OASIS+ Wireless 1

Ethan Frome

Advanced Wireless Concepts

for

Hughes Software Systems

Gurgaon

by

S. Shankarnarayan

Revision 2

19th April 2001

a)GSM system architecture

Figure 1.1 - GSM system model - signaling view

--------------------------------------------------------------------------------------------------

3

Figure 1.2 - GSM system model - Interfaces

--------------------------------------------------------------------------------------------------

4

c)GSM PLMN & frequency reuse

1)Cells, Location Area & Service Area

Figure 1.3 - Cells, Location Area & Service Area

--------------------------------------------------------------------------------------------------

5

2)Frequency spectrum of existing cellular systems 450 MHz NMT 450

800 MHz cellular AMPS, D-AMPS, TACS, PDC & CDMA

900 MHz cellular NMT, GSM 900

1500 MHz PDC 1500

1800 MHz DCS GSM 1800 (DCS), DECT & PHS

1900 MHz PCS D-AMPS 1900, CDMA 1900

3)Frequency spectrum for GSM & System specifications

Frequency band:

Uplink:890 - 915 MHz

Downlink:935 - 960 MHz

Duplex distance

45 MHz

Carrier separation

200 KHz (1st carrier: 890.2)

Number of carriers

124

Modulation

GMSK

Transmission rate

270 Kbps

Access method

TDMA

Time-slots

8 per carrier

Speech coding

RPE-LTP-LPC

Regular Pulse Excitation-

Long Term Prediction

Linear Predictive Coding

Diversity

Channel coding

Interleaving

Adaptive equalization

Frequency hopping

Extended frequency bandup-link880 - 915 MHz

Downlink925 - 960 MHz

--------------------------------------------------------------------------------------------------

6

4)Co-channel Interference

Figure 1.4 - Carrier-to-Interference ratio

Figure 1.5 - Carrier-to-Adjacent ratio

The aspect of interference from carriers in other cells of the same frequency or adjacent frequency (Carrier + 200Hz) should be kept in view from the point of frequency reuse.

Both C/I & C/A should be greater than 9/-9dB as per GSM specifications.

--------------------------------------------------------------------------------------------------

7

5)Frequency Reuse & cell clusters

Cell structure

3/9 cell clusters

Each cell may use one or more carriers

Each cell in a 3-sectored cluster uses a unique set of carriers

Each cluster in a 3/9-cluster uses a unique set of carriers

Figure 1.6 a) - 3-cell cluster & 3/9 frequency reuse

7/21 cell clusters

Figure 1.6 b) - 7-cell cluster & 7/21 frequency reuse

--------------------------------------------------------------------------------------------------

8

Frequency reuse in adjacent 3/9 cell clusters

Set of frequencies used in one cell is reused after a 2-cell gap

Figure 1.7 - 3/9-cluster group & frequency reuse

--------------------------------------------------------------------------------------------------

9

Frequency reuse in 7/21 cell clusters

Set of frequencies used in one cell is reused again after a 4-cell gap

Figure 1.8 - 7/21-cluster group & frequency reuse

--------------------------------------------------------------------------------------------------

10

6)PLMN, frequency allocation & Reuse

PLMN Service Area

One PLMN may be allocated only a part of the GSM frequency spectrum

Figure 1.9 - A PLMN Service Area

Omni-cell & 3-sectored cell-structure

One BTS site covering three cells with directional antennas each covering 120 degree angle at the tri-junction of a 3-sectored cell-structure

Figure 1.10 - Omni cell & 3-sectored cell structure

--------------------------------------------------------------------------------------------------

11

4/12 cell pattern using 12 frequency groups in 4 sites

Figure 1.11 - 4/12-cell pattern using 3-sectored cells

--------------------------------------------------------------------------------------------------

12

12 frequency groups in 4 sites for the 4/12 cell pattern

A1B1C1D1A2B2C2D2A3B3C3D3

C0f1f2f3f4f5f6F7f8f9101112

C1131415161718192021222324

C2252627282930313233343536

Sector A1 has 3 carriers of frequency f1, f13 & f25

Figure 1.12 - 36 available frequencies allocated evenly to sectors

3/9 cell pattern using 12 frequency groups in 4 sites

Figure 1.13 - 3/9-cell pattern with 3 sites & 9 frequency groups--------------------------------------------------------------------------------------------------

13

Cell sizes

Large

10 - 30 Km

Small

1 - 3 Km

Micro

100-300 m

Pico

10 - 30 m (Used in DECT, 3G)

Figure 1.14 - Different cell sizes

Hierarchical cell structure

Figure 1.15 - Layered cell structure

--------------------------------------------------------------------------------------------------

14

7)Traffic calculations

Traffic per subscriber

A = n T / 3600 Erlang (E)

Where, n = number of calls per hour,

T = call holding time in seconds

e.g.,

if n = 2 & T = 90 then,

A = 2 * 90 / 3600 = 0.050 E or 50 mE

Number of 3-sector sites

Given,

Traffic per subscriber: 50 mE

Total subscribers:

50,000

Available frequencies:36

Cell pattern:

4/12

Grade of Service:

0.02 or 2%

Calculation of 3-sector sites needed

Frequencies per cell:3

Traffic channels (TCH):22 [(3 * 8) - 2 (Control)]

Traffic per cell:

14.9 E (22 with GOS 2%)

As per Erlang table

Subscribers per cell:298 (14.9 / 0.05)

Number of cells:

168 (50,000 / 298)

3-sector sites:

56 (168 / 3)

--------------------------------------------------------------------------------------------------

15

d)Cellular mobile technologies

1)Access methods

FDMA

(Analog)

TDMA

(Digital)

CDMA

(Digital)

Occupancy by one voice channel in time & frequency domains

In CDMA, all channels concurrently occupy the whole bandwidth all the time

Figure 1.16 - Illustration of FDMA, TDMA & CDMA access methods

--------------------------------------------------------------------------------------------------

16

2)First generation 1G technologies based on FDMA NMT or Nordic Mobile Telephony (1981) proposed by Nordic PTTs as two standards NMT 450 & NMT 900 with a carrier spacing of 25 kHz. First system was launched in 1979. Roaming was later introduced between several countries.

AMPS or Advanced Mobile Phone System (1984) standard proposed by FCC & EIA using 800-900 MHz band with a carrier- spacing of 30 kHz. The first system was launched in 1982. Networks based on AMPS are still existing in some countries.

TACS or Total Access Communication System standard (1985), derived from AMPS & proposed by Dept. of Trade & Industries, UK. With extended specifications, it is known as ETACS. Existing in several scattered countries, roaming is not possible.

3)Second generation 2G technologies based on TDMA & CDMA IS-54 earlier known as ADC or American Digital Cellular, also called as D-AMPS (1991), proposed by TIA, using digital TDMA for communication channels and analog 10 Kbps FSK for control channels. This was an upgrade of AMPS to digital technology with 3 full-rate or 6 half-rate channels per 30 KHz carrier & initially known as TDMA/AMPS. There is no noticeable addition in features or services compared to AMPS.

There are about 75 million users in these networks spread around in 34 countries.

IS-136 Rev. A is a later improvement over IS-54 using 48.6 Kbps digital modulated control channels. IS-136 provides for SMS or short messaging capabilities.

IS-136 Rev. B is a recent version providing for HSCSD, etc.

--------------------------------------------------------------------------------------------------

17

GSM 900 or Global Systems for Mobile Communication (1991) standard proposed by CEPT/ETSI, based on TDMA with 8 full-rate or 16 half rate channels per 200 KHz carrier. The network architecture separates the radio functions from switching functions and concentrates them in a Base Switching System, BSS. GSM standard provides for SMS, circuit-switched data & international roaming.

There are about 200 networks & 100 million subscribers in 110 countries.

DCS 1800 is a further development of GSM operating in 1800 MHz band.

PDC 800 is a Japanese digital cellular standard (1994) using radio concepts from ADC and adopting the GSM network architecture. Used only in Japan, there are about 33 million subscribers.

