LTE UE attach/LTE RRC Connection Setup - Log analysis

Guys, today we will learn the illustrative process in LTE by analyzing its logs. I will review all messages that are exchanged between UE and the network and discuss all important pieces of information present in these messages. I also have node B crashes with me. show how UE messages look like on a node B, let's move on to reality now our RC

connection

request this message is sent by UE to node B to activate our RC

connection

s in an R procedure to trigger the creation of SRB one this message is sent on a random access channel, SRP creation is necessary so that you can send a log message to Mme wire a node B.

If you are not clear about the random axis procedure, please go to my channel and watch my video tutorial on this issue. Now let's see the content of this message Yuri's identity his identity here is a random number this random number is used for dispute resolution during the random access procedure establishment cause establishment causes decided based on the Nats procedure that activates our SC connection here establishment causes mo signaling causes of this establishment used for

attach

ing and detaching and tracking its recapture of our RC connection configuration after receiving our RC connection request, node B first configures its own protocol layers for RB one for this UE and then sends our SC connection configuration message to UE so that Yui can also configure her protocol layers accordingly. for s RB a note in LTE our RC connection

setup

message is sent on a downlink shared channel, but in 3G this message is sent on a downlink channel in Townley.

Remember that in a TD there is no downlink channel, all messages on the downlink are on the downlink shared channel. let's see its content SRB identity is one RLC mode is acknowledgment mode Logical channel priority is one so SRB one data is the highest priority among all these are B and ERP here you can see all the parameters related to the mac layer, these are the physical layer parameters you can see that the transmission mode is being used here our RC connection configuration complete your investigation RLC connection request to recognize that SRB one has been configured successfully and to send a request message

attach

ed to Mme yae note B you resent the entire RLC connection

setup

message in SR b12 e note B, although it is an exit strategy, but nan speedy you to attach reduces piggyback on this message, note that B doesn't decode this now speedy you and transfer it transparently to Mme Nestlé, which represents Mme, decode this nan speedy, here I have one. e note B RC layer log file you can see what our connection configuration complete message looks like in our e not be dumped C layer you are seeing here is the nest video which has a request message attached to it, This faster complement is transparently passed to Mme as the initial UE message on the s1 ap interface.

You can see here what her initial message looks like on the s1 AP interface. Now let's discuss fast wainui locks from decrypted network. You can see that both the attached renamed PDs and the connectivity requests are incorporated into our full RC connection. message you can send recurring attachment without including PD and connectivity request if you don't want to use data services at this time we can send PD and connectivity decrees independently also whenever you connect to some network pdn purpose of attaching request messages for transfer all UE parameters related to registration in Mme, let's first study the content of the attach request message.

One type of test is combined with AP and MC. Attach the EPS reference to PS services and MC refers to CS services such as voice calling, so you want to take advantage of both PS and CS. mobile identity services is guilty, is u is old guilty URI stands for Globally Unique Temporary ID UT basically consists of two parts, one part uniquely identifies an Mme and the other part uniquely identifies and you within that Mme PLM NID uniquely identifies the network Mme group ID uniquely identifies an Mme group within a network and a code uniquely identifies Mme and Mme within an Mme group an empty MC uniquely identifies and a UE unique within Mme these are its network capabilities such as the security algorithm supported by UE, you are the last verification area and the location verification area is used for PS paging and the location area is used for CS paging .

All the remaining parameters are pretty easy to understand, so I'll skip them. Now let's move to PD and connectivity request URI and connectivity request and PD when you want to connect to some pdn network. Procedure transaction ID, this field is used to map Christin's response of PD and connectivity request base high request initial request initially Crist means it is equal to a new PD and connection, this field means that Yui only supports ipv4 connectivity , does not support ipv6, you can see an interesting one What is happening here is that U requests PD and connectivity, but has not included any pawn in this message.

APN is used to uniquely identify some PDs and networks. The reason is that when you want to transfer this information securely, you set the ESM transfer flag to one. in this message the network will send ESM information with consent to UE after setting up NAT security, we will see this message later mm identity requests Mme requests some other identity when the girl sent by U is not valid as the Mme code is part of QT, so gu t might become invalid when the current mme is different from the previous Mme. Mme requests some other identity by sending an EMM Identity Request message to the UE.

Here you can see that the network requests that the UE send them. See MM's identity answer. Send mmm identity response message and include. your MC in this message request authentication before taking any action to receive the attached request Mme activates the authentication process the purpose of authentication is to verify whether Yui and the network are legitimate or not in anti both the network and Yui authenticate each other yes to understand authentication you can imagine in Windows always. Authenticate the user by asking them to enter the password. Mme receives an EPS authentication vector that has KSM a ra NT aut n + XR is from HSS.

All of these parameters are used during the authentication process. Let's analyze the authentication request message. Mme sends you a random challenge for NT and authentication. token aut n poor network authentication of the selected authentication vector Mme also includes security k k SI asme for ue to be used to identify the authentication response k sm e @ ue use aut checks and receive an authentication request message, it is your calculation Marilyn and algorithm and check if aut n is ok if aut n is valid it means network is authentic then Yui calculate res called as response based on our ang and send this res in auth response message which works compare our es with XR e s Let me quickly show you how this message looks like I will make a separate video on security in which I will tell you how all the values ​​like aut NR a and D are calculated, so if you have any doubts related to these parameters from now on, leave them and continue with EMM security mode.

