Lte Nas
Lte Nas
Lte Nas
For LTE, It is the highest stratum in the control plane between UE and MME. NAS layer runs over Uu interface between UE and eNB, and over S1-MME interface between eNB and MME. The main functions for NAS protocols are (1)mobility management, (2)session management, (3)connection management and (4)security. Security has two aspects: integrity and ciphering. This article describes all the NAS procedures and relevant concepts. 1. Introduction UTRAN is access network for LTE. Whenever UE does any signaling message exchanges related to radio resources and accessing the UTRAN, those are Access Stratum procedures. After acquiring radio resources, UE needs to communicate to core network nodes. All signaling message exchanges related to accessing the core network are NonAccess Stratum procedures. The subsequent chapters of this article describes EMM, ECM and ESM NAS procedures, their sub-categories and other related concepts. 2. EMM EMM protocol provides elementary procedures for UEs mobility, when UE uses E-UTRAN. Such procedures include determining UE's location, user's authentication, confidentiality, and connection management. The procedure is a group of NAS messages exchange, like request and response, with specific purpose. There are two kinds of EMM elementary procedures: common procedures and specific procedures. a. Relationship among EMM procedures The EMM common procedures are invoked optionally by some of the EMM specific procedures. If one look at this, from object oriented design point of view, this is like aggregation relationship, where specific procedures are whole and common procedure(s) are part. The below diagrams depicts this relationship with UML notations.
Mobility
Connection s
The class diagram looks like Composite design pattern. This diagram does not indicate any specific NAS module design neither at UE nor at MME. The italic fonts indicates abstract class. All the procedures in the diagrams are just categories. The subsequent sections describe all procedures, which belong to these categories. EMM specific procedure has specific purpose of (1) mobility management and (2) connection management.
The LTE network also supports combined attach, combined detach and combined TAU procedure. The combined procedures differ from the normal procedures by presence of few optional IEs. The combined procedures save radio resources, as the LTE networks, intimate the legacy GPRS / UMTS network about UE attach, detach and periodic update over wireline interface. So UE does not need to perform similar procedures over legacy
network. Thus, the combined procedures also save UEs battery. However such supports are optional for LTE network deployment. GPRS MS have three categories: class A, class B and class C. The similar way LTE UE belongs to three categories. The PS only mode UE works only with LTE networks. These UEs are not mobile handsets but they are USB dongle or PC card. They never perform combined procedure. The PS only mode UE is similar to class C GPRS MS. The other two LTE UE categories are CS/PS mode 1 UE and CS/PS mode 2 UE. They are dual mode UEs. If UE is under coverage of both LTE and legacy GPRS/UMTS, then CS/PS mode 1 UE prefers non-EPS (GPRS/UMTS) service and mode 2 UE prefers EPS(LTE) service. However, they can attach to both networks, (1) EPS(LTE) network and (2) nonEPS (legacy GPRS/UMTS) network. EMM FSM
EMM FSM has seven states. (1) EMM Null, (2) EMM DeRegistered, (3) EMM DeRegistered initiated, (4) EMM Registered, (5) EMM Registered initiated, (6) EMM TAU initiated, (7) EMM Service Request initiated. Out of these seven states, most of them are transient states. EMM FSM has major two states only. EMM DeRegistered and EMM Registered. They are correspond to UE is detached from LTE network and UE is attached to LTE network respectively.
The LTE networks supports only PS data call. The UE can receive paging signal for incoming PS data call. The legacy networks (GSM and UMTS) support both CS voice call and PS data call. The network can send paging signal to UE for incoming CS voice call using LTE E-UTRAN. Thus, paging procedure is used for incoming CS voice call and PS data call both. The Paging ECM specific procedure is used by network to establish NAS context for incoming CS or PS call. The NAS context consists of security parameters between UE and MME for NAS message exchanges. In the absence of NAS context, the first message will not be encrypted. The EMM procedures may invoke other common EMM procedure for security purpose. Over the air interface Uu RRC protocol carries NAS messages and provides ciphering and data integrity both. In addition to that the NAS security module provides data integrity and optionally ciphering of the NAS messages. Generally LTE network address the UE with its S-TMSI in Paging procedure. However if MME restart or somehow, MME lost S-TMSI of UE, then it uses IMSI. The usage of IMSI over air interface is rare case and is used to only recover from the error, in abnormal conditions. CS Service Notification
The paging procedure is used to establish NAS context. If MME already has valid NAS context for a UE, then MME does not invoke paging procedure for incoming CS call.
