EPL476 Mobile Networks

Fall 2009

Cellular Telephony Architectures

Instructor: Dr. Vasos Vassiliou

Slides adapted from Prof. Dr.-Ing. Jochen H. Schiller and W. Stallings

 Mobile phone subscribers worldwide
approx. 1.7 bn
1600

2009:
1400 >4 bn!

1200
Subscribers [million]

GSM total
1000 TDMA total
CDMA total
800 PDC total
Analogue total
W-CDMA
600
Total wireless
Prediction (1998)
400

200

0
1996 1997 1998 1999 2000 2001 2002 2003 2004 year
 Development of mobile telecommunication
systems
CT0/1
FDMA

AMPS
NMT CT2
IMT-FT
IS-136 DECT
TDMA
TDMA

EDGE IMT-SC
D-AMPS
IS-136HS
GSM GPRS
UWC-136
PDC
IMT-DS
UTRA FDD / W-CDMA
IMT-TC HSPA
UTRA TDD / TD-CDMA
CDMA

IMT-TC
TD-SCDMA
IS-95 IMT-MC
cdma2000 1X
cdmaOne cdma2000 1X EV-DO
1X EV-DV
1G 2G 2.5G 3G (3X)
How does it work?
 How can the system locate a user?
 Why don’t all phones ring at the same
time?
 What happens if two users talk
simultaneously?
 Why don’t I get the bill from my neighbor?
 Why can an Australian use her phone in
Berlin?
• Why can’t I simply overhear the neighbor’s
communication?
• How secure is the mobile phone system?
• What are the key components of the mobile phone
network?
GSM: Overview
 GSM
 formerly: Groupe Spéciale Mobile (founded 1982)
 now: Global System for Mobile Communication
 Pan-European standard (ETSI, European Telecommunications
Standardisation Institute)
 simultaneous introduction of essential services in three phases (1991,
1994, 1996) by the European telecommunication administrations
(Germany: D1 and D2)
 seamless roaming within Europe possible
 Today many providers all over the world use GSM
(219 countries in Asia, Africa, Europe, Australia, America)
 more than 4,2 billion subscribers in more than 700 networks
 more than 75% of all digital mobile phones use GSM
 over 29 billion SMS in Germany in 2008, (> 10% of the revenues for
many operators) [be aware: these are only rough numbers…]
 See e.g. www.gsmworld.com/newsroom/market-data/index.htm
Performance characteristics of GSM
(wrt. analog sys.)
 Communication
 mobile, wireless communication; support for voice and data
services
 Total mobility
 international access, chip-card enables use of access points of
different providers
 Worldwide connectivity
 one number, the network handles localization
 High capacity
 better frequency efficiency, smaller cells, more customers per cell
 High transmission quality
 high audio quality and reliability for wireless, uninterrupted phone
calls at higher speeds (e.g., from cars, trains)
 Security functions
 access control, authentication via chip-card and PIN
Disadvantages of GSM
 There is no perfect system!!
 no end-to-end encryption of user data
 no full ISDN bandwidth of 64 kbit/s to the user, no
transparent B-channel
 reduced concentration while driving
 electromagnetic radiation
 abuse of private data possible
 roaming profiles accessible
 high complexity of the system
 several incompatibilities within the GSM
standards
 GSM: Mobile Services
 GSM offers
 several types of connections
• voice connections, data connections, short message service
 multi-service options (combination of basic services)
 Three service domains
 Bearer Services
 Telematic Services
 Supplementary Services

bearer services
MS
transit source/
TE MT GSM-PLMN network destination TE
R, S Um (PSTN, ISDN) network (U, S, R)

tele services
Bearer Services
 Telecommunication services to transfer data
between access points
 Specification of services up to the terminal
interface (OSI layers 1-3)
 Different data rates for voice and data (original
standard)
 data service (circuit switched)
• synchronous: 2.4, 4.8 or 9.6 kbit/s
• asynchronous: 300 - 1200 bit/s
 data service (packet switched)
• synchronous: 2.4, 4.8 or 9.6 kbit/s
• asynchronous: 300 - 9600 bit/s
Architecture of the GSM system
 GSM is a PLMN (Public Land Mobile Network)
 several providers setup mobile networks following the
GSM standard within each country
 components
• MS (mobile station)
• BS (base station)
• MSC (mobile switching center)
• LR (location register)
 subsystems
• RSS (radio subsystem): covers all radio aspects
• NSS (network and switching subsystem): call forwarding,
handover, switching
• OSS (operation subsystem): management of the network
Ingredients 1: Mobile Phones, PDAs, etc

