P. P. Mahale
P. P. Mahale
Mobile station:
It consist of two parts SIM & ME.
SIM protected by PIN(personal identity number)
To use MS user enter PIN with 3 times only either it is
blocked & user cant use MS
To unblock the SIM the wants to enter PUK(PIN
unblocking key)
ME contains the noncustomer-related h/w & s/w com
When SIM removed from MS, the remaining cannot be
use for reaching the service except emergency call.
This SIM-ME design supports portability.
NSS
the A interface
BSS
radio interface
MS
VL
R
HL
RAU
C
MSC
BSS
MS MSME
SIM
BSC
BTS BTS
Base Station subsystem:
BBS connects the MS & NSS. It consist of two parts
BTS(base transceiver station) & BSC(base station
controller).
BTS contains transmitter, receiver & signaling
equipment in order to contact MS.
An important part of BTS is TRAU (transcoder/ rate
adapter unit) it uses to data transmission.
The BSC supports radio channel allocation /release &
HO.
It may connects several BTS & maintain cell
configuration data of BTS’s.
in GSM BSS design, a BSC may connect to only one
BTS, in which they colocated.
NETWORK & SWITCHING SUBSYSTEM:
It supports the switching function, subscriber profile &
mobility management & it is performed by MSC.
The location of MS is maintained by HLR & VLR.
The Authentication centre (AuC) is used in security
data management & may be collocated with HLR.
An incoming call is routed to an MSC, unless the fixed
network is able to interrogate the HLR directly. It is
called GMSC(gateway MSC).
The GMSC obtains the location information & routes
the calls to the visited MSC of the subscriber to
receive the call.
Radio interface:
The GSM radio link uses both FDMS & TDMA.
Downlink->935-960 MHz & uplink 890-915 MHz
Freq band is divided 124 pairs of duplex.
Discontinues transmission is used in GSM to save the
power consumption of MS. It turns on when present.
It also supports discontinuous reception where MS
needs to listen only.
The length is divided into eight burst of length 0.577.
Each data group consist of 57 information bits & one
flag that indicates whether the information bits are
for user speech/data or signaling.
Two types of logical channels are TCHs & CCHS.
Full-rate TCH(TCH/F): provide transmission speed of
13kbps for speech or 9.6, 4.8 or 2.4 kbps for data.
Half rate TCH(TCH/H): allows transmission of 6.5
kbps speech, or 4.8 or 2.4 kbps of data
The CCH,s are intended to carry signaling
information. It having three types
1. Common control channel:
Paging channel(PCH): destination MS in call
termination.
Access grant channel(AGCH): indicate radio link
allocation upon prime access of an MS.
Random access ch(RACH): by MS’s initiation access to
n/w.
MS’s may access some RACH, potentially resulting in
collision.
2. Dedicated control channels:
Standalone dedicated control ch(SDCCH): used only for
signaling & for short msg.
Slow associated control ch(SACCH): used for
transmission of power & time alignment control
information. It help to transport both user information
& signaling data in parallel.
Fast associated control ch(FACCH):used for time critical
signaling, such as call establishing progress,
authentication of subscriber or HO.
Cell broadcast ch(CBCH): carries only the short msg.
3. Broadcast channel(BCHs): use by BTS to broadcast
information.
Frequency correction channel(FCCH): & synchronization
ch(SCH) carry information from BSS to MS.
Broadcast control ch(BCCH): provides system
information such as access information for selected
cell & information related to surrounding cell.
MS BSS
RACH(req signaling ch)
AGCH(assign signaling ch)
SDCCH(request call set )
SDCCH(assign TCH)
FACCH(complete assignment)
Fig. GSM call origination
SDCCH msg exchange for call set up
GSM Call termination:
MS BSS
PCH(page MS)
RACH(req signaling ch)
AGCH(assign signaling ch)
SDCCH(respond to paging)
Call setup procedure
Step 1: MS periodically listen to BCCH broadcast from
BSS. If MS detects new area then sends registration msg
to new VLR by using SDCCH ch.
Step 2: the new VLR communicates the old VLR to find
HLR of MS. The new VLR then performs the
authentication process.
