Aalto 2021 - Sessions 1 and 2

9/13/2021
ELEC-E7230 – Mobile
Communication Systems
Prof. Tarik Taleb

School of Electrical Engineering
Aalto University
© Tarik Taleb 2021
Grading Policy
• In-class (or after-class) exercises

– 30% of course grade
• Assignment
– Presentation of a scientific publication relevant to the
course – 30% of course grade
• Examination (If online, Open Book)

– 40% of course grade
© Tarik Taleb 2021
1
9/13/2021
Important Dates
• Lecture 1: Mon 13.09.21 12:15 - 14:00 (T. T.)
• Lecture 2: Fri. 17.09.21 12.15 – 14:00
• Lecture 2: Mon 20.09.21 12:15-14:00 (T. T.)
• Lecture 3: Mon 27.09.21 12:15 - 14:00 (T. T.)
• Lecture 4: Mon 4.10.20 12:15 - 14:00 (E. M.)
• Lecture 5: Mon 11.10.20 12:15 - 14:00 (E. M.)
• Lecture 6: Mon 18.10.20 12:15 - 14:00 (E. M.)
• Assignement - Paper presentation day 1: Wed. 20.10.21 , 14:15 –

16:00
• Assignement - Paper presentation day 2: Fri 22.10.21, 14:15 - 16:00
• Exams: Tue 26.10.21 09:00-12:00

© Tarik Taleb
TALEB2021
2016
Important Highlights
• In-class exercises summing up the main recap
• Reading Materials
– Materials for 4G and 5G
– Basics vs Advanced
• More advanced reading materials

– Nine white papers on 6G
© Tarik TALEB 2021
2
9/13/2021
Inquiries about the Course
• Please contact Dr. Edward Mutafungwa

edward.mutafungwa@aalto.fi
© Tarik Taleb 2021
Content
• Mobile Network Architectures Evolution
– MN Arch. Evolution: 2G to 3G
– 4G – Evolved Packet System
• Core NW Architecture & components
• Protocols ELEC-E7311 SDN
Fundamentals &
• 5G Network architecture Techniques
– 4G to 5G Migration
– 5G Architecture: Components & Interfaces
– 5G Mechanisms: Subset
– Network Slicing
• Network Function Virtualization
• Software Defined Networking Last three sessions, by
Edward
– Network Selection
• Evolved RAN: LTE, LTE-Advanced and
LTE-Advanced Pro
© Tarik TALEB 2021
3
9/13/2021
Learning Outcome
• Understanding the migration scenarios from 2G/3G

to 4G and 5G
• Factual knowledge of EPC, LTE/LTE-Advanced and
5G architecture
• Basic understanding of recent RAN technologies
(from LTE towards 5G NR)
• Familiarity with latest developments in NFV, SDN
and Network Softwarization
• Development of skills for research and presentation
of complex concepts to a general audience
• Development of technical writing skills
© Tarik Taleb 2021
ELEC-E7230 – Mobile
Communication Systems
Session I
Prof. Tarik Taleb

School of Electrical Engineering
Aalto University
© Tarik Taleb 2021
4
9/13/2021
Mobile Generations …
GSM, IS-136, WCDMA

AMPS, NMT,
TACS PDC, IS-95 cdma2000 LTE
1G 2G 3G 4G
~1980 ~1990 ~2000 ~2010
The foundation of Mobile telephony The foundation of Further enhanced
mobile telephony for everyone mobile broadband mobile broadband
“IMT-2000” “IMT-Advanced”
© Tarik TALEB 2021
Why Mobile Communications Systems?
https://www.youtube.com/watch?v=rP6Flfu42Qk
© Tarik TALEB 2021
10
5
9/13/2021
Migration Scenarios from 2G/3G to 5G?
Interesting commercials of the main services of

each technology
– 1G- 1960s (B&W)

• https://www.youtube.com/watch?v=jwO7Qr-O9OU
– 2G- GSM ADVERTISING
• https://www.youtube.com/watch?v=l3Oo5vlWNWw
– 3G- iPhone 3GS Ad
• https://www.youtube.com/watch?v=AcigqYci7Ss
– 4G/LTE - Simply Boosted
• https://www.youtube.com/watch?v=kf-nAPW4Irw
– 5G as perceived in Japan
• https://www.youtube.com/watch?v=lDJC_yJTXIc
– Huawei 5G
• https://www.youtube.com/watch?v=UzMu0DCElII
© Tarik TALEB 2021
11
Mobile Network
Architecture Evolution
12
6
9/13/2021
Major Standards Developing Organizations

Developing internet
Developing protocol specs
Recommendations
Referring to specs
ITU-R/T
Developing Mobile
application specs
Developing Wireless
Input LAN/MAN specs Cross reference
specs of specs
Requirements MRP
Referring to 3GPP
specs
(contributed by Cross reference
of specs Terminal certification
individual members) based on 3GPP specs
Partners of 3GPP
Referring to 3GPP specs Terminal
for the local specs Certification
Organisational Partners
EU Japan Korea China North America
13
© Tarik TALEB 2021
13
3GPP TSG Structure
Project Coordination Group

(PCG)
TSG GERAN TSG RAN TSG SA TSG CT

(GSM Edge, RAN) (UTRA, E-UTRA) (Service and System (Core Network and
Aspects) Terminals)
WG1: Radio WG1: Radio L1 Spec

Aspects WG1: Services WG1: MM/CC/SM (Iu)
WG2: Protocol WG2: Radio L2 Spec and

L3 RR Spec WG3: Interworking with
Aspects WG2: Architecture
external networks
WG3: Terminal WG3: Iub spec, Iur spec,

Testing Iu spec, UTRAN O&M WG3: Security WG4: MAP/GTP/BCH/SS
WG4: Radio
Performance, Protocol WG6: Smart Card
Aspects WG4: Codec
Application Aspects
WG5: Mobile Terminal,

Conformance Testing WG5: Telecom Management
WP6: Mission Critical Apps
© Tarik TALEB 2021
14
7
9/13/2021
3GPP Access Evolution
• 2G or GSM/CS • 3G or UMTS
– Voice communication – Built on WCDMA
• narrowband, real-time, circuit switched • High peak data rates: 2Mbps
– WAP or HSCSD as extensions to • Extended by HSDPA (Rel. 5), HSUPA
(Rel. 6), and HSPA+ (Rel. 7)
enable data communications but
IMS as service control layer for PS
limited success
core network
• 2.5G (GPRS/PS, Enhanced Data Rates • 4G

for GSM Evolution EDGE) –Long Term Evolution (LTE)
– Adding Packet Services –LTE-Advanced
– Theoretical data rates up to 384 Kbps
– Not “always-on” IP connectivity: • 5G
• IP address is assigned only when – 5G SBA
“PDP context” is established for data
transmission – 5G NR
© Tarik TALEB 2021
15
Release of 3GPP Specifications LTE-

