On the recent THC release on the Vodafone femtocell
I am mainly posting this to prevent any more people mailing me about
this release. There's nothing really spectacular here.
Starting from 2009 on, the usual suspects (aka OpenBSC developers) have
been looking at various 3G femtocells, including the Vodafone one (I
have 10 of them here). Aside from that Alcatel-Lucent design that
Vodafone uses, we've also looked at the Cisco/AT+T/ip.access design, as
well as the Ubiquisys/SFR one. With some effort you can root all of
them, and you can then make sure they don't connect to the respective
operator but to an IP address of your choosing.
The protocols are vendor-dependent. The Vodafone femtocell uses a
version of RANAP (the protocol between RNC and MSC in UMTS) behind an 8
byte proprietary header. As RANAP is specified in the 3GPP, it was
pretty easy to build a small piece of code that interacts with the unit.
Ubiquisys (used by SFR) uses the UMA protocols, and the
Cisco/ip.access/AT+T design uses a proprietary ip.access protocol called
URSL (sort-of a "progression" of the 2G RSL to UMTS).
Supporting them from OpenBSC is not easy. While the call control and
SMS transfer protocols of 3G are identical to GSM, everything below
doesn't really bear much resemblance. I would guess it would take at
least a man-month to get basic signalling, call + SMS support working,
if not more.
Given the fact that the femtocells all speak their vendor-proprietary
dialects, and given that they often come with license terms that
only permit the use of their firmware in combination with their gateway
located at the operator network, we never thought it is a high priority
item for us to work on.
What you also have to consider, is that their output power of 20dBm is
even less than the 200mW of typical small-scale GSM BTS, and that they
typically only support the operation of 4 concurrent phones. Nothing
that you would be able to run e.g. a conference telephony network on.
Furthermore, due to the wide channels (5MHz), it is very likely that all
available sprectrum has been auctioned off/licensed to commercial
operators, so it's almost impossible to get something like a test
license. In GSM with 200kHz channels, there's often still a guard band
or some unallocated channel that can be used.
If you really want to have some free software + femtocell based 3G
network, go ahead and do it. The option existed for years now, ever
since femtocells started shipping to the market. All of them are some
form of embedded Linux systems. Rooting them isn't really different
from rooting a Linux based WiFi router / DSL modem. So what's that
new about the THC release? That a vendor of Linux embedded devices
chose a trivial password? If you're surprised by that, I guess you
haven't taken apart many embedded devices then.
Syndicated 2011-07-14 02:00:00 from Harald Welte's blog