Hello guys,
While I'm still busy with understanding the OpenBSC sourcecodes and GSM protocols, I wonder if it's possible to control the nanoBTS's transmissionpower. If some additional code is needed, I'd like to give a try with some hints or directions to look at. Thank you.
On Thu, May 28, 2009 at 12:36:49PM +0200, Nordin wrote:
Hello guys,
While I'm still busy with understanding the OpenBSC sourcecodes and GSM protocols, I wonder if it's possible to control the nanoBTS's transmissionpower. If some additional code is needed, I'd like to give a try with some hints or directions to look at.
Unfortunately we don't know this, as we don't have the ip.access protocol documentation. As far as I know, there is no standard command for altering power levels.
You might be able to control the _initial_ BS power by setting some TRX or BTS attributes related to that. But it is my understanding that after the initial power level, the BS will adjust the power itself on every dedicated channel.
Thanks for your response Harald,
Well I read in the mailinglist with the title: BS-11 runs, but no Network on my Mobile, date: Thu Apr 2 18:03:24 CEST 2009 about modifying the TRX power for the BS-11, so I could try that too for the ip.acces?
Isn't it a bad idea to add abis_nm_bs11_set_trx_power(&bts->trx[0], BS11_TRX_POWER_GSM_250mW); in the bootstrap sequence? It won't harm if one tries right?
Harald Welte schreef:
On Thu, May 28, 2009 at 12:36:49PM +0200, Nordin wrote:
Hello guys,
While I'm still busy with understanding the OpenBSC sourcecodes and GSM protocols, I wonder if it's possible to control the nanoBTS's transmissionpower. If some additional code is needed, I'd like to give a try with some hints or directions to look at.
Unfortunately we don't know this, as we don't have the ip.access protocol documentation. As far as I know, there is no standard command for altering power levels.
You might be able to control the _initial_ BS power by setting some TRX or BTS attributes related to that. But it is my understanding that after the initial power level, the BS will adjust the power itself on every dedicated channel.
Hi,
I tried it a few weeks ago, you don't need to do anything to have the ip.access BTS transmit. You don't actually control the output power of the BTS but the attenuation of the signal (from 0 to 12 2dB step).
Regards
Roch.
Nordin wrote:
Thanks for your response Harald,
Well I read in the mailinglist with the title: BS-11 runs, but no Network on my Mobile, date: Thu Apr 2 18:03:24 CEST 2009 about modifying the TRX power for the BS-11, so I could try that too for the ip.acces?
Isn't it a bad idea to add abis_nm_bs11_set_trx_power(&bts->trx[0], BS11_TRX_POWER_GSM_250mW); in the bootstrap sequence? It won't harm if one tries right?
Harald Welte schreef:
On Thu, May 28, 2009 at 12:36:49PM +0200, Nordin wrote:
Hello guys,
While I'm still busy with understanding the OpenBSC sourcecodes and GSM protocols, I wonder if it's possible to control the nanoBTS's transmissionpower. If some additional code is needed, I'd like to give a try with some hints or directions to look at.
Unfortunately we don't know this, as we don't have the ip.access protocol documentation. As far as I know, there is no standard command for altering power levels.
You might be able to control the _initial_ BS power by setting some TRX or BTS attributes related to that. But it is my understanding that after the initial power level, the BS will adjust the power itself on every dedicated channel.
On Wed, Jun 03, 2009 at 05:48:12PM +0200, Nordin wrote:
Thanks for your response Harald,
Well I read in the mailinglist with the title: BS-11 runs, but no Network on my Mobile, date: Thu Apr 2 18:03:24 CEST 2009 about modifying the TRX power for the BS-11, so I could try that too for the ip.acces?
Isn't it a bad idea to add abis_nm_bs11_set_trx_power(&bts->trx[0], BS11_TRX_POWER_GSM_250mW); in the bootstrap sequence? It won't harm if one tries right?
go ahead and try, but I would bet on just about anything that it does not work. Those are vendor-specific proprietary extensions of 12.21. Values defined by Siemens have no significance whatsoever for ip.access
Well I guess you're right. I modified the source as suggested and tried it out. But there was no difference.
The reason I want to boost up its transmitpower, is because I wanted to test the handover. If our nanoBTS acts like a commercial provider I just see one MS trying to register to our nanoBTS. This is because it's just a meter away from our bts, while my mobile (an HTC Artemis) doesn't register to our bts with a distance of less than 10 m. Even when I switch off and on, while I'm just a meter away of our bts, my mobile somehow keeps registering to the real provider (I tested by simply calling someone).
