mobile and triggering UL while in state C7/A4?

Holger Freyther holger at freyther.de
Tue May 29 14:17:59 UTC 2018


Hey,

so while trying to load test a system (using virtual-phy, osmo-bts-virtual) I noticed that the average time for the first UL to succeed is quite high. After some digging it turns out it is the "mobile" behavior and not the RAN. The nice thing about mobile is it tries to follow the GSM state machines, the bad thing is I don't know what the correct behavior is!


What happens (ignoring that most of it is async)?

* mobile starts
* PLMN search starts
* For some bad luck no arfcn is found.
* The system enters the C6 state
* It makes another search, finds an arfcn, selects a cell, starts a timer, C7 state entered
* An UL is attempted and blocked by "mobile" (GSM322_EVENT_REG_FAILED sent)
* The any timer times out (30s, statically initialized)
* PLMN search starts
* A cell is found...
* ...
* An UL is attempted and not blocked.


Compressed logs:
<0003> gsm322.c:834 new state 'PLMN search' -> 'C0 null'
<0002> gsm322.c:3823 (ms 00003) Event 'EVENT_PLMN_SEARCH_END' for automatic PLMN selection in state 'A0 null'
..
<0002> gsm322.c:811 new state 'A0 null' -> 'A4 wait for PLMN to appear'

<....>

<0003> gsm322.c:834 new state 'C6 any cell selection' -> 'C0 null'
<0002> gsm322.c:3823 (ms 00003) Event 'EVENT_NO_CELL_FOUND' for automatic PLMN selection in state 'A4 wait for PLMN to appear'

<...>
<0005> gsm48_mm.c:4312 (ms 00003) Received 'MM_EVENT_NO_CELL_FOUND' event in state MM IDLE, no cell available


<0003> gsm322.c:479 Sync to ARFCN=514(DCS) rxlev=-63 (No sysinfo yet, ccch mode NONE)
...
<0003> gsm322.c:2719 Received relevant sysinfo.
<0003> gsm322.c:713 stopping pending CS timer.
...
<000e> gsm322.c:3415 Camping on any cell (ARFCN=514(DCS) mcc=001 mnc=01  Test, Test)
<0003> gsm322.c:725 Starting 'any cell selection' timer with 30 seconds.
<0003> gsm322.c:834 new state 'C6 any cell selection' -> 'C7 camped on any cell'
<0005> gsm48_mm.c:4312 (ms 00003) Received 'MM_EVENT_CELL_SELECTED' event in state MM IDLE, no cell available
<0005> gsm48_mm.c:905 new MM IDLE state no cell available -> location updating needed
<0005> gsm48_mm.c:905 new MM IDLE state location updating needed -> attempting to update
<0005> gsm48_mm.c:424 starting T3212 (periodic loc. upd. delay) with 1800 seconds
<0005> gsm48_mm.c:2228 Loc. upd. not allowed. <---- dropped!!!
<0002> gsm322.c:3823 (ms 00003) Event 'EVENT_REG_FAILED' for automatic PLMN selection in state 'A4 wait for PLMN to appear'
<0002> gsm322.c:3830 Event unhandled at this state.

<...> 30s timeout here..

<0003> gsm322.c:3307 'Any cell selection timer' timed out. Starting special search to find allowed PLMNs.
<0003> gsm322.c:834 new state 'C7 camped on any cell' -> 'ANY search'


What do the specs say?

GSM 03.22 define the C states (and refers to 05.08):

	• C6  Any Cell Selection - This is where the MS is unable to camp normally on any cell of the selected PLMN, or cannot obtain service because of certain responses to a location registration (LR) attempt. It is searching for a cell of any PLMN to camp on (so that emergency calls can be made).

	• C7  Camped on any Cell - This is where the MS has camped on a cell irrespective of its PLMN identity, so that emergency calls can be made.


3gpp 23.122 defines the A states:

	• A4  Wait for PLMNs to appear - There are no allowable and available PLMNs at present and the MS is waiting for one to appear.


GSM 05.08:

For the cell selection, the MS shall be able to select the correct (fourth strongest) cell and be able to respond to paging on that cell within 30 seconds of switch on, when the three strongest cells are not suitable. This assumes a valid SIM with PIN disabled and ideal radio conditions. This requirement is not applicable for multi-RAT mobile stations.

The tolerance on all the timing requirements in clause 6 is ± 10 %, except for PENALTY_TIME where it is ± 2 s.




What makes sense:

Unfortunately the commit adding the check to gsm48_mm_loc_upd_normal doesn't answer why in specific this was done. Given the GSM 05.08 the timeout of 30s seems too high by itself. As a first approximation I intend to make it configurable.


I am not sure how to fix as I don't find the spec reference. Do you?

One constraint of GSM 03.22 is to save battery when not finding a network but I don't find a clear answer when to leave C7. In GSM 05.08 I couldn't find what I was searching for either. So maybe power scans are better than attempting a UL but maybe we can try to do a UL earlier if the "any" PLMN looks like our HPLMN? Or do gsm48_mm_loc_upd_normal when in GSM322_C7_CAMPED_ANY_CELL..

What do you think?


	holger





More information about the baseband-devel mailing list