White Paper: CDMA Network Technologies: A Decade of Advances and Challenges
White Paper: CDMA Network Technologies: A Decade of Advances and Challenges
White Paper: CDMA Network Technologies: A Decade of Advances and Challenges
Introduction
Code Division Multiple Access technology emerged as an alternative to the GSM cellular
architecture and has shared in the past decade’s explosive growth in the wireless market. CDMA,
like GSM, has seen incremental improvements in capacity throughout this period. Now both types
of networks are making a transition to third-generation (3G) systems around the globe, offering
yet more capacity and data services.
This paper will briefly describe the origins of CDMA technology and the emergence of 3G
implementations such as cdma2000 1X and cdma2000 1x EV-DO. An overview of network
topology is included, with a detailed explanation of the role of each element and interface in the
network and of protocol testing to address the changing requirements of the network. The paper
concludes with a discussion of some of the technical problems that can occur in CDMA networks
and some proposed solutions.
The Telecommunications Industry Association (TIA/EIA) IS-95 CDMA standard published in July
1993 established the ground rules for a complete end-to-end digital wireless communications
system. The commercial network system architecture based on this standard is known as
cdmaOne. TIA/EIA IS-95 and the subsequent IS-95A revision (published in May 1995) form the
basis for most of the commercial 2G CDMA-based networks deployed around the world.
From the standpoint of voice services, cdmaOne technology offers important features for mobile
network operators:
• Simplified network planning, with the same frequency used in every sector of every cell
The early 2G CDMA infrastructure proved its effectiveness in delivering high-quality, low-loss
voice traffic to subscribers. But it didn’t take long for mobile users to begin asking for basic data
services, such as Internet and Intranet services, multimedia applications or high-speed business
transactions, to supplement the voice services on their handsets. The TIA/EIA IS-95A standard
answered this demand with its definition of the wideband 1.25 MHz CDMA channels, power
1
control, call processing, hand-offs and registration techniques for system operation. TIA/EIA IS-
95A brought true circuit-switched data services to CDMA subscribers; however, these were
limited to a maximum speed of 14.4 Kbps per user.
A second round of revisions to the original specification produced the TIA/EIA IS-95B standard.
This new development gave subscribers packet-switched data services at speeds up to 64 Kbps
per subscriber in addition to the existing voice services. With this increased data rate, TIA/EIA IS-
95B-compliant networks qualify as 2.5G CDMA technology.
The transition to 3G networks, still underway, began with a profusion of newly proposed
standards. Some were designed to build on GSM infrastructures and others emerged directly
from CDMA technology. Ultimately the ITU took a position on the matter, defining an IMT-2000
standard that encompassed five different radio interfaces including cdma2000. Note that all of the
IMT-2000 protocols use spread-spectrum techniques, which has implications about network
installation, operation and maintenance.
The ITU defines a 3G network as one that delivers, among other capabilities, improved system
capacity and spectrum efficiency versus 2G systems. It supports data services at transmission
rates of at least 144 Kbps in mobile (moving) environments and at least 2 Mbps in fixed (indoor)
environments. The cdma2000 architecture meets these objectives and includes several
implementations that an operator can select to best serve a transition strategy based on
competitive concerns, existing infrastructures, cost, and other variables.
• cdma2000 1X doubles the voice capacity of cdmaOne networks, delivering peak data
rates of 307 Kbps per subscriber in a mobile environment.
• cdma2000 1xEV includes two variants, both backward compatible with cdma2000 1X and
cdmaOne technologies.
2
Figure 1: The structure of a CDMA network
The mobile station interacts with the Access Network to obtain appropriate radio resources for the
exchange of packets, and it keeps track of the status of radio resources (e.g. active, stand-by,
dormant). It accepts buffer packets from the mobile host when radio resources are not in place or
are insufficient to support the flow to the network.
Upon power-up, the mobile station automatically registers with the Home Location Register (HLR)
in order to:
• Provide the Serving Mobile Switching Centre (MSC-S) with the mobile’s permitted feature
set
After successfully registering with the HLR, the mobile is ready to place voice and data calls.
These may take either of two forms, circuit-switched data (CSD) or packet-switched data (PSD),
depending on the mobile’s own compliance (or lack thereof) with the IS-2000 standard. This
document defines protocols for several critical CDMA interfaces pertaining to packet
transmission, namely A1, A7, A9, and A11.
3
Mobile Stations must comply with IS-2000 standards to initiate a packet data session using the
1xRTT1 network. Mobile stations having only IS-95 capabilities are limited to CSD, while IS-2000
terminals can select either the PSD or CSD. Parameters forwarded by the terminal over the air
link (AL) to the network will determine the type of service requested.
