Professional Documents
Culture Documents
Huawei LTE EPS End To End IP Protocol Analysis
Huawei LTE EPS End To End IP Protocol Analysis
IP Network
The TCP/IP protocol stack is a set of communication protocols consists of two most
important protocols: the Transmission Control Protocol (TCP) and the Internet
Protocol (IP) . The TCP/IP protocol stack ensures the communication between
network devices. It is a set of rules that define how information is delivered in the
network.
Precaution: Will increase CPU load if tracing is performed from eNodeB, MME,
Router/ Switch
This part mainly to discuss the methods on collecting the IP messages from different
points in the network, eg: UE, eNodeB, router/ switch, etc.
By analyzing the trace result from different points can help to identify the network
problem.
Basically we can trace all the messages if we are using the first method which is Port
mirroring and wireshark. The trade off is more complicated.
While WEBLMT is suitable on collecting the MAC layer trace and PNP messages.
U2000 can be used on collecting IP layer messages.
Tracing can be performed from U2000 if the eNodeB O&M channel is available.
1. Log in to the server as user ossuser in SSH mode using PuTTY. In the ATAE cluster system
or Sun-based SLS system, log in to the server on which you need to collect NE information.
2. Run the following command to switch to user root.
~> su - root
Password: Password of root
3. Run the following command to execute the environment variables.
# . /opt/oss/server/svc_profile.sh
4. Run the following command to execute the script.
# cd /opt/oss/server/rancn/bin/
# ./CapturePacketHelp.sh NEIP
5. After the execution of this script is complete, the command start with tcpdump or snoop is
displayed. The command started with "tcpdump" or "snoop" is used to collect NE information.
Tcpdump is for Linux OS while snoop is for Solaris OS.
6. Type the displayed NE information collection command and press Enter. In the Sun-based
system where IPMP load balancing has been implemented, two screens need to be opened to
run the two commands simultaneously.
7. Press Ctrl+C to stop the command and run the following command to modify the permissions
to the generated file.
# cd /export/home/omc/var/logs/
# chmod 775 U2000_packets*.cap
# chown ossuser:ossgroup U2000_packets*.cap
8. Log in to the server using the FTP tool to obtain the .cap file and view the NE information
collection result. The .cap file is saved under the /export/home/omc/var/logs directory.
Proxy ARP is used to interconnect computers or routing devices in the same network
segment but on different physical networks.
If a router not enabled with Proxy ARP receives an ARP request, the router
checks whether it is the destination. If yes, the router responds with an ARP
reply. If no, the router discards the ARP request.
If a router enabled with Proxy ARP receives an ARP request whose
destination is not the router itself, the router queries the routing table instead of
directly discarding the request. If the router has a route to the destination, the
router responds to the ARP request sender with an ARP reply carrying its own
MAC address. The ARP request sender sends the packet to the router and the
router forwards the packet to the destination.
ICMP messages use the basic 20-byte IP header. Other fields in ICMP messages
depend on the application in practice.
An ICMP packet contains the following fields basically:
Type field: indicates the ICMP message type.
Code field: indicates a specific message of the type specified by the type field.
For example, when the type field value is 3, the ICMP message is a Destination
Unreachable message. The specific message is determined by the code field value.
0 = net unreachable
1 = host unreachable
2 = protocol unreachable
3 = port unreachable
Checksum field: indicates the checksum of an ICMP message. It occupies 16 bits but
is not currently used. Therefore, its value is 0.
Time to Live: TTL will be reduced by every router on the route to its destination
The common TCP port numbers are HTTP 80, FTP 20/21, Telnet 23, SMTP 25, DNS
53 and etc. The common reserved UDP port numbers are DNS 53, BootP 67
(server)/68 (client), TFTP 69, SNMP 161 and etc.
TCP Flags:SYN(Synchronize sequence numbers. Only the first packet sent from
each end should have this flag set.)、Push(Push function. Asks to push the
buffered data to the receiving application)、RST(Reset)、FIN(No more data
from sender);
TCP three way handshake is used to establish a connection between two host.
