Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Lte Nas

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 8

LTE NAS Procedures Abstract Non-Access Stratum is a functional layer protocol stack between core network and UE in LTE.

For LTE, It is the highest stratum in the control plane between UE and MME. NAS layer runs over Uu interface between UE and eNB, and over S1-MME interface between eNB and MME. The main functions for NAS protocols are (1)mobility management, (2)session management, (3)connection management and (4)security. Security has two aspects: integrity and ciphering. This article describes all the NAS procedures and relevant concepts. 1. Introduction UTRAN is access network for LTE. Whenever UE does any signaling message exchanges related to radio resources and accessing the UTRAN, those are Access Stratum procedures. After acquiring radio resources, UE needs to communicate to core network nodes. All signaling message exchanges related to accessing the core network are NonAccess Stratum procedures. The subsequent chapters of this article describes EMM, ECM and ESM NAS procedures, their sub-categories and other related concepts. 2. EMM EMM protocol provides elementary procedures for UEs mobility, when UE uses E-UTRAN. Such procedures include determining UE's location, user's authentication, confidentiality, and connection management. The procedure is a group of NAS messages exchange, like request and response, with specific purpose. There are two kinds of EMM elementary procedures: common procedures and specific procedures. a. Relationship among EMM procedures The EMM common procedures are invoked optionally by some of the EMM specific procedures. If one look at this, from object oriented design point of view, this is like aggregation relationship, where specific procedures are whole and common procedure(s) are part. The below diagrams depicts this relationship with UML notations.

EMM Elementary Procedures

EMM Specific Procedures

EMM Common Procedures

Mobility

Connection s

The class diagram looks like Composite design pattern. This diagram does not indicate any specific NAS module design neither at UE nor at MME. The italic fonts indicates abstract class. All the procedures in the diagrams are just categories. The subsequent sections describe all procedures, which belong to these categories. EMM specific procedure has specific purpose of (1) mobility management and (2) connection management.

b. EMM Mobility Management


The mobility management specific procedures are (1)Attach, (2)Detach and (3) TAU. The attach procedures and detach procedures are similar to such procedures in GPRS and UMTS. When UE is powered ON, or, enters to LTE coverage area, it performs attach procedure. At the time of power OFF, UE performs detach procedure. UMTS coverage area is subdivided in multiple Routing Areas (RAs), same way, LTE coverage area is subdivided in multiple Trekking Areas (TAs). Any TA is formed by coverage are of a group of cell sites (eNBs). The eNB broadcasts TAI. Whenever the any UE detects the TAI change, due to UEs mobility, UE informs the network about its new TA or TA list. UE invokes the normal TAU procedure. Even the stationary UE periodically reports its TA with periodic TAU procedure. Combined procedures

The LTE network also supports combined attach, combined detach and combined TAU procedure. The combined procedures differ from the normal procedures by presence of few optional IEs. The combined procedures save radio resources, as the LTE networks, intimate the legacy GPRS / UMTS network about UE attach, detach and periodic update over wireline interface. So UE does not need to perform similar procedures over legacy

network. Thus, the combined procedures also save UEs battery. However such supports are optional for LTE network deployment. GPRS MS have three categories: class A, class B and class C. The similar way LTE UE belongs to three categories. The PS only mode UE works only with LTE networks. These UEs are not mobile handsets but they are USB dongle or PC card. They never perform combined procedure. The PS only mode UE is similar to class C GPRS MS. The other two LTE UE categories are CS/PS mode 1 UE and CS/PS mode 2 UE. They are dual mode UEs. If UE is under coverage of both LTE and legacy GPRS/UMTS, then CS/PS mode 1 UE prefers non-EPS (GPRS/UMTS) service and mode 2 UE prefers EPS(LTE) service. However, they can attach to both networks, (1) EPS(LTE) network and (2) nonEPS (legacy GPRS/UMTS) network. EMM FSM

EMM FSM has seven states. (1) EMM Null, (2) EMM DeRegistered, (3) EMM DeRegistered initiated, (4) EMM Registered, (5) EMM Registered initiated, (6) EMM TAU initiated, (7) EMM Service Request initiated. Out of these seven states, most of them are transient states. EMM FSM has major two states only. EMM DeRegistered and EMM Registered. They are correspond to UE is detached from LTE network and UE is attached to LTE network respectively.

