Home
Welcome to the LTE wiki!
- SDR : BladeRF Micro 2.0
- LTE antennas: 4 of them
- An Intel x86 Ubuntu (18.04) computer
- COTS UE: Samsung Galaxy J7 and HUAWEI E3372H
- A writable SIM card: This one from AliExpress is good. It includes 5 blank SIM cards, SIM card reader and writer and SIM card adapter. The seller also provide a link for the software. https://www.aliexpress.com/item/32900944064.html?spm=a2g0s.9042311.0.0.57ad4c4dEW1tZ9
#####################################################################
# srsEPC configuration file
#####################################################################
#####################################################################
# MME configuration
#
# mme_code: 8-bit MME code identifies the MME within a group.
# mme_group: 16-bit MME group identifier.
# tac: 16-bit Tracking Area Code.
# mcc: Mobile Country Code
# mnc: Mobile Network Code
# apn: Set Access Point Name (APN)
# mme_bind_addr: IP bind addr to listen for eNB S1-MME connnections
# dns_addr: DNS server address for the UEs
# encryption_algo: Preferred encryption algorithm for NAS layer
# (default: EEA0, support: EEA1, EEA2)
# integrity_algo: Preferred integrity protection algorithm for NAS
# (default: EIA1, support: EIA1, EIA2 (EIA0 not support)
# paging_timer: Value of paging timer in seconds (T3413)
#
#####################################################################
[mme]
mme_code = 0x1a
mme_group = 0x0001
tac = 0x0007
mcc = 724
mnc = 11
mme_bind_addr = 127.0.1.100
apn = zap.vivo.com.br
dns_addr = 8.8.8.8
encryption_algo = EEA0
integrity_algo = EIA1
paging_timer = 2
edit mcc, mnc, and app
sreLTE will be used for both EPC and eNodeB.
srelte directory contains the config files. enb.conf is a config file for enodeB. The importance parameters are the following:
[enb]
enb_id = 0x19B
mcc = 724
mnc = 11
mme_addr = 127.0.1.100
gtp_bind_addr = 127.0.1.1
s1c_bind_addr = 127.0.1.1
n_prb = 15
tm = 4
nof_ports = 2
MCC (Mobile country code) are listed in https://en.wikipedia.org/wiki/Mobile_country_code. In this example. mcc = 724 is a code for Brazil. MNC (Mobile network code) is an operator code. We use 11 in this example. n_prb is the bandwidth of the signal and it is given by the following number of resource blocks:
n_prb: Number of Physical Resource Blocks (6,15,25,50,75,100) with the corresponding bandwidth 1.4, 3, 5, 10, 15 and 20 MHz respectively.
tm is transmission mode detailed in the following:
Transmission mode 1 (single antenna), 2 (transmit diversity), 3 (CCD) and 4 (closed-loop spatial multiplexing) (https://docs.srslte.com/en/latest/srsenb/source/1_enb_intro.html)
nof_ports is the number of RF ports used in SDR (BladeRF). For tm = 2, 3, 4, the number of ports is needed to be 2.
[rf]
#dl_earfcn = 3400
tx_gain = 80
#rx_gain = 40
device_name = bladeRF
# For best performance in 2x2 MIMO and >= 15 MHz use the following device_args settings:
# USRP B210: num_recv_frames=64,num_send_frames=64
# For best performance when BW<5 MHz (25 PRB), use the following device_args settings:
# USRP B210: send_frame_size=512,recv_frame_size=512
#device_args = auto
time_adv_nsamples = 27
To configure the downlink frequency, we need to modify rr.conf
mac_cnfg =
{
phr_cnfg =
{
dl_pathloss_change = "dB3"; // Valid: 1, 3, 6 or INFINITY
periodic_phr_timer = 50;
prohibit_phr_timer = 0;
};
ulsch_cnfg =
{
max_harq_tx = 4;
periodic_bsr_timer = 20; // in ms
retx_bsr_timer = 320; // in ms
};
time_alignment_timer = -1; // -1 is infinity
};
phy_cnfg =
{
phich_cnfg =
{
duration = "Normal";
resources = "1/6";
};
pusch_cnfg_ded =
{
beta_offset_ack_idx = 6;
beta_offset_ri_idx = 6;
beta_offset_cqi_idx = 6;
};
// PUCCH-SR resources are scheduled on time-frequeny domain first, then multiplexed in the same resource.
sched_request_cnfg =
{
dsr_trans_max = 64;
period = 20; // in ms
//subframe = [1, 11]; // Optional vector of subframe indices allowed for SR transmissions (default uses all)
nof_prb = 1; // number of PRBs on each extreme used for SR (total prb is twice this number)
};
cqi_report_cnfg =
{
mode = "periodic";
simultaneousAckCQI = true;
period = 40; // in ms
//subframe = [0, 10, 20, 30]; // Optional vector of subframe indices every period where CQI resources will be allocated (default uses all)
m_ri = 8; // RI period in CQI period
//subband_k = 1; // If enabled and > 0, configures sub-band CQI reporting and defines K (see 36.213 7.2.2). If disabled, configures wideband CQI
};
};
cell_list =
(
{
// rf_port = 0;
cell_id = 0x01;
tac = 0x0007;
pci = 1;
// root_seq_idx = 204;
dl_earfcn = 1575;
//ul_earfcn = 21400;
ho_active = false;
//meas_gap_period = 0; // 0 (inactive), 40 or 80
//meas_gap_offset_subframe = [6, 12, 18, 24, 30];
// target_pusch_sinr = -1;
// target_pucch_sinr = -1;
// enable_phr_handling = false;
// min_phr_thres = 0;
// allowed_meas_bw = 6;
// t304 = 2000; // in msec. possible values: 50, 100, 150, 200, 500, 1000, 2000
// CA cells
scell_list = (
// {cell_id = 0x02; cross_carrier_scheduling = false; scheduling_cell_id = 0x02; ul_allowed = true}
)
// Cells available for handover
meas_cell_list =
(
{
eci = 0x19C02;
dl_earfcn = 2850;
pci = 2;
//direct_forward_path_available = false;
//allowed_meas_bw = 6;
//cell_individual_offset = 0;
}
);
// Select measurement report configuration (all reports are combined with all measurement objects)
meas_report_desc =
(
{
eventA = 3
a3_offset = 6;
hysteresis = 0;
time_to_trigger = 480;
trigger_quant = "RSRP";
max_report_cells = 1;
report_interv = 120;
report_amount = 1;
}
);
meas_quant_desc = {
// averaging filter coefficient
rsrq_config = 4;
rsrp_config = 4;
};
}
// Add here more cells
);
nr_cell_list =
(
// no NR cells
);
In section
cell_list =
(
{
// rf_port = 0;
cell_id = 0x01;
tac = 0x0007;
pci = 1;
// root_seq_idx = 204;
dl_earfcn = 1575;
dl_earfcn is the downlink frequency. It is specified by earfcn number. These number is given in https://www.cablefree.net/wirelesstechnology/4glte/lte-carrier-frequency-earfcn/. There is an EARFCN calculation in https://www.sqimway.com/lte_band.php
For example, dl_earfcn = 1201 is corresponds to
| Band | Name | Bandwidth (MHz) | Mode | Earfcn DL | Downlink (MHz) | Earfcn UL | Uplink (MHz) |
|---|---|---|---|---|---|---|---|
| 3 | 1800+ | 75 | FDD | 1201 | 1805.10 | 19201 | 1710.10 |
tx_gain = 80 seems to be ok for BladeRF. The RX gain rx_gain = 40 is commented out to set as automatic gain control (AGC). This seems to be better performance for BladeRF. time_adv_nsamples = 27 is set as per recommendation in the config file for BladeRF SDR.
pi@pi-ros:~$ sudo srsenb
[sudo] password for pi:
--- Software Radio Systems LTE eNodeB ---
Reading configuration file /home/pi/.config/srslte/enb.conf...
WARNING: cpu0 scaling governor is not set to performance mode. Realtime processing could be compromised. Consider setting it to performance mode before running the application.
Built in Release mode using 20.10.0.
/home/pi/LTE/srsLTE-release_20_10/srsenb/src/enb_cfg_parser.cc.890: Force DL EARFCN for cell PCI=1 to 1201
Opening 2 channels in RF device=bladeRF with args=default
Opening bladeRF...
