Download Lecture 6 (Architecture, Functions and Protocols)

Document related concepts

Asynchronous Transfer Mode wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

RS-232 wikipedia , lookup

Airborne Networking wikipedia , lookup

Cellular network wikipedia , lookup

IEEE 1355 wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Transcript
Tanvir Ahmad Niazi
[email protected]
Air University, Islamabad
Objectives
• After completing this lesson you will be able
to:
– List the 3 sub-systems of a GSM system and their
interfaces;
– List the different equipment in each GSM sub-system;
– Indicate functions for each equipment;
– List the interfaces in each sub-system, indicate if it is
standard or not and identify the main protocol used on it.
2
Basic Elements of a Cellular System
3
Basic Elements of a Cellular System
• Today's wireless communications systems are based on a composite
wireless and wired system as shown in this slide where the wireless
segment of the communication system is shown as a cluster of seven
hexagonal cells.
• Each cell is essentially a radio communication center where a mobile
subscriber establishes a call with a land telephone through the switch
and the Public Switching Telephone Network (PSTN).
• This composite platform enables us to communicate with anyone at
any time, from anywhere within the service area.
• Switch and PSTN are essentially multiple points serving as system
intelligence.
4
Architecture of a GSM System
5
Architecture of a GSM System
•
•
•
A GSM system is basically designed as a combination of three major subsystems: the Network and Switching Sub-system (NSS), the radio sub-system
called the Base Station Sub-system (BSS), and the Operation Sub-System
(OSS).
The Network and Switching Sub-system includes the equipment and
functions related to end-to-end-calls, management of subscribers, mobility,
and interfaces with the fixed network (PSTN). In particular, the NSS consist of
Mobile Switching Centers (MSC), Visitor Location Registers (VLR), Home
Location Registers (HLR), Authentication Center (AUC), and Equipment Identity
Register (EIR).
The Base Station Sub-system includes the equipment and functions related to
the management of the connection on the radio path. It mainly consists of one
Base Station Controller (BSC), and several Base Transceiver Stations (BTSs),
linked by the Abis interface.
6
Architecture of a GSM System
• An optional equipment, the Transcoder / Rate Adapter Unit (TRAU) so
called TransCoder Unit (TCU) within Nortel BSS products, is designed to
reduce the amount of PCM links.
• The Operation Sub-System is connected to all equipment in the
switching system and to the BSC. OSS mainly contains Operation and
Maintenance Center for NSS (OMC-S) and Operation and Maintenance
Center devoted to the Radio subsystem (OMC-R). In order to ensure
that network operators will have several sources of cellular
infrastructure equipment, GSM decided to specify:
– The radio interface (or air interface or Um interface), between the BTS
and the MS,
– The A interface, between the NSS and the BSS.
7
BSS Architecture
8
BSS Architecture
•
•
•
•
The Base Station Sub-system (BSS) is a set of equipment (aerials, transceivers and a
controller) that is viewed by the Mobile Switching Center through a single A interface as
being the entity responsible for communicating with mobile telephones (MSs) in a
certain area.
The radio equipment of a BSS may be composed of one or more cells, such a BSS may
contain one or more Base Transceiver Stations (BTSs).
The interface between the BSC and the BTSs is called an Abis interface.
The BSS includes two types of equipment:
– The Base Transceiver Station (BTS functionally includes also the TRAU) in contact with the
Mobile Stations through the radio interface,
– The BSC, the latter being in contact with the Mobile Switching Center.
•
A BSS contains only one Base Station Controller (BSC).
9
BTS General Architecture and Functions
10
BTS General Architecture and Functions
• As stated, the primary responsibility of the BTS is to transmit and
receive radio signals from a mobile unit over the air interface Um.
• To perform this function completely, the signals are encoded,
encrypted, multiplexed, modulated, and then fed to the antenna
system at the cell site.
• In order to keep the mobile synchronized, BTS transmits frequency and
time synchronization signal over a devoted channel called a Frequency
Correction Channel
11
BTS General Architecture and Functions
• Functions performed by a BTS are:
– Encodes, encrypts, multiplexes, modulates and feeds the RF
signals to the antenna,
– Time and frequency synchronization signals transmitted from
BTS,
– Voice communication through a full rate or half rate (enable)
speech channel,
– The received signal from the MS is equalized, decoded, and
decrypted before demodulation,
– Timing advance computation,
– Uplink radio channel measurements,
– Mobile random access detection,
– Frequency Hopping management.
