目錄
文章目錄
前言
前段時間筆者去北京郵電大學參加了今年冬季的 OpenAirInterface Workshop Fall 2019,收獲頗豐。尤其是對 Mosaic5G 演示的通過 Ubuntu Snap 來快速部署 OAI All-In-One 實驗環境的方式印象深刻。Ubuntu Snap 部署方式的優點是快速便捷,適合新手入門體驗 OAI,或者非通信專業人士搭建方案驗證環境。但並不適合 OAI 開發者。本文主要是對 Ubuntu Snap 部署方式進行驗證以及對 4G LTE/EPC 的實踐學習。
注:下文部分內容摘自 PPT 《FlexRAN-Training》
硬件設備要求
運行平台
建議在 Intel x86 架構上運行 OAI,因為 DSP(數字信號處理器)需要大量使用到整數指令集(SSE, SSE2, SSS3, SSE4, and AVX2)。OAI 在以下 CPU 型號完成了測試:
- Generation 3/4/5/6 Intel Core i5, i7
- Generation 2/3/4 Intel Xeon
- Intel Atom Rangeley, E38xx, x5-z8300
除了常見的 PC 之外,筆者也看見過有人在 UP Board(Intel Atom x5-Z8350 四核 CPU,4GB RAM,64GB eMMC)上跑。至於樹莓派(Raspberry Pi)是不建議的,首先因為樹莓派采用的是 ARM Cortex-A72 架構 CPU ,然后樹莓派 4 才引入了 USB 3.0,這意味着舊版本的樹莓派並不支持常見的 USRP RF 外設。簡而言之,個人實驗建議使用新一點的 PC。如果想做移動基站的話則可以考慮 UP Board。
- UP Board
- Raspberry Pi 4 Model B
RF 外設
總得來說,OAI 同時支持空口外設(硬件外設支持)和系統級仿真(純軟件)兩種部署方式。有條件的話,筆者推薦入手 RF 外設,整體運行情況相對穩定,也更感性直觀。同時可以選擇的 RF 外設也很多,例如:USRP 系列或者 LimeSDR。筆者使用了是非官方版本的 USRP B210,便宜好用。
關於 USRP B210 更詳細的介紹,請瀏覽《USRP B210 軟件定義的無線網絡支撐設備》。
- USRP B210
- LimeSDR
可編程 SIM 卡
在使用 RF 外設部署的場景中也有兩種不同的 UE 側部署方式,一種是使用 SIM 卡 + 手機的組合,另一種則是使用 PC + RF 外設模擬手機的組合。
當然了,除了在調試 UE 側功能實現的場景中,后者則顯得沒有必要了。筆者也使用了前一個部署方式,需要 3 個要素:
- 可編程的 SIM 卡(白卡)
- SIM 卡讀寫設備
- SIM 卡編程軟件
白卡推薦使用德國 Sysmocom 產的 sysmoUSIM-SJS1,這種卡在國內是很少見的,可以上 taobao 或 xianyu 碰碰運氣。需要注意的有兩點,第一是首選新卡,否則 OAI 可能不支持;第二是購買時要確認白卡是具有 ADM key 的。關於 SIM 卡的詳細信息可以瀏覽《讀寫可編程 SIM/USIM 卡》。不推薦使用常規的移動、聯通、電信卡,實際上筆者也沒有測試過是否可行,但聽說是有些問題。
至於 SIM 卡讀寫設備選擇就很多了,筆者選擇的是 Omnikey CardMan 3121 USB CCID Reader,這個是 sysmoUSIM 官方文檔推薦的讀寫設備,taobao 可購。需要注意的是,Omnikey 只是一個讀寫外設,具體的讀寫操作、管理還需要使用到額外 SIM 卡編程軟件,在 Linux 操作系統上推薦使用 pySIM。關於 Omnikey + pySIM 的組合還有一個坑,就是要使用 Ubuntu 18.04,否則可能會遇見由於驅動缺失導致發現不了 Omnikey 設備的情況,這個在后文中有詳細記錄。Windows 操作系統可以考慮 SIM Personalize tools,不過這個工具也比較認白卡,有些新卡可能就只讀不寫了。
UE 終端
上面也提到了 UE 終端可以使用手機也可以使用 PC 模擬,但現在 OAI 的 UE 仿真很不太穩定,不是一個好的選擇。至於手機的選擇也有講究,要注意手機的 Band(頻段)和 eNB 的 Band 是一致的,否則手機無法搜索到你的 “網絡運營商”。因為有些國產手機是不支持某些國外 Band 的,比如小米 5 就對國外的 Band7 支持得不完整。如果你選擇了默認的 Band7 來部署 eNB(查看 eNB 配置文件中的配置項 eutra_band,e.g. eutra_band=7),那么就可能會出現問題。通常大廠的手機沒有這個問題,但如果遇見了不妨檢查一下。
- 三星 Note8 的頻段
高精度參考時鍾
高精度的參考時鍾是可選的,假如在你試驗的場景中,手機需要在多個 eNB 之間切換,此時才會需要,手機接入 eNB 會更快。高精度參考時鍾可以使用 USRP B210 兼容的 GPS-DO 模塊。如果你沒有使用 USRP B210 也可以采用 GPS-DO 擴展板 + 板載的晶振模塊(時鍾模塊)+ GPS 天線的組合,利用 GPS 的時間信號來進行時鍾的校准。GPS-DO 比較貴,也可以使用外接的 OCXO 恆溫晶振,不需要天線。
- USRP B210 專用 GPSGO
操作系統要求
部署 OAI 的操作系統首選 Ubuntu Linux 發行版,因為 OAI 是在 Ubuntu 上進行開發的,所以這是目前最穩定的部署平台。筆者使用的是 Ubuntu 16.04 LTS。
NOTE 1:不建議在虛擬機上運行,因為某些虛擬機可能沒有加載需要的 CPU feature。
NOTE 2:不建議在容器上運行,因為 EPC 需要安裝內核模塊。
內核要求
OAI 對內核非常敏感,很多莫名其表的錯誤都是由內核不適應導致的,所以切記檢查內核的版本。筆者使用的是 Ubuntu 16.04 自帶的 Kernel 4.15.0,可以部署成功但不能就說是沒有更好的選擇了。
安裝 low-latency kernel(低延時內核):
sudo apt-get install linux-lowlatency
sudo apt-get install linux-image-`uname -r | cut -d- -f1-2`-lowlatency
sudo apt-get install linux-headers-`uname -r | cut -d- -f1-2`-lowlatency
sudo reboot
加載了 GTP 內核模塊(for OAI-CN):
sudo modprobe gtp
dmesg | tail # You should see something that says about GTP kernel module
CPU Frequency scaling
OAI eNB 的實時性(Real-Time Operation)要求非常高,為了接入更多的 UE,需要進一步壓榨 PC 的性能。CPU 調頻功能允許操作系統通過提高或降低 CPU 的頻率來達到省電目的,這里我們將 CPU 的頻率打滿,不讓操作系統自己控制 CPU 的頻率。
-
在 BIOS 中移除電源管理功能(P-states, C-states)
-
在 BIOS 中關閉超線程(hyper-threading)
-
禁用 Intel CPU 的 P-state 驅動(Intel CPU 專用的頻率調節器驅動)
sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_pstate=disable"
GRUB_CMDLINE_LINUX_DEFAULT="quiet processor.max_cstate=1 intel_idle.max_cstate=0 idle=poll"
sudo update-grub
- 將 intel_powerclamp(Intel 電源管理驅動程序)加入啟動黑名單
sudo vi /etc/modprobe.d/blacklist.conf
blacklist intel_powerclamp
reboot
- 關閉 CPU 睿頻
sudo apt-get install cpufrequtils
sudo vi /etc/default/cpufrequtils
...
