Presentation on theme: "GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC"— Presentation transcript:
1GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC Access Network:Base Station SubsystemHLRVLREIRAuCMSCPSTNUm Abis ACore Network:GSM CS networkSS7The VLR is usually part of the MSC, and not a separate entity.
2GSM Network Architecture MS: Mobile StationBSS: Base Station SubsystemMSC: Mobile Switching CenterO&M: Operations and Maintenance CenterVLR, HLR, AuC, EiR …CGSNGSM networks can be divided into several broad parts:Mobile station (the handset), which is carried by the subscriber.Base station subsystem (BSS), which controls the radio link with the mobile station.Network subsystem, primarily based on the mobile services switching center (MSC), which performs the switching of calls between the mobile and other fixed or mobile network users, as well as management of mobile services, such as authentication.Operations and maintenance center, which oversees the proper operation and setup of the network.Prepared by E.Stambolliu, M.Koci & E.Kola
3Mobile Station (MS) Mobile Equipment (ME) SIM: Subscriber Identity ModuleWhile subscriber roams or is stationary, the MS transmits a radio signal to one of the many BTS using a radio-link protocol via the Um interfaceThe mobile station (MS) consists of the physical equipment, such as the radio transceiver, display and digital signal processors, and a smart card called the subscriber identity module (SIM). The SIM provides personal mobility, so that users can have access to all subscribed services irrespective of both the location of the terminal and the use of a specific terminal. By inserting the SIM card into another GSM cellular phone, users are able to receive calls at that phone, make calls from that phone, or receive other subscribed services.The mobile equipment is uniquely identified by the international mobile equipment identity (IMEI). The SIM card contains the international mobile subscriber identity (IMSI), identifying the subscriber, a secret key for authentication, and other user information. The IMEI and the IMSI are independent, thereby providing personal mobility. The SIM card may be protected against unauthorized use by a password or personal identity number.
4The Base Station System (BSS) All radio-related functions performed in BSSThe Base Station Controller (BSC)Is a high-capacity switchProvides all control functions and physical links between the MSC and the BTSA group of BSCs is served by an MSCThe Base Transceiver Station (BTS)Handles the radio interface to the mobile unitConsists of transceivers and cell antennasA group of BTSs is controlled by a BSC
5BSS (Base Station Subsystem) BSC handles (through the Abis interface):Radio-channel setupFrequency hoppingHandoversBSC also connects MS to MSC using A interfaceThe Base Station Subsystem is composed of two parts, the base transceiver station (BTS) and the base station controller (BSC). These communicate across the specified Abis interface, allowing (as in the rest of the system) operation between components made by different suppliers.The base transceiver station houses the radio transceivers that define a cell and handles the radio link protocols with the mobile station. In a large urban area, there will potentially be a large number of BTSs deployed. The requirements for a BTS are ruggedness, reliability, portability, and minimum cost.The BSC manages the radio resources for one or more BTS. It handles radio channel setup, frequency hopping, and handovers. The BSC is the connection between the mobile and the mobile service switching center (MSC).
6BSS (Base Station Subsystem) Sometimes a Transcoder Rate Unit (TRAU) is placed on BTS to perform transcoding between 64 Kbps A-law and 13 Kbps RPE/LTP(Regular Pulse Excited Long Term Prediction) speech channelsHLRVLREIRAuCBTSBSCSS7MSCPSTNThe BSC also translates the 13 Kbps voice channel used over the radio link to the standard 64 Kbps channel used by the PSTN (Public Switched Telephone Network) or ISDN.BTSUm Abis ATRAU
7Mobile Services Switching Center The MSC performs the telephony switching functions of the networkControls calls to and from other telephone and data systemsInterface between radio system and fixed networks (PSTN and ISDN)Connected to BSS through A interface; usually an E-1, either wireline or microwaveAlso performs functions such as:Toll ticketingNetwork interfacingCommon channel signaling
8MSC (Mobile Switching Center) (2) Each MSC covers several cells (BSSs)
9MSC (Mobile Switching Center) (3) Also performs signaling between MSC and other functional entities using SS7:RegistrationAuthenticationLocation updatingHandoversCall routing to a roaming subscriberThe central component of the network subsystem is the mobile switching center (MSC). It acts like a normal switching node of the PSTN or ISDN, and in addition provides all the functionality needed to handle a mobile subscriber, such as registration, authentication, location updating, handovers and call routing to roaming subscribers. These services are provided in conjunction with several functional entities, which together form the network subsystem.
10Other GSM Network Entities HLR: Home Location RegisterVLR: Visitor Location RegisterEIR: Equipment Identity RegisterAuC: Authentication CenterThe home location register (HLR) and visitor location register (VLR), together with the MSC, provide the call routing and (possibly international) roaming capabilities of GSM. The HLR contains all the administrative information of each subscriber registered in the corresponding GSM network, along with the current location of the mobile.The VLR contains selected administrative information from the HLR, necessary for call control and provision of the subscribed services, for each mobile currently located in the geographical area controlled by the VLR. The MSC contains no information about particular mobile stations - this information is stored in the location registers.The other two registers are used for authentication and security purposes. The equipment identity register (EIR) is a database that contains a list of all valid mobile equipment on the network, where each mobile station is identified by its international mobile equipment identity (IMEI). The authentication center is a protected database that stores a copy of the secret key stored in each subscriber's SIM card, which is used for authentication and ciphering of the radio channel.
11Home Location Register The HLR is the most important databaseStorage and management of subscriptionsPermanent data includesSubscriber’s service profileSubscriber’s location informationSubscriber’s activity statusSubscribing to a particular provider’s service registers you in the HLR of that provider
12HLR (Home Location Register) Central database for all subscribers:Identity of the subscriberServices accessible to the subscriberCurrent location of the subscriberGiven a Mobile Subscriber ISDN number (MS-ISDN), call is routed to IMSI number-VLREach subscriber appears only once in databaseHLR might be physically distributed in several sites (e.g., using first two digits to identify physical HLR)
27Visitor Location Register The VLR contains temporary data about visiting (roaming) subscribersIt’s always integrated with the MSCWhen a roamer enters the service area the VLR queries the appropriate HLRIf a roamer makes a call the VLR will already have the information it needs for call setupDatabase with information on MS within area served by MSC:MS Roaming numberTMSI if applicableLocation area in which was last registeredSupplementary servicesUsed by an MSC to retrieve information for various purposes:Handling of calls to or from a roaming mobile station currently located in its areaTypically part of MSC
28AuC (Authentication Center) Entity associated to HLR for authentication: allow International Mobile Subscriber Identity (IMSI) to be authenticatedAllows ciphering of communication over radio path between mobile station and network cipheredTransmits data needed for authentication and ciphering via HLR to VLR, MSC and SGSN which need to authenticate a mobile station (SIM validation)The Authentication Center (AuC) is associated with an HLR, and stores an identity key for each mobile subscriber registered with the associated HLR. This key is used to generate:Data used to authenticate the International Mobile Subscriber Identity (IMSI);A key used to cipher communication over the radio path between the mobile station and the network.The procedures used for authentication and ciphering are described more fully in GSM > TS XX.XXX.The AuC communicates only with its associated HLR over an interface denoted the H-interface (see clause 5 there).
29Ki is stored in SIM card and AUC Generate RANDAUC MSRAND+Ki=SRES using A3If the SRES in MS is equal with SRES in AUC the subs is authenticated.RAND+Ki=Kc using A8A3 This is an algorithm used to generate the Signed Response (SRES).A8 This is an algorithm used to generate the Ciphering Key (Kc).A3A8 This is an algorithm used to generate Signed Response (SRES) and Ciphering Key (Kc).A4 This is an algorithm used for encryption/decryption of Ki.
30EIR (Equipment Identity Register) Logical entity responsible for storing International Mobile Equipment Identities (IMEIs) in network used in GSM systemEquipment classified as "white listed", "grey listed” and "black listed”Ensures that MEs being used are valid and authorized to function on the Public Land Mobile Network (PLMN)This functional entity contains one or several databases which store(s) the IMEIs used in the GSM system.The mobile equipment may be classified as "white listed", "grey listed" and "black listed" and therefore may be stored in three separate lists.An IMEI may also be unknown to the EIR.An EIR shall as a minimum contain a "white list" (Equipment classified as "white listed").