Step 3:after the MS authenticated, sends the
registration msg to HLR, if it accepted the HLR provides
the new VLR.
Step 4: new VLR informs the MS of successful
registration.
Step 5: the HLR sends the deregistration msg to the old
VLR. Old VLR cancels the record for MS & sends ack to
HLR for cancellation.
Ms registration process
Mobile call delivery procedure
When MS is inactive, due to switch off or SIM
removal, it transmits a detach from n/w.
VLR & HLR fails = periodic registration will speed up
recovery of DB.
GSM call termination & call delivery.
MS-ISDN part of ISDN numbering plain defined ITU-T.
Step1: MS-ISDN is dialed, call is forwarded to GMSC
The capability to interrogate the HLR for routing info.
The HLR request to VLR of MS to provide routable addr
MSRN(mobile station roaming number)
Step2: VLR returns the MSRN to GMSC through the HLR
Step3: the GMSC uses MSRN to route the call to MS thr
the visited MSC.
MS=engage= subscribe call waiting= directly connects
MS= transaction identifiers.
Authentication: it avoids untrue access by a cloned MS.
Encryption: Encryption avoids unauthorized listening.
ki- this is secret key, stored in AuC also in SIM, it is unknown to subscriber.
the home system of MS generates a 128bit random no, is called as RANDOM.
In A3, both n/w, SIM & RANDOM produce signed result .
If MS accepted, an encryption key Kc is produced by algo A8 with Ki & RANDOM.
Home system generated Kc, this key sent to visited system.
Kc & TDMA frame no encoded in data bits are used by algo, A5, to cipher & decipher the data stream between MS & visited system.
It supports two data service groups: short msg service
& bearer service.
GSM service similar to ISDN & bearer service, a ckt
switched connection is establish in GSM to connect
MS & interface of PSTN.
Phase2 GSM system do not support fast access &
packet switched transmission, the short msg bearer
data services in GSM.
This insufficient to support internet application WWW
These protocol includes
1) HSCSD(high speed ckt switched data)
2) GPRS(general packet radio service)
File transfer & multimedia applications.
Time slot
Data compression technique
IWF supports adaptation between GSM & external n/w
Radio link protocol(RLP) to support multilink
Flexible resource assignment
Maximum & minimum capacity.
Fig. HSCSD architecture
Fig GPRS architecture
SGSN: service GPRS support node
GGSN: gateway GPRS support node
TAF: terminal adaption function
IWF: n/w interworking function
Application such as web, reading information.
Its own transport n/w
SGSN receives & transmit packet between MS & PSDN
GGSN interworks with PSDN using connectionless n/w
These both interacts GSM location
To speed up routing procedure of MS’s location.
GPRS supports 100 users 1-8 ch & HSCSD supports
fewer user 2-8 ch.
GPRS use broadcast & multisession where HSCSD
supports point-to-point session.
Compared with standard MS HSCSD MS consumes more
power to supports multiple time-slot transmission.
Committing more GPRS than HSCSD.
This focuses the s/w platform for implementation the
GSM n/w signaling protocol called SM MAP(mobile appl
part)
Databases: it uses 3DB such as VLR, HLE, AuC.
EIR(equipment identity register) it uses to maintain
legitimate, untrue or faulty mobile station.
Switches: the GSM MSC performs switching for MS
within the geographical area it controls called MSC.
MSC area is partitioned into several location area.
Radio system: it consist of BSC, BTS & MSs.
MAP(mobile appl part)= service user + service provider
TCAP(transaction capabilities appl part).
SCCP(signaling connection control part)
MTP(msg transfer part)
Databases
D G
switches C B F
E
PSTN
SS7/ISUP A
Radio system
A-bis
<------------>
MS
SSPGMS
CMSC MSC
SSP
HL
R
VL
R
EI
R
VL
R
BSC
BTS BTSBTS
GSM n/w entities(HLR, VLR & MS) communicate with each
other through MAP dialogues by invoking MAP service
primitives.
This having 4 types: request, indication, response &
confirm.
