srsLTE

• List of equipment:

4x Taoglas TG.55.8113W SMA antennas, 600 MHz - 6 GHz Datasheet

Nuand BladeRF 2.0 xA4 (USB 3.x) Datasheet

Workstation specs: AMD R9 3950X, AMD RX5700XT 50th Anniversary Edition, 32 GB Crucial 3200 MHz DDR4, 1 TB Samsung 970 Evo NVMe (PCI-E Gen 3)

• List of software and dependencies:

Ubuntu 20.04 LTS

srsLTE: Source

BladeRF: Source

packages: cmake libfftw3-dev libmbedtls-dev libboost-program-options-dev libconfig++-dev libsctp-dev libusb-0.1-0 libusb-0.1-0-dev

Disclaimer: The fork of srsLTE needed to set the flag ‘upperLayerIndication-r15 : true’ and to request NRBands in the UE cap are is not public nor shared here. Ongoing efforts are being made to publish support for 3GPP Rel15 in the srsLTE public repository. Credit to olkitu and HandyMenny for providing me with the required source for this project. Nevertheless this guide is still valid for launching srsLTE with the BladeRF, just without NR support.

Step 1: Prepare the build environment:

Install all required build dependencies via apt, git clone the srsLTE repository to a suitable location

Step 2: Build BladeRF

git clone https://github.com/Nuand/bladeRF.git
cd bladeRF
mkdir build
cd build
cmake ../
make
sudo make install
sudo ldconfig

Step 3: Update the BladeRF firmware and load an FPGA image

• Obtain the firmware image here
• Obtain the FPGA image here

Upgrade the firmware

bladeRF-cli -f /home/user/Downloads/bladeRF_fw_latest.img

Load the FPGA image to the SPI for automatic loading on powerup

bladeRF-cli -L /home/user/Downloads/hostedxA4-latest.rbf

Power cycle the unit

Step 3: Build srsLTE:

git clone https://github.com/srsLTE/srsLTE.git
cd srsLTE
mkdir build
cd build
cmake ../
make
sudo make install
sudo ldconfig

Step 4: Configure srsLTE:

Copy the example configuration files to /etc

sudo -i
mdkir -p /etc/srslte/
cp /usr/local/share/srslte/epc.conf.example /etc/srslte/epc.conf
cp /usr/local/share/srslte/user_db.csv.example /etc/srslte/user_db.csv
cp /usr/local/share/srslte/enb.conf.example /etc/srslte/enb.conf
cp /usr/local/share/srslte/rr.conf.example /etc/srslte/rr.conf
cp /usr/local/share/srslte/sib.conf.example /etc/srslte/sib.conf
cp /usr/local/share/srslte/drb.conf.example /etc/srslte/drb.conf

Modify the epc.conf to suit your needs. Fields I’ve modified are:

• Change the DNS for the EPC to something of your liking

  dns_addr = 1.1.1.1

Modify the enb.conf to suit your needs. Fields I’ve modified are:

• Reduce the bandwidth to 5 MHz to account for frequency drift on the SDR

  n_prb = 25

• Enable TM4 with CQI reporting back to the eNB for 2x2 MIMO

  tm = 4

• Enable 2Tx2Rx (2x2 MIMO)

  nof_ports = 2

• set the EARFCN (frequency), don’t use frequencies you’re not allowed to use or used in the vicinity of your area. The EARFCN given below is an example. Calculate your EARFCN using this tool here dl_earfcn = 9460

• set the TX gain, high enough to reach your UE tx_gain = 80

• set the RX gain to suit your needs, if set too low the SDR won’t be sensitive enough to hear the UEs response. You can also comment it out to disable and instead use AGC (automatic gain control) rx_gain = 40

• set the device_name to BladeRF to avoid autoselection to any other SDRs or sound cards connected to the system device_name = bladeRF

• reset the device_args, not needed for BladeRF device_args =

• set the timing advance to 27 samples to compensate for RF delay with the BladeRF time_adv_nsamples = 27

• set the preamble to zero for BladeRF burst_preamble_us = 0

Add the SIM card information to user_db.csv

This assumes you already have a programmable USIM, USIM card reader/writer, and software i.e. GRSIMWrite.

Set the MCC-MNC (PLMN) of the SIM card to match that of the EPC, in this case 001-01. Generate an IMSI based on that PLMN of 001-01. Copy down the KI (key), IMSI, and OPC values.

Enter those into your user_db.csv:

• column 1: name of UE (your choosing)
• column 2: authentication method (LTE on USIM uses Milenage/MIL)
• column 3: IMSI (dec format)
• column 4: Key (hex format)
• column 5: OP type (in this case, OPC)
• column 6: OPC value (hex format)
• column 7: AMF (can use my example here, it’s not needed otherwise but will fail to launch if left blank)
• column 8: QSN (can use my example here, it’s not needed otherwise but will fail to launch if left blank)
• column 9: QCI (QoS indicator, default is 9, leave it default, srsLTE doesn’t handle different QoS levels anyway)

• column 10: IP_alloc (set this to dynamic to be served an IP from the srsEPC during RRC Attach)

• example:

  ue,mil,001019876543210,ffffffffffffffffffffffffffffffff,opc,ffffffffffffffffffffffffffffffff,8000,000000000250,9,dynamic

Step 5: Launch the EPC (evolved packet core)

sudo srsepc

If successful, you will see something like this:

--  Software Radio Systems EPC  ---

Reading configuration file /etc/srslte/epc.conf...
HSS Initialized.
MME S11 Initialized
MME GTP-C Initialized
MME Initialized. MCC: 0xf001, MNC: 0xff01
SPGW GTP-U Initialized.
SPGW S11 Initialized.
SP-GW Initialized.
Received S1 Setup Request.
S1 Setup Request - eNB Name: srsenb01, eNB id: 0x19b
S1 Setup Request - MCC:001, MNC:01, PLMN: 61712
S1 Setup Request - TAC 7, B-PLMN 0
S1 Setup Request - Paging DRX 2
Sending S1 Setup Response

Step 5: Launch the eNB (eNodeB)

sudo srsenb

If successful, you will see something like this:

Built in Release mode using commit 66c4beeb on branch 19.9.0.

---  Software Radio Systems LTE eNodeB  ---

Reading configuration file /etc/srslte/enb.conf...
Opening 1 RF devices with 2 RF channels...
Opening bladeRF...
Set RX sampling rate 1.92 Mhz, filter BW: 1.92 Mhz
Setting frequency: DL=731.5 Mhz, UL=701.5 MHz
set TX frequency to 731500032
set RX frequency to 701500030
Setting Sampling frequency 11.52 MHz

==== eNodeB started ===
Type <t> to view trace
Set RX sampling rate 11.52 Mhz, filter BW: 9.22 Mhz
Setting manual TX/RX offset to 27 samples

Step 6: Insert SIM card in your UE and attach