The visible but smallest

part of the network!
Ingredients 2: Antennas

Still visible – cause many discussions…

Ingredients 3: Infrastructure 1
Base Stations

Cabling

Microwave links
 Ingredients 3: Infrastructure 2
Not „visible“, but
comprise the major part
of the network (also
from an investment
point of view…)

Management

Data bases
Switching units

Monitoring
 GSM: overview
OMC, EIR,
AUC
HLR
GMSC
NSS fixed network
with OSS

VLR MSC MSC

VLR

BSC

BSC

RSS
GSM: system architecture
radio network and fixed
subsystem switching subsystem partner networks

MS MS
ISDN
PSTN
Um MSC

BTS Abis
BSC EIR
BTS

SS7
HLR

BTS VLR
BSC ISDN
BTS MSC PSTN
A
BSS IWF
PSPDN
CSPDN
System architecture: radio subsystem
radio network and switching
subsystem subsystem  Components
MS MS
 MS (Mobile Station)
 BSS (Base Station Subsystem):
consisting of
Um • BTS (Base Transceiver Station):
sender and receiver
BTS Abis • BSC (Base Station Controller):
BSC MSC controlling several transceivers
BTS
 Interfaces
 Um : radio interface
 Abis : standardized, open
interface with
A 16 kbit/s user channels
BTS
BSC MSC  A: standardized, open interface
BTS with
BSS 64 kbit/s user channels
System architecture: network and
switching subsystem
network
subsystem
fixed partner
networks
• Components
• MSC (Mobile Services Switching
Center):
ISDN • IWF (Interworking Functions)
MSC
PSTN • ISDN (Integrated Services Digital
Network)
• PSTN (Public Switched Telephone
Network)
EIR
• PSPDN (Packet Switched Public
Data Net.)
• CSPDN (Circuit Switched Public
SS7

HLR
Data Net.)

VLR •Databases
ISDN
• HLR (Home Location Register)
MSC
PSTN • VLR (Visitor Location Register)
IWF
• EIR (Equipment Identity Register)
PSPDN
CSPDN
 Radio subsystem
 The Radio Subsystem (RSS) comprises the cellular mobile
network up to the switching centers
 Components
 Base Station Subsystem (BSS):
• Base Transceiver Station (BTS): radio components including sender,
receiver, antenna - if directed antennas are used one BTS can
cover several cells
• Base Station Controller (BSC): switching between BTSs, controlling
BTSs, managing of network resources, mapping of radio channels
(Um) onto terrestrial channels (A interface)

• BSS = BSC + sum(BTS) + interconnection

 Mobile Stations (MS)

GSM: cellular network
segmentation of the area into cells

possible radio coverage of the cell

idealized shape of the cell

cell

 use of several carrier frequencies

 not the same frequency in adjoining cells
 cell sizes vary from some 100 m up to 35 km depending on user density,
geography, transceiver power etc.
 hexagonal shape of cells is idealized (cells overlap, shapes depend on
geography)
 if a mobile user changes cells handover of the connection to the neighbor
cell
 GSM frequency bands (examples)

Type Channels Uplink [MHz] Downlink [MHz]

