Hi,
recently my modem with an already known SIM got a location update reject, because the procedure timed out. So I looked more into the location updates.
How openbsc location update works:
MS Network LOC REQ -> <- Identity Req IMSI Identity Resp IMSI -> <- Identity Req IMEI Identity Resp IMEI -> <- LOC ACCEPT
OpenBSC is using a Timeout (5 sec) for the completion of location update.
So let's say we trigger for unknown reason the timeout (e.g. RF problem).
MS Network LOC REQ -> <- Identity Req IMSI (No response) <- LOC Reject! cause 13 / No roaming allowed.
If the MS receive it, it will put our network on it's blacklist and won't try it again until power cycled.
We could change reject cause to something different [1], but we might want to reject foreign SIMs not to try our network again. The problem here is that openBSC use the same configuration to reject unknown SIMs as well for timeouts.
But I think this timeout should be removed. 04.08 doesn't describe a timeout on location update request on network side. But it describes other timeouts: 04.08 describes: - T3260 auth req. sent, wait until response (12 sec) - T3270 identity req. sent, wait until response (12 sec)
I think we should implement both timers and drop the RR connection if it fires.
I'm unsure if it's needed: But OpenBSC could count un-successful location update req. Reset counter if it's succeeded. After a certain amount of failures we send a location update reject. (unsure which cause)
best, lynxis
Related Specs: GSM 04.08 [1] Chapter 4.4 describing location update GSM 04.08 [1] Chapter 11.2 Timers GSM 04.08 [1] Chapter Annex G Reject Causes
[0] nitb.cfg: network: location updating reject cause [1] ETSI TS 100 940
On Tue, Jul 11, 2017 at 05:49:47PM +0200, Alexander Couzens wrote:
recently my modem with an already known SIM got a location update reject, because the procedure timed out. So I looked more into the location updates.
How openbsc location update works:
MS Network LOC REQ -> <- Identity Req IMSI Identity Resp IMSI -> <- Identity Req IMEI Identity Resp IMEI -> <- LOC ACCEPT
OpenBSC is using a Timeout (5 sec) for the completion of location update.
One important fact here is that we have completely re-implemented location updating when introducing the VLR + HLR, since the openbsc.git vlr_2G branch. This uses brand new finite state machines with capabilities for individual timers for each step. These could be refined, but the point is that we're definitely not going to revisit the old location updating code.
You may take a look at how the new code reacts to timeouts. https://git.osmocom.org/openbsc/tree/openbsc/src/libmsc/subscr_conn.c?h=aoip suggests that on conn timeout, we simply and bluntly close the connection without answering with 'Roaming not allowed' now. Also see https://git.osmocom.org/openbsc/tree/openbsc/tests/msc_vlr/msc_vlr_test_ms_t... which tests timeout explicitly. There's also an HLR timeout test in that dir. https://git.osmocom.org/openbsc/tree/openbsc/tests/msc_vlr?h=aoip There are also various LU reject causes tested in e.g. https://git.osmocom.org/openbsc/tree/openbsc/tests/msc_vlr/msc_vlr_test_hlr_...
If you'd like to refine LU reject messages, go for the vlr_2G branch (to use the OsmoNITB with a separate OsmoHLR) or the aoip branch (to use the entirely new OsmoMSC with separate OsmoSTP, OsmoHLR, OsmoBSC and a real A-interface). The aoip branch constitutes what are going to be the new osmo-msc and osmo-bsc master branches in the split repositories.
~N
-
Alexander Couzens -
Neels Hofmeyr