Private LTE with LimeSDR and srsRAN – Part 2 (Hardware)

|

Introduction

If you managed to land here without seeing part one in my series on setting up my own private LTE network, you may want to check that out first.

Continuing from where we left off, having compiled all the libraries and software required to setup a private LTE network using LimeSDR and srsRAN. The next step involves rigging up the SDR and mobile device ready for them to communicate.

This post therefore covers the few options I considered for getting the mobile device and the SDR talking over the air….or in this case over some cables.

Hardware

Given that in the UK all the LTE bands fall within licensed regions of the spectrum (to the best of my knowledge), transmitting over the air sadly isn’t an option. Although for the 10dBm power output of the LimeSDR, it may be possible to apply for a shared access licence from Ofcom, which I may investigate at a later date.

For now then the solution will be to connect the eNodeB (SDR) directly to the user equipment (a random modem I found lying around) via RF cables. Thereby preventing or at least severely limiting the transmission of RF into the environment.

As I’m not an RF engineer, the following arrangement was suggested to me by past colleagues, who were using it for their private LTE setup.

Having only just acquired the SDR I didn’t want to immediately damage its receiver by overloading it. I therefore also ran it past a current colleague who is far more knowledgable on RF than I’ll ever be. His comment was:

I don’t think you’ll have an RF problem

Anonymous RF engineer

That’s good enough for me….although I can’t be sure he didn’t have his eyes closed at the time.

My setup therefore is as follows:

SDR Cabled Connection To Modem

The power splitter/combiner I’m using (a Mini-Circuits ZAPD-4-S+) operates from 2Ghz – 4.2Ghz. In order to keep within this range I’ve decided to operate in LTE Band 7 (2500 – 2570 MHz uplink and 2620 – 2690 MHz downlink).

The SDR has two ports for each of its transmitters and three ports for each of its receivers. The schematic indicates that the different ports are tuned for different bands. The splitter is therefore connected to the SDR via TX1_2 and RX1_H.

My primary concern with this setup was looking to protect the SDR from damage, either from its own transmitter or that of the LTE modem. The SDR’s receiver’s maximum power input is somewhere around 11dBm.

The power splitter / combiner provides 25dB of isolation between the two input ports. Therefore 10dBm – 25dBm = -15dBm. The SDR’s receiver will be perfectly safe from its own transmitter, before considering cable losses.

The random modem I’m using is a Sierra Wireless MC7455 which according to it’s datasheet has a maximum transmit power of 23dBm +/- 1dBm. Therefore 24 – 30 = -6Bm at the SDR receiver. Again it should be safe, even before considering losses from the splitter/combiner and cabling.

Given that the LimeSDR has a maximum transmit power output of 10dBm, with the 30dB attenuator the maximum power seen by the LTE modem will be 10 – 30 = -20dBm before cable losses are considered. I couldn’t find any limits within the datasheet of the Sierra Wireless modem, however my RF engineer colleague says it should be ok 😅.

My test setup in real-life is therefore:

Hardware Setup with LimeSDR and Sierra Wireless MC7455

In part three we’ll be looking at acquiring and programming our own private SIM cards.

Was this article helpful?
YesNo
, , , ,

2 responses to “Private LTE with LimeSDR and srsRAN – Part 2 (Hardware)”

  1. Craig avatar

    Hi Phil,

    Could you advise why it will be necessary to program your own SIMs. Would it be possible to have other providers roam on your network and you simply not bill them? Are there authentication or protocol challenges that would prevent that?

    1. Phil Greenland avatar
      Phil Greenland

      Hi Craig,

      I’m not an expert when it comes to the finer details of the operator side of LTE networks.

      My understanding is that the mobile device and network look to implement mutual authentication, with each checking the identity of the other. As to prevent situations like a man-in-the-middle attack.

      When an SIM roams by attaching to another provider’s network the same authentication process is performed. With the network to which the SIM belongs assisting. There will be an agreement in place between the two carriers and connections between their backend systems making this possible.

      At the LTE network level I believe the Mobility Management Entity (MME) and Home Subscriber Server (HSS) work to provide the authentication. For example given a SIM from network A roaming on network B, the MME of network B will reach out to the HSS of network A. Informing it that a user is attempting to connect using a SIM it manages, which assists with authenticating the SIM.

      I’m not sure there’s a mechanism to disable the authentication. Hence the need to program SIMs that allow for trust to be established between the mobile device and in this case simulated mobile network.

      Hope that helps.

      Regards,

      Phil

Leave a Reply

Your email address will not be published. Required fields are marked *