GSM 850 128-251 824-849 869-894

GSM 900 0-124, 955- 876-915 921-960

classical 1023 890-915 935-960
extended 124 channels 880-915 925-960
+49 channels
GSM 1800 512-885 1710-1785 1805-1880
GSM 1900 512-810 1850-1910 1930-1990
GSM-R 955-1024, 0- 876-915 921-960
exclusive 124 876-880 921-925
69 channels
- Additionally: GSM 400 (also named GSM 450 or GSM 480 at 450-458/460-468 or 479-486/489-496 MHz)
- Please note: frequency ranges may vary depending on the country!
- Channels at the lower/upper edge of a frequency band are typically not used
 Example coverage of GSM networks (www.gsmworld.com)
T-Mobile (GSM-900/1800) Germany O2 (GSM-1800) Germany

AT&T (GSM-850/1900) USA Vodacom (GSM-900) South Africa

Base Transceiver Station and Base
Station Controller
 Tasks of a BSS are distributed over BSC and BTS
 BTS comprises radio specific functions
 BSC is the switching center for radio channels

Functions BTS BSC

Management of radio channels X
Frequency hopping (FH) X X
Management of terrestrial channels X
Mapping of terrestrial onto radio channels X
Channel coding and decoding X
Rate adaptation X
Encryption and decryption X X
Paging X X
Uplink signal measurements X
Traffic measurement X
Authentication X
Location registry, location update X
Handover management X
Mobile station
 Terminal for the use of GSM services
 A mobile station (MS) comprises several functional groups
 MT (Mobile Terminal):
• offers common functions used by all services the MS offers
• corresponds to the network termination (NT) of an ISDN access
• end-point of the radio interface (Um)
 TA (Terminal Adapter):
• terminal adaptation, hides radio specific characteristics
 TE (Terminal Equipment):
• peripheral device of the MS, offers services to a user
• does not contain GSM specific functions
 SIM (Subscriber Identity Module):
• personalization of the mobile terminal, stores user parameters

TE TA MT
Um
R S
Network and switching subsystem

 NSS is the main component of the public mobile network

GSM
 switching, mobility management, interconnection to other
networks, system control
 Components
 Mobile Services Switching Center (MSC)
controls all connections via a separated network to/from a
mobile terminal within the domain of the MSC - several BSC can
belong to a MSC
 Databases (important: scalability, high capacity, low delay)
• Home Location Register (HLR)
central master database containing user data, permanent and semi-
permanent data of all subscribers assigned to the HLR (one
provider can have several HLRs)
• Visitor Location Register (VLR)
local database for a subset of user data, including data about all
user currently in the domain of the VLR
Mobile Services Switching Center
 The MSC (mobile services switching center) plays a central role in
GSM
 switching functions
 additional functions for mobility support
 management of network resources
 interworking functions via Gateway MSC (GMSC)
 integration of several databases
 Functions of a MSC
 specific functions for paging and call forwarding
 termination of SS7 (signaling system no. 7)
 mobility specific signaling
 location registration and forwarding of location information
 provision of new services (fax, data calls)
 support of short message service (SMS)
 generation and forwarding of accounting and billing information
Operation subsystem
 The OSS (Operation Subsystem) enables centralized
operation, management, and maintenance of all GSM
subsystems
 Components
 Authentication Center (AUC)
• generates user specific authentication parameters on request of a
VLR
• authentication parameters used for authentication of mobile
terminals and encryption of user data on the air interface within
the GSM system
 Equipment Identity Register (EIR)
• registers GSM mobile stations and user rights
• stolen or malfunctioning mobile stations can be locked and
sometimes even localized
 Operation and Maintenance Center (OMC)
• different control capabilities for the radio subsystem and the
network subsystem
GSM - TDMA/FDMA 935-960 MHz
124 channels (200 kHz)
downlink
yc
en
qu

890-915 MHz
fre

124 channels (200 kHz)

uplink
higher GSM frame structures
time

GSM TDMA frame

1 2 3 4 5 6 7 8
4.615 ms

GSM time-slot (normal burst)

guard guard
space tail user data S Training S user data tail space
3 bits 57 bits 1 26 bits 1 57 bits 3
546.5 µs
577 µs
GSM protocol layers for
signaling

