Tanvir Ahmad Niazi Tanvir.niazi@mail.au.edu.pk Air University, Islamabad Objectives • After completing this lesson you will be able to: – List the 3 sub-systems of a GSM system and their interfaces; – List the different equipment in each GSM sub-system; – Indicate functions for each equipment; – List the interfaces in each sub-system, indicate if it is standard or not and identify the main protocol used on it. 2 Basic Elements of a Cellular System 3 Basic Elements of a Cellular System • Today's wireless communications systems are based on a composite wireless and wired system as shown in this slide where the wireless segment of the communication system is shown as a cluster of seven hexagonal cells. • Each cell is essentially a radio communication center where a mobile subscriber establishes a call with a land telephone through the switch and the Public Switching Telephone Network (PSTN). • This composite platform enables us to communicate with anyone at any time, from anywhere within the service area. • Switch and PSTN are essentially multiple points serving as system intelligence. 4 Architecture of a GSM System 5 Architecture of a GSM System • • • A GSM system is basically designed as a combination of three major subsystems: the Network and Switching Sub-system (NSS), the radio sub-system called the Base Station Sub-system (BSS), and the Operation Sub-System (OSS). The Network and Switching Sub-system includes the equipment and functions related to end-to-end-calls, management of subscribers, mobility, and interfaces with the fixed network (PSTN). In particular, the NSS consist of Mobile Switching Centers (MSC), Visitor Location Registers (VLR), Home Location Registers (HLR), Authentication Center (AUC), and Equipment Identity Register (EIR). The Base Station Sub-system includes the equipment and functions related to the management of the connection on the radio path. It mainly consists of one Base Station Controller (BSC), and several Base Transceiver Stations (BTSs), linked by the Abis interface. 6 Architecture of a GSM System • An optional equipment, the Transcoder / Rate Adapter Unit (TRAU) so called TransCoder Unit (TCU) within Nortel BSS products, is designed to reduce the amount of PCM links. • The Operation Sub-System is connected to all equipment in the switching system and to the BSC. OSS mainly contains Operation and Maintenance Center for NSS (OMC-S) and Operation and Maintenance Center devoted to the Radio subsystem (OMC-R). In order to ensure that network operators will have several sources of cellular infrastructure equipment, GSM decided to specify: – The radio interface (or air interface or Um interface), between the BTS and the MS, – The A interface, between the NSS and the BSS. 7 BSS Architecture 8 BSS Architecture • • • • The Base Station Sub-system (BSS) is a set of equipment (aerials, transceivers and a controller) that is viewed by the Mobile Switching Center through a single A interface as being the entity responsible for communicating with mobile telephones (MSs) in a certain area. The radio equipment of a BSS may be composed of one or more cells, such a BSS may contain one or more Base Transceiver Stations (BTSs). The interface between the BSC and the BTSs is called an Abis interface. The BSS includes two types of equipment: – The Base Transceiver Station (BTS functionally includes also the TRAU) in contact with the Mobile Stations through the radio interface, – The BSC, the latter being in contact with the Mobile Switching Center. • A BSS contains only one Base Station Controller (BSC). 9 BTS General Architecture and Functions 10 BTS General Architecture and Functions • As stated, the primary responsibility of the BTS is to transmit and receive radio signals from a mobile unit over the air interface Um. • To perform this function completely, the signals are encoded, encrypted, multiplexed, modulated, and then fed to the antenna system at the cell site. • In order to keep the mobile synchronized, BTS transmits frequency and time synchronization signal over a devoted channel called a Frequency Correction Channel 11 BTS General Architecture and Functions • Functions performed by a BTS are: – Encodes, encrypts, multiplexes, modulates and feeds the RF signals to the antenna, – Time and frequency synchronization signals transmitted from BTS, – Voice communication through a full rate or half rate (enable) speech channel, – The received signal from the MS is equalized, decoded, and decrypted before demodulation, – Timing advance computation, – Uplink radio channel measurements, – Mobile random access detection, – Frequency Hopping management. 