Beruflich Dokumente
Kultur Dokumente
Contents [1/3]
Chapter 1: Short Message Service and IP Network Integration Chapter 2: Mobility Management for GPRS and UMTS Chapter 3: Session Management for Serving GPRS Support Node Chapter 4: Session Management for Gateway GPRS Support Node Chapter 5: Serving Radio Network Controller Relocation for UMTS
2
Contents [2/3]
Chapter 6: UMTS and cdma2000 Mobile Core Networks Chapter 7: UMTS Charging Protocol Chapter 8: Mobile All-IP Network Signaling Chapter 9: UMTS Security and Availability Issues Chapter 10: VoIP for the Non-All-IP Mobile Networks Chapter 11: Multicast for Mobile Multimedia Messaging Service Chapter 12: Session Initiation Protocol
3
Contents [3/3]
Chapter 13: Mobile Number Portability Chapter 14: Integration and WLAN and Cellular Networks Chapter 15: UMTS All-IP Network Chapter 16: Issues on IP Multimedia Core Network Subsystem Chapter 17: A Proxy-based Mobile Service Platform
4
Mobile Network
IP Network
SM-SC
Gateway
6
NCTU-SMS
iSMS
Three types of mobility: radio mobility, core network mobility and IP mobility Radio mobility supports handoff of a mobile user during conversation Core network mobility provides tunnel-related management for packet re-routing in the core network due to user movement IP mobility allows the mobile user to change the access point of IP connectivity without losing ongoing sessions. Session management maintains the routing path for a communication session, and provides packet routing functions including IP address assignment and QoS setting.
9
10
11
12
The GGSN plays the role as a gateway, which controls user data sessions and transfers the data packets between the UMTS network and the external PDN. The meta functions implemented in the GGSN are described as follows: network access control, packet routing and transfer, and mobility management.
13
HLR
RADIUS server
(6)
NAT
(13)
GGSN
(7)
FW
(1) INTERNET
(5)
DNS DHCP server
(9) (8)
RADIUS server
(10)
DHCP: Dynamic Host Configuration Protocol FW: Firewall GGSN: Gateway GPRS Support Node MS: Mobile Station
NAT: Network Address translator RADIUS: Remote Authentication Dial-In User Service UMTS: Universal Mobile Telecommunication Service UTRAN: UMTS Terrestrial Radio Access Network
14
IP Address Allocation
APN label Access mode
IP address allocation IP address type
INTERNET Transparent
WAP
ISP
COMPANY
IPv4
15
SGSN1
SGSN2
SGSN1
SGSN2
Serving RNC
RNC1
(Source RNC)
Drift RNC
Iur RNC2
(Target RNC)
Serving RNC
RNC1
(Source RNC)
Iur
RNC2
(Target RNC)
Iub
Iub
Iub
Iub
Node B1
Node B2
Node B1
Node B2
UE
UE
16
In 3GPP TS 23.060, a lossless SRNC relocation procedure was proposed for non-real-time data services. 1. The source RNC first stops transmitting downlink packets to the UE, and then forwards the next packets to the target RNC via a GTP tunnel between the two RNCs. 2. The target RNC stores all IP packets forwarded from the source RNC. 3. After taking over the SRNC role, the target RNC restarts the downlink data transmission to the UE. No packet is lost during the SRNC switching period. Real-time data transmission is not supported because the IP data traffic will be suspended for a long time during SRNC switching.
17
Stage I (the same as Stage I in SD) initiates SRNC relocation. The IP packets are delivered through the old path: UENode B2target RNC source RNCSGSN1GGSN Steps 1 and 2: Source RNC initiates SRNC relocation by sending Relocation_ Required to SGSN1. Step 3: SGSN1 sends Forward_Relocation_ Request to request SGSN2 to allocate the resources for the UE. Step 4: SGSN2 send Relocation_Request with RAB parameters to the target RNC. After all necessary resources are allocated, the target RNC send Relocation_Request_ Acknowledge to SGSN2.
