Bug #5717
closedARFCN wrong in meas report system in multi-band BSS
100%
Description
If you setup osmo-bsc with two BTS in one band and a third BTS in another band, then it seems that something is messed up with the index to arfcn translation. The meas report system reports the wrong ARFCN. AS much internally as in the meas feed.
It seems to affect Handover, as in HO then doesn't work.
I think it has something to do with this:
int gsm48_parse_meas_rep(struct gsm_meas_rep *rep, struct msgb *msg)
{
struct gsm48_hdr *gh = msgb_l3(msg);
uint8_t *data = gh->data;
struct gsm_bts *bts = msg->lchan->ts->trx->bts;
struct bitvec *nbv = &bts->si_common.neigh_list;
struct gsm_meas_rep_cell *mrc;
/* SNIP SNIP */
mrc = &rep->cell[0];
mrc->rxlev = data[3] & 0x3f;
mrc->neigh_idx = data[4] >> 3;
mrc->arfcn = bitvec_get_nth_set_bit(nbv, mrc->neigh_idx + 1);
/*SNIP SNIP */
}
Is that neigh_list getting setup ordered by band or something? I don't really grok all that bitvec.
Files
Updated by keith over 1 year ago
system_information.c:707
/* Set BA-IND depending on whether we're generating SI2 or SI5.
* The point here is to be able to correlate whether a given MS
* measurement report was using the neighbor cells advertised in
* SI2 or in SI5, as those two could very well be different */
if (si5)
chan_list[0] |= 0x10;
else
chan_list[0] &= ~0x10;
is any of this relevant?
I see the above, but I don't see encoding of a "Neighbour Cell Description 2" anywhere.
10.5.2.22a.1
Bits 6 and 7 of Octet 2
Multiband reporting
Binary encoding of multiband reporting parameter as specified in 3GPP TS 45.008.
Range: 0 to 3
Also EXT-IND? Where do we set that in the SI2 when we have SI2ter? Seems like it should be set.
Table 10.5.2.22.1: Neighbour Cell Description information element
EXT-IND, Extension indication (octet 2, bit 6)
If received in System Information 2, 2bis, 5 or 5bis this bit indicates whether the information element carries the
complete information of a BCCH channel sub list or whether a complementary information element is sent in
another message.
Updated by keith over 1 year ago
- File rsl_bringup-si.pcap rsl_bringup-si.pcap added
SI -> gsm_abis_rsl.msg_type == 0x11
Updated by keith over 1 year ago
- File meas_sample.pcap meas_sample.pcap added
The only thing I note in this sample is that one MS has 3G-BA-USED: 0 and the other has 3G-BA-USED: 1
In this sample only the BTSs on ARFCNs 251 and 11 are transmitting.
To be absolutely clear, ARFCN 247 is NOT transmitting
Here's a sample of osmo-bsc log:
20221018175726648 DMEAS DEBUG [subscr-IMSI-334070000000890-TMSI-0x83095895] MEASUREMENT RESULT NR=242 RXL-FULL-ul=-47dBm RXL-SUB-ul=-47dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0dB MS_TO=-1 L1_MS_PWR= 5dBm L1_FPC=0 L1_TA=0 BA1 RXL-FULL-dl=-54dBm RXL-SUB-dl=-54dBm RXQ-FULL-dl=0 RXQ-SUB-dl=0 NUM_NEIGH=1 (abis_rsl.c:1336) 20221018175726648 DMEAS DEBUG IDX=1 ARFCN=247 BSIC=63 RXLEV=-92dBm (abis_rsl.c:1343)
You can see that the index 1 in the neigh cell meas result is being interpreted as arfcn 247.
Updated by keith over 1 year ago
keith wrote in #note-1:
Bits 6 and 7 of Octet 2
Multiband reporting
Not relevant, 00 is fine. It means report all neigh, regardless of band.
Updated by keith over 1 year ago
keith wrote in #note-5:
The only thing I note in this sample is that one MS has 3G-BA-USED: 0 and the other has 3G-BA-USED: 1
Actually that's not relevant as I remembered that the phone not reporting 3G-BA-USED doesn't have any 3G RF capabilities on the secondary SIM slot that is being used here, so it makes sense.