PDC 1500 standard has also been defined.

IS-95 or CDMA, originally proposed by Qualcom, is an alternative to the TDMA access standards. This standard uses a carrier (800 MHz) with 1.25 MHz band & spread spectrum techniques in forward (down) & reverse (up) links. IS-95 has also been used in the 1900 MHz band in US.

There are about 13 million subscribers in networks in North America and South Korea (9million).

Since CDMA can coexist with TDMA such as IS-136 & GSM, it is also preferred for WILL applications.

--------------------------------------------------------------------------------------------------

18

e)Digital radio transmission

1)Access methods FDMA Vs TDMA

Figure 1.17 - Illustration of FDMA Vs TDMA access methods

2)TDMA & propagation delay

Figure 1.18 - different overlapping arrival times --------------------------------------------------------------------------------------------------

19

Propagation delays & radio burst

It is not possible to transmit one PCM voice sample per timeslot in digital TDMA over air as in the wire-line point to point digital transmission.

We need to accumulate a number of PCM voice samples (say, 32, 64 or 128) before sending them all together as a burst from one mobile. This will allow us to provide sufficient gap between bursts from two mobiles located at different distances. The gap will take care of some delay differences. 160 samples for a period of 20ms are accumulated in GSM before the burst transmission.

Round trip delay & echo

The burst method of a block of speech introduces long round trip delays on an established voice connection. This will result in echo on a connection to a POTS subscriber. GSM network should take care to provide an echo canceller on such a connection.

Low bit-rate coding of speech

Since the voice samples are buffered, it opens up the possibility of digital processing of voice samples to reduce the bit rate for voice transmission and number of bits per block of speech.

The speech coders defined for GSM use a hybrid approach of combining the speech quality of waveform coders & low bit-rate capability of vocoders. The speech is reduced to 13 Kbps in GSM, known as full rate. There is provision for half rate.

3)Timing advance controlTo reduce the gap between adjacent bursts from nearer & farther mobile stations, GSM uses a technique of timing advance. The mobiles moving away from the base station are periodically asked to advance their burst transmission in terms of a number of bit times. The mobiles moving towards the base station are asked periodically to reduce the timing advance (TA).

--------------------------------------------------------------------------------------------------

20

Figure 1.19 - Periodic control of timing advance

Figure 1.20 Burst transmission with timing advance

4)Transmission path loss & MS transmit power controlFor a given antenna, the received power is inversely proportional to the square of the distance between the transmit & receive antennas.

The received power is also inversely proportional to the square of the frequency.

Ls ~ d2f2 or in dB

Ls (dB) = 32.4 (dB) + 20 log (fMHz) + 20 log (dKm)

Where 32.4 is a constant of proportionality

--------------------------------------------------------------------------------------------------

21

Figure 1.21 - periodic control of transmit power

5)Log-normal fading

Figure 1.22 - Obstacles in the radio path & the shadowing effect

Figure 1.23 - Log-normal fading due to shadowing effect on a moving MS

--------------------------------------------------------------------------------------------------

22

If logarithm of the signal strength is measured along the path of a mobile, the curve will take the form of a normal distribution around a mean value that represents the path loss. The fading dips are situated about 10 to 20 meters apart.

6) Rayleigh or multi-path fading

This occurs when the transmitted radio signal takes more than one path to reach the mobile receiver. When the mobile is in the direct line-of-sight path, it may receive the signal as several reflections against big buildings.

Figure 1.24 - Multi-path or Rayleigh fading

Figure 1.25 - Rayleigh fading over log-normal fading

--------------------------------------------------------------------------------------------------

23

This means that the received signal is a sum of many identical signals differing mainly in phase. Two received signals that are 1800 out of phase may cancel each other out. Smaller phase differences cause steep dips in the received signal.

7) Time dispersion of received signal bits

Time dispersion causes inter-symbol-interference between consecutive bits received at a mobile.

Figure 1.26 - Inter-symbol-interference due to time dispersion

--------------------------------------------------------------------------------------------------

24

Bit rate in GSM

270 Kbps

Bit cell period

3.7 microseconds

Bit traverse distance in 1 bit

period - straight path

1.1 Km

Interfering reflected bit traverse distance, possibly

2.2 Km

A moving car 1 Km from a base station may find the preceding bit arriving via a reflected path at the same time as the arrival of a new bit.

Depending on the distance and the surroundings, a reflected bit may interfere with another bit transmitted two bit-times later.

8) Coding of speech to reduce bit rate

To economize on the frequency spectrum & bandwidth requirements per channel & carrier, GSM employs speech coding to reduce the bit rate to 13 Kbps per voice channel.

A block of 160 speech samples over a period of 20 ms is digitally processed using DSP technology to reduce the number of bits to 260 bits per block. Compare this to 1280 bits needed as PCM samples.

Speech codingscheme

RPE-LTP-LPC

Figure 1.27 - Speech coding in GSM

--------------------------------------------------------------------------------------------------

25

9) Coding of speech for error control

Error control codes

Log normal fading, multi-path fading, time dispersion, etc. result in bit errors in the received bit stream. Bit error ratio or BER of the received bit stream is a measure of the transmission quality.

By using redundancy & spreading out the information bits, It is possible to reduce BER and also be able to detect as well as correct errors. These are known as Error Control codes.

Error control codes can be divided into Block Codes and Convolution Codes.

Block coding

Figure 1.28 - Principle of Block coding

Figure 1.24 shows the principle of block coding. Redundant check bits are generated and added by the block coder to the information bits in a block. The check bits added are based and dependent on the bit stream in that block of information bits.

Block codes are used for data blocks where we are interested in detecting errors and ask for retransmission. This method of error correction by retransmission is known as ARQ. In the case of data, we can afford to wait for retransmission since data transmission is tolerant of delays and delay variations.

Voice & video, known as isochronous services do not admit delay variations. In these cases, we have either to ignore errors or correct them in real time.

--------------------------------------------------------------------------------------------------

26

Convolution coding

Figure 1.29 - Principle of convolution coding

In convolution coding, the output of the coder depends not only on the current input block but also on the preceding block(s). If the output has two bits for each input bit, then the rate of redundancy is said to be 1 : 2.

Convolution codes are suitable for voice and video, as it is possible to correct errors in this method.

Channel coding in GSM - Error control

GSM uses a two-step approach of block and convolution coding of speech blocks.

Figure 1.30 - Channel coding in GSM

--------------------------------------------------------------------------------------------------

27

First step: 3 parity bits are added in the block coder to the 50 very important bits in the information block.

Second step:53 block coded bits + 132 important bits + 4 tail bits are convolution coded with a rate of 1:2. The output of convolution coder has 378 bits.

Third step:Add the 78 rest of the not so important bits to the output of the convolution coder to get the final block of spread out block of 456 bits of the original speech block.

The two-step approach is used in GSM both for speech & data. The schemes for speech and data are somewhat different.

We are able to correct errors as far as possible by convolution coding. The block coding helps to detect errors and determine if the information block is too damaged to use and if so to ignore it.

Channel coding is effective in detecting and correcting single errors and very short burst errors. What if the burst errors are too long?

10) Segmentation & interleaving for burst error control

Principle of Interleaving for Burst Error control

Figure 1.31 a) - Principle of interleaving for burst error control

--------------------------------------------------------------------------------------------------

28

Interleaving is a way of separating consecutive bits that would be affected by burst errors and sending them in a non-consecutive way by spreading them out over long periods.

Interleaving is a way of separating consecutive bits that would be affected by burst errors and sending them in a non-consecutive way by spreading them out over long periods.

In figure 1.28 a), blocks of speech are segmented into four parts numbered 1 to 4. At the time of sending, segments numbered 1 from four consecutive blocks together sent as a frame. Similarly, frames 2, 3 & 4 are transmitted consecutively.

Figure 1.31 b) - Principle of interleaving & spreading of burst errors

Suppose frame 2 underwent heavy burst errors and had to be rejected. Figure 1.28 b) shows the regrouped information where the burst errored parts have been spread out.