31Operation and Support Center Operation and Maintenance Center (OMC)is connected with all the equipment in the switching center and to the BSCNetwork operation monitors and controls the systemProvides centralized cost-effective supportProvides a network overview at any momentSupports maintenance and operational activities for different organizations and groups
32Other Functional Elements Message Center (MXE) – handles voice, fax, and data messagingMobile Service Node (MSN) – handles mobile intelligent network (IN) servicesGateway Mobile Services Switching Center (GMSC) – an MSC with a gateway that interconnects two networksGSM Interworking Unit (GIWU) – hardware and software that enables both voice and data
33Call RoutingUnlike routing in the fixed network, where a terminal is semi-permanently wired to a central office, a GSM user can roam nationally and even internationally. The directory number dialed to reach a mobile subscriber is called the Mobile Subscriber ISDN (MSISDN), which is defined by the E.164 numbering plan. This number includes a country code and a National Destination Code which identifies the subscriber's operator. The first few digits of the remaining subscriber number may identify the subscriber's HLR within the home PLMN. An incoming mobile terminating call is directed to the Gateway MSC (GMSC) function. The GMSC is basically a switch which is able to interrogate the subscriber's HLR to obtain routing information, and thus contains a table linking MSISDNs to their corresponding HLR. A simplification is to have a GSMC handle one specific PLMN. It should be noted that the GMSC function is distinct from the MSC function, but is usually implemented in an MSC.The routing information that is returned to the GMSC is the Mobile Station Roaming Number (MSRN), which is also defined by the E.164 numbering plan. MSRNs are related to the geographical numbering plan, and not assigned to subscribers, nor are they visible to subscribers.The most general routing procedure begins with the GMSC querying the called subscriber's HLR for an MSRN. The HLR typically stores only the SS7 address of the subscriber's current VLR, and does not have the MSRN (see the location updating section). The HLR must therefore query the subscriber's current VLR, which will temporarily allocate an MSRN from its pool for the call. This MSRN is returned to the HLR and back to the GMSC, which can then route the call to the new MSC. At the new MSC, the IMSI corresponding to the MSRN is looked up, and the mobile is paged in its current location area.
36GSM Specifications Combination of FDMA and TDMA to send information Frequencies: 800, 900, 1800, 1900 MHz For example, GSM 900:Uplink = MHzDownlink = MHzEach 25 MHz bandwidth is divided into 124 carrier frequencies spaced 200 KHz with one or more frequencies allocated to each base stationTransmission rate: 270 kbps over the airSpeech coder: Linear Predictive Coding (LPC) at 13 kbps – filter reduces the bit rateAlso some 450 MHz, but very rareFDMA=Frequency Division Multiplexing AccessTDMA=Time Division Multiplexing Access
37GSM Specifications Frequency range: 1,850 to 1,990 MHz Duplex distance: 80 MHzChannel separation: 200 kHzModulation: Gaussian minimum shift keyingTransmission rate: 270 kbps over the airAccess method: Time Division Multiple AccessSpeech coder: Linear Predictive Coding (LPC) at 13 kbps – filter reduces the bit rate
39GSM Network Areas In order of increasing geographic size: Cell – the area covered by one BTS – a number of these make up a:Location Area (LA) – a group of cells – a group of LAs makes up an:MSC/VLR service area – area covered by one MSC – a number of these make up the:Public Land Mobile Network (PLMN) service area– one operator’s network
41CGI- Cell Global Identification MCC-MNC-LAC-CI where:MCC Mobile country codeMNC Mobile network codeLAC Location area codeCI Cell identity
42Base Station Identity Code Expressed as nccbcc where:ncc PLMN colour codebcc BS colour code
43Handover Four types of handovers: Channels (time slots) in same cell Between cells within same BSCBetween BSCs, within same MSCBetween MSCsThe first two types of handover, called internal handovers, involve only one Base Station Controller (BSC). To save signaling bandwidth, they are managed by the BSC without involving the Mobile services Switching Center (MSC), except to notify it at the completion of the handover. The last two types of handover, called external handovers, are handled by the MSCs involved. An important aspect of GSM is that the original MSC, the anchor MSC, remains responsible for most call-related functions, with the exception of subsequent inter-BSC handovers under the control of the new MSC, called the relay MSC. Handovers can be initiated by either the mobile or the MSC (as a means of traffic load balancing). During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, at least once per second, and is used by the handover algorithm.The algorithm for when a handover decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells.The 'minimum acceptable performance' algorithm gives precedence to power control over handover, so that when the signal degrades beyond a certain point, the power level of the mobile is increased. If further power increases do not improve the signal, then a handover is considered. This is the simpler and more common method, but it creates 'smeared' cell boundaries when a mobile transmitting at peak power goes some distance beyond its original cell boundaries into another cell.The 'power budget' method uses handover to try to maintain or improve a certain level of signal quality at the same or lower power level. It thus gives precedence to handover over power control. It avoids the 'smeared' cell boundary problem and reduces co-channel interference, but it is quite complicated.
