You are on page 1of 5

1 Nokia Siemens Networks

Confidential
Emil Tool for LTE field debugging
2 Nokia Siemens Networks
Confidential
LTE field Troubleshooting
Current situation
Main sources for troubleshooting information
KPI counters from NetAct
Alarm history from NetAct
UE terminal logs from drive tests
Local SysLog traces & Local TTI traces
BTS Snapshots
Commercial Interface analyzer
Process for Troubleshooting
Check from KPI counters problematic behaving cells/sites
Check alarms for outages information
Fetch snapshots from problematic sites and forward to R&D to see if snapshot
files contain any useful information
Check protocol traces for fault details in S1 level
Check are any SysLogs available -> If not try to install BTSLog to site and
arrange drive tests for getting UE terminal logs
If logs dont contain useful information, discuss with R&D how to arrange
additional prints to logs
3 Nokia Siemens Networks
Confidential
LTE field Troubleshooting
Current problems
Log sizes
CPU inside eNB produce several Mbytes
logs in one second
No centralized debugging system can
handle all logs for multiple BTS
Big logs can not be distributed easily
across different parties
IPSec
S1 can not be traced unless ciphering key
is available
NAS ciphering
NAS protocol in encrypted and can not be
decoded without encryption key
Mobility and call trace without IMSI
Many different call and cell identifiers in
different SW levels, which are difficult to
map with each other
IMSI is not available in LTE RAN like in
WCDMA
Different kinds of protocols and
interfaces
Many different kinds of encoders needed

Volatile information
Information is available in logs only a
short period of time
Limited transmission and processor
capacity
Only limited capacity can be allocated for
debugging
Operator owned networks
Operator has to accept tools and related
costs for debugging and troubleshooting
Flat network architecture
Logs and relevant information are
distributed across whole LTE network in
eNB, no central node where to debug
Debugging does not cause eNB crashes
or performance degradation
Debugging affects multiple SC
Network debugging effect to eNB/SC is
not necessarily tested in lab
UP statistics
UP control information creates huge
amount of data to 1 ms TTI


4 Nokia Siemens Networks
Confidential
Security issues
Security Risks
Emil includes eNB IP addresses and FTM remote test port
passwords
Restrict Emil access only to dedicated personnel
Emil will remove IMSI and IMEI
Should not be a security risk, but must be tested that in
customer network to be working
Emil may crash like other Windows applications
To be sure that it is not affecting NetAct performance a
separate PC is recomended for tracing
Emil Traces include information about site names and
network quality
Traces should be maintained like other confidential
information and documents



5 Nokia Siemens Networks
Confidential
Emil practical arrangements
IMSI removal
UL-DCCH-Message : {
message c1 : rrcConnectionSetupComplete : {
rrc-TransactionIdentifier 2,
criticalExtensions c1 : rrcConnectionSetupComplete-r8 : {
selectedPLMN-Identity 1,
dedicatedInfoNAS '07 41 71 08 09 00 00 00 00 00 00 00 03 E0 E0 00 00 1D 02 01 D0 11 27 17
80 80 21 10 01 00 00 10 81 06 00 00 00 00 83 06 00 00 00 00 00 0A 00 31
03 E5 C0 04'H
}
}
}

Decoded NAS message: EMM:ATTACH REQUEST
PROTOCOL DISCRIMINATOR ----0111 EPS MOBILITY MANAGEMENT
Security header type 0000---- Not security protected
MESSAGE TYPE 01000001 ATTACH REQUEST
NAS KEY SET IDENTIFIER IE
TCS 0-------
NAS key set identifier -111---- No key is available
EPS ATTACH TYPE IE
Spare ----0---
EPS Attach Type -----001 EPS Attach
EPS MOBILE IDENTITY IE
Length 00001000 8
Identity digit 1 0000---- 0
Odd/even indication ----1--- odd
Type of identity -----001 IMSI
Identity digit 3 0000---- 0
Identity digit 2 ----0000 0
Identity digit 5 0000---- 0
Identity digit 4 ----0000 0
Identity digit 7 0000---- 0
Identity digit 6 ----0000 0
Identity digit 9 0000---- 0
Identity digit 8 ----0000 0
Identity digit 11 0000---- 0
Identity digit 10 ----0000 0
Identity digit 13 0000---- 0
Identity digit 12 ----0000 0
Identity digit 15 0000---- 0
Identity digit 14 ----0000 0




criticality ignore,
value RRC-Establishment-Cause : mo-Signalling
}
}
}
}

Decoded NAS message: EMM:ATTACH REQUEST
PROTOCOL DISCRIMINATOR ----0111 EPS MOBILITY MANAGEMENT
Security header type 0000---- Not security protected
MESSAGE TYPE 01000001 ATTACH REQUEST
NAS KEY SET IDENTIFIER IE
TCS 0-------
NAS key set identifier -111---- No key is available
EPS ATTACH TYPE IE
Spare ----0---
EPS Attach Type -----001 EPS Attach
EPS MOBILE IDENTITY IE
Length 00001000 8
Identity digit 1 0000---- 0
Odd/even indication ----1--- odd
Type of identity -----000 reserved
Identity digit 3 0000---- 0
Identity digit 2 ----0000 0
Identity digit 5 0000---- 0
Identity digit 4 ----0000 0
Identity digit 7 0000---- 0
Identity digit 6 ----0000 0
Identity digit 9 0000---- 0
Identity digit 8 ----0000 0
Identity digit 11 0000---- 0
Identity digit 10 ----0000 0
Identity digit 13 0000---- 0
Identity digit 12 ----0000 0
Identity digit 15 0000---- 0
Identity digit 14 ----0000 0



IMSI is visible both in RRC
and S1AP NAS messages.
Bits containing IMSI digits
are overwritten with zero
during tracing before
saving data
UE can report
IMSI in NAS
ATTACH
REQUEST,
TRACKING
AREA UPDATE
REQUEST or
IDENTITY
RESPONSE