Now, with the help of channel coding it may be possible to reconstruct the original information with error correction.

GSM adopts a two-level interleaving scheme.

First level of interleaving in GSM

In the first level of interleaving, the 456 bits from the channel coder are interleaved into eight segments of 57 bits each. The consecutive eight bits from the original information are spread out into these eight segments. That is to say that each of these segments holds 57 non-consecutive information bits.

See figure 1.29 where each column is a segment of 57 non-consecutive bits.

--------------------------------------------------------------------------------------------------

29

Figure 1.32 - First level of interleaving & spreading in GSM

Second level of interleaving in GSM

Figure 1.30 shows four blocks of channel coded and first level interleaved speech blocks.

Figure 1.33 a) - Four channel coded speech blocks with 1st level of interleaving

Figure 1.33 b) - Four channel coded speech blocks with interleaved segments from consecutive blocks--------------------------------------------------------------------------------------------------

30

Figure 1.34 - Normal burst over air in GSM containing 2 speech segments

Figure 2.34 shows a normal radio burst that has space for two segments of 57 bits of speech.

Figure 1.35 a) - 2nd level interleaved segments -1

--------------------------------------------------------------------------------------------------

31

Figure 1.35 b) - 2nd level interleaved segments -2

Figure 1.36 - Normal bursts carrying 2nd level bit-interleaved segments

32

Each burst in GSM actually holds two segments from two consecutive speech blocks. In other words, eight segments of a speech block are spread over eight consecutive bursts with interleaving of consecutive bits from the two segments.

See figure 2.36

Each burst shown is sent in consecutive TDMA frames in the allocated timeslot or the physical channel.

Round trip delay

The duration of a TDMA frame is about 5 ms each. As the speech block is spread over 8 TDMA frames, there is a delay of 40 ms over the radio for the entire block to be sent.

Speech coding itself introduces a delay of 20 ms due to buffering of 160 samples.

In the base station system, these interleaved segments are accumulated, trascoded into PCM format and sent forward as PCM samples over a period of 20 ms thereon.

Thus the various coding & interleaving schemes introduce a one-way delay of 80 ms or a round trip delay of 160 ms on a speech connection.

Therefore we need an echo canceller on a connection from a mobile to a POTS subscriber involving a two-wire to four-wire converter to avoid talker echo for the mobile user.

11) Modulation of carrier in GSM

GSM uses GMSK (Gaussian Minimum Shift Keying) modulation scheme. This is a BPSK Phase Shift Keying technique with two phases wherein the phase shift is controlled to be smooth rather than abrupt as in the conventional method.

GMSK reduces the carrier bandwidth requirements at the cost of lesser resistance to noise.

--------------------------------------------------------------------------------------------------

33

12) Frequency hopping (slow) & Rayleigh fading

The Rayleigh fading pattern mentioned earlier is frequency-dependent. This means that the fading dips will occur at different places for different frequencies. If we keep changing the frequencies during a call and if only one of them has a fading dip, we lose only a fraction of the information. With complex signal processing, it may be possible to restore the information. Se figure 1.33 for frequency hopping in GSM.

Figure 1.37 - Frequency hopping between two carriers

Frequency hopping can be over several carriers in cyclic fashion over consecutive TDMA frames but using the same timeslot all the time.

13) Antenna (or space) diversity & deep fading

The method involves using two receiver antennas at the base stations independently receiving the same signal and influenced by fading differently. The risk of both being affected by deep fading at the same time is small. By choosing the better of the two received signals, the degree of fading can be reduced. The distance between the two antennas should be such that the correlation between the two received signals is small. At 900 MHz, we can gain 3 dB with an antenna distance of 5-6 meters.

--------------------------------------------------------------------------------------------------

34

Figure 1.38 - Antenna diversity 14) The Viterbi equalizer & time dispersion

The equalizer in GSM is to reduce the effect of time dispersion causing adjacent inter-symbol-interference. The principle is based on creating a mathematical model of the air interface channel and calculating the most probable transmitted data.

Figure 1.39 - Viterbi equalizer --------------------------------------------------------------------------------------------------

35

A pattern known as the training sequence is included in the middle of the burst in the GSM for this purpose. The GSM specification prescribes an equalizer capable of handling a reflected signal delayed upto four bit times. This corresponds to 15 microseconds or a path difference of 4.5 Km between the direct and reflected signals.

How the Viterbi equalizer works?

Channel is assumed to be constant during one burst.

Known training sequence T is compared with T' of the received burst in a correlator.

A probable transmitted bit sequence is fed through a channel model and output is compared with the received bit sequence.

Based on the difference, the Viterbi equalizer selects a more probable transmitted bit sequence and again feeds it through the channel model.

The process is repeated until good enough bit sequence is found.

A powerful algorithm is used to neglect the least likely bit patterns.

15) The time advance

The base station periodically sends a value between 0 & 63 telling a moving mobile as to how many bit times (3.7 micro seconds) the mobile should advance its burst transmission relative to synchronization time.

This is one of the parameters limiting the size of the cell.

16) Encryption of speech, signaling or data

As a matter of security over the air interface, GSM employs encryption of all the important communications between MS & the MSC on a per call or access basis. The ciphering key is derived using an algorithm in the MS itself based on a random number linked to the identity of the MS. The random number is sent by the MSC during the establishment of the communication channel between MS & the MSC. We will see more of this later.

--------------------------------------------------------------------------------------------------

36

17) Digital transmission summary

Block schematic of a Mobile Station (MS)

Figure 1.36 shows the different signal processing parts involved in the transmission and reception of speech.

Figure 1.40 - Block schematic of transmission functions of an MS

The receiving part

A channel model is created in the equalizer where also an estimated bit sequence pattern is calculated for each burst.

--------------------------------------------------------------------------------------------------

37

After all the eight bursts of a 20 ms speech block have been received, they are reassembled into 456 bits block.

The sequence is decoded in the Viterbi decoder to detect and correct errors encountered in transmission. The decoder uses "soft information" (as to the probability that a bit is zero) from the equalizer to improve error correction.

Block schematic of the Base station & the network part

Figure 1.41 - Block schematic of transmission functions in the network --------------------------------------------------------------------------------------------------

38

Transcoder

The network has a transcoder for D/D conversion between PCM samples & linear-coded 13 bit samples.

18) Transcoder & rate adaptation unit or TRAU

TRAU functionally belongs to BTS but can be remotely located in the BSC as is the normal practice or even the MSC. But a remote TRAU is still controlled by the BTS.

Figure 1.42 TRAU placed in BSC & Abis interface

--------------------------------------------------------------------------------------------------

39

Figure 1.43 TRAU in between 16 Kbps & 64 Kbps channels --------------------------------------------------------------------------------------------------

40

f)GSM Components

1)GSM system model

Figure 1.44 - GSM system model

--------------------------------------------------------------------------------------------------

41

2)System components

The Switching System (SS)

Mobile Services Switching Centre (MSC) MSC handles call processing, signaling, switching, charging, authentication of MS identity, etc.

MSC is a regular digital switch with digital trunk interfaces with CCS 7 signaling and mobile-related software.

Visitor Location Register (VLR) VLR obtains & stores the subscriber data of all the Mobile Stations (MS) currently visiting the MSC service area and keeps track of the current location, i.e., location area (LA), of all of them.

VLR is normally integrated with MSC and is known as MSC/VLR.

Gateway MSC (GMSC) This is a software function for finding out the current MSC service area in which a called MS is currently located. This function is required for all mobile- terminated calls and is resident in MSC. GMSC function interrogates the HLR to obtain this information required for further routing the call. Home Location Register (HLR) HLR has all the subscriber data of all the subscribers to a PLMN. The subscriber data for a new visitor to an MSC service area is supplied to the MSC/VLR for temporary storage as long as the MS stays in its service area. It also updates the current location, i.e., MSC service area, of the subscriber. This information is provided to GMSC, on interrogation.

