add slides from telcosecday

2016/telcosecday/abstract.txt

@@ -0,0 +1,28 @@
+Open Source Network Elements for Security Analysis of Mobile Networks
+
+For almost 20 years, digital cellular networks have been without Free /
+Open Source software implementations of any of their protocols or
+netwokr elements.
+
+In 2008, the two independent and architecturally completely different
+projects OpenBTS and OpenBSC have changed that for 2G networks.  In
+2010, they were followed by OsmocomBB, an Open Source implementation of
+the GSM Mobile Station protocol stack.
+
+It is not a coincidence that the above proejcts were a (if not the) key
+enabler behind a lot of the cellular technology security research that
+followed in the years after.
+
+Despite being of such prominent importance for researching (and
+ultimately improving) cellular security, the mobile industry has not
+learned from 2G and not taken up the cause to funded or support the
+development of Open Source reference implementations of later (3G / 4G)
+protocols and network elements.
+
+Despite the lack of support, the Osmocom project has started an
+implementatation of the 3G core netwokr elements and is actively working
+towards IuCS, IuPS and Iuh support in OsmoNITB and OsmoSGSN.  The first
+working alpha-versions of this are expected to be available at the end
+of Q1/2016.  Let's hope they can have an equal impact in spawning
+cellular security research than the releases of OpenBSC and OsmocomBB in
+the past.

2016/telcosecday/bio.txt

@@ -0,0 +1,36 @@
+Harald Welte is a data communications freelancer, enthusiast and hacker
+who is working with Free Software (and particularly GNU/Linux)
+since 1995  His major code contribution to the Linux kernel was as a
+core developer of the netfilter/iptables packet filter.
+
+He has co-started a number of other Free Software and Free Hardware
+projects, mainly related to RFID such as librfid, OpenMRTD, OpenBeacon,
+OpenPCD, OpenPICC. During 2006 and 2007 Harald became the co-founder of
+OpenMoko, where he served as Lead System Architect for the worlds first
+100% Open Free Software based mobile phone.
+
+Aside from his technical contributions, Harald has been pioneering the legal
+enforcement of the GNU GPL license as part of his gpl-violations.org project.
+More than 150 inappropriate use of GPL licensed code by commercial companies
+have been resolved as part of this effort, both in court and out of court. He
+has received the 2007 "FSF Award for the Advancement of Free Software" and the
+"2008 Google/O'Reilly Open Source award: Defender of Rights".
+
+In 2008, Harald started to work on Free Software on the GSM protocol side, both
+for passive sniffing and protocol analysis, as well as an actual network-side
+GSM stack implementation called OpenBSC.  In 2010, he expanded those
+efforts by creating OsmocomBB, a GSM telephony-side baseband processor
+firmware and protocol stack.  Other projects include
+OsmocomTETRA, a receive-only implementation of the ETSI TETRA radio
+interface.
+
+Together with fellow developer Dieter Spaar, Harald has been giving many
+incarnations of deeply technical trainings about mobile communications
+protocols from the air inteface to the core network, with a special
+emphasis on security.
+
+Harald is co-founder of sysmocom GmbH, Berlin/Germany based company
+working on innovative Free Software based products and solutions for
+conventional and unconventional operators of mobile networks.  Said
+projects are also used by various entities in research of mobile
+security.

