OpenBTS Workshop

Surya Institute

October 29th 2012

Me

Me

• Graduate Student at UC Berkeley
• Computer Science
• Technology and Infrastructure for Emerging Regions (TIER)
• Working for
• Eric Brewer (CS)
• Tapan Parikh (iSchool)

Me

• Graduate Student at UC Berkeley
• Employee at Range Networks
• Company built off OpenBTS
• Developer
• Community Relations Manager
• Open-source Manager

Me

• Graduate Student at UC Berkeley
• Employee at Range Networks

Everything in this talk is my opinion alone and does not represent anything from Range Networks!

Cellular Telephony

A brief background

OpenBTS

What is it?

OpenBTS

• Bridges Cellular (GSM) and Internet (VoIP)

Components

• OpenBTS
• The actual transceiver/bridge
• sipauthserve
• The Home Location Registrar (HLR)
• smqueue
• The Short Message Service Center (SMSC)
• RRLPService
• The Radio Resource Location Protocol Server
• Does location services

Demo

Evil Telco (ETS)

ETS

• System I have built for demonstrating what a mobile network knows about you
• Primarily for activists in conflict countries
• Record all calls/sms
• Filter SMS
• Detect encrypted SMS
• Capture IMSI/IMEI/Location

Burning Man

Burning Man

• 5 Sites
• 3 Multi-channel
• 2 Single-channel
• 1000+ subscribers
• 1.5 days of "Open Registration"
• 7500+ calls
• Mostly outbound

Papua, Indonesia

The Village Base Station

• My Thesis project
• BTS Optimized for off-grid rural deployments by small operators
• Will be deploying in rural papua
• Right now! That's why I'm here.

The Village Base Station

• Basic idea, turn the BTS when not in use
• Use "Wake up radio" to wake the BTS when needed
• Saves up to 85% of the power
• Call this "virtual coverage"

Virtual Coverage

Virtual Coverage

Virtual Coverage

Virtual Coverage

Virtual Coverage

Virtual Coverage

Virtual Coverage

Virtual Coverage

Virtual Coverage

Other Projects

Other Projects

• Thomas Tsou
• Virginia Tech
• Developer on OpenBTS
• Working on MultiARFCN support for Ettus radios
• And other stuff
• Fairwaives
• Chemeris/Surav et al
• Developing open hardware
• UmTRX
• Handover for public release
• GPRS Support for public release

Other Projects

• Range Networks
• Founded by original OpenBTS developers
• David Burgess/Harvind Samra
• ~ 10 Employees
• Provide commercial (non-GPL) release of OpenBTS
• GPRS Support
• Handover Support
• Sell "telcom-grade" equipment

Getting Started

Hardware

• Open Hardware
• Ettus Equipment
• USRP1
• Requires clock/solder
• Cost
• USRP: 700USD
• 2 RFX900s: 550USD
• Antennas: 60USD
• Clocktamers: 300USD
• Total: ~1600USD
• Quality:
• Medium, with right equipment could build reasonable large-scale BTS

Hardware

• Open Hardware
• Ettus Equipment
• USRP1
• B100
• Works "out of the box"
• No clock modifications
• Cost
• B100: 650USD
• RFX1800: 275USD
• Total: 900USD
• Ettus sells package of B100+RFX1800 for 770USD
• Quality
• Low, good enough for test bed
• Clock primary limiter
• Channel separation for 1 daughterboard is another

Hardware

• Open Hardware
• Range Networks
• RAD1
• Custom designed
• Cost
• 5000 USD Alone
• 15000 USD for 5150 - Commercial BTS solution
• Quality
• Very good, designed for major telcos

Software

• The software radio is connected to a computer, which runs OpenBTS
• Operating System
• Any *nix machine
• Linux/BSD (Mac)/Etc
• OpenBTS
• Available here: https://wush.net/trac/rangepublic
• Contains information on
• Downloading source code
• Building code
• Configuring OpenBTS

Issues

Issues

• Spectrum License
• GSM operates in licensed spectrum
• Major Telcos pay literally billions for these licenses
• They won't share

Issues

• Spectrum License
• Telcom Interconnect
• Need to interface with existing phone networks
• VoIP
• Commonly done with Direct Inward Dialing (DID)
• Required by law to be provided in US
• ISDN/Hardware etc
• SS7/MAP
• Roaming agreement
• Access to telco HLR
• Not yet implemented in OpenBTS

Kurtis Heimerl

Email: kheimerl@cs.berkeley.edu

Twitter: @kheimerl

tier.cs.berkeley.edu

cs.berkeley.edu/~kheimerl