Okay, so before beginning just a question, how many persons are from network enterprise
service or something like this or work with core networks?
Okay, so I want my own cell phone network. So that's why you're here and first of all,
I'm Alessandro Cieri, I work for one of Italian service provider and I work for exactly
cellular network engineering and IP network engineering and I use open source software
and Linux from many years now. Then just a few, just a little index because the first part
is just a theoretical part because we need to understand some concept in order to make
a network, a cellular network and then we have a demo so okay, we will play with hardware.
I'll try to be as clear as possible about this. No, okay, so what are we talking about?
We are talking about an APC network, so 5G core, sorry, 4G core and it's the core that's
actually serving your cellular at the moment. If a smartphone you are connected to the blue
blocks inside the slide, so central one and this is also the high level so it's the panorama
network, it's post. The UE is your smartphone, so the normal terminal, then you have the run
or the radio part of the network, the towers and the ref equipment, then you have the core
network which is the brain of the world problem and then you have multiple interactions with
other services because the package core is just for packets, it's in those packets of
the network, not the world services, they are connected on other parts of the network and
are integrated by specific interface, so that's the big picture. But even the core network
is created by simple functions that are responsible for just one task and it's composed by functions
and so these are just logical, not real nodes in the strict term, maybe in commercial open
source implementation they are combined in one node, they are split but these are the
roles, let me say, of the nodes and for every node we have a specific function, for example,
the first node we are going to talk about is the MME which is the brain of the network
because it's responsible for dealing with the signaling or in other terms the interaction
between all the elements in this kind of network, so it's the brain, it's the element that's
making the decisions and it coordinates also the other nodes. After that we have the HSS
which is the node responsible for authentication, it's the user database talking about a bigger
picture and the HSS is responsible for authentication because every user is authenticated, that's
his own keys, otherwise I will be able to make calls from any of every number and it also
handles the authorization, which service I am able to get with my SIM. Then we have the DNS
which is not strictly a 3GPP name but it's real DNS because in 4G networks the discovery
and the topology of the nodes is described by DNS records and the MME is responsible to
get its kind of configuration or IPN resolution by making queries to DNS into specific records
and making decisions based on the answer it gets. For example, if I have a TSC tracking area
which is a common name for the area that is served by my radio, I have to get other information
from other nodes that have to handle the traffic and this information are gotten by DNS. The
first information I have to get for the example of people is the S gateway which is just a
decoupling element because the S gateway is the anchor point between the network itself
that is the centralized network and the radio part which is completely into the wild, it's
on radio sites so it's distributed on the territory. In order to get this you have this element
that decouples the plane between the internal part of the network, the core interface let
me say and the edge or the access path through the network that is the run and the B. Then
we have the real router because it's the router more or less of the network that is the packet
gateway and it's only just to handle the traffic of the user. If you have familiarity with the
fixed network access it's the BNG or the broadband access gateway of a mobile network and
there it's also the element that gives you IP, network configuration and for example the
detection of what traffic are you doing and how it has to be charged. The last part of the
network is the PCRF that is a policy enforcer. If you are using the metaphor usable from
the fixed network it's kind of the radius of the mobile infrastructure because it's handling
your QS. How much data you can make? What kind of QS you have? You are a prioritized user,
a normal user, so it gets you the data about this. In the beginning we talked about packet
core network. Now I was just to focus you on the packet term because it's the key point of an
LTE network. If you are familiar with other kind of network, the 2G1 or 3G1, there were
networks that were made for making calls. So the problem was I have my user on the territory,
I want them to make calls together, just for service. Then the data arrived as a don. So the
data network was emulated as a call, like the ALAP times in the 90s. The new network, instead
the LTE network, it's a completely different paradigm. My focus is when the user is connected
it's able to make data. The real problem is making just data. Phone service, value of the
service are just supplementary service. The real problem is making data, open NPN. From
this little difference, all the other parts of the network are just some elaboration of