Set RX sampling rate 1.92 Mhz, filter BW: 1.92 Mhz
==== eNodeB started ===
Type <t> to view trace
Starting plot for worker_id=0
Creating plot window 'srsENB PCI 1'...
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
Set RX sampling rate 11.52 Mhz, filter BW: 9.22 Mhz
Setting manual TX/RX offset to 27 samples
Setting frequency: DL=1805.1 Mhz, UL=1710.1 MHz for cc_idx=0
set TX frequency to 1805100000
set TX frequency to 1805100000
set RX frequency to 1710100000
set RX frequency to 1710100000
libGL error: No matching fbConfigs or visuals found
libGL error: failed to load driver: swrast
RACH: tti=3301, cc=0, preamble=26, offset=9, temp_crnti=0x46
User 0x46 connected
pi@pi-ros:~$ sudo srsepc
[sudo] password for pi:
Built in Release mode using 20.10.0.
--- Software Radio Systems EPC ---
Reading configuration file /home/pi/.config/srslte/epc.conf...
HSS Initialized.
MME S11 Initialized
MME GTP-C Initialized
MME Initialized. MCC: 0xf724, MNC: 0xff11
SPGW GTP-U Initialized.
SPGW S11 Initialized.
SP-GW Initialized.
Received S1 Setup Request.
S1 Setup Request - eNB Name: srsenb01, eNB id: 0x19b
S1 Setup Request - MCC:724, MNC:11
S1 Setup Request - TAC 7, B-PLMN 0x27f411
S1 Setup Request - Paging DRX v128
Sending S1 Setup Response
Initial UE message: LIBLTE_MME_MSG_TYPE_ATTACH_REQUEST
Received Initial UE message -- Attach Request
Attach request -- M-TMSI: 0x2c925729
Attach request -- eNB-UE S1AP Id: 1
Attach request -- Attach type: 2
Attach Request -- UE Network Capabilities EEA: 11110000
Attach Request -- UE Network Capabilities EIA: 11110000
Attach Request -- MS Network Capabilities Present: true
PDN Connectivity Request -- EPS Bearer Identity requested: 0
PDN Connectivity Request -- Procedure Transaction Id: 1
PDN Connectivity Request -- ESM Information Transfer requested: true
UL NAS: Received Identity Response
ID Response -- IMSI: 724110000037980
Downlink NAS: Sent Authentication Request
UL NAS: Received Authentication Response
Authentication Response -- IMSI 724110000037980
UE Authentication Accepted.
Generating KeNB with UL NAS COUNT: 0
Downlink NAS: Sending NAS Security Mode Command.
UL NAS: Received Security Mode Complete
Security Mode Command Complete -- IMSI: 724110000037980
Sending ESM information request
UL NAS: Received ESM Information Response
ESM Info: APN zap.vivo.com.br
ESM Info: 6 Protocol Configuration Options
Getting subscription information -- QCI 7
Sending Create Session Request.
Creating Session Response -- IMSI: 724110000037980
Creating Session Response -- MME control TEID: 1
Received GTP-C PDU. Message type: GTPC_MSG_TYPE_CREATE_SESSION_REQUEST
SPGW: Allocated Ctrl TEID 1
SPGW: Allocated User TEID 1
SPGW: Allocate UE IP 172.16.0.2
Received Create Session Response
Create Session Response -- SPGW control TEID 1
Create Session Response -- SPGW S1-U Address: 127.0.1.100
SPGW Allocated IP 172.16.0.2 to IMSI 724110000037980
Adding attach accept to Initial Context Setup Request
Sent Initial Context Setup Request. E-RAB id 5
Received Initial Context Setup Response
E-RAB Context Setup. E-RAB id 5
E-RAB Context -- eNB TEID 0x1; eNB GTP-U Address 127.0.1.1
UL NAS: Received Attach Complete
Unpacked Attached Complete Message. IMSI 724110000037980
Unpacked Activate Default EPS Bearer message. EPS Bearer id 5
Received GTP-C PDU. Message type: GTPC_MSG_TYPE_MODIFY_BEARER_REQUEST
Sending EMM Information
The subscriber data can be edited by using webUI localhost:3000.