Um Abis A
MS BTS BSC MSC

CM CM

MM MM
BSSAP BSSAP
RR RR’
BTSM
RR’ BTSM
SS7 SS7
LAPDm LAPDm LAPD LAPD

radio radio PCM PCM PCM PCM

16/64 kbit/s 64 kbit/s /

2.048 Mbit/s
 Mobile Terminated Call
 1: calling a GSM subscriber
 2: forwarding call to GMSC
 3: signal call setup to HLR
 4, 5: request MSRN from VLR
4
HLR VLR
 6: forward responsible 5
8 9
MSC to GMSC 3 6 14 15
 7: forward call to calling 7
PSTN GMSC MSC
 current MSC station 1 2
 8, 9: get current status of MS 10 10 13 10
16
 10, 11: paging of MS BSS BSS BSS
 12, 13: MS answers 11 11 11
 14, 15: security checks 11 12
 16, 17: set up connection 17
MS
Mobile Originated Call
 1, 2: connection request
 3, 4: security check VLR
 5-8: check resources (free
3 4
circuit) 6 5
 9-10: set up call PSTN GMSC MSC
7 8
2 9
1
MS BSS
10
MTC/MOC
MS MTC BTS MS MOC BTS
paging request
channel request channel request
immediate assignment immediate assignment
paging response service request
authentication request authentication request
authentication response authentication response
ciphering command ciphering command
ciphering complete ciphering complete
setup setup
call confirmed call confirmed
assignment command assignment command
assignment complete assignment complete
alerting alerting
connect connect
connect acknowledge connect acknowledge
data/speech exchange data/speech exchange
4 types of handover
1
2 3 4
MS MS MS MS

BTS BTS BTS BTS

BSC BSC BSC

MSC MSC
Handover decision
receive level receive level
BTSold BTSold

HO_MARGIN

MS MS

BTSold BTSnew
Handover procedure
MS BTSold BSCold MSC BSCnew BTSnew
measurement measurement
report result

HO decision
HO required HO request
resource allocation
ch. activation

HO command HO request ack ch. activation ack

HO command HO command
HO access
Link establishment

HO complete HO complete
clear command clear command
clear complete clear complete
Security in GSM
 Security services
 access control/authentication
• user  SIM (Subscriber Identity Module): secret PIN (personal
identification number)
• SIM  network: challenge response method
 confidentiality
• voice and signaling encrypted on the wireless link (after successful
authentication)
 anonymity
• temporary identity TMSI
(Temporary Mobile Subscriber Identity)
• newly assigned at each new location update (LUP) “secret”:
• A3 and A8
• encrypted transmission
available via the
 3 algorithms specified in GSM Internet
 A3 for authentication (“secret”, open interface) • network providers
can use stronger
 A5 for encryption (standardized)
mechanisms
 A8 for key generation (“secret”, open interface)
GSM - authentication

mobile network SIM

RAND
Ki RAND RAND Ki

AC 128 bit 128 bit 128 bit 128 bit

A3 A3
SIM
SRES* 32 bit SRES 32 bit

SRES
MSC SRES* =? SRES SRES
32 bit

Ki: individual subscriber authentication key SRES: signed response

GSM - key generation and
encryption

mobile network (BTS) MS with SIM

RAND
Ki RAND RAND Ki
AC 128 bit 128 bit 128 bit 128 bit SIM

A8 A8

cipher Kc
key 64 bit Kc
64 bit
data encrypted SRES
data
BSS
data MS
A5 A5
Data services in GSM I
 Data transmission standardized with only 9.6 kbit/s
 advanced coding allows 14.4 kbit/s
 not enough for Internet and multimedia applications
 HSCSD (High-Speed Circuit Switched Data)
 mainly software update
 bundling of several time-slots to get higher AIUR (Air
Interface User Rate, e.g., 57.6 kbit/s using 4 slots @ 14.4)
 advantage: ready to use, constant quality, simple
 disadvantage: channels blocked for voice transmission