12
BSC General Architecture and Functions
13
BSC General Architecture and Functions
• BSC architecture mainly involves a processor unit, a
switching matrix, and trunk control units (PCM and X.25).
• Note that through the Processing Unit and the X.25
controller, the BSC downloads new software releases from
the O&M Center. In turn, all data of interest to the O&M is
buffered and forwarded to the O&M Center when being
asked or transmitted periodically.
• The Base Station Controller (BSC) is connected to the
Mobile Switching Center on one side and to the BTSs on the
other.
14
BSC General Architecture and Functions
• Functions performed by a BSC are:
– Performs the Radio Resource (RR, explained below)
management for the cells under its control. It assign and release
frequencies for all MSs in its own area,
– Performs the Intercell hand-over for MSs moving between BTSs
in its control,
– Reallocates frequencies to the BTSs in its area to meet locally
heavy demands during peak hours or on special events,
– Controls the power transmission of both BTSs and MSs in its
area,
– Provides the time and frequency synchronization reference
signals, broadcast for each BTS
15
TRAU Architecture and Functions
16
TRAU Architecture and Functions
• Depending on the relative cost of transmission plan, there is some
benefit in having the Transcoder/ Rate adapter Unit (TRAU) at the
Mobile Switching Center (MSC) location.
• Moreover, in that case, the TRAU is still considered functionally as a
part of the Base Station SubSystem (BSS).
• The TRAU is a device that takes 13 kbps speech (or data) multiplexes
and two of them, to convert into standard 64 kbps data:
– Within the BTS, the 13 kbps speech (or data) are brought up to level of
16 kbps by inserting additional synchronizing data to make up the
difference between a 13 kbps speech or lower data rate,
17
TRAU Architecture and Functions
– The TRAU converts the 13 kbps speech into 64 kbps T1 µ-law or
E1 A-law PCM time slots,
– Furthermore the TRAU routes the users' data stream to a
suitable device that inter-works with the recipient modem.
• It is worth noting that:
– Four traffic channels are multiplexed on a 64 kbps PCM circuit at
the Ater interface,
– One T1 trunk carries up to 92 traffic and control channels,
– One E1 trunk carries up to 120 traffic and control channels.
18
NSS Architecture
19
NSS Architecture
• The distributed architecture of the Network and Switching Sub-system
is organized with MSCs, servers and data bases, linked by interfaces
normalized (B to G).
• There are two types of MSC to provide switching services to a defined
part of the PLMN:
• MSC, used to establish traffic channels and to switch signaling
messages between PLMN entities and other GSM networks or fixed
networks,
• Gateway MSC (GMSC), is a specialized MSC managing the central data
base HLR, containing permanent and dynamic subscriber data.
20
NSS Architecture
•
All the information requested by the different functions is stored in four types
of data bases connected to (or included in) the MSCs:
– HLR or Home Location Register: permanent data specific to each subscriber,
including service profile, location and billing options,
– VLR or Visitor Location Register: in order to minimize access to the HLR, MSC uses
this data base, which contains working data for subscribers moving within its
coverage area (LAs),
– Network security and access control are provided by the Authentication Center
(AUC) and by the Equipment Identity Register (EIR):
• AUC: to ensure that only authorized users have access to the network,
• EIR: to maintain lists of stolen, faulty and valid equipment identities.
21
NSS Architecture
• NSS includes also specific equipment such as:
– Inter-Working Functions (IWF): to provide the different bearer
services offered by the network,
– Short Message Services-Service Center (SMS-SC): used to store
and forward point to point short messages,
– Billing Server.
• These equipment or software elements are running
applications more or less operator dependent.
22
Home Location Register
23
Home Location Register
• The Home Location Register (HLR) is a database that holds information
upon the subscribers. It performs the following functions:
– Handling of permanent subscribers data:
• Identification: IMSI, MSISDN.
• Subscription information: related services options (Teleservices, Bearer
Services and Supplementary Services).
• Service limitations (e.g. roaming limitation).
– Handling of temporary subscribers data:
• Current VLR address where the subscriber roams.
• Provide VLR with 5 ciphering items.
24
Authentication Center (AUC)
25
Authentication Center (AUC)
•
•
The Authentication Center (AUC) is a database that contains the secret
authentication key Ki of each subscriber and generates security related
parameters to protect the network operator and subscribers against fraud.
The same Ki is to be found in the subscribers SIM card and is used to generate
these ciphering items named triplets:
– A RANDom number RAND,
– A Signature RESponse SRES, using A3 algorithm,
– A ciphering Key Kc, using A8 algorithm and computed each time authentication is
performed.