Advanced
DL: 1Gbps
LTE UP: 0.5Gbps
DL: 0.3Gbps
UP: 75Mbps
HSPA+
HSDPA HSUPA DL: 28 Mbps
DL: 14.4 Mbps DL: 14.4 Mbps UP: 11 Mbps
UMTS UP: 384 Kbps UP: 5.7 Mbps
2 Mbps
1999 2002 2004 2007 2008 2011
UMTS LTE-
HSDPA HSUPA HSPA+ LTE
(W-CDMA) Advanced
Rel 99 Rel 5 Rel 6 Rel 7 Rel 8 SAE Rel 10

W-CDMA Wideband Code Division Multiple Access Lecture
EDGE Enhanced Data rates for Global Evolution Focus Rel9
GPRS General Packet Radio Service
GSM Global System for Mobile Communications
LTE Long Term Evolution
HSUPA High Speed Uplink Packet Access
HSDPA High Speed Downlink Packet Access
UMTS Universal Mobile Telecommunications System
© Tarik TALEB 2021
16
8
9/13/2021
Nomenclature (1)
Long Term Evolution

• Evolved UMTS Radio Access (E-
UTRA) (Physical and link layers)
E-UTRA Network (E-UTRAN)

• Radio Network’s Functions
Evolved Packet Core

• System Architecture
© Tarik TALEB 2021
17
Nomenclature (2)
Evolved 3GPP System
System Architecture Evolution

(SAE)
Evolved Packet System (EPS)

EPS = Evolved UTRAN + Evolved Packet Core
3G+, 3.5G, 4G, 5G,etc

• Advanced phases of the system design
• Marketing terms
© Tarik TALEB 2021
18
9
9/13/2021
Legacy 3GPP Networks
19
GSM 2G Architecture
SS7
ISUP
MAP/IS41 (over TCAP)
PSDN
Um SMS-SC
SS7
IAM
A E PSTN
BSC MSC GMSC
2G MS PSTN, ISDN
Routing Info
Abis B PLMN C
VLR
BTS D Subscriber’s location?
In case of roaming
H
HLR
GERAN GSM EDGE Radio Access
EIR AuC
Network
NSS Network Sub-System

BTS Base Transceiver Station
MSC Mobile-service Switching Controller PLMN Public Land Mobile Network
BSC Base Station Controller
VLR Visitor Location Register PSDN Public Switched Data Network
MS Mobile Station PSTN Public Switched Telephone Network
HLR Home Location Register
PSPDN Packet Switched Public Data Network
AuC Authentication Server
CSPDN Circuit Switched Public Data Network
GMSC Gateway MSC ISDN Integrated Services Digital Network
EIR Equipment Identity Register
© Tarik TALEB 2021
20
10
9/13/2021
Circuit Switch vs Packet Switch

• Reserved bandwidth • Shared bandwidth
• Time based billing • Traffic based billing
• Fixed access time • Variable access times
• Suitable to real-time applications • Ideal for “data” traffic
• Lower bit rates (14.4 kbps) • Higher bit rates (up to 170 kpbs)
• Inefficient use of resources
2.5 G
(GPRS)
GPRS General Packet Radio Service
© Tarik TALEB 2021
21
GPRS Architecture
Um
SS7
A E PSTN
BSC MSC GMSC
2.5G MS PSTN, ISDN
Abis B PLMN C
VLR
BTS
D
Packet Data Protocol
Gs HLR/ H
(PDP) context: HSS
1) PDP type Gb
2) PDP address (for MS) EIR AuC
PCRF
3) Requested QoS Gr Gc
4) GGSN address Gx Rx
IP Gi
SGSN Gn GGSN
PSDN
1- Packet routing 1- Interfaces to external PDNs

from/to MS/GGSN 2- Translation between PDP
2- Mobility management context and GSM adds
GPRS General Packet Radio Service 3- Authentication 3- Authentication
SGSN Serving GPRS Support Node
4- Billing 4- Billing
GGSN Gateway GPRS Support Node
HSS Home Subscriber Server
PCRF Policy Charging & Rules Function
© Tarik TALEB 2021
22
11
9/13/2021
UMTS Architecture (3G Rel 99)

Um
SS7
A E PSTN
BSC MSC GMSC
2.5G MS PSTN, ISDN
Abis B PLMN C
VLR
BTS
D
Gs HLR/ H
HSS
Gb
IuCS AuC
EIR PCRF
Uu Gr Gc
Gx Rx
IP Gi
RNC SGSN Gn GGSN
3G UE PSDN
IuPS
Iub
Radio Resource Management at

Node B
UE and RNC: UMTS Universal Mobile Telecommunication System
1) Handover control UE User Equipment
2) Power control RNC Radio Network Controller
3) Admission control
UTRAN UMTS Terrestrial Radio Access
4) Packet scheduling
Network 5) Code management
© Tarik TALEB 2021
23
UMTS Architecture (3G Rel 5)

Um IP/ATM
PSTN/CS-
Nb/Nc MGW
BSC MSC GMSC
2.5G MS PSTN, ISDN
A /IuCS
Abis SS7
B
C
VLR
BTS
D
ATM
Gb /IuPS Gs HLR/ H
HSS
IuCS AuC
PCRF
Uu Gr Gc
Gx Rx
Gi
RNC SGSN Gn GGSN
3G UE PSDN
IuPS
Iub
Node B Gs
IP Multimedia Sub System

(IMS)
© Tarik TALEB 2021
24
12
9/13/2021
Long Term Evolution
25
LTE Features & Requirements (1/2)

• “Always on” IP connectivity
• All-IP Network (AIPN)
– Providing economy of scale and spectrum reuse
– Supporting full mobility and global roaming
– Ensuring seamless service across different radio access
– Efficiently interworking with non-3GPP accesses
– Compatible with legacy 3GPP networks
– Ensuring high QoS
– Affording high user data rates for both uplink and downlink
– Lower latencies in user data and control planes
– Supporting diverse mobile network services, both unicast and multicast
• System with reduced cost (CAPEX and OPEX)
– Reduced number of network elements – flatter architecture
– Less complexity in RAN and economic usage of backhaul capacity
• System with improved capacity and coverage
– Usage of the orthogonal frequency-division multiplexing (OFDM)
– Spectrum efficiency and reuse
• System with high level of security
© Tarik TALEB 2021
26
13
9/13/2021
Key Features/Requirements (2/2)