Circuit-switched data has a maximum rate of 19.2 Kbps and is delivered over traditional TDM
circuits. This service allows users to select the point of attachment into a data network using
ordinary dialled digits.
Packet-switched data service has a maximum data rate of 144 Kbps. For each data session a
Point-to-Point Protocol (PPP) session is created between the mobile station and the Packet Data
Serving Node (PDSN). IP address assignment for each mobile can be provided by either the
PDSN or a Dynamic Host Configuration Protocol (DHCP) server via a Home Agent (HA).
The Radio Access Network is the mobile subscriber’s entry point for communicating either data or
voice content. It consists of:
• The air link
• The cell site tower/antenna and the cable connection to the Base Station Transceiver
Subsystem (Um)
• The communications path from the Base Station Transceiver Subsystem to the base
station controller (Abis)
The RAN has a number of responsibilities that impact the network’s delivery of packet services in
particular. The RAN must map the mobile client identifier reference to a unique link layer identifier
used to communicate with the PDSN, validate the mobile station for access service, and maintain
the established transmission links.
The Base Station Transceiver Subsystem (BTS) controls the activities of the air link and acts
as the interface between the network and the mobile. RF resources such as frequency
assignments, sector separation and transmit power control are managed at the BTS. In addition,
the BTS manages the back-haul from the cell site to the Base Station Controller (BSC) to
minimize any delays between these two elements. Normally a BTS connects to the BSC through
un-channelized T1 facilities or direct cables in co-located equipment. The protocols used within
this facility are proprietary and are based on High-level Data Link Control (HDLC).
The Base Station Controller (BSC) routes voice- and circuit-switched data messages between
the cell sites and the MSC. It also bears responsibility for mobility management: it controls and
directs handoffs from one cell site to another as needed. It connects to each MTX using
channelized T1 lines for voice and circuit switched data; and to un-channelized T1 lines for
signalling and control messages to the PDSN using the 10BaseT Ethernet protocol.
The Packet Control Function (PCF) routes IP packet data between the mobile station within the
cell sites and the Packet Data Serving Node (PDSN). During packet data sessions, it will assign
available supplemental channels as needed to comply with the services requested by the mobile
and paid for by the subscribers.
1 A network that provides a “1x chip rate of 1.2288 Mcps for Radio Transmission Technology.”
4
The PCF maintains a “reachable” state for between the RN and the mobile station, ensuring a
consistent link for packets; buffers packets arriving from the PDSN when radio resources are not
in place or insufficient to support the flow from the PDSN; and relays packets between the MS
and the PDSN.
The PDSN/FA is the gateway from the RAN into the public and/or private packet networks. In a
simple IP network, the PDSN acts as a standalone Network Access Server (NAS), while in a
mobile IP network it can be configured as a Home Agent (HA) or a Foreign Agent (FA).
• Provide an IP address for the subscriber (either from an internal pool or through a DHCP
server or through an AAA server; see below)
• Perform packet routing to external packet data networks or packet routing to the HA
which optionally can be via secure tunnels
• Actively manage subscriber services based on the profile information received from the
SCS server of the AAA server
The AAA (Authentication, Authorization, and Accounting) server is used to authenticate and
authorize users for network access and to store subscriber usage statistics for billing and
invoicing.
The Home Agent (HA) supports seamless data roaming into other networks that support 1xRTT.
The HA provides an anchor IP address for the mobile and forwards any mobile-bound traffic to
the appropriate network for delivery to the handset. It also maintains user registration, redirects
packets to the PDSN and (optionally) tunnels securely to the PDSN. Lastly, the HA supports
dynamic assignment of users from the AAA and (again optionally) assigns dynamic home
addresses.
4. The MSC sends an Assignment Request message to the BSS requesting assignment of
radio resources. No terrestrial circuit between the MSC and the BS is assigned to the
packet data call.
The PCF recognizes that no A10 connection associated with this mobile is available and
selects a PDSN for this data call.
7. The A11-Registration Request is validated and the PDSN accepts the connection by
returning an A11-Registration Reply message.
Both the PDSN and the PCF create a binding record for the A10 connection.
8. After the radio link and A10 connection are set-up, the BS sends an Assignment
Complete message to the MSC
9. The mobile and the PDSN establish the link layer (PPP) connection and then perform the
MIP registration procedures over the link layer (PPP) connection.
10. After completion of MIP registration, the mobile can send/receive data via GRE framing
over the A10 connection.
11. The PCF periodically sends an A11-Registration Request message for refreshing
registration for the A10 connection.
12. For a validated A11-Registration Request, the PDSN returns an A11-Registration Reply
message.
Both the PDSN and the PCF update the A10 connection binding record.
