gsm-fops
TRANSCRIPT
GLOBAL SYSTEM for
MOBILE COMMUNICATIONS
Agenda
• The Cellular Concept• GSM Network Architecture• Radio Channel Structure in GSM• GSM Protocols• AT & T commands• GSM enabled Technologies
The Cellular Concept• Cellular mobile Communication is based on the
concept of frequency reuse.• Limited Spectrum is partitioned into N non-
overlapping channel sets, which are then assigned in a regular repeated pattern.
Digital Cellular Systems
• Digital cellular systems are – wireless - can be used everywhere.– digital - give good quality. – cellular - achieves high capacity. – standardized - competition makes them
cheap.
Representation of Cells
Ideal cellsFictitious cells
Cell Characteristics
• The Basic Union In The System– defined as the area where radio coverage is
given by one base station.• Addressed by Cell Global Identity (CGI).• A cell has one or several frequencies, depending
on traffic load – Frequencies are reused, but not used in
neighboring cells due to interference.
Cell Structure• Implements Space Division Multiplex – Base Station
(BS) covers a certain transmission area (cell).• Mobile Station (MS) communicate via the BS.• Advantages
– Higher capacity, Higher number of users.– Less transmission power needed.– More robust, decentralized.– BS deals with interference, transmission area etc
locally.• Problems
– Fixed networks needed for BS’s.– Handover.– Interference with other cells.
• Cell sizes from 100m in cities to 35km on the country side.
Cell Size
• Cell size determines number of cells available to cover geographic area and (with frequency reuse) the total capacity available to all users.
• The size is usually based in the local traffic distribution and demand.
• Each network operator has to size cells to handle expected traffic demand.
• The more the concentration of traffic demand in the area, the smaller the cell has to be sized.
Capacity of a Cellular System
• Frequency Re-Use Distance.
• The K factor or the cluster size.
• Cellular coverage or Signal to interference ratio.
• Sectoring.
The need•Optimum Spectrum Usage•More Capacity•High Quality of Service•Low Cost
Capacity within cell limited by available bandwidth and operational requirements.
The K factor and Frequency Re-Use Distance
• Frequency re-use distance is based on the cluster size K.• The cluster size is specified in terms of the offset of the
center of a cluster from the center of the adjacent cluster
K = i2 + ij + j2
K = 22 + 2*1 + 12
K = 4 + 2 + 1
K = 7
D = 3K * R
D = 4.58R
i
j
1
2
3
4
5
6
7
1
2
35
6
7
D
R
Cell Structure for K = 4
1
2
3
4
1
1
1
1
1
12
2
2
2
2
3
3
3
3
3
4
4
4
4
4
4
3
2
Increasing cellular system capacity
• Cell sectoring– Directional antennas subdivide cell into 3 or 6
sectors.– Might also increase cell capacity by factor of 3 or
6.• Cell splitting
– Decrease transmission power in base and mobile.
– Results in more and smaller cells.– Reuse frequencies in non-contiguous cell groups.– Example: ½ cell radius leads 4 fold capacity
increase.
Tri – Sector antenna for a cell
Cell Distribution in a Network
Highway
TownSuburb
Rural
GSM
• GSM is globally accepted standard for Digital Cellular Communications today.
• GSM provides– Anybody – 700 million users – Anywhere – 194 countries– Any media – voice, messaging, data,
multimedia
• GSM is the stepping-stone to 3G networks.
GSM Specifications and Characteristics
• Frequency band – 1850 to 1990 MHz.• Duplex Distance – 80 MHz.• Channel Separation – 200kHz.• Modulation – Gaussian Minimum Shift Keying
(GMSK).• Transmission rate – 270 kbps over the air.• Access method – Time Division Multiple Access
(TDMA).• Speech coder – Linear Predictive Coding (LPC).
GSM Network Architecture
BSCBTS
BTS
Mobile
Station
Access Network:Base Station Subsystem
HLR VLR EIR AuC
MSCPSTN
Um Abis A
Core Network:GSM CS network
SS7
GSM Interfaces• Um Interface
– Mobile Station and Base Station Subsystem communicate across Um interface, also known as air interface or radio link.
• Abis interface– Base Transceiver Station (BTS) and Base
Station Controller (BSC) communicate across Abis interface.
• A interface– Base Station Subsystem communicates with
Mobile service Switching Center (MSC) across A interface.