12 BSC General Architecture and Functions 13 BSC General Architecture and Functions • BSC architecture mainly involves a processor unit, a switching matrix, and trunk control units (PCM and X.25). • Note that through the Processing Unit and the X.25 controller, the BSC downloads new software releases from the O&M Center. In turn, all data of interest to the O&M is buffered and forwarded to the O&M Center when being asked or transmitted periodically. • The Base Station Controller (BSC) is connected to the Mobile Switching Center on one side and to the BTSs on the other. 14 BSC General Architecture and Functions • Functions performed by a BSC are: – Performs the Radio Resource (RR, explained below) management for the cells under its control. It assign and release frequencies for all MSs in its own area, – Performs the Intercell hand-over for MSs moving between BTSs in its control, – Reallocates frequencies to the BTSs in its area to meet locally heavy demands during peak hours or on special events, – Controls the power transmission of both BTSs and MSs in its area, – Provides the time and frequency synchronization reference signals, broadcast for each BTS 15 TRAU Architecture and Functions 16 TRAU Architecture and Functions • Depending on the relative cost of transmission plan, there is some benefit in having the Transcoder/ Rate adapter Unit (TRAU) at the Mobile Switching Center (MSC) location. • Moreover, in that case, the TRAU is still considered functionally as a part of the Base Station SubSystem (BSS). • The TRAU is a device that takes 13 kbps speech (or data) multiplexes and two of them, to convert into standard 64 kbps data: – Within the BTS, the 13 kbps speech (or data) are brought up to level of 16 kbps by inserting additional synchronizing data to make up the difference between a 13 kbps speech or lower data rate, 17 TRAU Architecture and Functions – The TRAU converts the 13 kbps speech into 64 kbps T1 µ-law or E1 A-law PCM time slots, – Furthermore the TRAU routes the users' data stream to a suitable device that inter-works with the recipient modem. • It is worth noting that: – Four traffic channels are multiplexed on a 64 kbps PCM circuit at the Ater interface, – One T1 trunk carries up to 92 traffic and control channels, – One E1 trunk carries up to 120 traffic and control channels. 18 NSS Architecture 19 NSS Architecture • The distributed architecture of the Network and Switching Sub-system is organized with MSCs, servers and data bases, linked by interfaces normalized (B to G). • There are two types of MSC to provide switching services to a defined part of the PLMN: • MSC, used to establish traffic channels and to switch signaling messages between PLMN entities and other GSM networks or fixed networks, • Gateway MSC (GMSC), is a specialized MSC managing the central data base HLR, containing permanent and dynamic subscriber data. 20 NSS Architecture • All the information requested by the different functions is stored in four types of data bases connected to (or included in) the MSCs: – HLR or Home Location Register: permanent data specific to each subscriber, including service profile, location and billing options, – VLR or Visitor Location Register: in order to minimize access to the HLR, MSC uses this data base, which contains working data for subscribers moving within its coverage area (LAs), – Network security and access control are provided by the Authentication Center (AUC) and by the Equipment Identity Register (EIR): • AUC: to ensure that only authorized users have access to the network, • EIR: to maintain lists of stolen, faulty and valid equipment identities. 21 NSS Architecture • NSS includes also specific equipment such as: – Inter-Working Functions (IWF): to provide the different bearer services offered by the network, – Short Message Services-Service Center (SMS-SC): used to store and forward point to point short messages, – Billing Server. • These equipment or software elements are running applications more or less operator dependent. 22 Home Location Register 23 Home Location Register • The Home Location Register (HLR) is a database that holds information upon the subscribers. It performs the following functions: – Handling of permanent subscribers data: • Identification: IMSI, MSISDN. • Subscription information: related services options (Teleservices, Bearer Services and Supplementary Services). • Service limitations (e.g. roaming limitation). – Handling of temporary subscribers data: • Current VLR address where the subscriber roams. • Provide VLR with 5 ciphering items. 