2016/telcosecday/foss-gsm.adoc

@@ -0,0 +1,528 @@
+Open Source Network Elements for Security Analysis of Mobile Networks
+=====================================================================
+:author:	Harald Welte <hwelte@sysmocom.de>
+:copyright:	sysmocom - s.f.m.c. GmbH (License: CC-BY-SA)
+:backend:	slidy
+:max-width:	45em
+//:data-uri:
+//:icons:
+
+
+== What this talk is about
+
+[role="incremental"]
+* Importance of 3GPP network elements as FOSS for security research
+* Applied Protocol Archeology since 2008
+* Current Status and working areas
+* Doing all of that on top of Linux (in userspace)
+
+
+== Running your own Internet-style network
+
+[role="incremental"]
+* use off-the-shelf hardware (x86, Ethernet card)
+* use any random Linux distribution
+* configure Linux kernel TCP/IP network stack
+** enjoy fancy features like netfilter/iproute2/tc
+* use apache/lighttpd/nginx on the server
+* use Firefox/chromium/konqueor/lynx on the client
+* do whatever analysis/research/testing on any part of the stack
+
+== Doing security research on it
+
+[role="incremental"]
+* FOSS implementations are key to any type of research
+* ability to study not only the interfaces but actual code
+* ability to test against other (proprietary) implementations
+* ability to modify the code in any way needed to behave 'different
+  from spec', or in ways not originally intended in the spec
+
+
+== Running your own GSM network
+
+Until 2009 the situation looked like this:
+
+* go to Ericsson/Huawei/ZTE/Nokia/Alcatel/...
+* spend lots of time convincing them that you're an eligible customer
+* spend a six-digit figure for even the most basic full network
+* end up with black boxes you can neither study nor improve
+
+[role="incremental"]
+- WTF?
+- I've grown up with FOSS and the Internet. I know a better world.
+
+
+== Why no cellular FOSS?
+
+- both cellular (2G/3G/4G) and TCP/IP/HTTP protocol specs are publicly
+  available for decades.  Can you believe it?
+- Internet protocol stacks have lots of FOSS implementations
+- cellular protocol stacks have no FOSS implementations for the
+  first almost 20 years of their existence?
+[role="incremental"]
+- it's the classic conflict
+ * classic circuit-switched telco vs. the BBS community
+ * ITU-T/OSI/ISO vs. Arpanet and TCP/IP
+
+
+== Enter Osmocom
+
+In 2008, some people started to write FOSS for GSM
+
+- to boldly go where no FOSS hacker has gone before
+[role="incremental"]
+** where protocol stacks are deep
+** and acronyms are plentiful
+** we went from `bs11-abis` to `bsc_hack` to 'OpenBSC'
+** many other related projects were created
+** finally leading to the 'Osmocom' umbrella project
+
+
+== Classic GSM network architecture
+
+image::Gsm_structures.svg[width=850]
+
+
+== Osmocom GSM components
+
+image::osmocom-gsm.svg[width=850]
+
+
+== Classic GSM network as digraph
+
+[graphviz]
+----
+digraph G {
+	rankdir=LR;
+	MS0 [label="MS"]
+	MS1 [label="MS"]
+	MS2 [label="MS"]
+	MS3 [label="MS"]
+	BTS0 [label="BTS"]
+	BTS1 [label="BTS"]
+	MSC [label="MSC/VLR"]
+	HLR [label="HLR/AUC"]
+	MS0->BTS0 [label="Um"]
+	MS1->BTS0 [label="Um"]
+	MS2->BTS1 [label="Um"]
+	MS3->BTS1 [label="Um"]
+	BTS0->BSC [label="Abis"]
+	BTS1->BSC [label="Abis"]
+	BSC->MSC [label="A"]
+	MSC->HLR [label="C"]
+	MSC->EIR [label="F"]
+	MSC->SMSC
+}
+----
+
+== Simplified OsmoNITB GSM network
+
+[graphviz]
+----
+digraph G {
+	rankdir=LR;
+	MS0 [label="MS"]
+	MS1 [label="MS"]
+	MS2 [label="MS"]
+	MS3 [label="MS"]
+	BTS0 [label="BTS"]
+	BTS1 [label="BTS"]
+	MS0->BTS0 [label="Um"]
+	MS1->BTS0 [label="Um"]
+	MS2->BTS1 [label="Um"]
+	MS3->BTS1 [label="Um"]
+	BTS0->BSC [label="Abis"]
+	BTS1->BSC [label="Abis"]
+	subgraph cluster_nitb {
+		label = "OsmoNITB";
+		BSC
+		MSC [label="MSC/VLR"]
+		HLR [label="HLR/AUC"]
+		BSC->MSC [label="A"]
+		MSC->HLR [label="C"]
+		MSC->EIR [label="F"]
+		MSC->SMSC;
+	}
+}
+----
+
+which further reduces to the following minimal setup:
+
+[graphviz]
+----
+digraph G {
+	rankdir=LR;
+	MS0 [label="MS"]
+	BTS0 [label="BTS"]
+	MS0->BTS0 [label="Um"]
+	BTS0->BSC [label="Abis"]
+	BSC [label="OsmoNITB"];
+}
+----
+
+So our minimal setup is a 'Phone', a 'BTS' and 'OsmoNITB'.