This necessarily complex process can be the source of some problems that affect service and
quality. A rigorous monitoring scheme involving simultaneous observation of the A1 interface and
the A10/A11 interface is the best way to detect and correct errors early. Here, a multi-interface
call-trace application is especially productive, since it can trace and group all of the procedures
related to the activity of each single subscriber in a CDMA network, even as the procedures
evolve over multiple interfaces.
Within the call set-up process, an error in any element or procedural step can inhibit the
remaining steps. For example, suppose that the MSC does not respond to the CM Service
Request message (Step 3 in Figure 2) sent by the BSC/PCF over the A1 interface. This is
sometimes caused by internal MSC problems. If this prevents the CM Service Request from
reaching completion, the BSC/PCF cannot assign radio resources to the mobile station, in turn
preventing establishment of the connection. The user finds it impossible to make a data call—a
service for which he or she has paid a premium.
Before a specific timer expires, the PCF sends periodically A11-Registration Request message
(Step 11) to refresh the registration for the A10 connection. For a validated A11-Registration
Request, the PDSN returns an A11-Registration Reply message (Step 12). Here again, internal
problems in the PDSN can cause it to respond late or not at all. As a result the process of
establishing or maintaining the connection cannot continue. The user is once again unable to
make a data call.
7
In both cases, a protocol analyzer connected to the A1 and A10/A11 interfaces can help track
down the problem. The call trace application can distinguish the origin of messages and detect
any failure to respond. This makes it easy to pinpoint the MSC and the PDSN, respectively in
these examples.
To characterize this problem, it is necessary to capture the TCP/IP user plane packets flowing on
the GRE tunnels on the A10 interface. Protocol filtering allows the tool to home in on just the data
or interest. By applying different types of filtering with increasing level of details, it is possible to
“drill down” and isolate the root cause of the shrinking TCP packet Window Size.
“Tunnel router loops” are another class of cdma2000 network problems that can degrade the
quality of service for subscribers. The problem is caused by misconfiguration in the PDSN
routers. It can be detected by acquiring and analyzing IP traffic on the P-H interface (see Figure
1).
To understand tunnel router loops, imagine a subscriber surfing the Web (WWW) with a laptop
connected to a cdma2000 handset. Packets addressed to go to a specific HTTP proxy are routed
(after passing through the PCF) from the PDSN/FA (Foreign Agent) to the Home Agent (HA) for
de-tunneling.
With certain incorrect internal routing configurations, packets destined for Port 80 WWW are not
de-tunnelled by the HA. Instead, they are sent back downstream toward the PDSN/FA. As a
result, multiple packets travel on the same network segment with the same packet ID, wasting
precious bandwidth—and not reaching the intended destination. In addition, for each repetitive
hop a packet takes between the PDSN/FA and HA nodes, the IP Time To Live (TTL) field is
decremented. If the packet is stuck in a router loop, the TTL eventually decrements all the way to
zero and the packet is discarded by the network nodes. “Lost” packets must be retransmitted,
leading to excessive packet retransmission overhead and reduced throughput.
As in the earlier examples, the solution is to use protocol filtering to capture IP packets on the P-
H interface. Browsing through the captured data by applying increasingly fine levels of filtering, it
is possible to see the repeating packets and resolve the problem.
Duplication of IP traffic
PDSN configuration problems can give rise to other types of problems in addition to tunnel loops.
One common issue is associating the PDSN´s logical IP addresses with more than one physical
MAC address. When this occurs, more than one hardware card has the same IP address. All
traffic sent to that IP address goes to two different hardware entities and receives responses from
both. This effectively doubles the amount of IP traffic associated with that single IP address on
that segment. Once again, protocol filtering capabilities are required for effective troubleshooting.
A protocol analyzer should capture IP packets travelling to a specific IP destination address via
the P-H interface. Browsing through the data and using filtering to successively narrow down the
inquiry, the nature of the problem (the duplicated address) soon becomes apparent.
8
Routing problems in the Core Network
Sometimes internal problems can cause PDSN routers to go offline and come back online after a
period of time. This can happen frequently and continuously in a cdma2000 core data network.
When a router first comes online its routing table are not optimized. It takes time for the built-in
OSPF (Open Shortest Path First) routing algorithm to learn the best way to route packets
depending on adjacent available routers. Until the routing tables are optimized, there will be
degradation in quality of service.
By capturing IP packets on the P-H interface with a protocol analyzer and applying filters on the
OSPF routing messages, changes in designated router and changes in neighbours of a router
can be easily identified. Using intelligent and detailed filtering capability on OSPF messages and
information elements within these messages identifying routing problems on an IP network
becomes an easy task.
Conclusion
CDMA infrastructure is widespread and sure to form the basis for broad penetration of CDMA
networks. cdma2000 and other 3G technologies bring telecommunications into the packet-
switched domain, adding a host of new services and network complexities in the process.
9
Acronyms
11