GSM_and_UMTS_CN_overview_WrayCastle.pdf

www.wraycastle.com

Course Code: MB1202 Duration: 2 days Technical Level: 3

GSM and UMTS Core Network

GSM and GPRS courses include:

GSM System Overview

GPRS Engineering for 2G and 3G Systems

GSM Air Interface

GSM-R Engineering Overview

Cell Planning for GSM Networks

2G/3G Indoor Coverage Planning

Introduction to GSM Optimization

Enhanced Data Rates for Global Evolution (EDGE)

GSM AND UMTS CORE NETWORK

Wray Castle Limited

First published 2012

WRAY CASTLE LIMITEDBRIDGE MILLS

STRAMONGATE KENDALLA9 4UB UK

Yours to have and to hold but not to copy

The manual you are reading is protected by copyright law. This means that Wray Castle Limited could take you and your employer to court and claim heavy legal damages.

Apart from fair dealing for the purposes of research or private study, as permitted under the Copyright, Designs and Patents Act 1988, this manual may only be reproduced or transmitted in any form or by any means with the prior

permission in writing of Wray Castle Limited.

All of our paper is sourced from FSC (Forest Stewardship Council) approved suppliers.


ii Wray Castle Limited MB2012/v1.0

GSM AND UMTS CORE NETWORK

CONTENTS

iii Wray Castle LimitedMB2012/v1.0

Section 1 GSM and its Services

Section 2 Domain, Identities and Areas

Section 3 Core Networks and Interconnects

Section 4 GPRS

Section 5 Procedures

Section 6 Introduction to UMTS System Architecture

Section 7 Circuit-Switched Functionality

Section 8 Packet-Switched Functionality

Section 9 Location Services (LCS)


iv Wray Castle Limited MB2012/v1.0


i Wray Castle LimitedMB2012/v1.0

GSM AND ITS SERVICES

SECTION 1

CONTENTS

GSM and its Services


The GSM (Global System for Mobile Communications). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.1

Advantages and Disadvantages of Mobile Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.2

GSM Organizations and Standards Bodies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.3

3GPP Releases and Numbering Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.4

The GSM Family. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5

Operators, Service Providers and Virtual Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.6

Types of Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.7

Bearer Services Circuit Switching and Packet Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.8

Teleservices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.9

Supplementary Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.10

VAS (Value Added Services) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.11

At the end of this section you will be able to:

OBJECTIVES


v Wray Castle LimitedMB2012/v1.0

state how GSM differs from earlier mobile networks

outline the principal advantages of using a digital mobile network

name the organizations responsible for GSM standardization and regulation

outline the provision and formats of the GSM specifications

differentiate between network operators, service providers and virtual operators

state what is meant by bearer services, teleservices, supplementary services and VAS

(Value Added Services)

explain the differences between circuit switching and packet switching

list the teleservices offered by a modern GSM network

give examples of VAS

describe the features of the messaging services used in GSM: SMS (Short Message

Service) and MMS (Multimedia Messaging Service)

explain how MMS differs from SMS in the basic nature of its delivery

discuss the basic features of LCS (Location Services)


vi Wray Castle Limited MB2012/v1.0

MB2012/v1.0 1.1 Wray Castle Limited


The GSM (Global System for Mobile Communications)

GSM is a digital mobile telecommunications system that operates in a cellular network environment. GSM is a second-generation, or 2G, system and is an example of a Public Land Mobile Network (PLMN).

The term 2G differentiates GSM from earlier, analogue systems known as first-generation systems. These were limited in the services they could offer, had poor security arrangements, and incompatibility between networks meant that subscribers could not visit, or roam, into other networks.

Some of the features that differentiate GSM from earlier systems are:

it is digital

the GSM standards allow for interoperability between network operators

it uses ISDN (Integrated Services Digital Network)-based technologies and standards

it offers improved privacy and security

network performance has been enhanced

it is more spectrally efficient

The GSM network is also a sound base upon which to build an even more sophisticated network, which for many network operators provides an evolution route to 3G (third generation) and 4G (fourth generation) services.

The specifications that define GSM networks have evolved over time and new services and functional elements have been added. The original GSM networks supported voice-only services, then support for text and dial-up data services were added and finally support (in the form of GPRS (General Packet Radio Service)) full packet-switched data and Internet services was developed.

Further Reading: 3GPP TS 41.101 provides a full list of GSM-related 3GPP specifications

MB2012/v1.01.2 Wray Castle Limited


Advantages and Disadvantages of Mobile Networks

In a fixed-line network, the user is connected to the network by an installed set of wires. In the mobile environment these wires between the user and the system do not exist in a permanent form they have to be created, using radio, every time the user wants to make or receive a call.

This requirement for a radio link, or air interface, offers many advantages to users, principally mobility: the user is free to move while using the phone.

This means that an increasingly wide range of services is available wherever there is GSM coverage.

Any radio environment is hostile, however, and the GSM air interface is no exception. It is susceptible to problems that face any radio system, such as interference and variations in signal strength. These matters require technical solutions and careful network planning to minimize their effects.

Additionally, while mobility makes cellular networks attractive to subscribers, it creates problems for the networks themselves. As a mobile moves, or roams into other networks, its whereabouts need to be monitored for call routing purposes, and its power needs to be monitored to ensure it is transmitting neither too much nor too little. Far more signalling needs to take place in a mobile network than in the fixed network.

The radio spectrum is a finite resource and its availability is problematic. The shortage of available spectrum increases its cost when auctions are held, and these costs are inevitably met by the end user.

Finally, a huge infrastructure is required to provide good coverage. This includes the base station transmitters and receivers and all their associated equipment, as well as the acquisition of the base station site itself.

Further Reading: 3GPP TS 1.101 provides a full list of GSM-related 3GPP specifications



GSM Organizations and Standards Bodies

The ETSI (European Telecommunications Standards Institute) was founded in 1988. ETSI plays a comprehensive role in developing standards and other technical documentation for telecommunications, IT and broadcasting. ETSI has played a major part in the development of standards for 2G mobile phone systems.

Until 2000, a number of working groups known as SMG (Special Mobile Groups) were responsible for separate aspects of GSM technology, but in July 2000 all GSM work was transferred to the 3GPP (3rd Generation Partnership Project). 3GPP was formed in 1998 to work towards standardization of 3G systems, and consists of standards bodies from around the world.

The GSM MoU (Memorandum of Understanding) was signed in 1987 by 15 signatories representing organizations from 13 countries.

The aim of the MoU is to look after members interests. These include such issues as roaming, billing and accounting procedures, legal issues, and worldwide standardization.

Originally, the MoU only comprised European members. In 1992, the Australian operator Telstra became the first non-European signatory, reflecting the worldwide appeal of GSM.

The MoU was formally registered as an Association in 1995 and is now known as the GSMA (GSM Association). It has several hundred members from many countries including licensed network operators and regulatory bodies.

Further Reading: 3GPP www.3gpp.org, GSMA www.gsmworld.com



3GPP Releases and Numbering Schemes

The table shows the 3G and GSM releases. The term Release 2000 was temporary and most of its constituent parts became Release 4, although some became Release 5.

All 3G and GSM specifications have a numbering scheme comprising four or five digits, the first two digits of which define the series. In the former case using four digits the second two digits are used for the 01 to 13 series, while in the latter example, using five digits, the three further digits are for the 21 to 55 series.

Further Reading: 3GPP www.3gpp.org



The GSM Family

GSM was the founding technology in what has become known as the GSM Family of cellular technologies.

The original 2G incarnation of GSM only supported circuit-switched services, but was enhanced to support packet-switched services by the addition of GPRS network elements; the combination of GSM and GPRS was classed as 2.5G.

A 2.75G enhancement known as EDGE (Enhanced Data rates for Global Evolution) allowed GPRS services to run at higher speeds.

The final upgrade of the original GSM/GPRS standards is provided by EDGE Evolution.

In tandem with the later developments of GSM and EDGE, 3GPP also provided the blueprints for 3G UMTS (Universal Mobile Telecommunications System) services.

UMTS underwent the first in a series of enhancements that would eventually be termed HSPA (High Speed Packet Access).

HSPA and its later 3.5G enhancement, to HSPA+, have continued to develop.

3GPPs 4G technology offering is known as LTE (Long Term Evolution).

Between them, the users of the various technologies that make up the GSM Family account for most cellular subscriptions active in the world today, and the widespread acceptance and adoption of 3G UMTS/HSPA and 4G LTE should ensure that that remains the case in the future.

Further Reading: 3GPP www.3gpp.org



Operators, Service Providers and Virtual Operators

The operator is responsible for building and maintaining the network. A user can subscribe to an individual network either directly or via a service provider.

The service provider buys air time from the operator and then sells this air time to the users. Once subscribed to a network via a service provider, the user can make and receive calls. The bills for that subscription come from the service provider, not the operator. In some countries, like the UK, service providers were initially a popular idea with several different providers competing to resell airtime for each physical network. Over time, however, the service provider model has declined in popularity and most operators now manage the contract relationship with their customers directly.

A virtual operator, also known as an MVNO (Mobile Virtual Network Operator), like a service provider, does not own their own infrastructure but utilizes the infrastructure of existing network operators, thereby giving the illusion of having their own network. The MVNO pays the network operator for use of their infrastructure.

MVNOs have a choice as to how deeply involved they get in the management of the relationship with their subscribers. Some opt to simply rebrand the standard service offered by a physical network operator and all subscriber management and billing services continue to be operated by the network. In these cases, the bill for air time will be produced by the operator and passed to the virtual operator, who forwards it to the user. (Note, the network operator will take a percentage of the cost of a call). Other MVNOs choose to build their own administrative architecture (e.g. HLR (Home Locator Register) subscriber management databases and billings systems) and simply buy airtime from a physical operator.

The MVNO model has spread to most GSM markets, with some major media and communications companies such as Virgin Media in the UK and Disney in the USA offering services, and is seen by many as a simple and relatively cheap way of extending their brand into the cellular market.



Types of Services

All telecommunication networks offer services to their users. In GSM these services can be grouped into three main areas: bearer services, teleservices and supplementary services.

Bearer services are the means by which the user information, or traffic, is transferred from source to destination. The bearer is analogous to a pipe through which the information passes.

A teleservice defines what the network allows the user to do with the bearer service: it provides end-to-end communication using the networks bearer service. This provides the full capability for communication between users. To summarize, the teleservice is the information that is carried by the bearer service.

Supplementary services complement or enhance the basic services. They are not offered to the subscriber as standalone services, but only as supplements to existing teleservices.

Further Reading: 3GPP TS 22.003



Bearer Services Circuit Switching and Packet Switching

The type of traffic that a bearer carries may be speech, data, fax, or SMS (Short Message Service). Data rates may vary considerably according to the technologies used. Two switching techniques are employed within most modern GSM networks: circuit switching and packet switching.

In a circuit-switched connection (as offered by GSM), the circuit between users remains intact for the duration of a call. No one else is able to use this circuit while the connection is maintained. This is true whether or not data is being transmitted.

With a packet-switched connection (as offered by GPRS), data is broken down into packets of data at one end of the circuit and reassembled at the other. Each packet is individually addressed and individually transits the network, so it is possible to have packets from different users utilizing the same links. In other words, while packets from one user are being transmitted, the circuit is still available to other users, and resources are not being utilized when there is no data being transmitted.

Further Reading: 3GPP TS 22.002 (GSM Circuit Switched services), 22.060 (GPRS Packet Switched services)



Teleservices

A teleservice is a service to which a user subscribes, and which the network carries across its bearers.

GSM offers a range of teleservices. These are grouped into categories, as follows:

speech transmission

SMS

facsimile transmission

VGS (Voice Group Service)

Speech transmission includes telephony and emergency calls. Transmissions are in the form of digitized speech and audio tones used for signalling.

SMS includes point-to-point, which provides for the transmission of short messages from a service centre to the mobile. It also includes the CBS (Cell Broadcast Service), which is used for the transmission of a short message from a service centre to all users in the area of the base station.

Facsimile transmission facilitates alternate speech and fax, or automatic fax. Both support the use of ITU-T Group 3 fax, with automatic fax supporting the autocalling and answering mode only.

VGS provides for group calls or a broadcast service. Group calls allow for transmissions to predefined groups of users; the broadcast service transmits to all users in a specific area. This service is a Release 4 enhancement.




Supplementary Services

While the most basic teleservices may include services such as speech, fax and data, the network may want to make its overall service appear more attractive to subscribers. Supplementary services, then, are an enhancement to basic teleservices.

Common supplementary services include:

barring of outgoing calls

barring of incoming calls

calling line ID

call divert

call forwarding

These and other services are achieved with a software platform within the network. It is usual for the networks to offer a wide range of additional services.




VAS (Value Added Services)

VAS (Value Added Services) are additional to basic telecommunication services. Some network operators may refer to a service as being value-added, and so charge for it, while others will regard the same service as a supplementary service and not charge.

VASs offered will differ from network to network and country to country, but typical services will fall into the following categories:

call answering service

call management service

enhanced communication service

restricted call service

information services

Examples of a call answering service are GSM callback and voicemail. In the callback service a fixed-line telephone is barred from calling a mobile. The fixed-line user may dial a predefined number to access the system, followed by their own fixed-line number for the mobile to call back. Voicemail enables the user to receive voice messages. A short message is normally sent to the mobile indicating the caller, date and time of the message along with the number to dial to retrieve the message.

Examples of a call management service are CLIP (Calling Line Identification Presentation), where the callers number is displayed along with their name (if already held by the mobile), and call waiting and holding, where the user is alerted to a second call when they are already using the service. Users may then either hold the present call and answer, or switch between the two.

An Enhanced Communication Service may be a speech/data SMS service whereby the caller dials the service number and leaves a spoken message, the message being delivered by SMS. Information services may include lottery results, horoscopes, and travel or restaurant guides.

Although SMS is technically a teleservice its phenomenal popularity and incredible profitability has lead to it being regarded by operators as a Value Added Service. SMS-based competitions, TV and radio audience participation and voting and other lucrative schemes have added to most operators VAS portfolios. LCS (Location-based Services) are also adding depth and most operators VAS range, with Satellite Navigation, travel services and where is my nearest services being launched based on the ability to determine where each subscribers handset is currently located.



i Wray Castle LimitedMB2012/v1.0

DOMAINS, IDENTITIES AND AREAS

SECTION 2

CONTENTS

Domains, Identities and Areas


GSM Network Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.1

GSM/GPRS Identities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.2

GSM Cells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.4

MSC/GSN Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.5

LA (Location Area) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.6

RA (Routing Area). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.7

The MS (Mobile Station). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.8

The SIM (Subscriber Identity Module) Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.9

SIM Types and Generations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.10


OBJECTIVES


v Wray Castle LimitedMB2012/v1.0

outline the general configuration of GSM network elements and interfaces

describe the MS (Mobile Station) and state the GPRS mobile classes

state the functions performed by the SIM (Subscriber Identity Module)

list the identities used within GSM and GPRS

describe the role of the BSS (Base Station System) and its constituent parts

describe the role of the NSS (Network Switching System) and its constituent parts including

the network databases

state the overall functions of the operations and maintenance elements

name and state the functions of the GPRS network elements

list the architectural elements required to facilitate messaging services, broadcast services

and group call services and state their basic functions

name the CAMEL entities and describe their functions


vi Wray Castle Limited MB2012/v1.0



GSM Network Overview

The GSM network can be considered as comprising a number of distinct areas:

MS (Mobile Station)

RAN (Radio Access Network)

NSS (Network Switching System)

An operator's radio access network consists of a set of BSS (Base Station Systems). The main role of the RAN is to provide the MS with traffic and signalling connectivity to CS (Circuit-Switched) and PS (Packet-Switched) domains.

The NSS consists of the CS and PS domains.

The CS domain connects to other PLMNs for circuit-switched services such as speech, and to the PSTN (Public Switched Telephone Network) and the ISDN. The PS domain connects to IP (Internet Protocol) networks such as the Internet and intranets, the packet-switched elements of other PLMNs, and VAS providers.



GSM/GPRS Identities

There are a number of identities associated with the subscriber and their terminal. These are described below.

A users Mobile Subscriber ISDN Number (MSISDN) is, in effect, their telephone number. It consists of the Country Code (CC), relating to the country in which the MS is registered; the national mobile number, detailing the National Destination Code (NDC), identifying the PLMN; and the Subscriber Number (SN). Every subscriber to a GSM network will be identified uniquely by this number.

The MSISDN is a maximum of 15 digits long.

Each subscriber is allocated a unique International Mobile Subscriber Identity (IMSI), which is held on the SIM card. All subscriber-related information is associated with the IMSI in the network databases; without it, the MS cannot operate.

The IMSI cannot exceed 15 digits. It comprises the Mobile Country Code (MCC) (3 digits), the Mobile Network Code (MNC) (23 digits) and the Mobile Station Identification Number (MSIN) (remaining digits).

The MCC details the subscribers country of residence; the MNC details their home PLMN; and the MSIN identifies the subscriber within that PLMN.

To ensure that the subscribers identity remains secure, the IMSI may only be transmitted across the air interface in exceptional circumstances. Instead, a secure Temporary Mobile Subscriber Identity (TMSI) is allocated, which subsequently is used for identification.

The Packet TMSI (P-TMSI) performs the same function as the TMSI, and has the same characteristics, but is used in packet-switched operation.

Further Reading: 3GPP TS 23.008:2.1



GSM/GPRS Identities (continued)

The structure of the MSRN (Mobile Station Roaming Number) is the same as MSISDN, namely:

MSRN = CC + NDC + SN

Here, the SN does not identify a subscriber. Instead, it is used to address a MSC/VLR (Mobile-services Switching Centre/Visitor Location Register) in the network.

The IMEI (International Mobile Equipment Identity) number is fixed to the ME (Mobile Equipment) and is also known to the Equipment Identity Register (EIR).

The structure of the IMEI is as follows:

IMEI = TAC + SNR + S/W Ver

where:

TAC = Type Approval Code (up to 6 digits)SNR = Serial Number (of up to 6 digits)S/W Ver = Software Version Number (2 digits)

Further Reading: 3GPP TS 23.008:2.1



GSM Cells

The basic architectural component of a GSM cellular network is the cell.

A cell can be defined as the area provided with transmit and receive coverage by a base station and can be configured in a number of ways.

The simplest form of cell is one that provides omnidirectional coverage, meaning that its antenna transmits its signal in all directions and allows one antenna to serve the entire 360 area surrounding a site. Omnidirectional cells are simple to construct but can offer limited capacity and controllability, especially when used in crowded urban environments.

Most sites in most GSM networks are configured to provide sectorized coverage using directional antennas. Traditional sector antennas project their transmitted signal across an arc of around 120, meaning that three such antennas could, between them, provide coverage to the 360 area surrounding a site. Although the common terminology for each of these coverage areas is a sector, each is in fact a separate GSM cell in its own right; so a three-sectored site would in reality support three separate cells.

Three-sectored sites have been favoured by many network operators in the past, but in recent years many sites have been upgraded to support more advanced configurations. Six-sector sites (using antennas that provide a beamwidth across 60) can offer higher capacity than more traditional three-sector sites and are often deployed in dense urban areas or other locations (such as airports or shopping centres) that have large concentrations of potential users.

Each GSM cell has a unique identity known as the CGI (Cell Global Identity). This is made from the LAI (Location Area Identity) plus an additional 16 bits to code the CI (Cell Identity). The structure is as follows:

CGI = MCC + MNC + LAC (Location Area Code) + CI

It is therefore possible to define up to approximately 65,000 cells per location area! The CGI is used to manage handovers between cells belonging to different BSCs (Base Station Controller), and is also captured in the billing record to allow the network to determine which cell site handled each call.




MSC/GSN Areas

There are a number of discrete areas defined within GSM/GPRS which lead to a logical procedure for locating mobiles.

The network area is the entire geographical area covered by one network. This area is further split into MSC areas for GSM operation, and SGSN (Serving GPRS Support Node) areas for GPRS operation. The diagram illustrates this, with an MSC area being equal to an SGSN area. One SGSN area may serve multiple MSC areas.

The growing trend amongst network operators to deploy MSCs and SGSNs in resilient pools has led to the phasing-out of the type of clearly-defined MSC Region as depicted in the diagram; this has been replaced by the concept of the Pool area, in which cells belonging to set of former MSC regions are all controlled by a group or pool of MSCs. This architecture aids network resilience in the sense that if one MSC fails others are available to take over their functions.




LA (Location Area)

This is the smallest area in the network that will keep track of the GSM mobile. The size of the LA depends on a number of factors such as the type of area it covers, and whether it is urban or rural.

Within the location area there will be a number of cells. These areas are the smallest logical area within the network. However, the mobiles are not tracked on a cell basis. When a mobile is to be paged for GSM this will occur across the entire location area; maybe tens of cells will all broadcast the same message.

For location purposes a GSM PLMN is divided into a number of location areas, each comprising a number of cells. The location areas and cells are identified by a LAI and a CGI, respectively.

LAI = MCC + MNC + LAC

where:

MCC = Mobile Country Code MNC = Mobile Network Code LAC = Location Area Code




RA (Routing Area)

GPRS uses a smaller area to locate the mobile: the Routing Area (RA). The RA consists of one or more cells, being a possible subset of one (and only one) LA (Location Area). In other words, an RA cannot span more than one LA. Its size is network dependent.

Each RA is identified by a RAI (Routing Area Identity).

The RAI is broadcast as system information and is used by the MS to determine, when changing cells, if an RA border has been crossed. If this is the case, the MS initiates an RA update.

If the MS is staying within the area covered by the same SGSN, then an intra-RA update is required. If it is changing SGSNs, then an inter-SGSN RA update is performed.

RAI = MCC + MNC + LAC + RAC

where RAC is the Routing Area Code.




The MS (Mobile Station)

The GSM mobile phone, known as the MS, consists of two elements, each with its own functionality. These are the ME, which incorporates hardware and software functions to allow it to operate over the air interface, and the SIM (Subscriber Identity Module) card. Neither on its own offers the user much in the way of a useful phone system, but bring them together and they operate as one to provide a basic telephone service, with supplementary services and, in the case of some phones, features such as a digital camera and colour display.

From Release 99 onwards the MS became known as the UE (User Equipment). It is still common to refer to a GSM-only device as an MS; the term UE is commonly employed to describe devices that can also access 3G or 4G services.




The SIM (Subscriber Identity Module) Card

The SIM performs vital tasks in providing the user with access to the network. Possibly the most important is authentication, the process of validating the subscriber and, if necessary, the MS prior to use of the network. Authentication is done by means of what is known as a cryptographic challenge response mechanism. For security reasons, this procedure is carried out entirely on the SIM card.

Other tasks performed by the SIM mainly involve assisting the ME in its operation. For example, it stores network parameters that the equipment refers to during the initial cell selection process when the mobile is turned on.

The SIM card is removable and stores such details as:

phone book

IMSI

TMSI

Kc (Cipher Key) (circuit-switched mode)

KcGPRS (Cipher Key GPRS) (packed-switched mode)

Ki (Authentication Key)

LAI

list of carriers for cell selection

Packet TMSI (P-TMSI)

PLMNs

services available, e.g. GPRS

Further Reading: 3GPP TS 51.xxx series



SIM Types and Generations

As with most other aspects of GSM, the design and scope of the SIM has developed over time.

The original SIMs, now known as a full-sized SIMs, were the size of a credit card (85.60 x 53.98 x 0.76 mm), which was almost the same size as the phones that held them. Most handset vendors and networks switched to the smaller and much more familiar (25.00 x 15.00 x 0.76mm) mini-SIM design in the mid-1990s, which allowed handset sizes to shrink in line with the SIM.

A third form-factor SIM design, known as the micro-SIM, was developed in the 1990s, but has only recently begun to be adopted by device vendors as the size of mobile devices shrinks even further. Micro-SIMs are much smaller than previous generations (15.00 x 12.00 x 0.76mm) and are roughly the same size as the smart-card chip that they hold.

Different generations of cellular network or network service have also required different types of SIM to be developed.

The original SIM and the database storage that it contained was developed to support the needs of GSM devices; the augmented requirements of 3G UMTS networks called for the development of the USIM (Universal SIM), which contains additional data structures relevant to 3G services. Networks that wish to support 4G LTE and other IP-based services may be required to distribute ISIM (IMS SIM) cards to users to allow the additional security and service requirements of those networks to be accessed.

Further Reading: 3GPP TS 51.xxx series


3.i Wray Castle LimitedMB2012/v1.0

CORE NETWORKS AND INTERCONNECTS

SECTION 3


3.ii Wray Castle Limited MB2012/v1.0

CONTENTS

Core Networks and Interconnects

3.iii Wray Castle LimitedMB2012/v1.0

Pre-Release 4 Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.1

MSC (Mobile-services Switching Centre) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.2

Release 4 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.3

Release 4 Network Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.4

GSM Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.5

OMC (Operations and Maintenance Centre) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.7

NMC (Network Management Centre) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.8

SMS Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.9

CBC (Cell Broadcast Centre) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.10

CAMEL Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.11

International Roaming Enablers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.12


3.iv Wray Castle Limited MB2012/v1.0


OBJECTIVES


3.v Wray Castle LimitedMB2012/v1.0

outline the general configuration of GSM core network elements and interfaces

describe the role of the NSS (Network Switching System) and its constituent parts including

the network databases

identify the architectural differences between pre- and post- Release 4 core networks

state the overall functions of the operations and maintenance elements

list the architectural elements required to facilitate messaging services, broadcast services

and group call services and state their basic functions

name the CAMEL entities and describe their functions

outline some of the options that exist to provide transport solutions for GSM core networks

describe the architectural and procedural elements that enable international roaming to

operate


3.vi Wray Castle Limited MB2012/v1.0



Pre-Release 4 Architecture

The original model for the GSM NSS was based on a standard ISDN architecture.

The main NSS network are:

MSC the switch that lies at the heart of GSMs circuit-switched services

GMSC (Gateway MSC) an MSC that acts as the interconnection point between GSM and external networks

HLR the main subscriber database for a PLMN

VLR co-located with each MSC and stores a subset of HLR records for the subscribers being served by that MSC

EIR stores details of registered handsets

AuC (Authentication Centre) secure part of HLR that stores subscriber authentication data

The interfaces between NSS elements employ 2 Mbit/s transmission and SS7 (Signalling System No 7) based control interfaces.

A between BSC and MSC. Carries user traffic and SS7-based BSSAP (Base Station Subsystem Application Part) signalling

B MSCVLR. As these devices are generally combined into one unit this is usually an internal interface

C MSCHLR. Carries location and routing information using MAP (Mobile Application Part) signalling

D HLRVLR. Carries subscriber profile, location update and authentication data using MAP signalling

E between MSCs. Carries user traffic and SS7-based MAP signalling

F MSCEIR. Carries handset identities and queries using MAP

H HLRAuC. Carries authentication data using MAP




MSC (Mobile-services Switching Centre)

Where the BSC is connected to several BTSs on one side, it is connected to the NSS on the other. Its connection point with the NSS is the MSC.

Between the BSC and the MSC, a TRAU (Transcoder and Rate Adaptation Unit) is used for converting GSM-encoded data into a suitable format for onward transmission, and vice versa.

The MSCs main function is switching: connecting mobile subscribers to other subscribers, fixed or mobile. Physically the switches may be no different to those of a digital telephone network system capable of switching many thousands of circuits.

The MSC may have a large number of BSCs connected to it. There is, therefore, the potential for a very large number of subscribers to be within the MSCs service area. A typical MSC will be able to cope with an area containing approximately 250,000 to 300,000 people. This could be a medium size city (of which not all will be subscribers).

To successfully manage this potentially large number of subscribers the MSC must interface with a number of other devices, primarily the databases and other switching centres.

So that GSM can support calls external to the home network it is important that there is some functionality within at least one of the switches that supports this. The GSM recommendations indicate that at least one of the switches must have this function.

In reality, depending on the network size and configuration, all of the MSCs will have external connections. They are termed GMSC.

Further Reading: 23.003



Release 4 Architecture

3GPP R4 (Release 4) specifications introduced a radical reorganization of the GSM circuit-switched core network, partly as a means of enabling the evolution of networks towards All-IP architectures.

The main innovation in R4 was the separation of the functions of the MSC into two new elements: the MSC Server and the MGW (Media Gateway). Another key feature was the ability to replace legacy PCM-based 2 Mbit/s links between core network elements with more modern backbone switching and transmission systems based on fast technologies such as ATM (Asynchronous Transfer Mode) and IP.

New interfaces were defined to take advantage of the evolved core transport network, with the legacy E interface being replaced by a set of interfaces that reflected the separated nature of the MSC Server and Media Gateway. The Nb interfaces carries user plane traffic between MGWs; the Mc interfaces carries instructions between MSC Servers and the MGWs they control, and the Nc interface carries signalling messages between MSC Servers.

BSSs that have been upgraded to GERAN (GSM EDGE Radio Access Network) capabilities can connect to the CS core network via a traditional A interface or via an upgraded 3G Iu interface. In both of these scenarios user plane traffic from the A/Iu interface is delivered to an MGW, while control plane traffic travels to an MSC Server. In many architectures A/Iu control traffic is tunnelled from the MGW to its controlling MSC Server over the same interface that carries Mc traffic.

Other core network elements such as the EIR and HLR/AuC remain as before, although most vendors introduced upgrades to allow legacy devices to communicate via the evolved backbone networks.




Release 4 Network Elements

The MSC Server (known variously as an MSC-S or MSS in vendor/operator architectures) inherited the signalling and call control functions from the legacy MSC. It handles subscriber management and call management and is responsible for the VLR functions.

The MGW (or MGw depending on the vendor) is an example of a device known as a softswitch, so called because it manages the switching and connection of call flows in a more flexible, software-based manner than was employed in legacy switches.

A legacy PCM-based MSC consisted of bespoke hardware elements (known as time-space-time switches) that handled the cross-connection of call traffic between timeslots belonging to inbound and outbound 2 Mbit/s links. A softswitch, as the name suggests, performs a similar interconnection function but manages it in software running on generic processor cards. This means that the hardware employed is less expensive than bespoke switching equipment and also that the service functionality of the switch can be altered with a simple software upgrade rather than a hardware change.

The main benefits of a move to R4 softswitching are economy of scale and increased flexibility. One MSC server is able to manage multiple MGWs and connects to them via the Mc interface, which can be physical (e.g. the MSC Server is directly connected to the MGW via cable) or logical, meaning that the interface takes the form of a connection across an ATM or IP network. Control messages are sent using the H.248 MGCP (Media Gateway Control Protocol, which was originally known as MeGaCo and is also known in some implementations as GCP).

A typical MGW is able to handle much greater traffic throughput levels than a legacy MSC could and occupies far less space at an operators switch site. The MGW is also able to perform the transcoding functions of the TRAU, meaning that less equipment is required in the access network.




GSM Databases

Within the GSM network there are four main databases: HLR, VLR, AuC and Equipment Identity Register EIR.

The HLR is the main network database. There is (logically) only one of these in any network. The information stored relates to all of the subscribers registered with that network. The presence of the information is independent of the location of the subscribers.

The type of information stored includes the MSISDN(s), IMSI, current location (MSC address), subscription levels (relating to roaming authority and supplementary services) and security parameters.

The VLR holds similar information to the HLR. However, the VLR is diverse; there is one associated with each MSC. The information contained in the VLR is temporary and relates to all subscribers in the MSC area only. When a subscriber moves out of an MSC area the database entry will be deleted. The VLR will also contain details of subscribers roaming in its network.

Additionally, the VLR will contain the security parameters, MSRN and TMSI.

The VLR plays an important part in the signalling to the mobile during the early stages of the set-up including authentication, enabling ciphering and initial service requests.




GSM Databases (continued)

The AuC stores Ki and IMSIs on its database. The AuC also contains a random number generator and two algorithms. Together they are responsible for generating the security parameters known as a triplet. These triplets are stored in the HLR and VLR for each subscriber.

The EIR records and monitors the IMEI. The rationale behind the EIR is to discourage the theft of GSM equipment. The EIR comprises three lists: Black, White, and Grey.

An ME that is on the Black List may have been stolen, or it may be faulty to the extent that it is causing problems within the network. Any equipment on the Black List will not therefore be given access to the network.

MEs on the Grey List may have some minor fault (such as not giving correct responses during signal sequences) or may be old equipment that will not respond to new services offered by the network. The Grey List could be used to generate a letter to the equipment user explaining the problems.

The White List contains all mobiles that are functioning correctly and cause no problem to network operation.

For this anti-theft concept to work on a global basis, a Global EIR would be required.




OMC (Operations and Maintenance Centre)

An essential element of any telecommunication network is the ability to manage the machines that constitute the network. In GSM, network management comprises a two-tier hierarchy consisting of OMCs (Operations and Maintenance Centres), which are regional centres, and a single NMC (Network Management Centre).

The OMC is a computer with an associated database, which connects to the BSS it is managing. It provides network controllers with a graphical interface through which the network can be managed. As OMC devices tend to be highly proprietary, the network contains elements for radio management (OMC-R) and switch management (OMC-S).

The functions performed by the OMC can be divided into the following categories.

Fault management can be considered as the complete process of detecting a fault and tracing all activities through to clearing the fault. A fault reported by a customer may trigger an alarm.

Event Management collates events occurring within the network. An event may be a switch between a primary unit and a standby unit. Event management logs all such events.

Configuration Management allows the hardware and software network configuration to be changed. Network elements may be configured via either remote access from the NMC or the ManMachine Interfaces (MMI) associated with the relevant network element.

Performance Management collates statistics relating to network performance so that resources can be allocated to appropriate locations, for example to alleviate congestion at particular points. Performance management may also be used to detect sleeping elements. For example, a BTS may have stopped processing calls but may not have reported an alarm to say why. The performance management application is able to detect this since the call rate will have dropped to zero, i.e. far below expected performance parameters.

Security management controls data to and from the OMC and checks data validity. Operator access to the OMC, the network elements it supports and also OMC functional areas may be controlled. For example, operators may be granted Read Only access, or they may granted Read/Write access.

Further Reading: 32.101, 32.102



NMC (Network Management Centre)

OMCs provide a regional view of the network elements and their performance. The NMC allows the entire network to be managed from a central point. While the NMC may not necessarily be concerned with an individual alarm from a radio, for example, it will have a top-level view that will allow for long-term planning.

The NMC will be connected to OMCs and other network elements.

Further Reading: 32.101, 32.102



SMS Architecture

All SMS messages, whether MO (Mobile-Originated) or MT (Mobile-Terminated), must pass through a SMSC (Short Message Service Centre). Short Message Service Centre This has the effect of splitting the delivery of the message into two point-to-point procedures.

GSM does not specify the functionality of the SMSC or the transport protocols that connect it to the GSM network. It simply identifies the information elements that must be passed between the mobile station and the SMSC.

An SMS gateway function is used to connect the SMSC to the network. For MT messages, this gateway is similar in function to a GMSC; for MO messages, the gateway provides the interworking between GSM and the SMSC, which is still essentially a gateway process.

It is important to note that only one SMSC is involved in receiving and forwarding short messages to the final recipient. This SMSC will reside in the senders network. This is in contrast to MMS (Multimedia Messaging Service), in which more than one service centre is involved, one residing in the senders network and another in the receivers network.




CBC (Cell Broadcast Centre)

CBS messages are collected from cell broadcast entities (network operator or outside organization) and passed to a central CBC (Cell Broadcast Centre). The CBC tables the messages and then passes them on for transmission from the appropriate BTS (Base Transceiver Station); alternatively the messages may be loaded manually at the BSS. Messages will then be transmitted cyclically by the BTS for a duration specified by the information provider.

A CBS message can be up to 93 characters long. However, it is possible to join up to 15 of these messages together to form a macro-message. Each page of such a message will have the same message identifier and serial number, enabling the mobile to associate them. The repetition and information updating rate will depend on information type. For example, traffic news may change more quickly than weather news.




CAMEL Architecture

CAMEL (Customized Applications for Mobile Network Enhance Logic) provides the mechanisms to support services, independent of the serving network.

CAMEL facilitates service control of operator-specific services external from the serving PLMN. It is a tool to help the network operator to provide subscribers with such services even when they are roaming outside the HPLMN (Home PLMN).

Because IN architecture is used in the fixed as well as the mobile network, the gsm prefix is used to differentiate between IN fixed and IN mobile network elements.