M(mandatory): the parameter must be present in
indication primitives.
O(service provider Option): the parameters is
optionally included by the service provider, is used in
indication & confirms types of service primitives.
U(service User option): it is used in request &
response types of service primitives.
C(conditional):it is used to indicate that one of a no
of mutually exclusive parameters must be included
The MAP dialog consist of several MAP services to
perform a common task, this include.
Mobility services
Operational & maintenance services
Call- handling services
Supplementary services
short msgs service management
The common MAP services establish & clear MAP
dialogue betwn peer MAP service user.
MAP-OPEN: used to establish a MAP dialogue, this
service confirmed by service provider, it has
request/indication & response/confirm types.
MAP-CLOSE: used to clear a MAP dialogue, it is not
confirm, the service primitives only has
request/indication types, not response/confirm types
MAP-delimiter: it is not confirm & it doesn’t having
any parameter, used explicate request the TCAP to
transfer the MAP protocol.
MAP-U-ABORT: used by user to abort dialogue, it is
not confirm, reason for aborting dialogue can be
resource limitation due to congestion, appl
procedure error.
MAP-P-ABORT: used by service provider to abort
dialogue, it is only indication types, reason for
aborting resource limitation, maintenance activity.
MAP-NOTICE: used by service provider to inform
user protocol problem such as abnormal event
detected & response rejected by peer. It used only
indication types
When a MAP user issues a service request, the request
processed by MAP protocol machine(PM)
Dialogue state machine(DSM): it coordinates
SSMs(service state machine). It created to handle a
dialogue.
Requesting service state machine(RSM): this
created by DSM for each requested service. Handles
MAP specific service requested during dialogue.
Performing service state machine(PSM): Handles
MAP specific service performed during dialogue.
Load control: traffic generated,
Only one instance.
Overload situation is detected, low-priority MAP
operation is ignored.
Suggest priority level such as HO, mobility
management, short msg services.
Service provider receives MAP-OPEN request from
user indication from TCAP, MAP-PM invoked &
instance of DSM is created.
PSM is created by the DSM at performance side
RSM is created by the DSM at initiators side.
MAP-DSM
RSM
LOAD
_CTRL
PSM
1 o,s1,d(r)
2 tc-b, i(r)
3(i) 4(i)
6tc-c,r(r) 5
8-conf 7(i)
8-s2,d(r)
9-tc-c,i(r) 10(i)
11-(i)
12-(r)
13 tc-e,r(r)
15 s2,c(c) 14 tc-e,r(i)
Service
user
Service
provide
r
Service
user
Service
provide
r
TCA
P
Step1: MAP-SERVICE1 is service primitive & it represents
MAP_SEND_ROUTING_INFORMATION.
Step2: MAP PM creates an instance of DSM to handle the
MAP-OPEN request. TC-BEGIN at TCAP layer & wait for
response. TCAP layer generates the SS7 TCAP msg with
pkg
Step3: TC req will delivered by TCAP to MAP PM
Step4: responder receives TC-BEGIN indication, DSM
invoked. DSM=TC-BEGIN=TC-U-ABORT,
DSM enters TC-INVOKE ind which result creation of PSM.
Received arg not correct=TC-U-REJECT=mistyped paramtr
Service not identified=TC-U-ERROR=unexpected data
value
Service peramtr not available=ERROR=data missing
PSM send MAP-NOTICE assume that no error occur.
Step5: response open & service1,
Step6: DSM=-ve=MAP-REFUSE-PDU & +ve ACCEPT.
If PSM detects any error then TC-U-ERROR or TC-U-
REJECT indication issued.
Step7: it handles received primitive.
Received parameter not defined, RSM req to transfer
TC-U-REJECT=mistype parameter.
Step8: MAP service user of dialogue initiator handles
confirm premetive.
SS7 ISUP C i/f D i/f
SS7
I SUP
IAM
send_routing_info
provide_roaming_no
provide_roaming_num_ack
IAM
PSTN
MSC
GMS
C HL
R
VL
R
Invoked ID
MSISDN=CC+NDC+SN=011-886-93-105401
11-interntional s/w access(ISCA)
CUG(closed user group) interlock- req/ind & res/conf. it
is possible to limit the incoming/outgoing call inside the
group.