24 Authentication Center (AUC) 25 Authentication Center (AUC) • • The Authentication Center (AUC) is a database that contains the secret authentication key Ki of each subscriber and generates security related parameters to protect the network operator and subscribers against fraud. The same Ki is to be found in the subscribers SIM card and is used to generate these ciphering items named triplets: – A RANDom number RAND, – A Signature RESponse SRES, using A3 algorithm, – A ciphering Key Kc, using A8 algorithm and computed each time authentication is performed. • • • Software keys Kc and SRES are never passed over the air interface. The two algorithms A3 and A8 are operator dependent. For security reason AUC has often an internal interface with the HLR. However this is a choice of implementation, it is up to HLR to start security algorithms located in AUC. 26 Visitor Location Register 27 Visitor Location Register • When a mobile station enters the LA borders, it signals its arrival to the MSC that stores its identity in the Visitor Location Register (VLR). • The information necessary to manage the MS is contained in the HLR and is transferred to the VLR so that it can be easily retrieved if so required. • The Location Registration procedure allows the subscriber data to follow the movements of the MS. For such reason the data contained in the VLR and in the HLR are more or less the same. Nevertheless, the data are present in the VLR only as long as the MS is registered in the area related to that VLR. 28 Visitor Location Register • The VLR supports a mobile paging, and tracking subsystem in the local area where the mobile is presently roaming. • The detailed functions of VLR are as follows: – Works with the HLR and AUC on authentication. – Relays cipher key from HLR to BSS for encryption and decryption. – Controls allocation of the new TMSI numbers that can be periodically changed to secure a subscriber's identity. – Supports paging (incoming calls). – Tracks the state of all mobile in its area. 29 Equipment Identity Register 30 Equipment Identity Register • The Equipment Identity Register (EIR) is a database that performs a screening function within the network. It keeps track of all valid and invalid Mobile Equipment by storing their • International Mobile Equipment Identities (IMEI). Data for the Equipment Identity Register are provided by: – Manufacturers of Mobile Equipment which provide complete lists of IMEI for the Mobile Stations that they produce. – Other network operators which provide lists of malfunctioning Mobile Equipment. – Police organizations which provide lists of stolen Mobile Equipment. 31 Equipment Identity Register • The Equipment Identity Register actually maintains three lists of International Mobile Equipment Identities: – The black list contains a list of all Mobile Equipment (ME) that are barred from using the network (e.g.: stolen). – The white list contains a list of all the serial numbers of International Mobile Equipment Identities that have been allocated in the Global System for Mobile Communications countries. – The gray list contains a list of faulty Mobile Equipment. This equipment will be logged but not barred. • The GSM Recommendations state that the service providers should decide how often they wish to check the validity of the Mobile Equipment with the EIR. 32 InterWorking Function 33 InterWorking Function • Because of GSM providing a wide range of data services to its subscribers, GSM interfaces with the various public and private data networks currently available. It is the aim of the • Inter-Working Function (IWF) to provide this interfacing capability. Networks to which IWF presently provides interface as follows: – PSTN, – ISDN, – Circuit-switched public data networks (CSPDN), – Packet-switched public data networks (PSPDN). • It provides the subscriber with access to data rate and protocol conversion facilities so that data can be transmitted between GSM Data Terminal Equipment (DTE) and a land line DTE (the recipient). 34 InterWorking Function • Furthermore it allocates a suitable modem from its modem bank when required. This is the case when a GSM DTE, a Fax machine, exchange data with a land Fax machine which works over analog modem (V32). • The IWF also provides direct connect interfaces for customer-provided equipment such as X.25 PADs. • Different protocol conversion may be required for signaling and traffic messages. This includes data rate adaptation and the addition of signaling bits reformatting. • The IWF is a part of the Mobile Switching Center. 35 Protocol Model 36 Protocol Model • • • • • Connection Management (CM) and Mobility Management (MM) messages are transparent to the BSS, they are delivered at end-to-end users (MS and NSS) by the relaying of underlaying protocols (LAPDm, LAPD, SS7). To establish a connection with the MS, CM must require MM, which in turn requires RR to open the radio connection. The RR procedures handles set-up, re-establishment, handover, TCH mode modify and release of calls. The MM procedures provides registration, location and authentication of MS. The CM procedures provides: – Supplementary Services (SS). – Call Control (CC). – Short Message Service (SMS). 