Neels Hofmeyr | 8c8ebb1 | 2017-09-18 16:19:30 +0200 | [diff] [blame] | 1 | [[net]] |
| 2 | == Configuring the Core Network |
| 3 | |
| 4 | The core network parameters are configured by the config file (as in `osmo-msc |
| 5 | -c osmo-msc.cfg`). The config file is parsed by the VTY, which is also |
| 6 | available via telnet in the running `osmo-msc` instance. Be aware that even |
| 7 | though you may be able to change these parameters without restarting |
| 8 | `osmo-msc`, some may not take immediate effect, and it is safest to use the |
| 9 | config file to have these parameters set at startup time. |
| 10 | |
| 11 | The core network parameters are found in the `config` / `network`. |
| 12 | |
| 13 | A full reference to the available commands can be found in the _OsmoMSC VTY |
| 14 | reference manual_ <<vty-ref-osmomsc>>. This section describes only the most |
| 15 | commonly used settings. |
| 16 | |
| 17 | Here is an overview of the config items, described in more detail below: |
| 18 | |
| 19 | ---- |
| 20 | network |
| 21 | network country code 262 |
| 22 | mobile network code 89 |
| 23 | mm info 1 |
| 24 | short name OsmoMSC |
| 25 | long name OsmoMSC |
| 26 | authentication required |
| 27 | encryption a5 3 |
| 28 | ---- |
| 29 | |
| 30 | [TIP] |
| 31 | ==== |
| 32 | Use the telnet VTY interface to query the current configuration of a running |
| 33 | `osmo-msc` process: |
| 34 | |
| 35 | ---- |
| 36 | $ telnet localhost 4254 |
| 37 | OsmoMSC> enable |
| 38 | OsmoMSC# show running-config |
| 39 | ---- |
| 40 | |
| 41 | Some parameters may be changed without restarting `osmo-msc`. To reach the |
| 42 | `network` node, enter: |
| 43 | |
| 44 | ---- |
| 45 | OsmoMSC> enable |
| 46 | OsmoMSC# configure terminal |
| 47 | OsmoMSC(config)# network |
| 48 | OsmoMSC(config-net)# short name Example-Name |
| 49 | OsmoMSC(config-net)# exit |
| 50 | OsmoMSC(config)# |
| 51 | ---- |
| 52 | |
| 53 | The telnet VTY features tab-completion as well as context sensitive help shown |
| 54 | when entering a `?` question mark. |
| 55 | |
| 56 | You can always use the `list` VTY command or enter `?` on the blank prompt to |
| 57 | get a list of all possible commands at the current node. |
| 58 | ==== |
| 59 | |
| 60 | |
| 61 | === MCC/MNC |
| 62 | |
| 63 | The key identities of every GSM PLMN is the Mobile Country Code and the Mobile |
| 64 | Network Code. They are identical over the entire network. In most cases, the |
| 65 | MCC/MNC will be allocated to the operator by the respective local regulatory |
| 66 | authority. For example, to set the MCC/MNC of 262-89, have this in your |
| 67 | osmo-msc.cfg: |
| 68 | |
| 69 | ---- |
| 70 | network |
| 71 | network country code 262 |
| 72 | mobile network code 89 |
| 73 | ---- |
| 74 | |
| 75 | |
| 76 | === Configuring MM INFO |
| 77 | |
| 78 | The _MM INFO_ procedure can be used after a successful _LOCATION UPDATE_ in |
| 79 | order to transmit the human-readable network name as well as local time zone |
| 80 | information to the MS. By default, _MM INFO_ is not active, i.e. `0`. Set to `1` |
| 81 | to activate this feature: |
| 82 | |
| 83 | ---- |
| 84 | network |
| 85 | mm info 1 |
| 86 | short name OsmoMSC |
| 87 | long name OsmoMSC |
| 88 | ---- |
| 89 | |
| 90 | [NOTE] |
| 91 | ==== |
| 92 | Not all phones support the MM INFO procedure. If a phone is not |
| 93 | factory-programmed to contain the name for your MCC/MNC, it will likely only |
| 94 | provide a numeric display of the network name, such as _262-89_, or show the |
| 95 | country code transformed into a letter, such as _D 89_. |
| 96 | ==== |
| 97 | |
| 98 | The time information transmitted is determined by the local system time of the |
| 99 | operating system on which OsmoMSC is running. |
| 100 | |
| 101 | |
| 102 | === Authentication |
| 103 | |
Neels Hofmeyr | 75bdbbf | 2019-08-01 17:14:50 +0200 | [diff] [blame] | 104 | A subscriber's IMSI must be entered in the HLR database to be able to attach. A |
| 105 | subscriber-create-on-demand feature is also available, see the _OsmoHLR |
| 106 | reference manual_ <<userman-osmohlr>>. |
Neels Hofmeyr | 8c8ebb1 | 2017-09-18 16:19:30 +0200 | [diff] [blame] | 107 | |
Neels Hofmeyr | 75bdbbf | 2019-08-01 17:14:50 +0200 | [diff] [blame] | 108 | A known IMSI in the HLR may or may not have authentication keys associated, |
| 109 | which profoundly affects the ability to attach and the algorithms used to |
| 110 | negotiate authentication, as the following sections explain for 2G and 3G. |
| 111 | |
| 112 | ==== Authentication on 2G |
| 113 | |
