Curs 1 - GSM - Network

Introduction to the GSM Network
GSM: Global System for Mobile communication

o Pan-European standard for communication with mobiles, already adopted by more
than 400 operators in 173 countries and now the world-wide reference for mobile
radio networks. Since 1995 (phase 2), this standard harmonizes the 900 MHz GSM
system and the 1800 or 1900 MHz Digital Cellular Systems (DCS).
GSM 900:
o 2 x 25 MHz frequency bands around 900 MHz. (extended : 2 x 35 MHz)
GSM 1800:
o 2 x 75 MHz frequency bands around 1800 MHz.
GSM 1900: (North and South American variant of the GSM 1800):
o 2 x 75 MHz frequency bands around 1900 MHz.
History
Mobile network "Prehistory":

o 1946: St Louis (Missouri)
o 1970 - 80: NATEL (Switzerland)
1st Generation: Analogue cellular networks
o 1979: Chicago:AMPS
o 1981: Sweden:NMT
o 1985: UK:
TACS
2nd Generation: Digital networks
o 1992: Europe: GSM
o 1995: US:
IS95 (CDMA)
3rd Generation: Universal(?) Standards
o 2001: Japan IMT-2000: UMTS
public
PABX
residential
PSTN
office
Small Cells
PSTN
PSTN
PABX
Medium Cells
GSM
Large Cells
From 2G to 3G
2G services
3G services
GPRS
GSM
UMTS
UMTS
Up to 160Kbps
Up to 2Mbps
Up to 2Mbps
Internet services
Multimedia
R97/98/99 (GSM)
Internet
services
VoiP
R99 (3GPP)
R5 (3GPP)
Multimedia
GERAN
E-GPRS
Up to 384Kbps
Internet services
VoiP
R99 (GSM)
R4/R5
(3GPP)
General Concepts: PLMN and Mobile Stations
...
...
...
...
...
...
PSTN
...
...
PLMN
...
...
PLMN
PSTN
ISDN
PDN
=
=
=
=
Public Land Mobile Network

Public Switched Telephone Network
Integrated Services Digital Network
Packet Data Network
ISDN
PDN
General Concepts: Cellular Coverage
Omni-directional
Unidirectional
Sectored
4
3
7
4
3
7
10
12
12
10
1
6
11
12
11
10
2
8
12
3
11
11
5
11
2
8
1
9
2
8
10
12
Example of a 12-Cell Three-sector Pattern
Radio Resources are limited :
downlink
...
...
uplink
...
...
...
...
...
...
To increase Spectrum Efficiency, specific

techniques are introduced :
o Power Control
o Handover
o Frequency Hopping
o Discontinuous Transmission (DTX)
GSM architecture
Operators
OSS
GSM
External
Networks
MS
BSS
NSS
Users
Types of Mobile Stations

Um
"plug-in" SIM
MT0
SIM card
TE1
MT1
TE2
TA
ISDN
MT2
TE2
(including
TAF)
ISDN concepts
MT
TE
= Mobile Termination
= Terminal Equipment
TE1 = ISDN
TE2 = V or X type
TA(F)
= Terminal Adaptor (Function)
GSM concepts
GSM architecture: Base Station System
NSS
BTS
PSTN/
ISDN
BSC
CBC
Other
BSCs
BTS
GSM architecture: Network and Switching System

MSC
PSTN/
ISDN
BSS
EIR
SMS-C
VLR
AuC
HLR
GCR
GSM architecture: GPRS

Circuit Switching
Packet Switching
MSC/VLR
PSTN/
ISDN
BSS with
PCU
GSM+GPRS
HLR
SGSN
GPRS
Backbone
GGSN
Internet
GSM interfaces and protocols

MS
Um (Radio)
BTS
BS
C
BS
C
MS - BTS
LAPDm
BTS
(GSM specific)
LAPD
BTS - BSC
Abis
(ISDN type)
MSC
MSC
G
VLR
C
D
VL
R
B
C
D
E
F
G
H
I
F
H
AuC
HLR
(SS7 basic) + BSSAP

(BSSAP = BSSMAP + DTAP)
E
B
BSC - MSC
EIR
GCR
MSC-VLR
(SM-G)MSC-HLR
HLR-VLR
(SM-G)MSC-MSC
MSC-EIR
VLR-VLR
HLR-AuC
MSC-GCR
PSTN
ISDN
PSTN /
ISDN
(SS7 basic) + MAP
MSC-PSTN (SS7 basic) + TUP or ISUP

