基于 OAI 部署私有的 4G EPS

目录

文章目录

  • 目录
  • 前言
  • 硬件设备要求
    • 运行平台
    • RF 外设
    • 可编程 SIM 卡
    • UE 终端
    • 高精度参考时钟
  • 操作系统要求
    • 内核要求
    • CPU Frequency scaling
  • All-In-One 部署网络拓扑
  • 部署步骤
    • 前期准备
    • 安装 OAI-CN
      • HSS
      • MME
      • SPGW
    • 安装 OAI-RAN
    • COST UE
      • 写白卡
      • 手机连接 OA-RAN
    • 问题 1:启动 HSS 时触发异常
    • 问题 2:扫描不到白卡读写设备
    • 问题 3:UE 注册失败
    • 问题 4:手机没有分配到可用的 IP 地址

前言

前段时间笔者去北京邮电大学参加了今年冬季的 OpenAirInterface Workshop Fall 2019,收获颇丰。尤其是对 Mosaic5G 演示的通过 Ubuntu Snap 来快速部署 OAI All-In-One 实验环境的方式印象深刻。Ubuntu Snap 部署方式的优点是快速便捷,适合新手入门体验 OAI,或者非通信专业人士搭建方案验证环境。但并不适合 OAI 开发者。本文主要是对 Ubuntu Snap 部署方式进行验证以及对 4G LTE/EPC 的实践学习。

注:下文部分内容摘自 PPT 《FlexRAN-Training》

硬件设备要求

运行平台

建议在 Intel x86 架构上运行 OAI,因为 DSP(数字信号处理器)需要大量使用到整数指令集(SSE, SSE2, SSS3, SSE4, and AVX2)。OAI 在以下 CPU 型号完成了测试

  • Generation 3/4/5/6 Intel Core i5, i7
  • Generation 2/3/4 Intel Xeon
  • Intel Atom Rangeley, E38xx, x5-z8300

除了常见的 PC 之外,笔者也看见过有人在 UP Board(Intel Atom x5-Z8350 四核 CPU,4GB RAM,64GB eMMC)上跑。至于树莓派(Raspberry Pi)是不建议的,首先因为树莓派采用的是 ARM Cortex-A72 架构 CPU ,然后树莓派 4 才引入了 USB 3.0,这意味着旧版本的树莓派并不支持常见的 USRP RF 外设。简而言之,个人实验建议使用新一点的 PC。如果想做移动基站的话则可以考虑 UP Board。

  • UP Board
    基于 OAI 部署私有的 4G EPS_第1张图片
  • Raspberry Pi 4 Model B

RF 外设

总得来说,OAI 同时支持空口外设(硬件外设支持)和系统级仿真(纯软件)两种部署方式。有条件的话,笔者推荐入手 RF 外设,整体运行情况相对稳定,也更感性直观。同时可以选择的 RF 外设也很多,例如:USRP 系列或者 LimeSDR。笔者使用了是非官方版本的 USRP B210,便宜好用。

关于 USRP B210 更详细的介绍,请浏览《USRP B210 软件定义的无线网络支撑设备》。

  • USRP B210
    基于 OAI 部署私有的 4G EPS_第2张图片
  • LimeSDR
    基于 OAI 部署私有的 4G EPS_第3张图片

可编程 SIM 卡

在使用 RF 外设部署的场景中也有两种不同的 UE 侧部署方式,一种是使用 SIM 卡 + 手机的组合,另一种则是使用 PC + RF 外设模拟手机的组合。
基于 OAI 部署私有的 4G EPS_第4张图片
当然了,除了在调试 UE 侧功能实现的场景中,后者则显得没有必要了。笔者也使用了前一个部署方式,需要 3 个要素:

  1. 可编程的 SIM 卡(白卡)
  2. SIM 卡读写设备
  3. SIM 卡编程软件

白卡推荐使用德国 Sysmocom 产的 sysmoUSIM-SJS1,这种卡在国内是很少见的,可以上 taobao 或 xianyu 碰碰运气。需要注意的有两点,第一是首选新卡,否则 OAI 可能不支持;第二是购买时要确认白卡是具有 ADM key 的。关于 SIM 卡的详细信息可以浏览《读写可编程 SIM/USIM 卡》。不推荐使用常规的移动、联通、电信卡,实际上笔者也没有测试过是否可行,但听说是有些问题。

