前段时间笔者去北京邮电大学参加了今年冬季的 OpenAirInterface Workshop Fall 2019,收获颇丰。尤其是对 Mosaic5G 演示的通过 Ubuntu Snap 来快速部署 OAI All-In-One 实验环境的方式印象深刻。Ubuntu Snap 部署方式的优点是快速便捷,适合新手入门体验 OAI,或者非通信专业人士搭建方案验证环境。但并不适合 OAI 开发者。本文主要是对 Ubuntu Snap 部署方式进行验证以及对 4G LTE/EPC 的实践学习。
注:下文部分内容摘自 PPT 《FlexRAN-Training》
建议在 Intel x86 架构上运行 OAI,因为 DSP(数字信号处理器)需要大量使用到整数指令集(SSE, SSE2, SSS3, SSE4, and AVX2)。OAI 在以下 CPU 型号完成了测试:
除了常见的 PC 之外,笔者也看见过有人在 UP Board(Intel Atom x5-Z8350 四核 CPU,4GB RAM,64GB eMMC)上跑。至于树莓派(Raspberry Pi)是不建议的,首先因为树莓派采用的是 ARM Cortex-A72 架构 CPU ,然后树莓派 4 才引入了 USB 3.0,这意味着旧版本的树莓派并不支持常见的 USRP RF 外设。简而言之,个人实验建议使用新一点的 PC。如果想做移动基站的话则可以考虑 UP Board。
总得来说,OAI 同时支持空口外设(硬件外设支持)和系统级仿真(纯软件)两种部署方式。有条件的话,笔者推荐入手 RF 外设,整体运行情况相对稳定,也更感性直观。同时可以选择的 RF 外设也很多,例如:USRP 系列或者 LimeSDR。笔者使用了是非官方版本的 USRP B210,便宜好用。
关于 USRP B210 更详细的介绍,请浏览《USRP B210 软件定义的无线网络支撑设备》。
在使用 RF 外设部署的场景中也有两种不同的 UE 侧部署方式,一种是使用 SIM 卡 + 手机的组合,另一种则是使用 PC + RF 外设模拟手机的组合。
当然了,除了在调试 UE 侧功能实现的场景中,后者则显得没有必要了。笔者也使用了前一个部署方式,需要 3 个要素:
白卡推荐使用德国 Sysmocom 产的 sysmoUSIM-SJS1,这种卡在国内是很少见的,可以上 taobao 或 xianyu 碰碰运气。需要注意的有两点,第一是首选新卡,否则 OAI 可能不支持;第二是购买时要确认白卡是具有 ADM key 的。关于 SIM 卡的详细信息可以浏览《读写可编程 SIM/USIM 卡》。不推荐使用常规的移动、联通、电信卡,实际上笔者也没有测试过是否可行,但听说是有些问题。
至于 SIM 卡读写设备选择就很多了,笔者选择的是 Omnikey CardMan 3121 USB CCID Reader,这个是 sysmoUSIM 官方文档推荐的读写设备,taobao 可购。需要注意的是,Omnikey 只是一个读写外设,具体的读写操作、管理还需要使用到额外 SIM 卡编程软件,在 Linux 操作系统上推荐使用 pySIM。关于 Omnikey + pySIM 的组合还有一个坑,就是要使用 Ubuntu 18.04,否则可能会遇见由于驱动缺失导致发现不了 Omnikey 设备的情况,这个在后文中有详细记录。Windows 操作系统可以考虑 SIM Personalize tools,不过这个工具也比较认白卡,有些新卡可能就只读不写了。
上面也提到了 UE 终端可以使用手机也可以使用 PC 模拟,但现在 OAI 的 UE 仿真很不太稳定,不是一个好的选择。至于手机的选择也有讲究,要注意手机的 Band(频段)和 eNB 的 Band 是一致的,否则手机无法搜索到你的 “网络运营商”。因为有些国产手机是不支持某些国外 Band 的,比如小米 5 就对国外的 Band7 支持得不完整。如果你选择了默认的 Band7 来部署 eNB(查看 eNB 配置文件中的配置项 eutra_band,e.g. eutra_band=7),那么就可能会出现问题。通常大厂的手机没有这个问题,但如果遇见了不妨检查一下。
高精度的参考时钟是可选的,假如在你试验的场景中,手机需要在多个 eNB 之间切换,此时才会需要,手机接入 eNB 会更快。高精度参考时钟可以使用 USRP B210 兼容的 GPS-DO 模块。如果你没有使用 USRP B210 也可以采用 GPS-DO 扩展板 + 板载的晶振模块(时钟模块)+ GPS 天线的组合,利用 GPS 的时间信号来进行时钟的校准。GPS-DO 比较贵,也可以使用外接的 OCXO 恒温晶振,不需要天线。
部署 OAI 的操作系统首选 Ubuntu Linux 发行版,因为 OAI 是在 Ubuntu 上进行开发的,所以这是目前最稳定的部署平台。笔者使用的是 Ubuntu 16.04 LTS。
NOTE 1:不建议在虚拟机上运行,因为某些虚拟机可能没有加载需要的 CPU feature。
NOTE 2:不建议在容器上运行,因为 EPC 需要安装内核模块。
OAI 对内核非常敏感,很多莫名其表的错误都是由内核不适应导致的,所以切记检查内核的版本。笔者使用的是 Ubuntu 16.04 自带的 Kernel 4.15.0,可以部署成功但不能就说是没有更好的选择了。
安装 low-latency kernel(低延时内核):
sudo apt-get install linux-lowlatency
sudo apt-get install linux-image-`uname -r | cut -d- -f1-2`-lowlatency
sudo apt-get install linux-headers-`uname -r | cut -d- -f1-2`-lowlatency
sudo reboot
加载了 GTP 内核模块(for OAI-CN):
sudo modprobe gtp
dmesg | tail # You should see something that says about GTP kernel module
OAI eNB 的实时性(Real-Time Operation)要求非常高,为了接入更多的 UE,需要进一步压榨 PC 的性能。CPU 调频功能允许操作系统通过提高或降低 CPU 的频率来达到省电目的,这里我们将 CPU 的频率打满,不让操作系统自己控制 CPU 的频率。
在 BIOS 中移除电源管理功能(P-states, C-states)
在 BIOS 中关闭超线程(hyper-threading)
禁用 Intel CPU 的 P-state 驱动(Intel CPU 专用的频率调节器驱动)
sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_pstate=disable"
GRUB_CMDLINE_LINUX_DEFAULT="quiet processor.max_cstate=1 intel_idle.max_cstate=0 idle=poll"
sudo update-grub
sudo vi /etc/modprobe.d/blacklist.conf
blacklist intel_powerclamp
reboot
sudo apt-get install cpufrequtils
sudo vi /etc/default/cpufrequtils
...
GOVERNOR="performance"
sudo update-rc.d ondemand disable
sudo /etc/init.d/cpufrequtils restart
sudo vim /etc/apt/sources.list
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install git vim openssh-server i7z subversion
Ubuntu Snap,详见《Ubuntu Snap 简述》
科学上网
# Install OAI-CN as a snap:
sudo snap install oai-cn --channel=edge --devmode
# Check the installation:
sudo oai-cn.help
sudo oai-cn.hss-init
sudo oai-cn.hss-conf-get
hss_fd.conf
, change Identity
to match .openair4G.eur
(e.g. hostname as oai
)vi /var/snap/oai-cn/29/hss_fd.conf
Identity = "oai.openair4G.eur";
hss.conf
, ensure the right MySQL username and password. Set OPERATOR_key
to 1111…
vi /var/snap/oai-cn/current/hss.conf
HSS :
{
## MySQL mandatory options
MYSQL_server = "127.0.0.1"; # HSS S6a bind address
MYSQL_user = "root"; # Database server login
MYSQL_pass = "linux"; # Database server password
MYSQL_db = "oai_db"; # Your database name
## HSS options
#OPERATOR_key = "1006020f0a478bf6b699f15c062e42b3"; # OP key matching your database
OPERATOR_key = "11111111111111111111111111111111"; # OP key matching your database
RANDOM = "true"; # True random or only pseudo random (for subscriber vector generation)
## Freediameter options
FD_conf = "/var/snap/oai-cn/current/hss_fd.conf";
};
# 安装 MySQL,账户设置为 root/linux
sudo apt-get install mysql-server mysql-client
# 安装 apache2
sudo apt-get install apache2
# 安装 PHP
apt-get install php7.0
apt-get install libapache2-mod-php7.0
# 安装 phpmyadmin
sudo apt-get install phpmyadmin
sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
sudo a2enconf phpmyadmin
sudo /etc/init.d/apache2 reload
sudo service apache2 restart
sudo oai-cn.hss-init
(会生成 oai_db 数据库,所以执行之前要安装好 MySQL)sudo oai-cn.hss
Initializing S6a layer: DONE
sudo oai-cn.mme-init
sudo oai-cn.mme-conf-get
mme_fd.conf: Identity
needs to match hostname, ConnectPeer
maybe toovi /var/snap/oai-cn/current/mme_fd.conf
...
Identity = "oai.openair4G.eur";
...
ConnectPeer= "oai.openair4G.eur" { ConnectTo = "127.0.0.1"; No_SCTP ; No_IPv6; Prefer_TCP; No_TLS; port = 3868; realm = "openair4G.eur";};
mme.conf
HSS_HOSTNAME
GUMMEI_LIST
and TAI_LIST
NETWORK_INTERFACES: MME_IPV4_ADDRESS_FOR_S1_MME
to 127.0.1.10/24
, MME_IPV4_ADDRESS_FOR_S11_MME
to 127.0.11.1/8
S-GW: SGW_IPV4_ADDRESS_FOR_S11
to 127.0.11.2/8
vi /var/snap/oai-cn/current/mme.conf
MME :
{
...
S6A :
{
...
HSS_HOSTNAME = "oai"; # THE HSS HOSTNAME
};
...
# ------- MME served GUMMEIs
# MME code DEFAULT size = 8 bits
# MME GROUP ID size = 16 bits
GUMMEI_LIST = (
{MCC="208" ; MNC="95"; MME_GID="4" ; MME_CODE="1"; } # YOUR GUMMEI CONFIG HERE
);
# ------- MME served TAIs
# TA (mcc.mnc:tracking area code) DEFAULT = 208.34:1
# max values = 999.999:65535
# maximum of 16 TAIs, comma separated
# !!! Actually use only one PLMN
TAI_LIST = (
{MCC="208" ; MNC="95"; TAC = "1"; } # YOUR TAI CONFIG HERE
);
...
NETWORK_INTERFACES :
{
# MME binded interface for S1-C or S1-MME communication (S1AP), can be ethernet interface, virtual ethernet interface, we don't advise wireless interfaces
MME_INTERFACE_NAME_FOR_S1_MME = "lo"; # YOUR NETWORK CONFIG HERE
MME_IPV4_ADDRESS_FOR_S1_MME = "127.0.1.10/24"; # YOUR NETWORK CONFIG HERE
# MME binded interface for S11 communication (GTPV2-C)
MME_INTERFACE_NAME_FOR_S11_MME = "lo"; # YOUR NETWORK CONFIG HERE
MME_IPV4_ADDRESS_FOR_S11_MME = "127.0.11.1/8"; # YOUR NETWORK CONFIG HERE
MME_PORT_FOR_S11_MME = 2123; # YOUR NETWORK CONFIG HERE
};
...
