Lecture Week 3

GSM Network Infrastructure

Nasir Faruk, Ph.D

DEPARTMENT OF TELECOMMUNICATION SCIENCE

UNIVERSITY OF ILORIN
1
 Course content/Lecture Schedule
Lect. No. Date Topic
1 Week 1 General Overview of the Course, mobile technologies and service
2 Week 2 Spectrum management, Regulations and interference control
3 Week 3 GSM network infrastructure
4 Week 4 Cell Sizes, Design and System Fundamentals
5 Week 5 Antennas and Radio Wave Propagation
6 Week 6 GSM link budget and coverage planning
7 Week 7 Logical Channels used in GSM networks
8 Week 8 Test 1 (TDMA, Frames Structure And Signaling With In GSM)
9 Week 9 Teletraffic Engineering and Capacity planning in GSM networks
10 Week 10 Radio Resource Management (RRM) in GSM networks
11 Week 11 (Submission of Course Work 1) Mobility management (MM) in GSM
Networks
12 Week 12 Connection management (CM) in GSM Networks
13 Week 13 Backhauling systems, Transmission and Network Planning
14 Week 14 Test 2 and Drive Test Laboratory Defense
15 Week 15 General Course Revision

P.S Topic Date Duration

No. Assigned
1 Antennas and Radio Wave Propagation Week 5 1 week
2 GSM link budget and coverage planning Week 6 1 Week
3 Teletraffic Engineering and Capacity planning in GSM networks Week 9 1 week
24 Backhauling systems, Transmission and Network Planning Week 13 1 week
2/60
 Introduction
 What nodes are necessary in a GSM network?
 What are their basic functions?
 What is GSM anyway?
 What differentiates GSM from other technologies,
such as WCDMA EDGE and GPRS?
 What are the key terms and concepts of the
technology?
 How do we integrate both technologies?

3
3/60
 GSM Network Topology
GSM network comprise of multiple components and interfaces that facilitate
sending and receiving of signaling and traffic messages. It consists of:

Base Station Subsystem Network Subsystem

(BSS) (NSS)

o Mobile station (MS)

? o Mobile switching center (MSC)
o Home location register (HLR)
o Base transceiver station
(BTS)
TRAU o Visitor location register (VLR)
o Equipment identity register (EIR)
o Base station controller (BSC) o Authentication center (AUC).

These together form the public switched telephone network (PSTN) or public land mobile
4
network (PLMN).
4/60
 FUNCTIONAL GROUPS OF GSM
NETWORK
 Access Network: Made of MS and BSS
 Backhaul Network: (Fiber, Microwave, Satellite)
 Core Network
 Core Switching: This consist of MSC and the GMSC
 Core Network mobility and service control: This
consist the HLR, VLR, AUC and the EIR

Internet Backhaul
Access

Core
Network
5
5/60
 Mobile Stations

MS: Is a transceiver that the subscriber uses

to gain access or service from the network.
It consists of two components:
 The mobile equipment (ME)
 Subscriber identity module (SIM).
In addition, MS has; SIM
 Subscriber identification such as the international
mobile subscriber identity (IMSI)
Mobile Station
 Mobile station integrated service digital network
(Mobile Equipment)
number (MSISDN) also known as mobile number.

6
6/60
 Looking Deeper into MS

7 Source: http://donphonetech.000webhostapp.com/
7/60
 Functional Entities of MS

8
8/60
 INTERNATIONAL MOBILE EQUIPMENT
IDENTITY (IMEI) NUMBER
 Each phone contains a unique identifier called the IMEI number.
Some phone manufacturers called it serial number.
 The IMEI can usually be found by removing the battery of the phone
and reading the panel in the battery well or by dialing *#06#. It is
15 digits number.
 It is possible to change the IMEI on a phone to reflect a different
IMEI. This is known as IMEI spoofing or IMEI cloning.
 This is usually done on stolen phones.
 Once the correct IMEI number of a phone is know, you could track
it if stolen.

9
9/60
 IMEI Structure
 The model and origin comprise the initial 8-digit portion of the IMEI/SV, known as the Type
Allocation Code (TAC). The remainder of the IMEI is manufacturer-defined, digit at the end
 The first two digits of the TAC are the Reporting Body Identifier (RBI), which identifies
the GSMA-approved group that allocated the TAC.
 The RBI numbers are allocated by the Global Decimal Administrator.
 As of 2004, the format of the IMEI is AA-BBBBBB-CCCCCC-D
 The IMEISV drops the Luhn check digit in favor of an additional two digits for the Software
Version Number (SVN), making the format AA-BBBBBB-CCCCCC-EE

For example, the old style IMEI code 35-209900-176148-1 or IMEISV code
35-209900-176148-23 tells us the following:
TAC: 35-2099 - issued by the BABT (code 35) with the allocation number 2099
FAC: 00 - indicating the phone was made during the transition period when
FACs were being removed.
SNR: 176148 - uniquely identifying a unit of this model
CD: 1 so it is a GSM Phase 2 or higher
SVN: 23 - The "software version number" identifying the revision of the software
installed on the phone. 99 is reserved.

