Hardware Buyer’s Guide

The CoLTE project on GitHub has all the network software you’ll need. In this post, I’m going to talk about hardware requirements. To setup the simplest CoLTE network possible, you’ll need the following things: An EPC, an eNodeB, a cell phone, and a SIM card.


CoLTE is a set of software packages meant to be installed on the EPC. The EPC can be any basic computer capable of running Linux. We’ve had success with a wide variety of machines, including desktops, laptops, and small Zotac boxes.

In terms of OS support, right now we only support Debian 9 (Stretch). Ubuntu 18.04 support is coming very soon, and we have no current plans to support other Linux flavors, but all codebases involved are relatively simple and it should not be hard to port CoLTE.

The eNodeB

In the CoLTE architecture, the eNodeB is a physically separate machine from the EPC. The eNodeB can either be a computer equipped with a software-defined radio (SDR) or a specialized piece of commercial equipment. The former is typically used for small-scale lab tests, and the latter is typically used for production network environments.

Software-Defined Radios

Software defined radios (such as the USRP B200 series) are a great solution for quickly prototyping stuff in your lab and making sure it works. SDRs are small, programmable radios that you connect to any computer over USB. The computer then downloads/installs specific SDR drivers and uses them to control the radio on any frequency or with any protocol it wants: cellular, WiFi, AM/FM, it’s all the same.

The big tradeoff between SDRs and normal radios is that in a standard radio, most of the lower-level operations are baked into the hardware itself (this hardware can be, for example, a WiFi dongle or card). This leads to better performance and lower costs, but much less flexibility than the SDR.

Warning: In our lab tests, the SDR can sometimes work great and sometimes be a bit finnicky – nine times out of ten, this relates to timing precision issues. Read/follow the instructions very, very carefully, make sure you install the Linux low-latency kernel, and make sure you connect the SDR over USB 3.0.

Commercial Equipment

If you’re building a production network, you’ll need a much more powerful eNodeB than what you can get from an SDR. Even a relatively cheap commercial-grade eNodeB can support much higher network bandwidth, a larger number of simultaneously-connected users, and (most importantly) has a much, much higher range of coverage.

The downsides of buying commercial equipment are (1) they’re much more expensive than SDRs and (2) they’re more specialized and much less customizable than SDRs. Because of this, when you buy a commercial eNodeB, you typically must choose a specific single frequency band (out of 40+ possible LTE bands) you want to broadcast your network on. Once chosen, this frequency is a part of the hardware platform itself, so you can never, ever change it. Choosing the right frequency for your network is a pretty complicated process which we’ll cover another time – hopefully with a guest post, since I’m not a hardware engineer.

The Cell Phone

Pretty much any make/model of LTE phone will work with CoLTE, just as long as it supports the same band as your eNodeB! This point can’t be stressed enough: out of 40+ LTE bands, any cell phone model will only support a handful (maybe 5-8) of them. This is a function of the phone’s hardware, and is absolutely not changeable at all. If your eNodeB is an SDR, you should be able to configure the SDR to broadcast on one of the bands supported by the phone. If your eNodeB is a commercial product, it typically will only support one band – and if it’s the wrong one, you’re out of luck. Don’t screw this one up!

To figure out which bands your phone supports, be very careful and do not assume anything: this detail can change behind the scenes very quickly. The same model of phone, marketed as “European Model” vs “North American Model,” for example, will almost certainly support different bands. I strongly recommend reading the fine print on the exact product you purchase – and if the website doesn’t specify, reach out and ask the vendor directly, so you have a paper trail. GSM Arena is also a fantastic resource for looking up which phones support which bands.

When buying a phone, you must also make sure that (1) the phone has a SIM card slot and (2) it’s unlocked and can work with any carrier. This is because you’re essentially becoming a carrier yourself. Please double-check this, because prepaid phones often don’t come with a SIM card, and locked-down phones will often just reject SIM cards from carriers they don’t recognize (i.e. you).

Recommendation: For the cheapest (<$100) unlocked workable example we could find, our lab went with the Motorola Moto C. Amazon link here.

SIM Cards

Okay: we’ve got an EPC, eNodeB and phone that all work with each other… all that’s left to do is to get a SIM card for our network. How do we do that?

Where to Order: You can get LTE SIMs several different ways, depending on what you’re doing and how many you need. When we bought our commercial eNodeB, BaiCells was kind enough to include five “test case” SIMs for us to verify that the network works. Alternatively, various vendors on Amazon and eBay sell sets of 5/10/20 blank SIMs at a cost of 5-10 USD per SIM. Finally, you can contract with sellers on Alibaba.com for much cheaper SIMs (0.65 USD) as long as you’re okay with a minimum order size that can range from 200 to 1,000 cards.

Milenage Support: Different SIM cards support different encryption algorithms, and LTE requires “Milenage.” Don’t worry about what that means, just make sure that somewhere on the description, it says the SIM card supports the Milenage algorithm.

Don’t Forget Form Factor: SIM cards come in three sizes: Standard (aka Mini), Micro, and Nano. They’re really the exact same thing, and the only difference between one and the other is the amount of plastic around the chip. You can actually cut a bigger size down to a smaller size, but to avoid a headache, check your phone (or look it up on GSM Arena) and make sure you’re ordering SIMs that punch out to the right size. When we ordered our SIMs (blog post here), we asked the vendor to make sure that the SIMs punched out in every possible size, and they did this for us at no extra charge.

Setting Values: LTE SIM cards store a bunch of information pertaining to the network and . Some of these are more important or crucial than others, and some aren’t important at all. At a minimum, you’ll have to specify IMSI, KI, and OPC, but you should also specify MSISDN and ICCID. It’s also fun to set the SPN (the “Network name” the phone displays when connected). If all of this sounds like a bunch of alphabet soup mumbo-jumbo, read the guide here.

Once you know what you want for these values, there are two main ways to get them in the SIM: You can ask the manufacturer to load them all for you, or you can ask for rewritable SIMs and load them yourself with a smart card reader. I strongly recommend asking the manufacturer to load these values, especially in a production context, because rewritable SIMs are considered a significant security risk in that attackers (or even malicious apps!) could potentially learn the SIM’s secret keys. In contrast, if the manufacturer preloads the values for you, they make the SIM in a way that the secret values (like KI and OPC) are simply unreadable by any device or application at all.

%d bloggers like this: