Cellular Wireless Networks

Content

Cellular System: General Description

First Generation: AMPS

Second Generation: General

GSM

GSM: Architecture II

GSM: Advanced Data Services

Cellular System:
General Description

1
 Cellular Network Organization

Use multiple low-power transmitters (100 W or
less)

Areas divided into cells

Each served by its own antenna

Served by base station consisting of
transmitter, receiver, and control unit

Band of frequencies allocated

Cells set up such that antennas of all neighbors
are equidistant (hexagonal pattern)

Frequency reuse

Each of the N=7
cells uses a
unique band of
frequencies

E.g for AMPS
total of 395
frequencies,
N=7, about 57
frequencies per
cell

Frequency Reuse

Adjacent cells assigned different frequencies to
avoid interference or crosstalk

reuse frequency in nearby cells

10 to 50 frequencies assigned to each cell

Transmission power controlled to limit
power at that frequency escaping to adjacent
cells

The issue is to determine how many cells
must intervene between two cells using the
same frequency

2
 Cellular System Architecture

Cellular Systems Terms

MS – Mobile System (mobile phone)

MS Base Station – includes an antenna, a
controller, and a number of receivers

Mobile telecommunications switching office
(MTSO) – connects calls between mobile units

Also called MSC (mobile Switching Center)

channels available between MS and BS

Control channels (CC) –exchange information having
to do with setting up and maintaining calls

Traffic channels (TC)– carry voice or data connection
between users

Mobile Unit Initialization

Listen on predefined
control channel

Select strongest BS

Handshake with MSC

MSC update database

Also update Home MSC

Repeat the above

Listen for Paging

All via common control
channels

3
 Mobile originating a call

MS check if uplink “setup
channel” is clear

By listening to instructions
on a certain downlink

MS Send number to BS via
uplink “setup channel”

BS sends to MSC

via Earthlink

MSC instructs relevant BSs
to send “paging”

BSs send paging on
downlink “Paging channel”

Call acceptance

Called MS responds to BS
via uplink “setup channel”

BS responds to MSC

MSC setup a circuit and
assign “traffic channels”
(TCs) to both BSs

BSs notify MSs – via
control channels their TCs

MSs tune to their TCs

Call proceed via the MSC

Additional Functions of MSC

Handoff

If MS moves to another cell – replace BS

Call blocking

If no TCs available – return busy tone

Call termination

Upon closing by MS – release TC channels and circuit

Call drop

If signal become weak – BS drop call

Calls to/from fixed and remote mobile subscriber

4
 Handoff Decision points

Relative signals (L1)

Relative signals with
threshold (L2)

Relative signals with
hysteresis (L3, M)

Relative signals with N M

hysteresis and
threshold (L4, N)

Hysteresis

Two states: MS
connected with BS A
or with BS B

Reverse transition
under different
condition

Handoff from A to B

when PB – PA increases
to H

Handoff from B to A

When PB – PA
decreases to -H

Power Control: Open Loop

BS sends “pilot
signal. MS adjusts its
signal inversely
proportional

No feedback from BS

Not as accurate as
closed-loop, but can
react quicker to
fluctuations in signal
strength

5
 Closed Loop Power Control

BS measures MS
signal

BS sends “adjust
power” commands
on a certain CC

MS reacts

Also used in the
reverse direction

e.g. used in GSM

First Generation: AMPS

Advanced Mobile Phone System

(Analog Mobile Phone Service)

1’st-Generation System: AMPS

BS transmission band (25 = 12.5*2 MHz) 869-894 MHz
MS transmission band (25 = 12.5*2 MHz) 824-849 MHz
Spacing between up/down channels 45 MHz
Single Channel bandwidth limited to 30 KHz
Number of full duplex voice channels 790 (385 per operator)
Number of full duplex Control Channels 42 (21 per operator)
MS max power 3 Watts
Cell size, radius 2-10 Km
Modulation, (analog) voice channel FM, ∆F=12KHz
Modulation, (digital) control channel FSK, ∆F=8KHz
Raw (Control) Data transmission rate 10 Kbps
Error Correcting code BCH

6
 AMPS: Encoding Voice by FM

Carrier; s(t) = Ac*COS[ 2πfct +φ(t) ]

Voice signal = m(t) (Analog. No digitization)

Phase of carrier is 2πfct + φ(t).

