What's going on inside?

In the spirit of really understanding how the AT&T MicroCell works, I was determined to get inside its inviting white shell. Unfortunately, after doing my homework, I started to get a feel for just how locked down this thing is - and why that's the case. First off, there's no internal status webpage as a diagnostic aide like you'd expect from a cable or DSL modem. Nothing. I searched around comprehensively for anything of the sort; it isn't there. What's surprising is that briefly, at startup, I saw nmap report ports 23, 80, and 8080 as filtered instead of open or closed, but that doesn't do anyone any good. The device always reports a hostname of "AT&T" and always pulls a DHCP lease at startup. There's no network configuration to speak of, so if you want to configure a static IP, static DHCP assignment is your only route. 
Obviously, tech savvy users also are going to want to configure proper port forwarding and QoS rules for prioritizing MicroCell traffic. Unfortunately, documentation here is beyond spartan. There are (no joke) four versions of the users guide floating around. First is the printed copy in box, then there's an AT&T PDF, and finally one in the FCC filing - all of which lack the section on what ports should be forwarded. Curiously, there's another version online that I later found here with the relevant ports (on page 5), but this was after I had already discovered them on my own.
Before I stumbled across that real users guide, I was determined to find out how the MicroCell was talking with AT&T and over what ports. I grabbed a second NIC and set myself up in a machine-in-the-middle configuration and started sniffing packets. It's obvious immediately that this thing is locked down tight. After booting, the device grabs a DHCP lease, syncs network time over NTP with, and does a DNS query for dpewe.wireless.att.com. After it gets the results, it talks with that server over HTTPS (TLSv1) for a bit, and then immediately fires up an IPsec VPN with After that, there's very little we can see going on - everything happens across that VPN tunnel. 
Lots of IPsec traffic and NAT-keepalive
The MicroCell uses IPsec with NAT traversal, explaining partly why you don't really have to port forward, but it's still a good idea. In fact, it's during the HTTPS session certificate exchange that we see the only bit of network traffic which would lead us to believe this is a micro, er, femtocell:
CPE - Customer Premises Equipment. Also parlance for locked down tight.

So those ports that you should forward or prioritize if you're setting up QoS that way? They're here:

Port Description
123/UDP NTP Traffic
443/TCP HTTPS over TLS/SSL for provisioning and management traffic
4500/UDP IPSec NAT Traversal (for all signaling, data, and voice traffic)
500/UDP IPSec Phase 1 prior to NAT detection, after which 4500/UDP is used
Unboxing a Cell Tower Inside The MicroCell: Hardware


View All Comments

  • atiller - Thursday, April 1, 2010 - link

    Thanks for the excellent and detailed report. One comment - your view of picocells is rather out of date. Just like femtocells, today's picocells use IP backhaul and can be installed without any specialist skills. Some people call them 'enterprise femtocells', but they have a larger capacity and range than a femto. Reply
  • Brian Klug - Thursday, April 1, 2010 - link

    Awesome tip, thanks, I definitely didn't know about these. Do you know what kind of carrier interaction is required for installing one of those? I mean, are they carrier agnostic, some common brand, and can anyone just buy them?

    I think there's definitely a market for malls and large shopping centers that want to improve coverage indoors - it seems to be a systemic problems for large buildings with high population density inside.

    -Brian Klug
  • Paulman - Thursday, April 1, 2010 - link

    Except that I was reading an 4/1/2010 post on a friend's blog which made me wonder when the tech sites would start posting their crazy stories, and then I realized... wait a second...

    Before realizing this, I had read up to page 4 (Inside the Networking), at which point I was like, "I'm done with this article - I was just really curious to see if this was a 3G signal repeater, or if it got the data through a broadband connection and then just broadcast it locally over 3G". Lol.
  • TGressus - Thursday, April 1, 2010 - link

    ...by failed handovers on AT&T.

    In southern California we as a community drive a lot (serious understatement), and many careers involve driving throughout the work day. Certain devices and occupations have moved my colleagues and family to AT&T at times, including the present. Everyone I know is regularly affected by the worst case handover scenarios you were surprised about in your article.

    It so predominant that I estimate 1/4 of my calls with AT&T I answer, "sorry, dropped call" rather than, "hello". It is the consensus of the mobile professionals with whom I interact through AT&T that one can not afford to make important phone calls on the road. I know that must seem like the most obvious statement ever, but try and empathize here; the nature of many businesses in massive urban sprawl lends itself to perpetual mobile telephony.