HLR is generally integrated with one of the MSC/VLR in the PLMN. There can be more than one HLR in a PLMN. A block of MSISDN numbers would be allocated to each HLR.

HLR can also be implemented as a stand-alone node.

--------------------------------------------------------------------------------------------------

42

Authentication Centre (AUC)For authenticating an MS identity during registration, call origination, etc, security data known as triplets are needed by the MSC. This security data against each MS identity is generated in the AUC and is supplied to HLR & MSC.

AUC can be implemented on a PC or on a UNIX platform.

Equipment Identity Register (EIR)EIR is a database for validation of Mobile Equipment (ME) with lists of type-approved & barred ME numbers.

GSM Interworking Unit (GIWU)

This is required for circuit-switched voice-band data communication between an MS with digital data & a POTS line with MODEM or analog data.

SM-SC & SMS GatewayThese two nodes together enable Short Message Service or SMS (limited to 160 characters) to be offered to mobile users.

Short Message Service Centre or SM-SC is a store - and - forward centre for short messages.

SMS Gateway finds out the current location (MSC service area) from the HLR & enables mobile-terminated messages to be forwarded to the MS. The node also has the function of SMS-IWMSC required for relaying short messages to the SM-SC for storage.

The Base Station Sub-system (BSS)

All the radio-related functions & activities have been separated from the MSC and concentrated in the BSS in the GSM. The BSS consists of two components.

Base Station Controller (BSC)

This node also consists of a digital switch with digital trunk terminations and GSM radio-related interfaces & software functions.

--------------------------------------------------------------------------------------------------

43

Administration of the radio network, switching of mobile subscribers during a call, paging a called MS, locating a mobile subscriber moving from cell to cell during conversation, handovers, collection of statistics such as traffic per cell, etc. are some of the functions of BSC.

Transcoder Rate Adapter Unit (TRAU), an important component of the BSS is also normally located in the BSC.

Base Transceiver Station (BTS) It consists of radio transmitter & receiver, mast, antennas and signal processing specific to radio interface. A number of BTSs can be located at a site, sharing a common mast.

The Operation and Support Sub-system (OSS)

The individual MSC/VLR & BSC nodes handle the basic & routine O&M tasks such as handle traffic measurement, analysis and fault diagnosis. OSS is centralised node, which provides the network operator with user-friendly tools for planning, operating and maintaining a cellular network efficiently and with a high quality of service. Some of the functions of the OSS are:

Radio configuration - e.g., adding cells & carriers

Network supervision & operation - e.g., network modeling and alarm handling

Switching configuration - e.g., expansion, soft patches and software updates

Performance management - e.g., generation of statistical reports

The Mobile Station (MS)

The MS consists of the Mobile Equipment (ME) from a vendor and a Subscriber Identity Module (SIM) provided and/or programmed by the network operator.

ME is uniquely identified by an International Mobile Equipment Identity (IMEI).

--------------------------------------------------------------------------------------------------

44

An International Mobile Subscriber Identity (IMSI) uniquely identifies a mobile subscriber or MS to a specific GSM PLMN. IMSI is embodied into the SIM, which can be inserted into any ME. The SIM has all the information related to the mobile subscriber.

IMSI is used between the MS and the MSC at the time of the initial registration of an MS visiting the MSC service area. Thereafter IMSI is not normally used over the radio path for security reasons. On registration, the MSC allocates a Temporary Mobile subscriber Identity (TMSI), which is also changed from time to time. TMSI is used by MSC for paging MS. MS uses TMSI during location updating and mobile-originated calls.

GSM subscribers are also publicly identified by Mobile Station ISDN number (MSISDN). A caller uses MSISDN to call a mobile subscriber. MSISDN consists of:

Country Code (CC) + National Destination Code (NDC) + Subscriber Number (SN)

The call is routed to the home PLMN of the mobile subscriber. It is the HLR that translates the MSISDN to IMSI, knows the MSC/VLR service area where the MS is currently located & helps in routing the call to the specific MSC.

Another identity known as Mobile Subscriber Roaming Number (MSRN) is used internally in the PLMN to route the incoming call to the specific MSC.

--------------------------------------------------------------------------------------------------

45

g)GSM Identities

1)Mobile Station ISDN Number (MSISDN) (E.164)

CC Country Code

(1~3 digits)

NDC National Destination code (2-3 digits)

Identifies the GSM PLMN Area Code

SN

Subscriber Number

2)International Mobile Subscriber Identity (IMSI) (E.212)

MCCMobile Country Code

(3 digits)

MNCMobile Network Code

(2 digits)

MSINMobile Subscriber Identification Number

3)Mobile Station Roaming Number (GSM Rec.)

SN

Subscriber Number, in effect the address of the MSC/VLR node within the PLMN

4)Temporary Mobile Station Identity (TMSI) (GSM Rec.)

TMSI is of only local significance.

--------------------------------------------------------------------------------------------------

46

5)International Mobile Equipment Identity (IMEI) (GSM Rec.)

TAC

Type Approval Code

6 digits

(Central GSM body)

FAC

Final Assembly Code

2 digits

(Manufacturer)

SNR

Serial Number

6 digits

Unique number within a TAC + FAC

Sp

Spare

1 digit

(Future Use)

6)Location Area Identity (LAI) (GSM Rec.)

MCC

Mobile Country Code

3 digits

(As in IMSI)

MNC

Mobile Network Code

2 digits

(As in IMSI)

LAC

Location Area Code

16 bits

(PLMN operator)

LAI

is used for location updating of MS.

All cells in a location area broadcast the LAI.

MS recognizes when it enters a new LA.

--------------------------------------------------------------------------------------------------

47

7)Cell Global Identity (CGI) (GSM Rec.)

CI

Cell Identity

16 bits

(PLMN Operator)

Each cell broadcasts its CGI. MS listens to this information in the current & surrounding cells.

8)Base Station Identity Code (BSIC) (GSM Rec.)

NCC

PLMN Colour Code

3 bits (xyy)

xoperator

yycountry

(to distinguish between neighbouring operators)

BCC

Base Station Colour Code3 bits

(to distinguish between neighbouring base stations)

9)Global Title (GT) (E.164)

GT is an address such as dialed digits, say MSISDN, as per CCITT/ITU Rec. E.164. The SN can be a node address.

GT is used in the No.7 SS to route a message to a remote node without a circuit-switched connection. SCCP with routing function is used at the originating & intermediate nodes. The GT is contained as a parameter inside the message.

For example the first two digits in the subscriber number (SN) in the MSISDN identifies an HLR. The GMSC function identifies an appropriate HLR from the received MSISDN.

--------------------------------------------------------------------------------------------------

48

10)Mobile Global Title (MGT) (GSM Rec.)

MSINMobile Station Identification Number 10 digits

MSIN identifies the MS & also its HLR

CC/NDCidentifies the country & the PLMN & possibly the HLR where the MS is registered.

IMSI & MGT

When an MS is turned on in (or enters) the MSC/VLR service area of a PLMN, the MS has to be registered as a new visitor in the VLR. VLR needs to address the HLR where the subscription information of the mobile subscriber is registered.

The information obtained from the MS for this purpose is IMSI consisting of MCC + MNC + MSIN. There are two possibilities.

The HLR is in the same PLMN as the VLR. That is the MS is in the home PLMN. Analysis of MCC + MNC identifies this case. Further analysis of MNC itself or MSIN identifies the HLR where the subscriber profile of the MS is registered.

Analysis of MCC + MNC indicates another PLMN, possibly in another country. Then the VLR has to send a message via the public national/international-signaling network to the HLR of the home PLMN. This has to go as an SCCP message for which the IMSI must be converted to MGT.

Conversion of IMSI to MGT

--------------------------------------------------------------------------------------------------

49

Translation of IMSI to MGT in the VLR

CC is derived directly from the MCC translation.