GGSN
SGSN1
SGSN2
Source RNC
1
Iur
Target RNC
18
GGSN routes the downlink packets to the old path receiving Update_PDP_Context_ Request. After GGSN has received the message, the downlink packets are routed to the new path GGSNSGSN2target RNC. The new packets arriving at the target RNC are buffered until the target RNC takes over the SRNC role. Step 5: SGSN2 sends Update_PDP_Context_ Request to GGSN. GGSN updates the corresponding PDP context, and the downlink packet routing path is switched from the old path to the new path. Steps 6-7: SGSN2 informs SGSN1 that all resources for the UE are allocated. SGSN1 forwards this information to the source RNC.
GGSN
5
SGSN1
6 7
SGSN2
Source RNC
Iur
Target RNC
19
The Iur link (i.e., the old path) disconnected. The old downlink packets arriving at the source RNC later than Step 7 (Relocation_Command) are dropped. The SRNC role is switched from the source RNC to the target RNC. Step 8: The source RNC transfers SRNS context (e.g., QoS profile) to the target RNC. Steps 9 and 10: The target RNC informs SGSN2 that the target RNC will become the SRNC. At the same time, the target RNC triggers the UE to send the uplink IP packets to the target RNC.
GGSN
SGSN1
SGSN2
9 8
Source RNC
Target RNC
10
Iur
20
The target RNC informs the source RNC that SRNC relocation is successfully performed. Then the source RNC releases the resources for the UE. Step 11: The target RNC indicates the completion of the relocation procedure to SGSN2, and SGSN2 forwards this information to SGSN1. Step 12: SGSN1 requests the source RNC to release the resources allocated for the old path.
GGSN
SGSN1
11
` 12
SGSN2
11
Source RNC
Target RNC
21
UMTS and cdma2000 are two major standards for 3G mobile telecommunication. Two important functionalities of mobile core network are mobility management and session management. This chapter describes these two functionalities for UMTS and cdma2000, and compare the design guidelines for these two 3G technologies.
22
cdma2000 Architecture
PSTN
BSC
SDU MS BTS A3/A7
MSC/VLR
HLR
HA A1/A2/A5 A10/A11
BSC
SDU MS BTS A8/A9 PCF A10/A11
PDSN
PDN
AAA
Radio Network
AAA: Authentication, Authorization and Accounting BSC: Base Station Controller BTS: Basestation Transceiver System HA: Home Agent HLR: Home Location Register MS: Mobile Station MSC: Mobile Switching Center PCF: Packet Control Function PDSN: Packet Data Seving Node PDN: Packet Data Network PSTN: Public Switched Telephone Network SDU: Selection and Distribution Unit VLR: Visitor Location Register
23
cdma2000 CS Domain
BSC connects to the core network through the SDU. The SDU distributes the circuit switched traffic (e.g., voice) to the MSC. A1 interface supports call control and mobility management between MSC and BSC. A2 and A5 interfaces support user traffic and circuit switched data traffic between MSC and BSC.
24
cdma2000 PS Domain
The SDU distributes the packet switched traffic to PCF and then to the PDSN. Interfaces A8 and A9 support packet switched data and signaling between PCF and SDU, respectively. Interfaces A10 and A11 (R-P interface) support packet switched data and signaling between PCF and PDSN. GRE tunnel is used for data routing in A10 with standard IP QoS. MIP is used for signaling routing in A11. The R-P interface also supports PCF handoff (inter or intra PDSN).
25
PDSN
Maintaining link-layer sessions to the MSs Supporting packet compression and packet filtering before the packets are delivered through the air interface Providing IP functionality to the mobile network, which routes IP datagrams to the PDN with differentiated service support Interacting with AAA to provide IP authentication, authorization and accounting support Acting a MIP FA in the mobile network The interfaces among the PDN nodes (i.e., PDSN, HA, AAA) follow the IETF standards.