MSC-ISDN
GPRS interfaces and protocols

MS
Um (Radio)
BSS
with
PCU
Gb
BSS - SGSN
BSSGP
Gn
Gr
Gc
Gf
Gs
SGSN-SGSN
SGSN-GGSN
SGSN-HLR
GGSN-HLR
SGSN-EIR
SGSN-MSC/VLR
IP
IP
SS7
IP/SS7
SS7
SS7
Gi
GGSN-Data Network
IP
Gs
Gn
GGSN
Gn
LAPDm
(GSM specific)
MSC
SGSN
SGSN
MS - BTS
BSS
with
PCU
Gr
Gf
Gc
HLR
EIR
Data
Network
Position of Transcoding Unit (TRAU)

BTS TRAU
MSC/VLR
BSC
Abis interface
BTS Site
BTS
BTS Site
BTS
BTS Site
A interface
BSC Site
BSC
MSC Site
MSC/VLR
TRAU
BSC Site
BSC
MSC Site
TRAU
BSC Site
MSC/VLR
MSC Site
2Mb link, each channel = 16 Kbps
2Mb link, each channel = 64 Kbps
RADIO INTERFACE: essential part of GSM specifications because of:
Inter-PLMN COMPATIBILITY
==> Complete Specification (to the nearest bit)
Very elaborate SPECTRUM EFFICIENCY optimization techniques:
Reduction of INTERFERENCE to Manage a large number of Mobiles per km
TRAFFIC: information interchanged from USER-TO-USER, after setting up the call,

requiring dedicated radio resource allocation. In GSM, traffic can be an interchange of
speech or data
SIGNALLING: information interchanges (in some cases, without the user's knowledge)
between the mobile equipment and network machines
o Out of Call : required for managing mobiles, eg. : location update
o During a Call :required for various reasons, eg.: handover, access to a supplementary
service, call release
MS status
Packet switcing mode (GPRS)
Circuit Switching Mode (GSM)
"Idle"
-on
itch
ff
Sw
h- o
c
it
Sw
MS
reachable
et
D
ut
t
en
MS not
reachable
of
End ction
sa
tr a n
rO
to
en
hm
ac
m
ch
ta
De
wo
Net
MS
reachable
"Connected"
"Idle"
e
im
o
tt
en
m rk
ch o
ta tw
At ne
MS not
reachable
ss
cce
rk A
T
of
Out of Time
"Stand-by"
"Ready"
Packet Tx or Rx
"Power Off"
Radio Resources
"Idle" Status
Access
"Connected" Status
procedure
Mobile
pre-synchronization
Channels
to be used
Main
Tasks
&
Types of
Interchange
Network Access
Common
Access
Channels
Common
Broadcast
Channels
Frequency
search
Timing
Synchro
System
Parameter
Analysis
Frequency
Monitoring
(Paging)
Access
Request
Dedicated
Channel
Assignment
Out of call
signalling phase
TRAFFIC phase
(Optional)
Dedicated
Signalling
Channels
Dedicated
Traffic
Channels
Same dedicated
channel used for:
- Authentication
- Signalling:
Traffic
Signalling
. Location Updating
. Short Messages
. (Traffic Channel
Assignment)
Physical Channels : the TDMA Frame

Frequency
axis
Time slot (or burst window)

TDMA frame = 4.615 ms
22
17
DOWNLINK
Band
(BTS ->MS)
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
1 "CHANNEL" (in 1 direction)
Time shift between

transmit and receive : 3 TS
1 BTS (eg. 3 carriers)
22
17
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
UPLINK
Band
MS -> BTS
Same "CHANNEL" (if bidirectional)
time axis
Physical Channels : the Normal Burst
TDMA frame = 4.615 ms
22
17
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
CHANNEL
Time Slot (TS) or Burst Period (BP)

577 s
Burs
t
time axis
Training sequence
Data (114 bits)
guard time
26 bits
"Stealing Flags"
S=0
57 bits
57 bits
S=1
57 bits
57 bits
Traffic (or Signalling out of call)

Signalling during call
Training Sequences :
8 different bit patterns, chosen so that:
o They are easily recognizable (very accurate auto-correlation function)
o They are easily distinguishable from one another (little correlation between each
pattern)
Stealing Flags :
Logical Channels: Principle of Mapping with Physical Channels

example : "Beacon" frequency, downlink:
TS 0 1 2 3 4 5 6 7
BTS
MS
Frequency Correction
Timing synchronization
SDCCH
PCH
Subscriber paging
Power Control
AGCH
FCCH
SCH
SACCH
BCCH
TCH
PCH
FACCH
AGCH
Traffic samples -> MSj

In call signalling -> MSj
Out of call signalling receipt
SACCH
SDCCH
Out of call signalling -> MSi

Power Control -> MSi
In call signalling receipt
BCCH
Response to access request
Traffic sample decoding
FACCH
SCH
System information
TCH
FCCH
Mobile presynchronization
Subscriber paging
Response to access request
Logical Channels - Time Division Multiplexing (GSM)

