本文从宏观上介绍LTE的开机注册到网络的流程,便于我们建立整体认识。
UE开机后在SIM卡初始化还未完成前,会先尝试获取限制服务。获取限制服务后可以支持拨打紧急电话
从AP侧可以看到SIM卡READ的状态。从modem侧,过滤NAS消息,当SIM卡初始化完成后会发出CM_SIM_AVAILABLE_CNF消息。
选择PLMN的时候会从SIM卡中读取,及配置文件中读取已有的PLMN信息,如RPLMN(上次驻留的PLMN),HPLMN(SIM卡中的HPLMN),EHPLMN(等价的HPLMN,可以在NV65602中配置)等,device_config配置。
会先搜索小区,然后选择(S准则)合适小区,最后驻扎在小区上。
连接过程:
UE 发起业务时,更新TA(trace area),寻呼响应
重配置过程::
网络端下发重配置请求,UE完成后反馈重配置请求完成。主要是参数配置,切换执行等操作。
上行数据过程:
测量切换流程:
以下是LTE入网流程分析,从开机上电搜网到注册到网络的过程 。
选择PLMN的时候会从SIM卡中读取,及配置文件中读取已有的PLMN信息,如RPLMN(上次驻留的PLMN),HPLMN(SIM卡中的HPLMN),EHPLMN(等价的HPLMN,可以在NV65602中配置)等,device_config配置。
// NAS reads PLMN information from SIM
21:18:51.828 reg_sim.c 1836 H CS RPLMN(1-1)
21:18:51.829 reg_sim.c 1576 H HPLMN(001-001)
21:18:51.829 reg_sim.c 2406 H Forbidden PLMN list (length = 4)
21:18:51.829 reg_sim.c 2410 H # MCC-MNC
21:18:51.829 reg_sim.c 2423 H 0 310-017
21:18:51.830 reg_sim.c 2031 H RPLMN RAT Search Order (UMTS-GSM)
使用频率扫描,UE选择用于驻留的频率/ EARFCN。
有两种类型的频率扫描:
1. System scan, also known as List Frequency scan (similar to Acq DB scan)
上层应提供EARFCN列表,请求带宽和双工模式到L1
2.Band scan, also known as Full Frequency scan
上层应提供频带索引和L1允许的带宽集
Log Analysis – System Scan
//Automatic service Request
11458 76:00:16:20.595reg_state.c1171HCM_SERVICE_REQ –AUTOMATIC
11491 89:00:16:20.600emm_reg_handler.c475HEMM: Received MMR_REG_REQ
//NAS sends service request to AS
11494 81:00:16:20.600emm_rrc_if.c310HEMM: Sent LTE_RRC_SERVICE_REQ
//RRC sends LTE_CPHY_START_REQ to ML1
11537 81:00:16:20.603lte_ml1_mgr_stm.c6923MLTE_CPHY_START_REQ
//LTE AS is initialized
11675 97:00:16:20.620lte_ml1_mgr_cphy_cnf_handlers.c976MLTE_CPHY_START_CNF
Status: 0
11680 89:00:16:20.620lte_ml1_mgr_stm.c12645LL1M: INACTIVE STATE ENTER
//ML1 initiates System Scan request
11704 153:00:16:20.620lte_ml1_sm_main.c1118HSM: Sys Scan Req module 1 num_sys 1
min_sys 0 early_abort 0 sys[0] band 13 earfcn 5230 bw 50
//RF tune request
11705 113:00:16:20.620lte_ml1_sm_main.c641HSM: RX cfg req freq 5230 BW 50 cell_id 65535
Log Analysis – Band Scan
//Acquisition database search (System Scan) is exhausted. No system found
11497 89:00:47:21.166lte_rrc_csp.c3603HCSP: All entries tried in acq list
11498 81:00:47:21.166lte_rrc_csp.c9373HCSP: Exhausted acquisition list
//Initiate Band Scan
11506 89:00:47:21.166lte_rrc_csp.c2191XCSP: Sending 1 bands in band scan
11507 81:00:47:21.166lte_rrc_csp.c2210XCSP: Sent Band Scan Request
11520 105:00:47:21.175rtr8600_lte.c866HRF LTE RX is tuned to band 13 and frequency 5230
LTE小区搜索实际上就是PSS ( Primary Synchronization Signal ) / SSS ( Secondary Synchronization Signal)同步,实现UE对小区的识别和下行同步。
//搜索可用网络
17:33:26.156 reg_state.c 06955 ds1=REG= CM_NETWORK_LIST_REQ
解系统消息
// 设置BCH-PCCPCH来读取SIB
21:18:52.010 rrcsibproc.c 7392 H RRC_GET_SPECIFIC_SIBS_REQ cmd received
21:18:52.012 rrcllc.c 4749 H Sending CPHY_SETUP_REQ to L1 (PCCPCH)
21:18:52.063 rrcllc.c 24825 H Rcvd RRC_CPHY_SETUP_CNF from L1: 1
21:18:52.747 rrcsibproc.c 6503 H Sending GET_SPECIFIC_SIBS_CNF cmd
通过获取PSS / SSS / MIB,UE可以获得参考信号(RS)、位置(基于小区ID),并读取到DLSCH中的所有预定SIB
// 评估小区选择标准(S标准)WCDMA/L1过滤
21:18:52.750 l1mcmd.c 1223 H Received CELL_SELECTION_REQ
21:18:52.753 srchbch.c 1425 H 2*ecio=-5 2*squal=43 srxlv=18
21:18:52.753 rrcllc.c 27319 H Rcv’d RRC_CPHY_CELL_SELECTION_CNF
21:18:52.753 srchbch.c 1300 H CELL_SEL_CNF 2*sq 43,rxlv 18
21:18:52.753 srchbch.c 1469 H Cell Selection Succeed
// RRC小区选择过程声明驻扎成功
21:18:52.804 rrccsp.c 10034 H Camped on suitable cellID 0
RRC连接要建立,就要进行上行同步,也就是随机接入, 随机接入过程参考协议3GPP TS 36.300 10.1.5 Random Access Procedure。
随机接入分为竞争和非竞争两种:
1) 基于竞争的随机接入的场景有: ①从RRC_IDLE状态接入②无线链路失败发起的接入③UE处于RRC_CONNECTED时有上行数据要发送;
2) 基于非竞争的随机接入场景有: ①切换过程的随机接入②UE处于RRC_CONNECTED时有下行数据到达
可以通过过滤OTA消息,清楚的看到注册的信令流程。
以下日志是NAS层的日志
17:33:53.904 msg_lib_encode_emm.c 01273 ds1Encoding Attach request
17:33:53.904 msg_lib_encode_esm.c 00550 ds1MSG_LIB: completed encoding PDN_CONNECTIVITY_REQ
//发起attach请求,attach msg中包含有PDN的信息,同时会激活PDN
17:33:54.302 emm_security.c 01057 ds1=EMM= Received AUTHENTICATION REQUEST message
//收到网络侧的鉴权请求
17:33:54.635 emm_security.c 01476 ds1=EMM= Sending AUTHENTICATION RESPONSE message
//鉴权完成
17:33:55.003 emm_esm_handler.c 00616 ds1=EMM= Sending ATTACH_COMPLETE
//注册完成
17:33:55.006 emm_reg_handler.c 02911 ds1=EMM= sent MMR_REG_CNF
17:33:55.010 reg_state.c 07938 ds1=REG= CS_PS_SERVICE on HPLMN(460-0)
//获取到CS PS的服务
17:33:55.010 reg_send.c 00649 ds1=REG= CM_SERVICE_CNF
//注网流程完成