π) is, by definition, the
Its derivative (divided by 2π
instantaneous frequency of the signal

f(t) = fc + φ’(t)/2π

FM is done by making φ’(t) proportional to m(t)

φ’(t) = nf*m(t)

nf = frequency modulation index

πfmt)
Example FM: m(t) = -Amsin(2π

φ’(t) = -nfAmsin(2ππfmt)

φ(t) = (nfAm/2ππfm) * cos(2π πfmt)

πfct + (nfAm/2π
s(t) = cos[2π πfm) * cos(2ππfmt)]

instantaneous frequency
π)sin(2π
π)
f(t) = fc – (nfAm/2π) πfmt)

Max frequency shift: ∆F = nfAm/2π π

Fourier decomposition:
s(t) = J0(∆F/fm)cos(2π πfct) +
+ Σ Jn(∆F/fm)*{ cos[2π
π(fc + nfm)t +nπ
π/2] +
π(fc + nfm)t +(n+2)π
cos[2π π/2]}
Infinite number of frequencies  large bandwidth

Bandwidth of FM (Carson)

B = bandwidth of modulating signal (data)

Range of frequencies of its Fourier Components

∆F = max instantaneous frequency shift

Bandwidth of resulting signal: BT

∆F + 2B
BT = 2∆

7
 AMPS: Encoding Control Data by BFSK

Control Data is digital. It is transmitted by encoding it
in BFSK (Binary Frequency Shift Keying)

The two binary digits represented by two different
frequencies near the carrier frequency

 A cos(2πf t ) binary 1
s (t ) =  1
 A cos(2πf 2t ) binary 0

where f1 and f2 are offset from carrier frequency

fc by equal but opposite amounts ∆F

Bandwidth of BFSK

BFSK BT=2∆F+(1+r)R

R = bit rate

How many times per sec carrier frequency changes

0 < r < 1; related to how signal is filtered

∆F = f2-fc=fc-f1

AMPS Bandwidth calculation

Control Channel

Digital Encoding: Binary FSK

∆F = f2 –fc = fc –f1 = 8 KHz

∆F + (1 + r)R = 30 KHz
BT = 2∆

(1+r)R = 14 KHz In practice R = 10 Kbps

Voice Channel:

Analog Modulation: Frequency Modulation (FM)

∆F (Peak Deviation) = 12 KHz

B is the Bandwidth of the voice data

B = 3 KHz

BT = 2∆∆F + 2B = 30 KHz

8
 AMPS: operation

Telephone number & unit number in RAM

MS transmits number to MSC

MSC can then block stolen MS

Placing a call

Subscriber key in phone number and presses “send”

MSC verifies number and authorizes user

MSC send to MS traffic channels (send & receive)

MSC sends ringing signal to called party

Party answers; MSC establishes circuit and initiates

billing information

Either party hangs up; MSC releases circuit, frees

channels, completes billing

AMPS Control Channels

21 30-KHz duplex channels

uplink: Call req, Page resp, Ack

downlink: Paging, frequency
assignment

Data transmitted in frames downlink

Error Correction: Repeat data

uplink

Second Generation Systems

9
 Second Generation Systems

Digital traffic channels

Speech: digital sampling, then modulating carrier

Use repeaters and switches

Encryption of user traffic

Sophisticated Error detection and correction

Adaptive equalization to overcome multipath

Sharing Physical Channel:

By Time dividing physical channel frames (TDMA)

By spread spectrum re-encoding

Multipath

Reflection, Scattering and Dispersion

Result: Inter Symbol Interference

Adaptive Equalization

Receiver: fast sampling of input 5 times

Output: weighted average

Weights are updated frequently (every 0.1 ms)

By sampling fixed training sequence sent by sender

10
 FDMA/TDMA

Physical channel: A frequency band (200 KHz)