• Simple protocol architecture
– Shared channel based
– PS mode only with VoIP capability (No CS)
• Simple Architecture
– eNodeB as the only E-UTRAN node
– Fully meshed approach with tunneling mechanism over IP transport
network
– Iu Flex approach
– Smaller number of RAN interfaces
• eNodeB ➔ MME/SAE-Gateway (S1)
• eNodeB ➔ eNodeB (X2)
• Compatibility and inter-working with earlier 3GPP Releases
• Inter-working with other systems, e.g. cdma2000
• FDD and TDD within a single radio access technology
• Efficient Multicast/Broadcast
– Single frequency network by OFDM
• Support of Self-Organizing Network (SON) operation
3GPP TS 22.278 Tech. Spec., “Service Requirements for

© Tarik TALEB 2021
Evolution of the 3GPP System, Stage 1, Release 8,” June 2008
27
Architectural Aspects of EPC
• 3GPP accesses
• non-3GPP accesses
– Untrusted non-3GPP
• Requirement for a special gateway (evolved Packet Data
Gateway) for a secure access of UE to EPC
– Trusted non-3GPP
• ePDG not required
© Tarik TALEB 2021
28
14
9/13/2021
EPS for 3GPP Accesses

• PDN GW: IP address allocation, charging and enforces QoS
• Serving GW: Local mobility anchor for intra-3GPP HO
• MME: Mobility management entity for intra-3GPP mobility, paging,
authentication, bearer management, etc.
• PCRF: QoS and charging rule provisioning
VPLMN HPLMN
UTRAN
SGSN
HSS
GERAN
Control Plane
S3 S6a
3GPP
Access
PCRF
MME
S1-MME S12 Gxc Gx Rx
S4
S11
Data Plane
S10 Serving S5 PDN SGi

UE E-UTRAN Packet Data Network
Gateway Gateway (e.g. IMS, PSS etc.)
LTE-Uu S1-U
GTP Interface GTP or PMIP Interface PCC Interface
© Tarik TALEB 2021
29
EPS for 3GPP Accesses

• PDN GW: IP address allocation, charging and enforces QoS
• Serving GW: Local mobility anchor for intra-3GPP HO
• MME: Mobility management entity for intra-3GPP mobility, paging,
authentication, bearer management, etc.
• PCRF: QoS and charging rule provisioning
VPLMN HPLMN
UTRAN
SGSN
HSS
GERAN
S3 S6a
3GPP
PCRF
Access S6a
S1-MME
MME
S12 Gx Rx
S4
3GPP
S11 Operator's IP
Operator's IP
Access
UE E-UTRAN Services
Services
Gateway Gateway (e.g.
(e.g.IMS,
IMS,PSS
PSSetc.)
etc.)
LTE-Uu S1-U
GTP Interface GTP or PMIP Interface PCC Interface
© Tarik TALEB 2021
30
15
9/13/2021
PDN Gateway Functions

Control Plane
MME
S1-MME
S11 Operator's IP
Data Plane

UE E-UTRAN Services
LTE-Uu S1-U
• UE IP address allocation
• UE data anchoring
• Per user packet filtering
• Lawful interception
• Transport level packet marking
• Service level charging
• Service level gating control
• Rate enforcement based on
• Aggregate Maximum Bit Rate for an APN
• Accumulated Maximum Bit Rates of the
aggregate of service data flows with the same
guaranteed bit rate
• DHCPv4 & DHCPv6 functions
GTP-based • Up/Downlink bearer binding

S5 • Uplink bearer binding verification
• IP neighborhood detection
© Tarik TALEB 2021
31
Serving Gateway Functions

Control Plane
MME
S1-MME
S11 Operator's IP
Data Plane

UE E-UTRAN Services
LTE-Uu S1-U
• PMIPv6 MAG functionality

• Inter-eNB handover
• Downlink packet buffering in idle mode
• Service Request
• Lawful Interception
• Packet routing and forwarding
• Up/Downlink packet marking
• Accounting for inter-operator charging
• Up/Downlink charging
© Tarik TALEB 2021
32
16
9/13/2021
MME Functions
Control Plane
MME
S1-MME
S11 Operator's IP
Data Plane

UE E-UTRAN Services
LTE-Uu S1-U
• Handling of NAS signaling

- En/decryption and authentication of
messages
• Support of UE Reachability in “idle”
state
• Tracking Area management;
• PDN/S-GW selection
• Target MME selection
• Subscriber authentication
• Bearer management
• Lawful Interception of signaling traffic
© Tarik TALEB 2021
33
Evolved RAN
Control Plane
MME
S1-MME
S11 Operator's IP
Data Plane

UE E-UTRAN Services
LTE-Uu S1-U
• Radio Resource Management

- Radio Bearer Control
Iups
- Radio Admission Control
- Connection MobilityRNC
Control
- Scheduling
Iub Iub
• IP header compression and encryption of data
eNB X2 eNB traffic NB NB
• MME selection the user data stream
• Data packet routing UTRAN
• Uplink transport level packet marking

• Scheduling and transmission of
- paging messages
- broadcast information
• Measurement for mobility and scheduling
© Tarik TALEB 2021
34
17
9/13/2021
Tracking Areas, Service Areas, & MME Pool

Areas
MME Pool Area

MME
PDN-GW 1 PDN-GW m
S-GW 1 S-GW 2 S-GW k
Service Area 1 Service Area 2 Service Area K
eNBs eNBs eNBs eNBs

Tracking Area Tracking Area 2 Tracking Area 3 Tracking Area N
Tracking Area Update

S-GW Relocation
MME Relocation
© Tarik TALEB 2021
35
LTE UE Identifiers
• UE
– IMEI or MEID - Mobile Equipment Identifier
• Globally unique number identifying a physical piece of mobile station
equipment
• MEID allows hexadecimal digits while IMEI (Int’l Mobile Station
Equipment Identity) allows only decimal digits
• Only sent to MME (in NAS), not to eNB.
• Sent only after NAS security is setup (i.e, encrypted and integrity
protected).
• SIM (Subscriber Identity Module)