1 TDMA frame = 120/26 # 4.615 ms
TS
"TRAFFIC" type Multiframe :

0 1 2 3 4 5 6 7 8 9 10
232425 0 1 2 3 4 5 6 7 8 9 10
20
Multiframe : 26 frames
20
23 2425
120 ms
"SIGNALLING" type Multiframe :

1 2 3 4 5 6 7 8 9 10
20
30
40
50 0 1
(= 235 ms approx.)
Logical Channels - Time Division Multiplexing (GPRS)

1 TDMA frame = 120/26 # 4.615 ms
TS
52 Frame - Multiframe on pdch:

0 1 2 3 4 5 6 7 8 9 10
Block 0
Block 1
Block 2
20
Block 3
Block 4
30
Block 5
Block 6
Block 7
40
Block 8
Block 9
50 51 1
Block 10
Block 11
(= 240 ms.)
TFI 28
TFI 2
Data Flow to User A
Data Flow to User B
0 1 2 3 4 5 6 7 8 9 10
Block 0
Block 1
20
Block 2
Block 3
Block 4
Block 5
TFI =28 TFI =28 TFI = 2
BSN =21 BSN =22 BSN =23
BSN =24 BSN =25 BSN =12
Data
Data
Data
Data Flow to User C
30
TFI =28 TFI =28 TFI =28
Data
TFI 19
Data
40
Block 6
Block 7
Block 8
Block 9
TFI = 2
TFI = 2
TFI = 2
TFI = 19 TFI = 19 TFI = 19
BSN =13 BSN =14 BSN =15
Data
50 51 0
Data
Data
Block 10 Block 11
BSN =75 BSN =76 BSN =77
Data
Data
Data
Data
Multiframe : 52 frames (= 240 ms.)
Radio Interface - Channel Mapping

1 2 3 4 5 6 7 8 9 10
20 21
31
41
51 1
F S B B B B c c c c F S c c c c c c c c F S c c c c c c c c F S c c c c c c c c F S c c c c c c c c - F S
Multiframe : 51 frames (= 235 ms approx.)

F = FCCH
S = SCH
LOGICAL
CHANNEL
OCCURRENCE
and/or USABLE BIT
RATE
FCCH
Frequency
Correction
- Locking the mobile local oscillator on the exact frequency

- Roughly estimating the position of the receive window
- Exact synchronization of receive window

- Decoding the Frame Number (from 0 to 2,715,647)
as FCCH (46 ms), 8 TS

after
BCCH
Broadcast
Control
ROLES and USES of INFORMATION CARRIED
1 every 10 frames
(46 ms)
SCH
Synchro
B = BCCH
- General information (system) concerning the station:
1 TS every 4 consec. frames

every 51 frames,
giving 456 usable bits
every 235 ms
- Identity of operator, access authorized or not,

- Organization of logical channels in the cell (paging...),
- Frequencies used, Frequency hopping...,
- Time-Outs applicable...
UPLINK
1
10
(Multiframes : 51 frames)
20 21
f
31
41
C
51
DOWNLINK
f = FCCH
LOGICAL
CHANNEL
RACH
Random
Access
AGCH
Access
Grant
PCH
Paging
s = SCH
b = BCCH
C C C C = CCCH (PCH or AGCH)
OCCURRENCE
and/or USABLE BIT
RATE
Only uplink
These 2 sub-channels
share the "CCCH"
channel based
on variable rules
according to cell and
operator
R = RACH

- used by the mobile to request access to the network
("Channel Request" message with mobile short format identity)
- used by the network to acknowledge the access request and
assign a dedicated channel to the mobile ("immediate
assignment" message with identity echo)
- used by the network to signal a call to a mobile:
Short format identity, unambiguous in the cell
D0
D1
D2
D3
D4
D5
D6
D7
A0
A1
A2
A3
D0
D1
D2
D3
D4
D5
D6
D7
A4
A5
A6
A7
DOWNLINK
A1
A2
A3
D0
D1
D2
D3
D4
D5
D6
D7
A0
A5
A6
A7
D0
D1
D2
D3
D4
D5
D6
D7
A4
UPLINK
(Multiframes : 51 frames)
D = SDCCH
LOGICAL
CHANNEL
SDCCH
Standalone
Dedicated
Control
SACCH
Slow
Associated
Control
A = SACCH
OCCURRENCE
and/or USABLE BIT
RATE
8 TSs every 2x51 frames,
giving 456 bits / 235 ms
---> 1.94 kbit/s
- Out of call signalling, such as location update, authentication,

transition to encrypted mode, assignment of a traffic
channel...
4 TSs every 2x51 frames,

giving 456 bits / 470 ms
---> 950 bit/s
- Non-urgent procedures (background), occurrence ~0.5

