Using SDR hardware to view the LTE System Information Block’s contents.
Using Wireshark to view and analyze MAC layer LTE traffic
Multi-tenancy on the RAN side of the network, allowing an eNB to broadcast multiple PLMN IDs (MCC/MNC) in the System Information Block (SIB).
Configuring BaiCells Neutrino eNB
Using SRS LTE Stack with the BladeRF x40 Software Defined Radio (SDR)
How to encode and decode MCC and MNC as PLMN Identifiers
Using osmo-sim-auth to query USIM/SIM cards authentication mechanism.
Exploring the how and why of Authentication in LTE & NR networks.
Overview of the packet flow for a UE Idle detach from the network.
Periodic Tracking Area Update timer purpose
ARP in LTE is not the Ethernet standard for address resolution, but rather the Allocation and Retention Policy. A scenario may arise where on a congested cell another bearer is requested to be setup. The P-GW, S-GW or eNB have to make a decision to either drop an existing bearer, or to refuse the request […]
MBR stands for Maximum Bit Rate, and it defines the maximum rate traffic can flow between a UE and the network. It can be defined on several levels: MBR per Bearer This is the maximum bit rate per bearer, this rate can be exceeded but if it is exceeded it’s QoS (QCI) values for the […]
The QCI (Quality Class Indicator) is a value of 0-9 to denote the service type and the maximum delays, packet loss and throughput the service requires. Different data flows have different service requirements, let’s look at some examples: A VoLTE call requires low latency and low packet loss, without low latency it’ll be impossible to […]
GBR is a confusing concept at the start when looking at LTE but it’s actually kind of simple when we break it down. GBR stands for Guaranteed Bit Rate, meaning the UE is guaranteed a set bit rate for the bearer. The default bearer is always a non-GBR bearer, with best effort data rates. Let’s […]
We’ve already touched on how subscribers are authenticated to the network, how the network is authenticated to subscribers and how the key hierarchy works for encryption of user data and control plane data. If the IMSI was broadcast in the clear over the air, anyone listening would have the unique identifier of the subscriber nearby […]
We’ve talked a bit in the past few posts about keys, K and all it’s derivatives, such as Kenc, Kint, etc. Each of these is derived from our single secret key K, known only to the HSS and the USIM. To minimise the load on the HSS, the HSS transfers some of the key management […]
We’ve already touched on how subscribers are authenticated to the network, how the network is authenticated to subscribers. Those functions are done “in the clear” meaning anyone listening can get a copy of the data transmitted, and responses could be spoofed or faked. To prevent this, we want to ensure the data is ciphered (encrypted) […]
These are my lecture notes from IMT’s NET02x (4G Network Essentials) course, I thought I’d post them here as they may be useful to someone. You can find my complete notes here. As we just saw when a terminal moves to ECC-Idle while in EMM-Registered state, it releases it’s radio resources, so what happens when […]
These are my lecture notes from IMT’s NET02x (4G Network Essentials) course, I thought I’d post them here as they may be useful to someone. You can find my complete notes here. One of the common themes we cover over and over in the 4G discussion is the desire to preserve energy on the UE […]
These are my lecture notes from IMT’s NET02x (4G Network Essentials) course, I thought I’d post them here as they may be useful to someone. You can find my complete notes here. A LTE UE has permanent IP connectivity for as long as it is connected. As soon as the UE powers up it requests […]