| 114 | If authentication tokens (such as KI for 2G, or K and OP/OPC for UMTS) are |
| 115 | present in the HLR, OsmoMSC will only attach a subscriber after successful |
| 116 | authentication. Note that the 3G authentication keys are also used on 2G when |
| 117 | the MS indicates UMTS AKA capability, in which case the full UMTS style mutual |
| 118 | authentication may indeed take place on 2G (GERAN). |
| 119 | |
| 120 | On 2G, if no authentication keys are present in the HLR for a given subscriber, |
| 121 | OsmoMSC will attach the subscriber _without_ authentication. Subscribers that |
| 122 | lack authentication keys can always be rejected with this setting: |
Neels Hofmeyr | 8c8ebb1 | 2017-09-18 16:19:30 +0200 | [diff] [blame] | 123 | |
| 124 | ---- |
| 125 | network |
| 126 | authentication required |
| 127 | ---- |
| 128 | |
Neels Hofmeyr | 75bdbbf | 2019-08-01 17:14:50 +0200 | [diff] [blame] | 129 | ==== Authentication on 3G |
| 130 | |
| 131 | 3G (UTRAN) always requires authentication (a.k.a. Integrity Protection) by |
| 132 | specification, and hence authentication keys must be present in the HLR for a |
| 133 | subscriber to be able to attach on 3G. |
| 134 | |
| 135 | OsmoMSC always indicates UIA1 and UIA2 as permitted Integrity Protection |
| 136 | algorithms on 3G. |
| 137 | |
Neels Hofmeyr | 8c8ebb1 | 2017-09-18 16:19:30 +0200 | [diff] [blame] | 138 | === Ciphering |
| 139 | |
| 140 | To enable ciphering on the radio link, authentication must take place first: |
Neels Hofmeyr | 75bdbbf | 2019-08-01 17:14:50 +0200 | [diff] [blame] | 141 | the Kc resulting from authentication is the key used for ciphering. Hence, to |
| 142 | be able to use ciphering, a subscriber must have authentication tokens |
| 143 | available in the HLR. |
| 144 | |
| 145 | ==== Ciphering on 2G |
Neels Hofmeyr | 8c8ebb1 | 2017-09-18 16:19:30 +0200 | [diff] [blame] | 146 | |
| 147 | The MS, BTS and MSC must agree on a ciphering algorithm to use. |
| 148 | |
| 149 | - The MS sends its supported ciphering algorithms via Classmark IEs during |
| 150 | Location Updating. |
| 151 | - Typically the BSC needs to know which A5 ciphers are supported by connected |
Neels Hofmeyr | 75bdbbf | 2019-08-01 17:14:50 +0200 | [diff] [blame] | 152 | BTSes, see the `network / encryption a5` configuration item for OsmoBSC |
| 153 | <<vty-ref-osmobsc>>. |
Neels Hofmeyr | 8c8ebb1 | 2017-09-18 16:19:30 +0200 | [diff] [blame] | 154 | - Finally, OsmoMSC may impose that specific A5 ciphers shall not be considered. |
| 155 | |
| 156 | It is the responsibility of the BSC to then pick an A5 cipher that satisfies |
| 157 | all requirements. |
| 158 | |
| 159 | - In OsmoMSC, A5/0 means that ciphering is turned off. |
| 160 | + |
| 161 | ---- |
| 162 | network |
| 163 | encryption a5 0 |
| 164 | ---- |
| 165 | |
| 166 | - A5/1 and A5/3 are currently supported by Osmocom. |
| 167 | + |
| 168 | ---- |
| 169 | network |
Neels Hofmeyr | 75bdbbf | 2019-08-01 17:14:50 +0200 | [diff] [blame] | 170 | encryption a5 1 3 |
Neels Hofmeyr | 8c8ebb1 | 2017-09-18 16:19:30 +0200 | [diff] [blame] | 171 | ---- |
| 172 | |
| 173 | - Never use A5/2: it is an "export grade cipher" and has been deprecated for |
| 174 | its low ciphering strength. |
| 175 | |
Neels Hofmeyr | 75bdbbf | 2019-08-01 17:14:50 +0200 | [diff] [blame] | 176 | - To allow either no encryption or any of A5/1 or A5/3 based on the presence of |
| 177 | authentication keys and abilities of the MS, SIM and BSC configuration, it is |
| 178 | recommended to enable all ciphers in OsmoMSC. The highest available A5 cipher |
| 179 | will be used; the order in which the A5 options are configured does not |
| 180 | affect the choice. |
| 181 | + |
| 182 | ---- |
| 183 | network |
| 184 | encryption a5 0 1 3 |
| 185 | ---- |
| 186 | |
| 187 | ==== Ciphering on 3G |
| 188 | |
| 189 | While authentication is always required on 3G, ciphering is optional. |
| 190 | |
Neels Hofmeyr | 4dfb2ba | 2019-08-13 16:00:37 +0200 | [diff] [blame] | 191 | So far OsmoMSC allows switching ciphering on 3G either on or off -- the default |
| 192 | behavior is to enable ciphering. (Individual choice of algorithms may be added |
| 193 | in the future.) |
| 194 | |
| 195 | Disable 3G ciphering: |
| 196 | |
| 197 | ---- |
| 198 | network |
| 199 | encryption uea 0 |
| 200 | ---- |
| 201 | |
| 202 | Enable 3G ciphering (default): |
| 203 | |
| 204 | ---- |
| 205 | network |
| 206 | encryption uea 1 2 |
| 207 | ---- |
Neels Hofmeyr | 75bdbbf | 2019-08-01 17:14:50 +0200 | [diff] [blame] | 208 | |
| 209 | OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G. |