NAS层架构03
参考文档
NAS 层 华为,中兴网上有很多文档写的很好。
整个核心技术还是RF射频,以及L1,L2层算法。
https://www.txrjy.com/thread-1134676-1-1.html
https://blog.csdn.net/twjy1314/article/details/68065029
https://blog.csdn.net/macrohasdefined/article/details/19974069?utm_medium=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-9.edu_weight&depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-9.edu_weight
https://blog.csdn.net/zhangchangfeng1/article/details/100011608?utm_medium=distribute.pc_relevant.none-task-blog-title-11&spm=1001.2101.3001.4242
https://blog.csdn.net/perimeter/article/details/44836199?utm_medium=distribute.pc_relevant.none-task-blog-title-14&spm=1001.2101.3001.4242
https://blog.csdn.net/u011212816/article/details/81901356?utm_medium=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-7.edu_weight&depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-7.edu_weight
https://blog.csdn.net/zhangchangfeng1/article/details/100011136?utm_medium=distribute.pc_relevant.none-task-blog-title-7&spm=1001.2101.3001.4242
https://blog.csdn.net/qq_27540925/article/details/79459111?utm_medium=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-1.edu_weight&depth_1-utm_source=distribute.pc_relevant.none-task-blog-BlogCommendFromMachineLearnPai2-1.edu_weight
https://download.csdn.net/download/qq_27540925/10271778
https://blog.csdn.net/qq_27540925/article/details/79467754
https://blog.csdn.net/u011263761/article/details/79896301?utm_medium=distribute.pc_relevant_t0.none-task-blog-BlogCommendFromMachineLearnPai2-1.edu_weight&depth_1-utm_source=distribute.pc_relevant_t0.none-task-blog-BlogCommendFromMachineLearnPai2-1.edu_weight
https://blog.csdn.net/keyanting_2018/article/details/88423362?utm_medium=distribute.pc_relevant.none-task-blog-title-2&spm=1001.2101.3001.4242
https://blog.csdn.net/qq_43631743/article/details/106420674?utm_medium=distribute.pc_relevant_download.none-task-blog-baidujs-8.nonecase&depth_1-utm_source=distribute.pc_relevant_download.none-task-blog-baidujs-8.nonecase
https://zhuanlan.zhihu.com/p/62245921
https://www.cnblogs.com/zxc2man/p/7778058.html
http://sigquit.wordpress.com/2012/08/20/an-introduction-to-libqmi/ http://www.lanedo.com/users/amorgado/talks/FOSDEM2013%20-%20Mobile%20broadband%20modem%20control%20protocols.pdf http://blogs.gnome.org/dcbw/2010/04/15/mobile-broadband-and-qualcomm-proprietary-protocols/
https://blog.csdn.net/zhangpengzhen1990/article/details/107432403
https://www.csdn.net/gather_22/MtTagg1sNTIzMDgtYmxvZwO0O0OO0O0O.html
https://wenku.baidu.com/view/86911e291cb91a37f111f18583d049649a660e49.html
https://wenku.baidu.com/view/a54c242e6edb6f1aff001fbf.html
https://max.book118.com/html/2019/0603/8057002073002026.shtm
http://www.mamicode.com/info-detail-478669.html
https://wenku.baidu.com/view/678adb3e05a1b0717fd5360cba1aa81145318f76.html
https://blog.csdn.net/perimeter/article/details/44836199?locationNum=3
https://wenku.baidu.com/view/ab36e7788c9951e79b89680203d8ce2f00666505.html
https://blog.csdn.net/u011212816/article/details/97394498
https://www.csdn.net/gather_21/MtjaIg4sNTgwMTEtYmxvZwO0O0OO0O0O.html
https://blog.csdn.net/u011212816/article/details/81069710
