What this talk is about

Running your own Internet-style network

Running your own GSM network

Until 2009 the situation looked like this:

Why no cellular FOSS?

Enter Osmocom

In 2008, some people started to write FOSS for GSM

Classic GSM network architecture

Gsm_structures.svg

GSM Acronyms, Radio Access Network

MS

Mobile Station (your phone)

BTS

Base Transceiver Station, consists of 1..n TRX

TRX

Transceiver for one radio channel, serves 8 TS

TS

Timeslots in the GSM radio interface; each runs a specific combination of logical channels

BSC

Base Station Controller

GSM Acronyms, Core Network

MSC

Mobile Switching Center; Terminates MM + CC Sub-layers

HLR

Home Location Register; Subscriber Database

SMSC

SMS Service Center

GSM Acronyms, Layer 2 + 3

LAPDm

Link Access Protocol, D-Channel. Like LAPD in ISDN

RR

Radio Resource (establish/release dedicated channels)

MM

Mobility Management (registration, location, authentication)

CC

Call Control (voice, circuit switched data, fax)

CM

Connection Management

Osmocom GSM components

osmocom-gsm.svg

Classic GSM network as digraph

running-foss-gsm__1.png

Simplified OsmoNITB GSM network

running-foss-gsm__2.png

which further reduces to the following minimal setup:

running-foss-gsm__3.png

So our minimal setup is a Phone, a BTS and OsmoNITB.

Which BTS to use?

We assume a sysmoBTS in the following tutorial

OsmoBTS Overview

osmo-bts.svg

Configuring Osmocom software

Configuring OsmoBTS

Configuring OsmoBTS

bts 0
 band DCS1800 <1>
 ipa unit-id 1801 0 <2>
 oml remote-ip 192.168.100.11 <3>
  1. the GSM frequency band in which the BTS operates

  2. the unit-id by which this BTS identifies itself to the BSC

  3. the IP address of the BSC (to establish the OML connection towards it)

Note
All other configuration is downloaded by the BSC via OML. So most BTS settings are configured in the BSC/NITB configuration file.

Configuring OsmoNITB

Configuring OsmoNITB

network
 network country code 1 <1>
 mobile network code 1 <2>
 shot name Osmocom <3>
 long name Osmocom
 auth policy closed <4>
 encryption a5 0 <5>
  1. MCC (Country Code) e.g. 262 for Germany; 1 == Test

  2. MNC (Network Code) e.g. mcc=262, mnc=02 == Vodafone; 1 == Test

  3. Operator name to be sent to the phone after registration

  4. Only accept subscribers (SIM cards) explicitly authorized in HLR

  5. Use A5/0 (== no encryption)

Configuring BTS in OsmoNITB (BTS)

network
 bts 0
  type sysmobts <1>
  band DCS1800 <2>
  ms max power 33 <3>
  periodic location update 6 <4>
  ip.access unit_id 1801 0 <5>
  codec-support fr hr efr amr <6>
  1. type of the BTS that we use (must match BTS)

  2. frequency band of the BTS (must match BTS)

  3. maximum transmit power phones are permitted (33 dBm == 2W)

  4. interval at which phones should send periodic location update (6 minutes)

  5. Unit ID of the BTS (must match BTS)

  6. Voice codecs supported by the BTS

Configuring BTS in OsmoNITB (TRX)

network
 bts 0
  trx 0
   arfcn 871 <1>
   max_power_red 0 <2>
   timeslot 0
    phys_chan_config CCCH+SDCCH4 <3>
   timeslot 1
    phys_chan_config TCH/F <4>
    ...
   timeslot 7
    phys_chan_config PDCH <5>
  1. The RF channel number used by this TRX