NDC is derived either directly from the MNC or in conjunction with the initial digits of the MSIN

The MSIN from IMSI is directly mapped in to the MSIN part of the MGT.

This translation is done in the application layer of the VLR.

h)Digital Radio Interface

1)TDMA frame, time slot & logical channels

Figure 1.45 - TDMA frame & timeslots

Timeslot & physical channels

Each timeslot of a TDMA frame - downlink or uplink - is known as a physical channel.

Logical channel

Using multi-frame mode, different logical channels can be mapped independently in either direction. These "logical channels" carrying control information are generally mapped on to one or two timeslots of one carrier, C0, in a cell. The remaining "logical channels" are used to carry traffic such as voice.

--------------------------------------------------------------------------------------------------

50

Figure 1.46 - Control channels, traffic channels & broadcast channels

Broadcast channels (BCH)

The carrier carrying the BCCH channel, normally C0, is also known as the BCCH-carrier. The BCCH-carrier is used to broadcast a lot of information required by an MS. A list of allocated BCCH carriers for the home network operator is programmed into SIM. An MS is also capable of scanning the whole GSM frequency band.

When an MS is turned on, it has to camp on to the nearest BTS preferably of the home PLMN. When it finds the strongest carrier, it has to find the BCCH-carrier in the cell. The BCH bursts are normally transmitted at the maximum power for the cell so that a farthest new arrival can lock on to it.

Frequency correction channel - FCCH

This channel carrying a sine wave signal is broadcast downlink for an MS to synchronise to the frequency. This is on the same carrier as that of the BCCH.

--------------------------------------------------------------------------------------------------

51

Synchronisation channel (SCH)

This carries information regarding the TDMA frame structure and frame number in this cell to which an MS has to lock on to, when it enters a cell or when it is turned on. The MS also comes to know that this is GSM base station. SCH also carries BSIC information. SCH is a downlink channel.

Broadcast control channel (BCCH)

After locking on to the frequency and frame structure in the cell, MS needs some more general information broadcast on the BCCH. The LAI, the maximum output power in the cell, BCCH-carriers of the neighbouring cells on which the MS will perform the measurements, etc. BCCH is a downlink channel.

If the MS has just been turned on or has entered a new location area, it has to carry out a procedure known as location updating.

The MS is now ready to roam around, camp on a cell, listen to paging, originate calls, etc.

Common control channels (CCCH)

Figure 1.47 - Common control channels

Paging channel - PCH

Mobile subscribers are paged on this downlink channel for incoming calls or short messages, using their TMSI. Every MS in a cell will periodically listen to this channel.

--------------------------------------------------------------------------------------------------

52

Random access channel - RACH

When an MS wants to do location updating, responds to a paging message or wants to originate a call, it sends a short burst on the RACH requesting for a dedicated signaling channel. For security reasons, the MS uses a random number for identity. The actual communication between the MS and the MSC will take place later on the dedicated channel. If the request is not granted within a specific time period, the MS repeats the request. RACH is an uplink channel.

Access grant channel - AGCH

In response to requests from different MSs, the network allocates a specific dedicated signaling channel (SDCCH) against each request for further communication. The response to each request is sent on the downlink AGCH. The MS is to now access the corresponding timeslot in the relevant carrier.

Dedicated control channels (DCCH)

Figure 1.48 - Dedicated control channels

Stand alone-dedicated control channel - SDCCH

As per the allocation conveyed over the AGCH, both the MS & the BTS switch over to the assigned SDCCH for a secure communication between the MS & the MSC.

--------------------------------------------------------------------------------------------------

53

The signaling communication can be a short message delivery (or cell broadcast) in idle mode or call setup procedure for an incoming or originated call.

Slow associated control channel - SACCH

While an MS is busy on a call over a traffic channel (TCH) or in communication with MSC on the SDCCH, MS takes periodic carrier-signal strength measurements on own base station & neighbouring base stations. These measurement results have to be conveyed to the BSC on the uplink. Similarly, based on the analysis of measurements taken by BTS & the MS, the BSC has to convey information on timing advance & MS transmitter power control.

SACCH is designed for this purpose. SACCH is interleaved either with SDCCH or TCH periodically.

Fast associated control channel - FACCHWhile an MS is in conversation & based on the analysis of signal strength measurements the BSC decides that a handover to a neighbouring cell, FACCH is used. FACCH works on the principle of stealing a segment of speech or TCH.

2)TDMA frames, logical channels, multiframes, superframes and hyperframe

Logical channels - TDMA frame, timeslot & burst

C0, C1 & C2Carriers in a cell

C

Control channels on timeslot 0 & 1 of C0

T

Traffic channels on remaining timeslots of C0, C1 & C2

Figure 1.49 - Mapping of control channels on C0 or BCCH carrier

--------------------------------------------------------------------------------------------------

54

TDMA frame, timeslot & burst

Figure 1.50 - Relationship between a TDMA burst & timeslot

TDMA frame & two types of multiframes

Figure 1.51 - Relationship between TDMA frame & multiframe

--------------------------------------------------------------------------------------------------

55

TDMA frames, multiframes & superframe

Figure 1.52 - Relationship between multiframes & superframe

TDMA frames, multiframes, superframes & hyperframe (Cycle for frequency hopping & ciphering)

Figure 1.53 - Relationship between superframes & hyperframe

3)Mapping of logical control channels on physical channels in multiframe structure (FCCH +SCH + BCCH + CCCH)CCCH & BCH channels are mapped on to timeslot 0 of the first carrier, C0 or the BCCH-carrier, in a cell. Timeslot 1 of the BCCH-carrier is used for SDCCH & SACCH. Timeslots 2 to 7 are used for TCH.

The multiframe structures for Control channels & traffic channels are different even if they are in the same carrier.

--------------------------------------------------------------------------------------------------

56

Downlink, C0, timeslot 0 - Multiframe mapping

FFCCH

Frequency correction channel

SSCH

Synchronisation channel

BBCCH

Broadcast control channel

CPCH /

Paging channel /

AGCH

Access grant channel

IIDLE

Figure 1.54 - Mapping of common control & broadcast channels

Uplink, C0, timeslot 0 - Multiframe mapping

RACH

Random access channel

Figure 1.55 Continuous mapping of RACH on the uplink

--------------------------------------------------------------------------------------------------

57

Uplink & downlink, C0, timeslot 1 - Multiframe mapping

D0

SDCCH 0

D7

SDCCH 7

A0

SACCH 0

A7

SACCH 7

I

IDLE

SDCCH is used to exchange information between MSC/VLR & MS during location updating or call setup.

SACCH is used downlink to send timing advance & power control information. MS sends measurement report on the uplink. SACCH is associated with SDCCH.

Figure 1.56 - Mapping of SDCCH & SACCH - C0, timeslot 1

--------------------------------------------------------------------------------------------------

58

4)Mapping of logical traffic channels on physical channels

Timeslots 0 & 1 on C0

logical control channels

Timeslots 2 ~ 7 on C0

logical traffic channels

Timeslots 0 ~ 7 on C1 ~ C3

logical traffic channels

If there are 5 or more carriers, another timeslot on C4 can be used for signaling. However, there is only one BCCH-carrier per cell.

C0, timeslot 2 (or 3 ~ 7) - Multiframe mapping of TCH

TTCH

Traffic channel

ASACCHSlow associated control channel

IIDLE

Figure 1.57 - Mapping of traffic channel TCH on timeslot 2

SACCH

During conversation, the MS has to periodically send measurement results. Like wise, the BSC has to send timing advance & power control information to the MS. Therefore an SACCH is interleaved every 26 TDMA frames on the same physical channel as that of the associated TCH.

IDLE

The MS uses the idle-TDMA-frame period is to take measurements.

--------------------------------------------------------------------------------------------------

59

Downlink

Uplink

Figure 1.58 Down-link reception & uplink transmission

5)Time to take measurements

Downlink

Uplink

Figure 1.59 - Time to measure & Idle TDMA frame

Measurements & Reporting

During a call an MS has to continuously take measurements on the signal strength of own as well as neighbouring cells. The results must be reported to the BSC on the uplink SACCH. The mobile is informed through system information on the downlink SACCH as to which neighbouring BCCH carriers to monitor.

