Tag Archives: OsmoBTS

Dumb Lesson in RF Connectors

RF, , , ,

When the YateBTS project launched 6 or 7 years ago I went out and purchased what was to be my first “real” SDR – The BladeRF x40.

At the time I wanted to play with GSM stuff, and so I grabbed two rubber duck antenna off an Alarm GSM Dialer I had in a junk box, thinking they’d do a better job than the stock “everything-band” antenna that came with the SDR hardware.

The offending antennas

These two became my “probably roughly aligned with the common commercial RAN bands” antennas,

I’ve used these antennas on pretty much all my RAN related projects on the BladeRF, HackRF and the LimeSDR,

  • GSM with YateBTS
  • GSM with Osmocom
  • iPhone connecting to SRS LTE eNodeB SDR
    LTE with srsLTE

I had some issues a recently I attributed to “probably rubbish antennas” so decided to get a pair of paddle antenna tuned for the frequencies I was working with.

While working out what to get I had a look and noted the connectors on all my SDR hardware is SMA-Female connector. Easy, so I need an SMA-Male connector on the antennas, purchase made.

Cut forward to today when the antennas arrive at my door, they’re exactly as described, however I notice some resistance when connecting them, the male pin is stiff to go into the LimeSDR, whereas there’s no resistance at all from my “trusty” rubber duck antennas.

That’s when I realised.

The two antennas I’ve been using for about 7 years at this point, have the wrong connectors (SMA and RP-SMA) and have not made contact on the signal centre pin that entire time…

They’re RP-SMA male and I need SMA male.

Wasn’t just reverse polarity – it was no polarity.

I’m a walking encyclopedia of connectors, acronyms and layer 1 stuff, but apparently this I missed.

I’m an idiot – a lucky one who didn’t burn out his SDR hardware.

An idiot with greatly improved RSSI though…

GSM with Osmocom Part 5: Software BTS with LimeSDR & osmo-bts-trx

GSM, Mobile Networks, , , , , , , ,

Osmo-BSC accepts Abis over IP connections from a number of different sources,

There’s a list of supported BTS hardware that can talk out of the box to the Osmo-BSC, such as the Ericsson RBS series, ip.access nanoBTS, Nokia and Siemens units and even a virtual BTS so you can simulate the connections.

If you’re using any of these premade BTS hardware options, or osmo-bts-virtual, you probably just need to setup the basics on your BTS and point it to your BSC, end of story.

The below post will touch on using common SDR hardware to act as our BTS. If you’re not using SDR hardware you can just skip ahead to the next post on BSCs.

But, if you’re in the same boat as me, without any commercial BTS / RAN hardware, we’ll be setting it up by using an SDR platforms (In my case LimeSDR) and that’s what this tutorial will focus on.

Osmo-TRX

In order to bring in a large array of SDR hardware, Osmocom have introduced Osmo-TRX, which handles the Layer 1 physical layer of the BTS, and connects to Osmo-BTS which serves as the BTS and talks Abis over IP to the MSC.

Certain hardware can talk directly to Osmo-BTS, but we’re going to rely on Osmo-TRX to act as the middleman between our SDR hardware and the BTS.

The above diagram from the Osmocom wiki shows how this fits together with generic SDR platforms, here’s how it fits together for us:

osmo-trx-lms will take care of the SDR side of the equation, pretty much serving as a modem and sending everything it gets on the Uu interface to osmo-bts-trx over UDP, and everything it receives from osmo-bts-trx over UDP it sends out the Uu interface.

osmo-bts-trx will then setup an Abis over IP connection to our BSC.

The LimeSDR

My ever growing collection of SDR hardware now includes a LimeSDR which I’ll be using for this series.

Before we can get too far we’ve got to setup the prerequisites for the LimeSDR to be able to interface with Osmo-TRX.

Osmocom now provide a binary for interfacing with LimeSDR boards directly, instead of having to use the UHD abstraction. This is a much cleaner way of interfacing with the boards and the path I’ll be taking.

Software Install

For this tutorial series I’ll be using Ubuntu 18.04 and trying where possible to use packages from Repos instead of compiling from source.

LimeSuite provides the drives and utilities for interfacing with the LimeSDR.

add-apt-repository -y ppa:myriadrf/drivers
apt-get update
apt-get install limesuite limesuite-udev

Next we’ll connect up the LimeSDR to a USB3 port, confirm it’s there and upgrade it’s firmware:

 LimeUtil --find

Assuming your LimeSDR is hooked up and everything installed you should see an output similar to this:

In which case we can upgrade the LimeSDR firmware with:

LimeUtil --update

Next we’ll start installing Osmocom Sources;

wget https://download.opensuse.org/repositories/network:/osmocom:/latest/Debian_10/Release.key  
apt-key add Release.key && rm Release.key
echo "deb https://download.opensuse.org/repositories/network:/osmocom:/latest/xUbuntu_18.04/ ./" > /etc/apt/sources.list.d/osmocom-latest.list 
apt-get update

Now that we’ve got the Osmocom Debian repos added we can install the packages we need,

We’re going to install Osmo-BTS-TRX for talking to the BSC over Abis, and install Osmo-TRX-LMS for talking to the SDR.

apt-get install osmo-bts-trx osmo-trx-lms

After you’ve installed the packages, Osmo-BTS-TRX will run as a daemon, we’ll stop it for now and bring it up manually in the foreground.

systemctl disable osmo-bts-trx
systemctl disable osmo-trx-bts

Software Config

So now we’ve got two pieces of the puzzle, it’s time to connect the SDR to Osmo-TRX-LMS and connect Osmo-TRX-LMS to Osmo-BTS-TRX.