Data from various devices sent in frames

Frame consist of time slots (8)

Pattern of repeating slots = (logical) channel

Devices are allocated (logical) channels

Example of TDMA Design

number of time slots to justify cost: 8

Max cell radius (rural areas): 35 km

Frequencies: around 900 MHz (λ λ = 33 cm)

Max vehicle speed (fast train): Vm = 250 km/hr

Maximum speech coding delay: approx. 20 ms

Additional to delays on terrestrial or satellite links

Max multipath spread (mountains): ∆m=10 µs

Max Physical channel Bandwidth: 200 kHz

To compare with 8 analog (25 KHz each) channels in
the old analog cell phone system in Europe

TDMA Slot Design I

Coding delay 20 ms

Station prepare voice block
and send previous block
during 20 ms

Speech coding rate 12 Kbps

Speech block:

240 bit data

248 Error bits

station sends 448 bits during
20 ms

11
 TDMA Slot Design II

Max time before
sending training
sequence:
1. Mobile moves λ/20
(carrier phase changes
by π/10
π/10)
10) = 1.6 cm
2. time is = (λ
λ/20)/Vm =
0.24 msec

Traing seq = 6 ∆m =
0.06 msec

TDMA slot design III

Guard time (BS adjusts to moving delay) = time for
signal to cover distance the mobile moved during
typical call = 130 sec*Vm/c = 0.03 msec

Total Slot Time 0.57 ms

Frame (8 slots) = 4.6 ms

Redesign: Frame 4 ms

TDMA slot design IV

Frame time 4 msec; Slot time = 0.5 msec

Data fields 0.4 ms; train sequence 0.06 ms

 Voice block (20 ms) takes 5 slots

488/5 = 98 bits/slot (data + error correction)

Rate of raw bits: 98b/0.4ms = 245 Kbps

Training sequence 245 Kbs * 0.06 ms = 15 bits

Slot: 121 bits - data, error, training, guard

12
 GSM
Global System for
Mobile Communication

architecture
Services

channels

calls

4.0.1

GSM Architecture I

GSM Cells
segmentation of the area into cells
possible radio coverage of the cell

cell
idealized shape of the cell

Use of several carrier frequencies

Not the same frequency band in adjoining cells

Cell sizes vary : 100 m up to 35 km (user density,
geography, transceiver power etc).

Idealized hexagonal shape (depends geography)
4.17.1

if a mobile user changes cells  handover

13
 GSM: General Architecture
OMC, EIR,
AUC
HLR GMSC
NSS fixed network
with OSS

VLR MSC MSC

VLR

BSC

BSC
MS
RSS

MS
BTS

4.11.1

GSM: system architecture

radio network and fixed
subsystem switching partner
subsystem networks
MS MS
ISDN
PSTN
Um MSC

BTS Abis
BSC EIR
BTS
SS7

HLR

BTS VLR
BSC ISDN
BTS A MSC
PSTN
BSS IWF
PSPDN
CSPDN
4.13.1

Components
Radio Network
MS (Mobile Station)
subsystem
subsystem
BSS (Base Station Subsys):
MS MS 1. BTS (Base Transceiver Stn):
sender and receiver
Um
Abis
2. BSC (Base Station Ctrller):
BTS
BSC MSC controlling several
BTS
transceivers.

Interfaces
A
1. Um : radio interface
BTS
BTS
BSC MSC 2. Abis : 16 kbit/s user
BSS channels
3. A: 64 kbit/s user
channels 4.14.1

14
 COMPONENTS
 MSC (Mobile Services & Switch
network fixed
subsystem partner
Center)
networks  IWF (Interworking Functions)
ISDN
PSTN NETWORKS
MSC
 ISDN (Integ. Services
Dig. Net.)
EIR  PSTN (Public Switched Tel. Net.)
 PSPDN (Packet Switched Public
SS7

HLR Data Net. - Internet)

 CSPDN (Circuit Switched Public
VLR Data Net. - X.25 )
ISDN
MSC
PSTN
DATABASES
IWF
PSPDN HLR (Home Location Register)
CSPDN
VLR (Visitor Location Register)
EIR (Equipment Identity Reg.)
4.15.1