Note: The initial SN is random. If the connection establishment times out, the host
sends three times of SYN requests. The timer is 6s for the first time and the timer is
24s for the second time. For windows XP, the timer is 3s for the first time and the time
is 6s for the second time.
The client sends Segment 1 with sequence number a.
The server responds Segment 2 with sequence number b. The server also
acknowledges Segment 1 by acknowledging the client’s initial sequence number a
plus 1.
The client receives Segment 2 sent by the server and sends Segment 3. The client
also acknowledges Segment 2 by acknowledging the host’s initial sequence number
b plus 1.
Thus, a TCP connection is established between the client and server. This process is
called three-way handshake. The data transmission continues.
In addition, MSS is negotiated during this three-way handshake. See the following
description.
After data transmission, the connection must be terminated. This requires four-way
handshake, and you can see the following description.
Host A send a message with sequence number 42 to host B, the packet size is 8 byte.
Host B send an ACK message to host A after receiving the packet. ACK number is
next expected byte send from Host A. ( ACK number= seq number + packet size =
42+8 = 50)
Host A send a message with sequence number 42 to Host B and carry the ACK
number of 79 which means that “A” expects packet number 79 from “B”.
Host B send the message with sequence number 79 to Host A and carry the ACK
number of 43 which means that “B” expects packet number 43 from “A”.
If A continuously send a few ACK packet to B with same sequence number but ACK
is increasing
A is receiving the data from B continuously and reply the acknowledgement to B
TCP is using sliding window method to control the data flow, inform the sender how much data
to be sent. TCP window size will affect the transmitting speed. If the window size is constantly
reduced, it indicate that the receiver cannot handle the data speed from the sender
The sliding window technology can dynamically change the window size to adjust the data
transmission between two hosts. Every TCP/IP host supports full duplex data transmission, so
there are two sliding windows. One is receiver and the another is sender. TCP adopts the
acknowledgement mechanism, so the acknowledgement number is the next expected byte.
The following is the flow control by the sliding window in a single direction data transmission.
Assume the sender sends three data packets each time, and the window size is 4. The sender
sends four packets with sequence number 1, 2, 3, 4 respectively. The receiver successfully
receives the packet and responds sequence number 5 to acknowledge that it receives the data.
The sender receives the acknowledgement and continues sending the data with the window
size of 4. When the receiver requests to lower or increase network flow, it can change the
window size. In this example, the window size is decreased to 2, meaning two packets are sent
every time. When the receiver requests to change the window size to 0, it means that the
receiver has accepted all data or the application of receiver has no time to read the data and
asks to stop the sending. Upon receiving the acknowledgement with window size 0, the sender
stops sending the data.
The sliding window mechanism provides reliable flow control and congestion management in
the data transmission between end-to-to devices. However, it functions only between the
source device and destination device. If network congestion occurs in any intermediate device,
like routers, the sliding window is useless. This can be managed by ICMP source
quench.
Before an OMCH is established, a base station is not configured with any data and cannot
perform end-to-end communication with other devices at the IP layer. To implement this
communication, the base station needs to obtain the following information:
1. OMCH configuration data, including the OM IP address, OM VLAN ID, interface IP
address, interface IP address mask, IP address of the next-hop gateway, IP address
of the U2000 or BSC, and IP address mask of the U2000 or BSC.
2. During base station deployment by PnP, if the base station needs to use digital
certificates issued by the operator's CA to perform identity authentication with other
devices, it also needs to obtain the operator's CA information, including the CA name,
CA address, CA port number, CA path, and transmission protocol (HTTP or https)
used by the CA.
3. In IPsec networking scenarios, the base station also needs to obtain SeGW
information, including the SeGW IP address and SeGW local name.