47Addressing of managed objects MO MO class MO type Addressing LimitTG Transceiver Group RXOTG 0 <= tg <= 511CF Central Function RXOCF 0 <= tg <= 511TF Timing Function RXOTF 0 <= tg <= 511IS Interworking Switch RXOIS 0 <= tg <= 511DP Digital Path RXODP 0 <= dp <= 1TRXC Transceiver Controller RXOTRX 0 <= trxc <= 15RX Receiver RXORX 0 <= trxc <= 15TX Transmitter RXOTX 0 <= trxc <= 15TS Time Slot RXOTS 0 <= ts <= 7
48DXU - Distribution Switch Unit functions CFCentral Function, is the control part of a TG. It is a SW function, handling common control functions within a TG.The BSC communicates with the CF using layer 2 LAPD, and isaddressed by its TEI = 62.CONLAPD Concentrator, is used by the optional feature LAPD Concentration for RBS It is connected to DCP 64&&87.ISInterworking Switch, provides a system interface to the 2 Mbit/s link and cross connects individual time slots to certain transceivers.TFTiming Function, extracts synchronization information from the PCM link and generates a timing reference for the RBS.DPDigital Path, Layer 1 reception and transmission are not part of the BTS logical model. However, each of the PCM systems terminating in TG has an associated supervision object, the DP.
49TRU - Transceiver Unit functions TRXC The transceiver controller is controlling all the functions for Signal processing, Radio receiving and Radio Transmitting.Each TRX corresponds to one TRU unit.The BSC currently supports a maximum of 1020 TRXs.RX The receiver is an application object. It provides the radio frequency reception functionality for one transceiver.TX The transmitter is an application object. It provides the radio frequency transmission functionality on a time slot basis for eight TSs using different time slot numbers.
51GSM InterfacesUm Interface Mobile station and base station subsystem communicate across Um interface, also known as air interface or radio linkAbis interface Base transceiver station (BTS) and base station controller (BSC) communicate across Abis interfaceA interface Base station subsystem communicates with mobile service switching center across A interface
55SS#7 signaling meets these needs EfficiencyOut-of-band links at 64 KbpsShorter information transfer timeAbility to fall back to the originating end of the call (e.g., busy)Service enablingFree phone (0-800) servicesAutomatic call back & calling number deliveryAutomatic calling card servicesWireless services such as roamingNetwork reliabilityCarries extensive network management messagesNetwork architectureSecurity
56SS#7 definition Common channel signaling system number 7 (SS#7) Out-of-band signaling systemFacilitates exchange of call control information between network switching officesVoice and non-voice services
57SS#7 basics Voice and signaling are separated Control messages (packets) are routed through the network for call managementNetwork elements are connected via signaling linksEach element capable of SS#7 control messages, is called a signaling point (SP)All SPs in an SS7 network are identified by a unique code known as point code (PC)
59SS#7 signaling points (1) Service switching point (SSP)Capable of controlling voice circuits via a voice switchThe switch can originate, terminate, or tandem callsAn SSP sends signaling messages to other SSPs to set up, manage, and release voice circuits required to complete a callAn SSP can also send a query message to a centralized database (SCP) to determine how to route a call (e.g., toll free number)
60SS#7 signaling points (2) Signaling transfer point (STP)Routes each incoming message to an outgoing signaling link, based on routing information contained in the SS#7 message and a pre-defined route tableDoes not offer termination servicesSTPs are paired to ensure redundancy
61SS#7 signaling points (3) Service control point (SCP)Provides access to databasesAccepts a query for information from a subsystem at another nodeUsed by STP to perform a function called global title translationThe database may not reside in the same location as the SCP
62Common channel signaling (1) 2 separate signaling links using 2 time slotsSwitchSPSwitchSPE1 31 voice channels using 31 time slots
63Common channel signaling (2) 1 signaling link and 30 voice channelsSwitchSPSwitchSPE1 31 voice channels using 31 time slots