1 calling a GSM unit

Mobile Terminated

2 forward call to GMSC

3 signal call to HLR
Call (MTC)
4

4, 5 request an MS HLR VLR
5
8 9
temporary ID from VLR 3 6 14 15
calling 7

6 forward responsible station PSTN GMSC MSC
2
MSC to GMSC 1 10 10 13 10
16

7 forward call to MSC BSS BSS BSS
11 11 11

8, 9 get status of MS
11 12

10, 11 paging MS 17
MS

12, 13 MS answers

14, 15 security checks

16, 17 set up connection 4.26.1

GSM: Physical Encoding

15
 Minimum Shift Keying: I

Modified BFSK – better efficiency

special pre-computation avoids sudden phase
shifts
 MSK (Minimum Shift Keying)

Construct two streams: separate odd bits stream
and even bits stream. Bit lengths are doubled

construct two carriers: the frequency of the
second is twice the frequency of the first. 2.23.1

Minimum Shift Keying: II

Compare the two streams bit by bit: Select one
carrier or the other, straight or inverted,
according to the pair of bits in the two streams.
Use a table.

Resulting signal is smooth (no phase jumps)

higher bandwidth efficiency: use Gaussian low-
pass filter

GMSK (Gaussian MSK), used in GSM

Example of MSK
1 0 1 1 0 1 0
data bit
even 0101
even bits odd 0011

odd bits signal hnnh

value - - ++

low h: high frequency

frequency
n: low frequency
+: original signal
high -: inverted signal
frequency

MSK
signal
t

No phase shifts!

16
 GSM Frames and Channels

GSM 900 (2W): FDMA Channels

Uplink (mobile  BS) Frequencies 890.2 MHz  915 MHz.
FU = 890 + 0.2N, N=1..124 124 FDM channels, 200 KHz each
f
960 MHz 124

935.2 MHz 1 200 kHz

20 MHz
915 MHz 124

1
890.2 MHz
t
Downlink (BS  Mobile) Frequencies 935.2 MHz  960 MHz.
FD = 935 + 0.2N, N=1..124 124 FDM channels, 200 KHz each

FD = FU + 45 MHz 3.5.1

TDM Frames & Physical Channels

An FDM channel (200 KHz) is subdivided in time:

Every 4.615 ms One TDMA Frame is sent

About 260 times per sec

Each TDMA Frame consists of 8 time slots

Full logical channel: One time slot that repeats itself
every 4.615 msec (about 260 time per sec)

124 FDM bands, 8 time slots  1000 full ch.

Each Time Slot includes:

a “burst” of data - 148 bits, 546.5 µsec

Guard space - 30.5 µsec

17
 935-960 MHz 124 channels
(200 kHz) downlink

890-915 MHz 124 channels

(200 kHz) uplink
higher GSM frame structures

time

GSM TDMA frame

1 2 3 4 5 6 7 8

4.615 ms

GSM time-slot (normal burst)

guard guard
user data S Training S user data tail
space tail space
3 bits 57 bits 1 26 bits 1 57 bits 3
546.5 µs
577 µs

Time Slot Structure

NORMAL BURST TIME SLOT:

Tail (3 bits each side) – synch with receiver

Training (26 bits in the middle) – adaptive

equalization

S flag –data or control info destined to the BS or MSC

OTHER BURSTS:

Frequency Correction burst (to MS to correct its
oscillator)

Time Synchronization Burst ( long training)

Access Burst – for the initial MS-BTS connection

Dummy Burst – if no data to send

Logical Channels

Channel: Repeating Series of Time slots

E.g. time slot 2 every other TDM frame

Traffic Channels:

TCH/F - one time slot per frame

Carries about 32 Kbps raw bits (260 times, 120 bits)

22.8 Kbps data rate (+ associated control channel)

Also 4.8, 9.6, 14.4 Kbps

incorporate Forward Error Correction (FEC)