CUG outgoing access- CUG interlock parameter is
provided, present only res/conf primitive.
Number of forwarding- info provided by ISUP. Call forward
by home & visited MSC.
Network signal info- provide external information, ISDN
bearer capabilities
IMSI(international mobile subscriber identity)-
This stored in SIM & VLR.
MCC=mobile country code
MNC=mobile n/w code
MSIN=MS identification no.(15 digits)
MSRN(mobile subscriber roaming number)-
identify current location of MS.
Temporary n/w identity assigned during call.
Forwarding data- used to invoke call forwarding
services, parameter include
1. The addr
2. Option such as fwding & calling party.
User error-
Unknown subscriber
Telephone number changed
Call barred
CUG reject
Bearer service not provisioned
Tele service not provisioned
facility not supported
Absent subscriber
Fwding violation
System failure
Data missing
Unexpected data value
MSC number- ISDN no of MSC
LMSI(local mobile station identity)- used by VLR for
internal data management
GSM bearer capability- if connection if for nonspeech
(short msg service)
User error- sent when error is detected.
No MSRN available
Facility not supported
System failure
Data missing
Unexpected data value
1. Basic Location update Procedure:
Case1: Inter-LA Movement
Case 2: Inter-MSC Movement
Case 3: Inter-VLR Movement
2. Basic Call Origination & termination procedure:
Case1: Inter-LA Movement:
MSC 1 VLR1
2. MAP_update_location_area
3. MAP_update_location_area_ack
Step 1:
Loc req msg sent from MS to MSC the BTS, it includes
addr of previously visited LA, MSC,VLR.
Ms identifies TMSI (temporary mobile subscriber
identity), it used to avoid sending IMSI on radio path
Step 2: This msg includes
Addr of MSC
TMSI of MS
Previous Loc Area Identifn(LAI)
Target LAI & other related info
Step 3:
Update LAI field of VLR record & reply ack.
Case2: Inter-MSC Movement:
MSC2 VLR1 HLR
2.MAP_update_loc_area
3. MAP_update_loc
4. MAP_update_loc_ack
5. MAP_update_loc_area_ack
Step 1 &2:
Loc update req msg sent form MS to VLR
Step 3:
The HLR addr of MS from the MS’s IMSI stored in VLR
The msg includes
IMSI of MS
Addr of target MSC(i.e. MSC2)
Addr of target VLR(i.e. VLR1) & other info
Step 4:
IMSI, the HLR identifies the /MS’s record & sent ack
Step 5:
Sends ack msg
Case3: Inter-VLR Movement:
MSC2 VLR2 HLR VLR1
1.MAP_update_loc_area
2. MAP_send_identification
3. MAP_send_identification_ack
4. MAP_update_loc
5. MAP_update_loc_ack
6. MAP_update_loc_area_ack
7. MAP_cancel_location
8. MAP_cancel_location_ack
Call origination operation:
VLR term s/w MSC
2. MAP_send_info_for_outgoing_call
3. MAP_send_info_for_outgoing_call_ack
4. IAM
Call termination operation:
Orig s/w GMSC HLR VLR target
MSC
1. ISUP IAM
2. MAP_send_routing_info
3. MAP_provide_roaming_number
4. MAP_provide_roaming_number_ack
5. MAP_send_routing_info_ack
6.ISUP IAM
HLR:
MS information: such as IMSI, MSISDN & ISDN number
Loc info: ISDN no of VLR & MSC where MS resides
Service info: service subscription, restrictions &
supplementary services
VLR:
MS info: IMSI, MSISDN & TMSI
Loc info: MSC no & LAI(loc area ID)
Service info: service info stored in HLR.