Updated by keith over 1 year ago
- File meas_sample_all_BTS.pcap meas_sample_all_BTS.pcap added
I think that in this pcap you can see how the indexes that the phones are sending in the meas rep is the reverse of what osmo-bsc expects.
In this pcap, first of all, All BTS are transmitting. then I lock ARFCN 247, then I unlock ARFCN 247 and lock ARFCN 11
Also, in the log:
20221018182546740 DMEAS DEBUG [subscr-IMSI-334070000000968-TMSI-0x3f42fe30] MEASUREMENT RESULT NR=55 RXL-FULL-ul=-55dBm RXL-SUB-ul=-55dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0dB MS_TO=0 L1_MS_PWR= 5dBm L1_FPC=0 L1_TA=0 BA1 RXL-FULL-dl=-53dBm RXL-SUB-dl=-53dBm RXQ-FULL-dl=0 RXQ-SUB-dl=0 NUM_NEIGH=2 (abis_rsl.c:1336) 20221018182546740 DMEAS DEBUG IDX=0 ARFCN=11 BSIC=63 RXLEV=-87dBm (abis_rsl.c:1343) 20221018182546740 DMEAS DEBUG IDX=1 ARFCN=247 BSIC=63 RXLEV=-91dBm (abis_rsl.c:1343)
lock arfcn 247....
20221018182625620 DMEAS DEBUG [subscr-IMSI-334070000000968-TMSI-0x3f42fe30] MEASUREMENT RESULT NR=136 RXL-FULL-ul=-56dBm RXL-SUB-ul=-56dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0dB MS_TO=0 L1_MS_PWR= 5dBm L1_FPC=0 L1_TA=0 BA1 RXL-FULL-dl=-53dBm RXL-SUB-dl=-53dBm RXQ-FULL-dl=0 RXQ-SUB-dl=0 NUM_NEIGH=1 (abis_rsl.c:1336) 20221018182625620 DMEAS DEBUG IDX=1 ARFCN=247 BSIC=63 RXLEV=-93dBm (abis_rsl.c:1343) 20221018182625620 DMEAS DEBUG meas_feed (bts=0,trx=0,ts=4,ss=0): sent measurement report (meas_feed.c:93) 20221018182626039 DMEAS DEBUG [subscr-IMSI-334070000000890-TMSI-0x83095895] MEASUREMENT RESULT NR=149 RXL-FULL-ul=-47dBm RXL-SUB-ul=-47dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0dB MS_TO=-1 L1_MS_PWR= 5dBm L1_FPC=0 L1_TA=0 BA1 RXL-FULL-dl=-55dBm RXL-SUB-dl=-55dBm RXQ-FULL-dl=0 RXQ-SUB-dl=0 NUM_NEIGH=1 (abis_rsl.c:1336) 20221018182626039 DMEAS DEBUG IDX=1 ARFCN=247 BSIC=63 RXLEV=-80dBm (abis_rsl.c:1343)
unlock 247, lock 11....
20221018182638580 DMEAS DEBUG [subscr-IMSI-334070000000968-TMSI-0x3f42fe30] MEASUREMENT RESULT NR=163 RXL-FULL-ul=-56dBm RXL-SUB-ul=-57dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0dB MS_TO=0 L1_MS_PWR= 5dBm L1_FPC=0 L1_TA=0 BA1 RXL-FULL-dl=-53dBm RXL-SUB-dl=-53dBm RXQ-FULL-dl=0 RXQ-SUB-dl=0 NUM_NEIGH=1 (abis_rsl.c:1336) 20221018182638580 DMEAS DEBUG IDX=0 ARFCN=11 BSIC=63 RXLEV=-87dBm (abis_rsl.c:1343) 20221018182638580 DMEAS DEBUG meas_feed (bts=0,trx=0,ts=4,ss=0): sent measurement report (meas_feed.c:93) 20221018182638999 DMEAS DEBUG [subscr-IMSI-334070000000890-TMSI-0x83095895] MEASUREMENT RESULT NR=176 RXL-FULL-ul=-47dBm RXL-SUB-ul=-47dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0dB MS_TO=-1 L1_MS_PWR= 5dBm L1_FPC=0 L1_TA=0 BA1 RXL-FULL-dl=-55dBm RXL-SUB-dl=-55dBm RXQ-FULL-dl=0 RXQ-SUB-dl=0 NUM_NEIGH=1 (abis_rsl.c:1336) 20221018182639000 DMEAS DEBUG IDX=0 ARFCN=11 BSIC=63 RXLEV=-83dBm (abis_rsl.c:1343) 20221018182639000 DMEAS DEBUG meas_feed (bts=0,trx=0,ts=3,ss=0): sent measurement report (meas_feed.c:93) 20221018182639060 DMEAS DEBUG [subscr-IMSI-334070000000968-TMSI-0x3f42fe30] MEASUREMENT RESULT NR=164 RXL-FULL-ul=-56dBm RXL-SUB-ul=-56dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0dB MS_TO=0 L1_MS_PWR= 5dBm L1_FPC=0 L1_TA=0 BA1 RXL-FULL-dl=-53dBm RXL-SUB-dl=-53dBm RXQ-FULL-dl=0 RXQ-SUB-dl=0 NUM_NEIGH=1 (abis_rsl.c:1336) 20221018182639060 DMEAS DEBUG IDX=0 ARFCN=11 BSIC=63 RXLEV=-84dBm (abis_rsl.c:1343)
Updated by keith over 1 year ago
Table 10.5.2.20.1: Measurement Results Contents details
Report on GSM cells:
BCCH-FREQ-NCELL i, BCCH carrier of the i'th neighbour cell.