Another interesting thing is, if I simulate a total different provider, which doesn't exist here, I can easely find our bts, with manual search. Also the MS seems to have its own database of all the country codes, networkcodes and its belonging providernames. I thought the BSC sends these information to the MS and the MS checks it with SIM data. (But that;s off-topic).
Greetings.
2009/6/3 Harald Welte laforge@gnumonks.org
On Wed, Jun 03, 2009 at 05:48:12PM +0200, Nordin wrote:
Thanks for your response Harald,
Well I read in the mailinglist with the title: BS-11 runs, but no Network on my Mobile, date: Thu Apr 2 18:03:24 CEST 2009 about modifying the TRX power for the BS-11, so I could try that too for the ip.acces?
Isn't it a bad idea to add abis_nm_bs11_set_trx_power(&bts->trx[0], BS11_TRX_POWER_GSM_250mW); in the bootstrap sequence? It won't harm if one tries right?
go ahead and try, but I would bet on just about anything that it does not work. Those are vendor-specific proprietary extensions of 12.21. Values defined by Siemens have no significance whatsoever for ip.access
--
- Harald Welte laforge@gnumonks.org
============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
On Wed, Jun 03, 2009 at 10:40:18PM +0200, Nordin Bouchtaoui wrote:
Well I guess you're right. I modified the source as suggested and tried it out. But there was no difference.
The reason I want to boost up its transmitpower, is because I wanted to test the handover.
There is certainly no way to 'boost' the power from the nanoBTS, since it is specified to something like 250mW max output power. The BS-11 has 3W max output.
Even when I switch off and on, while I'm just a meter away of our bts, my mobile somehow keeps registering to the real provider (I tested by simply calling someone).
That's quite obvious if you understand the details of the cell selection algorithm. If you've been registered to an actual cell of the operator before, then that ARFCN/LAC is stored on the SIM card even when you shut off the phone.
So the phone will first try to register to that cell again before scanning the entire band.
Another interesting thing is, if I simulate a total different provider, which doesn't exist here, I can easely find our bts, with manual search.
of course.
Also the MS seems to have its own database of all the country codes, networkcodes and its belonging providernames. I thought the BSC sends these information to the MS and the MS checks it with SIM data. (But that;s off-topic).
The BTS only sends numeric ID's in the BCCH. Only _after_ you register, the BTS (well, actually the BSC) sends a MM INFO message with the string-name of the network.
So yes, typically the translation of mcc/mnc happens in a table on the SIM card, and if that fails in a table that is included at compile time into the GSM firmware of the handset.
That's quite obvious if you understand the details of the cell selection algorithm. If you've been registered to an actual cell of the operator before, then that ARFCN/LAC is stored on the SIM card even when you shut off the phone.
So the phone will first try to register to that cell again before scanning the entire band.
Ahaa, that's an important detail I have missed! Thank you ;-)
Hi,
Another thing: if your mobile phone is set to auto it will always register on its home network (if available) even if the signal of your basestation is far stronger.
Roch.
Nordin wrote:
That's quite obvious if you understand the details of the cell selection algorithm. If you've been registered to an actual cell of the operator before, then that ARFCN/LAC is stored on the SIM card even when you shut off the phone.
So the phone will first try to register to that cell again before scanning the entire band.
Ahaa, that's an important detail I have missed! Thank you ;-)
Hi Roch,
Another thing: if your mobile phone is set to auto it will always register on its home network (if available) even if the signal of your basestation is far stronger.
Can you specify home network? Cause according to Harald and Dieter, a MS saves the latest ARFCN, LAC, TMSI and some other parameters in the SIM in a so called Elementary Files (yes, time to time I do my homework :p ). And since a mobilephone is suppose to be mobile, than "home network" makes no sense to me. But maybe I missed a chapter about how GSM works.
Hi Nordin,
The Sim card contains the MCC/MNC of your home network (along with a list of preferred and banned networks).
Roch.
Nordin wrote:
Hi Roch,
Another thing: if your mobile phone is set to auto it will always register on its home network (if available) even if the signal of your basestation is far stronger.
Can you specify home network? Cause according to Harald and Dieter, a MS saves the latest ARFCN, LAC, TMSI and some other parameters in the SIM in a so called Elementary Files (yes, time to time I do my homework :p ). And since a mobilephone is suppose to be mobile, than "home network" makes no sense to me. But maybe I missed a chapter about how GSM works.
On Thu, Jun 04, 2009 at 12:45:36PM +0200, Nordin wrote:
Hi Roch,
Another thing: if your mobile phone is set to auto it will always register on its home network (if available) even if the signal of your basestation is far stronger.