GSM Functional Entities
• MS Mobile Station – SIM – Subscriber Identity Module
• BSS Base Station Subsystem– BTS – Base Transceiving Station– BSC – Base Station Controller
• NSS Network and Switching Subsystem– MSC – Mobile Switching Center– Registers
• O&M: Operations and Maintenance Center
GSM Functional Entities
• Registers– HLR – Home Location Register– VLR – Visitor Location Register– AUC – Authentication Centre– EIR – Equipment Identification Register
Mobile Station (MS)
• Provides access to GSM network.• Consists of
– Mobile Equipment (ME)– Subscriber Identity Module (SIM)
• While subscriber roams or is stationary, the MS transmits a radio signal to one of the many BTS using a radio-link protocol via the Um interface.
Mobile Equipment (ME)
• Physical Mobile Device• Identifiers
– International Mobile Equipment Identity (IMEI)
– Press *#06#
Subscriber Identity Module (SIM)• A SIM is a logical single application running on a
UICC (Universal Integrated Circuit Card) smartcard.• Contains Administrative data, Security data,
Subscriber data, and Roaming Data. • Identifiers
– Ki – Subscriber Authentication Key.
– International Mobile Subscriber Identity (IMSI).– Temporary Mobile Subscriber Identity (TMSI).– Mobile Station International Service Digital
Network (MSISDN).– Personal Identity Number protecting a SIM (PIN).– Location Area Identity (LAI).
SIM Anatomy
Base Station Subsystem (BSS)
• The BSS is composed of two parts– Base Transceiver
Station (BTS)– Base Station Controller
(BSC)
Base Transceiver Station (BTS)• BTS houses radio transceivers that define a
cell.• Handles the radio link protocols with MS.• BTS separates the speech and control
signaling associated with a MS and sends them to the BSC on separate channels.
• Requirements– Ruggedness
– reliability
– Portability
– Minimum cost
Base Station Controller (BSC)
• BSC manages radio resources for one or more BTS.• Handles (through the Abis Interface)
– Radio Channel Setup – Frequency Hopping– Handovers
• BSC also connects MS to MSC using A interface.
Network and Switching Subsystem (NSS)
• NSS is the main component of the public mobile network GSM.
• Provides– Switching.– mobility management.– Interconnection to other networks.– System control.
• Components– Mobile Services Switching Center (MSC).– Databases/Registers.
Mobile Services Switching Centre (MSC)• The central component of the
network subsystem.
• Interface between radio system and fixed networks (PSTN and ISDN).
• It acts like a normal switching node of the PSTN or ISDN.
• Connected to BSS throughA interface; usually an E-1,either wireline or microwave.
Mobile Services Switching Centre (MSC)
• Also performs signaling between MSC and other functional entities using SS7– Registration– Authentication– Location updating– Handovers– Call routing to a roaming subscriber
Registers/Databases• GSM defines a number of network databases
that are used in performing the functions of mobility management and call control.– HLR – Home Location Register– VLR – Visitor Location Register– AUC – Authentication Centre– EIR – Equipment Identification Register
• Requirements– Scalability– High Capacity– Low Latency
Home Location Register (HLR)
• Central database for all subscribers– Identity of the subscriber– Services accessible to the subscriber– Current location of the subscriber
• Given a Mobile Subscriber ISDN number (MS-ISDN), call is routed to IMSI number-VLR
• Each subscriber appears only once in database• HLR might be physically distributed in several
sites (e.g., using first two digits to identify physical HLR)
Visitor Location Register (VLR)
• Database with information on MS within area served by MSC– MS Roaming number– TMSI if applicable– Location area in which was last registered– Supplementary services
• Used by an MSC to retrieve information for various purposes– Handling of calls to or from a roaming
mobile station currently located in its area• Typically part of MSC
Call Routing
Fixed Subscriber
PSTN/ISDN exchange
Gateway MSC
Home Location Register
MSC/VLR Mobile Station
PSTN/ISDN exchange
MSISDNMSISDN
MSISDN IMSI
MSRNMSRN
MSRNMSRN
TMSI
Indicates a switching Node
Authentication Centre (AuC)
• Entity associated to HLR for authentication– allows International Mobile Subscriber Identity
(IMSI) to be authenticated• Allows ciphering of communication over radio
path between mobile station and network ciphered
• Transmits data needed for authentication and ciphering via HLR to VLR, MSC and SGSN which need to authenticate a mobile station (SIM validation)
Equipment Identity Register (EIR)
• Logical entity responsible for storing IMEIs in network used in GSM system.
