Dear Harald,
Now that the implementation of the IuH interface is on its way, can you please recommend any femtos which you think can probably be used with this implementation? I think in a previous conversation in this subject someone mentioned that probably Alcatel based units has the highest chance because of certain configuration and/or implementation options.
Anyway, if you can shed some light on this subject, that would be awsome.
Thanks!
Csaba
Hi Sipos,
On Sat, Oct 17, 2015 at 12:48:58PM +0200, Sipos Csaba wrote:
Now that the implementation of the IuH interface is on its way, can you please recommend any femtos which you think can probably be used with this implementation?
I have no idea. The point is basically to find (surplus, second hand) femtocells on the market, that
a) speak an Iuh interface (older models have URSL, UMA/GAN or other proprietary protocols)
b) can be rooted somehow, so we can either replace the ipsec certificates, or disable ipsec towards the SEGW
c) are available in quantities that make them interesting/useful to the community
At sysmocom we tried very hard to find a femtocell manufaturer who would be willing to sell certain volumes to us, where we could then sell them to the open market (including the community). However, this has not been successful for several reasons, including:
* the quantities of femtocells are typically large, much larger than we would likely be able to sell
* the vendors typically work with one supplier of the respective SEGW/HNBGW and associated management solution, and they don't like (or maybe even are contractually forbidden) from selling to anyone who does not at the same time operate that core network infrastructure. As we are building our own infrastructure, they don't like that.
I think in a previous conversation in this subject someone mentioned that probably Alcatel based units has the highest chance because of certain configuration and/or implementation options.
That was years ago. While those units are still quite hackable, they predate Iuh by some years and have some kind of proprietary framing around the RANAP (Iu) messages.
So if you or anyone else on this list has some suggestions, it would of course be more than welcome. Some people are looking into now obsolete Huawei models (based on vxworks), where there was some presentation earlier this year: http://www.slideshare.net/arbitrarycode/adventures-in-femtoland-350-yuan-for...
It still needs to be seen what models using what firmware release are vulnerable as described in the slides, if the results can be reproduced, etc.
Regards, Harald
Hi Harald,
Thanks for clearing that up.
Do you think that these vendor agnostic implementations can cahnge with the small cell forum API?
http://scf.io/en/documents/082_-_LTE_eNB_L1_API_definition.php
Do we know any femtos on the market that actually is compatible with this API? And if we have one, can that help us?
Personally I wanted to order an AT&T small cell (I think its Cisco based) because its cheap and available, but it is quite an old model. I don't know if anybody knows sometinhg about this particular model? If there is no opposition I might order one just to play with it.
Or maybe you have some specific models in mind you always wanted to try but never had the time? If you have any recommendations I would be happy to look into them.
Regards, Csaba
----- Eredeti üzenet ----- Feladó: "Harald Welte" laforge@gnumonks.org Címzett: "Sipos Csaba" sipos.csaba@kvk.uni-obuda.hu Másolatot kap: "OpenBSC Mailing List" openbsc@lists.osmocom.org Elküldött üzenetek: Szombat, 2015. Október 17. 15:15:49 Tárgy: Re: Femto - IuH
Hi Sipos,
On Sat, Oct 17, 2015 at 12:48:58PM +0200, Sipos Csaba wrote:
Now that the implementation of the IuH interface is on its way, can you please recommend any femtos which you think can probably be used with this implementation?
I have no idea. The point is basically to find (surplus, second hand) femtocells on the market, that
a) speak an Iuh interface (older models have URSL, UMA/GAN or other proprietary protocols)
b) can be rooted somehow, so we can either replace the ipsec certificates, or disable ipsec towards the SEGW
c) are available in quantities that make them interesting/useful to the community
At sysmocom we tried very hard to find a femtocell manufaturer who would be willing to sell certain volumes to us, where we could then sell them to the open market (including the community). However, this has not been successful for several reasons, including:
* the quantities of femtocells are typically large, much larger than we would likely be able to sell
* the vendors typically work with one supplier of the respective SEGW/HNBGW and associated management solution, and they don't like (or maybe even are contractually forbidden) from selling to anyone who does not at the same time operate that core network infrastructure. As we are building our own infrastructure, they don't like that.