64Signaling network terms Voice trunksSignaling LinksSPSPSPSTPAssociate ModeQuasi-Associate ModeAssociate mode: signaling links follow the same path as the voice trunksQuasi-associate mode: signaling links follows a different route than the voice trunks
65Linksets Groups of links that connect two adjacent nodes Ensure traffic load sharingCombined linksets between STPs ensures load sharingConsist of up to 16 links in ANSI protocol and up to 8 in ITU protocolSignaling link code (SLC) is uniquely assigned to each link
66Routes Virtual path that a message takes to a destination node Comprised of one or more linksets
67MEATA SP=2-901 AMC1 SP=2-272 MEATR SP=2-903 AMC2 SP=2-256 First priority of signaling routeSecond priority of signaling routeMEATASP=2-901AMC1SP=2-272LS=2-272LS=2-901LS=2-903MEATRSP=2-903AMC2SP=2-256LS=2-256
69MTP Message transfer part: Reliably transfers messages over links or linksetsFor correct routing, the signaling point needs the signaling point code (SPC) of the node at the end of its linksReceives the SPC by destination point code (DPC) in the messages it routesNeeds information about other locationsin the network, to select the best link setfor routing the message to its destination
70MTP level 3 management services (1) MTP level 3 provides signaling link selection (SLS)Rotates in each sessionA mechanism to assign traffic to a link in the linksetResults in load sharing of the links in the linksetSLC rotation stops for duration of message transfer
71MTP level 3 management services (2) MTP restartBefore returning to the network, a node can send TRW (traffic restart wait) to an adjacent node, indicating not to send trafficWhen restarting, if the node is satisfied that enough links are available, it is sends a TRA (traffic restart allowed)Optional signaling link test message(SLTM) and signaling test acknowledge(SLTA)Exchanged when a link is in service; ensures agreement on signaling link code
72SCCP Signaling connection control part: Provides connectionless and connection-oriented network servicesProvides global title translation (GTT) capabilities above MTP level 3; translates numbers to DPCs and subsystem numbersProvides more detailed addressing information than MTPsUsed as transport layer for TCAP-based services
73TCAP Transaction capabilities applications part: Exchange of non-circuit related dataBetween applications across the SS#7 networkUsing the SCCP connectionless serviceQueries and responses sent between SSPs and SCPsSends and receives database informationCredit card validationRouting information
74TUP Telephone user part: Basic call setup and tear down Analog circuits onlyIn many countries, ISUP has replaced TUP for call management
75ISUPISDN user part:Necessary messaging for setup and tear down of all circuits (voice and digital)Messages follow the paths of voice circuitsMessages are sent from a switch, to the switch where the next circuit connection is requiredCall circuits are identified using circuit identification code (CIC)Must be compatible on both sidesFollowed by each ISUP message
76ISUP messages (1)Initial address message (IAM): contains all necessary information for a switch to establish a connectionAddress complete message (ACM): acknowledge to IAM; the required circuit is reserved and the “phone is ringing” (ringback tone)Answer message (ANM): occurs when the called party picks up the phone
77ISUP messages (2)Release (REL): sent by the switch sensing that the phone hung upRelease complete (RLC): each exchange that receives REL, sends an RLC message back (this acknowledges receipt of REL)
83GSM Subscriber Services There are two basic types of serviceTelephony (teleservices): mainly voice services (including terminal equipment) for communicating with other subscribers – includes fax, paging, voice mail, and alphanumeric servicesData (bearer services): capacity to transmit appropriate data signals between two access points creating an interface to the network
84Supplementary Services The following are the usual revenue generatorsCall forwardingBarring outgoing callsAdvice of Charge (AoC)Call hold (for telephony only)Call waitingMultiparty service (for telephony only)Calling line identification presentation/restrictionClosed user groups (CUGs)