•
•
•
Software keys Kc and SRES are never passed over the air interface.
The two algorithms A3 and A8 are operator dependent.
For security reason AUC has often an internal interface with the HLR. However
this is a choice of implementation, it is up to HLR to start security algorithms
located in AUC.
26
Visitor Location Register
27
Visitor Location Register
• When a mobile station enters the LA borders, it signals its arrival to the
MSC that stores its identity in the Visitor Location Register (VLR).
• The information necessary to manage the MS is contained in the HLR
and is transferred to the VLR so that it can be easily retrieved if so
required.
• The Location Registration procedure allows the subscriber data to
follow the movements of the MS. For such reason the data contained
in the VLR and in the HLR are more or less the same. Nevertheless, the
data are present in the VLR only as long as the MS is registered in the
area related to that VLR.
28
Visitor Location Register
• The VLR supports a mobile paging, and tracking
subsystem in the local area where the mobile is presently
roaming.
• The detailed functions of VLR are as follows:
– Works with the HLR and AUC on authentication.
– Relays cipher key from HLR to BSS for encryption and
decryption.
– Controls allocation of the new TMSI numbers that can be
periodically changed to secure a subscriber's identity.
– Supports paging (incoming calls).
– Tracks the state of all mobile in its area.
29
Equipment Identity Register
30
Equipment Identity Register
• The Equipment Identity Register (EIR) is a database that performs a
screening function within the network. It keeps track of all valid and
invalid Mobile Equipment by storing their
• International Mobile Equipment Identities (IMEI). Data for the
Equipment Identity Register are provided by:
– Manufacturers of Mobile Equipment which provide complete lists of
IMEI for the Mobile Stations that they produce.
– Other network operators which provide lists of malfunctioning Mobile
Equipment.
– Police organizations which provide lists of stolen Mobile Equipment.
31
Equipment Identity Register
•
The Equipment Identity Register actually maintains three lists of International
Mobile Equipment Identities:
– The black list contains a list of all Mobile Equipment (ME) that are barred from
using the network (e.g.: stolen).
– The white list contains a list of all the serial numbers of International Mobile
Equipment Identities that have been allocated in the Global System for Mobile
Communications countries.
– The gray list contains a list of faulty Mobile Equipment. This equipment will be
logged but not barred.
•
The GSM Recommendations state that the service providers should decide
how often they wish to check the validity of the Mobile Equipment with the
EIR.
32
InterWorking Function
33
InterWorking Function
• Because of GSM providing a wide range of data services to its
subscribers, GSM interfaces with the various public and private data
networks currently available. It is the aim of the
• Inter-Working Function (IWF) to provide this interfacing capability.
Networks to which IWF presently provides interface as follows:
– PSTN,
– ISDN,
– Circuit-switched public data networks (CSPDN),
– Packet-switched public data networks (PSPDN).
• It provides the subscriber with access to data rate and protocol
conversion facilities so that data can be transmitted between GSM
Data Terminal Equipment (DTE) and a land line DTE (the recipient).
34
InterWorking Function
• Furthermore it allocates a suitable modem from its modem bank when
required. This is the case when a GSM DTE, a Fax machine, exchange
data with a land Fax machine which works over analog modem (V32).
• The IWF also provides direct connect interfaces for customer-provided
equipment such as X.25 PADs.
• Different protocol conversion may be required for signaling and traffic
messages. This includes data rate adaptation and the addition of
signaling bits reformatting.
• The IWF is a part of the Mobile Switching Center.
35
Protocol Model
36
Protocol Model
•
•
•
•
•
Connection Management (CM) and Mobility Management (MM) messages are
transparent to the BSS, they are delivered at end-to-end users (MS and NSS)
by the relaying of underlaying protocols (LAPDm, LAPD, SS7).
To establish a connection with the MS, CM must require MM, which in turn
requires RR to open the radio connection.
The RR procedures handles set-up, re-establishment, handover, TCH mode
modify and release of calls.
The MM procedures provides registration, location and authentication of MS.
The CM procedures provides:
– Supplementary Services (SS).
– Call Control (CC).
– Short Message Service (SMS).
37
Radio Interface
38
Radio Interface
• This Interface located between MS and BTS (also called
the Radio interface) has these features:
– Totally normalized.
– Full inter-operability between Mobile
infrastructure from different manufacturers.
Stations
and
• Organized in 3 levels:
– Level 1 physical support:
• Time Division Multiple Access (TDMA) frame and FDMA.