26
MS
RN
IKE: Internet Key Exchange IPSec: IP Security LAC: Link Access Control MIP: Mobile IP PDSN: Packet Data Serving Node PL: Physical Layer R-P: RN-PDSN Interface
PDSN
IP: Internet Protocol HA: Home Agent MAC: Medium Access Control MS: Mobile Station PPP: Point to Point Protocol RN: Radio Network UDP: User Datagram Protocol
HA
27
GTP-C UDP/IP L2 L1
L2 L1
AAL5 ATM
MS
UTRAN
SGSN
GGSN
AAL5: ATM Adaptation Layer Type 5 ATM: Asynchronous Tranfer Mode GGSN: Gateway GPRS Support Node MAC: Medium Access Control RANAP: Radio Access Network Application Protocol MS: Mobile Station RRC: Radio Resource Control RLC: Radio Link Control SCCP: Signaling Connection Control Part SGSN: Serving GPRS Support Node GMM/SM/SMS: GPRS Mobility Management/Session Managemnt/Short Message Service GTP-C: GPRS Tunneling Protocol - Control Plane UTRAN: UMTS Terrestrial Radio Access Network
28
MS
RN
IP: Internet Protocol HA: Home Agent MAC: Medium Access Control PDSN: Packet Data Serving Node PL: Physical Layer R-P: RN-PDSN Interface
PDSN
HA
IPSec: IP Security LAC: Link Access Control MS: Mobile Station PPP: Point to Point Protocol RN: Radio Network UDP: User Datagram Protocol
29
IP, PPP
GTP-U
UDP/IP
AAL5
L2
L2 L1
ATM
L1
MS
UTRAN
SGSN
GGSN
ATM: Asynchronous Tranfer Mode AAL5: ATM Adaptation Layer Type 5 GGSN: Gateway GPRS Support Node GTP-U: GPRS Tunneling Protocol - User Plane IP: Internet Protocol MAC: Medium Access Control MS: Mobile Station PDCP: Packet Data Convergence Protocol PPP: Point to Point Protocol RLC: Radio Link Control SGSN: Serving GPRS Support Node UDP: User DatagramProtocol UTRAN: UMTS Terrestrial Radio Access Network
30
The control plane carries out tasks for MM/SM/SMS. In cdma2000, the mobility and session tasks are based on the same lower layer protocol (IP based protocols) for user data transportation. In UMTS, the lower layer protocols supporting MM/SM tasks in the control plane are different from the lower layer protocols in the user plane. The signaling path between MS and SGSN consists of an RRC connection between MS and UTRAN, and an Iu connection between UTRAN and SGSN.
31
In UMTS, the PS domain services are supported by PDCP in the user plane. PDCP contains compression methods, which provide better spectral efficiency for IP packets transmission over the radio. In cdma2000, the header and payload compression mechanism is provided by PPP between MS and PDSN. Both UMTS RLC and cdma2000 LAC provide segmentation and retransmission services for user and control data. cdma2000 LAC supports authentication functionality for wireless access, which is equivalent to GPRS transport layer authentication in UMTS.
32
PPP
In both control and user planes for cdma2000, PPP is carried over the LAC/MAC, and R-P tunnels are utilized to establish the connection between an MS and the PDSN. In cdma2000, a PPP connection is equivalent to a packet data session, which is comparable to the UMTS PDP context. In the UMTS control plane, no PPP/IP connection is established between MS and SGSN. Signaling is carried over the RRC and Iu connections. UMTS user plane provides two alternatives for IP services. IP is supported by non-PPP lower layer protocols. IP is supported by PPP. Dial-up application Mobile IP is introduced to UMTS
33
The GTP protocol is used for communications between a GSN and a CG, which can be implemented over UDP/IP or TCP/IP. Above the GTP protocol, a Charging Agent (or CDR sender) is implemented in the GSN and a Charging Server is implemented in the CG.
signaling signaling and data
a RNC
MS Node B
b HLR
c f Ga CG
d RNC
MS Node B
UTRAN
Core Network
CG : Charging Gateway GGSN : Gateway GPRS Support Node HLR : Home Location Register MS : Mobile Station PDN : Packet Data Network
UTRAN : UMTS Terrestrial Radio Access Network RNC : Radio Network Controller SGSN : Serving GPRS Support Node Node B : Base Station
34
Our GTP service model follows the GSM Mobile Application Part (MAP) service model. A GSN communicates with a CG through a dialog by invoking GTP service primitives. A service primitive can be one of four types:
35
CG
Charging Server
(1) CONNECT (REQ) (2) Node Alive Request (3) CONNECT (IND) (4) CONNECT (RSP) (5) Node Alive Response (6) CONNECT (CNF)
36
CG
Charging Server
(1) CDR_TRANSFER (REQ) (2) Data Record Transfer Request (3) CDR_TRANSFER (IND) (4) CDR_TRANSFER (RSP) (5) Data Record Transfer Response (6) CDR_TRANSFER (CNF)
37
The CG Address attribute identifies the CG connected to the GSN. The Status attribute indicates if the connection is active or inactive. The Charging Packet Ack Wait Time Tr is the maximum elapsed time the GSN is allowed to wait for the acknowledgement of a charging packet. The Maximum Number of Charging Packet Tries L is the number of attempts (including the first attempt and the retries) the GSN is allowed to send a charging packet. The Maximum Number of Unsuccessful Deliveries K is the maximum number of consecutive failed deliveries that are attempted before the GSN considers a connection failure occurs. The Unsuccessful Delivery Counter NK attribute records the number of the consecutive failed delivery attempts. The Unacknowledged Buffer stores a copy of each GTP' message that has been sent to the CG but has not been acknowledged.
