209 lines
7.3 KiB
TeX
209 lines
7.3 KiB
TeX
\section{OpenBSC}
|
|
|
|
\subsection{OpenBSC Introduction}
|
|
|
|
\begin{frame}{OpenBSC software}
|
|
OpenBSC is a Open Source implementation of (not only) the BSC features
|
|
of a GSM network.
|
|
\begin{itemize}
|
|
\item Support A-bis interface over E1 and IP
|
|
\item Support for BTS vendor/model is modular, currently Siemens BS-11 and ip.access nanoBTS
|
|
\item Multiple BTS models/vendors can be mixed!
|
|
\item Can work as a {\em pure BSC} or as a full {\em network in a box}
|
|
\item Supports mobility management, authentication, intra-BSC hand-over, SMS, voice calls (FR/EFR/AMR)
|
|
\item GPRS + EDGE support if combined with OsmoSGSN and OpenGGSN
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC}
|
|
\begin{itemize}
|
|
\item Supports Siemens BS-11 BTS (E1) and ip.access nanoBTS (IP based)
|
|
\item Has classic 2G signalling, voice and SMS support
|
|
\item Implements various GSM protocols like
|
|
\begin{itemize}
|
|
\item A-bis RSL (TS 08.58) and OML (TS 12.21)
|
|
\item TS 04.08 Radio Resource, Mobility Management, Call Control
|
|
\item TS 04.11 Short Message Service
|
|
\end{itemize}
|
|
\item Telnet console with Cisco-style interface
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC software architecture}
|
|
\begin{itemize}
|
|
\item Implemented in pure C, similarities to Linux kernel
|
|
\begin{itemize}
|
|
\item Linked List handling, Timer API, coding style
|
|
\end{itemize}
|
|
\item Single-threaded event-loop / state machine design
|
|
\item Telnet based command line interface {\em Cisco-style}
|
|
\item Input driver abstraction (mISDN, Abis-over-IP)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC: GSM network protocols}{The A-bis interface}
|
|
\begin{description}[Layer 4+]
|
|
\item[Layer 1] Typically E1 line, TS 08.54
|
|
\item[Layer 2] A variant of ISDN LAPD with fixed TEI's, TS 08.56
|
|
\item[Layer 3] OML (Organization and Maintenance Layer, TS 12.21)
|
|
\item[Layer 3] RSL (Radio Signalling Link, TS 08.58)
|
|
\item[Layer 4+] transparent messages that are sent to the MS via Um
|
|
\end{description}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC: How it all started}
|
|
\begin{itemize}
|
|
\item In 2006, I bought a Siemens BS-11 microBTS on eBay
|
|
\begin{itemize}
|
|
\item This is GSM900 BTS with 2 TRX at 2W output power (each)
|
|
\item A 48kg monster with attached antenna
|
|
\item 200W power consumption, passive cooling
|
|
\item E1 physical interface
|
|
\end{itemize}
|
|
\item I didn't have much time at the time (day job at Openmoko)
|
|
\item Started to read up on GSM specs whenever I could
|
|
\item Bought a HFC-E1 based PCI E1 controller, has mISDN kernel support
|
|
\item Found somebody in the GSM industry who provided protocol traces
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC: Timeline}
|
|
\begin{itemize}
|
|
\item November 2008: I started the development of OpenBSC
|
|
\item December 2008: we did a first demo at 25C3
|
|
\item January 2009: we had full voice call support
|
|
\item Q1/2009: Add support for ip.access nanoBTS
|
|
\item June 2009: I started with actual security related stuff
|
|
\item August 2009: We had the first field test with 2BTS and > 860 phones
|
|
\item Q1/2010: The first 25 OpenBSC instances running in a commercial network
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC: Field Test at HAR2009}
|
|
\begin{figure}[h]
|
|
\subfigure{\includegraphics[width=5cm]{bts_tree_full.jpg}}
|
|
\subfigure{\includegraphics[width=5cm]{openbsc_host.jpg}}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
|
|
\subsection{OpenBSC Network In The Box}
|
|
|
|
\begin{frame}{OpenBSC in NITB mode}{Network In a Box Mode}
|
|
The {\tt osmo-nitb} program
|
|
\begin{itemize}
|
|
\item implements the A-bis interface towards any number of BTS
|
|
\item provides most typical features of a GSM network in one software
|
|
\item no need for MSC, AuC, HLR, VLR, EIR, ...