TCH/H – one time slot per 2 frames

11.4 Kbps data rate

Used for voice with new Codecs

18
 Control Channels (CCH): 1 way

Broadcast Control Channel (B-CCH)

BTS to MS: cell ID, frequencies used, options (freq.
hopping), Frequency corrections, time synch info

Common Control Channel (C-CCH)

For Connection set up

1. Paging Channel (P-CH) – BTS paging an MS

2. Random Access Channel (RACH) – MS makes
a call; Collision might happen – Use
ALOHA

3. Access Grant Channel (AGCH) –

BTS to MS: allocates an TCH or SD-CCH for
further connection setup

Dedicated Control Channels: 2 Way

1. Stand Alone Dedicated Control Channel (SD-CCH)

Dedicated to an MS before TCH allocated

Authentication, registration

2. Slow Associated dedicated CCH (SA-CCH)

Allocated to each SD-CCH and TCH

System info (channel quality, power level)

One slot every multi-frame (26 frames)

3. Fast Associated Dedicated CCH (FA- CCH)

To transmit large amount of data in short period
(Hand Over).

Slots taken from TCH

GSM hyperframe
hierarchy of frames
0 1 2 ... 2045 2046 2047 3 h 28 min 53.76 s

superframe
0 1 2 ... 48 49 50
6.12 s
0 1 ... 24 25

multiframe
traffic 0 1 ... 24 25 120 ms

control 235.4 ms
0 1 2 ... 48 49 50

frame
0 1 ... 6 7 4.615 ms
slot
burst 577 µs

4.24.1

19
 GSM: Operation

1 calling a GSM unit

Mobile Terminated

2 forward call to GMSC

3 signal call to HLR
Call (MTC)
4

4, 5 request MS Roaming HLR VLR
5
8 9
Num from VLR 3 6 14 15
calling PSTN 7

6 forward responsible 1 GMSC MSC
station
2
MSC to GMSC 10 10 13 10
16

7 forward call to MSC BSS BSS BSS
11 11 11

8, 9 get status of MS
11 12

10, 11 paging MS 17
MS

12, 13 MS answers

14, 15 security checks

16, 17 allocate TCH 4.26.1

Mobile Originated Call (MOC)

VLR

1, 2: connection
3 4
request PSTN
6 5
GMSC MSC

3, 4: security check 7 8
2 9

5-8: check resources MS
1
BSS
10
(free circuit)

9-10: set up call

4.27.1

20
 MS MTC BTS MS MOC BTS
paging request (via PCH)
channel request (RACH) channel request (via RACH)
assigning SDCCH (AGCH) Assigning SDCCH (AGCH)
paging response (SDCCH) service request (SDCCH)
authentication request authentication request
authentication response authentication response
ciphering command ciphering command
ciphering complete ciphering complete
Setup (SDCCH) Setup (SDCCH)
call confirmed call confirmed
assignment TCH assignment TCH (SDCCH)
assignment complete assignment complete
Alerting - I am RINGING Alerting - I am RINGING, wait
Connect - my User accepted Connect - other User accepted
connect acknowledge (SDCCH) connect acknowledge (SDCCH)
data/speech exchange (TCH) data/speech exchange (TCH)
4.28.1

Roaming

Network always knows where an MS is:

VLR identifies new MS visiting its area.

MS listens on nearby control channels, reports

VLR connects to HLR of that MS, exchange info

HLR always knows current location (VLR) of its MS

Identifiers:

MS-ISDN (phone number). Hierarchical, fixed to SIM

IMSI (Int. Mobile Subscriber Id) of the user. Fixed

TMSI - Temp. MSI of the user. Selected by the VLR

Temporary, changes periodically. Hide user real Id.