The purpose of the mmm security mode command is to configure the security of the Nass layer. Here security means integrity and encryption in this message. Mme informs us about the chosen security algorithm and activates a particular security context telling ksi asme using security context means that security keys must be used. ksi asme used is used to test many other security keys, it is an important topic so I will cover it in a separate video. Here you can see that the encryption algorithm is zero and the integrity algorithm is e I, a value of two of K if m is zero Interestingly, the network sends you huge security capabilities so you can make sure that no attacker changes these capabilities.

If there are any changes to these capabilities, it will cancel the current registration process. Full EMM security mode. Yui sends this message to the network to acknowledge that the security algorithm and security context have been successfully implemented. She can see the integrity and encryption of this message protected using the algorithms in the security context that were shared in the security mode command. Here is some information request. The network will send this message only when the network security context has been set and the ESM information transfer flag has been set to one in the Aphelion Connectivity Request message.

This message is used by the network to retrieve information from ESM, such as APN protocol configuration options, etc. The SM information response in this message is forwarded. CSM information such as APN protocol configuration options for Mme, here you can see that APN is CM. A capability query before allocating resources to the UE network must know what the capabilities of the UE are so that the network can allocate resources accordingly. Typically, a node B receives capabilities from the UE. from Mme, but when Mme does not have UE capabilities, node B has to trigger this process to get all the capabilities it needs and further promote these capabilities to Mme so that Emma can store these capabilities and send them to a node B when needed here.

You may wonder when you have already sent your capabilities an attached rictus message why you need to send these capabilities again there are two main reasons why the capabilities we present the attach request message are limited capabilities it is not a complete set of capabilities second message attach request is transparent to a node B, so in orbit still unaware of Yui's capabilities before configuring any dr b for data flow, node B must know its capabilities, you can see in this message. The network has mentioned what Al Qaeda threat it envisions. to sign your capabilities in this message you guarantee all your capabilities requested by the network here you can see that you have sent a container for each read, which allows you to facilitate x2 capabilities the stratum security mode command after receiving this message Mme would be the same security mode command to the UE to enable access stratum security, it is mandatory to configure onyx security to the stratum so note that we can send parameters related to a B star 2 and a default EPS peer to the UE in a safe environment.

Here you can see the encryption and integrity algorithm that are selected by a node B based on usage capabilities. Note that there is no need to send the security key again, as the network already sent it to you during that security mode. Stratum access command. The safe mode completes us and the safe mode completes to confirm success. completion of security mode command our connection reconfiguration RC 1 security in the egress stratum is set to o B will send our SC connection configuration masses to the UE the purpose of this message is to configure srb2 to configure dr v v is a bearer default which is used to transfer user data to the network to send attachments, except to the UE, this attachment accept message has all the parameters related to the registration to send activate the default EPS bearer contacts request message to the UE, This message has all parameters related to data flow, such as fully qualified APN name IP address assigned by PD and gateway priority on air interface QoS related parameters, etc. content of this message our nest PDU this is the nest PDO that has nest messages attached accept and activate the context request of the default eps period later we will see its decoded form also the configuration for srb2 and configuration for the default bearer let's first analyze the parameters of srb2.

Our PID is 2. This is the RLC related information for srb2. RLC mode is the recognition mode. These parameters are srb2 parameters related to the logical channel. You can notice that priority of SR B 2 is 3. it means that since RB already has lower salary then it is RB 1 as RB 2 is used only for Nantz messages until its rb2 is configured. Nantz messages are sent in s RB 1 piggybacking them along with access stratum messages. Here is information related to a default value. radio office note EPS bearer identity is 5, it means that between a node B and the network ID for this data flow will be 5, but dr b ID is 1, it means that between a node B and ue ready for this data flow will be 1, these are the parameters related to the TCP P layer, these are the parameters related to the RLC layer.

RLC mode is the recognition mode. The logical channel identity is 3. Logical channel IDs 1 and 2 are reserved for s RB 1 and s RB 2.You can see the priorities of logical channel 12, which is much lower. that the priorities of s RB 1 and s RB 2 these are the Mac layer parameters for DRB these are physical parameters for TRP let's now see the decoded names pdot study networks messages for us attach accept message attached the result is combined EPS and MC attach means u is attached for both CS NPS domain timer 3 4 1 2 is used by Yui for periodic tracking of each update by checking the area code of the area in which U is currently present here is the newly located beauty if you compare this QT with the GUI that Yui sent attached to the request, you can see that this mme is different from the previous one here, the network tells you what functions are supported by the identity of the network location area that is used for Co services, such as CS paging , now let's discuss activating the default epsp error context request message here is the transaction ID of the procedure.

Remember that the same transaction ID was used when sending pd and the connectivity request. QC is 9. QC is a quality of service class identifier, so the default bearer QC is always 9 so the CI 9 resource type is not gbr and the priority is 9. a pawn uniquely identifies a PDA network here is the IP address assigned by the PD gateway n to the UE here the QoS parameters applicable to this pdn connection are negotiated our CD configuration is completed by sending this message you eat healthy it would be that all the configuration received a The RLC connection in your congregation the message has been applied successfully attachment complete we will send the complete attachment and activate the default better accept the message from Nan to the network metering controls the network will send our AC connection a message of configuration that has measurement controls other main controls have necessary parameters biue to start Various types of measurements we will study the measurement controls in detail while studying handover in LTE.

That's all for today guys, my next video will be about CS Fallback on LTE. Please subscribe to my channel to see many of these videos in the future, hit the like button if you like this video, thank you, bye.