Hi,
The virtual layer 1 is currently in a state where the l23 app can successfully connect to the bts and most of the signaling messages will be forwarded and handled. TCH is not yet implemented.
I have some problems still, not knowing if these are caused by configuration problems or my coding :).
- Trying to initiate a call via the mobile vty will result in VTY: call 1 123 OsmocomBB# % (MS 1) % Call has been rejected call 1 123 OsmocomBB# % (MS 1) % Call has been released And no actual call setup message is transfered over the Um interface. What could be reasons for that? I am using the test-sim option the mobile app offers.
- Occasionaly the T3210 timer is fired, which causes a new registering within the network. LOG: gsm48_mm.c:336 timer T3210 (loc. upd. timeout) has fired How can i prevent that?
- I did not implement a tdma or multiframe scheduler in the mobile uplink as the logical channel is directly put to the gsmtap-header and thus known by the bts. As Harald used a multiframe based scheduling for the bts downlink, i wonder if this might be necessary, though. To submit msgs with the correct frame number for example.
- In my wireshark capture files, the gsmtap messages sent over the multicast sockets are only recognized as UDP messages. I have to "cast" them with the wireshark context menu "Decode as...". Why?
I would be super happy if someone of you could check out my project (osmo-bts, branch stumpf/virt-phy + osmocom-bb, branch stumpf/virt-phy) try to run it with the config files lying within the project folders and tell me the problems they see :).
Here you can find a wireshark capture file of 2 mobiles connecting to a virt bts. I also tried to init calls from both of them but the call setup is not send. https://www.dropbox.com/s/2ccky4ljc8ngahz/mobilex2--ms-virt--bts-virt--bsc-n...
Kind Regards, Sebastian Stumpf
Hi Sebastian,
On Sun, Feb 12, 2017 at 02:29:05PM +0100, Sebastian Stumpf wrote:
The virtual layer 1 is currently in a state where the l23 app can successfully connect to the bts and most of the signaling messages will be forwarded and handled. TCH is not yet implemented.
this is excellent news! Thanks for sticking with this and pushing it forward.
- Trying to initiate a call via the mobile vty will result in
VTY: call 1 123 OsmocomBB# % (MS 1) % Call has been rejected call 1 123 OsmocomBB# % (MS 1) % Call has been released And no actual call setup message is transfered over the Um interface. What could be reasons for that? I am using the test-sim option the mobile app offers.
I'm not sure if this is the root cause, but it seems there is some timeslot mis-matches in your traces. The Immediate Assignment contains TS 2 or TS 7, but I see Uplink frames for FACH on TS0, which is impossible (TS0 never has a channel combination with FACCH).
Also, The uplink frames don't have the Uplink bit set in the GSMTAP header. This is a bit confusing, and I think it would be a good idea to introduce some consistency/invariant checking on both sides, i.e. the BTS should drop all non-uplink frames received, and the MS should drop all uplink frames received.
I'm also surprised to see you're seeing an immediate assignment reject in downlink. This should only happen if all channels are allocated and the BTS is out of resources.
Also, in your traces, there are typically several frames that are on the same timeslot in the same GSM frame number. This is not possible (probably related to the wrong TS above?). At maximum, there can be one L2 signalling message for a given TS + FN. Also, on the real radio interface a MAC block takes typically four frames on that channel, so the actual rate is lower.
- Occasionaly the T3210 timer is fired, which causes a new registering
within the network.
well, it means that something got lost between MS and MSC for such a long time (between sending the LU REQ and receving a response) that the MS gives up.
LOG: gsm48_mm.c:336 timer T3210 (loc. upd. timeout) has fired How can i prevent that?
The underlying problem must be resolved. On the simulated L1 you shouldn't loose messages, so this shouldn't happen if all messages arrive as expected on both sides.
- I did not implement a tdma or multiframe scheduler in the mobile
uplink as the logical channel is directly put to the gsmtap-header and thus known by the bts. As Harald used a multiframe based scheduling for the bts downlink, i wonder if this might be necessary, though. To submit msgs with the correct frame number for example.