A record in the unacknowledged buffer consists of an Expiry Timestamp te , the Charging Packet Try Counter NL and an unacknowledged GTP' message.
38
Traditional SS7 signaling is implemented in MTP-based network, which is utilized in the existing mobile networks including GSM and GPRS. In UMTS all-IP architecture, the SS7 signaling will be carried by IP-based network. The low costs and the efficiencies for carriers to maintain a single, unified telecommunications network, guarantee that all telephony services will eventually be delivered over IP. This chapter describes design and implementation of the IPbased network signaling for mobile all-IP network.
40
SS7 Architecture
NETWORK 2 STP pair NETWORK 1 STP pair STP pair A-link C-link SCP
D-link
A-link SSP
B-link
E-link F-link Trunk A-link SSP Voice/Data Trunk SS7 Signaling Link
Service Switching Point (SSP) is a telephony switch that performs call processing. Service Control Point (SCP) contains databases for providing enhanced services. Signal Transfer Point (STP) is a switch that relays SS7 messages between SSPs and SCPs.
41
Access Links (A-links) connect the SSP/STP or the SCP/STP pairs. Bridge Links (B-links) connect STPs in different pairs. Cross Links (C-links) connect mated STPs in a pair. Diagonal Links (D-links) are the same as the B-links except that the connected STPs belong to different SS7 networks. Extended Links (E-links) provide extra connectivity between an SSP and the STPs other than its home STP. Fully-Associated Links (F-links) connect SSPs directly.
42
OMAP
Application TCAP Presentation Session Transport
MAP
ISUP
Message Transfer Part (MTP) consists of three levels corresponding to the OSI physical layer, data link layer, and network layer, respectively.
The MTP level 1 (MTP1) defines the physical, electrical, and functional characteristics of the signaling links connecting SS7 components. The MTP level 2 (MTP2) provides reliable transfer of signaling messages between two directly connected signaling points. The MTP level 3 (MTP3) provides the functions and procedures related to message routing and network management.
Signaling Connection Control Part (SCCP) provides additional functions such as Global Title Translation (GTT) to the MTP.
44
Integrated Services Digital Network User Part (ISUP) establishes circuit-switched network connections (e.g., for call setup). Transaction Capabilities Application Part (TCAP) provides the capability to exchange information between applications using non-circuit-related signaling. Operations, Maintenance, and Administration Part (OMAP) is a TCAP application for network management. Mobile Application Part is a TCAP application that supports mobile roaming management.
45
IETF Signaling Transport (SIGTRAN) working group addresses the issues regarding the transport of packet-based SS7 signaling over IP networks. SIGTRAN defines not only the architecture but also a suite of protocols, including the SCTP and a set of user adaptation layers (e.g. M3UA), which provides the same services of the lower layers of the traditional SS7. Why not TCP ?
TCP provides strict order-of-transmission which causes head-of-line blocking problem. The TCP socket does not support multi-homing. TCP is vulnerable to blind Denial-of-Service (DoS) attacks such as flooding SYN attacks.
46
SCTP Features
Like TCP
To provide reliable IP connection. To employ TCP-friendly congestion control (including slow-start, congestion avoidance, and fast retransmit) To provide message-oriented data delivery service and new delivery options (ordered or unordered) To provide selective acknowledgments for packet loss recovery To use a four-way handshake procedure to establish an association (i.e., a connection). To offer new features that are particularly for SS7 signaling
Unlike TCP
Multi-homing Multi-streaming
47
Short Message Service (SMS) allows mobile subscribers to send and receive simple text message in 2G systems (e.g. GSM). Multimedia Message Service (MMS) is introduced to deliver messages of sizes ranging from 30K bytes to 100K bytes in 2.5G systems (e.g. GPRS) and 3G systems (e.g. UMTS) The content of an MMS can be text (just like SMS), graphics (e.g., graphs, tables, charts, diagrams, maps, sketches, plans and layouts), audio samples (e.g., MP3 files), images (e.g., photos), video (e.g., 30-second video clips), and so on.
48
49
The MMS user agent (a) resides in a Mobile Station (MS) or an external device connected to the MS, which has an application layer function to receive the MMS. The MMS can be provided by the MMS value added service applications (b) connected to the mobile networks or by the external servers (d) (e.g., email server, fax server) in the IP network. The MMS server (c) stores and processes incoming and outgoing multimedia messages. The MMS relay (e) transfers messages between different messaging systems, and adapts messages to the capabilities of the receiving devices. It also generates charging data for the billing purpose. The MMS server and the relay can be separated or combined. The MMS user database (f) contains user subscriber data and configuration information. The mobile network (g) can be a WAP (Wireless Application Protocol) based 2G, 2.5G or 3G system. Connectivity between different mobile networks is provided by the Internet protocol.
50
MCH (HLR)
VLR1 VLR2 VLR3 1 2 0 MCV (VLR3)
LA5
LA6
0
0
51
52
Step 1. The multimedia message is first delivered from the message sender to the Cell Broadcast Entity (CBE). Step 2. The CBE forwards the message to the Cell Broadcast Center (CBC). Step 3. The CBC searches the multicast table MCC to identify the routing areas RAi where the multicast members currently reside (i.e., MCC [RAi] > 0 in the CBC). In Figure 1.7, i = 2 and 4. Step 4. The CBC sends the multicast message to the destination RNCs (i.e., RNC1 and RNC2 in Figure 1.7) through the Write Replace message defined in 3GPP TS 23.041. Step 5. The RNCs deliver the multimedia messages to the multicast members in the RAs following the standard UMTS cell broadcast procedure. Like SMS multicast, a multicast table MCC is implemented in the CBC to maintain the identities of the RAs and the numbers of the multicast members in these RAs.
53
SIP is an application-layer signaling protocol over the IP network. SIP is designed for creating, modifying and terminating multimedia sessions or calls. SIP message specifies the Real-Time Transport Protocol / Real-Time Transport Control Protocol (RTP/RTCP) that deliver the data in the multimedia sessions.
RTP is a transport protocol on top of UDP, which detects packet loss and ensures ordered delivery. A RTP packet also indicates the packet sampling time from the source media stream. The destination application can use this timestamp to calculate delay and jitter.
54
The user agent resides at SIP endpoints (or phones). A user agent contains both a User Agent Client (UAC) and a User Agent Server (UAS).
The UAC (or calling user agent) is responsible for issuing SIP requests The UAS (or called user agent) receives the SIP request and responds to the request.
55
Registrar: A UA can periodically register its SIP URI and contact information (which includes the IP address and the transport port accepting the SIP messages) to the registrar. Proxy Server: A proxy server processes the SIP requests. The proxy server either handles the request or forwards it to other servers, perhaps after performing some translation. Redirect Server: A redirect server accepts the INVITE requests from a UAC, and returns a new address to that UAC.
56
1. REGISTER 2. Store
Registration
8. Ringing 9. OK
10. ACK
57
Number Portability (NP) is a network function that allows a subscriber to keep a unique telephone number. NP is an important mechanism
to enhance fair competition among telecommunication operators and to improve customer service quality. location portability, service portability, and operator portability.
58
Terminologies
Number range holder (NRH) network : the network which the number is assigned Subscription network: the network with which the customers mobile operator has a contract to implement services for a specific mobile phone number Donor (release) network: subscription network from which a number is ported in the porting process Recipient network: network that receives the number in the porting process
59
MDN vs MIN
Mobile directory number (MDN) is dialed to reach the MS (e.g., MSISDN in GSM). Mobile identification number (MIN) is a confidential number that uniquely identifies an MS in Mobile Network (e.g., IMSI in GSM).