We’ll begin by running Osmo-TRX-LMS to connect to the LimeSDR and encapsulate the Uu data into UDP packets we send to Osmo-BTS-TRX.

Config files for Osmocom are installed in /etc/osmocom/ so we’ll run everything from that directory.

osmo-trx-lms -C osmo-trx-lms.cfg

If all was successful you’ll see something similar to what I’ve got below, showing Osmo-TRX-LMS has connected to the SDR and is ready to go.

But if you go scanning the airwaves now, you won’t see any data coming out of the SDR’s transmitter.

That’s because Osmo-TRX-LMS needs to connect to Osmo-BTS-TRX,

We’ll leave Osmo-TRX-LMS running, so let’s open up another session and start Osmo-BTS-TRX.

osmo-bts-trx -c osmo-bts-trx.cfg

You’ll see for starters that it’s Opened our transceiver (hooray),

You’ll see this reflected in the Osmo-TRX-LMS stdout, but it’ll show the poweroff command has been sent to it, so what gives?

Well, the answer becomes clear if you leave Osmo-BTS-TRX running for a minute or two,

Eventually the process stops, reporting:

<000d> abis.c:142 Signalling link down
<0001> bts.c:292 Shutting down BTS 0, Reason Abis close

So what’s going on? In the same way we saw our Virtual BTS shut itself down, without a connection to the BSC (Via the Abis interface) the BTS will shut itself down, as it’s not able to run on it’s own.

This took me a shamefully long time to work out that’s why it was stopping…

In our next post we’ll introduce our BSC and provision a BTS on it.

Further Reading:

OsmoTRX – Osmocom Wiki

OsmoBTS – OsmocomWiki

LimeSDR – Osmocom Wiki

GSM base Station

GSM with Osmocom Part 2: BTS Basics

GSM, Mobile Networks, , , , ,

By far the most visable part of any mobile network (apart from your phone!) is the Base (Transciver) Stations.

Dotted around the countryside, on masts, towers and monopoles, whether you notice them or not, base stations are everywhere.

The Architecture

The RF side of LTE has an eNodeB, which is a smart device. – You connect it to a TCP/IP network, it establishes a connection with your MME(s) and away you go.

A GSM BTS (Base Transceiver Station) isn’t all that clever…

The BTS is a similar to the WiFi access points that talk to a centralised controller for all their thinking.
A BTS gets most of its brains from elsewhere and essentially just handles the TX/RX of baseband data.

That elsewhere is the BSC – Base Station Controller. Each BTS connects to a BSC, and a BSC would typically control a number of BTS.

We’ll explore the BSC and it’s connections in depth, but I’ve put together a basic diagram of how everything fits together below.

Basic GSM Access Architecture

Um Interface

The Um interface is the Air Interface of GSM. It’s what takes the data and sends it out “over the air”.

There’s a lot to know about air interfaces, and I know very little. What I do know is I need to set the Um interface to use a frequency band my mobile phone supports (so I can see and connect to the network).

The Abis Interface

The fact that GSM was first deployed in 1991, explains why the Abis interface used ISDN E1/T1 TDM links to connect the Base Transceiver Stations (BTSs) to the Base Station Controller (BSC).

While now looking back you may ask why TCP/IP wasn’t used for the Abis interface, keep in mind that Windows 95 was the first version to include TCP/IP support, and that gives you an idea of the state of play. ISDN is very reliable and was well known in the telco space at that time.

I no longer have any ISDN hardware, so for me this is all going to be built using packet switched networks working as circuit switched.

Osmocom does have support for E1/T1 interfaces, so if you’ve got BTS hardware that only communicates over TDM links, that’s an option too.

GSMA never wrote a standard for taking Abis over IP, so as such each vendor has implemented it differently.

Osmocom have a flavour of Abis over IP protocol they’ve developed based on traces from a commercial implementation which we’ll be using. You can find the full protocol spec for Osmocom’s Abis over IP interface here.

OML Interface

With all the brains for the BTS residing in the BSC, there’s a need to control the BTS from the BSC. The Operation and Maintenance Link (OML) is a protocol for changing certain parameters of the BTS from the BSC.

A prime example of use of the OML would be the BSC turning the BTS off/on.

We’ll see a tiny bit of OML usage in the next post, just for turning the BTS off and on.

So let’s put this into practice and setup a virtual BTS with Osmocom.