S-GW :
{
# S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used
SGW_IPV4_ADDRESS_FOR_S11 = "127.0.11.2/8"; # YOUR NETWORK CONFIG HERE
};
sudo oai-cn.mme
Peer .openair4G.eur is now connected...
NOTE:如果是分布式部署不能使用 lo 的话,就需要根据实际的网络情况首先配置好网卡和 IP 地址。例如:
ifconfig enp3s0:s1 192.168.0.2 netmask 255.255.255.0 up
ifconfig enp3s0:mmes11 192.168.0.3 netmask 255.255.255.0 up
否则 S1-C 接口建立的时候会触发 Failed to create new SCTP listener
错误,因为 S1-C 接口是在 SCTP 协议之上实现的。
sudo oai-cn.spgw-init
spgw.conf
:
SGW_IPV4_ADDRESS_FOR_S11
to 127.0.11.2/8
SGW_IPV4_ADDRESS_FOR_S1U_S12_S4_UP
to 127.0.1.10/24
PGW_INTERFACE_NAME_FOR_SGI
: the interface to the InternetDEFAULT_DNS_IPV4_ADDRESS
: your DNSvi /var/snap/oai-cn/29/spgw.conf
...
S-GW :
{
NETWORK_INTERFACES :
{
# S-GW binded interface for S11 communication (GTPV2-C), if none selected the ITTI message interface is used
SGW_INTERFACE_NAME_FOR_S11 = "lo"; # STRING, interface name, YOUR NETWORK CONFIG HERE
SGW_IPV4_ADDRESS_FOR_S11 = "127.0.11.2/8"; # STRING, CIDR, YOUR NETWORK CONFIG HERE
# S-GW binded interface for S1-U communication (GTPV1-U) can be ethernet interface, virtual ethernet interface, we don't advise wireless interfaces
SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP = "lo"; # STRING, interface name, YOUR NETWORK CONFIG HERE, USE "lo" if S-GW run on eNB host
SGW_IPV4_ADDRESS_FOR_S1U_S12_S4_UP = "127.0.1.10/24"; # STRING, CIDR, YOUR NETWORK CONFIG HERE
SGW_IPV4_PORT_FOR_S1U_S12_S4_UP = 2152; # INTEGER, port number, PREFER NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING
...
P-GW =
{
NETWORK_INTERFACES :
{
# P-GW binded interface for S5 or S8 communication, not implemented, so leave it to none
PGW_INTERFACE_NAME_FOR_S5_S8 = "none"; # STRING, interface name, DO NOT CHANGE (NOT IMPLEMENTED YET)
# P-GW binded interface for SGI (egress/ingress internet traffic)
PGW_INTERFACE_NAME_FOR_SGI = "wlp4s0"; # STRING, YOUR NETWORK CONFIG HERE
PGW_MASQUERADE_SGI = "yes"; # STRING, {"yes", "no"}. YOUR NETWORK CONFIG HERE, will do NAT for you if you put "yes".
UE_TCP_MSS_CLAMPING = "no"; # STRING, {"yes", "no"}.
};
...
sudo oai-cn.spgw
Initializing SPGW-APP task interface: DONE
# Install OAI-RAN as a snap:
sudo snap install oai-ran --channel=edge --devmode
# Check the installation:
sudo oai-ran.help
sudo oai-ran.enb-conf-get
plmn_list
mme_ip_address
NETWORK_INTERFACES
max_rxgain
parallel_config
to PARALLEL_SINGLE_THREAD
FLEXRAN_ENABLED
(no)downlink_frequency
N_RB_DL
to 25
vi /var/snap/oai-ran/34/enb.band7.tm1.50PRB.usrpb210.conf
...
eNBs =
(
{
...
plmn_list = ( { mcc = 208; mnc = 95; mnc_length = 2; } );
...
////////// MME parameters:
mme_ip_address = ( { ipv4 = "127.0.1.10";
ipv6 = "192:168:30::17";
active = "yes";
preference = "ipv4";
}
);
...