The GSM Service Control Function (gsmSCF) is a functional entity that contains the CAMEL service logic to implement operator-specific services. In other words, that is where the service is executed from. It interfaces with the gsmSSF (GSM Service Switching Function), the gsmSRF (GSM Specialized Resource Function) and the HLR.

The gsmSSF is a functional entity that interfaces the MSC/GMSC to the gsmSCF. Triggers within the MSC and gsmSSF can be set based on information defined in the users subscription sent from the HLR to the VLR. These triggers dictate when the gsmSSF will communicate with the gsmSCF.

The gprsSSF (GPRS Service Switching Function) is a functional entity that interfaces with the gsmSCF to allow interaction between CAMEL and GPRS. The gprsSSF resides at the SGSN.

The gsmSRF is a functional entity that provides various specialized resources like voice interaction, the playing of announcements, and decoding DTMF (Dual Tone Multi Frequency) digits. It interfaces with the gsmSCF and with the MSC.

The concept of the gsmSSF and gprsSSF is derived from the IN (Intelligent Network) SSF (Service Switching Function), but uses different triggering mechanisms because of the nature of the mobile network.




International Roaming Enablers

One of the driving forces behind the development of the original GSM specifications was the perceived need to provide pan-European roaming services to mobile users. In all but a few cases, first-generation cellular networks did not allow subscribers of one network to use their phones whilst they were abroad, which was seen as a limiting factor for the development of the EU.

International roaming in GSM is a fundamental service and is anchored on the functionality of and interaction between the VLRs and HLRs.

When a subscribers MS attaches to the users home network it communicates with the local VLR, which in turn contacts the networks central HLR to gather subscriber details. When that same subscriber attempts to use their mobile phone whilst travelling abroad, the MS and the network follow exactly the same process; the visited VLR contacts the users home HLR to obtain subscription details before allowing the MS to access local services.

The ability to support international roaming is a consequence of three factors: firstly, that all MSCs, VLRs, HLRs and many other GSM core network elements share a common SS7-based addressing scheme which allows any VLR to contact any HLR. In addition to commonly-formatted SS7 SPCs (Signalling Point Codes), GSM core network elements generally also have a set if unique addresses or names, which are tied to their SPC. For example, every HLR has a unique address allocated to it from the E.164 address range consisting of a CC and NDC and a node address allocated from the operators numbering block for that network. An identifier of this kind can be resolved into a specific SPC using the SCCP (Signalling Connection Control Part) facilities of SS7.

The second factor is the use of the SIM card and especially of the IMSI that it carries; each IMSI starts with the MCC/MNC of the users home network, allowing a visited network to determine which HLR to contact with its subscriber query.

The third factor supporting International Roaming is the GSM Association and the set of bilateral roaming agreements established between network operators around the world. Roaming subscribers are only permitted to access the services of foreign networks with which their home operator has a roaming agreement.

Further Reading: www.gsmworld.com



GPRS

SECTION 4

CONTENTS

GPRS


Introduction to GPRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.1

GPRS Logical Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.2

The GPRS Mobile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.3

GPRS Network Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.4

GPRS Network Element Basic Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.5

GPRS Network Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.6

GPRS Resource Allocation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.7

EGPRS Resource Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.8

GPRS Roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.9


OBJECTIVES

GPRS


describe the basic functionality of the GPRS upgrade of GSM

identify how the GSM air interface can be shared with GPRS services

outline the set of logical channels defined for use by GPRS

identify the key component elements of the GPRS access and core networks

describe the functionality of the various GPRS Mobile Station classes

outline the role played by the IP Backbone network in supporting GPRS functionality

discuss the role of the PDP Context

describe how international roaming is supported for GPRS subscribers

identify the range of Quality of Service parameters employed to describe GPRS services


GPRS

Introduction to GPRS

Phase 1 GSM networks, when they began to deploy in the early 1990s, were designed to support circuit-switched voice services only. The ability to handle two-way SMS and CS dial-up data services were added later, but as the 1990s progressed and the growing importance of the Internet and other IP-based communications systems began to become apparent, it was decided that GSM needed a packet-switched data capability, which lead to the development of GPRS.

The GPRS can be considered to be a bolt on or adjunct to the original GSM design; one of the main objectives of its development is to reuse as much of the existing GSM architecture as possible whilst causing the minimum disruption to existing services.

GPRS is a wireless bearer service providing mobile access to data applications, such as the Internet, to users on demand.

In GPRS, Internet and GSM technologies are brought together, offering improved applications and increased bit rates with an efficient use of network and radio resources. Sometimes referred to as an always on service, GPRS allows subscribers to be online constantly while their phone is switched on, only being charged when they are transmitting or receiving data.

GPRS is optimized for bursty data transfer: web browsing and information/application download, e-mails and multimedia messaging. It is not used for the transmission of speech.

GPRS is often referred to as a 2.5G (Generation 2.5) network, a stepping stone from 2G networks such as GSM towards 3G.




GPRS Logical Channels

The GPRS logical channels are as follows:

PBCCH (Packet Broadcast Control Channel)

PCCCH (Packet Common Control Channel)

PRACH (Packet Random Access Channel)

PPCH (Packet Paging Channel)

PAGCH (Packet Access Grant Channel)

PNCH (Packet Notification Channel)

PDTCH (Packet Data Traffic Channel)

PACCH (Packet Associated Control Channel)

PTCCH (Packet Timing-advance Control Channel)

This figure illustrates how these channels are mapped, and shows the subdivisions applicable to them.



GPRS

The GPRS Mobile

GPRS-enabled terminals evolved from standard GSM phones to much more sophisticated equipment. Some have colour screens and digital cameras; others incorporate touch-sensitive screens and voice recognition. Most GPRS terminals also support associated technologies such as WAP and Bluetooth. Overall, functionality has improved, and most terminals have increased processing power.

A GPRS terminal can operate in one of three modes. The mode of operation will depend on the services to which the MS is attached, whether GPRS only or GPRS and GSM. The three mobile classes are class-A, class-B and class-C.

Class-A allows for simultaneous GSM and GPRS operation. Class-B terminals, which include most GPRS-enabled GSM phones, can be attached to both GSM and GPRS, but can only use the services alternately. Class-C allows for alternate GSM and GPRS operation, but can only be attached to one at a time; these are usually data-oriented terminals such as laptops or palmtops.




GPRS Network Elements

The addition of GPRS has required significant modifications to the GSM network architecture to enable it to handle both packet- and circuit-switched connections. Three new entities have been added: the GGSN (Gateway GPRS Support Node), SGSN, and PCU (Packet Control Unit).

These elements are connected with each other and with the GSM network elements. The SGSN and GGSN are connected via the operators backbone IP network. The SGSN is connected to the PCU using Frame Relay over an E1 physical interface. The GSM RAN (Radio Access Network) provides connections from the MS to the SGSN for both signalling and traffic.

GPRS shares some network resources with GSM, including the HLR, EIR and AuC The HLR has been modified to cater for GPRS subscription data and in cooperation with the SGSN keeps track of a mobiles location for GPRS services.

The PCU allocates air interface resources for GPRS operation like the BSC does for CS GSM resources. Since the air interface is a shared resource, the PCU is generally co-located with the BCS to coordinate air interface resource allocation more efficiently .

