Presentation is loading. Please wait.

Presentation is loading. Please wait.

GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC

Similar presentations

Presentation on theme: "GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC"— Presentation transcript:

1 GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC
Access Network: Base Station Subsystem HLR VLR EIR AuC MSC PSTN Um Abis A Core Network: GSM CS network SS7 The VLR is usually part of the MSC, and not a separate entity.

2 GSM Network Architecture
MS: Mobile Station BSS: Base Station Subsystem MSC: Mobile Switching Center O&M: Operations and Maintenance Center VLR, HLR, AuC, EiR … CGSN GSM networks can be divided into several broad parts: Mobile station (the handset), which is carried by the subscriber. Base station subsystem (BSS), which controls the radio link with the mobile station. Network subsystem, primarily based on the mobile services switching center (MSC), which performs the switching of calls between the mobile and other fixed or mobile network users, as well as management of mobile services, such as authentication. Operations and maintenance center, which oversees the proper operation and setup of the network. Prepared by E.Stambolliu, M.Koci & E.Kola

3 Mobile Station (MS) Mobile Equipment (ME)
SIM: Subscriber Identity Module While subscriber roams or is stationary, the MS transmits a radio signal to one of the many BTS using a radio-link protocol via the Um interface The mobile station (MS) consists of the physical equipment, such as the radio transceiver, display and digital signal processors, and a smart card called the subscriber identity module (SIM). The SIM provides personal mobility, so that users can have access to all subscribed services irrespective of both the location of the terminal and the use of a specific terminal. By inserting the SIM card into another GSM cellular phone, users are able to receive calls at that phone, make calls from that phone, or receive other subscribed services. The mobile equipment is uniquely identified by the international mobile equipment identity (IMEI). The SIM card contains the international mobile subscriber identity (IMSI), identifying the subscriber, a secret key for authentication, and other user information. The IMEI and the IMSI are independent, thereby providing personal mobility. The SIM card may be protected against unauthorized use by a password or personal identity number.

4 The Base Station System (BSS)
All radio-related functions performed in BSS The Base Station Controller (BSC) Is a high-capacity switch Provides all control functions and physical links between the MSC and the BTS A group of BSCs is served by an MSC The Base Transceiver Station (BTS) Handles the radio interface to the mobile unit Consists of transceivers and cell antennas A group of BTSs is controlled by a BSC

5 BSS (Base Station Subsystem)
BSC handles (through the Abis interface): Radio-channel setup Frequency hopping Handovers BSC also connects MS to MSC using A interface The Base Station Subsystem is composed of two parts, the base transceiver station (BTS) and the base station controller (BSC). These communicate across the specified Abis interface, allowing (as in the rest of the system) operation between components made by different suppliers. The base transceiver station houses the radio transceivers that define a cell and handles the radio link protocols with the mobile station. In a large urban area, there will potentially be a large number of BTSs deployed. The requirements for a BTS are ruggedness, reliability, portability, and minimum cost. The BSC manages the radio resources for one or more BTS. It handles radio channel setup, frequency hopping, and handovers. The BSC is the connection between the mobile and the mobile service switching center (MSC).

6 BSS (Base Station Subsystem)
Sometimes a Transcoder Rate Unit (TRAU) is placed on BTS to perform transcoding between 64 Kbps A-law and 13 Kbps RPE/LTP(Regular Pulse Excited Long Term Prediction) speech channels HLR VLR EIR AuC BTS BSC SS7 MSC PSTN The BSC also translates the 13 Kbps voice channel used over the radio link to the standard 64 Kbps channel used by the PSTN (Public Switched Telephone Network) or ISDN. BTS Um Abis A TRAU

7 Mobile Services Switching Center
The MSC performs the telephony switching functions of the network Controls calls to and from other telephone and data systems Interface between radio system and fixed networks (PSTN and ISDN) Connected to BSS through A interface; usually an E-1, either wireline or microwave Also performs functions such as: Toll ticketing Network interfacing Common channel signaling

8 MSC (Mobile Switching Center) (2)
Each MSC covers several cells (BSSs)

9 MSC (Mobile Switching Center) (3)
Also performs signaling between MSC and other functional entities using SS7: Registration Authentication Location updating Handovers Call routing to a roaming subscriber The central component of the network subsystem is the mobile switching center (MSC). It acts like a normal switching node of the PSTN or ISDN, and in addition provides all the functionality needed to handle a mobile subscriber, such as registration, authentication, location updating, handovers and call routing to roaming subscribers. These services are provided in conjunction with several functional entities, which together form the network subsystem.