It is primarily a question of how real the simulation should be. By using a multiframe scheduler one can make sure that the actual bandwidth/speed of GSM is maintained even over a virtual L1. Also, on the BTS side it must be present to schedule the BCCH (system information, ...) without which a MS would never even see the cell.
I think one can do without on the MS side, but then the BTS must basically queue the incoming frames until the respective frame number indicated in the frame matches the current frame number.
- In my wireshark capture files, the gsmtap messages sent over the
multicast sockets are only recognized as UDP messages. I have to "cast" them with the wireshark context menu "Decode as...". Why?
This seems because you're using a non-standard port for the messages: In the capture I see UDP port 6666 rather than the IANA-registered port for GSMTAP which is 4729.
I would be super happy if someone of you could check out my project (osmo-bts, branch stumpf/virt-phy + osmocom-bb, branch stumpf/virt-phy) try to run it with the config files lying within the project folders and tell me the problems they see :).
I'll have a look, but not straight away now, sorry.
Here you can find a wireshark capture file of 2 mobiles connecting to a virt bts. I also tried to init calls from both of them but the call setup is not send.
Already the LU is not working stable, so I think the first step is to stabilize this. You can see in packet 740 that the MS is sneding a LU Req, which the BTS forwards in frame 741 as RSL message to the NITB.
The NITB then responds with an IDENTITY REQUEST which can be seen on RSL but which seems to disappear in the BTS without being ever sent on the virtual Um interface. As a result, the MS never sends the identity response, and the NITB will give up.
I also see that the RACH requesets all are sent with a bogus frame number: 42. This will not work. The RACH request needs to be sent with the current frame number at the time being. Also, RACH retransmissions are happening way too quick. See Packets 600...644 where there are 7 RACH requests all within soemething like 10ms. The BTS then allocates 7 channels rather than one, ...
So I think those lower-layer issues should be addressed before moving on to voice calls.
Keep up the good work!
Regards, Harald
Hi Harald,
thanks for the detailed response.
I also see that the RACH requesets all are sent with a bogus frame number: 42. This will not work. The RACH request needs to be sent with the current frame number at the time being.
I fixed that and calculate the proper rach fn like in https://github.com/osmocom/osmocom-bb/blob/master/src/target/firmware/layer1... .
Also, RACH retransmissions are happening way too quick.
Calculating a proper frame number didn't fix the fast retransmissions. They are caused by sending the channel request over the virtual um immediately after getting the rach-request from layer23. Thus also the rach-confirm is sent to l23 immediately, so layer23 thinks "oh fine its already transmitted" and will generate the next rach-request for my layer 1.
I think one can do without on the MS side, but then the BTS must basically queue the incoming frames until the respective frame number indicated in the frame matches the current frame number.
I think to fix the problem with the quick retransmission , I need some type of scheduling. Because if I queue the incoming uplink-msgs in the bts-virtual-layer1 instead, I don't know when they are processed on the ms side and thus don't know when to send the rach-confirm to layer23...
My idea for a simple scheduler would be: -- no timing and timer interrupts on ms side, but just set the current fn in the ms state each time we receive a message on downlink to the fn of the received message, which is accessible in the gsmtap header. -- queue the outgoing uplink messages with their confirm callback to l2 and process all that with a smaller fn than the current fn in the scheduling function. -- calling the scheduling function each time we receive a msg on downlink (so I do not need to handle timer interrupts)
I hope that will be sufficent and try it out tomorrow. I am a bit afraid of trouble caused by the frame number skipping values with the upper incrementation logic.
With kind regards, Sebastian Stumpf
Hi Sebastian,
On Sun, Feb 19, 2017 at 06:16:01PM +0100, Sebastian Stumpf wrote:
I also see that the RACH requesets all are sent with a bogus frame number: 42. This will not work. The RACH request needs to be sent with the current frame number at the time being.
I fixed that and calculate the proper rach fn like in https://github.com/osmocom/osmocom-bb/blob/master/src/target/firmware/layer1...
good.
Also, RACH retransmissions are happening way too quick.