c. EMM Connection Management (ECM)


The connection is established between UE and MME for session management and for SMS transfer. The connection management specific procedures are: paging, CS service notification, service request, extended service request and transport of NAS. Paging

The LTE networks supports only PS data call. The UE can receive paging signal for incoming PS data call. The legacy networks (GSM and UMTS) support both CS voice call and PS data call. The network can send paging signal to UE for incoming CS voice call using LTE E-UTRAN. Thus, paging procedure is used for incoming CS voice call and PS data call both. The Paging ECM specific procedure is used by network to establish NAS context for incoming CS or PS call. The NAS context consists of security parameters between UE and MME for NAS message exchanges. In the absence of NAS context, the first message will not be encrypted. The EMM procedures may invoke other common EMM procedure for security purpose. Over the air interface Uu RRC protocol carries NAS messages and provides ciphering and data integrity both. In addition to that the NAS security module provides data integrity and optionally ciphering of the NAS messages. Generally LTE network address the UE with its S-TMSI in Paging procedure. However if MME restart or somehow, MME lost S-TMSI of UE, then it uses IMSI. The usage of IMSI over air interface is rare case and is used to only recover from the error, in abnormal conditions. CS Service Notification

The paging procedure is used to establish NAS context. If MME already has valid NAS context for a UE, then MME does not invoke paging procedure for incoming CS call.

Instead of paging procedure, MME invokes CS Service Notification procedure for incoming CS call from legacy GSM and UMTS networks. Service Request

UE initiates Service Request ECM specific procedure, in response to paging. After successful Service Request procedure for connection management, the ECM FSM transits to ECM connected (EMM connected) state. Extended Service Request

The Extended Service Request procedure is a variant of Service Request procedure. It is used for CS fallback for voice call and handoff with non-3GPP networks. The examples of non-3GPP networks are CDMA network, EVDO (HRPD) network, WiMAX network, etc. Transport of NAS

The Transport of NAS ECM specific procedure is used for sending or receiving SMS over LTE network. ECM FSM

ECM can have its FSM. For EMM Registered state, ECM FSM has two states. (1) ECM idle and (2) ECM connected. They are also known as EMM Idle and EMM Connected respectively. d. Common Procedure The EMM common procedures are invoked optionally by EMM specific procedures. They are related to security aspects like authentication and ciphering. For example, EMM mobility management specific procedure named Attach may invoke other EMM common procedure(s) like (1)GUTI relocation, (2)Authentication, (3)Security Mode control, (4)Identification, (5)EMM Information and (6)ESM Information. Another example, EMM connection management specific procedure, Service Request may initiate optional common procedure(s): (1) Authentication and/or (2) Security Mode Control. All the common procedures are optional. These common procedures set security parameters at NAS context. e. EMM Summary Most of the EMM specific procedures for mobility management and connection management are initiated by UE. Paging and CS service notification procedures are always initiated by network. Detach and Transport of NAS procedures can be invoked by either network or UE. Here, the quick recap of all EMM specific procedures. EMM Elementary procedures:

1. Mobility management specific procedure


a. Attach i. Attach ii. Combined Attach

b. Detach i. Detach ii. Combined Detach c. TAU i. Normal TAU ii. Periodic TAU

2. Connection Management specific procedure


a. Service Request i. Service Request ii. Extended Service Request b. Paging i. With S-TMSI ii. With IMSI c. CS Service Notification d. Transport of NAS (for SMS)

3. Common procedure a. GUTI reallocation b. Authentication c. Security Mode control d. Identification e. EMM information f. ESM information

