184 lines
5.2 KiB
Plaintext
184 lines
5.2 KiB
Plaintext
How the CCC Camp 2019 LTE network works
|
|
=======================================
|
|
:author: Harald Welte <laforge@gnumonks.org>
|
|
:copyright: 2019 by Harald Welte (License: CC-BY-SA)
|
|
:backend: slidy
|
|
:max-width: 45em
|
|
|
|
== Intro
|
|
|
|
* we had GSM networks at CCC events since 2008
|
|
** Initially using proprietary, E1-attached Siemens BTS and OpenBSC (later OsmoBSC)
|
|
* we had GSM networks at European Hacker Camps since 2009 (HAR)
|
|
* we had UMTS (3G) for a few years now, too
|
|
** using Osmocom stack with OsmoHNBGW / OsmoMSC / OsmoSGSN
|
|
* I'm still involved with developing the related software, but have handed over actual network operation at CCC events to a team around lynxis and bibor
|
|
** this means I have time for playing with LTE
|
|
|
|
== LTE
|
|
|
|
* new network elements with new acronyms
|
|
|
|
[graphviz]
|
|
----
|
|
digraph {
|
|
rankdir = LR;
|
|
eNB -> MME [label="S1AP"];
|
|
MME -> HSS [label="DIAMETER"];
|
|
MME -> SGW [label="GTPv2C"];
|
|
SGW -> PGW [label="GTPv2C"];
|
|
PGW -> PCRF [label="DIAMETER"];
|
|
eNB -> SGW [label="GTP-U"];
|
|
SGW -> PGW [label="GTP-U"];
|
|
|
|
{ rank = same; HSS; PCRF; }
|
|
}
|
|
----
|
|
|
|
== LTE
|
|
|
|
* new protocols on all layers of all interfaces
|
|
** S1AP between eNodeB and MME
|
|
** GTPv2C between MME and SGW and SGW and PGW
|
|
** DIAMETER between everyone and HSS
|
|
|
|
== FOSS LTE software
|
|
|
|
* srsLTE for eNodeB and UE
|
|
** main focus on UE; eNodeB features somewhat limited
|
|
** super simplistic srsEPC suitable for only the scarcest of use cases
|
|
* OpenAirInterface
|
|
** obscure code base; difficult to build
|
|
** very research oriented
|
|
** RAN part under non-free, non-opensource but 'source available' license
|
|
* nextepc
|
|
** the clear underdog
|
|
** very capable; many features (SGs, handover on X2 and S1, SBc)
|
|
** readable code!
|
|
|
|
== nextepc
|
|
|
|
* Implements all key LTE network (EPC) elements
|
|
** MME
|
|
** SGW
|
|
** PGW
|
|
** HSS
|
|
** PCRF
|
|
|
|
== interfacing with Osmocom 2G/3G core
|
|
|
|
* shared subscriber (and key) database
|
|
** LTE: HSS, speaking DIAMETER
|
|
** 2G/3G: HLR, speaking MAP (Osmocom:GSUP)
|
|
* We need a so-called 'inter-working function' (IWF)
|
|
** translate from DIAMETER to GSUP and vice-versa
|
|
|
|
== osmo_dia2gsup
|
|
|
|
* Best FOSS DIAMETER support contained in Erlang/OTP
|
|
* Fairwaves contributed GSUP protocol codec in Erlang
|
|
* I wrote a translator for the two minimal procedures
|
|
** AuthInfo (Obtain authentication tuples)
|
|
** UpdateLocation (registration)
|
|
* code at https://git.osmocom.org/erlang/osmo_dia2gsup/
|
|
|
|
== Network layout (logical)
|
|
|
|
[graphviz]
|
|
----
|
|
digraph G {
|
|
rankdir = LR;
|
|
|
|
{ rank = same; eNB0; eNB1; eNB2; eNB3; eNB4; eNB5 };
|
|
|
|
eNB0 -> eNB1 [label="X2"];
|
|
eNB1 -> eNB2 [label="X2"];
|
|
eNB2 -> eNB3 [label="X2"];
|
|
eNB3 -> eNB4 [label="X2"];
|
|