The BCCH-FREQ-NCELL i field is coded as the binary representation of the position, starting with 0, of the
i'th neighbour cells BCCH carrier in the BCCH channel list. The BCCH channel list is composed of one or
two BCCH channel sub lists, each sub list is derived from the set of frequencies defined by reference
neighbour cell description information element or elements. In the latter case the set is the union of the two
sets defined by the two neighbour cell description information elements.
In each BCCH channel sub list the absolute RF channel numbers are placed in increasing order of ARFCN,
except that ARFCN 0, if included in the set, is put in the last position in the sub list. The BCCH channel list
consists either of only the sub list derived from the neighbour cell description information element(s) in
System Information 2/5 (and possible 2bis/5bis) or of that sub list immediately followed by the sub list
derived from the neighbour cell description information element in System Information 2ter /5ter for the case
System Information 2ter/5ter is also received. If the set of ARFCNs defined by the reference neighbour cell
description information element or elements includes frequencies that the mobile station does not support
then these ARFCNs shall be included in the list.
The notation 2/5 etc. means that the rules above apply to the neighbour cell description information elements
received in System Information 2, 2bis and 2ter and to those received in System Information 5, 5bis and 5ter
separately.
Range: 0 to 31/30
Updated by keith over 1 year ago
So Index 1 should be ARFCN 11, right, as si2ter was received and the list is the concatenation of si2 and si2ter?
That's the way I understand the above.
so
0=>247
1=>11
Updated by keith over 1 year ago
So I think it's pretty obvious now what the problem is, and this:
bitvec_set_bit_pos(bv, cur_bts->c0->arfcn, 1);
and this:
mrc->arfcn = bitvec_get_nth_set_bit(nbv, mrc->neigh_idx + 1);
will not do.
I'm not sure if we are going to be able to retrieve the index correctly from a bitvec, I don't really understand it.
Updated by osmith over 1 year ago
Thanks for the pcaps and additional information, Keith!
I think you have analyzed this right, the problem is that OsmoBSC uses one bitvec to basically store a list of index -> arfcn and it contains both si2 and si2ter entries.
It seems what we need instead is having two separate bitvecs, one for si2, one for si2ter. Then try to lookup the index in the si2 bitvec first, and if the index exceeds the entries in that list, then look in the si2ter bitvec.
I'll try to come up with a patch.
Updated by keith over 1 year ago
thanks osmith
just to say it, this is not really something that is in my way as I don't run any multi-band systems, but I noticed it as I wanted to test something that involved two bands.
It was kind of interesting though, and I just figured it might bite somebody some time so better to fix it, but for me, zero urgency, if you have higher priority tasks.
Updated by osmith over 1 year ago
- Status changed from New to In Progress
- % Done changed from 0 to 90
Sure, thanks for reporting it.
This should fix it (do you want to test it?):
https://gerrit.osmocom.org/c/osmo-bsc/+/29836
Updated by osmith over 1 year ago
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100
Applied in changeset osmo-bsc|5bdc3eca68b4c1c0a0515da52dbbd8c2fe993d93.
