Open source private lte and 5g networks

It’s so easy these days to set-up your own WiFi network. You order a router online, plug it into the electrical socket, define a password and you’re good to go. WiFi is fast, reliable and easy to use. But if you want to cover a wider area or connect hundreds of small devices it quickly becomes inefficient and expensive. Is the only way to go to your local mobile network operator and sign a contract? No! Thanks to open source technology, you can build your own LTE or 5G network. 

Why would I build a private mobile network?

Mobile technologies like LTE or 5G give your private network great capabilities. You can cover huge areas with a small amount of equipment. Also, choosing the right frequency, you can achieve great performance through walls or underground. Mobile networks are much more secure than WiFi. Not to mention, it enables you to now get all power and features only carriers had, like location tracking of user equipment (UE) with sub 1 meter accuracy or advanced signalling and telemetry.

How can I start building open source mobile networks?

You might be scared of high upfront costs required to start building an LTE or 5G network. Fortunately, it’s not that bad. The minimum starting toolkit would be LimeSDR mini and a Raspberry Pi 4. Total cost of this is below 300$ (assuming that you already have a mobile phone…)!

If you want to play with more advanced features like Carrier Aggregation, achieve top speed and connect hundreds of IoT devices,  you would need to spend around 10k$ for Ettus x310 and some decent X86 server for compute. As a software stack I can recommend Ubuntu + srsRAN 

Lime SDRRaspberryPi

Enterprise use-cases for private mobile networks

Many companies need secure, fast and automated networks for their data and voice use-cases, which are able to cover large areas, be reliable inside buildings or an underground tunnel.

Private LTE and 5G networks meet this need, and if they are based on open technologies also provide great price performance. They are implemented across many industries:

  • Campuses – university, hospital or a big office. All of them have huge numbers of people and devices requiring connectivity. Private mobile networks provide cost efficiency and great learning opportunities for universities.
  • Oil & gas – these are harsh environments, full of industrial IoT, operating underground and requiring reliability and security provided by LTE and 5G. 
  • Public sector – smart cities, museums, stadiums or public transportation.
  • Military – private 5G networks are key in modern, connected military operations. Situational awareness from sensors and drones is a force multiplier. However, it requires performance and security that only the latest mobile technology can deliver.
  • Manufacturing – Mercedes Benz and Bosch already track production lines and optimize their manufacturing processes using private 5G networks and MEC. Decisions must be made fast, and on the spot. Sending data to the public cloud is too slow and local micro clouds show much better results in such use cases.

How to build an enterprise grade private mobile network 

Basic schematics of a private LTE or 5G network would look like this:

  • User equipment – this is anything from a mobile phone, to IoT devices, drones or self driving vehicles.
  • Radio Access Network – this is a part containing the base station, antennas and L1/L2 processing.  
  • Evolved packet core – a framework for providing converged voice and data on LTE
  • Micro cloud – a new class of infrastructure for on-demand computing at the edge

A working open source implementation of such a network would be:

  • OpenRAN for disaggregated, and open radio access network, running RIC, RU, CU and DU on Ubuntu operating system
  • Magma core providing state of the art EPC, with Federation Gateway and Access Gateway (since 1.15 migrated to Ubuntu)
  • Charmed Kubernetes to provide container infrastructure for RAN and EPC
  • Charmed OpenStack, providing easy to operate, telco grade private cloud
  • Combination of MAAS, LXD and MicroK8s which build state of the art micro cloud allowing you to run your edge applications as VMs, containers, bare metal and providing all EPA features like DPDK, SR-IOV or NVIDIA GPU acceleration

Where can I find more information on private LTE/5G networks?

Join the OpenRAN and Magma communities

Join discussions and ask questions on discourse

Reach out to me directly on twitter 

Building an Open and Private LTE Network

A couple of years ago I wrote a blog about building your own LTE network while I was working at CableLabs. At the time, I was focused on building a lab grade network for doing research. It didn’t have requirements for availability, scalability, or need any fancy features. Using all open source software for such a network made sense and fit the maturity of the open source options at the time.

As I reprise that post 3 years later, a lot has changed. Private networks, no matter who you ask (see: here, here, or here) have transitioned from lab toys to a multi-billion dollar industry. Open source too has left the lab and solutions from the likes of RedHat, OpenStack, O-RAN Alliance, and the Telecom Infra Project are a growing presence in operators networks globally. As the footprint of open source grows, and network operators see the benefits of deploying open source, the industry is responding by developing open source solutions moving up the stack. Now with the introduction of the Magma project, open source is moving into complex network functions like the core of the 4G and 5G mobile network.

Dumping gas on the open and private network fire, the FCC has made available commercially deployable CBRS spectrum that we see taking off in the recent auction and as Spectrum Access Systems (SASs) go live. With it’s 3 tier access, CBRS means anyone can get a meaningful chunk of airwaves with 25 times (or more) the power of most Wi-Fi networks to deliver high quality wireless services.