Calculating a proper frame number didn't fix the fast retransmissions. They are caused by sending the channel request over the virtual um immediately after getting the rach-request from layer23. Thus also the rach-confirm is sent to l23 immediately, so layer23 thinks "oh fine its already transmitted" and will generate the next rach-request for my layer 1.
i see. the confirmation should probably be delayed somehow. As a quick intermediate hack you might simply add a timer.
I think one can do without on the MS side, but then the BTS must basically queue the incoming frames until the respective frame number indicated in the frame matches the current frame number.
I think to fix the problem with the quick retransmission , I need some type of scheduling. Because if I queue the incoming uplink-msgs in the bts-virtual-layer1 instead, I don't know when they are processed on the ms side and thus don't know when to send the rach-confirm to layer23...
My idea for a simple scheduler would be: -- no timing and timer interrupts on ms side, but just set the current fn in the ms state each time we receive a message on downlink to the fn of the received message, which is accessible in the gsmtap header.
yes, that makes sense.
-- queue the outgoing uplink messages with their confirm callback to l2 and process all that with a smaller fn than the current fn in the scheduling function.
yes, but please keep in mind that the frame number is wrapping every so often, so "smaller" must consider that modulo-arithmetic, or you will (after fn wrap) have pending downlink messages for much higher fn which are not sent as the wrapped fn is now very small.
-- calling the scheduling function each time we receive a msg on downlink (so I do not need to handle timer interrupts)
yes. I think it is reasonable to not have any actual timers on the ms side and always depend on the frame numbers in the downlink messages from the BTS. After all, in the worst case you have periodic messages like the BCCH messages that can be used to update the fn.
I hope that will be sufficent and try it out tomorrow. I am a bit afraid of trouble caused by the frame number skipping values with the upper incrementation logic.
I don't think skips are that problematic. But then, I haven't tried it ;)
Hi Harald,
here is an update on the virt-phy (and some more problems ;)).
I implemented the simple scheduler and it seems to work fine. I was happy to find the assignment of channels to their respective frame in the mframe in https://github.com/osmocom/osmocom-bb/blob/master/src/target/firmware/layer1... and used that to calculate the fn the messages should be scheduled in.
Thanks to your suggestions I could also fix some errors and produced a new capture file. https://www.dropbox.com/s/145w5c5kqwlk5ey/mobile--ms-virt--bts-virt--bsc-nit...
I come some steps further but are still having trouble to:
Send an sms to myself using the extension assigned to my ms from osmo-nitb (see 2341 in cap-file). VTY: sms 1 12 "Hallo zusammen" OsmocomBB# % (MS 1) % SMS to 12 failed: Semantically Incorrect Message
Call myself (11851 in cap file) VTY: OsmocomBB# call 1 12 OsmocomBB# % (MS 1) % Call has been released
Losing RR connection after some time. LOG-mobile: Tue Feb 28 17:16:35 2017 DRR <0001> gsm48_rr.c:662 MON: no cell info LOG-virt-phy: Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 0d 00 00 00 01 00 00 00 Tue Feb 28 17:16:34 2017 DL1C Received and handled from l23 - L1CTL_RESET_REQ (type=FULL) Tue Feb 28 17:16:34 2017 DL1C Sending to l23 - L1CTL_RESET_CONF (reset_type: 1) Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 08 00 00 00 01 00 00 00 00 00 00 7c Tue Feb 28 17:16:34 2017 DL1C Received from l23 - L1CTL_PM_REQ TYPE=1, FROM=0, TO=124 Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 08 00 00 00 01 00 00 00 00 80 00 fb Tue Feb 28 17:16:34 2017 DL1C Received from l23 - L1CTL_PM_REQ TYPE=1, FROM=128, TO=251 Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 08 00 00 00 01 00 00 00 02 00 02 99 Tue Feb 28 17:16:34 2017 DL1C Received from l23 - L1CTL_PM_REQ TYPE=1, FROM=512, TO=665 Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 08 00 00 00 01 00 00 00 02 9b 03 75 Tue Feb 28 17:16:34 2017 DL1C Received from l23 - L1CTL_PM_REQ TYPE=1, FROM=667, TO=885 Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 08 00 00 00 01 00 00 00 03 bb 03 ff Tue Feb 28 17:16:34 2017 DL1C Received from l23 - L1CTL_PM_REQ TYPE=1, FROM=955, TO=1023 Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 08 00 00 00 01 00 00 00 82 00 83 2a Tue Feb 28 17:16:34 2017 DL1C Received from l23 - L1CTL_PM_REQ TYPE=1, FROM=33280, TO=33578 Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 0d 00 00 00 01 00 00 00 Tue Feb 28 17:16:34 2017 DL1C Received and handled from l23 - L1CTL_RESET_REQ (type=FULL) Tue Feb 28 17:16:34 2017 DL1C Sending to l23 - L1CTL_RESET_CONF (reset_type: 1) Tue Feb 28 17:16:34 2017 DL1C Message incoming from layer 2: 01 00 00 00 83 2a 00 64 27 10 03 20 03 07 00 00 3f Tue Feb 28 17:16:34 2017 DL1C Received and handled from l23 - L1CTL_FBSB_REQ (arfcn=33578, flags=0x7)
What I do not understand here is why I get a full power measurement request from mobile although I did set a fixed arfcn in the config. And of course a fbsb req for arfcn 33578 seems simply wrong...