https://blog.csdn.net/qq_36562473/article/details/78535222?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2~all~first_rank_v2~rank_v25-5-78535222.nonecase&utm_term=nas%E5%B1%82%20qxdm&spm=1000.2123.3001.4430
https://blog.csdn.net/u011263761/article/details/79896301?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2~all~first_rank_v2~rank_v25-8-79896301.nonecase&utm_term=nas%E5%B1%82%20qxdm&spm=1000.2123.3001.4430
https://blog.csdn.net/zhangchangfeng1/article/details/100011136?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2~all~first_rank_v2~rank_v25-9-100011136.nonecase&utm_term=nas%E5%B1%82%20qxdm&spm=1000.2123.3001.4430
https://blog.csdn.net/keyanting_2018/article/details/88407069?utm_medium=distribute.pc_relevant_t0.none-task-blog-BlogCommendFromMachineLearnPai2-1.edu_weight&depth_1-utm_source=distribute.pc_relevant_t0.none-task-blog-BlogCommendFromMachineLearnPai2-1.edu_weight
https://blog.csdn.net/qq_30943197/article/details/81434284?utm_medium=distribute.pc_relevant.none-task-blog-utm_term-10&spm=1001.2101.3001.4242
https://zhuanlan.zhihu.com/p/62245921
http://bbs.16rd.com/thread-17115-1-1.html
https://www.baidu.com/link?url=X5uVJJTgutaV7QkvduU_mkKs5HnVp62Z2YZPJuz9MVQCisrWLnUFAMaIAGdi2ApNfQ56HQYuIPh-d-s-ODsNo_&wd=&eqid=cc03e06e000342aa000000025f8f969f
https://blog.csdn.net/zhangbijun1230/article/details/79951752
目录
- MM/GMM 模块
- UMTS 开机流程
- Cell Selection S准则
- 从切比雪夫不等式看驻网时间
一 MM(Mobility Management)|GMM(GPRS Mobility Management)
1.1 架构
1.2 MM 模块主要作用
TMSI 重配 |Authentication|Identification|IMSI detach|Abort| MM 消息|Location update
1.3 GMM模块主要作用
GPRS attach|Routing area update|GPRS detach|Service requestGMM information|Authentication and ciphering|Identification|P-TMSI reallocation
这里结合UMTS 开机注册网络讲解一下主要涉及点
二 UMTS 开机注册流程
AP 部分网上例子很多,之前也有讲过,这里重点结合MM|REG|GMM模块介绍一下Modem 对应的流程
2.1 AP 部分
2.2: Modem 部分
2.3 Modem 注册上网流程图
主要是WCDMA,LTE, GSM ,5G 也差不多,有些细节不一样。这个网上有华为写过相关总结,
可以参考一下,差不多。
2.4 相关日志
*******step1 对应APRADIO_POWER*************
03:00:43.685359 [0x1544] QMI_MCS_QCSI_PKT
MsgType = Request
operating_mode = DMS_OP_MODE_ONLINE
03:00:44.149295 [0x1544] QMI_MCS_QCSI_PKT
MsgType = Response
result = QMI_RESULT_SUCCESS
operating_mode = DMS_OP_MODE_ONLINE
*********step2 NAS读取SIM卡信息************
RPLMN: 开机过程中,优先级别最高
FPLMN : 当搜到该小区的时候,不去注册
03:00:42.660001 NAS REG/High [ reg_sim.c 8965] DS: SUB 1 =REG= EHPLMN list (length = 3)
03:00:42.660001 NAS REG/High [ reg_sim.c 8966] DS: SUB 1 =REG= # MCC-MNC
03:00:42.660001 NAS REG/High [ reg_sim.c 8987] DS: SUB 1 =REG= 0 460- 01
03:00:42.660001 NAS REG/High [ reg_sim.c 8987] DS: SUB 1 =REG= 1 460- 06
03:00:42.660001 NAS REG/High [ reg_sim.c 8983] DS: SUB 1 =REG= 2 004-555
03:00:42.660001 NAS REG/High [ reg_sim.c 2659] DS: SUB 1 =REG= SIM card mode (USIM) 03:00:42.660001 NAS REG/High [ reg_sim.c 3123] DS: SUB 1 =REG= IMSI[0] = 0x49 IMSI[1] = 0x09 IMSI[2] = 0x13 03:00:42.660001 NAS REG/High [ reg_sim.c 3912] DS: SUB 1 =REG= PS RPLMN(460-1) 03:00:42.660001 NAS REG/High [ reg_sim.c 3927] DS: SUB 1 =REG= CS RPLMN(460-1)
***********step3 NAS→RRC 发起RRC 连接**************
可以看到用户选择的网络模式,在android telphony 部分设置传下来。