In light of these changes, in this version of the build your own network how-to, I will move our target from a lab network to a commercial grade LTE network deployment. Let’s get started.

The Ingredients

There are 6 key components to an open and private LTE network:

The marketplace for these components has changed significantly in the last few years. Today an individual or small enterprise has the ability to get a hold of commercial grade LTE components at achievable price points. That’s new, so let’s look closer.

The Core

Perhaps the biggest shift has come recently with the Magma Core project. Previously your only option for a commercial grade LTE core was to go to a traditional mobile vendor and pay healthily. But now, you can deploy your own instance of an open source multi-access core network from the Magma Core project. Magma provides unified core functions for 4G LTE, 5G SA, and Enterprise Wi-Fi networks, built as a set of cloud native microservices. FreedomFi has taken the Magma project and developed a curated and hardened version we sell for as little as $300 for a single Gateway network (good for up to about 5 radios). But it’s open source, if you don’t mind a little elbow grease, you can buy your own hardware/AWS machines and create your own Magma core by going here and pulling the latest release.


Next you need a radio to plug into your new core. Until recently LTE radios were tough to come buy if you weren’t a mobile network operator. And even if you could buy one, they were all built for specific licensed spectrum bands you likely weren’t allowed to radiate on. BUT! CBRS is changing all of that by creating a growing market of off the shelf radios, with varying capabilities (indoor, outdoor, low power, high power, multi-sector, multi-carrier, etc) all built for spectrum you can actually use. Vendors like Baicells, Accelleran, Blinq Networks, and Airspan all have CBRS radio portfolios. Better yet, they are available for anyone to order off websites like DoubleRadius, ISPSupplies, and WinnComm. All of these offerings are giant steps ahead of a BYO radio based on a mini-pc and an SDR in terms of power output, performance, and environmental hardening; these are radios you can deploy. For a full list of devices you can hunt down, go to the OnGo certification page and you can see a list of all the FCC approved devices.

At FreedomFi, we’ve had good luck with the Baicells 436Q and the Accelleran E1000 products in our early deployments.

A couple of gotchas to watch out for when ordering an LTE radio:

  1. LTE radios often don’t come with integrated antennas. You’ll need to chose between an omnidirectional (think donut shape coverage) or a sector antenna (more directional, focused energy) when ordering an antenna.
  2. Features vary significantly, so looks closely. In these early days of CBRS, many products are focused at fixed wireless deployments and don’t support the common mobility features you might be expecting (e.g. seamless handover). So read the spec sheets and ask questions to make sure you are getting a radio that does what you need.
  3. Most of these modern small cells are heavily software driven. Because of this, the same HW package can have really different functionality based on the license you purchase with it. Here again your best bet is to read the fine print and ask questions about things like carrier aggregation, split cell modes, number of UEs supported, and number of carriers.
  4. SAS interoperability is another topic to double check. We’ll talk more about this next, but as CBRS and SAS integration is still new, not all radios play nice with all SASs yet, so ask.


The spectrum game changed in 2017 when CBRS left the rule making phase and entered the market. This band is a whole new approach to sharing the valuable airwaves bouncing around the nation. Boris made this point clearly before, so I won’t belabor it. The point here is, to get access to CBRS spectrum you need a commercial relationship with a SAS operator and most likely a Certified Professional Installer (CPI) to perform / approve your installation. As of today you have 5 choices for SAS operators (in alphabetical order) Amdocs, CommScope, Federated Wireless, Google, and Sony.

At FreedomFi we’ve had good initial success testing with Federated Wireless and Google. Depending on what package you select when buying a FreedomFi Gateway, we can also provide you a SAS connection and CPI services. Or for about $600 you can take an online course from Google, Federated Wireless or others and become a CPI yourself.

Once you have your SAS connection, the SAS will periodically make sure your radio power and channel selection aren’t going to cause interference, and configure your radio to ensure it stays that way. In this way, the SASs keep the CBRS spectrum clean and interference free, making your private network more performant.

The one gotcha I can share for SAS configuration is the units. Some power values are in dBm / MHz, others are in dBm / 10 MHz, and others can be in total power, just dBm. If you have configuration issues (e.g. keep getting error code 103 responses from SAS) triple check you haven’t mixed your units.

SIM Cards

I’m gonna be honest, I’ve been programming SIM cards for lab and private networks for 10 years, and they still baffle me. They are so powerful, they can do so much, but configuration and management of SIM cards is a Byzantine affair. To make things more fun, some UEs honor SIM fields strictly, others ignore various settings in favor of values stored in a black box somewhere. But as SIM cards are the literal key to LTE security, you gotta have them.

