From 5dcf1fa55d5fcc8840f812db59ec010663ce33ed Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sat, 11 Mar 2017 22:25:20 +0100 Subject: slides for CLT2017 Open Source Cellular Networks talk --- .../Gsm_structures.svg | 15874 +++++++++++++++++++ .../gprs_user_stack.svg | 1357 ++ 2017/open_source_mobilfunk-clt2017/osmo-bts.svg | 342 + .../open_source_mobilfunk-clt2017/osmocom-gprs.svg | 1191 ++ 2017/open_source_mobilfunk-clt2017/osmocom-gsm.svg | 1980 +++ .../running-foss-gsm.adoc | 701 + 6 files changed, 21445 insertions(+) create mode 100644 2017/open_source_mobilfunk-clt2017/Gsm_structures.svg create mode 100644 2017/open_source_mobilfunk-clt2017/gprs_user_stack.svg create mode 100644 2017/open_source_mobilfunk-clt2017/osmo-bts.svg create mode 100644 2017/open_source_mobilfunk-clt2017/osmocom-gprs.svg create mode 100644 2017/open_source_mobilfunk-clt2017/osmocom-gsm.svg create mode 100644 2017/open_source_mobilfunk-clt2017/running-foss-gsm.adoc diff --git a/2017/open_source_mobilfunk-clt2017/Gsm_structures.svg b/2017/open_source_mobilfunk-clt2017/Gsm_structures.svg new file mode 100644 index 0000000..cd68155 --- /dev/null +++ b/2017/open_source_mobilfunk-clt2017/Gsm_structures.svg @@ -0,0 +1,15874 @@ + + + + + GSM structure + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + GSM structure + 2012-08-14 + + + Kevin Redon + + + structure of a GSM network, based on 3GPP TS 23.002 version 9.2.0 Release 9 + + + + icons from gnome + + + https://secure.wikimedia.org/wikipedia/commons/wiki/File:Gsm_structures.svg, https://commons.wikimedia.org/w/index.php?title=File:UMTS_structures.svg + + + + + + + + Structure of a GSM network + CN: Core Network + + MS: Mobile Station + + UE: UserEquipment + + ME: MobileEquipment + + ICC + + GERAN: GSM EDGE RadioAccess Network BSS: Base Station System + + GPRS PS:Packet Switched + + PS & CS + CS: CircuitSwitched + AN: Access Network + + + MSC: MobileSwitching Centre + HSS + + + + + + + Um + + SIM-ME + + Abis + + Gb + PSTN + A + + + + + Nb + Mc + + Nc + E + + B + C + + H + + D + G + + F + + Gf,Sv + + Gd + + Gn + + + Gc + Gp + Gi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + PSTN + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Internet + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + # + 0 + * + + + + + + + + + + + + BTS: BaseTransceiverStation + BSC:Base StationController + CS-MGW + SGSN + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + MT/TE + + + + + + + + + + + + SIM + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + GGSN + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + VLR + EIR + MSC server + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + # + 0 + * + + + + + + + + + + + + + + + + HLR + AuC + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + SMS-GMSC + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + # + 0 + * + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + # + 0 + * + + + + GMSC + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/2017/open_source_mobilfunk-clt2017/gprs_user_stack.svg b/2017/open_source_mobilfunk-clt2017/gprs_user_stack.svg new file mode 100644 index 0000000..6b702a2 --- /dev/null +++ b/2017/open_source_mobilfunk-clt2017/gprs_user_stack.svg @@ -0,0 +1,1357 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + MAC + RLC + LLC + + LLC + + E1 + + + IP + Ethernet + + GTP-U + + + IP + Ethernet + + GTP-U + + + + + + PhysicalLayer + + + + + + + Um + A-bis + Gb + Gn + MS + BTS+CCU + BSC+PCU + SGSN + GGSN + GPRS User Plane + + + FrameRelay + NS + + BSSGP + + + E1 + + PhysicalLayer + TRAUFraming + + + MAC + RLC + + + E1 + + + + E1 + FrameRelay + NS + + BSSGP + TRAUFraming + + + UDP + + UDP + SNDCP + + SNDCP + + + + IP + + + + IP + + + + + TCP + + + + TCP + + + + HTTP + + + + HTTP + + + + + + + diff --git a/2017/open_source_mobilfunk-clt2017/osmo-bts.svg b/2017/open_source_mobilfunk-clt2017/osmo-bts.svg new file mode 100644 index 0000000..5f24c35 --- /dev/null +++ b/2017/open_source_mobilfunk-clt2017/osmo-bts.svg @@ -0,0 +1,342 @@ + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + Abis/IP + + + + SDR Hardware + + + + OsmoTRX + + + + Transceiver + + + + + + + + VTY + OsmoBTS + + + osmo-bts-trx + + + + osmo-bts-sysmo + + + + CTRL + + + + + sysmoBTS PHYsysmoBTS Hardware + + + + + diff --git a/2017/open_source_mobilfunk-clt2017/osmocom-gprs.svg b/2017/open_source_mobilfunk-clt2017/osmocom-gprs.svg new file mode 100644 index 0000000..0506053 --- /dev/null +++ b/2017/open_source_mobilfunk-clt2017/osmocom-gprs.svg @@ -0,0 +1,1191 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + Gb/IP + + + sysmoBTS direct PHY access + PCU Sock + + + SDR Hardware + + + + OsmoTRX + + + + Transceiver + + + + + + + + VTY + OsmoBTS + + + osmo-bts-trx + + + + osmo-bts-sysmo + + + + CTRL + + + + + sysmoBTS PHYsysmoBTS Hardware + + + + + Abis/IP + + + + + VTY + + + + CTRL + + + OsmoSGSN + + OsmoNITB + + + VTY + + + + CTRL + + Includes functionality of* BSC* MSC/VLR* HLR/AUC* SMSC + + OsmoPCU + + + CTRL + + + + VTY + + + + + + GTP/IP + + + + OpenGGSN + + + + + + SMPP + + + + MNCC + + + diff --git a/2017/open_source_mobilfunk-clt2017/osmocom-gsm.svg b/2017/open_source_mobilfunk-clt2017/osmocom-gsm.svg new file mode 100644 index 0000000..8f2ac6d --- /dev/null +++ b/2017/open_source_mobilfunk-clt2017/osmocom-gsm.svg @@ -0,0 +1,1980 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + Gb/IP + + + + Abis/IP + + + sysmoBTS direct PHY access + PCU Sock + + + SDR Hardware + + + + OsmoTRX + + + + Transceiver + + + + + + + + VTY + OsmoBTS + + + osmo-bts-trx + + + + osmo-bts-sysmo + + + + CTRL + + + + + sysmoBTS PHYsysmoBTS Hardware + + + + + Abis/IP + + + OsmoBSC + + + VTY + + + + CTRL + + + + + + + VTY + + + + CTRL + + + OsmoSGSN + + + + A/IP + + OsmoNITB + + + VTY + + + + CTRL + + Includes functionality of* BSC* MSC/VLR* HLR/AUC* SMSC + + OsmoPCU + + + CTRL + + + + VTY + + + + + + Gb/IP + + + + 3rd Party SGSN + + + + GTP/IP + + + + GTP/IP + + + + OpenGGSN + + + + 3rd PartyGGSN + + + + GTP/IP + + + + GTP/IP + + + + OpenGGSN + + + + 3rd PartyGGSN + + + + 3rd Party MSC + and/or existing othercore network elements + + + + + Linux Call Router + SoftSwitch / PBX + + SIP + + + + + E1/PRI + + + + BRI + + + External SMSApplications + + + SS7 + + + + SS7 + + + + SS7 + + + + 3rd Party BTS + Some support for* Siemens* Nokia* Ericsson* ip.access + + + + + Abis/IP + + + + Abis/E1 + + + + SMPP + + + + MNCC + + + diff --git a/2017/open_source_mobilfunk-clt2017/running-foss-gsm.adoc b/2017/open_source_mobilfunk-clt2017/running-foss-gsm.adoc new file mode 100644 index 0000000..45ce701 --- /dev/null +++ b/2017/open_source_mobilfunk-clt2017/running-foss-gsm.adoc @@ -0,0 +1,701 @@ +Open Source Cellular Networks +============================= +:author: Harald Welte +:copyright: sysmocom - s.f.m.c. GmbH (License: CC-BY-SA) +:backend: slidy +:max-width: 45em +//:data-uri: +//:icons: + + +== What this talk is about + +[role="incremental"] +* Implementing GSM/GPRS network elements as FOSS +* Applied Protocol Archeology +* Doing all of that on top of Linux (in userspace) +* If you expeccted kernel stuff, you'll be disappointed + + +== Running your own Internet-style network + +* use off-the-shelf hardware (x86, Ethernet card) +* use any random Linux distribution +* configure Linux kernel TCP/IP network stack +** enjoy fancy features like netfilter/iproute2/tc +* use apache/lighttpd/nginx on the server +* use Firefox/chromium/konqueor/lynx on the client +* do whatever modification/optimization on any part of the stack + + +== Running your own GSM network + +Until 2009 the situation looked like this: + +* go to Ericsson/Huawei/ZTE/Nokia/Alcatel/... +* spend lots of time convincing them that you're an eligible customer +* spend a six-digit figure for even the most basic full network +* end up with black boxes you can neither study nor improve + +[role="incremental"] +- WTF? +- I've grown up with FOSS and the Internet. I know a better world. + + +== Why no cellular FOSS? + +- both cellular (2G/3G/4G) and TCP/IP/HTTP protocol specs are publicly + available for decades. Can you believe it? +- Internet protocol stacks have lots of FOSS implementations +- cellular protocol stacks have no FOSS implementations for the + first almost 20 years of their existence? +[role="incremental"] +- it's the classic conflict + * classic circuit-switched telco vs. the BBS community + * ITU-T/OSI/ISO vs. Arpanet and TCP/IP + + +== Enter Osmocom + +In 2008, some people started to write FOSS for GSM + +- to boldly go where no FOSS hacker has gone before +[role="incremental"] +** where protocol stacks are deep +** and acronyms are plentiful +** we went from `bs11-abis` to `bsc_hack` to 'OpenBSC' +** many other related projects were created +** finally leading to the 'Osmocom' umbrella project + + +== Classic GSM network architecture + +image::Gsm_structures.svg[width=850] + + +== GSM Acronyms, Radio Access Network + +MS:: + Mobile Station (your phone) +BTS:: + Base Transceiver Station, consists of 1..n TRX +TRX:: + Transceiver for one radio channel, serves 8 TS +TS:: + Timeslots in the GSM radio interface; each runs a specific combination of logical channels +BSC:: + Base Station Controller + + +== GSM Acronyms, Core Network + +MSC:: + Mobile Switching Center; Terminates MM + CC Sub-layers + +HLR:: + Home Location Register; Subscriber Database + +SMSC:: + SMS Service Center + + +== GSM Acronyms, Layer 2 + 3 + +LAPDm:: + Link Access Protocol, D-Channel. Like LAPD in ISDN +RR:: + Radio Resource (establish/release dedicated channels) +MM:: + Mobility Management (registration, location, authentication) +CC:: + Call Control (voice, circuit switched data, fax) +CM:: + Connection Management + + +== Osmocom GSM components + +image::osmocom-gsm.svg[width=850] + + +== Classic GSM network as digraph + +[graphviz] +---- +digraph G { + rankdir=LR; + MS0 [label="MS"] + MS1 [label="MS"] + MS2 [label="MS"] + MS3 [label="MS"] + BTS0 [label="BTS"] + BTS1 [label="BTS"] + MSC [label="MSC/VLR"] + HLR [label="HLR/AUC"] + MS0->BTS0 [label="Um"] + MS1->BTS0 [label="Um"] + MS2->BTS1 [label="Um"] + MS3->BTS1 [label="Um"] + BTS0->BSC [label="Abis"] + BTS1->BSC [label="Abis"] + BSC->MSC [label="A"] + MSC->HLR [label="C"] + MSC->EIR [label="F"] + MSC->SMSC +} +---- + +== Simplified OsmoNITB GSM network + +[graphviz] +---- +digraph G { + rankdir=LR; + MS0 [label="MS"] + MS1 [label="MS"] + MS2 [label="MS"] + MS3 [label="MS"] + BTS0 [label="BTS"] + BTS1 [label="BTS"] + MS0->BTS0 [label="Um"] + MS1->BTS0 [label="Um"] + MS2->BTS1 [label="Um"] + MS3->BTS1 [label="Um"] + BTS0->BSC [label="Abis"] + BTS1->BSC [label="Abis"] + subgraph cluster_nitb { + label = "OsmoNITB"; + BSC + MSC [label="MSC/VLR"] + HLR [label="HLR/AUC"] + BSC->MSC [label="A"] + MSC->HLR [label="C"] + MSC->EIR [label="F"] + MSC->SMSC; + } +} +---- + +which further reduces to the following minimal setup: + +[graphviz] +---- +digraph G { + rankdir=LR; + MS0 [label="MS"] + BTS0 [label="BTS"] + MS0->BTS0 [label="Um"] + BTS0->BSC [label="Abis"] + BSC [label="OsmoNITB"]; +} +---- + +So our minimal setup is a 'Phone', a 'BTS' and 'OsmoNITB'. + + +== Which BTS to use? + +* Proprietary BTS of classic vendor +** Siemens BS-11 is what we started with +** Nokia, Ericsson, and others available 2nd hand +* 'OsmoBTS' software implementation, running with +** Proprietary HW + PHY (DSP): 'sysmoBTS', or +** General purpose SDR (like USRP) + 'OsmoTRX' + +We assume a sysmoBTS in the following tutorial + + +== OsmoBTS Overview + +image::osmo-bts.svg[] + +* Implementation of GSM BTS +* supports variety of hardware/PHY options +** `osmo-bts-sysmo`: BTS family by sysmocom +** `osmo-bts-trx`: Used with 'OsmoTRX' + general-purpose SDR +** `osmo-bts-octphy`: Octasic OCTBTS hardware / OCTSDR-2G PHY +** `osmo-bts-litecell15`: Nutaq Litecell 1.5 hardware/PHY + + +== Configuring Osmocom software + +* all Osmo* GSM infrastructure programs share common architecture, as + defined by various libraries 'libosmo{core,gsm,vty,abis,netif,...}' +* part of this is configuration handling +** interactive configuration via command line interface (*vty*), similar + to Cisco routers +** based on a fork of the VTY code from Zebra/Quagga, now 'libosmovty' +* you can manually edit the config file, +* or use `configure terminal` and interactively change it + + +== Configuring OsmoBTS + +* 'OsmoBTS' in our example scenario runs on the embedded ARM/Linux system + inside the 'sysmoBTS' +* we access the 'sysmoBTS' via serial console or ssh +* we then edit the configuration file `/etc/osmocom/osmo-bts.cfg` as + described in the following slide + + +== Configuring OsmoBTS + +---- +bts 0 + band DCS1800 <1> + ipa unit-id 1801 0 <2> + oml remote-ip 192.168.100.11 <3> +---- +<1> the GSM frequency band in which the BTS operates +<2> the unit-id by which this BTS identifies itself to the BSC +<3> the IP address of the BSC (to establish the OML connection towards it) + +NOTE: All other configuration is downloaded by the BSC via OML. So most +BTS settings are configured in the BSC/NITB configuration file. + + +== Configuring OsmoNITB + +* 'OsmoNITB' is the `osmo-nitb` executable built from the `openbsc` + source tree / git repository +* just your usual `git clone && autoreconf -fi && ./configure && make install` +** (in reality, the `libosmo*` dependencies are required first...) +* 'OsmoNITB' runs on any Linux system, like your speakers' laptop +** you can actually also run it on the ARM/Linux of the 'sysmoBTS' itself, + having a literal 'Network In The Box' with power as only external + dependency + + +== Configuring OsmoNITB + +---- +network + network country code 1 <1> + mobile network code 1 <2> + shot name Osmocom <3> + long name Osmocom + auth policy closed <4> + encryption a5 0 <5> +---- +<1> MCC (Country Code) e.g. 262 for Germany; 1 == Test +<2> MNC (Network Code) e.g. mcc=262, mnc=02 == Vodafone; 1 == Test +<3> Operator name to be sent to the phone *after* registration +<4> Only accept subscribers (SIM cards) explicitly authorized in HLR +<5> Use A5/0 (== no encryption) + + +== Configuring BTS in OsmoNITB (BTS) + +---- +network + bts 0 + type sysmobts <1> + band DCS1800 <2> + ms max power 33 <3> + periodic location update 6 <4> + ip.access unit_id 1801 0 <5> + codec-support fr hr efr amr <6> +---- +<1> type of the BTS that we use (must match BTS) +<2> frequency band of the BTS (must match BTS) +<3> maximum transmit power phones are permitted (33 dBm == 2W) +<4> interval at which phones should send periodic location update (6 minutes) +<5> Unit ID of the BTS (must match BTS) +<6> Voice codecs supported by the BTS + + +== Configuring BTS in OsmoNITB (TRX) + +---- +network + bts 0 + trx 0 + arfcn 871 <1> + max_power_red 0 <2> + timeslot 0 + phys_chan_config CCCH+SDCCH4 <3> + timeslot 1 + phys_chan_config TCH/F <4> + ... + timeslot 7 + phys_chan_config PDCH <5> +---- +<1> The RF channel number used by this TRX +<2> The maximum power *reduction* in dBm. 0 = no reduction +<3> Every BTS needs need one timeslot with a CCCH +<4> We configure TS1 to TS6 as TCH/F for voice +<5> We configure TS6 as PDCH for GPRS + + +== What a GSM phone does after power-up + +* Check SIM card for last cell before switch-off +** if that cell is found again, use that +** if not, perform a network scan +*** try to find strong carriers, check if they contain BCCH +*** create a list of available cells + networks +*** if one of the networks MCC+MNC matches first digits of 'IMSI', this is +the home network, which has preference over others +* perform 'LOCATION UPDATE' (TYPE=IMSI ATTACH) procedure to network +* when network sends 'LOCATION UPDATE ACCEPT', *camp* on that cell + +-> let's check if we can perform 'LOCATION UPDATE' on our own network + + +== Verifying our network + +* look at stderr of 'OsmoBTS' and 'OsmoNITB' +** 'OsmoBTS' will terminate if Abis cannot be set-up +** expected to be re-spawned by init / systemd +* use MS to search for networks, try manual registration +* observe registration attempts `logging level mm info` + +-> should show 'LOCATION UPDATE' request / reject / accept + +* use the VTY to explore system state (`show *`) +* use the VTY to change subscriber parameters like extension number + + +== Exploring your GSM networks services + +* use `*#100#` from any registered MS to obtain own number +* voice calls from mobile to mobile +* SMS from mobile to mobile +* SMS to/from external applications (via SMPP) +* voice to/from external PBX (via MNCC) +* explore the VTY interfaces of all network elements +** send SMS from the command line +** experiment with 'silent call' feature +** experiment with logging levels +* use wireshark to investigate GSM protocols + + +== Using the VTY + +* The VTY can be used not only to configure, but also to interactively + explore the system status (`show` commands) +* Every Osmo* program has its own telnet port +|=== +|Program|Telnet Port +|OsmoPCU|4240 +|OsmoBTS|4241 +|OsmoNITB|4242 +|OsmoSGSN|4245 +|=== +* ports are bound to 127.0.0.1 by default +* try tab-completion, `?` and `list` commands + +== Using the VTY (continued) + +* e.g. `show subsciber` to display data about subscriber: +---- +OpenBSC> show subscriber imsi 901700000003804 + ID: 12, Authorized: 1 + Extension: 3804 + LAC: 0/0x0 + IMSI: 901700000003804 + TMSI: F2D4FA0A + Expiration Time: Mon, 07 Dec 2015 09:45:16 +0100 + Paging: not paging Requests: 0 + Use count: 1 +---- + +* try `show bts`, `show trx`, `show lchan`, `show statistics`, ... + + +== Extending the network with GPRS + +Now that GSM is working, up to the next challenge! + +* Classic GSM is circuit-switched only +* Packet switched support introduced first with GPRS +* GPRS adds new network elements (PCU, SGSN, GGSN) +* tunnel for external packet networks like IP/Internet +* tunnel terminates in MS and on GGSN + + +== Extending the network with GPRS support + +[graphviz] +---- +digraph G { + rankdir=LR; + MS0 [label="MS"] + MS1 [label="MS"] + MS2 [label="MS"] + MS3 [label="MS"] + BTS0 [label="BTS"] + BTS1 [label="BTS"] + MSC [label="MSC/VLR"] + HLR [label="HLR/AUC"] + MS0->BTS0 [label="Um"] + MS1->BTS0 [label="Um"] + MS2->BTS1 [label="Um"] + MS3->BTS1 [label="Um"] + BTS0->BSC [label="Abis"] + BTS1->BSC [label="Abis"] + BSC->MSC [label="A"] + MSC->HLR [label="C"] + MSC->EIR [label="F"] + MSC->SMSC + + BTS0->PCU + subgraph cluster_gprs { + label = "GPRS Add-On" + PCU->SGSN [label="Gb"] + SGSN->GGSN [label="GTP"] + } +} +---- + +* 'PCU': Packet Control Unit. Runs RLC+MAC +* 'SGSN': Serving GPRS Support Node (like VLR/MSC) +* 'GGSN': Gateway GPRS Support Node (terminates tunnels) + + +== GPRS Signalling basics + +* GPRS Mobility Management (GMM) +** just like GSM Mobility Management (MM) +*** 'GPRS ATTACH', 'ROUTING AREA UPDATE', 'AUTHENTICATION' +* GPRS Session Management (SM) +** establishment, management and tear-down of packet data tunnels +*** independent from IP, but typically IP(v4) is used +*** 'PDP Context' (Activation | Deactivation | Modification) + + +== GPRS Protocol Stack + +image::gprs_user_stack.svg[width=850] + + +== GPRS Acronyms, Protocol Stack + +* Layer 3 +** 'SM': Session Management (PDP contexts) +** 'GMM': GPRS Mobility Management (like MM) +* Layer 2 +** 'MAC': Medium Access Control +** 'LLC': Link Layer Control (segmentation, compression, encryption) +** 'RLC': Radio Link Control +** 'SNDCP': Sub-Network Dependent Convergence Protocol + +[role="incremental"] +- Scotty to the bridge: 'You have to re-modulate the sub-network dependent convergence protocols!' + + +== Simplified OsmoNITB network with GPRS + +[graphviz] +---- +digraph G { + rankdir=LR; + MS0 [label="MS"] + BTS0 [label="OsmoBTS"] + BSC [label="OsmoNITB"] + PCU [label="OsmoPCU"] + SGSN [label="OsmoSGSN"] + GGSN [label="OpenGGSN"] + MS0->BTS0 [label="Um"] + BTS0->BSC [label="Abis"] + BTS0->PCU + subgraph cluster_gprs { + label = "GPRS Add-On" + PCU->SGSN [label="Gb"] + SGSN->GGSN [label="GTP"] + } +} +---- + +* 'OsmoPCU' is co-located with 'OsmoBTS' +** connects over unix-domain PCU socket to BTS +* 'OsmoSGSN' can run on any Linux machine +* 'OpenGGSN' can run on any Linux machine +** `tun` device is used for tunnel endpoints +* circuit-switched and packet-switched networks are completely separate + +We need to configure those additional components to provide GPRS +services. + +== Simplified OsmoNITB network with GPRS + +image::osmocom-gprs.svg[width=750] + +//* show IP addresses at nodes +//* show GSM functional elements, Osmocom programs and hardware + + +== Configuring OsmoPCU + +We assume we have obtained and compiled the `osmo-pcu` from +git://git.osmocom.org/osmo-pcu + +* 'OsmoPCU' runs co-located with 'OsmoBTS' to access/share the same PHY + Radio +* 'OsmoPCU' is primarily configured from 'OsmoBTS' +* 'OsmoBTS' receives relevant config via A-bis OML +* 'OsmoNITB' sends those OML messages to OsmoBTS +** we thus need to set the PCU configuration in the NITB config file! + + +== BTS config for GPRS (in OsmoNITB) + +---- + bts 0 + gprs mode gprs <1> + gprs nsei 1234 <2> + gprs nsvc 0 nsvci 1234 <3> + gprs nsvc 0 local udp port 23000 <4> + gprs nsvc 0 remote ip 192.168.1.11 <5> + gprs nsvc 0 remote udp port 23000 <6> +---- +<1> enable `gprs` or `egprs` mode +<2> NSEI for the NS protocol layer (unique for each PCU in SGSN) +<3> NSVCI for the NS protocol layer (unique for each PCU in SGSN) +<4> UDP port on PCU side of Gb connection +<5> IP address of SGSN side of Gb connection +<6> UDP port on SGSN side of Gb connection + + +== Configuring OsmoSGSN (Gb and GTP) + +---- +ns + encapsulation udp local-ip 192.168.100.11 <1> + encapsulation udp local-port 23000 <2> +sgsn + gtp local-ip 127.0.0.2 <3> + ggsn 0 remote-ip 127.0.0.1 <4> + ggsn 0 gtp-version 1 <5> + apn * ggsn 0 <6> +---- +<1> SGSN-local IP address for Gb connection from PCUs +<2> SGSN-local UDP port number for Gb connection from PCUs +<3> SGSN-local IP address for GTP connection to GGSN +<4> remote IP address for GTP connection to GGSN +<5> GTP protocol version for this GGSN +<6> route all APN names to GGSN 0 + + +== Configuring OsmoSGSN (subscribers) + +'OsmoSGSN' (still) has no access to the 'OsmoNITB' HLR, thus all IMSIs +permitted to use GPRS services need to be explicitly configured. + +---- +sgsn + auth-policy closed <1> + imsi-acl add 262778026147135 <2> +---- +<1> only allow explicitly authorized/white-listed subscribers +<2> add given IMSI to the white-list of subscribers + + +== Setting up OpenGGSN + +In `ggsn.cfg` we need to set: + +---- +listen 172.0.0.1 <1> +net 10.23.24.0/24 <2> +dynip 10.23.42.0/24 <3> +pcodns1 8.8.8.8 <4> +---- +<1> IP address to bind GSN to. +<2> network/mask of `tun` device +<3> pool of dynamic IP addresses allocated to PDP contexts +<4> IP address of DNS server (communicated to MS via signalling) + + +== Testing GPRS + +* Check if `osmo-pcu`, `osmo-sgsn`, `openggsn` are running +* Check if NS and BSSGP protocols are UNBLOCKED at SGSN +** If not, check your NS/BSSGP configuration +* Check for GPRS registration using `logging level mm info` in SGSN + + +== Osmocom beyond GSM/GPRS RAN + NITB + +* Smalltalk implementation of SIGTRAN + TCAP/MAP +* Erlang implementation of SIGTRAN + TCAP/MAP +* Lots of special-purpose protocol mangling +** `bsc-nat` to introduce NAT-like functionality on A (BSSAP/BSSMAP) +** `mgw-nat` to transparently re-write MAP/ISUP/SCCP +* GSMTAP pseudo-header for feeding non-IP protocols into wireshark +* SIM card protocol tracer hardware + software +* Lots of non-GSM projects from hardware to protocol stacks (TETRA, GMR, DECT, OP25) +* check http://git.osmocom.org/ for full project list + + +== So... I heard about OpenBTS? + +* OpenBTS is completely unrelated to the Osmocom stack +* was independently developed by David Burgess & Harvind Simra +** Kestrel Signal Processing -> Range Networks +* doesn't follow GSM system architecture at all +** no Abis, BSC, PCU, SGSN, GGSN +* is a bridge of the GSM air interface (Um) to SIP +* Osmocom follows classic GSM interfaces / system architecture +* 'OsmoTRX' forked 'OpenBTS' SDR code to use 'OsmoBTS' with SDR hardware + + +== FOSS 2.75G (EDGE) + +* EDGE extends GPRS with higher data rates +** 8PSK instead of GMSK modulation +** lots of new MAC/RLC features (larger windows, incremental redundancy) +** No changes required in 'OmsoSGSN' and 'OsmoGGSN' +* 'OsmoPCU' is extended with EDGE support +** implementation not as mature as GPRS +** easy to enable, simply use `gprs mode egprs` in BSC config + + +== FOSS 3G/3.5G (UMTS/WCDMA) + +* UMTS very similar to GSM/GPRS in principle +** still, almost every interface and protocol stack has changed +** all elements have been renamed -> more acronyms to learn +* UMTS is ridiculously complex, particular PHY + Layer 2 +** however, control plane L3 (MM/CC/CM/SM/GMM) mostly the same +* Implementing all of that from scratch is a long journey +* We've already reached 'Peak 3G' +* Osmocom 3G support strategy +** Implement Iu interface in NITB and SGSN +** Implement HNB-GW to offer Iuh interface (osmo-hnbgw) +** Use existing femtocell / small cell hardware with proprietary PHY, RLC and MAC +** Status: Signaling, SMS and Voice working, not all code in master branch yet + + +== Outlook on FOSS 4G (LTE) + +* LTE has nothing in common with 2G/3G +* various FOSS activities +** 'OpenAirInterface' has some code for a software eNodeB +*** but they switched from GPLv3 to 'non-free' license :( +** 'srsLTE' (main focus on UE side, but large parts usable for eNodeB side) +** 'OpenLTE' is another active FOSS project +* No Osmocom involvement so far +** team is small, project scope of cellular infrastructure is gigantic +** most customer funding currently still on GSM/GPRS/EDGE +** if we'd start, we'd start implementing MME + S-GW and use existing +LTE cells, similar to 3.5G strategy + + +== The End + +* so long, and thanks for all the fish +* I hope you have questions! + +[role="incremental"] +* have fun exploring mobile technologies using Osmocom +* interested in working with more acronyms? Come join the project! + +* Check out http://openbsc.osmocom.org/ and openbsc@lists.osmocom.org + +== Thanks to + +* CLT Organizers and Volunteersfor running this event, for so many years! +* the entire Osmocom team for what they have achieved +** notably Dieter Spaar, Holger Freyther, Andreas Eversberg, Sylvain Munaut +* last but not least: CEPT for making the GSM specs English +** (who'd want to read French specs anyway?) -- cgit v1.2.3