– HD: Universal Integrated Circuit Card (UICC)
– SW: USIM – Universal Subscriber Identity Module
• IMSI
– Seldom sent over the air (only during attach, if no other valid temporary ID
is present in the UE).
– Temporary identities used instead (S-TMSI, GUTI)
• Brought, among other things, security improvements (e.g., mutual
authentication, longer encryption keys, etc)
S-TMSI System architecture evolution Temporary Mobile Subscriber Identity
© Tarik TALEB 2021 GUTI Globally Unique Temporary Identity
36
18
9/13/2021
Initial Attach
http://www.netmanias.com/en/post/techdocs/6098/emm-initial-attach-lte/emm-procedure-1-
initial-attach-part-1-cases-of-initial-attach
© Tarik TALEB 2021
37
UE ID Acquisition
http://www.netmanias.com/en/post/techdocs/6098/e
mm-initial-attach-lte/emm-procedure-1-initial-
attach-part-1-cases-of-initial-attach
GUMMEI Globally Unique MME Identity

ECGI E-UTRAN Cell Global Identifier
TAI Tracking Area Identity
IMSI International Mobile Subscriber Identity
© Tarik TALEB 2021
38
19
9/13/2021
Authentication
ASME Access Security Management Entity (MME)

MCC Mobile Country Code assigned by ITU, 3 digits
MNC Mobile Network Code assigned by National Authority, 2~3 digits
AUTN Authentication TokeN
© Tarik TALEB 2021 KSI Key Set Identifier
39
NAS Security Setup
ASME Access Security Management Entity (MME)

KSI Key Set Identifier
NAS Non-Access Stratum
© Tarik TALEB 2021
40
20
9/13/2021
Location Update
QCI: QoS Class Indicator

ARP: Allocation and Retention Priority
AMBR: Aggregate Maximum Bit Rates
© Tarik TALEB 2021
41
EPS Session Management (1/2)
IP-CAN IP Connectivity Access Network

ARP Allocation and Retention Priority
© Tarik TALEB 2021
42
21
9/13/2021
EPS Session Management (2/2)
E-RAB E-UTRAN Radio Access Bearer

DRB Data Radio Bearer
EMM EPS Mobility Management
© Tarik TALEB 2021
43
Information Elements: Before Attach
© Tarik TALEB 2021
44
22
9/13/2021
Information Elements: After Attach
http://www.netmanias.com/en/post/techdocs/6098/emm-initial-attach-lte/emm-procedure-1-
initial-attach-part-1-cases-of-initial-attach
© Tarik TALEB 2021
45
Some Nomenclature
© Tarik TALEB 2021
46
23
9/13/2021
Reference Points & Protocols
eNB-involved signaling: (over S1-AP)

Attachment, detachment, bearer
establishment/modification, etc
Signaling transparent to eNB:
- on top of Non-Access Stratum (NAS)
HSS
NAS NAS
Relay
PCRF
RRC S6a S1-AP
RRC S1-AP
NAS MME PDCP PDCP SCTP SCTP
Gx Rx
S1-MME IP IP
RLC RLC
S11MAC MAC L2 Operator's IP L2
UE E-UTRAN L1 Services L1
Gateway L1 L1 Gateway
(e.g. IMS, PSS etc.)
LTE-Uu S1-U S1-MME
LTE-Uu eNodeB
UE MME
RRC – Radio Resource Control Encapsulation or tunneling

PDCP – Packet Data Convergence of packets over GTP-U
Protocol
L2
L1
© Tarik TALEB 2021
47
- IPv4/IPv6 for packet forwarding

For exchange of UE subscription - DHCP and RADIUS/DIAMETER for IP
data (Diameter) address and protocol configuration
HSS
PCRF
S6a
NAS MME
Gx Rx
S1-MME
S11 Operator's IP
UE E-UTRAN Services
LTE-Uu S1-U
For MME relocation due to UE

mobility or load balancing
(GPT-C)
-Used when PGW and SGW are in HPLMN

- Based on either GTP or PMIP
For controlling data bearer
between eNB and SGW
(GTP-C v2)
© Tarik TALEB 2021
48
24
9/13/2021

For filtering QoS policy and charging
control (DIAMETER)
Gxc: used when PMIP is used on S5
UTRAN
SGSN Gn/Gp
GERAN EIR
HSS
S3
S13 PCRF
S6a S12
Gxc
NAS MME
Gx Rx
S1-MME S4
S11 „GGSN“ „GGSN“

S10 S5 SGi Operator's IP
Serving PDN
UE E-UTRAN Services
LTE-Uu S1-U
Enables user/bearer info Allows direct tunnel

exchange for inter-3GPP between S-GW and RNC
access mobility (GTP-U) (GTP-U)
enables UE identity check Provides mobility support

between MME and EIR between GPRS and SGW
© Tarik TALEB 2021
49
EPS – Overview
• A-GW: Access gateway for
HSS
Trusted non-3GPP access
SWx
• ePDG: Security GW
for untrusted non 3GPP
PCRF
acess S6a
Gxc Rx
Gx
Operator's IP
Gxa
SGi Services
3GPP Serving PDN (e.g. IMS, Internet)
Access Gateway Gateway
S5
S6b
S2b
S2a SWm
ePDG 3GPP AAA
Server
HPLMN SWn
Non-3GPP
Networks A-GW SWu Untrusted
PCC Interface Non-3GPP
PMIP or GTP Interface Trusted Non- Access SWa STa
3GPP Access
PMIP Interface UE
AAA Interface
© Tarik TALEB 2021
50
25
9/13/2021
EPS for non-3GPP Accesses

• A-GW: Access gateway for
HSS
Trusted non-3GPP access
SWx
• ePDG: Security GW
for untrusted non 3GPP
PCRF
acess S6a
Gxc Rx
Gx
Operator's IP
Gxa
SGi Services
3GPP Serving PDN (e.g. IMS, Internet)
Access Gateway Gateway
S5
S6b
S2b
S2a SWm
NoNo
GTPGTP
bearers,
bearers! ePDG 3GPP AAA
only PMIPv6 tunnels Server
HPLMN SWn
- Local IP address allocation
Non-3GPP - IP Sec tunnel authentication and
Networks A-GW SWu Untrusted
authorization
PCC Interface - IP packets en/decapsulation
Non-3GPP
PMIP or GTP Interface Trusted Non- - Transport level packet marking
Access SWa in
STa
3GPP Accessuplink
PMIP Interface UE
- QoS enforcement
AAA Interface - Lawful interception
© Tarik TALEB 2021
51
Inter Access System

Handover
52
26
9/13/2021
Service Continuity Support in EPC
• Two types of Service Continuity Support:

– Mobility support within 3GPP networks (3GPP TS 23.401)
– Mobility support between 3GPP and non-3GPP access
systems (3GPP TS 23.402)
• Network based mobility approach
– Proxy Mobile IPv6 (PMIPv6)
• Client based mobility approach
– Dual-Stack Mobile IPv6 (DSMIPv6)
• No perceivable service interruption