When mobile number portability is introduced, a porting mobile user would keep the MSISDN (the ported number) while being issued a new IMSI in GSM.
60
61
In 3GPP TS 23.066, two approaches are proposed to support number portability call routing:
Signaling Relay Function (SRF)-based solution, and Intelligent Network (IN)-based solution.
Both approaches utilize the Number Portability Database (NPDB) that stores the recodes for the ported numbers.
62
SRF-based Approach
The SRF node is typically implemented on the Signal Transfer Point (STP). Three call setup scenarios have been proposed for SRF-based approach: direct routing (DR) and indirect routing (IR). DR: The mobile number portability query is performed in the originating network. IR: The mobile number portability query is performed in the NRH.
63
64
65
Service aspects Access control aspects Security aspects Roaming aspects Terminal aspects Naming and address aspects Charging and billing aspects
UMTS: Universal Mobile telecommunication System UTRAN: UMTS Terrestrial Radio Access Network RNC: Radio Network Controller SGSN: Serving GPRS Support Node GGSN: Gateway GPRS Support Node
HLR: Home Location Register PDN: Packet Data Network WGSN: WLAN-based GPRS Support Node AP: Access MS: Mobile Station
66
67
The MS Architecture
Perform MS Attach and detach procedure. (The authentication action is included in the attach procedure.)
68
69
Mobile network will benefit from all existing Internet applications. The telecommunications operators will deploy a command backbone for all type of access, and thus to reduce capital and operating cost. New applications will be developed in an all-IP environment, which guarantees optimal synergy between the mobile network and Internet.
70
All-IP Architecture
Option 1
Support PS-domain multimedia and data service. Extend option 1 network by accommodating CSdomain voice service over a packet switched core network.
Option 2
71
72
Radio Network
GPRS Network
73
Function
Communicate with HSS for location information Handle control-layer functions related to application level registration and SIP-based multimedia session. Incoming Call Gateway
Logical components
Communicate with HSS to perform routing of incoming calls. Handle call setup and call-event report for billing and auditing.
74
CSCF (cont.)
Address Handing
P-CSCF
Be assigned to a UE while it attaches to the network. Forward the requests to the I-CSCF at home network.
I-CSCF
Contact point for the home network of the destination UE. Route the request towards the S-CSCF.
Be assigned to a UE after successful application level registration. Support signing interactions with the UE for call setup and supplementary services control.
S-CSCF
75
Keep a list of features and services associated with users, and maintain the location of the users. Provide the HLR functionality required by the PC and CS domain, and the IM functionality required by the IMS.
Select appropriate PSTN breakout point (another BGCF or an MGCF).
Acts as the media gateway controller in a VoIP network. Control the media channels in an MGW.
76
Map call related signing from/to the PSTN on an IP bearer and send it to/from the MGCF.
Provide user plane data transport between UMTS core network and PSTN. Interact with MGCF for resource control.
77
Support Media Gateway Control Protocol (MGCP) or H.248 to handle control layer functions related to CS domain. MSC server + MGW = MSC (in UMTS R99)
Step 3. I-CSCF determines the HSS address, and queries the HSS about the registration status of the UE. Step 4. I-CSCF obtains the required S-CSCF capability information and selects an appropriate S-CSCF. Step 5. I-CSCF forwards SIP REGISTER to S-CSCF. Step 6. S-CSCF presents its name and subscriber identity to HSS. Step 7. S-CSCF obtains the UEs subscriber data from HSS. Step 8. SIP 200 OK is replied. Step 9. P-CSCF stores the home contact name and forwards SIP 200 OK. 79
Author Biography
Yi-Bing Lin is Chair Professor of College of Computer Science, National Chiao Tung University. His current research interests include mobile computing and cellular telecommunications services. Dr. Lin has published over 200 journal articles and more than 200 conference papers. He is the co-author of the books Wireless and Mobile Network Architecture (with Imrich Chlamtac; published by Wiley, 2001) and Wireless and Mobile All-IP Networks (with Ai-Chun Pang; published by Wiley, 2005). Dr. Lin is an IEEE Fellow, ACM Fellow, AAAS Fellow, and IEE Fellow.
80