Used only in the VLR area

MSRN Mobile Station Roaming Number

Country+MSC+MSISDN - identifies whereabout

4 types of handover
1
2 3 4

MS MS MS MS

BTS BTS BTS BTS

BSC BSC BSC

Change
frequency MSC MSC

4.29.1

21
 Handover decision
receive level receive level
BTSOLD BTSNEW

HO_MARGIN

MS MS

BTSold BTSnew
4.30.1

Handover procedure
MS BTSold BSCold MSC BSCnew BTSnew
measurement measurement
report result

HO decision
HO required HO request

resource allocation
ch. activation
HO request
HO command ch. activation ack
ack
HO command HO command
HO access
Link establishment
HO complete
clear command HO complete
clear command
clear complete clear complete
4.31.1

GSM: Security

22
 Security in GSM

Security services

Access control/Authentication

user  SIM (Subscriber Identity Module):
secret PIN (personal identification number)

SIM  network: challenge response

method

confidentiality

voice and signaling encrypted on the
wireless link

after successful authentication 4.32.1

Security in GSM (cont’d)

anonymity

temporary identity TMSI (Temporary Mobile
Subscriber Identity)

newly assigned by VLR at each new location

update (LUP)

encrypted transmission

3 algorithms specified in GSM “secret”: A3

A3 for authentication (“secret”, and A8
available via
open interface) the Internet

A5 for encryption (standardized) • network
providers can

A8 for key generation (“secret”,
use stronger
open interface) mechanisms

GSM - authentication

mobile network SIM

Ki RAND
1 RAND RAND Ki
128 bit
AuC 128 bit 128 bit 128 bit

A3 A3
SIM
2 SRES* 32 bit SRES 32 bit

3
SRES
MSC SRES* =? SRES
32 bit
SRES

4.33.1
Ki: individual subscriber authentication key SRES: signed response

23
 Key generation and encryption

mobile network (BTS) MS with SIM

RAND
Ki RAND RAND Ki
AuC 128 bit 128 bit 128 bit 128 bit SIM

A8 A8

cipher Kc
key 64 bit Kc
64 bit
data encrypted data
SRES
BTS MS
data
A5 A5

GSM Architecture II

Components

Protocols

GSM: system architecture

radio network and fixed
subsystem switching partner
subsystem networks
MS MS
ISDN
PSTN
Um MSC

BTS Abis
BSC EIR
BTS
SS7

HLR

BTS VLR
BSC ISDN
BTS A MSC
PSTN
BSS IWF
PSPDN
CSPDN
4.13.1

24
 BSS: BSC and BTS

BTS: radio specific functions

BSC : switching center for radio channels
F unctions BTS B SC
M anagem ent of radio channels X
F requency hopping (F H ) X X
M anagem ent of terrestrial channels X
M apping of terrestrial onto radio channels X
C hannel coding and decoding X
R ate adaptation X
E ncryption and decryption X X
P aging X X
U plink signal m easurem ents X
T raffic m easurem ent X
A uthentication X
L ocation registry, location update X
4.18.1
H andover m anagem ent X

NSS : Databases

Home Location Register (HLR)

central master database

user data, permanent and semi-
permanent data of all subscribers
assigned to the HLR

Visitor Location Register (VLR)

local database for a subset of user data

all users currently in the domain of the
VLR 4.20.1

NSS: MSC

paging and call forwarding, switching

management of network resources
(channels)

internetworking via Gateway MSC
(GMSC)

integration of the databases

termination of SS7 (signaling system no. 7)

mobility specific signaling (roaming, HO)

provision of new services (fax, data calls, SMS)

generation and forwarding of accounting and
billing

25
 Operation Subsystem (OSS)

AUTHENTICATION CENTER (AUC)

generates user specific parameters

For authentication, encryption, key generation

EQUIPMENT IDENTITY REGISTER (EIR)

registers GSM mobile stations and user rights

Stolen/malfunctioning MS can be locked / localized

Uses International Mobile Equipment Identity (IMEI)

OPERATION & MAINTAINANCE CENTER
(OMC)