03:00:43.688011 NAS REG/High [ reg_send.c 1914] DS: SUB 1 =REG= MMR_REG_REQ PLMN(460-1) RAT(0-GSM,1-W,2-LTE,3-TDS) = 1 netsel 0, type 1 grat_scan_done 0
03:00:43.688011 NAS MM/High [ mmcoord.c 3036] DS: SUB 1 =MM= MM received MMR_REG_REQ [64 f0 10]
03:00:43.688011 NAS MM/High [ mmrrcconn.c 870] DS: SUB 1 =MM= MM sent RRC_SERVICE_REQ to RRC service request cause 0 scan scope 0
03:00:43.688011 WCDMA RRC/High [ rrcdispatcher.c 5214] Recd: RRC_SERVICE_REQ1
03:00:43.695990 WCDMA RRC/High [ rrcdispatcher.c 4685] Recd RRC_CPHY_START_WCDMA_MODE_CNF1
*************step4 RF Tune ************
这个很重要,不同产品的RF器件不一样,直接影响到驻网时间。主要作用是扫描频点:
默认是System Scan:
Band Scan 有两种模式
1: System Scan: 从默认的数据库里面,搜寻上次驻留网络的Band
2: Full Band Scan: 全频段扫描,扫描周期比较慢。30s左右,跟Band ,RAT 有关系
OOS 算法又不一样
搜网间隔是 x1(times) |x2(times)| x3(times): 周期搜网,中间有个间隔gap,
03:00:43.695990 WCDMA RRC/High [ rrccsputil.c 12770] Current scan is set to RRC_CSP_CELL_SELECTION_SCAN1
03:00:43.695990 WCDMA L1/High [ wl1dlcarrcfg.c 5372] L1M RF tuned to 10663, chain 0.1
03:00:43.695990 [0x4800] WCDMA RRC Search Request Information
Request Type = RRC_SERVICE_REQ
Network Select Mode = Automatic
Requested Plmn
MCC = 460
MNC = 01F
Band Preference = 0x0002000000400000
03:00:43.695990 WCDMA L1/Error [ l1msetup.c 7786] L1 state now FS1
03:00:43.695990 [0x4802] WCDMA RRC ACQ DB Information ,从之前驻留的频点里面先搜
Num Acq DB Entry = 1
ACQ DB Entries
-------------------------------------------------------
| |Plmn | | | | |
|# |MCC|MNC|UARFCN |Cell Id |CSG ID |PSC |
-------------------------------------------------------
| 0|460|01F| 10663| 100834611|4294967295| 603|
03:00:43.699740 [0x41B0] WCDMA Freq Scan #搜寻结果
Version = 1
Freq Scan Type = List scan (3)
Freq Scan Thresh = -482
Number of ARFCN = 1
-----------------------
| | |RSSI |RSSI |
|# |ARFCN|(raw)|(dBm)|
-----------------------
| 0|10663| | -72|
**********step5 时隙同步 ACQ, 选择信号质量最好的频点****************
In this case, ACQ DB search yields good RSSI on channel 10663
03:00:43.703125 WCDMA L1/Error [ l1msetup.c 7802] L1 state now ACQ
03:00:43.703125 WCDMA L1/Fatal [ srchacq.c 3701] ACQ REQ:Rx AGC -72 Chan 10663 band 10241
03:00:43.775000 WCDMA L1/High [ srchacqproc.c 634] Step 0 succeeded. Next step: 5, proc: 0, bmsk: 0xe01
03:00:43.857680 WCDMA L1/High [ srchacqproc.c 893] ACQ SUCCESS! FREQ:10663 PSC:503 STTD:0 PROC:01
******** step6 Set up BCH-PCCPCH to read SIBs ***************
主要读取Selection 参数,以及 小区能力
SIB2,SIB3,SIB11,
03:00:43.857680 WCDMA RRC/High [ rrcsibproc.c 13243] RRC_GET_SPECIFIC_SIBS_REQ cmd received contents:for_serving_cell 1,scan type 0, LLC SBCCH setup status 0, serving cell
03:00:44.291171 WCDMA RRC/High [ rrcsibproc.c 11923] Sending GET_SPECIFIC_SIBS_CNF cmd1
参考文档: http://blog.sina.com.cn/s/blog_515f51f90100lovn.html
这里主要读取SIB1,SIB3.
其中最重要的是SIB3, 包含如下信息:
.Cell Selection and Re-selection info(小区选择和重选信息;)
⑴Mapping info:这一参数在系统间小区选择是使用.
⑵Cell Selection and Re-selection_quanlity measure:指示选择使用CPICH Ec/No还是使用CPICH RSCP作为质量测量的参数.
FDD模式的小区选择参数有: \ \ \RAT List \Qqualmin \ Qrxlevmin 等
小区选择/重选的其他参数有: \ \ \HCS Serving cell Information &Maximum Allowed UL TX Power
cell Access Restriction小区接入限制信息.指示小区是否被禁止,是否被运营商预留使用.
