Introduction
I often see a lot of articles labeled “Demystifying” this and that, though the articles rarely do much besides paraphrase specifications. My aim for this article is for anyone who is interested in understanding how information flows in cellular networks and would practically be able to do so using srsRAN and srsUE logs.
I’ll be honest with you, I ignored the “middle” layers of cellular protocol for awhile. I figured they were there to provide menial tasks that are sometimes required in wireless transmission and reception. It wasn’t until I started getting into log analysis that I began to pay more attention to these layers, and I believe they do not get as much credit as they are due. The PDCP, RLC, and MAC layers provide the grunt work for 5G, the tasks that not many people want to do, but are required. I realized that these layers provide similar services and functions that computer networks do, and after diving into Wireshark and some of the 3GPP specs, I was able to start to see the parallels between the two network types.
My intent is to break this into multiple articles
- Computer Networking Fundamentals
- 5G Control Plane Data Transfer
- 5G User Plane Data Transfer
Wireshark Tips
WIRESHARK will be instrumental in your analysis and understand of the information in these articles. For anyone who is a visual learner, I suggest configuring your Wireshark Layout to display “Packet Diagrams”. This feature allows you to visually inspect what each of the protocols and their associated packets look like for the selected message.
- Select Preferences
- Navigate to Appearance > Layout
- Select one of your Panes to display “Packet Diagram”
Now when you select a captured message in Wireshark, you will be able to inspect the packet. In the example below, a simple TCP packet is shown, including IPv4 and Linux Cooked-mode Capture. This is helpful to see exactly how data is encapsulated at various layers. Depending on the message or procedure data within each protocol may vary.
Depending on how your other Panes are configured, when you click on a portion of the packet, it will also highlight the associated data within the packet or the HEX string associated. Or if you hover your mouse over a particular portion, the filter and value will display. Below, the selected Acknowledgment Number highlights the Acknowledgement Number line, and the mouse hovers over Destination Port displaying port 40606 and the filter string tcp.dstport.
If you double click on a packet to open the packet details, you will still be able to view the packet bytes, which I find helpful when comparing packets to the entire message. Here I have the IPv4 header selected, which highlights the associated HEX data below.
I also like being able to select lines of the packet and observing the size of the information or header.
As we progress to looking at 5G data from srsRAN and srsUE you will also need to configure DLT_USER profiles. srsRAN provides a page that provides details on how to do so
https://docs.srsran.com/projects/project/en/latest/user_manuals/source/outputs.html
I will also provide details on how to do this and will reference this in the follow on articles as well.
OSI Model
I don’t doubt that most people reading this are familiar with networking models such as the OSI and TCP/IP models. I always think that no matter how familiar I am with a topic, I’m never familiar enough! Moving forward, we can reference the OSI models layers and functions as they related to the 5G protocol stack. In all scenarios, OSI, TCP/IP, and 5G – the layers are provided to deliver the same result… Efficient, secure, reliable data transfer.
Not to mention, OSI and TCP/IP layers and protocols are used in 5G too, especially when we start to observe user plane traffic, and data that is passed between gNB-DU and gNB-CU, and between gNB and the 5GC.
We wont get too concerned with the protocols involved, until they are relevant, but the main focus will be on the functions provided at each layer that will translate to the 5G protocol stacks.
| Transmit | Receive | OSI Layer | 5G Protocol |
|---|---|---|---|
| Segmentation | Reassembly | Transport | RLC |
| Sequence | Reorder | Transport | RLC |
| Multiplex | De-multipex | Data Link | MAC |
| Cipher/Encrypt | Decipher/Decrypt | Presentation | PDCP |
| Compression | Decompression | Presentation | PDCP |
| Modulate | Demodulate | Physical | PHY |
| Transmit and Receive | OSI Layer | 5G Protocol |
|---|---|---|
| Logical Addressing | Network | MAC |
| Error Control | Data Link, Transport | RLC, MAC |
| Flow Control | Transport | MAC |
| Duplicate Detection | Transport | PDCP, RLC |
| Packet Discard | Data Link, Network, Transport | PDCP |
| Authentication | Session | NAS |
| Security | Session | NAS, RRC |
Data Encapsulation
Another prominent topic as we move forward into the 5G side of data transfer will be how data is passed between layers, and what is actually happening at each layer. As data is generated at the host and travels across a network, the data is passed through multiple layers which add specific information to the original data which is known as encapsulation.Though the data travels vertically through the stack in order to be transmitted between Physical layers, each layer is only designed to communicate with the same layer at the receiver.