Next step after fixing the false fbsb request from l23 would be to add a second mobile and then try to get the mobile originated call to work.
Of course i would be happy about other suggestions :).
With kind regards, Sebastian Stumpf
Hi Sebastian,
On Tue, Feb 28, 2017 at 06:29:20PM +0100, Sebastian Stumpf wrote:
I implemented the simple scheduler and it seems to work fine. I was happy to find the assignment of channels to their respective frame in the mframe in https://github.com/osmocom/osmocom-bb/blob/master/src/target/firmware/layer1... and used that to calculate the fn the messages should be scheduled in.
good to hear.
I come some steps further but are still having trouble to:
Send an sms to myself using the extension assigned to my ms from osmo-nitb (see 2341 in cap-file). VTY: sms 1 12 "Hallo zusammen" OsmocomBB# % (MS 1) % SMS to 12 failed: Semantically Incorrect Message
The establishment from 2341 looks fine: * we first establish SAPI0 (signalling) on the SDCCH * we then establish SAPI3 (SMS) on the same SDCCH (SABM/UA) * we see The CP-DATA RP-DATA with the SMS-SUBMIT * we get an CP-ACK from the network
Then the network tells us the SMS was semantically incorrect. This is a problem at a much higher level. I would expect this to also be the case if you used a real layer1 between an OsmocomBB phone and a BTS on the network side.
from looking at the wireshark trace I cannot immediately identify an issue. I guess you need to 'logging enable sms debug' on the NITB and see if it tells you where/why it fails.
Call myself (11851 in cap file) VTY: OsmocomBB# call 1 12 OsmocomBB# % (MS 1) % Call has been released
Ok, in 11445-11449 we see the RACH/CHAN_RQD/IMM.ASS, which assigns Timeslot 7 to the MS.
In 11466 we see the CM SERV REQ on the Um inteface, in 11470 on the Abis interface.
In 11470 we see the BSC responding with CM SERV ACC, in 11475 this is forwaded over the Um inteface.
However, the MS never reacts to it.
Also, what's noteworthy (but likely unrelated) is that the BTS is sending empty idle/padding frames on the TS7 all the time (those containing 0x2b2b2b2b) but the MS is not doing that in uplink.
In 11546 the CM SERV REQ is re-transmitted in a SABM frame, which is again acknowledged in the UA frame in 11548. So the BTS is doing everything correctly (it seems) but the MS somehow doesn't receive the UA (on LAPDm layer) nor the CM SERVICE ACCEPT (on layer 3 MM)
As you can see there is no RSL communication this time, as it is just simply re-transmission on the LAPDm layer between BTS and MS.
Losing RR connection after some time.