--------------------------------------------------------------------------------------------------

60

Figure 1.59 TCH multiframe sliding over FCCH/SCH multiframe

--------------------------------------------------------------------------------------------------

61

i)RACH & network access by mobile

1)Access burst format

Figure 1.60 Short access burst with long guard period

2)Access burst arrival times & delays

Figure 1.61 Different arrival times of bursts & delays on the RACH

--------------------------------------------------------------------------------------------------

62

3)Channel request & information in the Access Burst

Figure 1.62 Contents in the channel request message on the RACH

4)Channel request & initial channel assignment

Figure 1.63 Channel request & access grant

5)Channel request & retransmission

Figure 1.64 Retransmission of channel request message

--------------------------------------------------------------------------------------------------

63

j)GSM traffic cases

1)Location updating normal type

1) System information

2) RR connection establishment

3) Service indication

4) Authentication

5) Updating

6) Acceptance

7) Channel release

Figure 1.65 - Location updating, normal type --------------------------------------------------------------------------------------------------

64

2)IMSI detach

Figure 1.66 - IMSI detach

3)Location updating, IMSI attach

Figure 1.67 - Location updating, IMSI attach type --------------------------------------------------------------------------------------------------

65

4)Call from MS

1a-c)RR connection establishment

2) Service indication

3) Authentication

4) Ciphering mode setting

5) Call initiation

6) Assignment of a TCH

7) Call confirmation

8) Call accepted

Figure 1.68 - Mobile originated call --------------------------------------------------------------------------------------------------

66

Figure 1.69 - Mobile originated call messages--------------------------------------------------------------------------------------------------

67

5)Call to MS from PSTN/ISDN

Figure 1.70 - Mobile terminated call --------------------------------------------------------------------------------------------------

68

Figure 1.71 - Mobile terminated call messages--------------------------------------------------------------------------------------------------

69

j)MS states & modes

1) MS detached or turned off having been registered in MSC/VLR

When the MS does not respond to paging messages and there has been no contact between the MS & the network, due to either MS being powered off or out of reach, the state is known as "MS detached".2) MS attached or turned on

When the MS has been turned on or entered the MSC service area, been registered as a visitor and has been in periodic contact, the state is known as "MS attached".

While being attached, an MS can be in idle or busy mode.

Idle modeThe MS may be moving around from cell to cell in the same location area or enter a cell in a new location area. The MS keeps listening to cell broadcasts and initiates "Location updating" whenever it enters a new location area. Thus the MSC/VLR is aware of the location of the MS. In case of an incoming call, the MSC/VLR can page for the MS in all the cells of the current location area.

Busy modeWhen the MS is involved in an incoming or originating call or call setup stage, it is said to be busy. While it is busy it can be moving around from cell to cell. The MS & the BTS keep taking the signal measurements of the current & surrounding cells periodically so that the BSC can know when the MS moves towards a new cell area. This is known as locating.

As the MS nears the border of a new cell, the BSC takes a decision to switch the call via a traffic channel in the new cell.

The changeover procedure is known as handover.

--------------------------------------------------------------------------------------------------

70

3) Location updating - periodic registration - idle mode

It is possible that the IMSI detach was not registered in the VLR due to poor radio link quality and the system may continue to assume that the MS is still in the same LA.

To avoid ambiguity, MS carries out periodic registration procedure once every 30 minutes. If there is no response to the request for a channel, MS will make repeated attempts. The system information on the BCCH tells all MSs about the frequency of periodic registration.

4) Implicit detach - idle mode

If the periodic registration does not take place and a timer times out, the MS is marked as detached in the VLR. This can happen when the MS has been turned off outside the radio coverage area.

--------------------------------------------------------------------------------------------------

71

k)The Mobile Station (MS)

1) The Subscriber Identity Module (SIM)

The MS can be operated only when a valid SIM is present. However, emergency calls to emergency numbers can be made without a SIM.

SIM Storage types for subscriber related information

Fixed data : IMSI, subscriber authentication key (KI), access control class, security algorithms, etc.

Temporary network data: TMSI, LAI, ciphering key (Kc), forbidden PLMNs, etc.

Service related data: language preference, advice of charge, etc.

Security features

Authentication algorithm, A3

Subscriber authentication key, KI

Ciphering key generation algorithm, A8

Ciphering key, Kc Control of access to data stored & performed in the SIM

Subscriber data in the Mobile Equipment (ME)

All subscriber-related information transferred to the ME during operation must be deleted after the removal of SIM & deactivation of the MS. Examples of such data are PIN (Personal Identification Number) and the PUK (Personal Unlock Key) codes.

PIN management

Changing the PIN code by the subscriber

PIN disabling function

Inhibition of PIN disabling function

Indication of incorrect PIN entry

SIM blocking on three repeated entries of incorrect PIN

--------------------------------------------------------------------------------------------------

72

Unblocking of SIM & PUK

Unblocking of SIM is possible under the control of PUK.

PUK is an 8-digit numeric only code. Indication is given if an incorrect PUK is entered. After 10 repeated incorrect entries, SIM is blocked.

l)Authentication of an MS

1)The authentication key, Ki

This is allocated at the time of subscription and stored in the SIM as well as the authentication centre that provides the system with so-called Triplets. The IMSI allocated to the subscriber is also stored in the SIM & the HLR.

2)The Triplets

Against each registered IMSI, the HLR keeps a stock of triplets. Whenever it is exhausted, the HLR requests for triplets against an IMSI. See figure 1.57.

Figure 1.72 - Request from HLR & response from AUC.

Generation of Triplets in the AUC (See figure 1.58)

A non-predictable random number, RAND, is generated.

RAND & Ki are used to generate Signed Response (SRES) and Ciphering Key Kc via algorithms A3 & A8.

RAND, SRES & Kc are delivered to HLR as Triplets.

--------------------------------------------------------------------------------------------------

73

RAND

Random number

SRES

Signed Response

IMSI

International mobile subscriber identity

KI

Subscriber authentication key

Kc

Ciphering keyFigure 1.73 - Generation of triplets in the AUC.

Authentication procedure

The MSC/VLR stores upto 10 triplets against each IMSI registered in its service area. Whenever a new visiting IMSI is registered or whenever its stock is depleted, the VLR obtains a fresh batch of triplets for use later on.

Figure 1.74 - Authentication procedure

--------------------------------------------------------------------------------------------------

74

Encryption & ciphering procedure

Figure 1.75 Cipher mode setting procedure

Figure 1.76 Ciphering & deciphering of speech/data/signaling

--------------------------------------------------------------------------------------------------

75

On successful completion of cipher mode command, all information over the air interface will be ciphered and all data, speech & signaling information are protected.

IMEI

IMSI (except at the time of registration as a new visitor)

Calling & called party addresses in the SETUP message

All information during conversation

Equipment identification

The MSC/VLR requests for IMEI from the MS after the cipher mode is complete.

MS sends IMEI to MSC which then sends it to EIR

EIR can check it against 3 possible lists of IMEIs

White list of all valid IMEIs in all GSM countries

Black list of all IMEIs known as barred

Grey list of faulty or non-approved IMEIs

See figure 1.61

Figure 1.77 - Equipment identification

--------------------------------------------------------------------------------------------------

76

Encrypted 114 bits

Encrypted 114 bits

S1 (114)

S2 (114)

S1 (114)

S2 (114)

+

+

+

+

FN (22)

FN (22)

Kc (64)

Kc (64)

B (S5-S8)

C (S1-S4)

C (S5-S8)

A

A

A

A

C

C

B

A

B

A

C

B

A

I

H

G

F

E

D

C

B

A

I

H

G

F

E

D

C

B

A

I

H

G

F

E

C

B

A

I

H

G

F

E

D

C

B

A

I

H

G

F

E

D

A

A

A

I

H

G

F

E

D

I

HB

G

F

D (S1-S4)

A (S5-S8)

B (S1-S4)

Z (S5-S8)

A (S1-S4)

E

D

C

B

G

A

F

PLMN Service Area

(One per Operator)

E

D

C

B

A

D

TDMA frame - 4.615 ms

7

6

5

4

3

2

1

0


7

6

5

4

3

2

1

0

3 hours 28 minutes 53.760 seconds

3

2

1

0

2047

2046

2045

B9, A13, B25, A29, B41, A45,.