AIUR [kbit/s] TCH/F4.8 TCH/F9.6 TCH/F14.4

4.8 1
9.6 2 1
14.4 3 1
19.2 4 2
28.8 3 2
38.4 4
43.2 3
57.6 4
Data services in GSM II
 GPRS (General Packet Radio Service)
 packet switching
 using free slots only if data packets ready to send
(e.g., 50 kbit/s using 4 slots temporarily)
 standardization 1998, introduction 2001
 advantage: one step towards UMTS, more flexible
 disadvantage: more investment needed (new hardware)

 GPRS network elements

 GSN (GPRS Support Nodes): GGSN and SGSN
 GGSN (Gateway GSN)
• interworking unit between GPRS and PDN (Packet Data Network)
 SGSN (Serving GSN)
• supports the MS (location, billing, security)
 GR (GPRS Register)
• user addresses
Timeline of Technology Evolution

41
GPRS quality of service
Reliability Lost SDU Duplicate Out of Corrupt SDU
class probability SDU sequence probability
probability SDU
probability
1 10-9 10-9 10-9 10-9
2 10-4 10-5 10-5 10-6
3 10-2 10-5 10-5 10-2

Delay SDU size 128 byte SDU size 1024 byte

class mean 95 percentile mean 95 percentile
1 < 0.5 s < 1.5 s <2s <7s
2 <5s < 25 s < 15 s < 75 s
3 < 50 s < 250 s < 75 s < 375 s
4 unspecified
Examples for GPRS device
classes
Receiving Sending Maximum number of
Class
slots slots slots
1 1 1 2
2 2 1 3
3 2 2 3
5 2 2 4
8 4 1 5
10 4 2 5
12 4 4 5
 GPRS user data rates in kbit/s

Coding 1 slot 2 slots 3 slots 4 slots 5 slots 6 slots 7 slots 8 slots

scheme

CS-1 9.05 18.1 27.15 36.2 45.25 54.3 63.35 72.4

CS-2 13.4 26.8 40.2 53.6 67 80.4 93.8 107.2
CS-3 15.6 31.2 46.8 62.4 78 93.6 109.2 124.8
CS-4 21.4 42.8 64.2 85.6 107 128.4 149.8 171.2
GPRS architecture and
interfaces SGSN

Gn

BSS SGSN GGSN PDN

MS

Um Gb Gn Gi

MSC HLR/
GR

VLR EIR
GPRS protocol architecture

MS Um BSS Gb SGSN Gn GGSN Gi

apps.

IP/X.25 IP/X.25

SNDCP GTP GTP

SNDCP
LLC LLC UDP/TCP UDP/TCP

RLC BSSGP BSSGP IP IP

RLC
MAC MAC
FR FR L1/L2 L1/L2
radio radio
UMTS and IMT-2000
 Proposals for IMT-2000 (International Mobile
Telecommunications)
 UWC-136, cdma2000, WP-CDMA
 UMTS (Universal Mobile Telecommunications System) from ETSI
 UMTS
 UTRA (was: UMTS, now: Universal Terrestrial Radio Access)
 enhancements of GSM
• EDGE (Enhanced Data rates for GSM Evolution): GSM up to 384 kbit/s
• CAMEL (Customized Application for Mobile Enhanced Logic)
• VHE (virtual Home Environment)
 fits into GMM (Global Multimedia Mobility) initiative from ETSI
 requirements
• min. 144 kbit/s rural (goal: 384 kbit/s)
• min. 384 kbit/s suburban (goal: 512 kbit/s)
• up to 2 Mbit/s urban
Frequencies for IMT-2000
1850 1900 1950 2000 2050 2100 2150 2200 MHz
ITU allocation MSS MSS
(WRC 1992) IMT-2000 
IMT-2000


T T
GSM DE UTRA MSS UTRA MSS
Europe D D
1800 CT D FDD   D FDD  

GSM MSS MSS

China IMT-2000 
IMT-2000

1800

cdma2000 MSS cdma2000 MSS

Japan PHS
W-CDMA  W-CDMA 

MSS MSS
North PCS rsv.
 
