What's going on inside?

In the spirit of really understanding how the AT&T MicroCell works, I was determined to get inside its inviting white shell. Unfortunately, after doing my homework, I started to get a feel for just how locked down this thing is - and why that's the case. First off, there's no internal status webpage as a diagnostic aide like you'd expect from a cable or DSL modem. Nothing. I searched around comprehensively for anything of the sort; it isn't there. What's surprising is that briefly, at startup, I saw nmap report ports 23, 80, and 8080 as filtered instead of open or closed, but that doesn't do anyone any good. The device always reports a hostname of "AT&T" and always pulls a DHCP lease at startup. There's no network configuration to speak of, so if you want to configure a static IP, static DHCP assignment is your only route. 
 
Obviously, tech savvy users also are going to want to configure proper port forwarding and QoS rules for prioritizing MicroCell traffic. Unfortunately, documentation here is beyond spartan. There are (no joke) four versions of the users guide floating around. First is the printed copy in box, then there's an AT&T PDF, and finally one in the FCC filing - all of which lack the section on what ports should be forwarded. Curiously, there's another version online that I later found here with the relevant ports (on page 5), but this was after I had already discovered them on my own.
 
Before I stumbled across that real users guide, I was determined to find out how the MicroCell was talking with AT&T and over what ports. I grabbed a second NIC and set myself up in a machine-in-the-middle configuration and started sniffing packets. It's obvious immediately that this thing is locked down tight. After booting, the device grabs a DHCP lease, syncs network time over NTP with 12.230.208.48, and does a DNS query for dpewe.wireless.att.com. After it gets the results, it talks with that server over HTTPS (TLSv1) for a bit, and then immediately fires up an IPsec VPN with 12.230.209.193. After that, there's very little we can see going on - everything happens across that VPN tunnel. 
 
Lots of IPsec traffic and NAT-keepalive
 
The MicroCell uses IPsec with NAT traversal, explaining partly why you don't really have to port forward, but it's still a good idea. In fact, it's during the HTTPS session certificate exchange that we see the only bit of network traffic which would lead us to believe this is a micro, er, femtocell:
 
CPE - Customer Premises Equipment. Also parlance for locked down tight.
 

So those ports that you should forward or prioritize if you're setting up QoS that way? They're here:

Port Description
123/UDP NTP Traffic
443/TCP HTTPS over TLS/SSL for provisioning and management traffic
4500/UDP IPSec NAT Traversal (for all signaling, data, and voice traffic)
500/UDP IPSec Phase 1 prior to NAT detection, after which 4500/UDP is used
Unboxing a Cell Tower Inside The MicroCell: Hardware
POST A COMMENT

63 Comments

View All Comments

  • dkapke - Thursday, April 1, 2010 - link

    I can't speak for what AT&Ts plans are, but I think what a lot of you aren't seeing, at least in terms of Sprint, is I LOVE their femtocell. Not because I can't get service or have crappy coverage, but because it allows UNLIMITED calls. I can get their cheapest plan, eliminate the home phone, and so long as I'm not driving between 6a-6p all of my calls are free. I work from home so this is great.

    So, all of you saying this is AT&Ts method of uncongesting their network - yes, that's true. But you're missing a very valid argument FOR these - unlimited calling. I guess you have to determine how often you're at home and how many minutes you use at home before night/weekend calling kicks in, but for those of us who work from home, these are awesome and well worth the $20. Oh, and when my kids come down for the summer and spend all day on the phone while they're sitting around at the house...yeah...it pays for itself very quickly.
    Reply
  • echtogammut - Thursday, April 1, 2010 - link

    They even collaborated with AT&T on this one : http://www.wireless.att.com/learn/why/3gmicrocell/...