NETWORK_INTERFACES :
{
ENB_INTERFACE_NAME_FOR_S1_MME = "lo";
ENB_IPV4_ADDRESS_FOR_S1_MME = "127.0.1.30/24";
ENB_INTERFACE_NAME_FOR_S1U = "lo";
ENB_IPV4_ADDRESS_FOR_S1U = "127.0.1.30/24";
ENB_PORT_FOR_S1U = 2152; # Spec 2152
ENB_IPV4_ADDRESS_FOR_X2C = "192.168.12.111/24";
ENB_PORT_FOR_X2C = 36422; # Spec 36422
};
...
RUs = (
{
local_rf = "yes"
nb_tx = 1
nb_rx = 1
att_tx = 0
att_rx = 0;
bands = [7];
max_pdschReferenceSignalPower = -27;
max_rxgain = 125;
eNB_instances = [0];
}
);
...
THREAD_STRUCT = (
{
#three config for level of parallelism "PARALLEL_SINGLE_THREAD", "PARALLEL_RU_L1_SPLIT", or "PARALLEL_RU_L1_TRX_SPLIT"
#parallel_config = "PARALLEL_RU_L1_TRX_SPLIT";
parallel_config = "PARALLEL_SINGLE_THREAD";
#two option for worker "WORKER_DISABLE" or "WORKER_ENABLE"
worker_config = "WORKER_ENABLE";
}
);
...
NETWORK_CONTROLLER :
{
FLEXRAN_ENABLED = "no";
FLEXRAN_INTERFACE_NAME = "lo";
FLEXRAN_IPV4_ADDRESS = "127.0.0.1";
FLEXRAN_PORT = 2210;
FLEXRAN_CACHE = "/mnt/oai_agent_cache";
FLEXRAN_AWAIT_RECONF = "no";
};
...
any
interface, capture filter port 36412
sudo oai-ran.enb
启动 eNB 时,会与 MME 连接 SCTP 连接,在此之上再连接 S1-AP 协议通信。SCTP 连接建立过程如下:
IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto SCTP (132), length 68)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [INIT] [init tag: 2598459195] [rwnd: 106496] [OS: 2] [MIS: 2] [init TSN: 3729658001]
IP (tos 0x2,ECT(0), ttl 63, id 0, offset 0, flags [DF], proto SCTP (132), length 292)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [INIT ACK] [init tag: 1333122844] [rwnd: 106496] [OS: 2] [MIS: 2] [init TSN: 1757100737]
IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto SCTP (132), length 264)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [COOKIE ECHO]
IP (tos 0x2,ECT(0), ttl 63, id 0, offset 0, flags [DF], proto SCTP (132), length 36)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [COOKIE ACK]
IP (tos 0x2,ECT(0), ttl 64, id 1, offset 0, flags [DF], proto SCTP (132), length 108)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [DATA] (B)(E) [TSN: 3729658001] [SID: 0] [SSEQ 0] [PPID S1AP] [Payload:
0x0000: 0011 0037 0000 0400 3b00 0800 02f8 5900 ...7....;.....Y.
0x0010: 00e0 0000 3c40 1408 8065 4e42 2d45 7572 ....<@...eNB-Eur
0x0020: 6563 6f6d 2d4c 5445 426f 7800 4000 0700 ecom-LTEBox.@...
0x0030: 0000 4002 f859 0089 4001 40 [email protected]..@.@]
IP (tos 0x2,ECT(0), ttl 63, id 34221, offset 0, flags [DF], proto SCTP (132), length 48)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [SACK] [cum ack 3729658001] [a_rwnd 106437] [#gap acks 0] [#dup tsns 0]
IP (tos 0x2,ECT(0), ttl 63, id 34222, offset 0, flags [DF], proto SCTP (132), length 76)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [DATA] (B)(E) [TSN: 1757100737] [SID: 0] [SSEQ 0] [PPID S1AP] [Payload:
0x0000: 2011 0017 0000 0200 6900 0b00 0002 f859 ........i......Y
0x0010: 0000 0004 0001 0057 4001 0a .......W@..]