America
1850 1900 1950 2000 2050 2100 2150 2200 MHz
 IMT-2000 family
Interface
for Internetworking

IMT-2000 GSM ANSI-41

Core Network IP-Network
(MAP) (IS-634)
ITU-T

Initial UMTS Flexible assignment of

(R99 w/ FDD) Core Network and Radio Access

IMT-DS IMT-TC IMT-MC IMT-SC IMT-FT

(Direct Spread) (Time Code) (Multi Carrier) (Single Carrier) (Freq. Time)
IMT-2000 UTRA TDD
Radio Access UTRA FDD (TD-CDMA); cdma2000 UWC-136 DECT
ITU-R (W-CDMA) TD-SCDMA (EDGE)
3GPP 3GPP 3GPP2 UWCC/3GPP ETSI
GSM and UMTS Releases
 Stages Rel
Spec version
Functional freeze date, indicative only
 (0: feasibility study) number
 1: service description from a service- Rel-10 10.x.y Stage 1 ?
user’s point of view Stage 2 ?
 2: logical analysis, breaking the problem Stage 3 ?
down into functional elements and the Rel-9 9.x.y Stage 1 freeze December 2008
information flows amongst them Stage 2 June 2009?
 3: concrete implementation of the
protocols between physical elements Stage 3 freeze December 2009?
onto which the functional elements have Rel-8 8.x.y Stage 1 freeze March 2008
been mapped Stage 2 freeze June 2008
 (4: test specifications) Stage 3 freeze December 2008
 Note Rel-7 7.x.y Stage 1 freeze September 2005
 "Release 2000" was used only
temporarily and was eventually replaced Stage 2 freeze September 2006
by "Release 4" and "Release 5" Stage 3 freeze December 2007
 Additional information: Rel-6 6.x.y December 2004 - March 2005
 www.3gpp.org/releases Rel-5 5.x.y March - June 2002
 www.3gpp.org/ftp/Specs/html-info/ Sp Rel-4 4.x.y March 2001
ecReleaseMatrix.htm R00 4.x.y see note 1 below
9.x.y
R99 3.x.y March 2000
8.x.y
R98 7.x.y early 1999
R97 6.x.y early 1998
R96 5.x.y early 1997
Ph2 4.x.y 1995
Ph1 3.x.y 1992
UMTS architecture
(Release 99 used here!)
 UTRAN (UTRA Network)
 Cell level mobility
 Radio Network Subsystem (RNS)
 Encapsulation of all radio specific tasks
 UE (User Equipment)
 CN (Core Network)
 Inter system handover
 Location management if there is no dedicated connection
between UE and UTRAN

Uu Iu

UE UTRAN CN
UMTS domains and interfaces I
Home
Network
Domain

Zu
Cu Uu Iu Yu
Mobile Access Serving Transit
USIM
Equipment Network Network Network
Domain
Domain Domain Domain Domain

Core Network Domain

User Equipment Domain Infrastructure Domain

 User Equipment Domain

 Assigned to a single user in order to access UMTS
services
 Infrastructure Domain
 Shared among all users
 Offers UMTS services to all accepted users
UMTS domains and interfaces II

 Universal Subscriber Identity Module (USIM)

 Functions for encryption and authentication of users
 Located on a SIM inserted into a mobile device
 Mobile Equipment Domain
 Functions for radio transmission
 User interface for establishing/maintaining end-to-end
connections
 Access Network Domain
 Access network dependent functions
 Core Network Domain
 Access network independent functions
 Serving Network Domain
• Network currently responsible for communication
 Home Network Domain
• Location and access network independent functions
 Spreading and scrambling of user data
 Constant chipping rate of 3.84 Mchip/s
 Different user data rates supported via different spreading factors
 higher data rate: less chips per bit and vice versa
 User separation via unique, quasi orthogonal scrambling codes
 users are not separated via orthogonal spreading codes
 much simpler management of codes: each station can use the same orthogonal
spreading codes
 precise synchronization not necessary as the scrambling codes stay quasi-
orthogonal

data1 data2 data3 data4 data5

spr. spr. spr. spr. spr.