• Minimized handover delay
Which approach to • Efficient use of wireless resources
adopt? • Wireless link could be bottleneck
• Minimized UE involvement
© Tarik TALEB 2021
53
PMIP’s main Entities

• MAG: Mobile Access
HSS
Gateway
SWx
• LMA: Local Mobility Anchor
PCRF
S6a
Gxc Rx
Gx
Gxa
SGi PDN
Serving PDN
3GPP Gateway Gateway
Access
(MAG) S5 LMA
S6b
S2b
S2a
• Support of all types of UEs SWm
(IPv4 only, IPv6 only, and dual ePDG 3GPP AAA
stack) Server
(MAG)
• Support of simultaneous SWn
access to multiple PDNs
• Support for overlapping A-GW
address spaces of different SWu Untrusted
(MAG)
PDNs PCC Interface Non-3GPP
• Unique PMIP
UE identification across
or GTP Interface Trusted Non- Access SWa STa
accessesPMIP Interface 3GPP Access
UE
• PDN GWAAAaddress provision to
Interface
the target access
© Tarik TALEB 2021
54
27
9/13/2021
Inter-Access System Mobility Flows
• Non-optimized handover flows

– Source network not being involved
– Suitable for dual radio capable terminals
• Optimized handover flows

– Involving source network
– Suitable for single radio terminals
– Initially defined for mobility between CDMA2000 eHRPD and E-
UTRAN
© Tarik TALEB 2021
55
Policy and Charging

Control
56
28
9/13/2021
PCC Evolution
• Background:
– Service-Based Local Policy (SBLP) for resource reservation
and access control within IMS
• Bearer-level QoS control
• Service level access control
– Further enhancement of SBLP in Rel. 6
– Introduction of Flow-Based Charging (FBC) in Rel. 6
• Per-service charging: offline and online models
• Per-service/content access control
– Similarities between SBLP and FBC
• Centralized
• Same anchor points: AF and GGSN
– Merging SBLP and FBC in Rel. 7 ➔ PCC
– Continuous enhancements of PCC in Rel. 8 and beyond
• Objectives:
– Support of IP services’ QoS
– Charging subscribers for used resources
© Tarik TALEB 2021
57
PCC Interfaces and Protocols

HSS SPR
SWx
Sp
PCRF
S6a
Gxc Rx
Gx
AFOperator's IP
Gxa
SGi Services
Serving PDN (e.g. IMS, Internet)
Access (MAG, BBERF) (LMA, PCEF)
S5
S6b
S2b
OFCS
Gz S2a SWm
ePDG 3GPP AAA
OCS (MAG) Server
Gy
SWn
A-GW
(MAG, SWu Untrusted
BBERF) Non-3GPP
Trusted Non- Access SWa STa
PCEF Policy and Charging Enforcement Function 3GPP Access
BBERF Bearer-Binding and Event-Reporting Function UE
OCS Online Charging System
OFCS OFfline Charging System
© Tarik TALEB 2021
SPR Subscription Profile Repository
58
29
9/13/2021
PCC Key Components

SPR
Sp
PCRF
Gxc Rx
Gx
AFOperator's IP
Gxa
SGi Services
Gateway Gateway
(MAG, BBERF) S5 (LMA, PCEF)
OFCS
Gz S2a
OCS
Gy
A-GW
(MAG,
BBERF)
Trusted Non-
PCEF Policy and Charging Enforcement Function 3GPP Access
BBERF Bearer-Binding and Event-Reporting Function
© Tarik TALEB 2021
59
Subset of Available Parameters in the PCC Rule

Type of element PCC rule element Comment
Rule identification Rule identifier Used between PCRF and PCEF for
referencing PCC rules
Items related to service data Service data flow template List of packet filters for the detection of
flow detection in PCEF the service data flow
Precedence Determines the order in which the
service data flow templates are applied
at PCEF
Items related to policy control (i. Gate status Indicates whether a SDF may pass
e. gating and QoS control) (gate open) or shall be discarded (gate
closed)
QoS class identifier (QCI) Identifier that represents the packet
forwarding behavior of a flow
UL and DL maximum bit rates The maximum bitrates authorized for
the service data flow
UL and DL guaranteed bit rates The guaranteed bitrates authorized for
Items related to charging Charging key The charging system uses the charging
control key to determine the tariff to apply for
Charging method Indicates the required charging method
for the PCC rule. Values: online, offline,
or no charging
Measurement method Indicates whether the SDF data volume,
duration, combined volume/duration or
event shall be measured
© Tarik TALEB 2021
60
30
9/13/2021
Basic PCC Concepts
• Gating Control:
– Blocks or allows Service Data Flows (e.g. based
on indicators from AF)
• QoS Control:
– Provides PCEF with authorized QoS class and
bit rates for IP flows
• Charging Control:
– Online charging
– Offline charging
– NO charging
© Tarik TALEB 2021
61
PCC Architecture Types
• On-Path Model:
– without BBERF in access gateway (in case of
GTP)
– QoS/bearer signaling (using GTP) on the same
path as user plane
• Off-Path Model:
– with BBERF in access gateway (in case of PMIP)
– QoS signaling (using Gxa/Gxc) on a path different
from that of user plane
© Tarik TALEB 2021
62
31
9/13/2021
Use Case: “On-Path” Model

SPR
Subscription Sp
Information
Policy Decision PCRF
Application Signaling Gx Rx
Application AFOperator's IP
3G UE
SGi Services
PDN (e.g. IMS, Internet)
3GPP Serving
Access Activate/modify bearer Gateway
interface Access Gateway GTP-based (PCEF)
S5
Bearer Binding
Service data flow

detection
PCEF Policy and Charging Enforcement Function

BBERF Bearer-Binding and Event-Reporting Function
© Tarik TALEB 2021
63
Use Case: “Off-Path” Model

SPR
Sp
PCRF
Gx Rx
Gxc AFOperator's IP
SGi Services
3G UE
Access PMIP-based
(BBERF) (PCEF)
S5 Network
Access Info
© Tarik TALEB 2021
64
32
9/13/2021
QoS and Policy Control
• QoS is enforced at the granularity of EPS bearers

– UE → PDN GW (for GTP-based EPC)
– UE → Serving GW (for PMIP-based EPC)
• An EPS bearer uniquely identifies traffic flows

– Default Bearer
– Dedicated Bearers (for flows requiring special QoS
treatment)
• EPS bearer QoS profile:

– QCI: QoS Class Indicator
– ARP: Allocation and Retention Priority
– GBR: Guaranteed Bit Rate
© Tarik TALEB 2021
65
QoS over IP Transport
Application / Service Layer