3. ESM: Useful concepts


a. Multiple ESM The NAS procedures for EMM and ECM apply per UE, so UE software can have single instance of ECM module and single instance of EMM module. However the NAS procedures for ESM are for session management. A UE can have multiple active sessions (EPS bearers). Each bearer has its own ESM FSM. So UE software can have multiple instances of ESM module. b. PDN and APN LTE infrastructure includes eUTRAN and EPC. PDN is some network external to operators LTE infrastructure. The Internet is the most common example of PDN. Other possible PDN examples can be IMS network, corporate VPN, MMS etc. If one look at the big picture, LTE or any other wireless network just provides layer-2 connectivity between UE and PDN. So the UE can transfer its layer-3 user packets (most likely IP packets) to external network PDN (most likely Internet). The name of PDN is APN value. The P-GW node is at boundary between LTE network and PDN. So generally APN value is FQDN, which map to IP address of P-GW by DNS server. This DNS server is private one, and accessible only within PLMN. c. EPS bearer An EPS bearer connects UE and exit gateway (P-GW) of LTE network. Unlike, UMTS, in LTE one default bearer is established during attach procedure itself. LTE NAS procedure standard also recommends bundling of LTE EMM NAS procedure and ESM NAS procedure

in a single packet. The default bearer has neither QoS treatment nor TFT filters for user data. The default bearer just provides a basic connectivity between UE and P-GW for a single PDN. Some mobile applications need QoS treatment for user data. E.g. VoIP call. The dedicated bearer provides QoS treatment and TFT for user data. UE has single IP address per PDN, regardless of multiple bearers (default bearer and dedicated bearer). However, if UE and PDN both support IPv4 and IPv6 dual stack, then only, UE can have two default bearers and two IP addresses (IPv4 address and IPv6 address) per PDN. If UE and network both capable to provide connectivity to multiple PDNs, then UE can have multiple default bearers and multiple IP addresses. It is analogous to having multiple Ethernet card to a desktop PC, so one can connect the PC to multiple networks and configure it with multiple IP address. Ethernet cards are layer-2 entities. Here, LTE network appears a single layer-2 interface consisting of E-UTRAN and EPC. However still LTE network can emulate like multiple different layer-2 entities. So, a UE can have multiple layer-3 network layers (IP layers) at user plane. Each layer-3 entity can be connected to different P-GWs and so to different PDNs. Within a single layer-3, UE can have default bearer for best effort treatment and optional dedicated bearer(s) for QoS treatment and TFT d. EPS Bearer ID All EPS bearers (i.e. default and dedicated) have EPS Bearer ID (EBI), assigned by the network. The legacy GPRS and UMTS networks were assigning NSAPI value for each PDP context. EBI is analogous to NSAPI. UE can have one default bearer and zero or more dedicated bearer(s) per PDN. So at UE side few EBI values are used for default bearer(s) and rest are for dedicated bearer(s). It is not possible to discriminate between default bearer and dedicated bearer just by EBI values. LBI plays important role to link EBI values and bundle them together. All dedicated bearer related messages contain LBI IE. The value of LBI IE is EBI value of default bearer for that PDN. e. IP address UE may have static IP address configured APN/PDN. Generally, P-GW acts as DHCP server and assigns dynamic IP address to UE. P-GW consults external DHCP server or radius server or diameter server to allocate dynamic IP address for UE. Dynamic IP address is allocated during default bearer creation. This IP address does not change for all other subsequent new dedicated bearer(s) for that PDN. PCO IE is used to carry UE address. It also carries Primary and Secondary DNS addresses for that particular PDN. So the application can query and resolve any domain name to IP address by contacting the DNS server, within that PDN. All these three IP addresses can be IPv4 address or IPv6 address or both. If UE already knows their values, it mentions them in PCO, to confirm. Else, UE mention value as 0.0.0.0 (for IPv4 case) and/or ::0 (for IPv6 case) to request network for new assignment. PCO IE contains PPP. The PPP contains IPCP for all these IP addresses. PPP can also contain PAP and/or CHAP protocol(s) for user authentication. The PCO and TFT are important IEs, that are exchanged between P-GW and UE. They are transparently carried by eNB, MME and SGW.

f. Summary The following tree makes this concept clearer.