code1 code2 code3 code1 code4

scrambling scrambling
code1 code2

sender1 sender2
OSVF coding
1,1,1,1,1,1,1,1
1,1,1,1 ...
1,1,1,1,-1,-1,-1,-1
1,1
1,1,-1,-1,1,1,-1,-1
1,1,-1,-1 ...
X,X
1,1,-1,-1,-1,-1,1,1
X 1
1,-1,1,-1,1,-1,1,-1
X,-X 1,-1,1,-1 ...
1,-1,1,-1,-1,1,-1,1
SF=n SF=2n 1,-1
1,-1,-1,1,1,-1,-1,1
1,-1,-1,1 ...
1,-1,-1,1,-1,1,1,-1

SF=1 SF=2 SF=4 SF=8

Services
 In shaping future mobile services, the following
characteristics should be taken into consideration:
mobility, interactivity, convenience, ubiquity, easy
access, immediacy, personalization, multimedia
 Services for 3G will evolve
within 3 different areas:
 Personal
Communication
 Wireless Internet
 Mobile Media (e.g. music,
sports, news services)
 Voice traffic will remain the primary business of 3G
mobile networks
56
Services

57
 Typical UTRA-FDD uplink data
rates

12.2 64 144 384

User data rate [kbit/s] (voice)

DPDCH [kbit/s] 60 240 480 960

DPCCH [kbit/s] 15 15 15 15

Spreading 64 16 8 4
UTRAN architecture
RNS RNC: Radio Network Controller
RNS: Radio Network Subsystem
UE1 Node B Iub
Iu

RNC CN
UE2
Node B
• UTRAN comprises
several RNSs
UE3
• Node B can support
Iur FDD or TDD or both
Node B
Iub • RNC is responsible for
handover decisions
Node B
RNC requiring signaling to
the UE
Node B
• Cell offers FDD or TDD
RNS
UTRAN functions
 Admission control
 Congestion control
 System information broadcasting
 Radio channel encryption
 Handover
 SRNS moving
 Radio network configuration
 Channel quality measurements
 Macro diversity
 Radio carrier control
 Radio resource control
 Data transmission over the radio interface
 Outer loop power control (FDD and TDD)
 Channel coding
 Access control
Core network: protocols
VLR

PSTN/
MSC GMSC
GSM-CS ISDN
RNS
backbone

HLR

RNS

SGSN GGSN PDN (X.25),

Layer 3: IP Internet (IP)
GPRS backbone (IP)
Layer 2: ATM
SS 7
Layer 1: PDH,
SDH, SONET

UTRAN CN
Core network: architecture
VLR
BSS
BTS Abis Iu

BSC MSC GMSC

PSTN
Node
BTSB
IuCS
AuC
EIR HLR

GR
Node B
Iub

Node B
RNC SGSN GGSN
Gn Gi
Node B IuPS CN
RNS
Core network
 The Core Network (CN) and thus the Interface I u, too, are
separated into two logical domains:
 Circuit Switched Domain (CSD)
 Circuit switched service incl. signaling
 Resource reservation at connection setup
 GSM components (MSC, GMSC, VLR)
 IuCS
 Packet Switched Domain (PSD)
 GPRS components (SGSN, GGSN)
 IuPS