The base station uses DHCP to obtain the configuration parameters. The DHCP procedure
involves the following logical NEs:
DHCP client: a host that uses DHCP to obtain configuration parameters
DHCP server: a host that allocates and distributes configuration parameters to a DHCP
client
DHCP relay agent: an NE that transmits DHCP packets between a DHCP server and a
DHCP client. A DHCP relay client must be deployed between a DHCP server and a
DHCP client that are in different broadcast domains.
After a DHCP client accesses the network, it actively exchanges DHCP packets with its DHCP
server to obtain configuration parameters. During the exchange, the DHCP server and the
DHCP relay agent listen to DHCP packets in which the destination UDP port number is 67, and
the DHCP client listens to DHCP packets in which the destination UDP port number is
68.
A DHCP client and a DHCP server on the same Layer 2 (L2) network can directly
communicate with each other. The L2 network is a subnet in which broadcast IP
packets can be exchanged and forwarded by Media Access Control (MAC)
addresses and VLAN IDs.
1. After the DHCP client starts, it broadcasts a DHCPDISCOVER packet to search for
an available DHCP server. The DHCPDISCOVER packet carries the identification
information about the DHCP client.
2. The DHCP server responds to the DHCPDISCOVER packet with a DHCPOFFER
packet.
3. The DHCP client sends a DHCPREQUEST packet to the DHCP server, requesting
parameters such as an IP address.
4. The DHCP server sends a DHCPACK packet to the DHCP client to assign
parameters such as an IP address.
5. If the assigned parameters cannot be used, for example, an assigned IP address has
been used by other DHCP clients, the DHCP client sends a DHCPDECLINE packet
to notify the DHCP server.
6. If the DHCP client does not need the assigned parameters any more, it sends a
DHCPRELEASE packet to notify the DHCP server so that the DHCP server can
assign these parameters to other DHCP clients.
When the DHCP client and DHCP server are not in the same broadcast domain, they
cannot receive broadcast packets from each other. In this case, the DHCP relay agent
function must be enabled in the broadcast domain of the DHCP client to ensure the
communication between the DHCP client and DHCP server. Generally, the DHCP
relay agent function is enabled on the gateway.
The procedure is as follows: The DHCP relay agent converts DHCP packets
broadcast by the base station to unicast packets and routes the unicast packets to the
DHCP server. The DHCP server sends unicast response packets to the DHCP relay
agent, which then broadcasts received response packets on the L2 network.
IP layer tracing is suitable on secure network scenario while MAC layer tracing
suitable on non-secure network, the information will be more complete
PNP= Plug and Play
After receiving the unicast message from eNodeB, U2000 will check the eNodeB IP
address from its ARP table.
If there is no matching found, ARP procedure will be triggered.
Host A will start the Retransmission Timeout (RTO) timer after sending a packet to
peer.
If the acknowledgement packet is not received within the RTO, sender will assume
that the packet is loss and resend the packet.
The RTO value will impact on the network performance. If the RTO value is too big,
sender need to wait for a long period only find out that the packet is loss, impact on
the throughput.
If the RTO value is too small, sender will find out that the packet loss in a very short
duration but will cause the unnecessary retransmission for longer delay packet,
wasting the network resources.
Local end will retransmit the packet if do not receive any acknowledgment from peer.
“TCP Retransmission” will be shown in Wireshark.
From the details, we can know which packet is retransmitted.
Analysis of TCP messages can be done through statistic analysis from wireshark.
The top line in the graph represent the highest TCP sequence number can be
handled by local end. (Sequence number of ACK+ Window Size -1).
The middle line represent the TCP sequence number received at local end.
The lowest line represent the “Acknowledgement Number” in the message from
sender which is also the next TCP sequence number will be received by local end.
If the middle line close to upper line: Sender has a higher speed compared with
receiver. Normally is related to the receiver network issue or processing capability of
the receiver which caused the network speed cannot go higher,
If the middle line close to lower line: Speed at sender is low can be caused by speed
limit at sender or congestion.