+
+
+== Which BTS to use?
+
+* Proprietary BTS of classic vendor
+** Siemens BS-11 is what we started with
+** Nokia, Ericsson, and others available 2nd hand
+* 'OsmoBTS' software implementation, running with
+** Proprietary HW + PHY (DSP): 'sysmoBTS', or
+** General purpose SDR (like USRP) + 'OsmoTRX'
+
+We assume a sysmoBTS in the following slides
+
+
+== OsmoBTS Overview
+
+image::osmo-bts.svg[]
+
+* Implementation of GSM BTS
+* supports variety of hardware/PHY options
+** `osmo-bts-sysmo`: BTS family by sysmocom
+** `osmo-bts-trx`: Used with 'OsmoTRX' + general-purpose SDR
+** `osmo-bts-octphy`: Octasic OCTBTS hardware / OCTSDR-2G PHY
+** `osmo-bts-litecell15`: Nutaq Litecell 1.5 hardware/PHY
+
+
+== Extending the network with GPRS
+
+Now that GSM is working, up to the next challenge!
+
+* Classic GSM is circuit-switched only
+* Packet switched support introduced first with GPRS
+* GPRS adds new network elements (PCU, SGSN, GGSN)
+* tunnel for external packet networks like IP/Internet
+* tunnel terminates in MS and on GGSN
+
+
+== Extending the network with GPRS support
+
+[graphviz]
+----
+digraph G {
+	rankdir=LR;
+	MS0 [label="MS"]
+	MS1 [label="MS"]
+	MS2 [label="MS"]
+	MS3 [label="MS"]
+	BTS0 [label="BTS"]
+	BTS1 [label="BTS"]
+	MSC [label="MSC/VLR"]
+	HLR [label="HLR/AUC"]
+	MS0->BTS0 [label="Um"]
+	MS1->BTS0 [label="Um"]
+	MS2->BTS1 [label="Um"]
+	MS3->BTS1 [label="Um"]
+	BTS0->BSC [label="Abis"]
+	BTS1->BSC [label="Abis"]
+	BSC->MSC [label="A"]
+	MSC->HLR [label="C"]
+	MSC->EIR [label="F"]
+	MSC->SMSC
+
+	BTS0->PCU
+	subgraph cluster_gprs {
+		label = "GPRS Add-On"
+		PCU->SGSN [label="Gb"]
+		SGSN->GGSN [label="GTP"]
+	}
+}
+----
+
+* 'PCU': Packet Control Unit. Runs RLC+MAC
+* 'SGSN': Serving GPRS Support Node (like VLR/MSC)
+* 'GGSN': Gateway GPRS Support Node (terminates tunnels)
+
+
+== GPRS Protocol Stack
+
+image::gprs_user_stack.svg[width=850]
+
+== Simplified OsmoNITB network with GPRS
+
+[graphviz]
+----
+digraph G {
+	rankdir=LR;
+	MS0 [label="MS"]
+	BTS0 [label="OsmoBTS"]
+	BSC [label="OsmoNITB"]
+	PCU [label="OsmoPCU"]
+	SGSN [label="OsmoSGSN"]
+	GGSN [label="OpenGGSN"]
+	MS0->BTS0 [label="Um"]
+	BTS0->BSC [label="Abis"]
+	BTS0->PCU
+	subgraph cluster_gprs {
+		label = "GPRS Add-On"
+		PCU->SGSN [label="Gb"]
+		SGSN->GGSN [label="GTP"]
+	}
+}
+----
+
+* 'OsmoPCU' is co-located with 'OsmoBTS'
+** connects over unix-domain PCU socket to BTS
+* 'OsmoSGSN' can run on any Linux machine
+* 'OpenGGSN' can run on any Linux machine
+** `tun` device is used for tunnel endpoints
+* circuit-switched and packet-switched networks are completely separate
+
+We need to configure those additional components to provide GPRS
+services.