三 小区驻网 Cell Selection
参考文档: https://www.docin.com/p-302506100.html
经常遇到tester 问的问题,为神马我手机手动选网能注册到LTE网络上面,开机直接驻留网络就会到GSM上面。这个跟S准则,以及R准则有关系。
SIB2: PLMN 信息,跟SIM卡中的FPLMN等信息做对比
SIB3: 小区Selection ,Reselction 准则,用于判断是否可以接入,重新
SIB11: 邻小区信息,重选用
CPICH是Common Pilot Channel的缩写,意为公共导频信道
手机开机 首先搜寻之前 小区|频点,找到信号最好的,然后时隙同步(acq),最后读取SIB消息,根据当前的信号质量判断是否符合S准则以及小区非Barred(SIB消息里面),符合则发起Camp。
GSM: 主要
UMTS:
要满足两个条件:
Squal= ecio-Qqualmin
Srxlev = RSCP-Qrxlevmin-max{UE_TXPWR_MAX_RACH-P_MAX,0}
说明:
Squal:小区选择的信号质量值(RSRQ值)
ecio: 导频强度; 信噪比,手机测量出来的。
Qqualmin: 网络配置,SIB3 消息里面
Srxlev:小区选择的接收电平值
RSCP:
Qrxlevmin:小区要求的最小接收电平值(sib3)
UE_TXPWR_MAX_RACH: 网络最大允许的 上行 发射功率,SIB3中配置。该参数设置的越大,UE选择该小区驻留越困难;设置越小,则越容易,但是有可能造成UE驻留该小区之后,不能正确接收PCCPCH承载的系统消息
P_MAX: 手机最大的发射功率。 https://wenku.baidu.com/view/dfdde6146c175f0e7cd13750.html
*************step 7 RRC checks that the NAS supplied MCC-MNC matches with that received on BCH of newly acquired cell****************
03:00:43.931170 WCDMA RRC/High [ rrccsputil.c 20995] frequency 10663 band 1024 added to available PLMN list1
03:00:44.291171 WCDMA RRC/High [ rrccspdb.c 1651] Updated: PLMN 460-1 freq 10663 scr_code 8048 band 1024 CSG ID -1; num_csg_entries:0, curr_wr_index:1 in Acq DB1 03:00:44.291146 WCDMA RRC/High [ rrccspdb.c 1843] CSG: Added: PLMN 460-1, CSG ID -1; num_csg_entries: 0, curr_wr_index: 12
*************step8 评估S准则 (S criteria) ************
注: 小区重新是R准则(Ranking算法) 该过程用不到 rrcdata|rrccsputil
03:00:44.291171 WCDMA L1/High [ l1mcmd.c 1676] Received CELL_SELECTION_REQ1
03:00:44.291171 WCDMA RRC/High [ rrccsp.c 5731] Qualmin -18, Rxlevmin -115, MaxULTxPower 24
03:00:44.293723 WCDMA L1/High [ wsrch.c 28228] Qqualmin -18 Qrxlevmin -115 2*ecio=-5 2*squal=31 srxlv=40 rscp=-74
03:00:44.293723 WCDMA RRC/High [ rrccsp.c 14271] S criteria is met. curr_scan 0, splmn 1, g_srch_done 0,bcch_nas_match = 1, nas_eplmn = 0, bcch_eplmn = 01
03:00:44.293723 WCDMA L1/High [ wsrch.c 28265] Cell Selection Succeed, List srch cnt:11
说明:
2*Squal = 2*ecio-2*Qqualmin= -5+2*18= 31>0
Srxlev = RSCP-Qrxlevmin-max{UE_TXPWR_MAX_RACH-P_MAX,0}
=-74+115-max(24-23,0)
=40
Qrxlevmin and UE_TXPWR_MAX_RACH is from SIB3
Qqualmin is from SIB3
https://www.docin.com/p-302506100.html
P_MAX: UE 最大发射功率
后续驻网后,在测量报告中也可以持续看到该值
【0x412F】UL_DCCH Measurement Report
Channel Type = UL_DCCH, Radio Bearer ID = 2, Uarfcn = N/A, Psc = N/A, Message Length = 22
message measurementReport :
{
measurementIdentity 5,
measuredResults intraFreqMeasuredResultsList :
{
{
modeSpecificInfo fdd :
{
primaryCPICH-Info
{
primaryScramblingCode 42
},
cpich-Ec-N0 0,
cpich-RSCP 1
}
},
*****************step9 NAS Initiates “Registration*****************************
03:00:44.308020 NAS MM/High [ mmsend.c 1480] DS: SUB 1 =MM= MM sent MMR_CAMPED_IND RAT : 1, BAND : 4194304