B1, A5, B17, A21, B33, A37,.

B-S1/A-S5

Speech segments

Speech segments

Speech block

C

8 segments

Speech block

A

8 segments

Speech block

B

8 segments

Speech block

D

8 segments

C-S2/B-S6

C-S2/B-S6

C-S1/B-S5

C-S1/B-S5

B-S4/A-S8

B-S4/A-S8

B-S3/A-S7

B-S3/A-S7

B-S2/A-S6

B-S2/A-S6

B-S1/A-S5

B-S1/A-S5

C - S3

B - S7

C - S2

B - S6

C - S1

B - S5

B - S4

A - S8

B - S3

A - S7

B - S2

A - S6

B - S1

A - S5

Z - S8

A - S4

Z - S7

A - S3

Z - S6

A - S2

Z - S5

A - S1

3

1

3

1

26

57

57

Speech block

D

8 segments

C-S4/B-S8

C-S4/B-S8

Translation of MSISDN to IMSI

5

C

C

C

C

C

C

C

C

C

B

C

C

C

C

C

C

C

C

C

B

B

C

C

C

PLMN service area

MSC/VLR

MSC/VLR

C3

C2

C1

BTS site

Location area

A3

A2

A1

D2

D1

A3

A2

A1

B3

B2

B1

B3

B2

B1

C3

B2

B1

C3

C2

C1

D3

D2

D1

A3

A2

A1

C3

C

C

C2

C1

D3

C

C

Speech block

C

8 segments

Speech block

B

8 segments

8 segments of 57 bits each

7

15

23

31

.

.

.

.

.

.

447

455

C

C

8

16

24

32

.

.

.

.

.

.

448

456

4

12

20

28

.

.

.

.

.

.

444

452

Speech block

A

8 segments

6

14

22

30

.

.

.

.

.

.

446

454

5

13

21

29

.

.

.

.

.

.

445

453

3

11

19

27

.

.

.

.

.

.

443

451

2

10

18

26

.

.

.

.

.

.

442

450

1

9

17

25

.

.

.

.

.

.

441

449

4

1

X

3

4

1

X

3

4

1

X

3

4

1

X

3

Regrouped information block

4

3

2

1

4

3

2

1

4

1.Introduction to GSM

3

2

1

4

3

2

1

4

3

2

1

4

3

2

1

4

3

2

1

4

3

2

1

53

78 not so important bits

132 important + 4 tail bits

Block coder

50 VI bits

456 bits

Convolution coder

Block of 160 samples over 20 ms (2080 bits)

Block of 260 bits

Speech coder

Coded info

Info

Info

Convolution coder

Block coder

1

0

0

1

EMBED MS_ClipArt_Gallery

0

3

1

1


2

1

B


1

Rayleigh fading

Log (distance)

Log-normal fading

Path loss

Log (distance)


Signal level (dB)



Log-normal fading

MSC Service Area

Cell

Cell

Cell

Cell

Location Area

Location Area

Cell

Cell

Cell

Cell

GSM Service Area

Path loss

Signal level (dB)



C

C2

f1

f2

C1

D3

D2

D1

A3

A2

A1

B3

B2

B1

C

C

C

C

C

C

D2

D1

A3

A2

A1

B3

A2

A1

B3

B2

B1

C3

C2

C1

D3

C

C

C

C

C

C

C

C

C

C

C

B

C

C

C

C

C

C

C

C

C

B

C

C

C

C

C

C

C

C

C

B

B

C

C

C

C

C

C

C

C

C

T

T

FDMA

T

T

A4

A0

A3

A2

A1

B3

A3

A2

A1

B3

B2

B1

D3

D2

D1

A3

A2

A1

C3

C2

C1

C3

C2

C1

D3

D2

D1

A3

A3

A1

I

D7

D0

3






Advance timing - n bits

2

7

6

5

4

3

2

1

0

A7

A5

I

D7

Increase power - m dB



C

C, Carrier f1 strength in dB

I, Interferer f1 strength in dB

C

I

C/I > 9dB

A, Interferer f2 strength in dB

C, Carrier f1 strength in dB

C/A > -9dB

A


B2

B1

C3

A1

B3

B2

B1

C3

C2

C1

A3

A2

A1

B3

B2

B1

C3

C2

C1

C2

C1

BTS-TRAU signaling

Synchronization of the 20ms blocks

Time alignment i.e., BTS control of the phasing of incoming 20ms blocks from the TRAU

Speech/data discrimination and the type of adaptation needed for data

Bad frame indication to TRAU by BTS

Indication whether DTX is to be applied on the downlink

Silence Descriptor (SID) indication on the uplink

4 channels of 16 Kbps in one 64 Kbps channel

MSC

BTS

A

G.703

1

1

1

1

1

1

1

1

t

f

t

f

1

1

Layer 2

Layer 2

Layer 2

Layer 3 cells

A3

A2

Abis

ET

TRAU

G.703

4 channels of 64 Kbps

ET

BTS

16 Kbps channels

13 Kbps speech + 3 Kbps BTS-TRAU signaling

M

S

C

A

TRAU

B

S

C

Abis

TRAU

13 Kbps

BTS

A5

A5

Channel request

Random timer

Channel request

BTS

MS

AGCH

Immediate assignment Cause, random No., frame No., initial timing advance, initial power control & dedicated channel identity

RACH

Channel required

Frame No. Delay estimate

Channel request

B

S

C


Random discriminator

Establishment cause


Access burst

Frame 1, ts1

Arrival time & delay

Arrival time & delay

AB 1

AB 2

Frame 1, ts0

Frame 2, ts0


Information available to mobile for access

Max transmit power in the cell but not the actual one

Timing advance not known

Reasons for access

Location updating

Originating a call

Responding to paging, etc.

60 + 8.25

3

36

41

8

Guard period

Tail

INFO

Synch

Tail

Receive

Transmit with Timing Advance

Downlink

Uplink

0

1

2

3

4

5

6

7

0

1

2

3

4

5

6

7

MSC

t

f

GMSC

MSC/VLR

GMSC

MSC/VLR

GMSC

MSC/VLR

VLR

MSC

HLR

VLR

MSC

VLR

BSC

Base station system (BSS)

Switching System (SS)

EIR

GIWU

SM-SC

SMS Gateway

AUC

HLR

To/from PSTN/ISDN


114 bits

+

CONNECT ACK

CONNECT

Actions by the MS, say on TS 2

MS receives the burst and measures the signal strength

MS transmits

MS measures the signal strength of at least one of the surrounding cells

MS reads BSIC on SCH for one of the six strongest surrounding cells

The MS is not synchronized with the adjacent cell and does not know as to when TS 0 will occur on that cell

It has to monitor for at least 8 timeslot periods to read TS 0

4

3

2

1

2

1

CC

TAC

Max 4 octets long

IMSI (Max 15 digits)

National MSI

MSIN

MNC

MCC

International MSISDN (15 digits)

National mobile number

SN

NDC

CC

BTS

Operation & Support System (OSS)