Instead of paging procedure, MME invokes CS Service Notification procedure for incoming CS call from legacy GSM and UMTS networks. Service Request
UE initiates Service Request ECM specific procedure, in response to paging. After successful Service Request procedure for connection management, the ECM FSM transits to ECM connected (EMM connected) state. Extended Service Request
The Extended Service Request procedure is a variant of Service Request procedure. It is used for CS fallback for voice call and handoff with non-3GPP networks. The examples of non-3GPP networks are CDMA network, EVDO (HRPD) network, WiMAX network, etc. Transport of NAS
The Transport of NAS ECM specific procedure is used for sending or receiving SMS over LTE network. ECM FSM
ECM can have its FSM. For EMM Registered state, ECM FSM has two states. (1) ECM idle and (2) ECM connected. They are also known as EMM Idle and EMM Connected respectively. d. Common Procedure The EMM common procedures are invoked optionally by EMM specific procedures. They are related to security aspects like authentication and ciphering. For example, EMM mobility management specific procedure named Attach may invoke other EMM common procedure(s) like (1)GUTI relocation, (2)Authentication, (3)Security Mode control, (4)Identification, (5)EMM Information and (6)ESM Information. Another example, EMM connection management specific procedure, Service Request may initiate optional common procedure(s): (1) Authentication and/or (2) Security Mode Control. All the common procedures are optional. These common procedures set security parameters at NAS context. e. EMM Summary Most of the EMM specific procedures for mobility management and connection management are initiated by UE. Paging and CS service notification procedures are always initiated by network. Detach and Transport of NAS procedures can be invoked by either network or UE. Here, the quick recap of all EMM specific procedures. EMM Elementary procedures:
b. Detach i. Detach ii. Combined Detach c. TAU i. Normal TAU ii. Periodic TAU
3. Common procedure a. GUTI reallocation b. Authentication c. Security Mode control d. Identification e. EMM information f. ESM information
in a single packet. The default bearer has neither QoS treatment nor TFT filters for user data. The default bearer just provides a basic connectivity between UE and P-GW for a single PDN. Some mobile applications need QoS treatment for user data. E.g. VoIP call. The dedicated bearer provides QoS treatment and TFT for user data. UE has single IP address per PDN, regardless of multiple bearers (default bearer and dedicated bearer). However, if UE and PDN both support IPv4 and IPv6 dual stack, then only, UE can have two default bearers and two IP addresses (IPv4 address and IPv6 address) per PDN. If UE and network both capable to provide connectivity to multiple PDNs, then UE can have multiple default bearers and multiple IP addresses. It is analogous to having multiple Ethernet card to a desktop PC, so one can connect the PC to multiple networks and configure it with multiple IP address. Ethernet cards are layer-2 entities. Here, LTE network appears a single layer-2 interface consisting of E-UTRAN and EPC. However still LTE network can emulate like multiple different layer-2 entities. So, a UE can have multiple layer-3 network layers (IP layers) at user plane. Each layer-3 entity can be connected to different P-GWs and so to different PDNs. Within a single layer-3, UE can have default bearer for best effort treatment and optional dedicated bearer(s) for QoS treatment and TFT d. EPS Bearer ID All EPS bearers (i.e. default and dedicated) have EPS Bearer ID (EBI), assigned by the network. The legacy GPRS and UMTS networks were assigning NSAPI value for each PDP context. EBI is analogous to NSAPI. UE can have one default bearer and zero or more dedicated bearer(s) per PDN. So at UE side few EBI values are used for default bearer(s) and rest are for dedicated bearer(s). It is not possible to discriminate between default bearer and dedicated bearer just by EBI values. LBI plays important role to link EBI values and bundle them together. All dedicated bearer related messages contain LBI IE. The value of LBI IE is EBI value of default bearer for that PDN. e. IP address UE may have static IP address configured APN/PDN. Generally, P-GW acts as DHCP server and assigns dynamic IP address to UE. P-GW consults external DHCP server or radius server or diameter server to allocate dynamic IP address for UE. Dynamic IP address is allocated during default bearer creation. This IP address does not change for all other subsequent new dedicated bearer(s) for that PDN. PCO IE is used to carry UE address. It also carries Primary and Secondary DNS addresses for that particular PDN. So the application can query and resolve any domain name to IP address by contacting the DNS server, within that PDN. All these three IP addresses can be IPv4 address or IPv6 address or both. If UE already knows their values, it mentions them in PCO, to confirm. Else, UE mention value as 0.0.0.0 (for IPv4 case) and/or ::0 (for IPv6 case) to request network for new assignment. PCO IE contains PPP. The PPP contains IPCP for all these IP addresses. PPP can also contain PAP and/or CHAP protocol(s) for user authentication. The PCO and TFT are important IEs, that are exchanged between P-GW and UE. They are transparently carried by eNB, MME and SGW.