10
BABT: British Approvals Board for Telecommunications; FAC: Final Assembly Code; SNR: Serial Number; CD: Check Digit
10/60
 Subscriber Identity Module (SIM)
 A SIM card can be removed from one phone, inserted into another GSM capable phone and the subscriber
will get the same service as always.
 Each SIM card is protected by a 4-digit Personal Identification Number (PIN).
 If a PIN is entered incorrectly three times in a row, the card blocks itself and cannot be used.
 It can only be unblocked with an 8-digit Personal Unblocking Key (PUK), which is also stored on the
SIM card.

 SIM consist of:

 IMSI (international mobile subscriber identity)
 TMSI ( Temporary mobile subscriber identity)
 Ki (secret key used for encryption or ciphering)
 Local Area Identity (LAI).
 The SIM can also store phone numbers (MSISDN) dialed and received
 The Kc (Cryptographic key used for encryption)
 Phone books and data for other applications
 Algorithms
A3 (to calculate response to the network challenge)

 A5 (The actual encryption), and
 A8 (Generate the encryption key) used for authentication. See later in the course.
 Accumulated call charges and the remaining call allocation etc.
11  PUK number
11/60
 IMSI (international mobile subscriber identity)
 A subscriber need the IMSI which is stored in the SIM. A mobile phone would be operated if a valid
IMSI is inserted into a cell phone that has valid IMEI. IMSI consist of the following part:
o Mobile Country code (MCC) :3 decimal places recognized internationally.
o Mobile Network Code (MNC): 2 Decimal places, for unique identification of the mobile network
across the country.
o Mobile subscriber identification number (MSIN): Maximum of 10 digits identification number of the
subscriber in his/her home network.
o Thus, IMSI =MCC+MNC+MSIN maximum of 15 digits
 Mobile Subscriber ISDN (MSISDN)
 This is the real telephone number of the MS. It is assigned to the subscriber such that each subscriber can
have more than one MSISDN
 Mobile Station Roaming Number (MSRN)
 MSRN is temporary location dependant ISDN number.
 It is assigned by locally VLR to each MS in its area.
 It is assigned by the VLR either at registration when the MS enter new LA or when the HLR request for
connection during incoming calls to the MS.
o Temporary Mobile Subscriber Identity (TMSI)
 TMSI is been assigned by the VLR in place of IMSI during location update and for protecting anybody
12 trying to listen to the radio channel. It changes with location.
12/60
 Base Transceiver Station (BTS)
 BTS is a transceiver and acts as interface
between the MS to the network.
 Responsible for carrying out radio
communications between the network and MS.
 A BTS will have between 1 and 16 Transceivers
(TRX), depending on the geography and
demand for service of an area.
 Each TRX represents one ARFCN.
 One BTS usually covers a single 120o sector of
an area. Usually a tower with 3 BTSs will
accommodate all 360o around the tower.
 Depending on geography and user demand of
an area, a cell may be divided up into one or
two sectors, or a cell may be serviced by several
BTSs with redundant sector coverage.

The interface between the MS and the BTS is

13 known as the Um Interface or the Air Interface
13/60
 BTS SITE

14
14/60
BTS OR CELL OR SECTOR ?
 A cell is a BTS
 Cell could also mean “sector”

15
15/60
 Functions of BTS
1. Each BTS transmits the BCCH channel on one TRX with a
constant output power to allow the surrounding mobile station to
find and select a suitable serving cell
2. It encodes, corrects, multiplexes, interleaves, modulates and feed
the RF signals to the antenna
3. Ciphering and de-ciphering
4. Time and frequency synchronization
5. Random access detection
6. Timing advance
7. Uplink radio channel measurement and
8. It is also capable of frequency hopping (FH).

16
16/60
 Base Station Controller (BSC)
The BSC monitors and controls several BTSs between 10-100. The controller is mainly concerned
with frequency administration and exchange functions.

The interface between the BTS and the BSC is known as the Abis Interface.This could be wireless in the
case of microwave is used as backhaul /backbone or fiber (PDH/or SDH, SONET).

The Base Transceiver Station (BTS) and the Base Station Controller (BSC) together
make up the Base Station System (BSS).