 Release 99 uses the GSM/GPRS network and adds a new radio

access!
 Helps to save a lot of money …
 Much faster deployment
 Not as flexible as newer releases (5, 6)
UMTS protocol stacks (user
plane) UE Uu UTRAN IuCS 3G
MSC
apps. &
protocols
Circuit RLC
RLC
SAR SAR
switched MAC MAC AAL2 AAL2

radio radio ATM ATM

UE Uu UTRAN IuPS 3G Gn 3G
apps. & SGSN GGSN
protocols
IP, PPP, IP tunnel IP, PPP,
… …
Packet PDCP GTP GTP GTP
PDCP GTP
switched RLC RLC UDP/IP UDP/IP UDP/IP UDP/IP
MAC MAC AAL5 AAL5 L2 L2
radio radio ATM ATM L1 L1
Support of mobility: macro diversity
 Multicasting of data via
several physical channels
 Enables soft handover
 FDD mode only
UE Node B  Uplink
 simultaneous reception of UE
data at several Node Bs
 Reconstruction of data at
Node B RNC CN
Node B, SRNC or DRNC
 Downlink
 Simultaneous transmission of
data via different cells
 Different spreading codes in
different cells
Support of mobility: handover
 From and to other systems (e.g., UMTS to GSM)
 This is a must as UMTS coverage will be poor in the beginning
 RNS controlling the connection is called SRNS (Serving RNS)
 RNS offering additional resources (e.g., for soft handover) is called
Drift RNS (DRNS)
 End-to-end connections between UE and CN only via I u at the SRNS
 Change of SRNS requires change of Iu
 Initiated by the SRNS
 Controlled by the RNC and CN

Node B SRNC CN
Iub Iu
UE Iur

Node B DRNC
Iub
Example handover types in
UMTS/GSM

UE1
Node B1 RNC1 3G MSC1
Iu
UE2
Node B2 Iub Iur

UE3 Node B3 RNC2 3G MSC2

UE4
BTS BSC 2G MSC3
Abis A
Breathing Cells
 GSM
 Mobile device gets exclusive signal from the base station
 Number of devices in a cell does not influence cell size

 UMTS
 Cell size is closely correlated to the cell capacity
 Signal-to-nose ratio determines cell capacity
 Noise is generated by interference from
• other cells
• other users of the same cell
 Interference increases noise level
 Devices at the edge of a cell cannot further increase their output
power (max. power limit) and thus drop out of the cell
 no more communication possible
 Limitation of the max. number of users within a cell required

 Cell breathing complicates network planning

Breathing Cells: Example
UMTS services (originally)
 Data transmission service profiles
Service Profile Bandwidth Transport mode
High Interactive MM 128 kbit/s Circuit switched Bidirectional, video telephone
High MM 2 Mbit/s Packet switched Low coverage, max. 6 km/h
Medium MM 384 kbit/s Circuit switched asymmetrical, MM, downloads
Switched Data 14.4 kbit/s Circuit switched
Simple Messaging 14.4 kbit/s Packet switched SMS successor, E-Mail
Voice 16 kbit/s Circuit switched
 Virtual Home Environment (VHE)
 Enables access to personalized data independent of location, access
network, and device
 Network operators may offer new services without changing the
network
 Service providers may offer services based on components which
allow the automatic adaptation to new networks and devices
 Integration of existing IN services
Some current enhancements
 GSM
 EMS/MMS
• EMS: 760 characters possible by chaining SMS, animated icons, ring tones, was
soon replaced by MMS (or simply skipped)
• MMS: transmission of images, video clips, audio
– see WAP 2.0 / chapter 10
 EDGE (Enhanced Data Rates for Global [was: GSM] Evolution)
• 8-PSK instead of GMSK, up to 384 kbit/s
• new modulation and coding schemes for GPRS  EGPRS
– MCS-1 to MCS-4 uses GMSK at rates 8.8/11.2/14.8/17.6 kbit/s
– MCS-5 to MCS-9 uses 8-PSK at rates 22.4/29.6/44.8/54.4/59.2 kbit/s

 UMTS
 HSDPA (High-Speed Downlink Packet Access)
• initially up to 10 Mbit/s for the downlink, later > 20 Mbit/s using MIMO-
(Multiple Input Multiple Output-) antennas
• can use 16-QAM instead of QPSK (ideally > 13 Mbit/s)
• user rates e.g. 3.6 or 7.2 Mbit/s
 HSUPA (High-Speed Uplink Packet Access)
• initially up to 5 Mbit/s for the uplink
• user rates e.g. 1.45 Mbit/s