至于 SIM 卡读写设备选择就很多了,笔者选择的是 Omnikey CardMan 3121 USB CCID Reader,这个是 sysmoUSIM 官方文档推荐的读写设备,taobao 可购。需要注意的是,Omnikey 只是一个读写外设,具体的读写操作、管理还需要使用到额外 SIM 卡编程软件,在 Linux 操作系统上推荐使用 pySIM。关于 Omnikey + pySIM 的组合还有一个坑,就是要使用 Ubuntu 18.04,否则可能会遇见由于驱动缺失导致发现不了 Omnikey 设备的情况,这个在后文中有详细记录。Windows 操作系统可以考虑 SIM Personalize tools,不过这个工具也比较认白卡,有些新卡可能就只读不写了。

基于 OAI 部署私有的 4G EPS_第5张图片

UE 终端

上面也提到了 UE 终端可以使用手机也可以使用 PC 模拟,但现在 OAI 的 UE 仿真很不太稳定,不是一个好的选择。至于手机的选择也有讲究,要注意手机的 Band(频段)和 eNB 的 Band 是一致的,否则手机无法搜索到你的 “网络运营商”。因为有些国产手机是不支持某些国外 Band 的,比如小米 5 就对国外的 Band7 支持得不完整。如果你选择了默认的 Band7 来部署 eNB(查看 eNB 配置文件中的配置项 eutra_band,e.g. eutra_band=7),那么就可能会出现问题。通常大厂的手机没有这个问题,但如果遇见了不妨检查一下。

  • 三星 Note8 的频段
    基于 OAI 部署私有的 4G EPS_第6张图片

高精度参考时钟

高精度的参考时钟是可选的,假如在你试验的场景中,手机需要在多个 eNB 之间切换,此时才会需要,手机接入 eNB 会更快。高精度参考时钟可以使用 USRP B210 兼容的 GPS-DO 模块。如果你没有使用 USRP B210 也可以采用 GPS-DO 扩展板 + 板载的晶振模块(时钟模块)+ GPS 天线的组合,利用 GPS 的时间信号来进行时钟的校准。GPS-DO 比较贵,也可以使用外接的 OCXO 恒温晶振,不需要天线。

  • USRP B210 专用 GPSGO
    基于 OAI 部署私有的 4G EPS_第7张图片

操作系统要求

部署 OAI 的操作系统首选 Ubuntu Linux 发行版,因为 OAI 是在 Ubuntu 上进行开发的,所以这是目前最稳定的部署平台。笔者使用的是 Ubuntu 16.04 LTS。

NOTE 1:不建议在虚拟机上运行,因为某些虚拟机可能没有加载需要的 CPU feature。
NOTE 2:不建议在容器上运行,因为 EPC 需要安装内核模块。

内核要求

OAI 对内核非常敏感,很多莫名其表的错误都是由内核不适应导致的,所以切记检查内核的版本。笔者使用的是 Ubuntu 16.04 自带的 Kernel 4.15.0,可以部署成功但不能就说是没有更好的选择了。

安装 low-latency kernel(低延时内核)

sudo apt-get install linux-lowlatency
sudo apt-get install linux-image-`uname -r | cut -d- -f1-2`-lowlatency
sudo apt-get install linux-headers-`uname -r | cut -d- -f1-2`-lowlatency
sudo reboot

加载了 GTP 内核模块(for OAI-CN)

sudo modprobe gtp
dmesg | tail # You should see something that says about GTP kernel module

CPU Frequency scaling

OAI eNB 的实时性(Real-Time Operation)要求非常高,为了接入更多的 UE,需要进一步压榨 PC 的性能。CPU 调频功能允许操作系统通过提高或降低 CPU 的频率来达到省电目的,这里我们将 CPU 的频率打满,不让操作系统自己控制 CPU 的频率。

  • 在 BIOS 中移除电源管理功能(P-states, C-states)

  • 在 BIOS 中关闭超线程(hyper-threading)

  • 禁用 Intel CPU 的 P-state 驱动(Intel CPU 专用的频率调节器驱动)

sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_pstate=disable"
GRUB_CMDLINE_LINUX_DEFAULT="quiet processor.max_cstate=1 intel_idle.max_cstate=0 idle=poll"

sudo update-grub
  • 将 intel_powerclamp(Intel 电源管理驱动程序)加入启动黑名单
sudo vi /etc/modprobe.d/blacklist.conf
blacklist intel_powerclamp

reboot
  • 关闭 CPU 睿频
sudo apt-get install cpufrequtils

sudo vi /etc/default/cpufrequtils
...
GOVERNOR="performance"

sudo update-rc.d ondemand disable
sudo /etc/init.d/cpufrequtils restart

All-In-One 部署网络拓扑

基于 OAI 部署私有的 4G EPS_第8张图片

部署步骤

前期准备

  • 国内软件源
sudo vim /etc/apt/sources.list

deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main 
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
  • 软件更新
sudo apt-get update
sudo apt-get upgrade
  • 运维工具
sudo apt-get install git vim openssh-server i7z subversion
  • Ubuntu Snap,详见《Ubuntu Snap 简述》

  • 科学上网

安装 OAI-CN

# Install OAI-CN as a snap:
sudo snap install oai-cn --channel=edge --devmode

# Check the installation:
sudo oai-cn.help

HSS

  • Initialize the HSS: sudo oai-cn.hss-init
  • Get the configuration file: sudo oai-cn.hss-conf-get
  • In hss_fd.conf, change Identity to match .openair4G.eur (e.g. hostname as oai)
vi /var/snap/oai-cn/29/hss_fd.conf

Identity = "oai.openair4G.eur";
  • In hss.conf, ensure the right MySQL username and password. Set OPERATOR_key to 1111…
vi /var/snap/oai-cn/current/hss.conf

HSS :
{
## MySQL mandatory options
MYSQL_server = "127.0.0.1";     # HSS S6a bind address
MYSQL_user   = "root";  # Database server login
MYSQL_pass   = "linux";  # Database server password
MYSQL_db     = "oai_db";        # Your database name

## HSS options
#OPERATOR_key = "1006020f0a478bf6b699f15c062e42b3"; # OP key matching your database
OPERATOR_key = "11111111111111111111111111111111"; # OP key matching your database

RANDOM = "true";                                   # True random or only pseudo random (for subscriber vector generation)

## Freediameter options
FD_conf = "/var/snap/oai-cn/current/hss_fd.conf";
};
  • Install MySQL and PHPMyAdmin if you not:
# 安装 MySQL,账户设置为 root/linux
sudo apt-get install mysql-server mysql-client

# 安装 apache2
sudo apt-get install apache2

# 安装 PHP
apt-get install php7.0
apt-get install libapache2-mod-php7.0

# 安装 phpmyadmin
sudo apt-get install phpmyadmin
sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
sudo a2enconf phpmyadmin
sudo /etc/init.d/apache2 reload
sudo service apache2 restart
  • Create certificates: sudo oai-cn.hss-init(会生成 oai_db 数据库,所以执行之前要安装好 MySQL)
  • Run HSS: sudo oai-cn.hss
  • The last line should read Initializing S6a layer: DONE

MME

  • Initialize the MME: sudo oai-cn.mme-init
  • Locate configuration files in directory: sudo oai-cn.mme-conf-get
  • In mme_fd.conf: Identity needs to match hostname, ConnectPeer maybe too
vi /var/snap/oai-cn/current/mme_fd.conf
...
Identity = "oai.openair4G.eur";
...
ConnectPeer= "oai.openair4G.eur" { ConnectTo = "127.0.0.1"; No_SCTP ; No_IPv6; Prefer_TCP; No_TLS; port = 3868;  realm = "openair4G.eur";};
  • In mme.conf
    • Correct hostname in HSS_HOSTNAME
    • Edit GUMMEI_LIST and TAI_LIST
    • NETWORK_INTERFACES: MME_IPV4_ADDRESS_FOR_S1_MME to 127.0.1.10/24, MME_IPV4_ADDRESS_FOR_S11_MME to 127.0.11.1/8
    • S-GW: SGW_IPV4_ADDRESS_FOR_S11 to 127.0.11.2/8
vi /var/snap/oai-cn/current/mme.conf