+
+== Simplified OsmoNITB network with GPRS
+
+image::osmocom-gprs.svg[width=750]
+
+//* show IP addresses at nodes
+//* show GSM functional elements, Osmocom programs and hardware
+
+
+== Protocol tracing of cellular interfaces
+
+* many cellular protocols/interfaces are not specified over IP or Ethernet
+** e.g. the radio interface (Um) is clearly
+* Osmocom 'GSMTAP' to the rescue
+** encapsulate non-IP protocols inside GSMTAP (inside UDP/IP)
+** forward them over net-device ('lo' as fall-back)
+** 'wireshark' can then capture them using regular packet socket
+** 'wireshark' was extended with related dissectors
+** any and every GSM network interface can be analyzed now
+** was extended for TETRA, GMR, UMTS, LTE, ...
+
+
+== Osmocom beyond GSM/GPRS RAN + NITB
+
+* Telephone-side GSM protocol stack 'OsmocomBB'
+** circuit-switched GSM only. No GPRS/EDGE/3G/4G!
+* Smalltalk implementation of SIGTRAN + TCAP/MAP
+* Erlang implementation of SIGTRAN + TCAP/MAP
+* Lots of special-purpose protocol mangling
+** `bsc-nat` to introduce NAT-like functionality on A (BSSAP/BSSMAP)
+** `mgw-nat` to transparently re-write MAP/ISUP/SCCP
+* GSMTAP pseudo-header for feeding non-IP protocols into wireshark
+* SIM card protocol tracer hardware + software ('SIMtrace')
+* Lots of non-GSM projects from hardware to protocol stacks (TETRA, GMR, DECT, OP25)
+* check http://git.osmocom.org/ for full project list
+
+
+== So... I heard about OpenBTS?
+
+* OpenBTS is completely unrelated to the Osmocom stack
+* was independently developed by David Burgess & Harvind Simra
+** Kestrel Signal Processing -> Range Networks
+* doesn't follow GSM system architecture at all
+** no Abis, BSC, PCU, SGSN, GGSN
+* is a bridge of the GSM air interface (Um) to SIP
+* Osmocom follows classic GSM interfaces / system architecture
+** if you research GSM beyond the radio interface, Osmocom offers an
+implementation closer to real operator networks
+* 'OsmoTRX' forked 'OpenBTS' SDR code to use 'OsmoBTS' with SDR hardware
+
+
+== What about FOSS 2.75G (EDGE)
+
+* EDGE extends GPRS with higher data rates
+** 8PSK instead of GMSK modulation
+** lots of new MAC/RLC features (larger windows, incremental redundancy)
+** No changes required in 'OmsoSGSN' and 'OsmoGGSN'
+* 'OsmoPCU' is extended with initial EDGE support
+* First working beta release was made in late January 2016
+** continues to make rapid progress ever since
+
+
+== What about FOSS 3G (UMTS/WCDMA)
+
+* UMTS very similar to GSM/GPRS in principle
+** still, almost every interface and protocol stack has changed
+** all elements have been renamed -> more acronyms to learn
+* UMTS is ridiculously complex, particular PHY + Layer 2
+** however, control plane L3 (MM/CC/CM/SM/GMM) mostly the same
+* Implementing all of that from scratch is a long journey
+* We've already reached 'Peak 3G'
+* Osmocom 3G support strategy
+** Implement Iu interface in NITB and SGSN
+** Implement HNB-GW to offer Iuh interface
+** Use existing femtocell / small cell hardware with proprietary PHY, RLC and MAC
+** Status: Started in October 2015, WIP. Overall completion > 50%.