10 Other GSM Network Entities
HLR: Home Location Register VLR: Visitor Location Register EIR: Equipment Identity Register AuC: Authentication Center The home location register (HLR) and visitor location register (VLR), together with the MSC, provide the call routing and (possibly international) roaming capabilities of GSM. The HLR contains all the administrative information of each subscriber registered in the corresponding GSM network, along with the current location of the mobile. The VLR contains selected administrative information from the HLR, necessary for call control and provision of the subscribed services, for each mobile currently located in the geographical area controlled by the VLR. The MSC contains no information about particular mobile stations - this information is stored in the location registers. The other two registers are used for authentication and security purposes. The equipment identity register (EIR) is a database that contains a list of all valid mobile equipment on the network, where each mobile station is identified by its international mobile equipment identity (IMEI). The authentication center is a protected database that stores a copy of the secret key stored in each subscriber's SIM card, which is used for authentication and ciphering of the radio channel.

11 Home Location Register
The HLR is the most important database Storage and management of subscriptions Permanent data includes Subscriber’s service profile Subscriber’s location information Subscriber’s activity status Subscribing to a particular provider’s service registers you in the HLR of that provider

12 HLR (Home Location Register)
Central database for all subscribers: Identity of the subscriber Services accessible to the subscriber Current location of the subscriber Given a Mobile Subscriber ISDN number (MS-ISDN), call is routed to IMSI number-VLR Each subscriber appears only once in database HLR might be physically distributed in several sites (e.g., using first two digits to identify physical HLR)

13 HLR types

14 HLR connections


16 GPRS Services according to the bandwidth and Burstiness

17 GPRS(1)

18 GPRS(2)

19 GPRS(3)

20 GPRS(4)

21 GPRS(5)





26 GPRS Protocol with BSS

27 Visitor Location Register
The VLR contains temporary data about visiting (roaming) subscribers It’s always integrated with the MSC When a roamer enters the service area the VLR queries the appropriate HLR If a roamer makes a call the VLR will already have the information it needs for call setupDatabase with information on MS within area served by MSC: MS Roaming number TMSI if applicable Location area in which was last registered Supplementary services Used by an MSC to retrieve information for various purposes: Handling of calls to or from a roaming mobile station currently located in its area Typically part of MSC

28 AuC (Authentication Center)
Entity associated to HLR for authentication: allow International Mobile Subscriber Identity (IMSI) to be authenticated Allows ciphering of communication over radio path between mobile station and network ciphered Transmits data needed for authentication and ciphering via HLR to VLR, MSC and SGSN which need to authenticate a mobile station (SIM validation) The Authentication Center (AuC) is associated with an HLR, and stores an identity key for each mobile subscriber registered with the associated HLR. This key is used to generate: Data used to authenticate the International Mobile Subscriber Identity (IMSI); A key used to cipher communication over the radio path between the mobile station and the network. The procedures used for authentication and ciphering are described more fully in GSM  > TS XX.XXX. The AuC communicates only with its associated HLR over an interface denoted the H-interface (see clause 5 there).

29 Ki is stored in SIM card and AUC
Generate RAND AUC MS RAND+Ki=SRES using A3 If the SRES in MS is equal with SRES in AUC the subs is authenticated. RAND+Ki=Kc using A8 A3 This is an algorithm used to generate the Signed Response (SRES). A8 This is an algorithm used to generate the Ciphering Key (Kc). A3A8 This is an algorithm used to generate Signed Response (SRES) and Ciphering Key (Kc). A4 This is an algorithm used for encryption/decryption of Ki.

30 EIR (Equipment Identity Register)
Logical entity responsible for storing International Mobile Equipment Identities (IMEIs) in network used in GSM system Equipment classified as "white listed", "grey listed” and "black listed” Ensures that MEs being used are valid and authorized to function on the Public Land Mobile Network (PLMN) This functional entity contains one or several databases which store(s) the IMEIs used in the GSM system. The mobile equipment may be classified as "white listed", "grey listed" and "black listed" and therefore may be stored in three separate lists. An IMEI may also be unknown to the EIR. An EIR shall as a minimum contain a "white list" (Equipment classified as "white listed").