17
17/60
 Functions of BSC

1. It assigns and release frequency

and time slots for all MS in its
area.
2. It performs handover operation
and re-allocates frequencies to
BTSs in its area to meet heavy
demand during peak hours
3. Radio Recourse measurements
for BTS under its control

18
18/60
TRANSMISSION AND BACKHAULS

 Connection between the BTS and

BSC
 The interface between the BTS and
the BSC is known as the Abis Interface.
 This could be wireless in the case of
microwave is used as backhaul /backbone
or fiber (PDH/or SDH, SONET).

19
19/60
 Mobile Switching Center (MSC)
 The MSC is the heart of the GSM network.
 Is similar to exchange in a fixed network.
 It main responsibility is to provide connection between mobiles and other users of the telecommunication
network.
 The main difference between MSC and the standard exchange is that, MSC has to cope with the mobility of the
user.
The interface between the BSC and the MSC is known as the A Interface. The interface between two Mobile
Switching Centers (MSC) is called the E Interface

20
20/60
 Manual and Modern MSCs

21
21/60
 HLR, VLR AND AUTHENTICATION CENTER

 HLR
 Every PLMN requires access to at least one HLR as a permanent store of data.
 A large database with access times that must be kept as short as possible.
 The faster the response from the database, the faster the call can be connected.
 Such a database is capable of managing data for literally hundreds of thousands subscribers.
 The VLR :
 The VLR, like the HLR, is a database, but its function differs from that of the HLR While the HLR is responsible
for more static functions, the VLR provides dynamic subscriber data management
 (AuC)
 The AuC is responsible for generating the necessary crypto variables for authentication and encryption on the network. These
variables are the RAND, SRES, and Kc.
 The Auc also stores the Ki for each IMSI on the network. Although it is not required, the Auc is normally physically collocated with
22 the HLR
22/60
 Location Area Identifier (LAI)

 Each LA has its own identifier known as location area identifier

(LAI) and this consist of:
 the Mobile country code (MCC)
 Country code (CC) and
 the location area code (LAC).

 LAI is broadcasted by base station regularly on the BCCH channel

(see later).
 Each MS can determine its location through the LAI.
 If the MS receives different LAI from the own it had, and then the
MS will request for location update from the VLR and the HLR
(location update).
 LAI is normally used during cell search where the MS can be
currently paged.
23
23/60
 Equipment Identity Register (EIR)
 The EIR is a database that keeps tracks of handsets on the network
using the IMEI. There is only one EIR per network. It is composed of
three lists:
 The black list is a list if IMEIs that are to be denied service by the network for
some reason. Reasons include the IMEI being listed as stolen or cloned or if the
handset is malfunctioning or doesn’t have the technical capabilities to operate on
the network.
 The gray list is a list of IMEIs that are to be monitored for suspicious activity.
This could include handsets that are behaving strange or not performing as the
network expects it to.
 The white list contains all certified mobile equipment that may be used in a
network operator’s PLMN. That means if an IMEI is not on the black list or on
the gray list, then it is considered good and is "on the white list".

The interface between the MSC and the EIR is called the F Interface.

24
24/60
 Gateway Mobile Switching Center (GMSC)
 There is another important type of MSC, called a Gateway Mobile Switching Center
(GMSC).
 The GMSC functions as a gateway between two networks.
 If a mobile subscriber wants to place a call to a regular land line, or to another network
then the call would have to go through a GMSC in order to switch to the Public Switched
Telephone Network (PSTN).
 For example, if a subscriber on the MTN network wants to call a subscriber on a Glo
network, the call would have to go through a GMSC.

25
25/60
 FULL 2G Architecture

26
Source: https://www.pinterest.com/pin/429812358164857270/
26/60
 FULL 2G Architecture Pictorial View

27
27/60
 EVOLUTION OF EDGE & GPRS ON 2G
PLATFORM

28
28/60
 Study Questions
1. Sketch a diagram illustrating a typical GSM network architecture
2. Amongst the function of a BTS it encodes, corrects, multiplex, interleaves, modulate and
feed RF signals to the antenna. Briefly explain each of these words in Italic Q4
2011/2012 exam
3. Write short note on the following: IMSI , MSISDN, MSRN and TMSI
4. Describe the structure of IMEI code 35-209900-176148-1
5. List and explain any five system parameters found on a SIM card
6. What are the functions of BSC and MSC? when is GMSC needed?
7. Briefly write short note on HLR and VLR. Why is LAI needed?
8. The Equipment Identity Register (EIR) consists of a white, gray and black list.
Briefly explain what these means.
9. What is the function of Authentication Center?

29
29/60