+
+== Classic UMTS Architecture
+
+image::640px-UMTS_structures.png[width=800]
+
+(UMTS Structure by Tsaitgaist - icons from Gnome)
+
+== Classic UMTS Architecture
+
+image::nodeb_hnb.png[width=800]
+
+(nodeB and Home nodeB by Tsaitgaist - icons from Gnome)
+
+== Differences NodeB to hNodeB
+
+* hNodeB is basically a NodeB with a RNC built-in
+* all lower-level protocols are implemented in the RNC
+* only RANAP is exposed
+* Iuh interface is similar to Iu-CS/Iu-PS
+* Iu interface is at much lower level.
+* Compared with GSM: Iu = Abis, Iuh = A
+
+== Wy work with hNodeB instead of NodeB?
+
+* UMTS is not a single telephony system but a set of re-configurable
+  building blocks to create any type of telephony system. 
+* complexity at every level, particularly the lower levels
+* using hNodeB interface / stack (Iuh), we can avoid having to worry
+  about RLC/MAC, RRC, HNBAP, etc.
+* many femtocells implement Iuh
+* quite some small cells also implement Iuh
+
+== Iuh: Avoiding complexity of the RNC
+
+speaking of UMTS access stratum complexity...
+
+image::umts_channel_mapping.png[width=900]
+
+wouldn't you want to avoid that, too?
+
+
+== How to support UMTS from OsmoNITB, OsmoSGSN
+
+* Separation of MSC-part from NITB, generating Osmo-MSS
+** OsmoBSC already implements BSC-side A interface, we need to add
+   MSC-side A interface
+* UMTS AKA support as library, link into OsmoMSS and OsmoSGSN
+* RANAP protocol support in a library, also linked into OsmoMSS and OsmoSGSN
+* NITB: support 'subscriber_connection' over A (BSSMAP/BSSAP) and over RANAP
+* SGSN: support 'mm_context' over Gb (LLC/BSSGP/NS) or over RANAP
+
+== Osmocom 3G Network Architecture
+
+[graphviz]
+----
+digraph G {
+	rankdir=LR;
+	MS0 [label="UE"]
+	MS1 [label="UE"]
+	MS2 [label="UE"]
+	MS3 [label="UE"]
+        HNBGW [label="HNB-GW"]
+	MS0->BTS0 [label="Uu"]
+	MS1->BTS0 [label="Uu"]
+	MS2->BTS1 [label="Uu"]
+	MS3->BTS1 [label="Uu"]
+	subgraph cluster_hnb0 {
+          label = "hNodeB"
+	  BTS0 [label="NodeB"]
+          RNC0 [label="RNC"]
+	  BTS0->RNC0
+        }
+        subgraph cluster_hnb1 {
+          label = "hNodeB"
+	  BTS1 [label="NodeB"]
+          RNC1 [label="RNC"]
+	  BTS1->RNC1
+        }
+        subgraph cluster_cscn {
+          label = "OsmoCSCN (ex-NITB)"
+	  MSC [label="MSC/VLR"]
+	  HLR [label="HLR/AUC"]
+	  MSC->HLR [label="C"]
+	  MSC->EIR [label="F"]
+	  MSC->SMSC
+        }
+	RNC0->HNBGW [label="Iuh"]
+	RNC1->HNBGW [label="Iuh"]
+        HNBGW->MSC [label="IuCS"]
+        HNBGW->SGSN [label="IuPS"]
+	SGSN->GGSN [label="GTP"]
+}
+----
+
+further simplified:
+
+[graphviz]
+----
+digraph G {
+	rankdir=LR;
+	MS0 [label="UE"]
+	MS1 [label="UE"]
+        HNBGW [label="HNB-GW"]
+	MS0->BTS0 [label="Uu"]
+	MS1->BTS1 [label="Uu"]
+	BTS0 [label="hNodeB"]
+	BTS1 [label="hNodeB"]
+	BTS0->HNBGW [label="Iuh"]
+	BTS1->HNBGW [label="Iuh"]
+        HNBGW->OsmoCSCN [label="IuCS"]
+        HNBGW->OsmoSGSN [label="IuPS"]
+	OsmoSGSN->OpenGGSN [label="GTP"]
+}
+----
+
+== Osmocom 3G Network Status
+
+Existing as of March 2016:
+
+* 'HNBAP', 'RUA', 'RANAP' protocol implementations
+* 'osmo-hnbgw' converting Iuh to Iu-CS and Iu-PS
+* 'OsmoSGSN' with IuPS interface
+* 'OsmoCSCN' with IuCS interface
+
+TODO:
+
+* HLR/AUC extension for UMTS AKA
+* testing, testing, testing
+* actual voice handling (so far, signalling + packet data only)
+
+
+== Outlook on FOSS 4G (LTE)
+
+* LTE has nothing in common with 2G/3G
+* various FOSS activities
+** 'OpenAirInterface' has some code for a software eNodeB
+*** but they switched from GPLv3 to 'non-free' license :(
+** 'srsLTE' (main focus on UE side, but large parts usable for eNodeB side)
+** 'OpenLTE' is another active FOSS project
+* No Osmocom involvement so far
+** team is small, project scope of cellular infrastructure is gigantic
+** most customer funding currently still on GSM/GPRS/EDGE
+** if we'd start today, we'd start implementing MME + S-GW and use
+existing LTE cells, similar to the 3G strategy
+
+
+== Summary
+
+[role="incremental"]
+* FOSS implementations of protocol stacks and functional elements are
+  'vital for security research'
+* Traditional Telcos + Equipment vendors do not contribute to this :(
+* Existing implementations done by enthusiasts only, on extremely
+  tight budgets and resources
+* Existing implementations are decades behind
+* Result: Security research is often decades behind
+* 'If we want to advance Cellular security research, we need to
+  advance FOSS implementations!'
+
+
+== The End
+
+* so long, and thanks for all the fish
+* I hope you have questions!
+
+* have fun exploring mobile technologies using Osmocom
+* interested in working with more acronyms? Come join the project!
+
+* Check out http://openbsc.osmocom.org/ and openbsc@lists.osmocom.org
+
+
+== Thanks to
+
+* the entire Osmocom team for what they have achieved
+** notably Dieter Spaar, Holger Freyther, Andreas Eversberg, Sylvain Munaut
+* last but not least: CEPT for making the GSM specs English
+** (the official language of CEPT is french!)

2016/telcosecday/osmo-bts.svg

@@ -0,0 +1,342 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="85.403748mm"
+   height="60.830627mm"
+   viewBox="0 0 302.6117 215.54159"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.91 r13725"
+   sodipodi:docname="osmo-bts.svg">
+  <defs
+     id="defs4">
+    <marker
+       inkscape:isstock="true"
+       style="overflow:visible"
+       id="marker4690"
+       refX="0"
+       refY="0"
+       orient="auto"
+       inkscape:stockid="Arrow1Lend"
+       inkscape:collect="always">
+      <path
+         transform="matrix(-0.8,0,0,-0.8,-10,0)"
+         style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1"
+         d="M 0,0 5,-5 -12.5,0 5,5 0,0 Z"
+         id="path4692"
+         inkscape:connector-curvature="0" />
+    </marker>
+    <marker
+       inkscape:isstock="true"
+       style="overflow:visible"
+       id="marker4644"
+       refX="0"
+       refY="0"
+       orient="auto"
+       inkscape:stockid="Arrow1Lstart"
+       inkscape:collect="always">
+      <path
+         transform="matrix(0.8,0,0,0.8,10,0)"
+         style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-opacity:1"
+         d="M 0,0 5,-5 -12.5,0 5,5 0,0 Z"
+         id="path4646"
+         inkscape:connector-curvature="0" />
+    </marker>
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="2.3800511"
+     inkscape:cx="151.30585"
+     inkscape:cy="107.7708"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="true"
+     inkscape:snap-global="true"
+     inkscape:snap-bbox="true"
+     inkscape:bbox-paths="false"
+     inkscape:snap-to-guides="false"
+     inkscape:snap-others="false"
+     inkscape:bbox-nodes="false"
+     inkscape:snap-bbox-edge-midpoints="false"
+     inkscape:snap-bbox-midpoints="false"
+     inkscape:object-paths="false"
+     inkscape:object-nodes="true"
+     showguides="false"
+     inkscape:window-width="1022"
+     inkscape:window-height="730"
+     inkscape:window-x="0"
+     inkscape:window-y="1200"
+     inkscape:window-maximized="0"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0">
+    <inkscape:grid
+       type="xygrid"
+       id="grid3336"
+       originx="-282.74929"
+       originy="-52.481486" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(-282.74928,-784.33912)">
+    <g
+       id="g5461"
+       transform="translate(203.46457,-1.324757e-5)">
+      <path
+         inkscape:connector-curvature="0"
+         id="path4636"
+         d="m 230.31496,786.61417 0,53.14961"
+         style="fill:none;fill-opacity:0.75;fill-rule:evenodd;stroke:#000000;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;marker-start:url(#marker4644);marker-end:url(#marker4690)" />