1. LTE layer-2 connectivity using eUTRAN+EPC a. Layer-3 IP (IPv4 or IPv6)connectivity to PDN1, UE IP = ip1 (ip1 is IPv4
address or IPv6 address) i. Default bearer. No QoS and no TFT. EBI = ebi1 ii. Dedicated bearer 1 with QoS1, EBI = ebi2, LBI = ebi1 iii. Dedicated bearer 2 with QoS2, EBI = ebi3, LBI = ebi1 Layer-3 IP (IPv4 or IPv6)connectivity to PDN2, UE IP = ip2 (ip2 is IPv4 address or IPv6 address) i. Only single default bearer. No QoS and no TFT, EBI = ebi4 Layer-3 IP (IPv4)connectivity to PDN3, UE IP = ip3 (ip3 is IPv4 address) i. Default bearer. No QoS, EBI = ebi5 ii. Dedicated bearer 1 with QoS3, EBI = ebi6, LBI = ebi5 Layer-3 IP (IPv6)connectivity to PDN3, UE IP = ip4 (ip4 is IPv6 address) i. Default bearer. No QoS EBI = ebi7 ii. Dedicated bearer 1 with QoS4, EBI = ebi8, LBI = ebi7

b. c. d.

Here PDN1, PDN2 and PDN3 all are different, having different APN values. The values for ip1, ip2, ip3 and ip4 may or may not be different. QoS1, QoS2, QoS3 and QoS4 may or may not different. EBI1 to EBI8 all are different values, not necessary they are in sequence. The minimum implementation without QoS can be as below:

2. LTE layer-2 connectivity using eUTRAN+EPC a. Layer-3 IP (IPv4)connectivity to only single PDN 1, UE IP = ip1 i. Only single Default bearer. No QoS, EBI = ebi1
4. ESM procedures ESM procedures also have two categories. (1) Procedures related to EPS Bearer Context. As the name suggest, these ESM procedures are used for EPS bearer. (2) Procedures related to transaction. However these ESM procedure categories are quite different from EMM procedures category. In case of EMM, the specific procedures are optionally made up of common procedure. So first, an EMM specific procedure starts. Then it optionally invokes one more EMM common procedure(s). Then EMM common procedure(s) get completed and finally the EMM specific procedure also gets completed. If a UE wants to manipulate EPS bearer context, then first UE invokes ESM specific Procedure relate to transaction. UE includes PTI IE in the first message. In the response to that network invokes ESM specific Procedure related to EPS Bearer Context. Network also includes PTI IE with same value, so that UE can correlate to ongoing Procedure relate to transaction. Once network invokes the Procedure related to EPS Bearer Context, then at UE side, the Procedure relate to transaction is declared/assumed as completed. These both categories of procedures are in sequence. Thus, indirectly UE can also invoke EPS procedure !!! Once, the Procedure relate to transaction is completed, then PTI IE is discarded. Then UE and network, both start using, EBI, which is allocated by the network to that particular (default or dedicated) bearer. If network itself initiates

Procedure related to EPS Bearer Context, then PTI IE is absent and EBI IE is mandatory. The examples of such procedures are (1) EPS bearer context modification (2) EPS bearer context deactivation. As mentioned earlier, LBI IE is used in Procedure related to dedicated EPS Bearer Context to point to default bearer for that particular PDN. This table provides a relationship among UE initiated Procedures related to transaction and network initiated Procedures related to EPS Bearer Context Default EPS bearer context activation X X x x x x x X Dedicated EPS bearer context activation EPS bearer context modification EPS bearer context deactivation

Procedures related to EPS Bearer Cxt --> 1 2 3 4 5 6 Procedures related to Transaction PDN connectivity PDN disconnect Bearer resource allocation Bearer resource modification ESM information request ESM status message

As one can see at above table, generally transaction related procedures are invoked by UE with two exceptions. (1) ESM Status message. It can be sent by both UE and network. (2) ESM information request is always sent from network to UE. UE responds with ESM information response. 5. Summary The author has put his best efforts to describe NAS concepts with correct information in lucid language. Any comments, suggestions are welcome. The author is thankful to his colleagues, supervisors and friends for all supports and encouragement to write this article. Let all the software professionals and telecom professionals use this article as reference material. Reference http://en.wikipedia.org/wiki/System_Architecture_Evolution http://www.3gpp.org

You might also like