sec:measurement reports, power monitoring, timing advance,
+ Short Message Service (SMS)
1 "FULL-RATE" + 1 SACCH :
T T T T T T T T T T T T
T T T T T T T T T T T T - T T T T T T T T T T T T A T T T T T T T T T T T T 0 1 2 3 4 5 6 7 8 9 10 11 A 12 13 14 15 16 17 18 19 20 21 22 23
Multiframe : 26 frames (= 120 ms)
T i = Sample i, TCH/F channel
A = Associated SACCH
2 "HALF-RATE" + 2 SACCHs :
T T T T T T T T T T T T A T T T T T T T T T T T T A T
T
T
T
T
T
A
T
T
T
T
T
T A
T
T
T
T
T
T
T
T
T
T
T
2
0 0 1 1 2 2 3 3 4 4 5 5 1 6 6 7 7 8 8 9 9 10 10 11 11 2
1 T
Ti = Sample i, channel TCH/H n2

Ti = Sample i, channel TCH/H n1
A1 = SACCH associated with TCH 1 A2 = SACCH associated with TCH 2
LOGICAL
CHANNEL
TCH/F
TCH/H
Traffic
Full & Half Rate
SACCH
Slow
Associated
Control
OCCURRENCE
and/or USABLE BIT
RATE
24 TSs every 120 ms
---> 22.8 kbit/s
12 TSs every 120 ms
---> 11.4 kbit/s
4 TS every 480 ms --->
~ 1 kbit/s
TCH cycle stealing :--->
max 11.4 or 22.8 kbit/s

- Traffic at max rate 13 kbit/s
(Speech encoded at 13 kbit/s or Data at up to 9600 bit/s)
- Traffic at max rate 5.6 kbit/s
(Speech encoded at 5.6 kbit/s or Data at up to 4800 bit/s)
- Non-urgent procedures (background), occurrence ~ 0.5 sec:
(as SACCH associated with a SDCCH)
- Signalling after TCH set-up: end of call processing, "high
speed" signalling
TS
0 1 2 3 4 5 6 7
"Beacon" frequency
0 1 2 3 4 5 6 7
Other
frequencies
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
BTS
FCCH + SCH + BCCH
TS 0
RACH
TS 1
PCH + AGCH
downlink direction
8 SDCCH/8 + 8 SACCH/8
other TSs: TCH (+ SACCH / FACCH)
uplink direction
in each direction
in each direction
10
Examples :
Number of Frequencies
Number of TCH Channels ERLANGS (formula B, blocking 2%)
3
4
5
22
30
38
Beacon
frequency
TS
0 1 2 3 4 5 6 7
Other
frequency
0 1 2 3 4 5 6 7
TS 0 of beacon
frequency:
other TSs:
BTS
15
22
29
(FCCH
+ SCH + BCCH) + (PCH + AGCH + RACH) + (4 SDCCH/4 + 4 SACCH/4)
TCH + SACCH (+ FACCH))
Structure of the Multiframe in "Time Slot" 0 (Config. n 1: combined BCCH) :

DOWNLINK
(Multiframes of 51 frames)
F S
F S
F S
D0
D1
F S
D2
D3
F S
A0
A1
F S
F S
F S
D0
D1
F S
D2
D3
F S
A2
A3
UPLINK
D3
R R
A2
A3
R R R R R R R R R R R R R R R R R R R R R R R
D0
D1
R R
D2
D3
R R
A0
A1
R R R R R R R R R R R R R R R R R R R R R R R
D0
D1
R R
D2
F = FCCH
S = SCH
B = BCCH
C = CCCH (PCH or AGCH)
R = RACH
Dn/An = SDCCH / SACCH/4
Radio Interface - Timing Advance

forward propagation time
return propagation time
BTS
T.A. measured by BTS

TS i
TS i
BTS
Tx
Rx
MS1
MS
Rx
Presynchronized Tx
forward propagation time
Access Burst
TS i
Tx
BTS
Rx
TS i
MS1
Rx
(after TA)
Tx
- TA
Radio Interface - Subscriber Paging
The Network knows the LOCATION AREA (LA) in which the mobile is travelling.
An LA can cover more than one cell.
The PCH channel is used to signal a Call to a mobile. The same "Paging" message is
transmitted to all cells in the area (shaded areas above).
Only a mobile in "IDLE" state (pre-synchronized) can respond to paging.
11
BSC
Radio Interface - Access to the Network

An access request is always initiated by the MS. (when an MS is called, the "paging"
procedure is used).
The RACH channel is used to transmit the "CHANNEL REQUEST" message.
The channel is called "random" since the mobile chooses the call TS randomly. This means
that there is a risk of collision.
Collisions are resolved by retransmission after pseudo-random delays.
MS1
MS2
MS3
MS4
MS4
MS5
MS5
Radio Interface - Logical Channel Summary