• Equipment classified as "white listed", "grey listed” and "black listed”.
• Ensures that MEs being used are valid and authorized to function on the Public Land Mobile Network (PLMN) .
Public Land Mobile Network (PLMN)
• Functionally maybe regarded asindependenttelecommunicationsentities
• A collection of MSC’s areas withina commonnumbering plan
PSTN
BTS
BTS
BTS
BTS
BTS
BTS
BTS
BSC BSC
MSC
BTS
BTS
BTS
BTS
BTS
BTS
BTS
BSC BSC
MSC
GSM Radio Transmission• Combination of FDMA and
TDMA to send information• Frequencies: 800, 900, 1800,
1900 MHzFor example, GSM 900:– Uplink = 890-915 MHz– Downlink = 935-960 MHz
• Each 25 MHz bandwidth is divided into 124 carrier frequencies spaced 200 KHz with one or more frequencies allocated to each base station
AIRINTERFACE
MOBILE
BASE TRANSCEIVER STATION
GSM uses paired radio channels
0 124 0 124
890MHz 915MHz 935MHz 960MHz
UPLINK
DOWNLINK
Frequency Multiplex
k2 k3 k4 k5 k6k1
t
c
Time Multiplex
f
t
c
k2 k3 k4 k5 k6k1
Time and Frequency Multiplex
• Combination of both methods• A Channel gets a certain
frequency band for a certain amount of time.
t
f
c
k2 k3 k4 k5 k6k1
1 2 3 4 5 6 7 8
higher GSM frame structures
935-960 MHz124 channels (200 kHz)downlink
890-915 MHz124 channels (200 kHz)uplink
frequ
ency
time
GSM TDMA frame
GSM time-slot (normal burst)
4.615 ms
546.5 µs577 µs
guardspace
guardspacetail user data TrainingS S user data tail
3 bits 57 bits 26 bits 57 bits1 1 3
GSM - TDMA/FDMA
T1 T2 T3 T5 T6 T7T4 T8
R T
R T
R1 R2 R3 R5 R6 R7R4 R8
Uplink TDMA Frame
F1 + 45MHz
Downlink TDMA F1MHz
The start of the uplink TDMA is delayed of
three time slotsTDMA frame (4.615 ms)
Fixed transmit Delay of three time-slots
GSM delays uplink TDMA frames
TRAFFIC SIGNALLING
FULL RATEBm 22.8 Kb/S
HALF RATELm 11.4 Kb/S
BROADCAST COMMON CONTROL DEDICATED CONTROL
FCCH SCH BCCHPCH
RACHAGCH
SDCCH SACCH FACCH
FCCH -- FREQUENCY CORRECTION CHANNELSCH -- SYNCHRONISATION CHANNELBCCH -- BROADCAST CONTROL CHANNELPCH -- PAGING CHANNELRACH -- RANDOM ACCESS CHANNELAGCH -- ACCESS GRANTED CHANNELSDCCH -- STAND ALONE DEDICATED CONTROL CHANNELSACCH -- SLOW ASSOCIATED CONTROL CHANNELFACCH -- FAST ASSOCIATED CONTROL CHANNEL
DOWN LINK ONLY
UPLINK ONLYBOTH UP & DOWNLINKS
Logical Channels
Traffic Channels (TCH)
• Used to carry speech and data• Types of TCH
– Full-rate (TCH/F)– Half-rate (TCH/H)
• double capacity, but half the quality– Eighth-rate or Stand-alone Dedicated
Control Channels (SDCCH)• 26 TDMA frames
– 24 traffic channels– 1 slow associated control channel– 1 unused channel
Control Channels
• Accessed by:– Idle mode mobiles to exchange signaling
information required to change to dedicated mode
– Dedicated mode mobiles to monitor surrounding base stations for handover and other information
• 51 TDMA frame format• Broadcast Control Channel (BCCH)
– Broadcasts on the downlink information such as base station identity, frequency allocation, frequency-hopping sequences
Control Channels
• Frequency Correction Channel (FCCH) and Synchronization Channel (SCH)– Synchronize mobile to time slot structure of
cell• Random Access Channel (RACH)
– Used by mobile to request access to GSM network
• Paging Channel (PCH)– Alerts mobile to incoming call
• Access Grant Channel (AGCH)– Allocates an SDCCH to mobile for signaling
following a request on the RACH
Control Channels• Stand-alone Dedicated Control Channel (SDCCH)
– exchange of location update information and call set up information
• Slow associated control channel (SACCH) – exchanging control information between base
and a mobile during the progress of a call set up procedure
• Fast associated control channel (FACCH) – exchange of time critical information between
mobile and base station during the progress of a call