37 Radio Interface 38 Radio Interface • This Interface located between MS and BTS (also called the Radio interface) has these features: – Totally normalized. – Full inter-operability between Mobile infrastructure from different manufacturers. Stations and • Organized in 3 levels: – Level 1 physical support: • Time Division Multiple Access (TDMA) frame and FDMA. • Logical channel multiplexing. 39 Radio Interface • Level 2 LAPDm Protocol (modified from LAPD): – No flag. – No error retransmission mechanism due to real time constraints (window = 1). • Level 3 Radio interface layer (RIL3) Protocol involves three sub-layers: – Radio Resource Management (RR): paging, power control, ciphering execution, handover. – Mobility Management (MM): security, location, IMSI attach/detach. – Connection Management (CM): Call Control (CC), Supplementary Services (SS), Short Message Services (SMS), Dual Tone Multi Frequency (DTMF) facilities. 40 Abis Interface 41 Abis Interface • Message exchanges between the BTS and the BSC: – Traffic exchanges. – Signaling exchanges for call set up and BTS operation and maintenance. • • Physical access between BTS and BSC: PCM digital links at 2.048 Mbit/s (E1) or 1.544 Mbit/s (T1), carrying 32 or 24 timeslots at 64 kbit/s. Speech: – Conveyed in timeslots at 4 x 16 kbit/s (remote transcoders). • Data: – Conveyed in timeslots at 4 x 16 kbit/s. – The initial user rate, which may be 300, 1200, 1200/75, 2400, 4800 9600 or 14400 bit/s is adjusted to 16 kbit/s. 42 Abis Interface 43 Abis Interface • This interface located between BTS and BSC has these features: – Partly normalized. – No inter-operability (currently) proprietary. • Organized in 3 levels: – Level 1 PCM transmission (E1 or T1): • Speech coded at 16 kbit/s and sub-multiplexed in 64 kbit/s time slots. • Data which rate is adapted and synchronized. – Level 2 LAPD protocol: Standard HDLC procedure: • RSL = Radio Signaling Link. • OML = Operation and Maintenance Link. – Level 3 application protocols: • RSM = Radio Subsystem Management. • O&M = Operation and Maintenance procedure. 44 LAPD and LAPDm Frames 45 LAPD and LAPDm Frames • • For each BSC and related BTS terminal port (TEI), three types of links may be activated depending on the SAPI parameter value: The Radio Signaling Link: – Radio resource management procedures SAPI = 0. – Short messages, point to point SAPI = 3. • • The Operation and Maintenance Link: O&M procedures SAPI = 62. LAPD messages: – downlink: • OML: software download, channel configuration, • RSL: paging, HO command, – uplink: OML notification (event report), and RSL channel requirement. • LAPDm frames are derived from LAPD frames: – – – – no flags for synchronization, without TEI and FCS, with shorter address, with shorter control field. 46 Ater Interface 47 Ater Interface • Purpose Handling messages between BSC and TCU (TransCoder Unit). • Characteristics Physical access at 1.544 Mbit/s or 2.048 Mbit/s (24 or 32 time slots at 64 kbit/s) carrying: – Reserved signaling channels according to CCITT No. 7 (CCS7). – Speech and data channels (16 kbit/s). – BSC - TCU signaling link (LAPD). – O&M data to OMC-R (X.25) via MSC (through the Network only). Ater interface links carry up to: – 120 communications (E1). – 92 communications (T1). 48 Ater Interface 49 Ater Interface • Signaling messages are carried on specific timeslots (TS): – LAPD signaling TS between the BSC and the TCU. – SS7 TS between the BSC and the MSC. – X.25 TS 2 reserved for specific configurations. • TS 1 carries LAPD protocol and is reserved for management messages between the BSC and the TCU. It is used by the BSC for: – TCU monitoring (mixer, PCM interface, transcoder and control units, LAPD signaling terminal, etc.). – TCU configuration (BSC-TCU signaling link, A-interface PCM, semaphore channels, Ainterface circuits, synchronization and transcoding functions). – TCU initialization. 50 Ater Interface – TCU software downloading. – A and Ater interfaces management. – Synchronization management. – Transcoding management. • SS7 TS is intended for BSC-MSC link and is dedicated for BSSAP messages transportation. TS 2 is reserved if the O&M data are transmitted to the OMC-R via a PCM link’s TS, managed by the Ainterface. • Signaling messages on the LAPD TS 1 are processed only by the TCU. SS7 TS and TS 2, if they are reserved, are switched by the TCU but remain transparent to it. 51 A Interface 52 A Interface Message exchanges between the MSC and the BSS (TCU): – Users traffic transport (speech + data). – Signaling transport. Physical access BSS MSC: PCM digital links. User’s traffic transport Each time slot corresponds to a traffic channel on the radio interface. The 64 kbit/s speech rate adjustment (A-law or µ-law) and the 64 kbit/s data rate adaptation are performed at the TCU. Signaling transport CCITT signaling system 7 (SS7). • Two parts: – The Message Transfer Part (MTP). – The Signaling Connection Control Part (SCCP). 