it because if I'm making data I use an IP network, IP transport network, no, and all the SSN
network or circuit driving network. That's my problem. So I use new protocols that are
carried by IP packets. So my data IP packets, my transport protocol, it's IP, so I make IP
network. And then if I use IP network I can also use some code software because I don't
need specific or let me say custom because in the old days network equipment they're very, very, very
custom equipment. But I can use really standard and also commercial equipment because the big
part of the problem is the software, not the hardware. In the old days the problem was the
hardware because I had to implement my protocols just in hardware. And for example many commercial
implementation of connectors from many vendors are on normal interplatform or normal, let me
say servers, not like in the old days there were very specialized hardware, very, how to say
very specialized hardware, ASICs and just circuit boards that were making the computation in just
one matter. So no upgradeable, no software reconfiguration, we had the board and the board just
know how to do something. And the last point is that in the old days the network was, let me say
very trusted. So it's a problem for the user to authenticate to the network but from the point of
view of the user the network is always a safe zone. So if I'm able to connect to the network it doesn't
mean that network is good, I can connect to it. So we have many news about spoofed networks or
other, let me say an essay like mechanism that are used to fake a network and to make users to connect
to them. In 4G and in 5G it's also stricter. This policy we have a sort of mutual authentication. So the
user needs to authenticate to the network to get the service but also the network is some way
authenticated by the user and I know when I connect to the network that I'm connected to my
network not to someone that is impersonating it. And the most part of this picture we see before is about
dealing with signaling. Signaling is the real nervous system of the network because it's basically
commands between network elements that make the network acts like expected. And for a basic procedure
like attach that is the first thing your phone do when it's powered up, we have really a lot of
signaling because just the first part it's on the radio. That's part of it's just for the UI which is
the signal to the radio. Then we start dealing with the core network and signaling because the
terminal asks for the network for, I want to attach what I have to do. And then the network reacts on
this. It's the MME that is doing the work coordination part because it's asking for example for keys
because we're talking about network authentication. The authentication is done by keys. I have one key
into the HSS, I have one key on the SIM card and I have to check if these keys are the same. If they are
the same I can attach to the network otherwise I'm not the user. I'm another one that is trying to
coordinate me. So the MME is asking for keys, the HSS is answering back with keys. Then the procedure is
propagated to the user. There is a challenge response mechanism so I calculate an hash, I send you the
challenge with this hash, I expect it from you, I correct answer. If it's not good you are not where
you are trying to be. If the authentication is good I start with the security procedures. It's an
agreement on the keys and protocols that I'm using on the radio interface. After that I'm just
authenticated to the network, I'm still not connected. And now if I'm authenticated I start with
the network. Okay, now you know I'm the user, I know you are the network. I have to understand where I can
put my data. So you start with some location procedure. We just have two major scopes. The first one
for the request is related to giving the network the place where the user is. It's called update location
request. So the user is in that location and from this procedure I get a response that is update location
answer. In the answer I have my profile as user. For example, what resources are you able to open? This
APN, this other APN, you are able to make this kind of traffic, this kind of pipe. Otherwise you have these
resources on the radio, bigger one, less one. So at this point we have the profile, we have just the
profile because now the MME knows what the user can or cannot do. And at this point the MME starts another
procedure that is related to, okay, now I know the user, I know what can do, where this user can attach, where he
can put his data. Who is the node that is responsible for his service? And the decision about this is done by
querying the DNS, like we said before, because it's a dynamic system. So I put my talk and my APN, I get back
the two information I need, which is my S gateway for the run handling and which is my P gateway responsible for my
internet traffic, let me select this. So query a response and then I can finally start with making the tunnel
because the traffic is tunneled to the core network in GTP town. And basically I start a procedure for create the session,
so create session request, it's propagated, then I hit the pcrf here, which says, okay, which kind of traffic
are you applying, which is your QoS, pcrf, and then I can create finally my session. So at this point I can finally make traffic.
All this procedure, it's completed, every time you power up your phone or every time you move from a cell to another, in real time.
