Welcome to the home page of Charles N Wyble. Charles is a 24 year old systems guy, hacker and entrepreneur currently living in El Monte CA, with his wife of 3 years.

He is currently employed as a system engineer for Ripple TV with responsibility for a nation wide advertising network.

In his spare time he serves as Chief Technology Officer for the SoCalWiFI.net project, runs a hacker space in the San Gabriel Valley and tries to save the local economy.

Friday, June 26, 2009

[Fwd: Some initial investigation on GPRS support]

Happy hacking indeed...

-------- Original Message --------
Subject: Some initial investigation on GPRS support
Date: Thu, 25 Jun 2009 21:16:59 +0200
From: Harald Welte <laforge@gnumonks.org>
To: openbsc@lists.gnumonks.org


I've started to analyze GPRS and was actually even starting to write
some code
for it, but then have given up for the time being - it's much more work than

Given the long todo list of OpenBSC right now, I think I'll have put
aside GPRS
for some time :(

Based on looking at protocol traces, I have figured out the nanoBTS
implementation roughly looks as follows:

* make sure we allow the BTS to activate the GPRS software components
in abis_nm / OML activation!
* BTS will use a UDP connection on port 23000 for the GPRS related frames.
The GSM specs will consider this type of connection between the PCU (part
of the nanoBTS) and the SGSN. The establishment/configuration of the
UDP port number and SGSN ip address has not yet been identified.
similar to how the RSL link is activated via OML.

The protocol stack looks like:

IP : UDP : NSIP : BSSGP : LLC : higher-layer

IP and UDP you should know and/or not care about ;)
NSIP is a IP-enabled version of NS as specified in TS 08.16
BSSGP is specified in TS 08.18
LLC is as specified in TS 04.64

the higher-layer depends on the SAPI value of the LLC and can be
* GMM (GPRS Mobility Management as specified in 04.08)
* User Data (actual IP packets, e.g.)

So what is weird about this is that the GPRS MM is actually part of
04.08, but
it is not terminated at the BSC but rather at the SGSN. Also, the deep
comprised of many headers is really weird. Furthermore, it seems that a lot
of the packet scheduling and timeslot allocation is happening inside the
nanoBTS - very unlike the GSM side of things.

I have not yet managed to figure out how to allocate/dedicate resources to
GPRS.. after all, the BTS needs to know how many timeslots it can use
for it,

If anyone wants to dig deeper, you're most welcome to do so. A list of
relevant specs:

01.61 GPRS cipher algorithm requirements
03.60 Overall GRPS logical architecture (above RL and MAC)
03.64 GPRS radio interface
04.60 RLC/MAC on PDCH
04.64 MS-SGSN LLC spec (on top of RLC/MAC)
08.14 BSS SGSN Gb Layer 1
08.16 BSS SGSN Gb Layer 2
08.18 BSS SGSN BSS GPRS protocol
09.95 Interworking between modified PLMN supporting legacy GPRS and GPRS
22.060 GPRS Service Spec
23.060 GPRS Radio Service Spec
29.016 SGSN - VLR Interface Gs network interface spec
29.018 SGSN - VLR Interface Gs layer3 interface spec
29.060 GPRS Tunneling (GTP) over Gn and Gp

Happy hacking,
- Harald Welte <laforge@gnumonks.org> http://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7
Ch. A6)

No comments: