Hi!
I've started to analyze GPRS and was actually even starting to write some code
for it, but then have given up for the time being - it's much more work than
anticipated.
Given the long todo list of OpenBSC right now, I think I'll have put aside GPRS
for some time :(
Based on looking at protocol traces, I have figured out the nanoBTS GPRS/EDGE
implementation roughly looks as follows:
* make sure we allow the BTS to activate the GPRS software components
in abis_nm / OML activation!
* BTS will use a UDP connection on port 23000 for the GPRS related frames.
The GSM specs will consider this type of connection between the PCU (part
of the nanoBTS) and the SGSN. The establishment/configuration of the
UDP port number and SGSN ip address has not yet been identified. Probably
similar to how the RSL link is activated via OML.
The protocol stack looks like:
IP : UDP : NSIP : BSSGP : LLC : higher-layer
IP and UDP you should know and/or not care about ;)
NSIP is a IP-enabled version of NS as specified in TS 08.16
BSSGP is specified in TS 08.18
LLC is as specified in TS 04.64
the higher-layer depends on the SAPI value of the LLC and can be
* GMM (GPRS Mobility Management as specified in 04.08)
* User Data (actual IP packets, e.g.)
* SMS
So what is weird about this is that the GPRS MM is actually part of 04.08, but
it is not terminated at the BSC but rather at the SGSN. Also, the deep stack
comprised of many headers is really weird. Furthermore, it seems that a lot
of the packet scheduling and timeslot allocation is happening inside the
nanoBTS - very unlike the GSM side of things.
I have not yet managed to figure out how to allocate/dedicate resources to
GPRS.. after all, the BTS needs to know how many timeslots it can use for it,
etc.
If anyone wants to dig deeper, you're most welcome to do so. A list of
relevant specs:
01.61 GPRS cipher algorithm requirements
03.60 Overall GRPS logical architecture (above RL and MAC)
03.64 GPRS radio interface
04.60 RLC/MAC on PDCH
04.64 MS-SGSN LLC spec (on top of RLC/MAC)
04.65 SGSN SNDCP
08.14 BSS SGSN Gb Layer 1
08.16 BSS SGSN Gb Layer 2
08.18 BSS SGSN BSS GPRS protocol
09.95 Interworking between modified PLMN supporting legacy GPRS and GPRS mobiles
22.060 GPRS Service Spec
23.060 GPRS Radio Service Spec
29.016 SGSN - VLR Interface Gs network interface spec
29.018 SGSN - VLR Interface Gs layer3 interface spec
29.060 GPRS Tunneling (GTP) over Gn and Gp
Happy hacking,
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
hi,
i tested the suggested values:
> NM_ATT_BS11_RADIO_MEAS_GRAN, 0x01, 0x05,
> NM_ATT_BS11_RADIO_MEAS_REP, 0x01, 0x01,
no measurement reports during calls, never seen one before. maybe i have
the wrong firmware load? i also get errors after starting bsc-hack on
the lmt. i will try to load a different firmware this weekend.
regards,
andreas
Hello Andreas,
On Thu, 25 Jun 2009 11:16:58 +0200, "Andreas.Eversberg" <Andreas.Eversberg(a)versatel.de> wrote:
>
> thanx for the detailed description. i will try this out this weekend. i
> will use a 900mhz radio receiver to check out the change in signal
> strength. i cannot get any measurement reports yet. the change of
> NM_ATT_BS11_RADIO_MEAS_GRAN value did not get me any measurement report
> as before.
Strange that you don't see the measurement reports.
Here are the two attributes I use for the TRX attributes
and they result in lots of reports when a channel is active
(at least for a speech channel, for a location update there
might be only one report because the connection is not active
that long):
NM_ATT_BS11_RADIO_MEAS_GRAN, 0x01, 0x05,
NM_ATT_BS11_RADIO_MEAS_REP, 0x01, 0x01,
I think I also tried it already with 0x02 to get a report
every second.
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
dieter,
thanx for the detailed description. i will try this out this weekend. i
will use a 900mhz radio receiver to check out the change in signal
strength. i cannot get any measurement reports yet. the change of
NM_ATT_BS11_RADIO_MEAS_GRAN value did not get me any measurement report
as before.
regards,
andreas
Hello guys,
Has anybody registered a PDA phone of 2.5G/3G type to the BS11 bts
succesfully?
Cause I'm still struggling with it for my nanoBTS (1800 Mhz).
Thank you.
Hi,
I was following your mails about your results for the ouput power but I
don't understand how you change it. I was checking the code but I didn't
find how to change TX0 output power.
I tried to change the line :
abis_nm_bs11_set_trx_power(&bts->trx[0], BS11_TRX_POWER_GSM_30mW);
with
abis_nm_bs11_set_trx_power(&bts->trx[0], BS11_TRX_POWER_GSM_250mW);
in the "create_objects" fonction but I don't know how the fonction is
loaded, I don't know how the bs11 enter the state
"BS11_STATE_WAIT_MIN_CFG_2"
case BS11_STATE_WAIT_MIN_CFG_2:
bs11cfg_state = STATE_SWLOAD;
rc = create_objects(g_bts);
break;
If anyone can help me
Thanks a lot
Eric Cathelinaud
Hello,
I try to give a short summary of the MS and BS power settings.
It is not intended to replace the GSM specs, it just contains
the important things for the current BS-11 configuration.
MS power:
- The MS power is usually specified as an absolute value,
a lower value means higher power. Some values for GSM 900
(GSM 1800 has a different encoding):
15 -> 13 dBm (0.02 W)
10 -> 23 dBm (0.2 W)
5 -> 33 dBm (2 W)
- The power used to access the RACH before any channel is active,
is defined by a Cell Selection parameter in SYSTEM INFORMATION
TYPE 3 and 4.
Remark: bsc_hack currently uses "2" which should be increased
(lower power) to avoid interference with the public networks.
- When the BTS activates a channel, it sets the MS power.
bsc_hack currently sets it to 15 which should be OK for testing
(see rsl_rx_chan_rqd() in abis_rsl.c).
- Dynamic power control of the MS power by the BTS is currently
not enabled.
BS power:
- For the BS-11 the PA power can be configured to 0.03W, 0.08W,
0.25W or 2W (b11_config can be used for this purpose).
- The attribute NM_ATT_RF_MAXPOWR_R of each TRX of the BS-11
can be set to a value from 0 (0dB) to 6 (12dB) to reduce
the power in steps of 2dB (see bsc_hack.c).
- for the TRX which carries the BCCH, there is no dynamic
BS power control possible. In the meantime I have read
at several places that the BCCH TRX has to use a fixed power
and additionally cannot use a different ARFCN for example
for the TCH (which also means that no hopping is possible).
To use hopping or dynamic BS power control, the second TRX
has to be used and configured in a way that it does not carry
a BCCH.
Best regard,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
harald,
i checked the msg_4 array. i found the power info in the description,
but i cannot see where the values are in the array. also i don't really
know the maximum power value for BS11 (GSM 900). is 0db maximum? is it
relative to the BS power class?
> Check
> * the 'MS POWER' attribute in the ACTIVATE CHANNEL
> * the cell selection parameters in SYSTEM INFORMATION TYPE 4 (max tx
power for CCH)
anyway, i found the bug about holding the location update process. i
fixed it, but before i supply a patch, i will check if this really works
when the link fails during location update again.
regards,
andreas
hi,
how can i advice the phone to use the "full" power level according to the power class of the bs11? what parameter and what value is required?
currently we have "kieler woche", an event with up to 3.000.000 visitors over one week.
for the "mobile base station" i use a standard PC with E1/S0 card, a BS11, a laptop, an ISDN phone, and an UPS with 4 * 200Ah batteries.
andreas
-----Ursprüngliche Nachricht-----
Von: Dieter Spaar [mailto:spaar@mirider.augusta.de]
Gesendet: Dienstag, 23. Juni 2009 10:36
An: Andreas.Eversberg
Cc: openbsc(a)lists.gnumonks.org
Betreff: Re: location update problem
Hello Andreas,
On Mon, 22 Jun 2009 19:40:17 +0200, "Andreas.Eversberg" <Andreas.Eversberg(a)versatel.de> wrote:
>
> after location update fails. "DB: Failed to find the Subscriber...", get
> an "ERROR INDICATION" with cause 1. it seems that the mobile just stops
> sending on the channel. the channel ressource hold by location update
> process is not freed. the last messages show that.
>
> i will look on this the next days and report if i found something. if
> you have any idea, please tell me. the way to test any change/fix is
> quite complicated. the bug only occurrs when many phones are available
> and when they move from a different network to my network (built in a
> car, moving arround.)
Just a wild guess: Could it be a reception problem ? If you have set
the BS-11 to a high power level, many phones will see it. Currently the
BS-11 advises the phones to use a very low power level when activating
a channel. So the BS-11 might receive the phone with a low signal
strength and the receiption is just too bad (although the phones will
receive the BS-11 quite well). The measurement reports should indicate
if this is the problem.
Out of interest, do you also have a PC with an E1 card in the car or
do you use a laptop with an USB (or PCMIA) to E1 interface ?
Best regards,
Dieter
--
Dieter Spaar, Germany spaar(a)mirider.augusta.de
