Our BTS is going to need an accurate clock source in order to run, so without access to crazy accurate Timing over Packet systems or TDM links to use as reference sources, I’ve opted to use the GPS/GLONASS receiver built into the LMPT card. Add new GPS with ID 0 on LMPT in slot 7 […]
This post is one in a series documenting my adventures attempting to configure a used BTS 3900 to function as a eNB in my lab. There are 5 network ports on the LMPT card: 2x SFP cages – SFP 0 and SFP 1 1x 10/100 Ethernet port – ETH – Used to access the Local […]
Learning Huawei’s flavour of MML – Man Machine Language for the BTS 3900 series Macro Base Stations.
Picking and validating antenna selection for the new RAN project in my lab.
Using SDR hardware to view the LTE System Information Block’s contents.
Using Wireshark to view and analyze MAC layer LTE traffic
Multi-tenancy on the RAN side of the network, allowing an eNB to broadcast multiple PLMN IDs (MCC/MNC) in the System Information Block (SIB).
Configuring BaiCells Neutrino eNB
Using SRS LTE Stack with the BladeRF x40 Software Defined Radio (SDR)
How to encode and decode MCC and MNC as PLMN Identifiers
Using osmo-sim-auth to query USIM/SIM cards authentication mechanism.
Exploring the how and why of Authentication in LTE & NR networks.
Overview of the packet flow for a UE Idle detach from the network.
Periodic Tracking Area Update timer purpose
ARP in LTE is not the Ethernet standard for address resolution, but rather the Allocation and Retention Policy. A scenario may arise where on a congested cell another bearer is requested to be setup. The P-GW, S-GW or eNB have to make a decision to either drop an existing bearer, or to refuse the request […]
MBR stands for Maximum Bit Rate, and it defines the maximum rate traffic can flow between a UE and the network. It can be defined on several levels: MBR per Bearer This is the maximum bit rate per bearer, this rate can be exceeded but if it is exceeded it’s QoS (QCI) values for the […]
The QCI (Quality Class Indicator) is a value of 0-9 to denote the service type and the maximum delays, packet loss and throughput the service requires. Different data flows have different service requirements, let’s look at some examples: A VoLTE call requires low latency and low packet loss, without low latency it’ll be impossible to […]
GBR is a confusing concept at the start when looking at LTE but it’s actually kind of simple when we break it down. GBR stands for Guaranteed Bit Rate, meaning the UE is guaranteed a set bit rate for the bearer. The default bearer is always a non-GBR bearer, with best effort data rates. Let’s […]
We’ve already touched on how subscribers are authenticated to the network, how the network is authenticated to subscribers and how the key hierarchy works for encryption of user data and control plane data. If the IMSI was broadcast in the clear over the air, anyone listening would have the unique identifier of the subscriber nearby […]
We’ve talked a bit in the past few posts about keys, K and all it’s derivatives, such as Kenc, Kint, etc. Each of these is derived from our single secret key K, known only to the HSS and the USIM. To minimise the load on the HSS, the HSS transfers some of the key management […]