You have lots of this procedure. And the core network is engineered in order to make this procedure really, really fast because you
have millions of it in your commercial network. Last concept we have to talk about, last theoretical argument, core network is all on the
signaling part in contra position with the user plane part. This paradigm can be really pushed to the bleeding edge because I can,
for example, in the old implementation I had control plane and user plane on the same node. So I had to run specialized hardware with
specialized signaling in order to get the service. And with the 4G networks I have the QoS paradigm, which means basically control user
separation. So this is my control plane part, which is basically the intelligent part of the problem, which is making decisions and
communicating with other elements. And then I have my traffic, my user traffic just here. This is the user part, which is also called
UPF, and UPF is just network handling. I get my rules from the control part and I process the traffic using these rules.
In other words, this is something I can easily replace, reconstruct, change implementation, make it containerized because it's just computational power.
And this is network handling. So it's payload intensive, but it's standard. I have just two or three commands and I communicate with these
commands. Okay. That was the theoretical part of the problem, but now we want our network because the tool was, I want my own network.
And the problem is that when one thinks about telco network, it seems like black magic, no one knows how it works. It's not something you, if you're
uninvolved in them, it's not something you study more or less sometimes. But there are a lot of open source implementation. For example, open
5GS that is one I use, next APC, SLS run, and also Osmo come for all their networks. So there are a lot of implementation. And they are all
working. And for example, open 5GS is also a release 17 compliant, which is one of the last standard that is published. So it's something that is driving my
community, but it's also usable because it's not like mock up. It's real implementation. So it's really implementing a lot of service.
Your telco provider may use everything of these features. And this is just the whole ecosystem that is implemented by open 5GS, which is a combo 4G or 5G network.
And I recommend both standards. Okay, too much talking, demo time, because the idea is that you can literally power up your telco provider with just a laptop and some hardware.
Let's say which hardware. We need compute power, container AZ, VM, container. You can choose whenever you want because it's open source. So you can recompile and do whenever you
want. I personally use containers because it's for me. You need to know the interaction of the components of the component itself. So the theory we had, we, we
had it before. So the interactions and some of the standards. And then we start with the hardware. You need an SDR because really not be are really, really expensive, but with the new radio and some other software you can have your
SDR acting as you not be. And then you have to also have some, let me say, a ref hardware, especially something to shield because in most countries, 5G, 4G and 5G or also all telephony frequency are strictly
volamentated. So you cannot go into the air. Otherwise, they will, you will stop the service from others, form a real or a legacy service provider. So for example, here my setup is just with a ref cable. So no ref, no ref emissions.
Then another tool that make your life easy and that they can say it loud. It's an RF spectrum analyzer because it's the only part you can, you cannot see. So it's one of the most important instruments you need to, to, to own in order to deal with their
problems. And then last part, you need SIM cards because as we said before, all networks doesn't usually identify new networks, does not mutilate indication. So you need to have a real C. R. R.
So I have SIM card to write out with the kids and a lot of time. So. Time was most over so I will quickly that's the content.
Yeah, that is the implementation. It's always on this laptop, which is offline. So it's always there and it's made by containers. So the blue one are from open, open fact. Yes. The red one is from SRS, SRS, SRS run, which is a project from SRS LT that make a speech tomorrow. So come and see it.
Then we are our RF hardware, which is user and SDR and the just a Mongo database in order to put the user data.
And then I try to make you just the quick demo.
Okay.
Okay.
No time.
Okay. Okay.
Okay. I'll fire up my SDR that quickly easy. I just power up the corner, which is really, really, really fast.
Let's start and then I just connect my UI.
I forgot to power up the not be so it's not working right now.
Okay.
And now we are lucky we should see the connection itself. So it sees our in of the.
This is connected. This is actually modulating and then from Unix network manager.
I should be able to make the connection.
And connected that mod indicated and.
And I'm able to reach.
So this pink is going from the laptop that's this user equipment coming to the modern from the modern meets send to the RF equipment and then it's handled by the big gateway.
So the nine nine nine it's not connect on the laptop, but it's on the big gateway container.
And basically.
This is my traffic. This is my traffic.
Okay.
Sorry.
Okay.
So.
Yeah.
Yeah.
Yeah.
Yeah.
I'll try you know.
Yeah.
Yeah.
Yeah.
Yeah.
Yeah.
No.
Yeah.
Yeah.
Yeah.
Okay.
Sorry.
Yeah.