Family
Abbreviation
FCCH
Broadcast
SCH
BCCH
RACH
PCH
CCCH
AGCH
CBCH
NCH
Dedicated
signalling
(out of call)
Dedicated
Traffic +
signalling
(during call)
SDCCH
Name
Type
Role/Info carried
Burst format
Frequency Correction CHannel MP
--> MS
Frequency for synthesizer alignment
Frequency
Synchronization CHannel
MP
--> MS
Timing sync - Frame N
Sync
Broadcast Common CHannel
MP
--> MS
Broadcast system information
Normal
Random Access CHannel
PP
<-- MS
Network access (Channel request)
Access
Paging CHannel
PP
--> MS
Subscriber paging (paging)
Normal
Access Grant CHannel
PP
--> MS
SDCCH channel assignment (Imm.Ass)
Normal
Cell Broadcast Control CHannel MP
--> MS Broadcast short messages (SMS/CB)
Normal
Notification CHannel
--> MS
Standalone Dedicated Ctrl CH.
MP
Accessibility notification (VGCS/VBS)
Normal
PP <---->
Out of call signalling
Normal
SACC
H
TCH/F
Slow Associated Control CH.
PP <---->
Measurements - P Contr. - Timing adv.
Normal
Traffic / Full Rate CHannel
PP <---->
13 kbit/s traffic
Normal
TCH/H
Traffic / Half Rate CHannel
PP <---->
5.6 kbit/s traffic (phase 2)
Normal
SACCH
Slow Associated Control CH.
PP <---->
Measurements - P Contr. - Timing adv.
Normal
FACCH
Fast Associated Control CH.
PP <---->
In call signalling (cycle stealing)
Normal
Radio Interface - Discontinuous Transmission

Principles (Mandatory in the mobile and on the BTS uplink path) :
DTX (Discontinuous Transmission) : reduced rate transmission (~ 500 bit/s) during silences
VAD (Voice Activity Detection): Measurement of signal strength for detecting moments of
"silence (neither speech nor tone) - adaptive-threshold FILTER
Comfort Noise Generation: In receive mode, reconstitution of background noise based on
the characteristics received in Silence Descriptor (SID) frames, to avoid giving the receiving
user the impression that the line has been cut off
12
SPEECH
TRAU --> BTS
SILENCE
TRAU
S*
MS
S' S' S'
S'
SID FRAME
S' S' S' S"
480 ms
...
...
BTS
MS <--> BTS
Radio Interface - Radio Channel generation

Speech
Digitization
and
Encoding
Burst
Channel
Encoding
Interleaving
Formatting
Encryption
Modulation
Transmission
POWER CONTROL
FR Speech frames :
260 bits / 20 ms :13 kbit/s
22.8 kbit/s
(per channel)
Deinterleaving
Channel
Decoding
Speech
Decoding
Burst
Deformatting
270.8 kbit/s
Decryption
Demodulation
(modulated)
Reception
Radio Interface - GMSK Modulation

(t)
/2
GMSK
MSK
-Tb
-Tb/2
t
Tb/2
Tb
dB
0
-10
200
KHz
-20
-30
-70
-200
-100
100
200
300
400
GMSK = Gaussian Minimum Shift Keying:

convolution of an MSK ramp (/2 - width: 1
bit), by a Gaussian function: 0-1 or 1-0 bit
transitions => smooth" transitions of /2
Properties:
o Gradual transitions avoid the need to filter
signal harmonics which are very weak
o Spectrum efficiency ~ 1 bit/Hertz (270.8
kbaud/200 kHz)
o Modulation spectrum: To prevent
catastophic interference, it is essential to
avoid using adjacent frequencies in adjacent
cells.
kHz
Radio Interface - Raleigh fading

" f "
"GAP" in frequency " f " reception
13
Radio Interface - Frequency Hopping
N-frequency hopping groups can be defined for each TS (N>=4)

The overall system capacity remains unchanged (eg. : 32 mobiles on 4 frequencies)
FCCH/ SCH/ BCCH/ CCCH

No Hopping
SDCCH
TS
0 1 2 3 4 5 6 7
"Beacon" frequency
Other
frequencies
TS0 : Hopping over 4 frequencies TS3 : Hopping over 5 frequencies
Radio Interface - Power Control

Power Control (PC) is used to minimize interferences
PC algorithm in BSC (processing and decision)
PC Mandatory for MS: steps of 2dB every 60 msec , option for BTS: 15 steps of 2 dB
Output
Power
39
(dBm)
Possible values of Output Power

(GSM 900 MS)
8W
2W
33
Example of PC Commands
(GSM 900 MS)
Output
Power
(dBm)
P max MS 2W
33
28 dB
PC
steps
19
13
~ 3 mW
time
= 60 ms
(commands)
19
15
PC Level
19 17
31
31
29 dBm
Radio Interface - Space Diversity
Rx
Chain 1
...
...
RESULT
Rx
Chain 2
14
Space Diversity is used against fading in the uplink direction