|
|
\begin{itemize}
|
|
\item HLR/VLR as SQLite3 table
|
|
\item Authentication + Ciphering support
|
|
\item GSM voice calls, MO/MT SMS
|
|
\item Hand-over between all BTS
|
|
\item Multiple Location Areas within one BSC
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC NITB features}
|
|
OpenBSC NITB features
|
|
\begin{itemize}
|
|
\item Run a small GSM network with 1-n BTS and OpenBSC
|
|
\item No need for MSC/HLR/AUC/...
|
|
\item No need for your own SIM cards (unless crypto/auth rqd)
|
|
\item Establish signalling and voice channels
|
|
\item Make incoming and outgoing voice calls between phones
|
|
\item Send/receive SMS between phones
|
|
\item Connect to ISDN PBX or public ISDN via Linux Call Router
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC in NITB mode}{Network In a Box Mode}
|
|
The {\tt osmo-nitb} program
|
|
\begin{itemize}
|
|
\item does not implement any other GSM interfaces apart from A-bis
|
|
\item no SS7 / TCAP / MAP based protocols
|
|
\item no integration (roaming) with existing traditional GSM networks
|
|
\item wired telephony interfacing with ISDN PBX {\tt lcr} (Linux Call Router)
|
|
\item Has been tested with up to 800 subscribers on 5 BTS
|
|
\item Intended for R\&D use or private PBX systems
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenBSC LCR integration}{Interfacing with wired telephony}
|
|
OpenBSC (NITB mode) can be linked into Linux Call Router ({\tt lcr})
|
|
\begin{itemize}
|
|
\item OpenBSC is compiled as libbsc.a
|
|
\item libbsc.a includes full OpenBSC NITB mod code
|
|
\item linking the library into {\tt lcr} results in GSM {\em line interfaces} to become available inside {\tt lcr}
|
|
\item OpenBSC no longer takes care of call control, but simply hands everything off to {\tt lcr}
|
|
\item Dialling plan, etc. is now configure in {\tt lcr} like for any other wired phones
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{OpenBSC BSC-only mode}
|
|
|
|
\begin{frame}{OpenBSC in BSC-only mode}
|
|
The {\tt osmo-bsc} program
|
|
\begin{itemize}
|
|
\item behaves like a classic GSM BSC
|
|
\item uses SCCP-Lite (ip.access multipex) to any SoftMSC like ADC
|
|
\item used in production/commercial deployments (~ 75 BSCs)
|
|
\item mainly intended to replace proprietary BSC in traditional GSM networks
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
%\begin{frame}<handout:0>{OpenBSC}
|
|
% Demonstration
|
|
%\end{frame}
|
|
|
|
\subsection{OpenBSC GPRS support}
|
|
|
|
\begin{frame}{GPRS and OpenBSC}
|
|
\begin{itemize}
|
|
\item The BSC doesn't really do anything related to GPRS
|
|
\item GPRS implemented in separate SGSN and GGSN nodes
|
|
\item GPRS uses its own Gb interface to RAN, independent of A-bis
|
|
\item OpenBSC can configure the nanoBTS for GPRS+EDGE support via OML
|
|
\item Actual SGSN and GGSN implemented as OsmoSGSN and OpenGGSN programs
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OsmoSGSN}
|
|
The Osmocom SGSN program implements
|
|
\begin{itemize}
|
|
\item basic/minimal SGSN functionality
|
|
\item the Gb interface (NS/BSSGP/LLC/SNDCP)
|
|
\item mobility management, session management
|
|
\end{itemize}
|
|
It's a work in progress, many missing features
|
|
\begin{itemize}
|
|
\item no HLR integration yet
|
|
\item no paging coordination with MSC/BSC
|
|
\item no encryption support yet
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{OpenGGSN}
|
|
\begin{itemize}
|
|
\item GPL licensed Linux program implementing GGSN node
|
|
\item Implements GTP-U protocol between SGSN and GGSN
|
|
\item User-configurable range/pool of IPv4 addresses for MS
|
|
\item Uses {\tt tun} device for terminating IP tunnel from MS
|
|
\item provides GTP implementation as libgtp
|
|
\item Experimental patches for IPv6 support
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
%\begin{frame}<handout:0>{OpenBSC + OpenGGSN + OsmoSGSN}
|
|
% Demonstration
|
|
%\end{frame}
|
|
|
|
\begin{frame}{OpenBSC and OsmoSGSN based network}
|
|
\begin{figure}[h]
|
|
\includegraphics[width=10cm]{osmosgsn.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
% FIXME: include slide showing full OpenBSC+OsmoSGSN+OpenGGSN network
|