I think in a previous conversation in this subject someone mentioned that probably Alcatel based units has the highest chance because of certain configuration and/or implementation options.
That was years ago. While those units are still quite hackable, they predate Iuh by some years and have some kind of proprietary framing around the RANAP (Iu) messages.
So if you or anyone else on this list has some suggestions, it would of course be more than welcome. Some people are looking into now obsolete Huawei models (based on vxworks), where there was some presentation earlier this year: http://www.slideshare.net/arbitrarycode/adventures-in-femtoland-350-yuan-for...
It still needs to be seen what models using what firmware release are vulnerable as described in the slides, if the results can be reproduced, etc.
Regards, Harald
On Sat, Oct 17, 2015 at 03:50:52PM +0200, Sipos Csaba wrote:
Do you think that these vendor agnostic implementations can cahnge with the small cell forum API?
no.
http://scf.io/en/documents/082_-_LTE_eNB_L1_API_definition.php
This is the Layer 1 API between the PHY and the MAC/RLC layer. This is _very_ far from the Iuh interface. Compare it with the L1SAP interface of OsmoBTS. And Iuh is on th level of the A interface, not even Abis.
Also, this API is for LTE, not for UMTS.
Do we know any femtos on the market that actually is compatible with this API? And if we have one, can that help us?
You can find transceiver hardware + PHY implementations that offer this L1 API. However, that is not a complete (femto/small) cell, but the hardware plus the PHY.
I don't think anyone will quickly come about and implement all the missing layers, so in the context of developing a NITB with Iuh interface, it doesn't really help.
Or maybe you have some specific models in mind you always wanted to try but never had the time? If you have any recommendations I would be happy to look into them.
I haven't really looked at any femtocells for a very long time.
Hi Harald,
SCF has a similar thing for 3G femtos, but its pretty much the same L1 implementation and not talking about the management of the femtos.
I actually looking into these units:
http://www.ebay.com/itm/AT-T-3G-MicroCell-signal-booster-DPH151-AT/161858135...
There is a lot of them, they are fairly cheap, I already know they run embedded linux (95% that its not VxWorks), and it is a Cisco product.
If you or nobody has any opposition (know something that makes this unit a near impossible candidate), I will probably buy one and take a look. It seems the successor of this product is also embedded linux, and it seems AT&T deploys them in huge quantities, so this seems to be a good candidate.
Regards, Csaba
----- Eredeti üzenet ----- Feladó: "Harald Welte" laforge@gnumonks.org Címzett: "Sipos Csaba" sipos.csaba@kvk.uni-obuda.hu Másolatot kap: "OpenBSC Mailing List" openbsc@lists.osmocom.org Elküldött üzenetek: Szombat, 2015. Október 17. 20:20:09 Tárgy: Re: Femto - IuH
On Sat, Oct 17, 2015 at 03:50:52PM +0200, Sipos Csaba wrote:
Do you think that these vendor agnostic implementations can cahnge with the small cell forum API?
no.
http://scf.io/en/documents/082_-_LTE_eNB_L1_API_definition.php
This is the Layer 1 API between the PHY and the MAC/RLC layer. This is _very_ far from the Iuh interface. Compare it with the L1SAP interface of OsmoBTS. And Iuh is on th level of the A interface, not even Abis.
Also, this API is for LTE, not for UMTS.
Do we know any femtos on the market that actually is compatible with this API? And if we have one, can that help us?
You can find transceiver hardware + PHY implementations that offer this L1 API. However, that is not a complete (femto/small) cell, but the hardware plus the PHY.
I don't think anyone will quickly come about and implement all the missing layers, so in the context of developing a NITB with Iuh interface, it doesn't really help.
Or maybe you have some specific models in mind you always wanted to try but never had the time? If you have any recommendations I would be happy to look into them.
I haven't really looked at any femtocells for a very long time.
-
Harald Welte -
Sipos Csaba