Intro
-
we had GSM networks at CCC events since 2008
-
Initially using proprietary, E1-attached Siemens BTS and OpenBSC (later OsmoBSC)
-
we had GSM networks at European Hacker Camps since 2009 (HAR)
-
we had UMTS (3G) for a few years now, too
-
using Osmocom stack with OsmoHNBGW / OsmoMSC / OsmoSGSN
-
I’m still involved with developing the related software, but have handed over actual network operation at CCC events to a team around lynxis and bibor
-
this means I have time for playing with LTE
LTE
-
new network elements with new acronyms
LTE
-
new protocols on all layers of all interfaces
-
S1AP between eNodeB and MME
-
GTPv2C between MME and SGW and SGW and PGW
-
DIAMETER between everyone and HSS
FOSS LTE software
-
srsLTE for eNodeB and UE
-
main focus on UE; eNodeB features somewhat limited
-
super simplistic srsEPC suitable for only the scarcest of use cases
-
OpenAirInterface
-
obscure code base; difficult to build
-
very research oriented
-
RAN part under non-free, non-opensource but source available license
-
nextepc
-
the clear underdog
-
very capable; many features (SGs, handover on X2 and S1, SBc)
-
readable code!
nextepc
-
Implements all key LTE network (EPC) elements
interfacing with Osmocom 2G/3G core
-
shared subscriber (and key) database
-
LTE: HSS, speaking DIAMETER
-
2G/3G: HLR, speaking MAP (Osmocom:GSUP)
-
We need a so-called inter-working function (IWF)
-
translate from DIAMETER to GSUP and vice-versa
osmo_dia2gsup
-
Best FOSS DIAMETER support contained in Erlang/OTP
-
Fairwaves contributed GSUP protocol codec in Erlang
-
I wrote a translator for the two minimal procedures
-
AuthInfo (Obtain authentication tuples)
-
UpdateLocation (registration)
-
code at https://git.osmocom.org/erlang/osmo_dia2gsup/
Network layout (physical)
-
6 eNodeBs distributed around the camp inside select Datenklos
-
Ericsson RBS6402 with 23dBm in Band 7
-
back-haul over regular CCC Ethernet as separate VLAN
-
Stratum-0 NTP server with GPS receiver for eNB clock sync
-
built on Raspi 3B with gpsd + ntpd
-
Lenovo x240 Laptop running qemu-kvm for core network
-
runs nextepc MME, SGW, PGW
-
runs osmo_dia2gsup for translating DIAMETER to GSUP
-
Querying Camp 2G/3G OsmoHLR for subscriber data
Radio paramters
-
Telefonica O2 has provided (borrowed) 10 MHz of spectrum in Band 7 (2600 MHz)
-
We can use it either as one channel @ 10 MHz or two chnanels @ 5 MHz
-
first four days were operated using 5 MHz channels (3 eNB on each channel)
-
last day was operated using 10 MHz channels (6 eNB on same channel)
Results (1/2)
-
Telekom technician Peter "@33dBm" Schmidt has done some testing
Results (2/2)
-
Telekom technician Peter "@33dBm" Schmidt has done some testing
Thanks
-
to the Camp GSM team for operating 2G/3G
-
to Eventphone / POC for handling user registration UI and voice interconnect
-
to Sukchan Lee (@acetcom) for writing nextepc
-
to Dieter Spaar for all of his support during the past 10 years
-
to Peter Schmidt (@33dBm) for professional rive (bike ride) testing
-
to Telefonica O2 Germany for lending us some of their Band 7 frequencies