VLR failure restoration
1) MS registration
A case of inter-VLR movement
Recovered by the normal registration procedure
Can’t be recognized TMSI
Be asked to send IMSI
2) MS call origination
System error : “unidentified subscriber”
Be asked to initiate the location registration
procedure
3) Ms call termination
Ori s/w GMSC HLR VLR target
MSC
1.ISUP IAM 2.MAP_send_routing_info
3.MAP_provide_roaming_no
4. MAP_provide_roaming_no_ack
5. MAP_restore_data
5. MAP_restore_data_ack
6. MAP_insert_subscriber_data
6. MAP_insert_subscriber_data_ack
7. MAP_send_routing_info_ack
8.ISUP IAM
9. MAP_send_info_for_incoming_subscriber
10.MAP_search_for_mobile_subscriber
12. MAP_process_access_request
13. MAP_process_access_req_ack
1) Uncovered period
1) HLR restoration period
HLR VLR
MAP_Reset
MAP_update_location
MAP_update_location_ack
HLR architecture
Check-pointing
Step 1. For every location entry p in HLR* do:
HLR[p]* · VLR ← HLR[p] · VLR;
Step 2. TS ← current time;
Step 3. For every location entry p in HLR do:
HLR[p] · ts ← TS;
HLR[p] · PVLR ← HLR[p] · VLR;
Step 4. VLR_Counter ← Ø, VLR_List* ← Ø;
RegistrationStep 1. Update HLR:
Vold ← HLR[p] · VLR;Send message, MAP_CANCEL_LOCATION, to cancel the VLR
entry of p at Vold:HLR[p] · VLR ← Vnew;told ← HLR[p] · ts;HLR[p] · ts ← t;
Step 2. Update the Vnew Count field in VLR_Counter: IfHLR[p] · VLR ≠ HLR[p] · PVLR
then:Step 2.1. If VLR_ Counter[Vnew] exists, then:
VLR_Counter[Vnew] · Count ← VLR_Counter[Vnew] · Count + 1;
Step 2.2 Else create VLR_Counter[Vnew] and VLR_List*[Vnew];
VLR_Counter[Vnew] ← 1;
Registration
Step 3. Update the Vold counter entry: If told > TS and Vold ≠
HLR[p] · PVLR then:
Step 3.1.
VLR_Counter[Vold] · Count ← VLR_Counter[Vold] ·Count – 1;
Step 3.2. If VLR_Counter [Vold] · Count = 0 then:
Step 3.2.1. Delete VLR_Counter[Vold] and
VLR_List*[Vold];
Restore
Step 1. TS ← current time;
Step 2. For every location entry p in HLR, do:
HLR[p] · PVLR = HLR[p] · VLR ← HLR[p]* · VLR;
HLR[p] · ts ← TS;
Step 3. For every VLR entry V in VLR_List*, send an
SS7 TCAP
MAP_RESET message to V;
Algorithm O-I: Registration
HLR VLR V2
1.2
1.3 1.1
step 1
HLR VLR V2
2.1 2.2 2.3
step 2
u1 v1
u3 v2
u1 v2
u3 u1
u1
Step 1: Registration Request:
Step 1.1: normal registration process
Step 1.2: perform replacement policy
Step 1.3: fwd registration request
Step 2: Registration Response:
Step 2.1:update loc of u1, set overflow flag u3
Step 2.2: send u1 profile to v2, if u1 overflow then
msg does not include.
Step 2.3: V2 sends ack to MS
HLR HLR
Before reg operation after reg operation (v1 may
not be accessed for registration)
U1 not overflowV1 then cancel operation at V1.
U1 is overflow u1 does not have record in V1.
Cancellation operation simply resets the overflow flag if u1
is not overflow user in V2
* u1 v1 u1 v1
VLR 2
1. MAP_send_info_for_outgonig_call
2. MAP_send_info_for_outgoing_call_ack
3. MAP_update_location_area_ack
4. MAP_update_loc_area
5. MAP_send_info_for_outgoing_call
6. MAP_send_info_for_outgoing_call_ack
Algo O-I
Normal call
origination
procedure
1.1
1.2
HLR VLR V2
1.3
step 1
Step 1: Location query
GMS
C
* u1 v2
u3 v2 u3
2.2
2.1
2.3
2.4
step 2: Location response
GMSC
MSC
u3 u1
u1 v2
* u3 v2