    Seriously, what really gets me about this, is I installed a booster for the last company I worked with because they were not able get calls when more than 5 data phones were in the building. I called AT&T to see if I could work with them about setting up a device similar to the microcell and they transferred me to an engineer that warned me off boosting the signal. Not that long ago they called me and offered this device to fix my reception issues and charge me for another service plan... no thank you, the booster is working fine.
    Reply
  • kamikaze56 - Thursday, April 1, 2010 - link

    I agree with all you guys saying that you wont pay for a monthly cellular bill, buy your own "cell" wich uses YOUR own internet connection.. But just remember a few facts:

    - First of all, this device is aimed to people who have very low to zero coverage on their house/workplace and DONT want to change carrier (Or cant due to contracts), it is not aimed to people who can change their carrier at anytime..

    - Second, most of the "negative" review on this article was found on location 1 (Location in urban area, with a really good coonection, crowded spectrum etc) remember, this device is aimed to locations with Zero to Really bad coverage

    - 3rd and most important: Yes, you are paying your bill, you are paying by your own cell and using your own internet connection but remember, you are just using like 1/50 part of your connection in order to REACH THE CORE NETWORK, what happens in the core network and forward its still being done by the carrier (And this part of the communication process is the one that costs more), so your basically paying for using this core network. If you dont agree with this.. DONT BUY IT
    Reply
  • kidboodah - Thursday, April 1, 2010 - link

    There seems to be a misunderstanding on the pricing of this.

    You pay $20 a month for unlimited minutes while connected to it. This includes up to 4 simultaneous connections.

    So let's say you have a 1400 FamilyTalk plan, with 4 lines. That's $109.99 per month normally. Add the Microcell and you have Unlimited talking from home for $129.99 for all lines.

    Compare this to an Unlimited Family Talk plan for $70+50+50+50....and you're saving $100 a month.

    It's definitely worth the initial cost for alot of customers who are on Family plans and want unlimited service from home -- while ALSO giving them full signal strength.
    Reply
  • taltamir - Thursday, April 1, 2010 - link

    there is no such thing as a radius in square feet.
    Square feet is used to describe the area.
    Since the area of a circle is Pie*r^2 then ((5000 ft^2)/pie)^0.5 = r
    or a radius of 39.89 feet
    Reply
  • Brian Klug - Thursday, April 1, 2010 - link

    Oops, that's a typo! Fixed!

    -Brian Klug
    Reply
  • Ardric - Thursday, April 1, 2010 - link

    The TCP and UDP ports you've listed are only used for provisioning, when the device boots. They don't carry the voice traffic. There's no use in bothering with them. Especially HTTPS -- do you really want to elevate that for your banking site too!?

    The voice traffic is on the IPsec tunnel, and that's carried by the ESP protocol. ESP is IP protocol 50. There's no port number.

    So ignore the TCP and UDP ports and prioritize on ESP, preferably in combination with the particular AT&T IP addresses. That's how you should set up your QoS matching.
    Reply
  • Brian Klug - Thursday, April 1, 2010 - link

    You're totally right about the provisioning ports being used only for initial setup, but the device is using IPsec NAT-T, which is definitely 4500/UDP.

    To be honest, all my QoS rules prioritized the device in general - I'd say doing it with a static DHCP lease IP address or MAC addy makes the most sense.

    Cheers,
    Brian Klug
    Reply
  • SmCaudata - Friday, April 2, 2010 - link

    With T-mobile I have UMA on my phones so I can make calls anywhere I have a wireless signal. I don't need an extra box in my home AND I can use it in the deepest basement of my work.

    AT&T sucks. The iPhone is the ONLY thing they have going for them.
    Reply
  • leexgx - Friday, April 2, 2010 - link

    at any time did you use 2g only (set the Phone to 3g off) as i find 3g/HSDPA mostly unreliable (more so on the Iphones not so much on windows phones with HSDPA off) problem is most phone makers set the Hand over to GSM or 2g for there phones to low and i find 3g has more problems with weaker signal (if should move to 2g when signal is below 20% back to 3g when above 35%, as when 3g gets to less then 10-20% it seems to be unreliable) Reply

Log in

Don't have an account? Sign up now