MME :
{
...
    S6A :
    {
        ...
        HSS_HOSTNAME               = "oai";                                     # THE HSS HOSTNAME
    };
...
    # ------- MME served GUMMEIs
    # MME code DEFAULT  size = 8 bits
    # MME GROUP ID size = 16 bits
    GUMMEI_LIST = (
         {MCC="208" ; MNC="95"; MME_GID="4" ; MME_CODE="1"; }                   # YOUR GUMMEI CONFIG HERE
    );

    # ------- MME served TAIs
    # TA (mcc.mnc:tracking area code) DEFAULT = 208.34:1
    # max values = 999.999:65535
    # maximum of 16 TAIs, comma separated
    # !!! Actually use only one PLMN
    TAI_LIST = (
         {MCC="208" ; MNC="95";  TAC = "1"; }                                 # YOUR TAI CONFIG HERE
    );
...
    NETWORK_INTERFACES :
    {
        # MME binded interface for S1-C or S1-MME  communication (S1AP), can be ethernet interface, virtual ethernet interface, we don't advise wireless interfaces
        MME_INTERFACE_NAME_FOR_S1_MME         = "lo";                         # YOUR NETWORK CONFIG HERE
        MME_IPV4_ADDRESS_FOR_S1_MME           = "127.0.1.10/24";             # YOUR NETWORK CONFIG HERE

        # MME binded interface for S11 communication (GTPV2-C)
        MME_INTERFACE_NAME_FOR_S11_MME        = "lo";                           # YOUR NETWORK CONFIG HERE
        MME_IPV4_ADDRESS_FOR_S11_MME          = "127.0.11.1/8";                 # YOUR NETWORK CONFIG HERE
        MME_PORT_FOR_S11_MME                  = 2123;                           # YOUR NETWORK CONFIG HERE
    };
...
S-GW :
{
    # S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used
    SGW_IPV4_ADDRESS_FOR_S11                = "127.0.11.2/8";                   # YOUR NETWORK CONFIG HERE

};
  • Start the MME: sudo oai-cn.mme
  • Last line: Peer .openair4G.eur is now connected...

NOTE:如果是分布式部署不能使用 lo 的话,就需要根据实际的网络情况首先配置好网卡和 IP 地址。例如:

ifconfig enp3s0:s1 192.168.0.2 netmask 255.255.255.0 up
ifconfig enp3s0:mmes11 192.168.0.3 netmask 255.255.255.0 up

否则 S1-C 接口建立的时候会触发 Failed to create new SCTP listener 错误,因为 S1-C 接口是在 SCTP 协议之上实现的。

SPGW

  • Initialize the SPGW: sudo oai-cn.spgw-init
  • In spgw.conf:
    • SGW_IPV4_ADDRESS_FOR_S11 to 127.0.11.2/8
    • SGW_IPV4_ADDRESS_FOR_S1U_S12_S4_UP to 127.0.1.10/24
    • PGW_INTERFACE_NAME_FOR_SGI: the interface to the Internet
    • DEFAULT_DNS_IPV4_ADDRESS: your DNS
vi /var/snap/oai-cn/29/spgw.conf
...
S-GW :
{
    NETWORK_INTERFACES :
    {
        # S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used
        SGW_INTERFACE_NAME_FOR_S11              = "lo";                         # STRING, interface name, YOUR NETWORK CONFIG HERE
        SGW_IPV4_ADDRESS_FOR_S11                = "127.0.11.2/8";               # STRING, CIDR, YOUR NETWORK CONFIG HERE

        # S-GW binded interface for S1-U communication (GTPV1-U) can be ethernet interface, virtual ethernet interface, we don't advise wireless interfaces
        SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP    = "lo";                       # STRING, interface name, YOUR NETWORK CONFIG HERE, USE "lo" if S-GW run on eNB host
        SGW_IPV4_ADDRESS_FOR_S1U_S12_S4_UP      = "127.0.1.10/24";           # STRING, CIDR, YOUR NETWORK CONFIG HERE
        SGW_IPV4_PORT_FOR_S1U_S12_S4_UP         = 2152;                         # INTEGER, port number, PREFER NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING
...
P-GW =
{
    NETWORK_INTERFACES :
    {
        # P-GW binded interface for S5 or S8 communication, not implemented, so leave it to none
        PGW_INTERFACE_NAME_FOR_S5_S8          = "none";                         # STRING, interface name, DO NOT CHANGE (NOT IMPLEMENTED YET)

