4G/LTE - Test

  

 

 

 

Duplicating Live Network - Radio Link

 

The first item of the everybody's wishlist for most of mobile phone engineers would to get a solution that can capture everything (singling, RF signal) in the live and play it back in the lab and duplicate exact live environment within a lab. Based on my experience with evaluating a lot of systems that is claimed to have this kind of capabilty, I haven't seen any of the solution that does exactly what they claims.

 

There are several solutions/methodologies we can think of (also I personally evaluated in most cases). Personally I am intersted very much in this area, but there no solution like plug-and-play like solution.  In this page, I will talk mostly about duplicating RF channels and I will post a separate pages for Protocol Stack duplication later.

 

So my recommendations are

i) set the realisitic expectation (meaning very low expectation)

ii) move forward in very small step at a time and accumulate the knowledge and experience over years.

 

 

I/Q Capture and Replay System

 

There are a couple of hardwares that can capture all the RF around the equipmnent in the form of IQ data with high sampling rate (high enough to match the baseband sampling rate for each radio technology) and streaming into high performance hard disk to store signals for long time (even up to a couple of hours of signal). Some companies provides the signal generators that can play back this kind of captured signal.

 

However, just capture and replay would not be much help to duplicate the exact live nework environment because duplicating the live network environment mean not only RF quality but also protocol sequence. Even the exact same stream of RF signal would influence completely differently differently depending on the status where UE is at in terms of protocol statemachine.

 

 

I/Q Capture with Protocol Stack Decoding Capability

 

There is some equipment that can capture both I/Q data and Signaling message. This is a kind of Celluar Network Sniffer (like IP Sniffer, WLAN Sniffer). Ideally if you completely analyze the data, you can get both RF channel information and Signaling message.

 

But in reality, there is some practical problem as described below.

i) I saw a couple of good sniffer, but I haven't seen any of these tools to have signal generator so that we can play back the signal.

ii) These equipment captures not only the signal for the specific DUT and specific BTS, but also the signal for all the other UEs and BTS that are around the equipment. It would not be a trivial to extract the signals directly influence the DUT.

iii) Like every sniffing tools, it can capture all the protocol stacks but it cannot decode full RRC/NAS message if the message is ciphered. Unforutnatley Ciphering is enabled for most (practically) of live network.

 

 

Using UE logs

 

Another method is to use UE log. Theorectially, if you have following information with very good time resolution, you can generate the signal pretty close to the live network environment.

 

< LTE >

  • RSRP
  • RSRQ
  • RSSI
  • SNR
  • Fading Parameters (Doppler Shift, Number of Delay taps, Delay/Loss/Angle of Arrival for each Taps)

 

< WCDMA/HSPA>

  • EcNo
  • EcIo
  • SNR
  • Fading Parameters (Doppler Shift, Number of Delay taps, Delay/Loss/Angle of Arrival for each Taps)

 

In most of  UE log provided by chipset vendor would give you RSRQ, RSRP,EcNo (At least, I am pretty sure that at least one logging tool has the capability, but haven't tried the logging tool from all the chipset vendor). However, not sure of SNR. We can make some inference about SNR from RSRQ, but explicit print out of SNR will be more helpful.

 

The tricky part is Fading Parameters. As far as I know, there is no UE logging tool to provide these information. In case of Radio technology like CDMA, WCDMA that use Rake Reciever, there has been some discussion that it may be possible to calculate most of the fading parameters like (Number of Delay Taps, Loss, Delay for each taps) from Rake Reciever information. But I haven't seen any commercialized solution yet.  However, even with this we are still missing with the information of Doppler Shift, Angle of Arrival. In short, I haven't seen any solid technology/means to extract Fading parameters from any data. Some vendor claim they provide engineering service to extract these information from the captured I/Q Data and some vendor claim that they have software tool to estimate these from UE side log, but I haven't got a chance to verify them.

 

 

Proposed Equipment Setup

 

When it comes to simulating live network radio environment, following type of setup is mostly used. Since UE performance is influenced not only by high layer signaling and physical channel condition. We need to both information to simulate those environment more accurately. Even with you have all the information about physical channel conditioin, you need a flexible network simulator to let UE running in sync with a specific physical channel condition. When you try to duplicate the signaling side, don't try to extract and reflect every single signaling messages. It would take too long time/effort, probably end up with failure even with the effort depending on situation. My recommendation is to pick a certain time frame (usually relatively short time frame where there is not so complicated mobility and the time frame) and focus on only one specific cells that is currently in service with the UE and try to get the information only on following RRC message and some MAC information (in case of LTE).  

 

Again, more tricky part is to simulate physical Radio Channel part. As I mentioned above, there is no solid/easy solution in the industry to extract all the channel information directly from live capture. Still the most common practice is to use those information from 3GPP test spec or Carrier test spec. I know those fading parameter from the spec cannot be accurate model and cannot reflect the unqiue situation for a specific cell at specific timing, but these are the most practical means at hand as of now. If you are really interested in duplicating the live network situation, my recommendation is to start with 3GPP/Carrier test setup first and keep tweaking the parameters over years of try-and-error/experience. It will be very interesting task as an engineer and will be an important intellectual property when you have accumulated those knowlege, but don't put it in the weekly or monthly plan list submitted to your manager :)