+      <text
+         sodipodi:linespacing="125%"
+         id="text5151"
+         y="816.18896"
+         x="239.52753"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+         xml:space="preserve"><tspan
+           y="816.18896"
+           x="239.52753"
+           id="tspan5153"
+           sodipodi:role="line">Abis/IP</tspan></text>
+    </g>
+    <g
+       id="g7653"
+       transform="translate(194.88189,-1.0472595e-5)">
+      <g
+         id="g4252">
+        <text
+           xml:space="preserve"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           x="122.30629"
+           y="985.66003"
+           id="text4144"
+           sodipodi:linespacing="125%"><tspan
+             sodipodi:role="line"
+             id="tspan4146"
+             x="122.30629"
+             y="985.66003">SDR Hardware</tspan></text>
+        <rect
+           style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1.25100005;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect4172"
+           width="141.73228"
+           height="35.433071"
+           x="88.58268"
+           y="963.77948" />
+      </g>
+      <g
+         id="g4247">
+        <text
+           xml:space="preserve"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           x="97.314629"
+           y="950.22699"
+           id="text4148"
+           sodipodi:linespacing="125%"><tspan
+             sodipodi:role="line"
+             x="97.314629"
+             y="950.22699"
+             id="tspan4152">OsmoTRX</tspan></text>
+        <rect
+           style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1.25100005;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect4160"
+           width="70.866142"
+           height="35.433071"
+           x="88.58268"
+           y="928.34644" />
+      </g>
+      <g
+         id="g4242">
+        <text
+           xml:space="preserve"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           x="166.59451"
+           y="950.125"
+           id="text4156"
+           sodipodi:linespacing="125%"><tspan
+             sodipodi:role="line"
+             id="tspan4158"
+             x="166.59451"
+             y="950.125">Transceiver</tspan></text>
+        <rect
+           style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1.25100005;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect4162"
+           width="70.866142"
+           height="35.433071"
+           x="159.44882"
+           y="928.34644" />
+      </g>
+    </g>
+    <g
+       id="g4227"
+       transform="translate(194.88189,-1.0472595e-5)">
+      <rect
+         y="839.76373"
+         x="88.58268"
+         height="17.716536"
+         width="35.433071"
+         id="rect4225"
+         style="opacity:1;fill:#eeffaa;fill-opacity:1;stroke:#000000;stroke-width:0.40000001;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    </g>
+    <g
+       id="g10050">
+      <text
+         xml:space="preserve"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+         x="94.139557"
+         y="852.78601"
+         id="text4217"
+         sodipodi:linespacing="125%"
+         transform="translate(194.88189,-1e-5)"><tspan
+           sodipodi:role="line"
+           id="tspan4219"
+           x="94.139557"
+           y="852.78601">VTY</tspan></text>
+      <text
+         sodipodi:linespacing="125%"
+         id="text4178"
+         y="881.67499"
+         x="384.82532"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:20px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+         xml:space="preserve"><tspan
+           y="881.67499"
+           x="384.82532"
+           id="tspan4180"
+           sodipodi:role="line">OsmoBTS</tspan></text>
+      <g
+         transform="translate(194.88189,-1.0472595e-5)"
