Hi Harald,
Thanks for clearing that up.
Do you think that these vendor agnostic implementations can cahnge with the small cell
forum API?
http://scf.io/en/documents/082_-_LTE_eNB_L1_API_definition.php
Do we know any femtos on the market that actually is compatible with this API? And if we
have one, can that help us?
Personally I wanted to order an AT&T small cell (I think its Cisco based) because its
cheap and available, but it is quite an old model. I don't know if anybody knows
sometinhg about this particular model? If there is no opposition I might order one just to
play with it.
Or maybe you have some specific models in mind you always wanted to try but never had the
time? If you have any recommendations I would be happy to look into them.
Regards,
Csaba
----- Eredeti üzenet -----
Feladó: "Harald Welte" <laforge(a)gnumonks.org>
Címzett: "Sipos Csaba" <sipos.csaba(a)kvk.uni-obuda.hu>
Másolatot kap: "OpenBSC Mailing List" <openbsc(a)lists.osmocom.org>
Elküldött üzenetek: Szombat, 2015. Október 17. 15:15:49
Tárgy: Re: Femto - IuH
Hi Sipos,
On Sat, Oct 17, 2015 at 12:48:58PM +0200, Sipos Csaba wrote:
Now that the implementation of the IuH interface is on
its way, can
you please recommend any femtos which you think can probably be used
with this implementation?
I have no idea. The point is basically to find (surplus, second hand)
femtocells on the market, that
a) speak an Iuh interface (older models have URSL, UMA/GAN or other
proprietary protocols)
b) can be rooted somehow, so we can either replace the ipsec
certificates, or disable ipsec towards the SEGW
c) are available in quantities that make them interesting/useful to the
community
At sysmocom we tried very hard to find a femtocell manufaturer who would
be willing to sell certain volumes to us, where we could then sell them
to the open market (including the community). However, this has not
been successful for several reasons, including:
* the quantities of femtocells are typically large, much larger than we
would likely be able to sell
* the vendors typically work with one supplier of the respective
SEGW/HNBGW and associated management solution, and they don't like (or
maybe even are contractually forbidden) from selling to anyone who
does not at the same time operate that core network infrastructure.
As we are building our own infrastructure, they don't like that.
I think in a previous conversation in this subject
someone mentioned
that probably Alcatel based units has the highest chance because of
certain configuration and/or implementation options.
That was years ago. While those units are still quite hackable, they
predate Iuh by some years and have some kind of proprietary framing
around the RANAP (Iu) messages.
So if you or anyone else on this list has some suggestions, it would of
course be more than welcome. Some people are looking into now obsolete
Huawei models (based on vxworks), where there was some presentation
earlier this year:
http://www.slideshare.net/arbitrarycode/adventures-in-femtoland-350-yuan-fo…
It still needs to be seen what models using what firmware release are
vulnerable as described in the slides, if the results can be reproduced,
etc.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)