        # P-GW binded interface for SGI (egress/ingress internet traffic)
        PGW_INTERFACE_NAME_FOR_SGI            = "wlp4s0";                         # STRING, YOUR NETWORK CONFIG HERE
        PGW_MASQUERADE_SGI                    = "yes";                           # STRING, {"yes", "no"}. YOUR NETWORK CONFIG HERE, will do NAT for you if you put "yes".
        UE_TCP_MSS_CLAMPING                   = "no";                           # STRING, {"yes", "no"}.
    };
...
  • Start the SPGW: sudo oai-cn.spgw
  • Last line: Initializing SPGW-APP task interface: DONE

安装 OAI-RAN

# Install OAI-RAN as a snap:
sudo snap install oai-ran --channel=edge --devmode

# Check the installation:
sudo oai-ran.help
  • Get the configuration file: sudo oai-ran.enb-conf-get
    • Edit plmn_list
    • Edit mme_ip_address
    • Edit NETWORK_INTERFACES
    • Lower max_rxgain
    • Set parallel_config to PARALLEL_SINGLE_THREAD
    • Disable FLEXRAN_ENABLED (no)
    • Possibly lower downlink_frequency
    • Recommended: N_RB_DL to 25
vi /var/snap/oai-ran/34/enb.band7.tm1.50PRB.usrpb210.conf
...
eNBs =
(
 {
    ...
    plmn_list = ( { mcc = 208; mnc = 95; mnc_length = 2; } );
...
    ////////// MME parameters:
    mme_ip_address      = ( { ipv4       = "127.0.1.10";
                              ipv6       = "192:168:30::17";
                              active     = "yes";
                              preference = "ipv4";
                            }
                          );
...
    NETWORK_INTERFACES :
    {
        ENB_INTERFACE_NAME_FOR_S1_MME            = "lo";
        ENB_IPV4_ADDRESS_FOR_S1_MME              = "127.0.1.30/24";
        ENB_INTERFACE_NAME_FOR_S1U               = "lo";
        ENB_IPV4_ADDRESS_FOR_S1U                 = "127.0.1.30/24";
        ENB_PORT_FOR_S1U                         = 2152; # Spec 2152

        ENB_IPV4_ADDRESS_FOR_X2C                 = "192.168.12.111/24";
        ENB_PORT_FOR_X2C                         = 36422; # Spec 36422
    };
...
RUs = (
    {
       local_rf       = "yes"
         nb_tx          = 1
         nb_rx          = 1
         att_tx         = 0
         att_rx         = 0;
         bands          = [7];
         max_pdschReferenceSignalPower = -27;
         max_rxgain                    = 125;
         eNB_instances  = [0];

    }
);
...
THREAD_STRUCT = (
  {
    #three config for level of parallelism "PARALLEL_SINGLE_THREAD", "PARALLEL_RU_L1_SPLIT", or "PARALLEL_RU_L1_TRX_SPLIT"
    #parallel_config    = "PARALLEL_RU_L1_TRX_SPLIT";
    parallel_config    = "PARALLEL_SINGLE_THREAD";
    #two option for worker "WORKER_DISABLE" or "WORKER_ENABLE"
    worker_config      = "WORKER_ENABLE";
  }
);
...
NETWORK_CONTROLLER :
{
    FLEXRAN_ENABLED        = "no";
    FLEXRAN_INTERFACE_NAME = "lo";
    FLEXRAN_IPV4_ADDRESS   = "127.0.0.1";
    FLEXRAN_PORT           = 2210;
    FLEXRAN_CACHE          = "/mnt/oai_agent_cache";
    FLEXRAN_AWAIT_RECONF   = "no";
};
...
  • Start Wireshark on any interface, capture filter port 36412
  • Start the RAN sudo oai-ran.enb
  • Verify that S1SetupRequest is followed by S1SetupResponse (without error. . . )
  • Connection of a phone, troubleshooting individually