31 Operation and Support Center
Operation and Maintenance Center (OMC) is connected with all the equipment in the switching center and to the BSC Network operation monitors and controls the system Provides centralized cost-effective support Provides a network overview at any moment Supports maintenance and operational activities for different organizations and groups

32 Other Functional Elements
Message Center (MXE) – handles voice, fax, and data messaging Mobile Service Node (MSN) – handles mobile intelligent network (IN) services Gateway Mobile Services Switching Center (GMSC) – an MSC with a gateway that interconnects two networks GSM Interworking Unit (GIWU) – hardware and software that enables both voice and data

33 Call Routing Unlike routing in the fixed network, where a terminal is semi-permanently wired to a central office, a GSM user can roam nationally and even internationally. The directory number dialed to reach a mobile subscriber is called the Mobile Subscriber ISDN (MSISDN), which is defined by the E.164 numbering plan. This number includes a country code and a National Destination Code which identifies the subscriber's operator. The first few digits of the remaining subscriber number may identify the subscriber's HLR within the home PLMN. An incoming mobile terminating call is directed to the Gateway MSC (GMSC) function. The GMSC is basically a switch which is able to interrogate the subscriber's HLR to obtain routing information, and thus contains a table linking MSISDNs to their corresponding HLR. A simplification is to have a GSMC handle one specific PLMN. It should be noted that the GMSC function is distinct from the MSC function, but is usually implemented in an MSC. The routing information that is returned to the GMSC is the Mobile Station Roaming Number (MSRN), which is also defined by the E.164 numbering plan. MSRNs are related to the geographical numbering plan, and not assigned to subscribers, nor are they visible to subscribers. The most general routing procedure begins with the GMSC querying the called subscriber's HLR for an MSRN. The HLR typically stores only the SS7 address of the subscriber's current VLR, and does not have the MSRN (see the location updating section). The HLR must therefore query the subscriber's current VLR, which will temporarily allocate an MSRN from its pool for the call. This MSRN is returned to the HLR and back to the GMSC, which can then route the call to the new MSC. At the new MSC, the IMSI corresponding to the MSRN is looked up, and the mobile is paged in its current location area.

34 Normal location update


36 GSM Specifications Combination of FDMA and TDMA to send information
Frequencies: 800, 900, 1800, 1900 MHz For example, GSM 900: Uplink = MHz Downlink = MHz Each 25 MHz bandwidth is divided into 124 carrier frequencies spaced 200 KHz with one or more frequencies allocated to each base station Transmission rate: 270 kbps over the air Speech coder: Linear Predictive Coding (LPC) at 13 kbps – filter reduces the bit rate Also some 450 MHz, but very rare FDMA=Frequency Division Multiplexing Access TDMA=Time Division Multiplexing Access

37 GSM Specifications Frequency range: 1,850 to 1,990 MHz
Duplex distance: 80 MHz Channel separation: 200 kHz Modulation: Gaussian minimum shift keying Transmission rate: 270 kbps over the air Access method: Time Division Multiple Access Speech coder: Linear Predictive Coding (LPC) at 13 kbps – filter reduces the bit rate

38 GSM Band Information

39 GSM Network Areas In order of increasing geographic size:
Cell – the area covered by one BTS – a number of these make up a: Location Area (LA) – a group of cells – a group of LAs makes up an: MSC/VLR service area – area covered by one MSC – a number of these make up the: Public Land Mobile Network (PLMN) service area– one operator’s network


41 CGI- Cell Global Identification
MCC-MNC-LAC-CI where: MCC Mobile country code MNC Mobile network code LAC Location area code CI Cell identity