– FACCH steals capacity from the associated TCH
0 1 2 3 4 5 6 2043 2044 2045 2046 2047
0 1 2 3 4 48 49 50
0 1 2 24 25
0 1 2 3 24 25
0 1 2 3 4 48 49 50
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0
1 HYPER FRAME = 2048 SUPERFRAMES = 2 715 648 TDMA FRAMES ( 3 H 28 MIN 53 S 760 MS )
1 SUPER FRAME = 1326 TDMA FRAMES ( 6.12 S ) LEFT (OR) RIGHT
1 MULTI FRAME = 51 TDMA FRAMES (235 .4 ms )
1 SUPER FRAME = 26 MULTI FRAMES
1 SUPER FRAME = 51 MULTI FRAMES
1 MULTIFRAME = 26 TDMA FRAMES ( 120 ms )
TDMA FRAME NO.0 1
0 1
HIERARCHY OF FRAMES
1 2 3 4 155 156
1 TIME SLOT = 156.25 BITS ( 0.577 ms)
(4.615ms)
(4.615 ms)
1 bit =36.9 micro sec
TRAFFIC CHANNELS
SIGNALLING CHANNELS
Handover
• Four types of handovers:– Channels (time slots) in same cell – Between cells within same BSC– Between BSCs, within same MSC– Between MSCs
PSTN
BTS
BTS
BTS
BTS
BTS
BTS
BTS
BSC BSC
MSC
BTS
BTS
BTS
BTS
BTS
BTS
BTS
BSC BSC
MSC
GSM Protocol Suite
GSM Protocol Architecture
GSM Signaling Protocols
• The signaling protocol in GSM is structured in three layers– Physical Layer
• Uses many channel structures– Link Layer
• Uses LAPDm across Um interface• Uses lower parts of SS7 across A interface
– Layer 3 also called Message Layer• Made up of 3 sublayers
– Resource Management (RR) implemented over the link between the MS and BSS.
– Mobility Management (MM) and – Connection Management (CM) provide
communication between MS and MSC.
BTS
Radio interface
HLR
MSCVLR
BSC
RR
MM + CM
SS
Physical Layer
• TDMA frame across Um interface.
• The signaling channels are basically logically multiplexed on an aggregate of the TDM slots.
• PCM transmission across A-bis interface.
Link Layer
• Across Um interface LAPDm is used– No Flag.– No Error retransmission mechanism due to
realtime constraints.– On radio interface two independent flows
(one for signaling, and one for SMS) can exist simultaneously.
– These two flows are distinguished by a link identifier called the Service Access Point Identifier (SAPI).• SAPI=0 for radio signaling, SAPI=62 for
OAM and SAPI=63 for layer 2 management on the Abis interface.
Link Layer
• Across A-bis interface LAPD is used.• Across A interface, Message Transport Part
(MTP) level 2 is used
Layer 3
• Radio Resources Management (RR)– Establishment, maintenance, and termination
of radio channels that allow point-to-point dialogue between network and mobile stations; including cell selection and handover procedures
• Mobility Management (MM)– Manages location updating, registration,
security and authentication procedures• Connection Management (CM)
– Handles general call control, similar to CCITT Recommendation Q.931, and provides supplementary services & Short Message Services (SMS)
Layer 3 – MM Sublayer• The MM sublayer is terminated at the MSC and
the related messages from or to the MS are relayed transparently in the BSS using the Direct Transfer Application Part (DTAP) process.
• The MM sublayer provides functions that can be classified into three types of procedures– MM specific procedures
• Location updating, IMSI attach.– MM common procedures
• IMSI detach, TMSI reallocation, and Authentication/Identification.
– MM connection-related procedures• Used to establish, maintain, and release a
MM connection
BSS Application Part (BSSAP)
• BSS performs radio resource management, and internetworking functions between the data link protocols used on the radio and the BSS - MSC side for transporting signaling related messages.
• These functions are provided by the BSS Management Application Part (BSSMAP) and the DTAP.
• The BSSMAP is the process with BSS that controls radio resources in response to instructions from MSC
• The DTAP is used for the transparent transfer of MM/CM signaling messages between the MS and MSC.