eNB4 -> eNB5 [label="X2"];
|
|
|
|
eNB0 [label="eNB (RBS6402)"];
|
|
eNB1 [label="eNB (RBS6402)"];
|
|
eNB2 [label="eNB (RBS6402)"];
|
|
eNB3 [label="eNB (RBS6402)"];
|
|
eNB4 [label="eNB (RBS6402)"];
|
|
eNB5 [label="eNB (RBS6402)"];
|
|
|
|
{ rank = same; MME; SGW; };
|
|
|
|
MME [label="MME (nextepc)"];
|
|
SGW [label="SGW (nextepc)"];
|
|
|
|
eNB0 -> MME [label="S1AP"];
|
|
eNB1 -> MME [label="S1AP"];
|
|
eNB2 -> MME [label="S1AP"];
|
|
eNB3 -> MME [label="S1AP"];
|
|
eNB4 -> MME [label="S1AP"];
|
|
eNB5 -> MME [label="S1AP"];
|
|
|
|
MME -> dia2gsup [label="DIAMETER"];
|
|
|
|
eNB0 -> SGW [label="GTP1U"];
|
|
eNB1 -> SGW [label="GTP1U"];
|
|
eNB2 -> SGW [label="GTP1U"];
|
|
eNB3 -> SGW [label="GTP1U"];
|
|
eNB4 -> SGW [label="GTP1U"];
|
|
eNB5 -> SGW [label="GTP1U"];
|
|
|
|
SGW -> PGW [label="GTP1U"];
|
|
SGW -> PGW [label="GTPv2C"];
|
|
http://git.osmocom.org/erlang/osmo_dia2gsup/
|
|
dia2gsup -> OsmoHLR [label="GSUP"];
|
|
}
|
|
----
|
|
|
|
== Network layout (physical)
|
|
|
|
* 6 eNodeBs distributed around the camp inside select Datenklos
|
|
** Ericsson RBS6402 with 23dBm in Band 7
|
|
** back-haul over regular CCC Ethernet as separate VLAN
|
|
* Stratum-0 NTP server with GPS receiver for eNB clock sync
|
|
** built on Raspi 3B with gpsd + ntpd
|
|
* Lenovo x240 Laptop running qemu-kvm for core network
|
|
** runs nextepc MME, SGW, PGW
|
|
** runs osmo_dia2gsup for translating DIAMETER to GSUP
|
|
* Querying Camp 2G/3G OsmoHLR for subscriber data
|
|
|
|
== Radio paramters
|
|
|
|
* Telefonica O2 has provided (borrowed) 10 MHz of spectrum in Band 7 (2600 MHz)
|
|
* We can use it either as one channel @ 10 MHz or two chnanels @ 5 MHz
|
|
** first four days were operated using 5 MHz channels (3 eNB on each channel)
|
|
** last day was operated using 10 MHz channels (6 eNB on same channel)
|
|
|
|
== Results (1/2)
|
|
|
|
* Telekom technician Peter "@33dBm" Schmidt has done some testing
|
|
** first test with 5MHz chnanels: https://twitter.com/33dBm/status/1165393409852563457
|
|
** problems with neighbor selection due to dual-frequency network
|
|
** Average throughput 33.6 Mbps down / 9.1 Mbps up)
|
|
|
|
image::camp2019-lte-map2.jpeg[width="30%"]
|
|
|
|
== Results (2/2)
|
|
|
|
* Telekom technician Peter "@33dBm" Schmidt has done some testing
|
|
** second test with 10 MHz chnanels: https://twitter.com/33dBm/status/1165576180961095680
|
|
** better neighbor selection
|
|
** improved throughput (Average 62.7 Mbps down / 20.8 Mbps up)
|
|
|
|
image::camp2019-lte-results.jpeg[width="30%"]
|
|
|
|
== Thanks
|
|
|
|
* to the Camp GSM team for operating 2G/3G
|
|
* to Eventphone / POC for handling user registration UI and voice interconnect
|
|
* to Sukchan Lee (@acetcom) for writing nextepc
|
|
* to Dieter Spaar for all of his support during the past 10 years
|
|
* to Peter Schmidt (@33dBm) for professional rive (bike ride) testing
|
|
* to Telefonica O2 Germany for lending us some of their Band 7 frequencies
|
|
|
|
== EOF
|
|
|
|
End of File
|