• Logical channel multiplexing.
39
Radio Interface
• Level 2 LAPDm Protocol (modified from LAPD):
– No flag.
– No error retransmission mechanism due to real time constraints
(window = 1).
• Level 3 Radio interface layer (RIL3) Protocol involves three sub-layers:
– Radio Resource Management (RR): paging, power control, ciphering
execution, handover.
– Mobility Management (MM): security, location, IMSI attach/detach.
– Connection Management (CM): Call Control (CC), Supplementary
Services (SS), Short Message Services (SMS), Dual Tone Multi Frequency
(DTMF) facilities.
40
Abis Interface
41
Abis Interface
•
Message exchanges between the BTS and the BSC:
– Traffic exchanges.
– Signaling exchanges for call set up and BTS operation and maintenance.
•
•
Physical access between BTS and BSC: PCM digital links at 2.048 Mbit/s (E1) or
1.544 Mbit/s (T1), carrying 32 or 24 timeslots at 64 kbit/s.
Speech:
– Conveyed in timeslots at 4 x 16 kbit/s (remote transcoders).
•
Data:
– Conveyed in timeslots at 4 x 16 kbit/s.
– The initial user rate, which may be 300, 1200, 1200/75, 2400, 4800 9600 or 14400
bit/s is adjusted to 16 kbit/s.
42
Abis Interface
43
Abis Interface
•
This interface located between BTS and BSC has these features:
– Partly normalized.
– No inter-operability (currently) proprietary.
•
Organized in 3 levels:
– Level 1 PCM transmission (E1 or T1):
• Speech coded at 16 kbit/s and sub-multiplexed in 64 kbit/s time slots.
• Data which rate is adapted and synchronized.
– Level 2 LAPD protocol: Standard HDLC procedure:
• RSL = Radio Signaling Link.
• OML = Operation and Maintenance Link.
– Level 3 application protocols:
• RSM = Radio Subsystem Management.
• O&M = Operation and Maintenance procedure.
44
LAPD and LAPDm Frames
45
LAPD and LAPDm Frames
•
•
For each BSC and related BTS terminal port (TEI), three types of links may be activated
depending on the SAPI parameter value:
The Radio Signaling Link:
– Radio resource management procedures SAPI = 0.
– Short messages, point to point SAPI = 3.
•
•
The Operation and Maintenance Link: O&M procedures SAPI = 62.
LAPD messages:
– downlink:
• OML: software download, channel configuration,
• RSL: paging, HO command,
– uplink: OML notification (event report), and RSL channel requirement.
•
LAPDm frames are derived from LAPD frames:
–
–
–
–
no flags for synchronization,
without TEI and FCS,
with shorter address,
with shorter control field.
46
Ater Interface
47
Ater Interface
• Purpose
Handling messages between BSC and TCU (TransCoder Unit).
• Characteristics
Physical access at 1.544 Mbit/s or 2.048 Mbit/s (24 or 32 time
slots at 64 kbit/s) carrying:
– Reserved signaling channels according to CCITT No. 7 (CCS7).
– Speech and data channels (16 kbit/s).
– BSC - TCU signaling link (LAPD).
– O&M data to OMC-R (X.25) via MSC (through the Network only). Ater
interface links carry up to:
– 120 communications (E1).
– 92 communications (T1).
48
Ater Interface
49
Ater Interface
• Signaling messages are carried on specific timeslots (TS):
– LAPD signaling TS between the BSC and the TCU.
– SS7 TS between the BSC and the MSC.
– X.25 TS 2 reserved for specific configurations.
• TS 1 carries LAPD protocol and is reserved for management messages
between the BSC and the TCU. It is used by the BSC for:
– TCU monitoring (mixer, PCM interface, transcoder and control units,
LAPD signaling terminal, etc.).
– TCU configuration (BSC-TCU signaling link, A-interface PCM,
semaphore channels, Ainterface circuits, synchronization and
transcoding functions).
– TCU initialization.
50
Ater Interface
– TCU software downloading.
– A and Ater interfaces management.
– Synchronization management.
– Transcoding management.
• SS7 TS is intended for BSC-MSC link and is dedicated for BSSAP
messages transportation. TS 2 is reserved if the O&M data are
transmitted to the OMC-R via a PCM link’s TS, managed by the Ainterface.
• Signaling messages on the LAPD TS 1 are processed only by the TCU.
SS7 TS and TS 2, if they are reserved, are switched by the TCU but
remain transparent to it.