42 Base Station Identity Code
Expressed as nccbcc where: ncc PLMN colour code bcc BS colour code

43 Handover Four types of handovers: Channels (time slots) in same cell
Between cells within same BSC Between BSCs, within same MSC Between MSCs The first two types of handover, called internal handovers, involve only one Base Station Controller (BSC). To save signaling bandwidth, they are managed by the BSC without involving the Mobile services Switching Center (MSC), except to notify it at the completion of the handover. The last two types of handover, called external handovers, are handled by the MSCs involved. An important aspect of GSM is that the original MSC, the anchor MSC, remains responsible for most call-related functions, with the exception of subsequent inter-BSC handovers under the control of the new MSC, called the relay MSC. Handovers can be initiated by either the mobile or the MSC (as a means of traffic load balancing). During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, at least once per second, and is used by the handover algorithm. The algorithm for when a handover decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells. The 'minimum acceptable performance' algorithm gives precedence to power control over handover, so that when the signal degrades beyond a certain point, the power level of the mobile is increased. If further power increases do not improve the signal, then a handover is considered. This is the simpler and more common method, but it creates 'smeared' cell boundaries when a mobile transmitting at peak power goes some distance beyond its original cell boundaries into another cell. The 'power budget' method uses handover to try to maintain or improve a certain level of signal quality at the same or lower power level. It thus gives precedence to handover over power control. It avoids the 'smeared' cell boundary problem and reduces co-channel interference, but it is quite complicated.




47 Addressing of managed objects
MO MO class MO type Addressing Limit TG Transceiver Group RXOTG 0 <= tg <= 511 CF Central Function RXOCF 0 <= tg <= 511 TF Timing Function RXOTF 0 <= tg <= 511 IS Interworking Switch RXOIS 0 <= tg <= 511 DP Digital Path RXODP 0 <= dp <= 1 TRXC Transceiver Controller RXOTRX 0 <= trxc <= 15 RX Receiver RXORX 0 <= trxc <= 15 TX Transmitter RXOTX 0 <= trxc <= 15 TS Time Slot RXOTS 0 <= ts <= 7

48 DXU - Distribution Switch Unit functions
CF Central Function, is the control part of a TG. It is a SW function, handling common control functions within a TG. The BSC communicates with the CF using layer 2 LAPD, and is addressed by its TEI = 62. CON LAPD Concentrator, is used by the optional feature LAPD Concentration for RBS It is connected to DCP 64&&87. IS Interworking Switch, provides a system interface to the 2 Mbit/s link and cross connects individual time slots to certain transceivers. TF Timing Function, extracts synchronization information from the PCM link and generates a timing reference for the RBS. DP Digital Path, Layer 1 reception and transmission are not part of the BTS logical model. However, each of the PCM systems terminating in TG has an associated supervision object, the DP.

49 TRU - Transceiver Unit functions
TRXC The transceiver controller is controlling all the functions for Signal processing, Radio receiving and Radio Transmitting. Each TRX corresponds to one TRU unit. The BSC currently supports a maximum of 1020 TRXs. RX The receiver is an application object. It provides the radio frequency reception functionality for one transceiver. TX The transmitter is an application object. It provides the radio frequency transmission functionality on a time slot basis for eight TSs using different time slot numbers.

50 Managed Object Hierarchy

51 GSM Interfaces Um Interface Mobile station and base station subsystem communicate across Um interface, also known as air interface or radio link Abis interface Base transceiver station (BTS) and base station controller (BSC) communicate across Abis interface A interface Base station subsystem communicates with mobile service switching center across A interface



54 Signaling System #7

55 SS#7 signaling meets these needs
Efficiency Out-of-band links at 64 Kbps Shorter information transfer time Ability to fall back to the originating end of the call (e.g., busy) Service enabling Free phone (0-800) services Automatic call back & calling number delivery Automatic calling card services Wireless services such as roaming Network reliability Carries extensive network management messages Network architecture Security

56 SS#7 definition Common channel signaling system number 7 (SS#7)
Out-of-band signaling system Facilitates exchange of call control information between network switching offices Voice and non-voice services

57 SS#7 basics Voice and signaling are separated
Control messages (packets) are routed through the network for call management Network elements are connected via signaling links Each element capable of SS#7 control messages, is called a signaling point (SP) All SPs in an SS7 network are identified by a unique code known as point code (PC)

58 SS#7 networks

59 SS#7 signaling points (1)
Service switching point (SSP) Capable of controlling voice circuits via a voice switch The switch can originate, terminate, or tandem calls An SSP sends signaling messages to other SSPs to set up, manage, and release voice circuits required to complete a call An SSP can also send a query message to a centralized database (SCP) to determine how to route a call (e.g., toll free number)

60 SS#7 signaling points (2)
Signaling transfer point (STP) Routes each incoming message to an outgoing signaling link, based on routing information contained in the SS#7 message and a pre-defined route table Does not offer termination services STPs are paired to ensure redundancy