NDC

7

6

5

4

3

2

1

0

SNR

FAC

SN

CC

CI

LAC

MNC

MCC

LAC

MNC

MCC

Sp

NCC

NDC

MCC

E.212

E.164

MSIN

NDC

CC

SN

BCC

C-S3/B-S7

C-S3/B-S7

D-S4/C-S8

D-S4/C-S8

MGT

IMSI

CC

NDC

MSIN

MSIN

MNC

D-S3/C-S7

2

D-S3/C-S7


4

3

2

1

0

7

6

5

4

3

1

0

DCCH

BCH

CCCH

Control channels

AGCH

RACH

PCH

DCCH

BCH

CCCH

Control channels

SCH

BCCH

FCCH

DCCH

BCH

CCCH

Traffic channels

Control channels

Logical channels

Downlink

Uplink

7

6

5

T

T

T

T

T

T

C

C

C0

FACCH

SACCH

SDCCH

C1

T

T

T

T

C2

T

T

T

T

T

T

T

T

5

4

3

2

1

0

4.615 ms

T

T

T

T

57 bits

57 bits

26 bits

Data

Data

Training

0.577 ms & 156.25 bits

7

6

3

2

1

0

Normal burst - 148 bits

3

3

1

1

3

2

1

0


7

6

5

4

22

3

2

1

0

(Type A) multiframe of 26 TDMA frames - 120 ms

- - -

(Type B) multiframe of 51 TDMA frames - 3060/13 ms

50

49

48

47

1

0

Superframe of 1326 TDMA frames - 6.12s

- - -

25

24

23


7

6

5

4

3

2

1

0

1325

1324

1323

1322

3

2

49

48

47

3

2

1

0

Superframe of 51 type A multiframes - 1326 TDMA frames - 6.12s

- - -

25

24

23

22

3

2

1

0

Superframe of 26 type B multiframes - 1326 TDMA frames - 6.12s

Used for Control channels

Used for TCH

2044

Hyperframe of 2048 superframes - 2,715,648 TDMA frames

- - -

50

7

6

5

4

TDMA frame - Idle

7

6

0

5

4

3

2

1

0

TDMA frame - 25

7

6

5

4

TDMA frame - 24

0

1

2

3

2

1

1

0

TDMA frame - 24

4

1

ALERT

ASSIGN CMD

ASSIGN COM

CALL CONFIRM

SETUP

CIPH MODE COM

AUTH REQ

AUTH RESP

CIPH MODE CMD

PAGING RESP

IMM ASSIGN

CHAN REQ

PAGING REQ

MSNetwork

Paging the MS

RR - Connection

Establishment

Service indication

Authentication

Cipher mode setting

Call initiation

Assignment of a

Traffic channel

Call confirmation

Call accepted


9

8

9

8

BSC

MSC / VLR 2

MSC / VLR 3

7

2 IMSI

+

2 MSRN

6 MSRN (IAM)

5 MSRN

1 MSISDN

GMSC

MSC/VLR

HLR

2 MSISDN

CONNECT ACK

CONNECT

ALERT

ASSIGN CMD

ASSIGN COM

CALL PROC

SETUP

CIPH MODE COM

AUTH REQ

AUTH RESP

CIPH MODE CMD

SERV REQ

IMM ASSIGN

CHAN REQ

MSNetwork

RR - Connection

Establishment

Service indication

Authentication

Cipher mode setting

Call initiation

Assignment of a

Traffic channel

Call confirmation

Call accepted

8

7

6

4

3

2

BSC

MSC


VLR

1a

1c

1b

5

4

3


BSC

MSC

2

1

VLR

4

3



BSC

HLR

MSC

2

1

VLR

7a

7b

6

5a

4a

4b

5b


BSC

HLR

MSC

3

1

2c

VLR

2a

2b

Radio interface

Um

Abis

A

MSC

BSC

.

.

.

.

.

.

LAPDm/Q.931

MS

BSS

LAPD/Q.931

BTS

BSSAP

BSC

ISUP/MAP

PSTN /

ISDN

PLMN

MSC

MAP/ISUP

MAP

HLR

VLR

MAP

EIR

MAP

MAP

MAP

HLR

Check IMEI

4

Access / barred

EIR

VLR

3


IMEI

2

1

MSC

6

Decryption of M' successful?

TDMA frame No.

Kc

A5

4

M'

5

Encrypted

TDMA frame No.

Kc

M

2

M

A5

MSC / VLR

IMEI request


MS

Cipher mode completed

1

3

MSC / VLR

M + Kc

Compares received SRES with that in the triplet

4

3

SRES

Calculates SRES & Kc

2

1

RAND


MSC/VLR

Kc (64 bits)

SRES (32 bits)

RAND

A3

Authentication

Algorithm

A8

Ciphering

Algorithm

RAND generator

Database

A3

A8

IMSI - KI

IMSI - KI

IMSI - Ki IMSI - Ki

Request for triplets

3 or 5 triplets

AUC

IMSI

HLR

8 KHz, 8 bits

64 Kbps, PCM

8 KHz, 13 bits

8 KHz, 8 bits

64 Kbps, PCM

8 KHz, 13 bits, linear

Transcoding

Speech blocking

Deciphering

Speech decoding

Speech coding

22.8 Kbps

13 Kbps

Viterbi decoding

33.8 Kbps

Channel coding

Interleaving

Deinterleaving

Ciphering

Transcoding

Burst formatting

Viterbi equalizer

Transmitter

Modulator

Receiver

Demodulator

Earphone

Antenna

D/A conversion

Speech decoding

Viterbi decoding

Deinterleaving

Deciphering

Viterbi equalizer

Receiver

Demodulator

Antenna

33.8 Kbps

22.8 Kbps

13 Kbps

8 KHz, 13 bits

Microphone

A/D conversion

Speech blocking

Speech coding

Channel coding

Interleaving

Ciphering

Burst formatting

Transmitter

Modulator

Downlink

Uplink

Probable transmitted bit sequence

Chose

? pattern so that the difference is minimized

Channel model

Difference

Correlator

Received burst

T

?

?

T'

Data

Data

2

1

Time

2

1

Carrier, C2

Carrier, C1

7

6

5

4

3

2

1

0

7

6

5

4

3

2

1

0

0

1

3

4

5

6

7

4

5

0

1

2

3

6

7

2

0

1

2

3

4

Arrival of timeslots from mobiles

TDMA

TDMA

f4



5

4

3

2

1

0

3

5

4

7

6

7

6

5

6

7

4

5

0

1

2

3

6

7

1

0

2

D - S4

C - S8

D - S3

C - S7

D - S2

C - S6

C - S5

D - S1

C - S4

B - S8

1

0

S

F

B

C

S

F

C

C

C

C

S

F

I

Timeslot 0, C0, downlink - from 51 TDMA frames

B

0

1

0

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7


D0

Each burst on the uplink is a RACH

Timeslot 0, C0, uplink - from 2 cycles of 51 TDMA frames

Timeslot 0, C0, uplink

0

1


7

6

5

4

3

2

1

0

0

1

2

3

4

5

6

7


Timeslot 0, C0, downlink - from 2 cycles of 51 TDMA frames

A7

A4

D0

D7

I

I

A3

A0

D7

D0

TDMA frame 101 in a 102 frame cycle

1

0


3

2

1

7

6

5

4

3

2

2

3

0

1

4

5

6

7


Timeslot 2, C0, - from 26 TDMA frames

T

T

I

A

T

TDMA

7

6

5

4

3

T

T

T

0

3

2

1

0

TDMA fra

2

1

0

TDMA frame - n+1

7

6

5

4

3

2

1

0

TDMA frame - n

D-S2/C-S6

D-S2/C-S6

7

6

5

4

3

2

1

0

7

6

5

4

3

2

1

0

TDMA

TDMA frame - n+1

TDMA frame - n

3

2

1

0

D-S1/C-S5

D-S1/C-S5

A-S4/Z-S8

A-S4/Z-S8

A-S3/Z-S7

A-S3Z-S7

A-S1/Z-S5

A-S2/Z-S6

A-S1/Z-S5

B-S1/A-S5

A-S2/Z-S6

3

2

4

5

6

7

3

2

1

0

TDMA frame - Idle

7

6

5

3

2

0

TDMA frame - 25

INFO+ Check bits

INFO

OASIS+ Wireless 1

Documents

Transcript of OASIS+ Wireless 1