GOVERNOR="performance"
sudo update-rc.d ondemand disable
sudo /etc/init.d/cpufrequtils restart
All-In-One 部署網絡拓撲
部署步驟
前期准備
- 國內軟件源
sudo vim /etc/apt/sources.list
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
- 軟件更新
sudo apt-get update
sudo apt-get upgrade
- 運維工具
sudo apt-get install git vim openssh-server i7z subversion
-
Ubuntu Snap,詳見《Ubuntu Snap 簡述》
-
科學上網
安裝 OAI-CN
# Install OAI-CN as a snap:
sudo snap install oai-cn --channel=edge --devmode
# Check the installation:
sudo oai-cn.help
HSS
- Initialize the HSS:
sudo oai-cn.hss-init - Get the configuration file:
sudo oai-cn.hss-conf-get - In
hss_fd.conf, changeIdentityto match<hostname>.openair4G.eur(e.g. hostname asoai)
vi /var/snap/oai-cn/29/hss_fd.conf
Identity = "oai.openair4G.eur";
- In
hss.conf, ensure the right MySQL username and password. SetOPERATOR_keyto1111…
vi /var/snap/oai-cn/current/hss.conf
HSS :
{
## MySQL mandatory options
MYSQL_server = "127.0.0.1"; # HSS S6a bind address
MYSQL_user = "root"; # Database server login
MYSQL_pass = "linux"; # Database server password
MYSQL_db = "oai_db"; # Your database name
## HSS options
#OPERATOR_key = "1006020f0a478bf6b699f15c062e42b3"; # OP key matching your database
OPERATOR_key = "11111111111111111111111111111111"; # OP key matching your database
RANDOM = "true"; # True random or only pseudo random (for subscriber vector generation)
## Freediameter options
FD_conf = "/var/snap/oai-cn/current/hss_fd.conf";
};
- Install MySQL and PHPMyAdmin if you not:
# 安裝 MySQL,賬戶設置為 root/linux
sudo apt-get install mysql-server mysql-client
# 安裝 apache2
sudo apt-get install apache2
# 安裝 PHP
apt-get install php7.0
apt-get install libapache2-mod-php7.0
# 安裝 phpmyadmin
sudo apt-get install phpmyadmin
sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
sudo a2enconf phpmyadmin
sudo /etc/init.d/apache2 reload
sudo service apache2 restart
- Create certificates:
sudo oai-cn.hss-init(會生成 oai_db 數據庫,所以執行之前要安裝好 MySQL) - Run HSS:
sudo oai-cn.hss - The last line should read
Initializing S6a layer: DONE
MME
- Initialize the MME:
sudo oai-cn.mme-init - Locate configuration files in directory:
sudo oai-cn.mme-conf-get - In
mme_fd.conf: Identityneeds to match hostname,ConnectPeermaybe too
vi /var/snap/oai-cn/current/mme_fd.conf
...
Identity = "oai.openair4G.eur";
...
ConnectPeer= "oai.openair4G.eur" { ConnectTo = "127.0.0.1"; No_SCTP ; No_IPv6; Prefer_TCP; No_TLS; port = 3868; realm = "openair4G.eur";};
- In
mme.conf- Correct hostname in
HSS_HOSTNAME - Edit
GUMMEI_LISTandTAI_LIST NETWORK_INTERFACES: MME_IPV4_ADDRESS_FOR_S1_MMEto127.0.1.10/24,MME_IPV4_ADDRESS_FOR_S11_MMEto127.0.11.1/8S-GW: SGW_IPV4_ADDRESS_FOR_S11to127.0.11.2/8
- Correct hostname in
vi /var/snap/oai-cn/current/mme.conf
MME :
{
...
S6A :
{
...
HSS_HOSTNAME = "oai"; # THE HSS HOSTNAME
};
...
# ------- MME served GUMMEIs
# MME code DEFAULT size = 8 bits
# MME GROUP ID size = 16 bits
GUMMEI_LIST = (
{MCC="208" ; MNC="95"; MME_GID="4" ; MME_CODE="1"; } # YOUR GUMMEI CONFIG HERE
);
# ------- MME served TAIs
# TA (mcc.mnc:tracking area code) DEFAULT = 208.34:1
# max values = 999.999:65535
# maximum of 16 TAIs, comma separated
# !!! Actually use only one PLMN
TAI_LIST = (
{MCC="208" ; MNC="95"; TAC = "1"; } # YOUR TAI CONFIG HERE
);
...
NETWORK_INTERFACES :
{
# MME binded interface for S1-C or S1-MME communication (S1AP), can be ethernet interface, virtual ethernet interface, we don't advise wireless interfaces
MME_INTERFACE_NAME_FOR_S1_MME = "lo"; # YOUR NETWORK CONFIG HERE
MME_IPV4_ADDRESS_FOR_S1_MME = "127.0.1.10/24"; # YOUR NETWORK CONFIG HERE
# MME binded interface for S11 communication (GTPV2-C)
MME_INTERFACE_NAME_FOR_S11_MME = "lo"; # YOUR NETWORK CONFIG HERE
MME_IPV4_ADDRESS_FOR_S11_MME = "127.0.11.1/8"; # YOUR NETWORK CONFIG HERE
MME_PORT_FOR_S11_MME = 2123; # YOUR NETWORK CONFIG HERE
};
...