PMIP-based
DL Packet classification S5/S8
Traffic Flow Aggregates & DiffServ marking Traffic Flow Aggregates
Bearer binding DL-PF S1-TE-ID DL-PF TNL QoS
UL Packet Filter
RB-ID S1-TE-ID DL Packet Filter
UL-PF RB-ID
DL Packet Filter
Bearer binding
Application / Service Layer
UE eNB Serving GW PDN GW
UL Traffic Flow AggregatesDL Packet classification
DL Traffic Flow Aggregates
S1-TE-ID TNL QoS & DiffServ marking
Radio Bearer UL-TFT
S1 Bearer IP Transport Leg DL-TFT
UL Packet classification
& DiffServ marking UL-TFT → RB-ID DL-TFT → S5/S8-TEID
RB-ID S1-TEID S1-TEID S5/S8-TEID
GTP-based
S5/S8 UE eNodeB
eNB Serving GW PDN GW
Radio Bearer S1 Bearer S5/S8 Bearer
UL Packet classification
& DiffServ marking
© Tarik TALEB 2021
66
33
9/13/2021
Bearer Binding
• Mapping a PCC rule to a corresponding QoS

bearer
• Performed by Bearer-Binding Function (BBF)

– in PCEF for on-path model
– in BBERF for off-path model
• Upon receiving a new or modified PCC rule,

BBF first verifies whether an existing bearer can
be used
– If yes, BBF modifies bearer by adjusting bearer’s bit
rates
– If not, BBF sets up a new bearer
© Tarik TALEB 2021
67
Service Data Flow Detection
Discard
No match
Bearer Filter
#3
No match
Filter
Bearer
#2
No match
Bearer Incoming DL
Filter
#1 packets
Filter Evaluation
order
© Tarik TALEB 2021
68
34
9/13/2021
QoS Control in EPS

(using PCC)
69
Service/Subscriber Differentiation
Service differentiation
Subscriber
- Public internet
differentiation - Corporate (VPN)
- Premium content
- Business vs. standard - P2P file sharing
- Post- vs. pre-paid roamers - Video streaming
- Privileged (e.g. police) - IMS voice
- Flat rate abusers Total edge-to-edge
(terminals< -- > gateway - Mobile-TV
Transmission capacity
© Tarik TALEB 2021
70
35
9/13/2021
• Bearer types
EPS QoS Concept
– GBR vs. non-GBR bearers
– Default vs. Dedicated Bearers
• QoS Parameters
– QCI: QoS Class Indicator
• 1 to 9:
• QCI = 1 ➔ Resource Type = GBR, Priority = 2, Packet Delay Budget = 100ms, Packet Error Loss
Rate = 10-2 , Example Service = Voice
• QCI = 9 ➔ Resource Type = Non-GBR, Priority = 9, Packet Delay Budget = 300ms, Packet Error
Loss Rate = 10-6, Example Service = Internet
– ARP: Allocation and Retention Priority
• In 4G, ARP priority level (PL) values range from 1 through 15, where 1 corresponds to the highest
priority and 15 corresponds to the lowest priority.
• Used to accept or reject a bearer request, when resources are limited
– MBR: Maximum Bit Rates
– GBR: Guaranteed Bit Rate
• QoS Mechanisms
– Control Plane Signaling Procedures
– User Plane Functions
– Packet-Flow-Level Functions
– Bearer-Level Functions
– DSCP-Level Functions DSCP Differentiated Service Code Point
© Tarik TALEB 2021
71
Bearer Types
• Guaranteed bit-rate (GBR) bearer:
– Established “on demand”
– No congestion due packet losses
– Suitable for services tolerating “service blocking over service dropping”
• Non-GBR bearer:
– No resources blocked
– May experience packet losses
• Default bearer:
– One default bearer per terminal IP address
– For basic connectivity.
– non-GBR
– QoS level depending on subscription data
– Not associated with any specific packet filter
• Dedicated bearer:
– Either non-GBR or GBR
– Packet flows mapping onto dedicated bearers based on operator
policies
© Tarik TALEB 2021
72
36
9/13/2021
QoS Parameters
• QoS Class Identifier (QCI):
– a reference to node-specific pre-configured parameters that control
packet-forwarding treatment at the user plane
• Allocation and Retention Priority (ARP)

– Specifies control plane treatment for bearers
• Maximum Bit Rate (MBR)

– Bit rate traffic on a bearer may not exceed
• Guaranteed Bit Rate (GBR)

– Bit rate that the network guarantees for a bearer
• Aggregate Maximum Bit Rate (AMBR):

– Limit to the total amount of bit rates consumed by a single subscriber
(excluding GBR bearers)
• UL/DL APN-AMBR: defined per subscriber and APN and known only to the
gateway
• UL/DL Terminal-AMBR: defined per subscriber and known by both the
gateway and RAN
© Tarik TALEB 2021
73
QoS Mechanisms
- Control Plane Signaling Procedures -
UL filters
DL filters
QCI
Policy
ARP
MBR Controller
GBR(opt.) (PCRF)
Establish/modify
(packet flow)
Packet data flow level
Bearer level QCI UL filters

ARP DL filters
UL filters QCI
MBR
GBR (opt.) ARP
MBR
GBR (opt.)
Establish/modify (bearer-ID)
Bearer level Terminal
Transport level
LTE RAN Transport Gateway
© Tarik TALEB 2021
74
37
9/13/2021
QoS Mechanisms
- User-Plane Functions -
Packet
inspection
UL+DL
packet flow Functions operate
policing per packet flow
UL packet
DL packet Functions operate
filtering GBR/ARP filtering per bearer
admission
ARP
ARP
admission
preemption
ARP
Rate policing
preemption
Queue Queue
management management Rate policing
UL+DL
scheduling
L1/L2
configuration
Map QCI to Map QCI to
Terminal Functions operate
DSCP DSCP
per bearer
Queue Functions operate
management per DSCP
UL+DL
scheduling
LTE RAN Transport Gateway
DSCP Differentiated Service Code Point

© Tarik TALEB 2021
75
DSCP vs QCI
DiffServ CodePoint (DSCP) Bearer identifier

Bearer QoS parameters:
1. QoS class identifier (QCI)

2. Allocation retention priority(APR)
3. Maximum bit rates (MBR/AMBR)
Tunnel header E2E IP packet
4. Guaranteed bit rate (GBR)
Dedicated bearer Packet filters