GPRS provides a packet-switched bearer service between the MS and an external packet network accessed via a GGSN. For example, GPRS may be used to provide an IP bearer service to the public Internet or to a private IP network, intranet, or third-party content provider. To achieve this the MS initially attaches itself to an SGSN, essentially a similar process to location updates. The MS then requests an IP service via the SGSN indicating which network it wishes to reach and what QoS (Quality of Service) it requires. The SGSN forwards a request to the appropriate GGSN in order to establish the bearer. The GGSN allocates the appropriate QoS and an IP address for the MS, following which IP datagrams may be transferred between the mobile and external IP-based devices.

The IP bearer together with its QoS definition is referred to as a PDP (Packet Data Protocol) context. The PDP context is managed by the SGSN and GGSN; the PCU measures the QoS delivered to the end user against the negotiated QoS for the PDP context.


GPRS

GPRS Network Element Basic Functions

The PCU provides radio access control. It allocates radio channels for data transfer, ensures packets are the correct size for transmission over the radio interface, and makes QoS measurements in respect of the radio link with the users mobile.

Like an MSC, an SGSN is responsible for a service area containing a number of mobiles. Within this service area the main functions of the SGSN include the authorization and authentication of mobiles; ciphering of packets across the air interface; the routing of data packets to and from mobiles; and location management, noting the location of mobiles new to the service area and tracking their subsequent position within the service area.

The SGSN also has charging functionality. It gathers data relating to a subscribers use of the radio network.

The GGSN performs the functions necessary to allow mobiles to communicate with external networks. For incoming calls it contains routing tables so that incoming packets of data can be routed to the SGSN that is supporting the destination mobile. In addition, the GGSN can allocate IP addresses to the served mobile and also act as a firewall to prevent unwanted access.

In respect of charging, the GGSN is responsible for gathering data relating to packets transmitted to and received from external networks.



GPRS Network Architecture

The introduction of GPRS has required significant modifications to the GSM network architecture to enable it to handle both packet- and circuit-switched connections.

The three new entities that have been added are the GGSN, the SGSN and the PCU.

These are connected to each other, and to the existing GSM network elements, via a series of interfaces that all carry the prefix G. The interfaces deal with both traffic connections and signalling connections.

Another new element has been added to assist in the management of charging and billing procedures. This is the CGF (Charging Gateway Function).

Some GPRS network resources shared the existing GSM network. These include the VLR, the HLR, the AuC, the EIR and the SMSC. The HLR and the VLR require software upgrades to cater for GPRS, so that both GSM and GPRS networks are able to keep track of the mobiles location.

By allowing access to these common units GSM/GPRS information is maintained from centralized resources, making it easier for the effective management, hence interworking, of the two systems.



GPRS

GPRS Resource Allocation

In GSM, a timeslot effectively a channel is allocated to a user for their sole use for the duration of their call. In GPRS, users may share resources within a timeslot or across multiple timeslots. This concept is illustrated in the diagram. Note that in standard GPRS the modulation scheme used on the air interface is GMSK (Gaussian Minimum Shift Keying).

GPRS provides the ability to vary the bit rate within a timeslot by using four coding schemes, CS1 to CS4. With CS1 the timeslot contains 9.1 kbit/s of data with a high level of forward error correction (suitable for poor radio channel performance) while CS4 has 21.4 kbit/s data with no error correction (suitable for excellent radio channel condition). CS4 is rarely used. This is because there is no error protection provided with this coding scheme and the system has no way of a dynamically and quickly adapting between coding schemes in order to combat changes in radio channel conditions. Operators therefore err on the side of caution and use the lower-level coding schemes.

The maximum theoretical bit rate, 171.2 kbit/s, is achieved by allocating all eight timeslots. However, in typical operation four timeslots may be allocated with a user rate of between 40 and 50 kbit/s.

It should be noted that as in GSM, GPRS resources are finite. If many subscribers are using the network, fewer timeslots can be allocated to each subscriber, resulting in slower data rates.

Highest data rates are likely to be achieved when the network is least busy.



EGPRS Resource Allocation

EDGE is an enhancement to GSMs air interface that may be applied to both CS and PS operation. However, in practice it has only been applied to GPRS and is commonly referred to as EGPRS.

EGPRS (Enhanced General Packet Radio Service) introduces a new coding scheme, 8PSK (eight Phase Shift Keying ), which provides a three-times increase in the air interface bit rate but is more susceptible to errors in noisy radio channels. Note that EDGE-enhanced devices may switch between GMSK and 8PSK modulation schemes.

EDGE also introduces nine new coding schemes, MCS-1 (8.8 kbit/s, high error protection) to MCS-9 (59.2 kbit/s, no error protection). MCS-1 to MCS-4 are used with GMSK while MCS-5 to MCS-9 are used with 8PSK.

EDGE is able to rapidly adapt between both modulation schemes and coding schemes in order to combat a noisy radio channel albeit at the expense of higher bit rates. For example, it may be that all eight timeslots are allocated to EGPRS using 8PSK and MCS-9 for the highest bit rate when the radio conditions are favourable. However, as the channel worsens, the coding scheme may be throttled down to say MCS-5. If inference increases further then this may cause a change of modulation scheme to GMSK and, say, MCS-2.

The maximum theoretical bit rate, 473.6 kbit/s, is achieved by allocating all eight timeslots. However, in typical operation four timeslots may be allocated with a user rate of between 100 and 120 kbit/s.


GPRS

GPRS Roaming

As with GSM, International Roaming is supported in GPRS using very similar mechanisms.

The discovery and use of foreign networks by roaming Mobile Stations follows the procedures laid down for GSM; roaming is only possible on networks that support GPRS, it is only possible on networks that have a roaming agreement with the subscribers home network and it is made possible by the interaction between visited SGSNs and home HLRs.

Once a roaming subscriber has been authorised to use the resources of a foreign network, their MS is able to request that a PDP Context be established.

Visited SGSNs have two options when processing connection requests from roaming users; they are able to establish a PDP Context to a local GGSN and provide local breakout to the requested network or service, or they can tunnel a PDP Context back to the subscribers home network to allow home breakout to take place. The choice can be based on subscription information contained in user profiles or on bilateral agreements made between the operators. In most cases, networks elect to have roaming connections tunnelled home as this allows them greater visibility of roaming users requested services and the ability to provide roaming users with access to the same set of services available to home users.

The international links between partner networks can be carried via dedicated point-to-point connections between border gateways, or they can go via specialized interconnection backbones known as GRX (GPRS Roaming Exchange) services, or could just be tunnelled across the general Internet.

GPRS roaming has traditionally been a somewhat underused service, partly due to the high costs often associated with it, but the widespread use of smartphones (such as Blackberrys and iPhones) with applications that automatically access the Internet to retrieve email and other services has lead to rapid growth of roaming traffic in recent years. Regulators in some regions have made efforts to impose roaming charge caps on operators, which has helped to stimulate interest in these services still further.