  2. The maximum power reduction in dBm. 0 = no reduction

  3. Every BTS needs need one timeslot with a CCCH

  4. We configure TS1 to TS6 as TCH/F for voice

  5. We configure TS6 as PDCH for GPRS

What a GSM phone does after power-up

→ let’s check if we can perform LOCATION UPDATE on our own network

Verifying our network

→ should show LOCATION UPDATE request / reject / accept

Exploring your GSM networks services

Using the VTY

Program

Telnet Port

OsmoPCU

4240

OsmoBTS

4241

OsmoNITB

4242

OsmoSGSN

4245

Using the VTY (continued)

OpenBSC> show subscriber imsi 901700000003804
    ID: 12, Authorized: 1
    Extension: 3804
    LAC: 0/0x0
    IMSI: 901700000003804
    TMSI: F2D4FA0A
    Expiration Time: Mon, 07 Dec 2015 09:45:16 +0100
    Paging: not paging Requests: 0
    Use count: 1

Extending the network with GPRS

Now that GSM is working, up to the next challenge!

Extending the network with GPRS support

running-foss-gsm__4.png

GPRS Signalling basics

GPRS Protocol Stack

gprs_user_stack.svg

GPRS Acronyms, Protocol Stack

Simplified OsmoNITB network with GPRS

running-foss-gsm__5.png

We need to configure those additional components to provide GPRS services.

Simplified OsmoNITB network with GPRS

osmocom-gprs.svg

Configuring OsmoPCU

We assume we have obtained and compiled the osmo-pcu from git://git.osmocom.org/osmo-pcu

BTS config for GPRS (in OsmoNITB)

 bts 0
  gprs mode gprs <1>
  gprs nsei 1234 <2>
  gprs nsvc 0 nsvci 1234 <3>
  gprs nsvc 0 local udp port 23000 <4>
  gprs nsvc 0 remote ip 192.168.1.11 <5>
  gprs nsvc 0 remote udp port 23000 <6>
  1. enable gprs or egprs mode

  2. NSEI for the NS protocol layer (unique for each PCU in SGSN)

  3. NSVCI for the NS protocol layer (unique for each PCU in SGSN)

  4. UDP port on PCU side of Gb connection

  5. IP address of SGSN side of Gb connection

  6. UDP port on SGSN side of Gb connection

Configuring OsmoSGSN (Gb and GTP)

ns
 encapsulation udp local-ip 192.168.100.11 <1>
 encapsulation udp local-port 23000 <2>
sgsn
 gtp local-ip 127.0.0.2 <3>
 ggsn 0 remote-ip 127.0.0.1 <4>
 ggsn 0 gtp-version 1 <5>
 apn * ggsn 0 <6>
  1. SGSN-local IP address for Gb connection from PCUs

  2. SGSN-local UDP port number for Gb connection from PCUs

  3. SGSN-local IP address for GTP connection to GGSN

  4. remote IP address for GTP connection to GGSN

  5. GTP protocol version for this GGSN

  6. route all APN names to GGSN 0

Configuring OsmoSGSN (subscribers)

OsmoSGSN (still) has no access to the OsmoNITB HLR, thus all IMSIs permitted to use GPRS services need to be explicitly configured.

sgsn
 auth-policy closed <1>
 imsi-acl add 262778026147135 <2>
  1. only allow explicitly authorized/white-listed subscribers

  2. add given IMSI to the white-list of subscribers

Setting up OpenGGSN

In ggsn.cfg we need to set:

listen 172.0.0.1 <1>
net 10.23.24.0/24 <2>
dynip 10.23.42.0/24 <3>
pcodns1 8.8.8.8 <4>
  1. IP address to bind GSN to.

  2. network/mask of tun device

  3. pool of dynamic IP addresses allocated to PDP contexts

  4. IP address of DNS server (communicated to MS via signalling)

Testing GPRS

Osmocom beyond GSM/GPRS RAN + NITB

So… I heard about OpenBTS?

FOSS 2.75G (EDGE)

FOSS 3G/3.5G (UMTS/WCDMA)

Outlook on FOSS 4G (LTE)

The End

Thanks to