S-GW :
{
# S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used
SGW_IPV4_ADDRESS_FOR_S11 = "127.0.11.2/8"; # YOUR NETWORK CONFIG HERE
};
- Start the MME:
sudo oai-cn.mme - Last line:
Peer <hostname>.openair4G.eur is now connected...
NOTE:如果是分布式部署不能使用 lo 的話,就需要根據實際的網絡情況首先配置好網卡和 IP 地址。例如:
ifconfig enp3s0:s1 192.168.0.2 netmask 255.255.255.0 up
ifconfig enp3s0:mmes11 192.168.0.3 netmask 255.255.255.0 up
否則 S1-C 接口建立的時候會觸發 Failed to create new SCTP listener 錯誤,因為 S1-C 接口是在 SCTP 協議之上實現的。
SPGW
- Initialize the SPGW:
sudo oai-cn.spgw-init - In
spgw.conf:SGW_IPV4_ADDRESS_FOR_S11to127.0.11.2/8SGW_IPV4_ADDRESS_FOR_S1U_S12_S4_UPto127.0.1.10/24PGW_INTERFACE_NAME_FOR_SGI: the interface to the InternetDEFAULT_DNS_IPV4_ADDRESS: your DNS
vi /var/snap/oai-cn/29/spgw.conf
...
S-GW :
{
NETWORK_INTERFACES :
{
# S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used
SGW_INTERFACE_NAME_FOR_S11 = "lo"; # STRING, interface name, YOUR NETWORK CONFIG HERE
SGW_IPV4_ADDRESS_FOR_S11 = "127.0.11.2/8"; # STRING, CIDR, YOUR NETWORK CONFIG HERE
# S-GW binded interface for S1-U communication (GTPV1-U) can be ethernet interface, virtual ethernet interface, we don't advise wireless interfaces
SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP = "lo"; # STRING, interface name, YOUR NETWORK CONFIG HERE, USE "lo" if S-GW run on eNB host
SGW_IPV4_ADDRESS_FOR_S1U_S12_S4_UP = "127.0.1.10/24"; # STRING, CIDR, YOUR NETWORK CONFIG HERE
SGW_IPV4_PORT_FOR_S1U_S12_S4_UP = 2152; # INTEGER, port number, PREFER NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING
...
P-GW =
{
NETWORK_INTERFACES :
{
# P-GW binded interface for S5 or S8 communication, not implemented, so leave it to none
PGW_INTERFACE_NAME_FOR_S5_S8 = "none"; # STRING, interface name, DO NOT CHANGE (NOT IMPLEMENTED YET)
# P-GW binded interface for SGI (egress/ingress internet traffic)
PGW_INTERFACE_NAME_FOR_SGI = "wlp4s0"; # STRING, YOUR NETWORK CONFIG HERE
PGW_MASQUERADE_SGI = "yes"; # STRING, {"yes", "no"}. YOUR NETWORK CONFIG HERE, will do NAT for you if you put "yes".
UE_TCP_MSS_CLAMPING = "no"; # STRING, {"yes", "no"}.
};
...
- Start the SPGW:
sudo oai-cn.spgw - Last line:
Initializing SPGW-APP task interface: DONE
安裝 OAI-RAN
# Install OAI-RAN as a snap:
sudo snap install oai-ran --channel=edge --devmode
# Check the installation:
sudo oai-ran.help
- Get the configuration file:
sudo oai-ran.enb-conf-get- Edit
plmn_list - Edit
mme_ip_address - Edit
NETWORK_INTERFACES - Lower
max_rxgain - Set
parallel_configtoPARALLEL_SINGLE_THREAD - Disable
FLEXRAN_ENABLED(no) - Possibly lower
downlink_frequency - Recommended:
N_RB_DLto25
- Edit
vi /var/snap/oai-ran/34/enb.band7.tm1.50PRB.usrpb210.conf
...
eNBs =
(
{
...
plmn_list = ( { mcc = 208; mnc = 95; mnc_length = 2; } );
...