1. LTE layer-2 connectivity using eUTRAN+EPC a. Layer-3 IP (IPv4 or IPv6)connectivity to PDN1, UE IP = ip1 (ip1 is IPv4
address or IPv6 address) i. Default bearer. No QoS and no TFT. EBI = ebi1 ii. Dedicated bearer 1 with QoS1, EBI = ebi2, LBI = ebi1 iii. Dedicated bearer 2 with QoS2, EBI = ebi3, LBI = ebi1 Layer-3 IP (IPv4 or IPv6)connectivity to PDN2, UE IP = ip2 (ip2 is IPv4 address or IPv6 address) i. Only single default bearer. No QoS and no TFT, EBI = ebi4 Layer-3 IP (IPv4)connectivity to PDN3, UE IP = ip3 (ip3 is IPv4 address) i. Default bearer. No QoS, EBI = ebi5 ii. Dedicated bearer 1 with QoS3, EBI = ebi6, LBI = ebi5 Layer-3 IP (IPv6)connectivity to PDN3, UE IP = ip4 (ip4 is IPv6 address) i. Default bearer. No QoS EBI = ebi7 ii. Dedicated bearer 1 with QoS4, EBI = ebi8, LBI = ebi7
b. c. d.
Here PDN1, PDN2 and PDN3 all are different, having different APN values. The values for ip1, ip2, ip3 and ip4 may or may not be different. QoS1, QoS2, QoS3 and QoS4 may or may not different. EBI1 to EBI8 all are different values, not necessary they are in sequence. The minimum implementation without QoS can be as below:
2. LTE layer-2 connectivity using eUTRAN+EPC a. Layer-3 IP (IPv4)connectivity to only single PDN 1, UE IP = ip1 i. Only single Default bearer. No QoS, EBI = ebi1
4. ESM procedures ESM procedures also have two categories. (1) Procedures related to EPS Bearer Context. As the name suggest, these ESM procedures are used for EPS bearer. (2) Procedures related to transaction. However these ESM procedure categories are quite different from EMM procedures category. In case of EMM, the specific procedures are optionally made up of common procedure. So first, an EMM specific procedure starts. Then it optionally invokes one more EMM common procedure(s). Then EMM common procedure(s) get completed and finally the EMM specific procedure also gets completed. If a UE wants to manipulate EPS bearer context, then first UE invokes ESM specific Procedure relate to transaction. UE includes PTI IE in the first message. In the response to that network invokes ESM specific Procedure related to EPS Bearer Context. Network also includes PTI IE with same value, so that UE can correlate to ongoing Procedure relate to transaction. Once network invokes the Procedure related to EPS Bearer Context, then at UE side, the Procedure relate to transaction is declared/assumed as completed. These both categories of procedures are in sequence. Thus, indirectly UE can also invoke EPS procedure !!! Once, the Procedure relate to transaction is completed, then PTI IE is discarded. Then UE and network, both start using, EBI, which is allocated by the network to that particular (default or dedicated) bearer. If network itself initiates
Procedure related to EPS Bearer Context, then PTI IE is absent and EBI IE is mandatory. The examples of such procedures are (1) EPS bearer context modification (2) EPS bearer context deactivation. As mentioned earlier, LBI IE is used in Procedure related to dedicated EPS Bearer Context to point to default bearer for that particular PDN. This table provides a relationship among UE initiated Procedures related to transaction and network initiated Procedures related to EPS Bearer Context Default EPS bearer context activation X X x x x x x X Dedicated EPS bearer context activation EPS bearer context modification EPS bearer context deactivation
Procedures related to EPS Bearer Cxt --> 1 2 3 4 5 6 Procedures related to Transaction PDN connectivity PDN disconnect Bearer resource allocation Bearer resource modification ESM information request ESM status message
As one can see at above table, generally transaction related procedures are invoked by UE with two exceptions. (1) ESM Status message. It can be sent by both UE and network. (2) ESM information request is always sent from network to UE. UE responds with ESM information response. 5. Summary The author has put his best efforts to describe NAS concepts with correct information in lucid language. Any comments, suggestions are welcome. The author is thankful to his colleagues, supervisors and friends for all supports and encouragement to write this article. Let all the software professionals and telecom professionals use this article as reference material. Reference http://en.wikipedia.org/wiki/System_Architecture_Evolution http://www.3gpp.org