GSM and Enabled Services
• Short Message Service (SMS)• Multimedia Messaging Service (MMS)• General Packet Radio Service (GPRS)• Enhanced Data Rates for GSM Evolution (EDGE)
Short Message Service (SMS)
• SMS provides a mechanism for transmitting short messages to and from wireless devices.
• The service makes use of an SMSC, which acts as a store-and-forward system for short messages.
• The wireless network provides the mechanisms required to find the destination station(s) and transports short messages between the SMSCs and mobile stations.
• The service elements are designed to provide guaranteed delivery of text messages to the destination.
Characteristics
• Guaranteed delivery of text messages to the destination
• Supports several input mechanisms that allow interconnection with different message sources and destinations
• An active mobile handset is able to receive or submit a short message at any time, independent of whether a voice or data call is in progress
Applications
• Initial applications of SMS focused on transmission of alphanumeric messages
• As technology and networks evolved, a variety of services have been introduced, including e-mail, fax, and paging integration, interactive banking, information services such as stock quotes, and integration with Internet-based applications.
• Wireless data applications include downloading of subscriber identity module (SIM) cards for activation, debit, profile-editing purposes, wireless points of sale (POSs), and other field-service applications such as automatic meter reading, remote sensing, and location-based services.
Network Elements and Architecture
Short Message Service Centre Signal Transfer Point
Network Elements and Architecture
• SMSC – Combination of hardware and software responsible
for the relaying and storing and forwarding of a short message between an SME and mobile device.
– The SMSC must have high reliability, subscriber capacity, and message throughput.
– The system should be easily scalable to accommodate growing demand for SMS in the network.
• STP– The STP is a network element normally available on
IN deployments that allows interconnections over signaling system 7 (SS7) links with multiple network elements.
Mobile Terminated Short Message
Mobile Terminated Short Message
Multimedia Messaging Service (MMS)
General Packet Radio Service (GPRS)
• GPRS is an overlay network on the GSM network.• Provides TCP/IP packet data connectivity from a
GPRS enabled mobile phone.• Additional Nodes
– Gateway GPRS Support Node (GGSN)• Takes packets out onto Internet or to Corporate
LAN
– Serving GPRS Support Node (SGSN) • Takes packet data from base station onto data
network
Features
• Data rate– Maximum of 171.2 kbps (theoretical)– 14 kbps uplink and 28 to 64 kbps downlink
• Classes – Indicates the mobile phone capabilities
• Class A– Connected to both GSM and GPRS simultaneously
• Class B– Automatically switch between GSM/GPRS services
• Class C– Manually switch between GSM/GPRS services
General Packet Radio Service (GPRS)
Routing
IP allocation
• Fixed– IP addresses stored in the HLR
• Dynamic– A set of IP addresses are allocated to the GGSN
domain– IP address can be allocated by external RADIUS.
Enhanced Data rates for GSM Evolution (EDGE)
• Provides further enhancements to GSM networks • EDGE can be introduced in two ways
– Packet switched enhancement for GPRS, known as Enhanced GPRS or EGPRS
– Circuit switched data enhancement called Enhanced circuit-switched data or ECSD
• Provides up to three times the data capacity of GPRS, upto 474kbps.
Implementation
• One EDGE transceiver unit (EDGE TRU) will need to be added to each cell.
• EDGE capable terminals will also be needed
Technology
GPRS EDGE
Modulation GMSK 8-PSK/GMSK
Symbol Rate 270ksym/s 270ksym/s
Modulation Bit Rate 270kb/s 810kb/s
Radio data rate per time slot
22.8kb/s 69.2kb/s
User data rate pertimeslot
20kb/s 59.2kb/s
User data rate (8 time slots)
160kb/s 473kb/s
(182.4kb/s) 553.6kb/s
AT & T Commands
• These are the commands that cause the modem to perform certain functions.
• They begin with the command AT.• Types
– Call Control Commands– Network Services Commands– Security Commands– Phonebook Commands– Short Messages Commands– Supplementary Services Commands– Data Commands– Fax Commands
Examples
• AT + CGSN – *#06# – Get IMEI• AT + CIMI – Get IMSI• A/ - Repeat Last Command• AT + CPOF – Power Off• ATD<nb> - Set a voice call with nb as destination• ATH –Hang up• ATA – Answer a call
Message Transfer Part
Signaling Connection Control Part
Telephone User Part
Transaction Capabilities User Part
ISDN User Part
SS7