////////// MME parameters:
mme_ip_address = ( { ipv4 = "127.0.1.10";
ipv6 = "192:168:30::17";
active = "yes";
preference = "ipv4";
}
);
...
NETWORK_INTERFACES :
{
ENB_INTERFACE_NAME_FOR_S1_MME = "lo";
ENB_IPV4_ADDRESS_FOR_S1_MME = "127.0.1.30/24";
ENB_INTERFACE_NAME_FOR_S1U = "lo";
ENB_IPV4_ADDRESS_FOR_S1U = "127.0.1.30/24";
ENB_PORT_FOR_S1U = 2152; # Spec 2152
ENB_IPV4_ADDRESS_FOR_X2C = "192.168.12.111/24";
ENB_PORT_FOR_X2C = 36422; # Spec 36422
};
...
RUs = (
{
local_rf = "yes"
nb_tx = 1
nb_rx = 1
att_tx = 0
att_rx = 0;
bands = [7];
max_pdschReferenceSignalPower = -27;
max_rxgain = 125;
eNB_instances = [0];
}
);
...
THREAD_STRUCT = (
{
#three config for level of parallelism "PARALLEL_SINGLE_THREAD", "PARALLEL_RU_L1_SPLIT", or "PARALLEL_RU_L1_TRX_SPLIT"
#parallel_config = "PARALLEL_RU_L1_TRX_SPLIT";
parallel_config = "PARALLEL_SINGLE_THREAD";
#two option for worker "WORKER_DISABLE" or "WORKER_ENABLE"
worker_config = "WORKER_ENABLE";
}
);
...
NETWORK_CONTROLLER :
{
FLEXRAN_ENABLED = "no";
FLEXRAN_INTERFACE_NAME = "lo";
FLEXRAN_IPV4_ADDRESS = "127.0.0.1";
FLEXRAN_PORT = 2210;
FLEXRAN_CACHE = "/mnt/oai_agent_cache";
FLEXRAN_AWAIT_RECONF = "no";
};
...
- Start Wireshark on
anyinterface, capture filterport 36412 - Start the RAN
sudo oai-ran.enb - Verify that S1SetupRequest is followed by S1SetupResponse (without error. . . )
- Connection of a phone, troubleshooting individually
啟動 eNB 時,會與 MME 連接 SCTP 連接,在此之上再連接 S1-AP 協議通信。SCTP 連接建立過程如下:
IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto SCTP (132), length 68)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [INIT] [init tag: 2598459195] [rwnd: 106496] [OS: 2] [MIS: 2] [init TSN: 3729658001]
IP (tos 0x2,ECT(0), ttl 63, id 0, offset 0, flags [DF], proto SCTP (132), length 292)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [INIT ACK] [init tag: 1333122844] [rwnd: 106496] [OS: 2] [MIS: 2] [init TSN: 1757100737]
IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto SCTP (132), length 264)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [COOKIE ECHO]
IP (tos 0x2,ECT(0), ttl 63, id 0, offset 0, flags [DF], proto SCTP (132), length 36)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [COOKIE ACK]
IP (tos 0x2,ECT(0), ttl 64, id 1, offset 0, flags [DF], proto SCTP (132), length 108)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [DATA] (B)(E) [TSN: 3729658001] [SID: 0] [SSEQ 0] [PPID S1AP] [Payload:
0x0000: 0011 0037 0000 0400 3b00 0800 02f8 5900 ...7....;.....Y.
0x0010: 00e0 0000 3c40 1408 8065 4e42 2d45 7572 ....<@...eNB-Eur
0x0020: 6563 6f6d 2d4c 5445 426f 7800 4000 0700 ecom-LTEBox.@...
0x0030: 0000 4002 f859 0089 4001 40 ..@..Y..@.@]
IP (tos 0x2,ECT(0), ttl 63, id 34221, offset 0, flags [DF], proto SCTP (132), length 48)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [SACK] [cum ack 3729658001] [a_rwnd 106437] [#gap acks 0] [#dup tsns 0]
IP (tos 0x2,ECT(0), ttl 63, id 34222, offset 0, flags [DF], proto SCTP (132), length 76)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [DATA] (B)(E) [TSN: 1757100737] [SID: 0] [SSEQ 0] [PPID S1AP] [Payload:
0x0000: 2011 0017 0000 0200 6900 0b00 0002 f859 ........i......Y
0x0010: 0000 0004 0001 0057 4001 0a .......W@..]
IP (tos 0x2,ECT(0), ttl 64, id 2, offset 0, flags [DF], proto SCTP (132), length 48)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [SACK] [cum ack 1757100737] [a_rwnd 106469] [#gap acks 0] [#dup tsns 0]
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.2 tell 10.0.1.1, length 46
ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.1.2 is-at 50:7b:9d:29:a1:d7, length 28
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.1 tell 10.0.1.2, length 28
ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.1.1 is-at 2c:60:0c:6e:c2:a9, length 46
IP (tos 0x2,ECT(0), ttl 64, id 3, offset 0, flags [DF], proto SCTP (132), length 84)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 63, id 34223, offset 0, flags [DF], proto SCTP (132), length 84)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 63, id 34224, offset 0, flags [DF], proto SCTP (132), length 84)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 64, id 4, offset 0, flags [DF], proto SCTP (132), length 84)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 64, id 5, offset 0, flags [DF], proto SCTP (132), length 84)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 63, id 34225, offset 0, flags [DF], proto SCTP (132), length 84)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 63, id 34226, offset 0, flags [DF], proto SCTP (132), length 84)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 64, id 6, offset 0, flags [DF], proto SCTP (132), length 84)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [HB ACK]
COST UE
寫白卡
pySIM 官方操作手冊:https://osmocom.org/projects/pysim/wiki
- 安裝 libccid、pcscd 工具包
$ sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev python-pyscard
- 掃描白卡讀寫設備
$ pcsc_scan
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00
Mon Dec 9 21:10:21 2019
Reader 0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00
Card state: Card inserted,
ATR: 3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
ATR: 3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
+ TS = 3B --> Direct Convention
+ T0 = 9F, Y(1): 1001, K: 15 (historical bytes)
TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
TD(2) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
TA(3) = C7 --> Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ Historical bytes: 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01
Category indicator byte: 80 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: A0
- Application selection: by full DF name
- BER-TLV data objects available in EF.DIR
- EF.DIR and EF.ATR access services: by GET RECORD(s) command
- Card with MF
Tag: 7, len: 3 (card capabilities)
Selection methods: BE
- DF selection by full DF name
- DF selection by path
- DF selection by file identifier
- Implicit DF selection
- Short EF identifier supported
- Record number supported
Data coding byte: 21
- Behaviour of write functions: proprietary
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
Command chaining, length fields and logical channels: 13
- Logical channel number assignment: by the card
- Maximum number of logical channels: 4
Tag: 6, len: 7 (pre-issuing data)
Data: 43 20 07 18 00 00 01
+ TCK = A5 (correct checksum)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
sysmoUSIM-SJS1 (Telecommunication)
http://www.sysmocom.de/products/sysmousim-sjs1-sim-usim
- 安裝 pySIM 白卡讀寫軟件
$ sudo apt-get install python-pip python-yaml
$ pip install -i https://pypi.tuna.tsinghua.edu.cn/simple pytlv
$ git clone git://git.osmocom.org/pysim pysim
$ cd pysim
- 讀卡
$ ./pySim-read.py -p0
Using PC/SC reader (dev=0) interface
Reading ...
ICCID: 8988211000000318025
IMSI: 901700000031802
SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
PLMNsel: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
PLMNwAcT:
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
OPLMNwAcT:
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
HPLMNAcT:
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ACC: 0004
MSISDN: Not available
AD: 00000002
Done !