The same signal with different multi-paths is received in the Base Station where it is
processed within 2 independent chains : a Discriminator then identifies the best signal
GSM number and identities: Subscriber identifications

IMEI / IMEISV
( International Mobile Equipment Identity )
( International Mobile Equipment Identity and Software Version number) (Phase 2+)
...
...
TAC
IMEI
:
FAC
SNR
SP
(SPare)
Serial NumbeR
Type Approval Code
Final Assembly Code
Software Version Number
TAC
IMEISV:
FAC
SNR
SVN
GSM number and identities: Mobile Equipment identification

IMSI
MS - ISDN
( International Mobile Subscriber Identity )

International Identity E212 compliant
Nature
Format
Meaning
N of digits
( Mobile
MCC
Mobile
Country
Code
MNC
H1 H2
Directory Number
MSIN
x x x ........ x x x
CC
Mobile Mobile Subscriber Identity Number

National including H1 H2 identifying the HLR
Code
NMSI
234
U.K.
Station - Integrated Service Digital Network n )

ISDN type, E.164/E.213 compliant
NDC
M1 M2
Country National
Code Destination
Code*
( national identity )
max 10
1 to 3
SN
xx xx xx xx
Subscriber Number
( national identity )
including M1 M2 identifying the HLR
2 to 4
total up to 15
* instead of identifying a geographic area, the NDC identifies an OPERATOR:
Examples
208
France
01
Orange
69 xx xx xx xx LYON
94 xx xx xx xx MASSENA
10
Cegetel
Characteristics
44
44
44
44
33
802
385
956
973
607/8
33
609
Cellnet GSM
Vodafone GSM
Mercury DCS
Hutchinson DCS
61 MC DU to 69 MC DU
01 MC DU to 09 MC DU
11 xxxx to 3x xxxx
LYON
MASSENA
LA FOURCHE
Allocated to an IMSI (by MMC) in the HLR
Stored in SIM module and AuC
GSM number and identities: Geographic identification
MCC
MNC
LAC
CI
LAI
CGI
15
BSS / NSS Protocols and Software Modules: general

SS (SMS)
(SMS)
SS
CC
SS (SMS)
CC
(Relays)
(Relays)
MM
MM
DTAP
DTAP
BSS
MAP
RR
RR
BSS
MAP
MAP
MAP
TCAP
TCAP
SCCP
SCCP
SCCP
SCCP
MTP 3
MTP 3
MTP 3
MTP 3
LAPD
MTP 2
MTP 2
MTP 2
MTP 2
S.C.1
S.C.1
S.C.1
S.C.1
3
RR'
2
LAPDm
S.C.1
BTSM
LAPDm
LAPD
S.C.1
S.C.1
Um
MS
BTSM
A bis
BTS
A
BSC
S.C.1
(D)
MSC / VLR
NSS
(eg. : HLR)
BSS / NSS Protocols and Software Modules: Radio Interface

Protocol
Discriminator
Meaning
RR
Radio Resource
Management
MM
Mobility Management
CC
Call Control
SS
Supplementary Services
SMS
Short Message Service
Function
- Paging management
- Ciphering mode management
- Frequency redefinition
- Dedicated channel assignment
- Handover management
- Measurements and power control
- Location Updating
- Ciphering mode management
- Frequency redefinition
- Dedicated channel assignment
Entities
MS - BSC
(and BTS)
MS MSC / VLR
- Call handling and routing

- DTMF facilities
- Access to Supplementary Services
MS - MSC
- Short Message Service
(+ SMS-C)
(+ HLR)
16
BSS / NSS Protocols and Software Modules: GPRS protocols

Layer Model for Signalling plan (GPRS)
SM
G
SMS
G
SMS
SM
GMM
GMM
GTP
GTP
LLC
LLC
UDP
UDP
BSSGP
IP
IP
Frame
Relay
L1 bis
L2
L2
L1
L1
relay
RLC
MAC
RLC
MAC
L1 RF
L1 RF
BSSG
P
Frame
Relay
L1 bis
Um
Gn
Gb
MS
BSS
GSN
SGSN
GSN
Layer Model for Transmission plan (GPRS)

Appli
IP / X25
IP / X25
SNDCP
SNDCP
LLC
LLC
relay
RLC
RLC
MAC
MAC
Physical
Layer
Physical
Layer
Frame
Relay
L1 bis
Um
Frame
Relay
L1 bis
Gb
MS
IP/X25
BSSGP
BSSG
P
SNDCP
L2
L2
L1
L1
Gn
BSS
Header
GTP
UDP &
TCP
IP
GTP
UDP &
TCP
IP
SGSN
GGSN
Data
Data
Header
Compression of each part