51
A Interface
52
A Interface
Message exchanges between the MSC and the BSS (TCU):
– Users traffic transport (speech + data).
– Signaling transport.
Physical access BSS MSC: PCM digital links.
User’s traffic transport
Each time slot corresponds to a traffic channel on the radio interface.
The 64 kbit/s speech rate adjustment (A-law or µ-law) and the 64 kbit/s data
rate adaptation are performed at the TCU.
Signaling transport
CCITT signaling system 7 (SS7).
• Two parts:
– The Message Transfer Part (MTP).
– The Signaling Connection Control Part (SCCP).
53
A Interface
54
A Interface
•
This Interface located between TRAU and MSC has these features:
– Totally normalized to allow multivendor equipment.
– Full interoperability in most cases and after testing.
•
•
Based on CCS7 protocol (either ETSI or ANSI).
The MTP layers (2 to 3) provide the basic transport system for all CCS7
signaling messages and are responsible for signaling network management
and signaling message handling:
– Level 1: defines the physical characteristics for a 64 kbit/s signaling data link.
– Level 2: ensures secure signaling link by providing error detection and correction,
signaling link alignment and error monitoring.
– Level 3: ensures that signaling messages are routed through the network in correct
sequence and without loss or duplication even in case of link failure.
55
A Interface
•
•
•
•
•
So, MTP finds the destination signaling point and SCCP will deliver the
message.
The SCCP addressing allows routing to the application within the same
network (through the address) or to an external network (through Global
translations) using class 0 for connection mode and class 2 for connection
oriented mode.
A distribution function is added on top of the SCCP to discriminate the
BSSMAP from DTAP.
The BSSAP is a GSM CCS7 protocol and handles signaling involving MS, the BSS
and the MSC.
The BSSAP is divided into two parts:
– • The BSSMAP which consists of messages to be processed either by MSC or BSC
(RR).
– • The DTAP which consists of messages to be transmitted transparently regarding
the BSS (MM, CM).
56
PSTN/ISDN/PSDN Interface
57
PSTN/ISDN/PSDN Interface
• Interface between MSC and:
– Public Switched Telephone Network (PSTN).
– Integrated Service Data Network (ISDN).
– Packet Switched public Data Network (PSDN).
• Normalization:
– Country dependent.
– Inter-operability after local adaptations.
• The User part is built on services of the MTP to provide connectionless
signaling for setting
• up, monitoring and clearing down the voice or data trunks of GSM
CCS7 calls at the PSTN
• interface taking into consideration that it is connection-oriented at the
A interface due to SCCP functions.
58
PSTN/ISDN/PSDN Interface
• The User part transports signaling messages associated with the
connection between two users in a network.
• It supplies the trunk signaling capabilities which enable network-wide
feature transparency for some network services.
• There are three main families of user part protocol depending on the
application:
– The Telephone User Part (TUP) interface with PSTN network.
– The ISDN User Part (ISUP), interface with ISDN network.
– The Data User Part (DUP), interface with PAD on PSDN network.
59
General Packet Radio Service
60
General Packet Radio Service
• General Packet Radio Service (GPRS) is a packet radio access
technique based on GSM radio to transfer data in an efficient
manner optimizing the use of network resources. It provides
packet radio access to external Packet Data Networks, for
instance to the Internet.
• It offers direct IP connectivity, in a Point-To-Point (PTP) or
Point-To-Multipoint (PTM) data transmission mode.
• GPRS is an add-on to existing GSM networks, i.e., it makes use
of the existing GSM radio infrastructure.
61
General Packet Radio Service
• With Nortel’s GPRS core nodes, Serving GPRS Support
Node (SGSN) and Gateway GPRS Support Node (GGSN),
the upfront investment for operators for initial
deployment of GPRS services is limited.
• Nortel is currently developing the building blocks of
GPRS, including:
– Packet Control Unit Support Node (PCUSN),
– Serving Gprs Support Node (SGSN),
– Gateway Gprs Support Node (GGSN).
62
Check Your Learning
•
•
•
•
•
•
•
•
•
•
•
•
•
What are the three components of a GSM system?
What does a BSS consist of?
What are the external interfaces and the internal interfaces of a BSS?
What are the main functions of a BTS?
Which technique does help saving links between BTS and BSC?
What are the main functions of the BSC?
What does the NSS contain?
What are the main function of a MSC?
What is the role of the HLR?
What is the role of the VLR?
What are the three entities of layer 3 involved in the radio interface?
What is the layer 2 protocol involved in the Abis interface?
What is the Mobile Application Part?
63