61 SS#7 signaling points (3)
Service control point (SCP) Provides access to databases Accepts a query for information from a subsystem at another node Used by STP to perform a function called global title translation The database may not reside in the same location as the SCP

62 Common channel signaling (1)
2 separate signaling links using 2 time slots Switch SP Switch SP E1 31 voice channels using 31 time slots

63 Common channel signaling (2)
1 signaling link and 30 voice channels Switch SP Switch SP E1 31 voice channels using 31 time slots

64 Signaling network terms
Voice trunks Signaling Links SP SP SP STP Associate Mode Quasi-Associate Mode Associate mode: signaling links follow the same path as the voice trunks Quasi-associate mode: signaling links follows a different route than the voice trunks

65 Linksets Groups of links that connect two adjacent nodes
Ensure traffic load sharing Combined linksets between STPs ensures load sharing Consist of up to 16 links in ANSI protocol and up to 8 in ITU protocol Signaling link code (SLC) is uniquely assigned to each link

66 Routes Virtual path that a message takes to a destination node
Comprised of one or more linksets

67 MEATA SP=2-901 AMC1 SP=2-272 MEATR SP=2-903 AMC2 SP=2-256
First priority of signaling route Second priority of signaling route MEATA SP=2-901 AMC1 SP=2-272 LS=2-272 LS=2-901 LS=2-903 MEATR SP=2-903 AMC2 SP=2-256 LS=2-256

68 SS#7 protocol stack

69 MTP Message transfer part:
Reliably transfers messages over links or linksets For correct routing, the signaling point needs the signaling point code (SPC) of the node at the end of its links Receives the SPC by destination point code (DPC) in the messages it routes Needs information about other locations in the network, to select the best link set for routing the message to its destination

70 MTP level 3 management services (1)
MTP level 3 provides signaling link selection (SLS) Rotates in each session A mechanism to assign traffic to a link in the linkset Results in load sharing of the links in the linkset SLC rotation stops for duration of message transfer

71 MTP level 3 management services (2)
MTP restart Before returning to the network, a node can send TRW (traffic restart wait) to an adjacent node, indicating not to send traffic When restarting, if the node is satisfied that enough links are available, it is sends a TRA (traffic restart allowed) Optional signaling link test message (SLTM) and signaling test acknowledge (SLTA) Exchanged when a link is in service; ensures agreement on signaling link code

72 SCCP Signaling connection control part:
Provides connectionless and connection-oriented network services Provides global title translation (GTT) capabilities above MTP level 3; translates numbers to DPCs and subsystem numbers Provides more detailed addressing information than MTPs Used as transport layer for TCAP-based services

73 TCAP Transaction capabilities applications part:
Exchange of non-circuit related data Between applications across the SS#7 network Using the SCCP connectionless service Queries and responses sent between SSPs and SCPs Sends and receives database information Credit card validation Routing information

74 TUP Telephone user part: Basic call setup and tear down
Analog circuits only In many countries, ISUP has replaced TUP for call management

75 ISUP ISDN user part: Necessary messaging for setup and tear down of all circuits (voice and digital) Messages follow the paths of voice circuits Messages are sent from a switch, to the switch where the next circuit connection is required Call circuits are identified using circuit identification code (CIC) Must be compatible on both sides Followed by each ISUP message

76 ISUP messages (1) Initial address message (IAM): contains all necessary information for a switch to establish a connection Address complete message (ACM): acknowledge to IAM; the required circuit is reserved and the “phone is ringing” (ringback tone) Answer message (ANM): occurs when the called party picks up the phone

77 ISUP messages (2) Release (REL): sent by the switch sensing that the phone hung up Release complete (RLC): each exchange that receives REL, sends an RLC message back (this acknowledges receipt of REL)

78 ISUP normal call scenario





83 GSM Subscriber Services
There are two basic types of service Telephony (teleservices): mainly voice services (including terminal equipment) for communicating with other subscribers – includes fax, paging, voice mail, and alphanumeric services Data (bearer services): capacity to transmit appropriate data signals between two access points creating an interface to the network

84 Supplementary Services
The following are the usual revenue generators Call forwarding Barring outgoing calls Advice of Charge (AoC) Call hold (for telephony only) Call waiting Multiparty service (for telephony only) Calling line identification presentation/restriction Closed user groups (CUGs)

Download ppt "GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC"

Similar presentations

Ads by Google