Can you specify home network?
the network that has issued the sim card. technically: the network with the MCC and MNC of the IMSI of th SIM.
Harald Welte schreef:
On Thu, Jun 04, 2009 at 12:45:36PM +0200, Nordin wrote:
Hi Roch,
Another thing: if your mobile phone is set to auto it will always register on its home network (if available) even if the signal of your basestation is far stronger.
Can you specify home network?
the network that has issued the sim card. technically: the network with the MCC and MNC of the IMSI of th SIM.
Yes, that's obvious. But if my BTS has the same ARFCN, besides the MCC and the MNC, as the mobile has tuned to, than it's possible that the mobile tries to register to my BTS. That's why I think our gsm-module (gsm for our servers) automatically tries to register to my BTS. A nice detail, after 4 times, the gsm-module stops trying to register to our BTS. I guess, that's an algorithm (maybe vendor-specific), to search for other available channels (ARFCNs).
On Thu, Jun 04, 2009 at 02:49:21PM +0200, Nordin wrote:
Harald Welte schreef:
On Thu, Jun 04, 2009 at 12:45:36PM +0200, Nordin wrote:
Hi Roch,
Another thing: if your mobile phone is set to auto it will always register on its home network (if available) even if the signal of your basestation is far stronger.
Can you specify home network?
the network that has issued the sim card. technically: the network with the MCC and MNC of the IMSI of th SIM.
Yes, that's obvious. But if my BTS has the same ARFCN, besides the MCC and the MNC, as the mobile has tuned to, than it's possible that the mobile tries to register to my BTS.
Also don't forget to make sure the BSIC and possibly even TSC is the same.
That's why I think our gsm-module (gsm for our servers) automatically tries to register to my BTS. A nice detail, after 4 times, the gsm-module stops trying to register to our BTS. I guess, that's an algorithm (maybe vendor-specific), to search for other available channels (ARFCNs).
it's very clearly specified in the GSM specs into every possible detail. I don't remember which one, though.
On Thursday 04 June 2009 13:45:36 Nordin wrote:
Can you specify home network? Cause according to Harald and Dieter, a MS saves the latest ARFCN, LAC, TMSI and some other parameters in the SIM in a so called Elementary Files (yes, time to time I do my homework :p ). And since a mobilephone is suppose to be mobile, than "home network" makes no sense to me. But maybe I missed a chapter about how GSM works.
Yes, this would be intresting. If you could hack your sim preferred ROAMing list and the home network, then it would always pick your own BTS when you're close it?
I'm afraid that sounds bit too good to be possible.
Tuju
hello,
* Juha Tuomala Juha.Tuomala@iki.fi [2009-06-04 15:34]:
On Thursday 04 June 2009 13:45:36 Nordin wrote:
Can you specify home network? Cause according to Harald and Dieter, a MS saves the latest ARFCN, LAC, TMSI and some other parameters in the SIM in a so called Elementary Files (yes, time to time I do my homework :p ). And since a mobilephone is suppose to be mobile, than "home network" makes no sense to me. But maybe I missed a chapter about how GSM works.
Yes, this would be intresting. If you could hack your sim preferred ROAMing list and the home network, then it would always pick your own BTS when you're close it?
I'm afraid that sounds bit too good to be possible.
would it make sense to programm own SIM cards? I found eq this shop: http://www.sim-max.biz/store/catalog.php and I'm sure, there are more shops with blanko SIMs and programmer hw.
Sure it is more easy when a T-D1, Vodafone or other official SIM could join a openbsc cell, but so we could make an other part of GSM for ourselves - the SIM.
Hello guys,
Antoher interesting thing I found, is when trying to force the mobile to register to the nanoBTS by simulating a commecrial provider, the classic mobilephones like a Nokia 6230, 6310i or a Siemens MC 60 do register to the nanoBTS. But PocketPCs like the HTCs (artemis, Diamond Touch, Qtek9090 and others of the same factory) just loses its signal or refuses to change bts.
I haven't tested more mobilephones yet, but it's a bit strange that untill now it's succesful with normal mobilephones, but not with PDAs with integrated gsm module. Maybe the PDAs also checks for the availability of GPRS before registering to the BTS? I don't know if that kind of information is provided in the Broadcast channel (BCCH). I'll check it out.
regards,
Nordin.
-
Benjamin Hagemann -
Harald Welte -
Juha Tuomala -
Nordin -
Nordin Bouchtaoui
-
Roch