Division of the SDU in 2 blocks
Header
Header
Label added for each block

= < 1520 Bytes
LLC
RLC MAC
Header
CRC
PHYSICAL
Header
CRC
CRC
LLC Encapsulation
CRC
CRC
LLC frame splitted

into blocks
RLC Encapsulation
Channel Coding CS1 to CS4

Block 1Block 2Block 3Block 4Block 5Block 6Block 7Block 8
Block 1
Block 2
Block 3
Block 8
17
Level 3 GSM procedures: Setting up the radio connection
Um
...
...
A bis
MS
RACH
BTS
RR CHANNEL REQUEST
MSC
BSC
BTSMCHANNEL REQUIRED
ASSIGNMENT of an
SDCCH Channel
BTSM CHANNEL ACTIV.
SDCCH N
ACTIVATION of
Channel indicated
BTSM
RR IMMEDIATE ASSIGN.
SDCCH N
CONNECTION to the
SDCCH Channel
MM CM_SERVICE REQUEST
SDCCH
SABM
CHANNEL ACTIV. ACK
RR IMM. ASSIGN. CMD
AGCH
T3101
ESTABLISH INDIC.
SCCP CONNECT REQUEST

T9105
SCCP CONNECT CONFIRM
SDCCH
UA
Level 3 GSM procedures: Security Functions
Authentication
o Checks that the Mobile Station is the required station and not an intruder
Ciphering
o All Information (Signalling, Speech and Data) is sent in ciphered mode, to avoid
monitoring and intruders (who could analyze signalling data)
Temporary Identification (TMSI)
o used instead of IMSI for safety reason: tracing of MS not so easy on air interface
o Allocated at least when MS is registered in a new VLR (but may be allocated at each
transaction)
...
...
SIM card
Ki
Random number selection

RAND (128 bits)
Radio Channel
AuC
Identification key (128 bits)
Ki
RAND
A3
A3
A3
A3
SRES
Signed ref. (32 bits)
SRES
=?
OK
A8
A8
A8
Cipher command
Kc : Cipher key
A8
BTS
Kc
for the call (64 bits)

A5
Speech - Data - Signalling
A5
Ciphering/Deciphering
Ciphered data
A5
A5
Speech - Data - Signalling
Ciphering/Deciphering
18
Level 3 GSM procedures: Mobile Originating Call
...
...
Um
A bis
BTS
MS
PSTN or ISDN
MSC/VLR
BSC
RR CHANNEL REQUEST
RACH
RR IMMEDIATE ASSIGN. SDCCH N

AGCH
SDCCH
SABM
MM CM Serv. Req.
UA
ESTABLISH INDIC.
MM CM Serv. Req.
SCCP CONNECT REQUEST

MM CM Serv. Req.
SCCP CONNECT CONFIRM
AUTHENTICATION
CIPHERING
Ciphered
SDCCH
CC
SET - UP
DATA INDICATION CC Set - Up
CC CALL PROCEEDING
DATA REQUEST
CC Call Proceeding.
SCCP DATA CC Set - Up
ISUP IAM
SCCP DATA
CC Call Proceeding.
CIC selection
SCCP DATA
BTSM PHYS. CTX REQ.
BSSMAP
Assignment Request
BTSM PHYS. CTX CONF.TCH allocation
BTSM CHANNEL ACTIV. TCH
BTSM CHANNEL ACTIV. ACK
RR ASSIGNMENT CMD TCH
...
...
DATA REQUEST
RR Assignment Cmd
RELEASE REQ *Local End
Um
MS
FACCH
A bis
BTS
SABM
UA
ASSIGNMENT COMPL.
T3107
* if no answer from MS
A
BSC
PSTN or ISDN
MSC/VLR
ESTABLISH INDIC.
DATA INDICATION
Assign. compl.
SCCP DATA
Assign. compl.
RF CHANNEL REL.
RF CHANNEL REL. ACK
DATA REQUESTAlerting
SCCP DATAAlerting
ACM Called P. ringing
ALERTING
SCCP DATAConnect
ANM
CONNECT
DATA REQUESTConnect
CONNECT ACK
DATA IND.
Connect
Ack
Off-hooking
SCCP DATA
Connect
Ack
CONVERSATION PHASE
19
Level 3 GSM procedures: Mobile Terminating Call
GSM
Network
PSTN or ISDN
... MOBILE
...
PAGING REQUEST
CHANNEL REQUEST
IMMEDIATE ASSIGNMENT
SET-UP of an
RR CONNECTION (MT)
PAGING RESULT
SERVICE INDICATION
AUTHENTICATION REQUEST
AUTHENTICATION RESPONSE
CIPHERING MODE CMD
CIPHERING MODE COMPLETE
SET UP
CALL CONFIRMED
ASSIGNMENT CMD
ASSIGNMENT COM
AUTHENTICATION
TRANSITION to CIPHERING mode
START OF CALL
TRAFFIC CHANNEL
ASSIGNMENT
CALL CONFIRMATION
ALERTING
CONNECT
CONNECT ACK
CALL ACCEPTED
Level 3 GSM procedures: International Call
VMSC VLR
...
...
Visited PLMN
International SCCP
Gateways
Incoming
COUNTRY 3
Outgoing
Home PLMN
Outgoing
interrogation
Incoming
HLR
GMSC
PSTN
COUNTRY 1
COUNTRY 2
Level 3 GSM procedures: Location Updating
General
o This procedure is always initiated by the Mobile Station and involves providing the
VLR (and HLR if required) with its current position,
o The visited VLR stores the Location Area (LA),
o The LA n (LAI) received is updated dynamically in SIM non-volatile memory.
20
Normal Location Update