Though there are too many networking protocols to go over in depth, we can get a general idea of what is going on by taking a look at the example below.
The data originates at the Application layer and can be observed at the top under the “Transport Layer Security” header as “Encrypted Application Data”.
The data is then passed to the Presentation layer where the TLSv1.2 protocol provides data encryption. Thus we cannot derive the actual data being transferred from this packet capture.
Since a session has already been established, the data passes through the Session layer. This layer is responsible for maintaining the Session and continues to work outside of the scope of this packet.
The data gets to the Transport layer and receives its first header. In this case, a “Transmission Control Protocol” or TCP header is added. The TCP header provides a source and destination port number specific to the application data that is being transferred. In this scenario, if we refer back to the TLS Encrypted Application Data section, right below, we see that the data protocol is HTTP, and since its HTTP using TLS, it is actually HTTPS which uses for 443. Port 443 can be seen as the source port, and the destination port 59298 is a dynamic port at the receiving end. The port number is used to ensure that the data is routed to the appropriate service and/or application. Additional information is also added to the TCP header such as sequence numbers to aid with packet reordering and assembly, acknowledgement information to ensure reliable delivery, and more.
- 5G uses Logical Channels, or Logical Channel Identities (LCIDs) to identify types of data being transferred, similar to how port numbers are used in TCP and UDP.
TCP Header Fields
| Field | Bits | Info |
|---|---|---|
| Source Port | 16 | Transmitter port |
| Destination Port | 16 | Receiver port |
| Sequence Number | 32 | Identifies the position of the first byte in the segment of data |
| Acknowledgment Number | 32 | Receiver uses this number to request subsequent TCP segments |
| Header Length | 4+3(reserved) | Defines the length of the header |
| Flags | 9 | Control bits used for managing data connections |
| Window | 16 | Defines the number of bytes the receiver can receive |
| Checksum | 16 | Used to verify the TCP header |
| Urgent Pointer | 16 | Defines any urgent data being sent and where the urgent data ends |
| TCP Options | 0 to 320 | Various options including max segment size, window scaling, timestamp, etc. |
The Internet Protocol Version 4 Network layer, or IPv4, follows the TCP Transport Layer. This layer adds source and destination IP Addresses
- 5G uses Radio Network Temporary Identities (RNTI) to identify UE’s in the RAN, similar to how IP addresses are used in IP protocol.
IPv4 Header Fields
| Field | Bits | Info |
|---|---|---|
| Version | 4 | Defines IP version |
| Header Length | 4 | Defines length of IP header |
| Differentiated Services | 8 | Defines QoS priorities for managing traffic |
| Total Length | 16 | Defines size of IP packet which includes the header and data |
| Identification | 16 | Identifies packet fragments (if fragmenting is implemented) |
| Flags | 3 | Flags related to fragmentation |
| Fragment Offset | 13 | Defines the position of the particular packet, if fragmented, from the start fragment |
| Time to Live | 8 | The TTL value decreases per hop to ensure packets are discarded and do not continuously loop and create congestion |
| Protocol | 8 | Defines the protocol that the IP packet encapsulates (TCP in this case) |
| Header Checksum | 16 | Used to verify the IP header |
| Source Address | 32 | Transmitter IP address |
| Destination Address | 32 | Receiver IP address |
The final layer before reaching the Physical Layer, is the Data Link layer. Depending on how the data is captured or how the data is transmitted, the protocol used may vary. In this case, the Ethernet protocol is used which provides source and destination MAC addresses and the type of data that is encapsulated. In this scenario, Ethernet is encapsulating IPv4.
You may also see Linux Cooked Captures in the Data Link layer, especially when we move forward into analyzing 5G network traffic.
You may also need to configure DLT_USER (Data Link Type) profiles in Wireshark to properly observe decoded Layer 2 and Layer 3 data in 5G. See the Wireshark Tips section to properly configure this in Wireshark.
The data arrives at the Physical layer
- TLSv1.2 with HTTPS application data
- TCP header (Port numbers defining services and/or applications)
- IPv4 header (IP addresses of WiFi router to Computer)
- Ethernet (MAC addresses of WiFi router to Computer NIC)
All of the data is converted to binary bits and modulated for transmission over a particular medium. In this case, the data is sent over WiFi air interface from the WiFi router to the computer.
When we get to 5G, the Physical layer will mostly refer to the Air Interface between the UE and the gNB, though there are many other implementations of the Physical layer in telecomm networks. The gNB communicates with the 5G Core over a specific Physical layer, the gNB DU and gNB CU communicate over a specific Physical layer, and the 5GC communicates with external DNNs over another specific Physical layer.
You should also note that when you are analyzing a packet, you are essentially only catching a glimpse of the journey of the particular packet. It depends on where the packet is captured. This scenario, the packet was captured at the Destination laptop, where it received HTTPS application data from the Application Server.
The packet likely went from the Application Server to the ISP, where additional protocols and routes were used, then from the ISP to the destination router, and from the router to the destination laptop. At each stop, additional TCP, UDP, IP, and ethernet headers may also be added, though they will encapsulate the primary source and destination ports and IP addresses.
Network Functions
Segmentation
Some data transmission’s are very large and need to be broken into smaller “segments” to be transmitted over the network. Protocols have defined Maximum Transmission Units (MTU) which are strictly adhered to
- Ethernetv2: 1500 bytes
- WiFi: 2304 bytes (prior to encryption)
Segmentation aids with reliable transmission since smaller packet sizes allow easier retransmission.
Sequencing
When data is broken into multiple segments, the segments need to be numbered so that they can be reassembled in the proper order. Not all packets arrive at an endpoint in order, so there is strong emphasis on sequencing, re-ordereding, and reassembly.
Multiplexing
Combines multiple data streams in order to utilize a single carrier, thus optimizing the transmission bandwidth and efficiently delivering data.
Compression
As the term implies, compression reduces the size of data to be transmitted. This aids in bandwidth limited scenarios, and overall reduces bandwidth consumption and latency.
Logical Addressing
IP addresses are considered logical addresses and allows to device to device communication that essential in computer networks.
Physical Addressing
Identifiers such as the MAC address are considered physical addresses, which are hardware identifiers. This enables device to device communication in a local network or broadcast domain.
Routing
As mentioned earlier, packets cross multiple nodes from source to destination which could imply a local area network or a complicated interconnected network. Routing determines the most efficient path for data to traverse.
Error Control
Data delivery needs to be reliable. Without Error Control, lost or incomplete packets would not be detected or corrected which would lead to incomplete or corrupt data that is received, and which may need to be forwarded to additional nodes.
Acknowledgements (ACK) and Negative Acknowledgements (NACK) are uses to notify the sender that a packet has been received without error and confirms successful reception of the data. The sender can continue to sending follow on data.
Automatic Repeat Requests (ARQ) may also be implemented for when errors are detected then retransmission would be requested.
Error Detection
There are various methods for Error Detection, including checksums, Cyclic Redundancy Checks (CRC), and parity bits. If data is received and does not pass these checks, then the receiver would halt from forwarding or continuing to present the data.
Flow Control
Buffer overflow occurs when the receiver is overwhelmed with data. Parameters such as Windowing manage the data transmission rates so that overflow does not occur.
Packet Discard
Data that contains errors or have exceeded the Time to Live should be discarded if they no longer serve a purpose on the network. If packets are not discarded properly then network overhead would increase and cause congestion.
Next Article Preview: 5G Control Plane Data Transfer
- Data Encapsulation
- Logical Channels
- Transport Channels
- Physical Channels
- NAS
- Messages
- Plain NAS message
- Security Protected NAS message
- Information Element Types
- NAS Payload Containers
- NAS Transport
- Messages
- RRC
- Messages
- Radio Bearers
- PDCP
- PDUs and SDUs
- Control PDU
- Functions
- Header compression
- Ciphering/Deciphering
- Integrity protection/Integrity verification
- SDU Discard
- Duplicate discard
- Re-ordering
- PDUs and SDUs
- RLC
- PDUs and SDUs
- Control PDU
- Functions
- Segmentation/Re-segmentation
- Sequencing
- SDU Discard
- Error Correction/ARQ
- PDUs and SDUs
- MAC
- PDUs and SDUs
- MAC Subheader
- MAC Control Elements
- LCID
- RNTI
- Functions
- HARQ
- Multiplexing
- Scheduling
- Timing Advance
- Buffer Status Reporting
- PDUs and SDUs
Leave a Reply