Traffic monitoring, Status reports of entities

Subscriber management, accounting, billing
4.22.1

GSM Signalling protocols

Um Abis A
MS BTS BSC MSC
CM CM
MM MM

BSSAP BSSAP
RR RR’
RR’ BTSM BTSM SS7 SS7
LAPDm LAPDm LAPD LAPD
radio radio PCM PCM PCM PCM

16/64 kbit/s 64 kbit/s /

2.048 Mbit/s

4.25.1

Signalling Protocols: Radio

Encoding: GMSK – Minimum jumps FSK
with Gaussian Filter

Creating bursts & putting into Time Slots

Multiplexing Time Slots into TDMA
frames

Synch with BTS

Measurements Channel quality

Encryption

Error correction by FEC

26
 Signalling Protocols: LAPDm

Reliable transfer of upper layers data

window based flow control

ACK and retransmissions

segmentation and reassembly

No Error Control (done by Radio)

Layer 3 protocols I

RR (Radio Resource management)

Between BTS and BSC and/or MS

Setup, release and maintenance of radio

channels

Directly connect with underlying radio layer

Reliable transfer of upper layer data

MM (Mobility Management)

Registration, authentication, identification,

location updating of MS

Providing temporary identity to subscriber

(TMSI)

Layer 3 protocols: Call Management (CM)

CC (Call Control)

Call Establishment, Clearing,

send instructions to create Tones (DTMF)

Dual Tone Multiple Frequency

SMS (Short Message Service)

Message transfer

Using the SDCCH and SACCH – not TCH

SS (Supplementary Services)

Call redirection

Closed group calls

Etc…

27
 Signalling protocols of BSC

Abis interface (with BTS):

Physical layer PCM multiplexing

64 Kbps, multiplexes four 16Kbps

Link Layer LAPDm

Layer 3 RR’ and more

A interface (with MSC)

Physical: PCM - Multiplexes 64 Kbps to 2.048 Mbps

Link Layer SS7

same as in the telephone network

SS7 also carry all management info between
MSC and the HLR, VLR, AuC, EIR, and OMC

Advanced Data Services

HSCSD: High Speed Circuit Switched Data

GPRS: General Packet Radio Service

HSCSD: High Speed Circuit Switched Data

Change Software; No new Hw components

bundling of several time-slots to get higher
AIUR (Air Interface User Rate)
(e.g., 57.6 kbit/s using 4 slots, 14.4 each)

advantage: ready to use, constant quality, simple

disadvantage: channels blocked for voice
transmission
AIU R [kbit/s] TCH /F4.8 TCH/F9.6 TCH/F14.4
4.8 1
9.6 2 1
14.4 3 1
19.2 4 2
28.8 3 2
38.4 4
43.2 3 4.35.1
57.6 4

28
 GPRS: General Packet Radio Service

packet switching

using free slots only if data packets ready to send
(e.g., 115 Kbps using 8 slots temporarily)

standardization 1998, introduction 2000

advantage: one step towards UMTS, more flexible

disadvantage: more investment needed

GPRS network elements

GSN (GPRS Support Nodes): GGSN and SGSN

GGSN (Gateway GSN)

interworking unit between GPRS and PDN (Packet Data Network)

SGSN (Serving GSN)

supports the MS (location, billing, security)

GR (GPRS Register)

user addresses 4.36.1

GPRS quality of service

Reliability Lost SDU Duplicate Out of Corrupt SDU
class probability SDU sequence probability
probability SDU
probability
1 10-9 10-9 10-9 10-9
-4 -5 -5 -6
2 10 10 10 10
-2 -5 -5 -2
3 10 10 10 10

Delay SDU size 128 byte SDU size 1024 byte

class mean 95 percentile mean 95 percentile
1 < 0.5 s < 1.5 s <2s <7s
2 <5s < 25 s < 15 s < 75 s
3 < 50 s < 250 s < 75 s < 375 s
4 unspecified

4.37.1

GPRS architecture and interfaces

SGSN
Gn

PDN
MS BSS SGSN GGSN

Um Gb Gn Gi

MSC HLR/
GR

VLR EIR

4.38.1

29
 GPRS protocol architecture
MS BSS SGSN GGSN
Um Gb Gn Gi

apps.

IP/X.25 IP/X.25

SNDCP GTP
SNDCP GTP
LLC LLC UDP/TCP UDP/TCP

RLC BSSGP IP IP
RLC BSSGP

MAC MAC
FR FR L1/L2 L1/L2
radio radio

4.39.1

30