IP (tos 0x2,ECT(0), ttl 64, id 2, offset 0, flags [DF], proto SCTP (132), length 48)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [SACK] [cum ack 1757100737] [a_rwnd 106469] [#gap acks 0] [#dup tsns 0]
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.2 tell 10.0.1.1, length 46
ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.1.2 is-at 50:7b:9d:29:a1:d7, length 28
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.1.1 tell 10.0.1.2, length 28
ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.1.1 is-at 2c:60:0c:6e:c2:a9, length 46
IP (tos 0x2,ECT(0), ttl 64, id 3, offset 0, flags [DF], proto SCTP (132), length 84)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 63, id 34223, offset 0, flags [DF], proto SCTP (132), length 84)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 63, id 34224, offset 0, flags [DF], proto SCTP (132), length 84)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 64, id 4, offset 0, flags [DF], proto SCTP (132), length 84)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 64, id 5, offset 0, flags [DF], proto SCTP (132), length 84)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 63, id 34225, offset 0, flags [DF], proto SCTP (132), length 84)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [HB ACK]
IP (tos 0x2,ECT(0), ttl 63, id 34226, offset 0, flags [DF], proto SCTP (132), length 84)
192.168.0.2.36412 > 10.0.1.2.36412: sctp
1) [HB REQ]
IP (tos 0x2,ECT(0), ttl 64, id 6, offset 0, flags [DF], proto SCTP (132), length 84)
10.0.1.2.36412 > 192.168.0.2.36412: sctp
1) [HB ACK]
pySIM 官方操作手册:https://osmocom.org/projects/pysim/wiki
$ sudo apt-get install pcscd pcsc-tools libccid libpcsclite-dev python-pyscard
$ pcsc_scan
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau
Using reader plug'n play mechanism
Scanning present readers...
0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00
Mon Dec 9 21:10:21 2019
Reader 0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00
Card state: Card inserted,
ATR: 3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
ATR: 3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
+ TS = 3B --> Direct Convention
+ T0 = 9F, Y(1): 1001, K: 15 (historical bytes)
TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
TD(2) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
TA(3) = C7 --> Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ Historical bytes: 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01
Category indicator byte: 80 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: A0
- Application selection: by full DF name
- BER-TLV data objects available in EF.DIR
- EF.DIR and EF.ATR access services: by GET RECORD(s) command
- Card with MF
Tag: 7, len: 3 (card capabilities)
Selection methods: BE
- DF selection by full DF name
- DF selection by path
- DF selection by file identifier
- Implicit DF selection
- Short EF identifier supported
- Record number supported
Data coding byte: 21
- Behaviour of write functions: proprietary
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
Command chaining, length fields and logical channels: 13
- Logical channel number assignment: by the card
- Maximum number of logical channels: 4
Tag: 6, len: 7 (pre-issuing data)
Data: 43 20 07 18 00 00 01
+ TCK = A5 (correct checksum)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 9F 96 80 1F C7 80 31 A0 73 BE 21 13 67 43 20 07 18 00 00 01 A5
sysmoUSIM-SJS1 (Telecommunication)
http://www.sysmocom.de/products/sysmousim-sjs1-sim-usim
$ sudo apt-get install python-pip python-yaml
$ pip install -i https://pypi.tuna.tsinghua.edu.cn/simple pytlv
$ git clone git://git.osmocom.org/pysim pysim
$ cd pysim
$ ./pySim-read.py -p0
Using PC/SC reader (dev=0) interface
Reading ...