- 根據數據庫記錄確定寫卡信息:
- 數據庫記錄:
- users 表:
- imsi: 208950000000001
- key: 8baf473f2f8fd09487cccbd7097c6862
- OPc: 8e27b6af0e692e750f32667a3b14605d
- mmeidentity_idmmeidentity: 7
- mmeidentity 表:手動修改 users 的 mmeidentity_idmmeidentity 要與 mmeidentity 的 idmmeidentity 保持一致
- users 表:
- 數據庫記錄:
mysql> select * from mmeidentity where idmmeidentity=7;
+---------------+-------------------+---------------+-----------------+
| idmmeidentity | mmehost | mmerealm | UE-Reachability |
+---------------+-------------------+---------------+-----------------+
| 7 | oai.openair4G.eur | openair4G.eur | 0 |
+---------------+-------------------+---------------+-----------------+
以上述可得到要寫入的 SIM 卡信息:
-
IMSI: 208950000000001
-
Ki: 8baf473f2f8fd09487cccbd7097c6862
-
OPC: 8e27b6af0e692e750f32667a3b14605d
-
寫卡
$ ./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 00795698 -x 208 -y 95 -i 208950000000001 -s 8988211000000318025 -o 8e27b6af0e692e750f32667a3b14605d -k 8baf473f2f8fd09487cccbd7097c6862
Using PC/SC reader (dev=0) interface
Ready for Programming: Insert card now (or CTRL-C to cancel)
Generated card parameters :
> Name : Magic
> SMSP : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
> ICCID : 8988211000000318025
> MCC/MNC : 208/95
> IMSI : 208950000000001
> Ki : 8baf473f2f8fd09487cccbd7097c6862
> OPC : 8e27b6af0e692e750f32667a3b14605d
> ACC : None
> ADM1(hex): 3030373935363938
Programming ...
Programming successful: Remove card from reader
$ ./pySim-read.py -p0
Using PC/SC reader (dev=0) interface
Reading ...
ICCID: 8988211000000318025
IMSI: 208950000000001
SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
PLMNsel: 02f859ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
PLMNwAcT:
02f859ffff # MCC: 208 MNC: 95 AcT: UTRAN, E-UTRAN, GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
OPLMNwAcT:
02f859ffff # MCC: 208 MNC: 95 AcT: UTRAN, E-UTRAN, GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
HPLMNAcT:
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ACC: 0004
MSISDN: Not available
AD: 00000002
Done !
手機連接 OA-RAN
- 白卡插入手機,並其他移動網絡關閉。
- 針對白卡開啟數據漫游、開啟 4G、新建 APN。
- APN name 隨便寫,APN 一定要填寫
oai.ipv4。 - MCC 填 208,MNC 填 95,與 RAN 側的配置保持一致。
- 接入成功后查看手機的 IP 地址是否為 PGW 地址池中分配的 IP 地址。
- 打開網頁上網。
問題 1:啟動 HSS 時觸發異常
問題:
ERROR TLS: The certificate owner does not match the hostname 'oai.openair4G.eur'
ERROR ERROR: in '((fd_conf_parse()))' : Invalid argument
解決:檢查 hostname,重新設置 hostname,然后重新生成證書,再重新啟動 HSS
hostnamectl set-hostname oai
問題 2:掃描不到白卡讀寫設備
問題:
root@oai:~# pcsc_scan
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.14
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...
解決:使用 Ubuntu 18.04 操作系統
問題 3:UE 注冊失敗
問題:用 wireshark 抓 s1ap 協議發現 (IMSI unknown in HSS),MME log 如下。
Handling imsi 208950000000001
Message discarded ('Internal error: Answer received to locally issued request, but not handled by any handler.'):
EMM-CTX - get UE id 0x0000000D context 0x7f8de406f310
'Authentication-Information-Answer'
EMM-CTX - get UE id 0x0000000D context 0x7f8de406f310 by imsi 208950000000001
Version: 0x01
INFORMING NAS ABOUT AUTH RESP ERROR CODE
Command Code: 318
NO Valid Security Context Available
解決:對比 SIM 卡的信息和 oai_db 數據庫表記錄一致后,重啟所有服務
- SIM 卡信息:
- IMSI: 208950000000001
- Ki: 8baf473f2f8fd09487cccbd7097c6862
- OPC: 8e27b6af0e692e750f32667a3b14605d
- 數據庫記錄:
- users 表:
- imsi: 208950000000001
- key: 8baf473f2f8fd09487cccbd7097c6862
- OPc: 8e27b6af0e692e750f32667a3b14605d
- mmeidentity_idmmeidentity: 7
- mmeidentity 表:
- users 表:
mysql> select * from mmeidentity where idmmeidentity=7;
+---------------+-------------------+---------------+-----------------+
| idmmeidentity | mmehost | mmerealm | UE-Reachability |
+---------------+-------------------+---------------+-----------------+
| 7 | oai.openair4G.eur | openair4G.eur | 0 |
+---------------+-------------------+---------------+-----------------+
問題 4:手機沒有分配到可用的 IP 地址
問題:
解決:重啟所有服務,手機再重新接入 RAN。