This is likely a result of the MS somehow not receiving/processing the downlink signalling messages.
you could start a cell without any SDCCH to test if pure signalling works on TCH/FACCH at all. If you cannot even do a location update anymore, the problem is in the TCH/FACCH receiving code. If you can perform LU over TCH, the problem becomes more mysterious ;)
What I do not understand here is why I get a full power measurement request from mobile although I did set a fixed arfcn in the config.
maybe neighbor cell measurement reporting?
And of course a fbsb req for arfcn 33578 seems simply wrong...
This is 0x832A which translates to ARFCN 810 decimal, with the highest bit set for (if I remember correctly) PCS? or Uplink/Downlink bit? In any case, the highest bit of the 16bit value is used for something else, check the code :P
Next step after fixing the false fbsb request from l23 would be to add a second mobile and then try to get the mobile originated call to work.
I think there's a problem with TCH/FACCH that needs to be resolved first, see above.
But anyway, there's good progress and I'm happy you're pushing forward with this! I think a virtual L1 is a very useful foundation for all kinds of automatic testing of the higher protocol layers, in a way that everyone can execute, even without a real-world setup of BTSs and MSs.
Regards, Harald
Hi Harald,
This is likely a result of the MS somehow not receiving/processing the downlink signalling messages. [on TCH]
I found the reason for that. I thought I need to forward incoming messages on TCH/H TCH/F as L1CTL_TRAFFIC_IND if the ACCH flag is not set in the GSMTAP header channel type. But in case of a msg on FACCH this is wrong and needs to be L1CTL_DATA_IND. As the CM Service Accept is sent on FACCH it was not forwarded correctly to l23 and thus not processed.
Unfortunately I do not know, how to distinguish FACCH from TCH based on the information available in the GSMTAP messages. The stealing flag indicating a FACCH is set before and after the training sequence in the burst I think, but this info is no longer available in the msg as it is sent over the virtual um.
Or do I miss something here?
Do you have an idea how to check if the msg is TCH or FACCH?
Also, what's noteworthy (but likely unrelated) is that the BTS is sending empty idle/padding frames on the TS7 all the time (those containing 0x2b2b2b2b) but the MS is not doing that in uplink.
That's because I just implemented some kind of one time scheduler. If I do not get frames/data to schedule from the upper layer for a tdma slot, I currently do not have any logic that fills these up with empty/idle frames. Seems as if I need this, though.
Thanks a lot for your support, I am glad you are taking the time to help me out :).
With kind regards, Sebastian Stumpf
Hi Sebastian,
On Fri, Mar 03, 2017 at 05:56:09PM +0100, Sebastian Stumpf wrote:
This is likely a result of the MS somehow not receiving/processing the downlink signalling messages. [on TCH]
I found the reason for that. I thought I need to forward incoming messages on TCH/H TCH/F as L1CTL_TRAFFIC_IND if the ACCH flag is not set in the GSMTAP header channel type. But in case of a msg on FACCH this is wrong and needs to be L1CTL_DATA_IND. As the CM Service Accept is sent on FACCH it was not forwarded correctly to l23 and thus not processed.
Unfortunately I do not know, how to distinguish FACCH from TCH based on the information available in the GSMTAP messages.
the reaseon for that is simple: We never forwarded actual traffic/user data in GSMTAP so far, only signalling messages. So for now, it is safe to assume that all TCH data is FACCH. GSMTAP will have to be extended with a new channel type if we want to carry voice frames later on.
That's because I just implemented some kind of one time scheduler. If I do not get frames/data to schedule from the upper layer for a tdma slot, I currently do not have any logic that fills these up with empty/idle frames. Seems as if I need this, though.
I think it is needed sooner or later, as the BTS will consider the radio channel dead if it doesn't receive anything. Also, it will probably think the radio quality is very poor? At the very least the SACCH must be present in uplink. But maybe not the most important bit right now.
If you have to go for a full scheduler sooner or later, I think it's worth to "abstract out + recycle" either the scheduler tables from OsmocomBB layer1 (but I think they're very calypso specific?), or those from OsmoBTS, so one set of scheduling tables can be used in multiple places.
Thanks a lot for your support, I am glad you are taking the time to help me out :).
I'm happy if I can help your progress.
Regards, Harald
-
Harald Welte -
Sebastian Stumpf