IP address Default bearer
Service 1
(e.g. Internet)
Service 2
(e.g. P2P file sharing)
Service 3
(e.g. VoLTE)
Terminal LTE RAN Transport Gateway Packet flows
© Tarik TALEB 2021
76
38
9/13/2021
Dedicated Bearer Establishment:

Network- vs. Terminal-initiated
Client/peer
Optional: app./service layer signaling (SIP, RTSP, etc.) AF or DPI
(access QoS
unaware)
Standardized interface (Rx/Gx)
Initiate dedicated bearer (UL packet filters)

Terminal Network
RAN Initiate dedicated bearer (QoS info)
Network-initiated QoS control is
the most useful in case of
Client/peer operator-controlled services
(access QoS Optional: app./service layer signaling (SIP, RTSP, etc.)
aware) AF
Vendor specific interface (“access QoS API”)
Initiate dedicated bearer (QoS info + DL packet filters
Terminal Network
RAN Initiate dedicated bearer (QoS info)
© Tarik TALEB 2021
77
Summing Up All: E2E Use Case
Application layer signaling (SIP/SDP)
Client
application Application
function Flow detect + info
Policy Subscription
(IMS CSCF) data
controller
(PCRF)
Service
policies
Qos parameters and -Subscriber groups
UL/DL packet filters -Volume quota
IP address
-Time of day
-QoS per service
-etc.
Internet)
P2P file sharing
IMS-voice
Terminal LTE RAN Transport Gateway
© Tarik TALEB 2021
78
39
9/13/2021
Security:
Authentication
TS 33.401 – LTE Security
TS 33.102 – 3G Security
79
Authentication Evolution from GSM to LTE

3rd Generation Partnership Program
(3GPP)
GSM - Global System for Mobile

Communications
GPRS --- General Packet Radio

Service
UMTS Universal Mobile

Telecommunications System
HSUPA/HSDPA --- High Speed

Uplink/Downlink Packet Access
LTE Long Term Evolution
© Tarik TALEB 2021
80
40
9/13/2021
Authentication in brief
• Authentication
– Establishing or confirming something (or someone) as authentic
– Mutual authentication, means network authenticates the user and the user
authenticates the network
• An important security function

– Authorization
– Integrity protection
– Replay protection
– Privacy
– etc
TS 33.401 – LTE Security

TS 33.102 – 3G Security
© Tarik TALEB 2021
81
User Authentication
• PIN – Personal Identification Number

• PUK – PIN Unlocked Key – or PUC (Personal
Unlock Code)
© Tarik TALEB 2021
82
41
9/13/2021
LTE UE Identifiers
• UE
• Globally unique number identifying a physical piece of mobile station
equipment
• Only sent to MME (in NAS), not to eNB.
• Sent only after NAS security is setup (i.e, encrypted and integrity
protected).
• SIM (Subscriber Identity Module)

• IMSI
– Seldom sent over the air (only during attach, if no other valid temporary ID
is present in the UE).
• Brought, among other things, security improvements (e.g., mutual
authentication, longer encryption keys, etc)
83
GSM Mobile Station

• Mobile Equipment (ME)
– Physical mobile device
– Identifiers
• IMEI – International Mobile Equipment Identity
• Subscriber Identity Module (SIM)
– Smart Card containing keys, identifiers and
algorithms
– Identifiers
• Ki – Subscriber Authentication Key
• IMSI – International Mobile Subscriber Identity
• TMSI – Temporary Mobile Subscriber Identity
• MSISDN – Mobile Station International Service Digital
Network
• Authentication Algorithms (A3, A8)
• Stream Ciphering/Encryption Algorithm (A5)
• PIN – Personal Identity Number protecting a SIM
© Tarik TALEB 2021 • Others
84
42
9/13/2021
Authentication Flow in GSM

2G MS MSC/VLR HLR AuC
IMSI
SIM Access Request
(IMSI) Authentication
Request (IMSI) AuC
RAND Ki Triplet Request
(IMSI)
Challenge Ki
RAND
Triplets Triplets
A3 A8 (RAND, SRES, Kc)
RAND, SRES,
Kc
RES Kc A3 A8
Challenge RAND
Signed RES Kc
RES
For encryption RES = SRES?
between MS & NW Triplets = RAND, SRES, Kc
using A5
© Tarik TALEB 2021
85
GSM Authentication Principle
Challenge/response-based one-way
authentication using long-term shared key
between user's SIM card and NW
Mutual Authentication Short-term key support
© Tarik TALEB 2021
86
43
9/13/2021
Overall Architecture of Evolved Packet System

HPLMN IMS Internet
HSS
P-GW
S-GW
S-GW
MME
eNB
eNB eNB
RRC Connection
User Domain
Security Network Access
Security
NAS Connection
© Tarik TALEB 2021
87
LTE User Equipment

• UE
• Globally unique number identifying a physical piece of mobile
station equipment
• SIM
• IMSI
– Seldom sent over the air (only during attach, if no other valid
temporary ID is present in the UE).
• Brought, among other things, security improvements (e.g.,
mutual authentication, longer encryption keys, etc)

88
44
9/13/2021
Key Heirarchy for LTE HSS
MME
K K
S6a
Kasme Kasme
Kasme
SRB-0
KeNB KeNB KeNB
SRB-1 S1-MME
SRB-2 NAS
GTPC-1
CK, IK
CK, IK CK, IK
CK, IK
GTPC-1
Data Radio Bearer-10
GTP-U-10 GTP-U-10
CK CK
UE eNB SGW PGW
Encrypted Info
Integrity Protected
ASME Access Security Management Entity (MME) Info
© Tarik TALEB 2021 CK, IK Ciphering Key, Integrity Protection Key
89
LTE AKA
SQN AUTN RAND UE MME HSS
SQN K RAND
Authentication data request
(IMSI, VPLMN, Network Type
USIM K = E-UTRAN)
Function
Generate authentication
CK vectors AV(1..n)
RES
XRES
IK CK
RAND
SQN VPLMN Authentication data response AUTN IK
AV RAND
SQN VPLMN
IMSI
Store authentication vector
IMSI
KDF
Select authentication vector AV KDF
User authentication request

Kasme RAND || AUTN
Kasme
Verify AUTN
Compute RES
AV AUTN, RAND, XRES, Kasme
User authentication response

RES
Compare RES and XRES
Security Mode
Command Used to
Derive NAS keys from
Kasme

GUTI Globally Unique Temporary Identity
© Tarik TALEB 2021 KSI Key Set Identifier
90
45
9/13/2021
User authentication function in the USIM