+         id="g4232">
+        <rect
+           style="opacity:1;fill:#ececec;fill-opacity:1;stroke:#000000;stroke-width:0.40000001;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect4198"
+           width="141.73228"
+           height="17.716536"
+           x="88.58268"
+           y="910.62988" />
+        <text
+           xml:space="preserve"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           x="127.64554"
+           y="923.58612"
+           id="text4182"
+           sodipodi:linespacing="125%"><tspan
+             sodipodi:role="line"
+             x="127.64554"
+             y="923.58612"
+             id="tspan4186">osmo-bts-trx</tspan></text>
+      </g>
+      <g
+         transform="translate(194.88189,-1.0472595e-5)"
+         id="g5364">
+        <rect
+           style="opacity:1;fill:#ececec;fill-opacity:1;stroke:#000000;stroke-width:0.39999998;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect4198-7"
+           width="141.73227"
+           height="17.716536"
+           x="248.03149"
+           y="910.62994" />
+        <text
+           xml:space="preserve"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           x="279.13019"
+           y="922.42224"
+           id="text4190"
+           sodipodi:linespacing="125%"><tspan
+             sodipodi:role="line"
+             x="279.13019"
+             y="922.42224"
+             id="tspan4194">osmo-bts-sysmo</tspan></text>
+      </g>
+      <g
+         transform="translate(212.59843,1.6540969e-5)"
+         id="g4259">
+        <rect
+           style="opacity:1;fill:#ffaaaa;fill-opacity:1;stroke:#000000;stroke-width:0.40000001;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+           id="rect4257"
+           width="35.433071"
+           height="17.716536"
+           x="336.61417"
+           y="839.76373" />
+        <text
+           xml:space="preserve"
+           style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+           x="339.13992"
+           y="852.79199"
+           id="text4221"
+           sodipodi:linespacing="125%"><tspan
+             sodipodi:role="line"
+             id="tspan4223"
+             x="339.13992"
+             y="852.79199">CTRL</tspan></text>
+      </g>
+      <rect
+         y="839.76373"
+         x="283.46457"
+         height="88.58268"
+         width="301.18112"
+         id="rect4176"
+         style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1.43057334;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    </g>
+    <g
+       id="g7667"
+       transform="translate(194.88189,-1.0472595e-5)">
+      <text
+         sodipodi:linespacing="125%"
+         id="text4166"
+         y="959.34552"
+         x="318.90579"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:125%;font-family:LMSans10;-inkscape-font-specification:LMSans10;text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1pt;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+         xml:space="preserve"><tspan
+           y="959.34552"
+           x="318.90579"
+           id="tspan4168"
+           sodipodi:role="line">sysmoBTS PHY</tspan><tspan
+           id="tspan4170"
+           y="974.34552"
+           x="318.90579"
+           sodipodi:role="line">sysmoBTS Hardware</tspan></text>
+      <rect
+         y="928.34644"
+         x="248.03149"
+         height="70.866142"
+         width="141.73228"
+         id="rect5359"
+         style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1.33630621;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    </g>
+    <rect
+       style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1.25;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="rect7782"
+       width="0"
+       height="0"
+       x="0"
+       y="0"
+       transform="translate(0,308.26772)" />
+  </g>
+</svg>