PROCEDURES

SECTION 5

CONTENTS

Procedures


GSM Operational Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.1

Cell Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.2

SI (System Information) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.3

Attach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.4

Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.5

Cell Reselection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.6

Location Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.7

Periodic Type and IMSI Attach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.8

Location Update Signalling Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.9

Dedicated Mode Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.10

Adaptive Power Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.11

DTX (Discontinuous Transmission) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.12

Ciphering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.13

Mobile-Originated Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.14

Call Routing to a Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.15

Mobile-Terminated Call. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.16

Mobile-Terminated SMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.17

Handover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.18

Types of Handover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.19

Inter-System Roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.20

International Roaming Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.21

Detach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.22

GPRS Mobile State Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.23

GPRS Attach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.24

PDP Context Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5.25


OBJECTIVES

Procedures


outline the functionality of the GSM and GPRS mobile station modes and states

describe the causes and effects of moving from one state/mode to another

list the actions performed by the mobile at switch-on and in idle mode

describe the cell selection and reselection processes

explain the function and process of dedicated mode procedures including power control,

handover, and DTX (Discontinuous Transmission)

list typical information received in System Information messages

describe the location update procedure

describe the basic call sequences for both mobile-originated and mobile-terminated calls

outline the authentication and ciphering procedures

outline the procedures involved when a GPRS mobile wishes to access the network and

subsequently pass traffic to an external network

describe the purpose of a GPRS attach

state what information a PDP context contains, and explain why a PDP context activation is

required before data transits the GPRS network

list the QoS classes applicable to GPRS and state why these are required


Procedures

GSM Operational Modes

A GSM MS has a number of operational modes: no service mode, limited service mode, idle mode and dedicated mode.

No Service represents an MS that can find no GSM coverage.

A GSM mobile that cannot find an acceptable cell may acquire any cell and offer a limited service (emergency calls only). This may result from failure to find a cell on the selected PLMN, a missing SIM card, the PLMN not allowed at location update, or illegal MS/ME response to update.

Idle mode represents a mobile that has camped on a cell from the selected PLMN (this selection may be either automatic or manual). An idle mode mobile will register its existence with the system (if appropriate), and will listen to the BCCH (Broadband Control Channel) and CCCH (Common Control Channel) data. This camping results from PLMN selection, cell selection/reselection and location updating.

When an MS is camped on a cell it continually ascertains whether any adjacent cell is better than the current serving cell.

An MS is in dedicated mode when it has a two-way communication link with a BTS. It has accessed a cell and is operating on either an SDCCH (Stand-alone Dedicated Control Channel) or a TCH (Traffic Channel). When in this mode the MS must be time-aligned, have its power controlled, and provide measurement reports to assist in handover.

Idle ModeLimited Service Mode

No Service ModeDedicated Mode

(example)

(example)



Cell Selection

At power-on, the mobile needs to arrive at a state whereby it is ready to make or receive calls. To do this, it must identify a suitable BTS and camp on to that cell.

When it is first switched on, the MS will be able to see many channels from many networks. It will scan these channels and take signal strength measurements, and will identify which are BCCHs. It synchronizes to the BCCHs and reads system information. On assessing the system information, the MS assesses whether or not it has tuned into a channel on a valid network. The MS assesses quality for cells belonging to the valid network and selects the best from those that meet the quality criteria.

Once the MS has camped on, the IMSI attach or location update procedure can take place.

Further Reading: 3GPP TS 23.122, 45.008 (C1 functionality)

Power-on

Scan for available radio channels

Tune to each available channel

Read system information

Assess quality on cells from wanted network

Camp on

Possible IMSI attach or location update

BCCH?N

Next

Y

N

Y

N

Y

Validnetwork?

Selectbest?


Procedures

SI (System Information)

The BCCH function is essential in the process of cell selection and subsequent network access.

The BCCH has a relatively low capacity, being able to transmit a single 23-octet message every 235 ms. To overcome the scarcity of BCCH availability, a series of SI (System Information) messages has been defined. These messages are transmitted with differing periodicity and contain data necessary for selection and access.

There is an overlap of information elements between these messages to ensure that important data is transmitted as frequently as possible.

The cell allocation parameter identifies the set of frequencies allocated to the cell.

The access control parameter includes the SIM access class. This parameter allows operators to apply cell barring to a particular access class, group of access classes or all access classes. Classes 09 are allocated to the general public, 1115 are allocated to the emergency services, utilities and PLMN operators. Additionally the access control parameter may be used to indicate to the mobile how many times it may repeat a RACH (Random Access Channel) procedure in the event that an initial attempt does not receive a response from the network.

The control channel description parameter indicates whether signalling resources are implemented in the cell using combined or non-combined multiframe structures.

The GPRS information element indicates whether or not the cell supports GPRS services.

Further Reading: 3GPP TS 44.018 (Radio Resource Control)

cell allocation

access control parameters

BCCH frequency list

cell identity

Location Area Identity (LAI)

control channel description

cell selection parameters (C1)

GPRS information

cell reselection parameters (C2)



Attach

A GSM subscriber can only access network services after they have performed an Attach.

An Attach is usually required when an MS is powered on or after it returns from a period outside of network coverage. Prior to the attach being initiated, the MS must perform either stored information or initial cell selection functions to allow it to determine the best available cell resource via which to connect.

The GSM specifications include the stored information cell selection process that allows details of the last used cell to be retained in the SIM so that the MS can attempt to quickly reconnect to that resource on power on. The stored last cell details consist of the identities of the last-used Location Area (MCC, MNC, LAC) and the ARFCN (Absolute Radio Frequency Channel Number) of the ten most recently-used BCCH carriers, with the last-used carrier at the top of the list.

If there are no stored cell details, or if the stored cell is unavailable, the MS must scan for available cells and perform an initial cell selection. Again, data stored on the SIM can aid this process allowing the MS to be instructed to search for preferred BCCH ARFCNs and, if roaming, preferred networks. The SIM may also store a list of Forbidden PLMNs.

Cell selection is based on a simple algorithm which dictates that after searching at least a minimum number of carriers the MS will have compiled a list of acceptable cells from which it will select a suitable cell, which is the one it regards as offering the best service, and will attempt to attach. Cell suitability is determined using the C1 algorithm.

Before attempting to attach, the MS must check to ensure that the selected cell is not barred and that it meets the SIM access priority level indicated on the cells BCCH.


Stored Information:

Last used BCCH ARFCN

Initial Cell selection:

Scan frequency bands, compile list of strongest allowed cells


Procedures

Authentication

Security and confidentiality were difficult to implement in first-generation systems. There was little or no means of preventing eavesdropping on radio signals and the loss of the phone could result in the subscriber being charged for stolen calls.

GSM has addressed these problems and has a robust and secure air interface. Users confidentiality is maintained by means of an authentication procedure and the use of subscriber identity aliases. Also, users privacy across the radio interface is protected by means of ciphering techniques.

Because the implementation of security measures in GSM is operator specific, the algorithm used contains a no encryption option. Some countries do not use encryption.

Authentication typically takes place when an MS attempts to access the system in order to either initiate or receive a call. There are several secret components to this process and the MS (specifically the software on the SIM card) must have access to each component in order to be successfully authenticated.

When the subscription is issued the SIM is allocated a unique Ki. In order to authenticate the SIM a RAND (random number) is transmitted to the MS. Both Ki and RAND are entered into a secure algorithm, A3, which produces a response known as SRES (Signed RESponse). This is sent from the MS to the NSS (via the BSS) where its authenticity is examined. A second algorithm, A8, is used to generate the Kc.

Extensive effort has been made to ensure that the key components of this process are as secret and secure as possible. Though no system can ever be classed as totally secure, the effort and expense involved in illegally cloning a single SIM card would considerably outweigh the potential gains.

By any measure, GSM is extremely secure.


RANDKi

SRES Kc Kc/SRES/RAND

Triplet TripletSRES

Kc/RAND RAND

Kc

AirInterface

RANDKi

SRES KcSRESSRES

Compare

A3 A8

A3 A8

AuC HLR VLR MSC BSSSIMKi



Cell Reselecti

GSM_and_UMTS_CN_overview_WrayCastle.pdf

Documents

Transcript of GSM_and_UMTS_CN_overview_WrayCastle.pdf