启动 eNB 时,会与 MME 连接 SCTP 连接,在此之上再连接 S1-AP 协议通信。SCTP 连接建立过程如下:

IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto SCTP (132), length 68)
    10.0.1.2.36412 > 192.168.0.2.36412: sctp
    1) [INIT] [init tag: 2598459195] [rwnd: 106496] [OS: 2] [MIS: 2] [init TSN: 3729658001]
IP (tos 0x2,ECT(0), ttl 63, id 0, offset 0, flags [DF], proto SCTP (132), length 292)
    192.168.0.2.36412 > 10.0.1.2.36412: sctp
    1) [INIT ACK] [init tag: 1333122844] [rwnd: 106496] [OS: 2] [MIS: 2] [init TSN: 1757100737]
IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto SCTP (132), length 264)
    10.0.1.2.36412 > 192.168.0.2.36412: sctp
    1) [COOKIE ECHO]
IP (tos 0x2,ECT(0), ttl 63, id 0, offset 0, flags [DF], proto SCTP (132), length 36)
    192.168.0.2.36412 > 10.0.1.2.36412: sctp
    1) [COOKIE ACK]
IP (tos 0x2,ECT(0), ttl 64, id 1, offset 0, flags [DF], proto SCTP (132), length 108)
    10.0.1.2.36412 > 192.168.0.2.36412: sctp
    1) [DATA] (B)(E) [TSN: 3729658001] [SID: 0] [SSEQ 0] [PPID S1AP] [Payload:
    0x0000:  0011 0037 0000 0400 3b00 0800 02f8 5900  ...7....;.....Y.
    0x0010:  00e0 0000 3c40 1408 8065 4e42 2d45 7572  ....<@...eNB-Eur
    0x0020:  6563 6f6d 2d4c 5445 426f 7800 4000 0700  ecom-LTEBox.@...
    0x0030:  0000 4002 f859 0089 4001 40              [email protected]..@.@]
IP (tos 0x2,ECT(0), ttl 63, id 34221, offset 0, flags [DF], proto SCTP (132), length 48)
    192.168.0.2.36412 > 10.0.1.2.36412: sctp
    1) [SACK] [cum ack 3729658001] [a_rwnd 106437] [#gap acks 0] [#dup tsns 0]
IP (tos 0x2,ECT(0), ttl 63, id 34222, offset 0, flags [DF], proto SCTP (132), length 76)
    192.168.0.2.36412 > 10.0.1.2.36412: sctp
    1) [DATA] (B)(E) [TSN: 1757100737] [SID: 0] [SSEQ 0] [PPID S1AP] [Payload:
    0x0000:  2011 0017 0000 0200 6900 0b00 0002 f859  ........i......Y
    0x0010:  0000 0004 0001 0057 4001 0a              .......W@..]
IP (tos 0x2,ECT(0), ttl 64, id 2, offset 0, flags [DF], proto SCTP (132), length 48)
    10.0.1.2.36412 > 192.168.0.2.36412: sctp
    1) [SACK] [cum ack 1757100737] [a_rwnd 106469] [#gap acks 0] [#dup tsns 0]
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.2 tell 10.0.1.1, length 46
ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.1.2 is-at 50:7b:9d:29:a1:d7, length 28
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.1 tell 10.0.1.2, length 28
ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.1.1 is-at 2c:60:0c:6e:c2:a9, length 46
IP (tos 0x2,ECT(0), ttl 64, id 3, offset 0, flags [DF], proto SCTP (132), length 84)
    10.0.1.2.36412 > 192.168.0.2.36412: sctp
    1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 63, id 34223, offset 0, flags [DF], proto SCTP (132), length 84)
    192.168.0.2.36412 > 10.0.1.2.36412: sctp
    1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 63, id 34224, offset 0, flags [DF], proto SCTP (132), length 84)
    192.168.0.2.36412 > 10.0.1.2.36412: sctp
    1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 64, id 4, offset 0, flags [DF], proto SCTP (132), length 84)
    10.0.1.2.36412 > 192.168.0.2.36412: sctp
    1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 64, id 5, offset 0, flags [DF], proto SCTP (132), length 84)
    10.0.1.2.36412 > 192.168.0.2.36412: sctp
    1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 63, id 34225, offset 0, flags [DF], proto SCTP (132), length 84)
    192.168.0.2.36412 > 10.0.1.2.36412: sctp
    1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 63, id 34226, offset 0, flags [DF], proto SCTP (132), length 84)
    192.168.0.2.36412 > 10.0.1.2.36412: sctp
    1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 64, id 6, offset 0, flags [DF], proto SCTP (132), length 84)
    10.0.1.2.36412 > 192.168.0.2.36412: sctp
    1) [HB ACK]