RAND AUTN
f5 SQN  AK AMF MAC
AK 
SQN
K
f1 f2 f3 f4
XMAC RES CK IK
Verify MAC = XMAC
Verify that SQN is in the correct range • USIM keeps track of last SQN received,
SQNms
• USIM only accepts a sequence number
from HSS if |SQN – SQNms | < D

AMF Authentication management field
SQN Sequence Number
AK Anonymity Key
© Tarik TALEB 2021 MAC Message Authentication Code
91
Kenb Key Derivation at S1 Handover

1 MME creates NH_2 and NCC=2
NH_1 NCC++
MME Kasme
f2
NH_1, NCC=1 NH_2, NCC=2
Kasme Kasme
{NH_2, NCC=2}
KeNB_1
2
NH_2, NCC=2
0
Handover Required
3 eNB computes Kenb_2 using funciton f1

eNB_1 eNB_2
PCI NH_2 NCC=2
KeNB_2 EARFCN-DL
KeNB_1 f1
4
NCC=2
Kenb_2
Kasme KeNB_1 KeNB_2
NH_1, NCC=1
Kasme
UE checks NCC value to be correct
5 UE computes NH_2 using function f2. NH_2, NCC=2
UE computes Kenb_2 using funciton f1
PCI: Physical Cell Identity
EARFCN-DL: E-UTRAN Absolute Frequency Channel –DL
NH Next Hop Parameter
© Tarik TALEB 2021 NCC NH Chaining Counter
92
46
9/13/2021
Kenb Key Derivation at S1 Handover

1 MME creates NH_2 and NCC=2
NH_1 NCC++
MME Kasme
f2
NH_1, NCC=1 NH_2, NCC=2
Kasme Kasme
{NH_2, NCC=2}
KeNB_1
2
NH_2, NCC=2
0
Handover Required
3 eNB computes Kenb_2 using funciton f1

eNB_1 eNB_2
PCI NH_2 NCC=2
KeNB_2 EARFCN-DL
KeNB_1 f1
4
NCC=2
Kenb_2
Kasme KeNB_1 KeNB_2

NH_1, NCC=1
Kasme
UE checks NCC value to be correct
5 UE computes NH_2 using function f2. NH_2, NCC=2
UE computes Kenb_2 using funciton f1
PCI: Physical Cell Identity
EARFCN-DL: E-UTRAN Absolute Frequency Channel –DL
NH Next Hop Parameter
© Tarik TALEB 2021 NCC NH Chaining Counter
93
Key Heirarchy for LTE HSS
MME
K K
S6a
Kasme Kasme
Kasme
SRB-0
KeNB KeNB KeNB
SRB-1 S1-MME
SRB-2 NAS
GTPC-1
CK, IK
CK, IK CK, IK
CK, IK
GTPC-1
Data Radio Bearer-10
GTP-U-10 GTP-U-10
CK CK
UE eNB SGW PGW
Encrypted Info
Integrity Protected
ASME Access Security Management Entity (MME) Info
© Tarik TALEB 2021 CK, IK Ciphering Key, Integrity Protection Key
94
47
9/13/2021
Concluding Remarks about Security in 2G vs 4G
• Authentication in GSM
– Challenge response based
– One-way
– Long term key
• Authentication in LTE (EPS)

– Challenge-response based
– Mutual authentication
– Hierarchical involving many NW nodes (HSS,
MME, and eNB)
– Dynamic key derivation
© Tarik TALEB 2021
95
Overall Summary
• Legacy Networks: Main References:
• 3GPP Technical Specifications 23.401
– GSM
• 3GPP Technical Specifications 23.402
– GPRS • TS 33.401 – LTE Security
– UMTS • TS 33.102 – 3G Security
• System Architecture Evolution
– Background & requirements
– Motivation
– Basic principles
– Network elements and high level functions
– Attach procedure
– EPC Protocols
• Architectural enhancements for E-UTRAN and
interoperability with 3GPP and non-3GPP accesses
– Interoperability Mobility and handover management
– Policy Control and Charging (PCC)
– QoS Provisioning
– Security (Authentication) & its evolution
© Tarik TALEB 2021
96
48

Aalto 2021 - Sessions 1 and 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aalto 2021 - Sessions 1 and 2

Uploaded by

Copyright:

Available Formats

9/13/2021

Prof. Tarik Taleb

© Tarik Taleb 2021

• In-class (or after-class) exercises

• Examination (If online, Open Book)

© Tarik Taleb 2021

• Assignement - Paper presentation day 1: Wed. 20.10.21 , 14:15 –

• Exams: Tue 26.10.21 09:00-12:00

• In-class exercises summing up the main recap

• More advanced reading materials

© Tarik TALEB 2021

Inquiries about the Course

• Please contact Dr. Edward Mutafungwa

© Tarik Taleb 2021

• Understanding the migration scenarios from 2G/3G

Prof. Tarik Taleb

© Tarik Taleb 2021

GSM, IS-136, WCDMA

© Tarik TALEB 2021

Why Mobile Communications Systems?

Migration Scenarios from 2G/3G to 5G?

Interesting commercials of the main services of

– 1G- 1960s (B&W)

Major Standards Developing Organizations

© Tarik TALEB 2021

3GPP TSG Structure

Project Coordination Group

TSG GERAN TSG RAN TSG SA TSG CT

WG1: Radio WG1: Radio L1 Spec

WG2: Protocol WG2: Radio L2 Spec and

WG3: Terminal WG3: Iub spec, Iur spec,

WG5: Mobile Terminal,

WP6: Mission Critical Apps

© Tarik TALEB 2021

3GPP Access Evolution

• 2.5G (GPRS/PS, Enhanced Data Rates • 4G

© Tarik TALEB 2021

Release of 3GPP Specifications LTE-

Rel 99 Rel 5 Rel 6 Rel 7 Rel 8 SAE Rel 10

Long Term Evolution

E-UTRA Network (E-UTRAN)

Evolved Packet Core

Evolved 3GPP System

System Architecture Evolution

Evolved Packet System (EPS)

3G+, 3.5G, 4G, 5G,etc

Legacy 3GPP Networks

NSS Network Sub-System

© Tarik TALEB 2021

Circuit Switch vs Packet Switch

• Suitable to real-time applications • Ideal for “data” traffic

GPRS General Packet Radio Service

© Tarik TALEB 2021

1- Packet routing 1- Interfaces to external PDNs

© Tarik TALEB 2021

UMTS Architecture (3G Rel 99)

Radio Resource Management at

© Tarik TALEB 2021

UMTS Architecture (3G Rel 5)

IP Multimedia Sub System

© Tarik TALEB 2021

Long Term Evolution

LTE Features & Requirements (1/2)

Key Features/Requirements (2/2)