o When the mobile is switched on without having stored the LAI (eg.: initial use of
SIM),
o When the mobile is switched on in a different LA from the LA stored in the SIM,
o When the pre-synchronized mobile moves from one LA to another (same or different
VLR).
Periodic Location Update
o When the SIM internal counter overflows
(This counter is automatically incremented by the mobile when it is switched on)
Level 3 GSM procedures: Handover
3 Phases :
o Identification of requirement, Selection of a new cell, Execution
Mobile Station:
o Continuous Quality and Received Power Control
o Continuous adjacent cell Power monitoring
o Transmission of measurement reports to the BTS (every 0.5s)
Network:
o The BTS measures the Quality and the received Power from the mobile
o The BSC runs the Power Control and Handover central algorithm
o The BSC controls the handover operation
Handover Types:
o Intra-BSC / Inter - BSC, Intra - MSC / Inter - MSC (first and subsequent)
o Internal (within the same BTS) if there is uplink or downlink interference
o Synchronized / non-synchronized
BTS 1
MSC /
VLR
BTS 2
BSC
BSC
PSTN
MSC /
VLR
(Intra BSC)
BSC
MSC /
VLR
BSC
21

Curs 1 - GSM - Network

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Curs 1 - GSM - Network

Cargado por

Copyright:

Formatos disponibles

Introduction to the GSM Network

GSM: Global System for Mobile communication

Mobile network "Prehistory":

General Concepts: PLMN and Mobile Stations

Public Land Mobile Network

General Concepts: Cellular Coverage

Example of a 12-Cell Three-sector Pattern

Radio Resources are limited :

To increase Spectrum Efficiency, specific

Types of Mobile Stations

GSM architecture: Base Station System

GSM architecture: Network and Switching System

GSM architecture: GPRS

GSM interfaces and protocols

(SS7 basic) + BSSAP

(SS7 basic) + MAP

MSC-PSTN (SS7 basic) + TUP or ISUP

GPRS interfaces and protocols

Position of Transcoding Unit (TRAU)

RADIO INTERFACE: essential part of GSM specifications because of:

TRAFFIC: information interchanged from USER-TO-USER, after setting up the call,

Circuit Switching Mode (GSM)

Physical Channels : the TDMA Frame

Time slot (or burst window)

1 "CHANNEL" (in 1 direction)

Time shift between

1 BTS (eg. 3 carriers)

Same "CHANNEL" (if bidirectional)

Physical Channels : the Normal Burst

TDMA frame = 4.615 ms

Time Slot (TS) or Burst Period (BP)

Traffic (or Signalling out of call)

Logical Channels: Principle of Mapping with Physical Channels

Traffic samples -> MSj

Out of call signalling receipt

Out of call signalling -> MSi

In call signalling receipt

Response to access request

Traffic sample decoding

Logical Channels - Time Division Multiplexing (GSM)

"TRAFFIC" type Multiframe :

"SIGNALLING" type Multiframe :

Logical Channels - Time Division Multiplexing (GPRS)

52 Frame - Multiframe on pdch:

Data Flow to User A

Data Flow to User B

TFI =28 TFI =28 TFI = 2

BSN =21 BSN =22 BSN =23

BSN =24 BSN =25 BSN =12

Data Flow to User C

TFI =28 TFI =28 TFI =28

TFI = 19 TFI = 19 TFI = 19

BSN =13 BSN =14 BSN =15

BSN =75 BSN =76 BSN =77

Multiframe : 52 frames (= 240 ms.)

Radio Interface - Channel Mapping

Multiframe : 51 frames (= 235 ms approx.)

- Locking the mobile local oscillator on the exact frequency

- Exact synchronization of receive window

as FCCH (46 ms), 8 TS

ROLES and USES of INFORMATION CARRIED

- General information (system) concerning the station:

1 TS every 4 consec. frames