COST UE

写白卡

pySIM 官方操作手册:https://osmocom.org/projects/pysim/wiki

  • 安装 libccid、pcscd 工具包
$ sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev python-pyscard
  • 扫描白卡读写设备
$ pcsc_scan
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau 
Using reader plug'n play mechanism
Scanning present readers...
0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00

Mon Dec  9 21:10:21 2019
 Reader 0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00
  Card state: Card inserted,
  ATR: 3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5

ATR: 3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
+ TS = 3B --> Direct Convention
+ T0 = 9F, Y(1): 1001, K: 15 (historical bytes)
  TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
    250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
  TD(2) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
  TA(3) = C7 --> Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ Historical bytes: 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01
  Category indicator byte: 80 (compact TLV data object)
    Tag: 3, len: 1 (card service data byte)
      Card service data byte: A0
        - Application selection: by full DF name
        - BER-TLV data objects available in EF.DIR
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card with MF
    Tag: 7, len: 3 (card capabilities)
      Selection methods: BE
        - DF selection by full DF name
        - DF selection by path
        - DF selection by file identifier
        - Implicit DF selection
        - Short EF identifier supported
        - Record number supported
      Data coding byte: 21
        - Behaviour of write functions: proprietary
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 2
      Command chaining, length fields and logical channels: 13
        - Logical channel number assignment: by the card
        - Maximum number of logical channels: 4
    Tag: 6, len: 7 (pre-issuing data)
      Data: 43 20 07 18 00 00 01
+ TCK = A5 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
	sysmoUSIM-SJS1 (Telecommunication)
	http://www.sysmocom.de/products/sysmousim-sjs1-sim-usim

  • 安装 pySIM 白卡读写软件
$ sudo apt-get install python-pip python-yaml
$ pip install -i https://pypi.tuna.tsinghua.edu.cn/simple pytlv
$ git clone git://git.osmocom.org/pysim pysim
$ cd pysim
  • 读卡
$ ./pySim-read.py -p0
Using PC/SC reader (dev=0) interface
Reading ...
ICCID: 8988211000000318025
IMSI: 901700000031802
SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
PLMNsel: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
PLMNwAcT:
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused

OPLMNwAcT:
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused

HPLMNAcT:
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused

ACC: 0004
MSISDN: Not available
AD: 00000002
Done !
  • 根据数据库记录确定写卡信息:
    • 数据库记录:
      • users 表:
        • imsi: 208950000000001
        • key: 8baf473f2f8fd09487cccbd7097c6862
        • OPc: 8e27b6af0e692e750f32667a3b14605d
        • mmeidentity_idmmeidentity: 7
      • mmeidentity 表:手动修改 users 的 mmeidentity_idmmeidentity 要与 mmeidentity 的 idmmeidentity 保持一致
mysql> select * from mmeidentity where idmmeidentity=7;
+---------------+-------------------+---------------+-----------------+
| idmmeidentity | mmehost           | mmerealm      | UE-Reachability |
+---------------+-------------------+---------------+-----------------+
|             7 | oai.openair4G.eur | openair4G.eur |               0 |
+---------------+-------------------+---------------+-----------------+

以上述可得到要写入的 SIM 卡信息:

  • IMSI: 208950000000001

  • Ki: 8baf473f2f8fd09487cccbd7097c6862

  • OPC: 8e27b6af0e692e750f32667a3b14605d

  • 写卡

$ ./pySim-prog.py -p 0 -t sysmoUSIM-SJS1  -a 00795698 -x 208 -y 95 -i 208950000000001 -s 8988211000000318025 -o 8e27b6af0e692e750f32667a3b14605d -k 8baf473f2f8fd09487cccbd7097c6862
Using PC/SC reader (dev=0) interface
Ready for Programming: Insert card now (or CTRL-C to cancel)
Generated card parameters :
 > Name     : Magic
 > SMSP     : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
 > ICCID    : 8988211000000318025
 > MCC/MNC  : 208/95
 > IMSI     : 208950000000001
 > Ki       : 8baf473f2f8fd09487cccbd7097c6862
 > OPC      : 8e27b6af0e692e750f32667a3b14605d
 > ACC      : None
 > ADM1(hex): 3030373935363938
Programming ...
Programming successful: Remove card from reader

$ ./pySim-read.py -p0
Using PC/SC reader (dev=0) interface
Reading ...
ICCID: 8988211000000318025
IMSI: 208950000000001
SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
PLMNsel: 02f859ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
PLMNwAcT:
	02f859ffff # MCC: 208 MNC:  95 AcT: UTRAN, E-UTRAN, GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused

OPLMNwAcT:
	02f859ffff # MCC: 208 MNC:  95 AcT: UTRAN, E-UTRAN, GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused
	ffffff0000 # unused

HPLMNAcT:
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused
	ffffffffff # unused

ACC: 0004
MSISDN: Not available
AD: 00000002
Done !

基于 OAI 部署私有的 4G EPS_第9张图片

手机连接 OA-RAN

  1. 白卡插入手机,并其他移动网络关闭。
  2. 针对白卡开启数据漫游、开启 4G、新建 APN。
  3. APN name 随便写,APN 一定要填写 oai.ipv4
  4. MCC 填 208,MNC 填 95,与 RAN 侧的配置保持一致。
  5. 接入成功后查看手机的 IP 地址是否为 PGW 地址池中分配的 IP 地址。
    基于 OAI 部署私有的 4G EPS_第10张图片
  6. 打开网页上网。

问题 1:启动 HSS 时触发异常

问题

ERROR  TLS: The certificate owner does not match the hostname 'oai.openair4G.eur'
ERROR  ERROR: in '((fd_conf_parse()))' :	Invalid argument

解决:检查 hostname,重新设置 hostname,然后重新生成证书,再重新启动 HSS

hostnamectl set-hostname oai

问题 2:扫描不到白卡读写设备

问题

root@oai:~# pcsc_scan
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau 
Compiled with PC/SC lite version: 1.8.14
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...

解决:使用 Ubuntu 18.04 操作系统

问题 3:UE 注册失败

问题:用 wireshark 抓 s1ap 协议发现 (IMSI unknown in HSS),MME log 如下。

Handling imsi 208950000000001
Message discarded ('Internal error: Answer received to locally issued request, but not handled by any handler.'):
EMM-CTX - get UE id 0x0000000D context 0x7f8de406f310
'Authentication-Information-Answer'
EMM-CTX - get UE id 0x0000000D context 0x7f8de406f310 by imsi 208950000000001
Version: 0x01
INFORMING NAS ABOUT AUTH RESP ERROR CODE
Command Code: 318
NO Valid Security Context Available

解决:对比 SIM 卡的信息和 oai_db 数据库表记录一致后,重启所有服务

  • SIM 卡信息:
    • IMSI: 208950000000001
    • Ki: 8baf473f2f8fd09487cccbd7097c6862
    • OPC: 8e27b6af0e692e750f32667a3b14605d
  • 数据库记录:
    • users 表:
      • imsi: 208950000000001
      • key: 8baf473f2f8fd09487cccbd7097c6862
      • OPc: 8e27b6af0e692e750f32667a3b14605d
      • mmeidentity_idmmeidentity: 7
    • mmeidentity 表:
mysql> select * from mmeidentity where idmmeidentity=7;
+---------------+-------------------+---------------+-----------------+
| idmmeidentity | mmehost           | mmerealm      | UE-Reachability |
+---------------+-------------------+---------------+-----------------+
|             7 | oai.openair4G.eur | openair4G.eur |               0 |
+---------------+-------------------+---------------+-----------------+

问题 4:手机没有分配到可用的 IP 地址

问题
基于 OAI 部署私有的 4G EPS_第11张图片

解决:重启所有服务,手机再重新接入 RAN。

你可能感兴趣的:(4G,EPS,第四代移动通信网络)