-osmo-gsm__6.png +
+
+
+
+
+

IP layer traffic

+
+
    +
  • + +Abis/IP signaling runs inside IPA multiplex inside TCP + +
      +
    • + +Port 3002 and 3003 betewen BTS and BSC + +
    • +
    • + +Connections initiated from BTS to BSC + +
    • +
    +
  • +
  • + +Voice data is carried in RTP/UDP on dynamic ports + +
  • +
+

⇒ Make sure you permit the above communication in your +network/firewall config

+
+
+
+

Configuring Osmocom software

+
+
    +
  • + +all native Osmo* GSM infrastructure programs share common architecture, as + defined by various libraries libosmo{core,gsm,vty,abis,netif,…} + +
  • +
  • + +part of this is configuration handling + +
      +
    • + +interactive configuration via command line interface (vty), similar + to Cisco routers + +
    • +
    • + +based on a fork of the VTY code from Zebra/Quagga, now libosmovty + +
    • +
    +
  • +
  • + +you can manually edit the config file, + +
  • +
  • + +or use configure terminal and interactively change it + +
  • +
+
+
+
+

Configuring OsmoBTS

+
+
    +
  • + +OsmoBTS in our example scenario runs on the embedded ARM/Linux system + inside the sysmoBTS + +
  • +
  • + +we access the sysmoBTS via serial console or ssh + +
  • +
  • + +we then edit the configuration file /etc/osmocom/osmo-bts.cfg as + described in the following slide + +
  • +
+
+
+
+

Configuring OsmoBTS

+
+
+
+
bts 0
+ band DCS1800 <1>
+ ipa unit-id 1801 0 <2>
+ oml remote-ip 192.168.100.11 <3>
+
+
    +
  1. +

    +the GSM frequency band in which the BTS operates +

    +
  2. +
  3. +

    +the unit-id by which this BTS identifies itself to the BSC +

    +
  4. +
  5. +

    +the IP address of the BSC (to establish the OML connection towards it) +

    +
  6. +
+
+ + + +
+
Note
+
All other configuration is downloaded by the BSC via OML. So most +BTS settings are configured in the BSC/NITB configuration file.
+
+
+
+
+

Purpose of Unit ID

+
+
    +
  • + +Unit IDs consist of three parts: + +
      +
    • + +Site Number, BTS Number, TRX Number + +
    • +
    +
  • +
+
+
+running-osmo-gsm__7.png +
+
+
    +
  • + +source IP of all BTSs would be identical + +
  • +
+

⇒ BSC identifies BTS on Unit ID, not on Source IP!

+
+
+
+

Configuring Osmocom CNI

+
+
    +
  • + +Osmocom CNI is the collection of all the non-BTS Osmocom projects for 3GPP network operation, of which + the minimally required are osmo-bsc, osmo-msc and osmo-hlr. You also will need osmo-stp for SIGTRAN and osmo-mgw for user plane. + +
      +
    • + +just your usual git clone && autoreconf -fi && ./configure && make install + +
    • +
    • + +(in reality, the libosmo* dependencies are required first…) + +
    • +
    • + +nightly packages for Debian 9-11, buntu 19.x/20.x/21.x available + +
    • +
    +
  • +
  • + +runs on any Linux system, like your speakers' laptop + +
      +
    • + +you can actually also run it on the ARM/Linux of the sysmoBTS itself, + having a literal Network In The Box with power as only external + dependency + +
    • +
    +
  • +
+
+
+
+

Configuring Osmocom CNI

+
+
    +
  • + +each program has a config file + +
  • +
  • + +simple example given in doc/examples/osmo-*.cfg of each git repo + +
  • +
  • + +each program has a user manual and a VTY command reference manual + + +
  • +
+
+
+
+

What a GSM phone does after power-up

+
+
    +
  • + +Check SIM card for last cell before switch-off + +
      +
    • + +if that cell is found again, use that + +
    • +
    • + +if not, perform a network scan + +
        +
      • + +try to find strong carriers, check if they contain BCCH + +
      • +
      • + +create a list of available cells + networks + +
      • +
      • + +if one of the networks MCC+MNC matches first digits of IMSI, this is +the home network, which has preference over others + +
      • +
      +
    • +
    +
  • +
  • + +perform LOCATION UPDATE (TYPE=IMSI ATTACH) procedure to network + +
  • +
  • + +when network sends LOCATION UPDATE ACCEPT, camp on that cell + +
  • +
+

→ let’s check if we can perform LOCATION UPDATE on our own network

+
+
+
+

Verifying our network

+
+
    +
  • + +look at log output of Osmocom programs + +
      +
    • + +OsmoBTS will terminate if Abis cannot be set-up, expected to be re-spawned by init / systemd + +
    • +
    +
  • +
  • + +use MS to search for networks, try manual registration + +
  • +
  • + +observe registration attempts logging level mm info + +
  • +
+

→ should show LOCATION UPDATE request / reject / accept

+
    +
  • + +use the VTY to explore system state (show *) + +
  • +
  • + +use the VTY to change subscriber parameters like extension number + +
  • +
+
+
+
+

Exploring your GSM networks services

+
+
    +
  • + +use *#100# from any registered MS to obtain own number + +
  • +
  • + +voice calls from mobile to mobile + +
  • +
  • + +SMS from mobile to mobile + +
  • +
  • + +SMS to/from external applications (via SMPP) + +
  • +
  • + +voice to/from external PBX (via MNCC) + +
  • +
  • + +explore the VTY interfaces of all network elements + +
      +
    • + +send SMS from the command line + +
    • +
    • + +experiment with silent call feature + +
    • +
    • + +experiment with logging levels + +
    • +
    +
  • +
  • + +use wireshark to investigate GSM protocols + +
  • +
+
+
+
+

Using the VTY

+
+
    +
  • + +The VTY can be used not only to configure, but also to interactively + explore the system status (show commands) + +
  • +
  • + +Every Osmo* program has its own telnet port + +
  • +
+
+ +++ + + + + + + + + + + + + + + + + + + + + + +

Program

Telnet Port

OsmoBTS

4241

OsmoBSC

4242

OsmoMSC

4254

OsmoHLR

4258

+
+ +
+
+
+

Using the VTY (continued)

+
+
    +
  • + +context-sensitive command line interface like Cisco and many others + +
  • +
  • + +show commands to introspect + +
      +
    • + +try show bts, show trx, show lchan, show statistics, … + +
    • +
    +
  • +
  • + +enable + configure terminal for configuration mode + +
  • +
  • + +interactive reference, tab-completion + +
  • +
  • + +logging enable adds log target to VTY session + +
  • +
+
+
+
+

Further Reading

+
+ +
+
+
+

The End

+
+
    +
  • + +so long, and thanks for all the fish + +
  • +
  • + +I hope you have questions! + +
  • +
  • + +have fun exploring mobile technologies using Osmocom + +
  • +
  • + +interested in working with more acronyms? Come join the project! + +
  • +
  • + +Check out https://osmocom.org/ and openbsc@lists.osmocom.org + +
  • +
+
+
+ + -- cgit v1.2.3