There are a handful of options on how to get SIM cards: you can talk to ThalesGroup for tier one service, you can go to Alibaba and try your luck, or you can work with SmartJac. At FreedomFi we have always used SmartJac for their quick service and great support. Alternatively many radio providers (e.g. Baicells) will also sell you SIMs along with your radios.

For most basic private network operators, here are the important items you need to worry about, and some suggestions on how to handle them:

  1. Ki — This is the private key for each subscriber. For a lab setup, handy to have all your SIMs match. For any production network, ask your SIM provider to randomize these per card.
  2. OP/OPc — OP is your operator secret key. OPc is a munge of Ki and OP you store in your HSS. You should pick an OP and keep it somewhere real safe. You can then provide OP to your SIM provider and they will calculate OPc using the random Ki they chose and put these in your SIMs.
  3. IMSI — This is the subscriber identity. It is made of your PLMN + a unique number for each subscriber. More on this in the next section.
  4. SPN — This a fun one, the Service Provider Name field in the SIM is what makes your phone say “Bob’s Wireless” of whatever name you choose for your network. Android tends to honor it and display the name, iOS phones less reliably.
  5. PINs — Some SIMs have security PINs to enable/disable them. You can chose how secure you want your SIMs. Keep in mind the subscriber you give the SIM card to has to remember the SIM and plug it into their phone to activate the SIM. So, SIM PINs can also be a source of trouble calls.

One last note on SIMs. They come in many sizes e.g. standard, micro, mini, nano. When you order SIMs, you have to select your size or chose a multi form factor card. In a multi form factor SIM, you can pop out a nano, from a mini, from a micro… etc. They are handy if you don’t know the exact set of devices you plan to support and what their SIM needs are.


Yeah, I know, PL-what? These fun acronyms are the way LTE/5G networks identify themselves to UEs and vice a versa. You can kinda think of PLMN like an SSID for Wi-Fi, though I’m sure many 3GPP people just cringed reading that. To deploy a private network, you need the right to use a PLMN and your SIM cards need configuration to match it.

In the case of CBRS, the CBRS Alliance has developed a shared PLMN, or Shared Home Network Indicator (SHMI) that can be used by many private network operators. There is a registration process and a bunch more detail I’ll get into in a future post. For now, CBRS Alliance has a good page with some specifications at the top to help understand these needed values are and how you get them. Also be sure to watch the linked webinar, it too contains good information.

Some radio vendors also have registered PLMNs that can be used with the purchase of their gear. Baicells for example provides its customers with a PLMN they can use.

Last note on identifiers, unlike SSID in Wi-Fi, they are controlled in the LTE/5G world, so be sure to use something you have the right to use. Broadcasting on someone else’s PLMN is a pretty bad idea.


Last but not least, the User Equipment, or UE in 3GPP nerd speak, is the name for a smartphone, a dumb phone, an ethernet to LTE bridge, a USB 5G dongle, really any LTE/5G client device. There are myriad LTE and now 5G capable devices on the market. And while the air interface for LTE and 5G are well standardized, there is a lot of room in other layers of the stack for device specific behavior when it comes to getting a UE attached to and passing data on your network.

Below are some suggestions that will help you keep from draining hours fighting UE compatibility problems:

  1. In general Android will act differently than Apple products. Even within an OS ecosystem, a Samsung phone will act differently than a Google Pixel. Even the same device, with a SW update may use a different attach call flow and start or stop working with your network. So always test your SIM and your network with the device and SW version you plan to use. It is never safe to assume “it worked with X, so it will work with Y” so always test.
  2. Some UEs are “Locked” to a carrier network. A carrier locked UE will only join that particular carriers PLMN (or set of approved PLMNs). As you shouldn’t be using someone else’s PLMN, that means the phone won’t work on your network. This may even manifest as the phone displaying an error when you put your SIM card in, or saying “no SIM” when you put your SIM in.
  3. All UEs support a finite set of frequency bands. The cheaper the UE, the small the list usually. If the UE doesn’t support the band you are using (e.g. CBRS Band 48) there is nothing SW can do to make it. There is a great website called that you can use to lookup the band support of many many smartphone UEs. For other device types be sure to check the spec sheets. If you can’t explicitly confirm a device supports your band, probably not safe to assume it does.

Let’s Do It!

Ok, there you have it, you are armed with knowledge and links galore. If this blog made you excited to go it alone, great, get after it.

If on the other hand it made you feel like you want someone to handle all the details for you, that’s great too, contact us at At FreedomFi we’re all about building private networks using open source software. We think you should do it too. If your Wi-Fi network isn’t delivering the service you need, the reach you need, the security you need, let us help build you a open and private LTE or 5G network.

Check back here, I’ll be posting more tips and explainers about open private LTE and 5G networks.

Written by Jane