03:00:44.309009 NAS MM/High [ gmmmsg.c 3388] DS: SUB 1 =MM= Sending ATTACH REQUEST message
03:00:44.309009 NAS MM/High [ mmsend.c 3609] DS: SUB 1 =MM= MM sent MMR_CELL_SERVICE_IND: hsdpa_supp=3, dtm_supp=0, egprs_supp=0
****************step10 OTA 交互*****************************
03:00:44.362030 [0x412F] UL_CCCH RRC Connection Request We send this message on the RACH
Channel Type = UL_CCCH, Radio Bearer ID = 0, Uarfcn = 10663, Psc = 503, Message Length = 15
plmn-Identity :mcc 460 mnc 01
establishmentCause registration,
03:00:44.370155 WCDMA L1/High [ wenc.c 7687] PrCPICH_P 33, CPICH_RSCP -75, UL_IF -105 const_val -20, Preambl_P -17, TFCI 01
Primary CPICH TX power (SIB 5)
CPICH_RSCP (UE measurement)
UL interference (SIB 7)
Constant Value (SIB 5)
Preamble_Initial_Power= 33-(-75)+(-105)+(-20) = -17
03:00:44.415546 WCDMA L1/Fatal [ wenc.c 11096] UL_RACH: RACH Tx successful, TxAgc -13, ai_Sum 6e66 Free Add:01
03:00:44.415546 WCDMA L2/High [ macrach.c 1061] rcvd L1_PRACH_ACK from L11
************step11 NAS REG 更新注册状态**************
2020 Sep 2 03:00:44.306 [D7] 0x4127 WCDMA Cell ID
UTRA UL Absolute RF channel number = 9713
UTRA DL Absolute RF channel number = 10663
Cell identity (28-bits) = 100834611
URA to use in case of overlapping URAs = 1
Cell Access Restrictions:
Cell Barred = FALSE
Cell Reservered = FALSE
Cell Reserved for SolSA = FALSE
UE Camped on Cell = TRUE
Allowed Call Access = All Calls
PSC (Primary Scrambling Code) = 8048
PLMN = 460 - 01F
LAC id = 53506
RAC id = 1
03:00:45.868987 NAS REG/High [ reg_state.c 11165] DS: SUB 1 =REG= CS_PS_SERVICE on HPLMN(460-1)
***********step12 通知AP*************************
03:00:45.870003 [0x1544] QMI_MCS_QCSI_PKT
packetVersion = 2
MsgType = Indication
Service_NAS {
nas_sys_info_indTlvs[3] {
Type = 0x18
Length = 33
wcdma_sys_info {
common_sys_info {
srv_domain_valid = true
srv_domain = SYS_SRV_DOMAIN_CS_PS
srv_capability_valid = true
srv_capability = SYS_SRV_DOMAIN_CS_PS
roam_status_valid = true
roam_status = NAS_SYS_ROAM_STATUS_OFF
is_sys_forbidden_valid = true
is_sys_forbidden = false
}
threegpp_specific_sys_info {
lac_valid = true
lac = 53506
cell_id_valid = true
cell_id = 100834611
reg_reject_info_valid = false
reg_reject_info {
reject_srv_domain = SYS_SRV_DOMAIN_NO_SRV
rej_cause = 0
}
network_id_valid = true
network_id {
mcc = { 4, 6, 0 }
mnc = { 0, 1, (invalid) }
}
}
wcdma_specific_sys_info {
hs_call_status_valid = true
hs_call_status = SYS_HS_IND_HSDPA_HSUPA_UNSUPP_CELL
hs_ind_valid = true
hs_ind = SYS_HS_IND_HSDPA_HSUPA_SUPP_CELL
psc_valid = true
psc = 503
}
}
}
四 从切比雪夫不等式看驻网时间
切比雪夫 证明比较简单,主要是可以看出当前测量值,和期望值之间误差上限概率。
这个如何应用:
影响驻网: UE由于受到CPU,RF,网络交互,内存等因素影响(可以算相关系数)
每次驻留网络都偏差很大。
: 作为与期望驻网时间的误差t
: 实际测试出来的驻网时间方差
根据实际频率,算出数学期望,可以动态的调整该
值。