53 A Interface 54 A Interface • This Interface located between TRAU and MSC has these features: – Totally normalized to allow multivendor equipment. – Full interoperability in most cases and after testing. • • Based on CCS7 protocol (either ETSI or ANSI). The MTP layers (2 to 3) provide the basic transport system for all CCS7 signaling messages and are responsible for signaling network management and signaling message handling: – Level 1: defines the physical characteristics for a 64 kbit/s signaling data link. – Level 2: ensures secure signaling link by providing error detection and correction, signaling link alignment and error monitoring. – Level 3: ensures that signaling messages are routed through the network in correct sequence and without loss or duplication even in case of link failure. 55 A Interface • • • • • So, MTP finds the destination signaling point and SCCP will deliver the message. The SCCP addressing allows routing to the application within the same network (through the address) or to an external network (through Global translations) using class 0 for connection mode and class 2 for connection oriented mode. A distribution function is added on top of the SCCP to discriminate the BSSMAP from DTAP. The BSSAP is a GSM CCS7 protocol and handles signaling involving MS, the BSS and the MSC. The BSSAP is divided into two parts: – • The BSSMAP which consists of messages to be processed either by MSC or BSC (RR). – • The DTAP which consists of messages to be transmitted transparently regarding the BSS (MM, CM). 56 PSTN/ISDN/PSDN Interface 57 PSTN/ISDN/PSDN Interface • Interface between MSC and: – Public Switched Telephone Network (PSTN). – Integrated Service Data Network (ISDN). – Packet Switched public Data Network (PSDN). • Normalization: – Country dependent. – Inter-operability after local adaptations. • The User part is built on services of the MTP to provide connectionless signaling for setting • up, monitoring and clearing down the voice or data trunks of GSM CCS7 calls at the PSTN • interface taking into consideration that it is connection-oriented at the A interface due to SCCP functions. 58 PSTN/ISDN/PSDN Interface • The User part transports signaling messages associated with the connection between two users in a network. • It supplies the trunk signaling capabilities which enable network-wide feature transparency for some network services. • There are three main families of user part protocol depending on the application: – The Telephone User Part (TUP) interface with PSTN network. – The ISDN User Part (ISUP), interface with ISDN network. – The Data User Part (DUP), interface with PAD on PSDN network. 59 General Packet Radio Service 60 General Packet Radio Service • General Packet Radio Service (GPRS) is a packet radio access technique based on GSM radio to transfer data in an efficient manner optimizing the use of network resources. It provides packet radio access to external Packet Data Networks, for instance to the Internet. • It offers direct IP connectivity, in a Point-To-Point (PTP) or Point-To-Multipoint (PTM) data transmission mode. • GPRS is an add-on to existing GSM networks, i.e., it makes use of the existing GSM radio infrastructure. 61 General Packet Radio Service • With Nortel’s GPRS core nodes, Serving GPRS Support Node (SGSN) and Gateway GPRS Support Node (GGSN), the upfront investment for operators for initial deployment of GPRS services is limited. • Nortel is currently developing the building blocks of GPRS, including: – Packet Control Unit Support Node (PCUSN), – Serving Gprs Support Node (SGSN), – Gateway Gprs Support Node (GGSN). 62 Check Your Learning • • • • • • • • • • • • • What are the three components of a GSM system? What does a BSS consist of? What are the external interfaces and the internal interfaces of a BSS? What are the main functions of a BTS? Which technique does help saving links between BTS and BSC? What are the main functions of the BSC? What does the NSS contain? What are the main function of a MSC? What is the role of the HLR? What is the role of the VLR? What are the three entities of layer 3 involved in the radio interface? What is the layer 2 protocol involved in the Abis interface? What is the Mobile Application Part? 63