The first part is subscriber configuration where IMSI, KI and OPc are stored.
The second part is session configuration section where we can specify APN name.
Colab notebook to generate KI and OPC colab
IMSI : 724110000037980 KI: D1DB253527F74EE087F6EEF87E5D64D6 OPC :3FED1A5D3775EEE38B988C1044D3A081
IMSI : 724110000037981 KI: 42D4F23931F24EAE93DFD30B09A787AD OPC: CF3E9D77E6587454D3496A5448E58983
Sysmocom uSIM
| IMSI | ICCID | ACC | PIN1 | PUK1 | PIN2 | PUK2 | Ki | OPC |
|---|---|---|---|---|---|---|---|---|
| 901700000037980 | 8988211000000379803 | 0001 | 2710 | 60343649 | 9184 | 99091891 | 10FC442FFDFA64039EFED420468126FB | 6B163D7574F4D15AB27541AE0311F5A6 |
| 901700000037981 | 8988211000000379811 | 0002 | 8247 | 11350971 | 7845 | 74463844 | 89BDEBE6CF9ABF18826713C795A76AE0 | 79357542E239B0B81ECFD1EA0B8A2841 |
| 901700000037982 | 8988211000000379829 | 0004 | 8276 | 91676454 | 1098 | 34819185 | 6C03137E507414D32A49ADE8FF4AA820 | 1562D329051A61F4A898FDE234507670 |
| 901700000037983 | 8988211000000379837 | 0008 | 4597 | 46669842 | 3046 | 55802242 | B154DD21B2157EAAD5DD8FB85BCBE21B | 1C5069ED7BAE4AE87733D1678722F922 |
| 901700000037984 | 8988211000000379845 | 0010 | 6813 | 64741308 | 7924 | 79291804 | 8FBDD705484F1214CD0C7CF5ADC9ACD3 | 82EBAEE9D470E164B763F97CAEF608FE |
| 901700000037985 | 8988211000000379852 | 0020 | 5734 | 35969766 | 9484 | 57212639 | 542B7E17B553576E604444601750819D | 8993E7E3A003FB480EC4942C88EEE7AA |
| 901700000037986 | 8988211000000379860 | 0040 | 3324 | 33013720 | 5609 | 94493088 | FB7F4EFA27E684CA78E78D3B5A6989B1 | A6BC1629E701B13D14F9F4AE2E58D18A |
| 901700000037987 | 8988211000000379878 | 0080 | 2253 | 95652576 | 9063 | 87444815 | 413BE3D0B54460DD8BA4F452A64D8424 | 94F8ABA76FA285EB6D1F48338FF9C7A1 |
| 901700000037988 | 8988211000000379886 | 0100 | 5453 | 78553752 | 6641 | 90872778 | 745FD3ACE568C811BC286BCB3531569D | AAC3ED3C14B90F5550C48530612AD74D |
| 901700000037989 | 8988211000000379894 | 0200 | 7384 | 42299163 | 2215 | 93059612 | D22741396B4E75F4F983368A8EE3E6DD | 576D2A9869BC1E07D736430DB1CD4529 |
pi@pi:~$ ifconfig
enp0s31f6: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 54:e1:ad:6c:2e:0a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xf2200000-f2220000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 4329 bytes 474172 (474.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4329 bytes 474172 (474.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
srs_spgw_sgi: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 255.255.255.0 destination 172.16.0.1
inet6 fe80::e3ce:9069:3918:4685 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 1149 bytes 79586 (79.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 70 bytes 10832 (10.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp58s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.68.101 netmask 255.255.255.0 broadcast 192.168.68.255
inet6 fe80::e1d:cbc3:8067:223e prefixlen 64 scopeid 0x20<link>
ether cc:2f:71:31:22:ac txqueuelen 1000 (Ethernet)
RX packets 52105 bytes 57335889 (57.3 MB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 18217 bytes 4193544 (4.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Let take a look which interface get assigned IP. In this example, wlp58s0 interface gets IP 192.168.68.101 and hence we will masquerade this interface
sudo srsepc_if_masq.sh wlp58s0
then we start epc
sudo srsepc
when epc has started, we can start enb
sudo srsenb