Comparing the Control Plane signalling in 5GC compared to EPC.
A look at the Handover process between Cells / BTSs in GSM using the Osmocom stack.
When setting up the timeslots on the TRX for each BTS on your BSC, you’ll notice you have to set a channel type. So what do these acronyms mean, and how do they affect the performance of the network? GSM channels break down into one of to categories, control channels – used for signalling, and […]
So far we’ve focused on building a plain “2G” (voice and SMS only) network, which was all consumers expected twenty years ago. As the number of users accessing the internet through DSL, Dial Up & ISDN grew, the idea of getting this data “on the go” became more appealing. TCP/IP was becoming the dominant standard […]
Learning a very dumb lesson in antenna selection.
So now we’ve covered the basics of what’s involved let’s get some traffic on our network. For starters we’ll need to start each of our network elements and bring up whichever BTS hardware we’re using. In order for our calls to have audio, we’ll need to set a parameter on the Media Gateway. We’ll cover […]
Quick look at cheap “Magic SIM Cards”, what they do, how they do it, and the amazing graphics they use.
Configuring YateBTS NIPC with a BladeRF Software Defined Radio
Setting up YateBTS GSM BTS in Ubuntu 18.04
Accessing the Field Testing suite on an iOS Device
Exploring the how and why of Authentication in LTE & NR networks.
Note: NextEPC the Open Source project rebranded as Open5Gs in 2019 due to a naming issue. The remaining software called NextEPC is a branch of an old version of Open5Gs. This post was written before the rebranding. I’ve been working for some time on Private LTE networks, the packet core I’m using is NextEPC, it’s […]
I recently started working on an issue that I’d seen was to do with the HSS response to the MME on an Update Location Answer. I took some Wireshark traces of a connection from the MME to the HSS, and compared that to a trace from a different HSS. (Amarisoft EPC/HSS) The Update Location Answer […]
The packet structure of Diameter
A primer to the Diameter protocol and it’s usage.
ARP in LTE is not the Ethernet standard for address resolution, but rather the Allocation and Retention Policy. A scenario may arise where on a congested cell another bearer is requested to be setup. The P-GW, S-GW or eNB have to make a decision to either drop an existing bearer, or to refuse the request […]
MBR stands for Maximum Bit Rate, and it defines the maximum rate traffic can flow between a UE and the network. It can be defined on several levels: MBR per Bearer This is the maximum bit rate per bearer, this rate can be exceeded but if it is exceeded it’s QoS (QCI) values for the […]
The QCI (Quality Class Indicator) is a value of 0-9 to denote the service type and the maximum delays, packet loss and throughput the service requires. Different data flows have different service requirements, let’s look at some examples: A VoLTE call requires low latency and low packet loss, without low latency it’ll be impossible to […]
GBR is a confusing concept at the start when looking at LTE but it’s actually kind of simple when we break it down. GBR stands for Guaranteed Bit Rate, meaning the UE is guaranteed a set bit rate for the bearer. The default bearer is always a non-GBR bearer, with best effort data rates. Let’s […]
Adding online map tiles in Forsk Atoll