ICCID: 8988211000000318025
IMSI: 901700000031802
SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
PLMNsel: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
PLMNwAcT:
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
OPLMNwAcT:
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
HPLMNAcT:
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ACC: 0004
MSISDN: Not available
AD: 00000002
Done !
mysql> select * from mmeidentity where idmmeidentity=7;
+---------------+-------------------+---------------+-----------------+
| idmmeidentity | mmehost | mmerealm | UE-Reachability |
+---------------+-------------------+---------------+-----------------+
| 7 | oai.openair4G.eur | openair4G.eur | 0 |
+---------------+-------------------+---------------+-----------------+
以上述可得到要写入的 SIM 卡信息:
IMSI: 208950000000001
Ki: 8baf473f2f8fd09487cccbd7097c6862
OPC: 8e27b6af0e692e750f32667a3b14605d
写卡
$ ./pySim-prog.py -p 0 -t sysmoUSIM-SJS1 -a 00795698 -x 208 -y 95 -i 208950000000001 -s 8988211000000318025 -o 8e27b6af0e692e750f32667a3b14605d -k 8baf473f2f8fd09487cccbd7097c6862
Using PC/SC reader (dev=0) interface
Ready for Programming: Insert card now (or CTRL-C to cancel)
Generated card parameters :
> Name : Magic
> SMSP : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
> ICCID : 8988211000000318025
> MCC/MNC : 208/95
> IMSI : 208950000000001
> Ki : 8baf473f2f8fd09487cccbd7097c6862
> OPC : 8e27b6af0e692e750f32667a3b14605d
> ACC : None
> ADM1(hex): 3030373935363938
Programming ...
Programming successful: Remove card from reader
$ ./pySim-read.py -p0
Using PC/SC reader (dev=0) interface
Reading ...
ICCID: 8988211000000318025
IMSI: 208950000000001
SMSP: ffffffffffffffffffffffffffffffffffffffffffffffffe1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
PLMNsel: 02f859ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
PLMNwAcT:
02f859ffff # MCC: 208 MNC: 95 AcT: UTRAN, E-UTRAN, GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
OPLMNwAcT:
02f859ffff # MCC: 208 MNC: 95 AcT: UTRAN, E-UTRAN, GSM, GSM COMPACT, cdma2000 HRPD, cdma2000 1xRTT
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
ffffff0000 # unused
HPLMNAcT:
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ffffffffff # unused
ACC: 0004
MSISDN: Not available
AD: 00000002
Done !
oai.ipv4
。问题:
ERROR TLS: The certificate owner does not match the hostname 'oai.openair4G.eur'
ERROR ERROR: in '((fd_conf_parse()))' : Invalid argument
解决:检查 hostname,重新设置 hostname,然后重新生成证书,再重新启动 HSS
hostnamectl set-hostname oai
问题:
root@oai:~# pcsc_scan
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau
Compiled with PC/SC lite version: 1.8.14
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...
解决:使用 Ubuntu 18.04 操作系统
问题:用 wireshark 抓 s1ap 协议发现 (IMSI unknown in HSS),MME log 如下。
Handling imsi 208950000000001
Message discarded ('Internal error: Answer received to locally issued request, but not handled by any handler.'):
EMM-CTX - get UE id 0x0000000D context 0x7f8de406f310
'Authentication-Information-Answer'
EMM-CTX - get UE id 0x0000000D context 0x7f8de406f310 by imsi 208950000000001
Version: 0x01
INFORMING NAS ABOUT AUTH RESP ERROR CODE
Command Code: 318
NO Valid Security Context Available
解决:对比 SIM 卡的信息和 oai_db 数据库表记录一致后,重启所有服务
mysql> select * from mmeidentity where idmmeidentity=7;
+---------------+-------------------+---------------+-----------------+
| idmmeidentity | mmehost | mmerealm | UE-Reachability |
+---------------+-------------------+---------------+-----------------+
| 7 | oai.openair4G.eur | openair4G.eur | 0 |
+---------------+-------------------+---------------+-----------------+
解决:重启所有服务,手机再重新接入 RAN。