    People regularly attribute these issues to the coverage maps and, more recently, smart-phone burden. I'm no cellular techncian, but I suspect it's something more fundamental with GSM and/or AT&T technology. I'm not surprised you noticed this issue. In fact, I'm surprised you are surprised.
  • Brian Klug - Thursday, April 1, 2010 - link

    I can't speak for the load in that area, but migrating calls and handing them over if the adjacent cell sites are overloaded is generally what causes soft handovers to fail. So imagine that you're on a node, being serviced perfectly fine, but migrate (while driving, say) into an adjacent cell that's completely overtaxed. The phone will try to migrate its session, but if it's so overloaded that it can't, the call will fail.

    It's a sad state of things, but that's probably what's going on if you see that you have good signal but still encounter problems. In fact, I'd say if you don't hear distortion or blocking, but rather just have the call fail (and you're moving) this is probably the case. Of course, that market is one that AT&T is particularly stressed about and focusing on now, hopefully it improves.

    Both CDMA2000, GSM, and UMTS are equally robust in the soft handover arena, and it *usually* works flawlessly - this is a technology that's rolled out pretty much everywhere. The technology is robust, but it's entirely carriers prerogative to install it properly and watch out for these load issues. Nothing is going to overcome the laws of physics. ;)

    Brian Klug
  • slyck - Thursday, April 1, 2010 - link

    Comments so far are right on. This should be a choice of last resort only for those who are connected to their cell number. If you need internet to make your call there is always VOIP which costs far, far less. Reply
  • sxr7171 - Thursday, April 1, 2010 - link

    Firstly pardon my language here. But this is bullshit.

    These stupid wireless carriers have a lot of nerve trying to extend their wireless coverage off of the customer's dime. On top of the ridiculous prices they charge for voice and data and most importantly: SMS. They have a lot of nerve asking customers to pay for the device and to pay for calls on it.

    The only advantage this has over a VOIP solution is basically seamless hand-offs - WHICH THIS CRAP PRODUCT DOES NOT DO.

    For GSM users this functionality was built into the standard and has been around for years and was mentioned in the article: SIP. T-mobile uses it but they restrict the devices.

    SIP is a feature built into many open unlocked phones like Symbian phones from Nokia and others, but our US carriers don't like such open phones so they would never allow a carrier sponsored phone to have the SIP software intact in the FW/OS. The whole technology was designed around having a choice of cell phone provider and SIP provider - you know choice as in the kind that creates competition. But our carriers will never allow that, and our consumers will always get sucked into carrier contracts and locked phones. This sort of thing is what makes it impossible to launch a phone or technology without the carrier's blessing and it is what makes us indentured to carriers.

    That iPhone is not $200 always remember the $1680 of overpriced service that is part of it. An unlocked iPhone costs $999. Think about why that is. It's because with the carriers control the device prices since they control who can buy it and what services must be purchased and how much that service costs. Will wireless ever be a free market in the US?
  • HotFoot - Thursday, April 1, 2010 - link

    Have to agree with you. This is just silly.

    Where I live, there are two good solutions for the problem this device/service is trying to solve.

    1) Rogers has wifi capable cell phones that will switch to using your home 802.11 (or other hotspots) for making calls. When you're on wifi with these phones, you get different rates for calls much more in line with VoIP.

    2) Smart phone that will Skype over wifi. I pay $15/mo for my cell phone service plus another $3 to Skype for unlimited calling in North America. That's $18/mo, no contracts. I did pay $600 for my N900, so if that lasts me 3 years add another $18/mo to the total so I pay $36/mo to have basic cell phone service while I'm out and about and unlimited calling while at home, work, or coffee shop/anywhere there's free wifi.

    Anyone feeling like this AT&T offer is a load of steaming crap in comparison?
  • sxr7171 - Thursday, April 1, 2010 - link

    But the 2 are open technologies that were supposed to enable seamless hand-offs and choice of service provider. Reply
  • Wayne86 - Thursday, April 1, 2010 - link

    I was hoping this article was an April Fools joke. Alas, after Topekaing, it is not. :) Reply

Log in

Don't have an account? Sign up now