Network Architecture

NAS security
NAS Signalling Connection

E-UTRAN + EPC 36.300 23.401

Registration: Attach, Tracking Area Update AS security

RRC Connection Signalling RB (SRB) S1 Connection Radio Resource Control Channel aware scheduling S1-MME eNB (S1AP) Control Plane interface

Security: Authentication and key agreement

Bearer mgmt: Default and dedicated bearers

S6a
MME HSS

Uu

UE identities USIM id: IMSI Radio id: C-RNTI EPC id: GUTI LTE Radio Techniques Shared data channels 1ms Transmission Time Interval Multi-layer Re-Tx (ARQ and HARQ) Adaptive modulation (QPSK/xQAM) OFDM and MIMO (2 or 4 antennas) System Bw: 1.4, ..., 5, , 20 MHz

(RRC)

(Diameter)

Subscription profiles Security parameters

X2-C (X2AP)

X2-U (GTP)

S11 (GTP)

Provides QoS policies and charging rules

PCRF

User Plane interface Uu

QoS aware routing

S5
SGW

Gx SGi
PGW

Rx

5 UE categories DL: 10-300 Mb/s UL: 5-75 Mb/s

eNB (PDCP)

S1-U (GTP)

IMS/Internet/

(GTP)

Data RB (DRB)

S1 Tunnel

S5 Tunnel

= EPS Bearer

E-UTRAN RAB (E-RAB)

LID_SFO_1_120706

ARQ AS C-RNTI DRB eNB EPC EPS E-RAB

Automatic Repeat Request Access Stratum Cell Radio Network Temporary Identity Data Radio Bearer Evolved NodeB Evolved Packet Core Evolved Packet System E-UTRAN Radio Access Bearer

E-UTRAN GTP GUTI HARQ HSS IMS LTE MIMO

Evolved UTRAN GPRS Tunnelling Protocol Globally Unique Temporary Identity Hybrid Automatic Repeat Request Home Subscriber Server IP Multimedia Subsystem Long Term Evolution Multiple Input Multiple Output

MME NAS OFDM PCRF PDCP PGW QAM QoS

Mobility Management Entity Non Access Stratum Orthogonal Frequency Division Multiplexing Policy and Charging Rules Function Packet Data Convergence Protocol Packet Data Network Gateway Quadrature Amplitude Modulation Quality of Service

QPSK RRC S1AP SGW SRB USIm UTRAN X2AP

Quadrature Phase Shift Keying Radio Resource Control S1 Application Protocol Serving Gateway Signalling Radio Bearer Universal Subscriber Identity Module Universal Terrestrial Radio Access Network X2 Application Protocol

UE NAS RRC PDCP RLC MAC PHY

Uu

MME eNB RRC PDCP SCTP RLC MAC PHY IP L1/L2

S1-MME

NAS Protocols
EMM and ESM
Plain NAS Message
Protected or not Only for ESM messages
8 7 6 5 4 3 2 1

NAS S1AP SCTP IP L1/L2

S1AP

Sec. Header Type EPS Bearer ID

Protocol Discriminator

EMM or ESM Links Request with Response

EMM Procedures
NAS Signalling Conn. Registration Proc:
MME

Procedure Transaction ID Message Type

Protected Message
SHT PD=EMM

Attach Tracking Area Update Detach

Security Proc:

Registration in EPS, IP-addr alloc. Normal (new TA) or periodic (T3412) UE power off or NW initiated

Other Infirmation Elements (mand/opt/cond)

Message Authentication Code (4 oct) Sequence Number Plain NAS Message

ESM Procedures Request IMSI (or IMEI)

NAS Signalling Conn.
MME

Identification Authentication Security Mode Ctrl

Mutual authentication and key agreement Activate security context (ciphering and integrity)

PDN Connectivity Req Default EPS Bearer CTX Act.

Default EPS bearer: - Static QoS (from HSS) - One per PDN Connection

Connection Mgmt:

Service Request
Triggered by: - UL data/signalling or - Paging

Idle to Conn transition Request secure NAS conn.

Bearer Resource Allocation Req Dedicated EPS Bearer CTX Act.

Dedicated EPS bearer: - Dynamic QoS (from PCRF) - One or more /PDN Connection

LID_SFO_2_120706

EMM eNB EPS ESM HSS

EPS Mobility Management Evolved NodeB Evolved Packet System EPS Session Management Home Subscriber Server

IMEI MME NAS PCRF PD

International Mobile Equipment Id. Mobility Management Entity Non Access Stratum Policy and Charging Rules Function Protocol Discriminator

PDN QoS SHT TA TAU

Packet Data Network Quality of Service Security Header Type Tracking Area Tracking Area Update

Idle Mode Mobility

5
RAU ISR Deactivation Signalled to UE in RAU Accept TIN = PTMSI RA 2 RA 1 new PTMSI, RAI ISR = activated old PTMSI, RAI 23.401, 24.301 PDN CTX PDP CTX
SGSN

May be optimised by: UE & location-specific TA lists Alignment of TAs and RAs Idle Mode Signalling Reduction (ISR)

4 While ISR Active

UE can move between RA1/TA1/TA2 with no update Independent periodic TA/RA timers UE stores PTMSI/RAI and GUTI TIN = RAT-related TMSI

RAT Change RAU is needed PTMSI & RAI derived from GUTI

UE MM and PDN Contexts

3
HSS maintains double registration
HSS

3
UE Context Retrieval old PTMSI & RAI ISR = activated

3
Bearer modification possible QoS change

1
UE-specific list based on mobility history refreshed each TAU

ISR Deactivation Triggers No LTE coverage RAU to pre-R8 SGSN Failed periodic registration Bearer act/mod after ISR act.

KASME
MME

CK, IK

SGSN address, ISR = activated

Old GUTI

No LTE Coverage ISR meaningless

1 Initial Attach TIN = GUTI TA 2

1 Bearer/session Creation

TA 1

SGW PGW

PDN

TA change no TAU needed TIN = GUTI

LID_SFO_3_120706

ASME CK GUTI HSS IK ISR MM

Access Security Management Entity Ciphering Key Globally Unique Temporary Id. Home Subscriber Server Integrity Key Idle Mode Signalling Reduction Mobility Management

MME PDP PDN PGW PTMSI RA RAI

Mobility Management Entity Packet Data Protocol Packet Data Network Packet Data Network Gateway Packet TMSI Routing Area Routing Area Identity

RAT RAU SGW TA TAU TIN TMSI

Radio Access Technology Routing Area Update Serving Gateway Tracking Area Tracking Area Update Temporary Id used in Next Update Temporary Mobile Subscriber Identity

Connected Mode Mobility

RAN Features: PS HO support? DTM support? QoS support? Handover/Cell Change Standard 3GPP signalling EPS adapts to target system (Security, QoS, containers) Trusted CDMA2000 HRPD S101 (GTPv2) If Gn-SGSN: MME assumes SGSN role RAN Container: UE RAC and RB description
GERAN UTRAN

If S4-SGSN: EPS QoS mapped to UMTS QoS profile

SGSN

BSC/ RNC

RAN Container: Radio interface HO Command msg

Optimised Mobility Tunneling of non-3GPP msgs - UE pre-registration - Handover execution

MME

UE Mobility Capability R8 Feature Group Indicators: PS HO to UTRAN/GERAN? Meas event B1 and/or B2?

If Gn-SGSN: EPS QoS mapped to UMTS QoS profile

E-UTRAN

Always: Convert KASME CK, IK

If Gn-SGSN: PGW assumes GGSN role

eNB

SGW PGW

PDN

S2a/S2b (PMIP) Non-optimised Mobility IETF mobility solutions used: - MIPv4 or DSMIPv6 - MIP tunnel UE PGW/ePDG e.g. WLAN, WiMAX Fixed access etc
Non-3GPP IP-access

ePDG/ AAA

Access authentication QoS authorization Generates charging data

AAA ASME BSC CK DSMIPv6 DTM ePDG Authentication, Authorization, Accounting Access Security Management Entity Base Station Controller Ciphering Key Dual Stack Mobile IPv6 Dual Transfer Mode Evolved Packet Data Gateway GGSN GTP HRPD IETF IK KASME MIPv4 Gateway GPRS Support Node GPRS Tunnelling Protocol High Rate Packet Data Internet Engineering Task Force Integrity Key ASME Key Mobile IPv4 PDN PMIP RAC RAN RB RNC SGSN Packet Data Network Proxy Mobile IP Radio Access Capability Radio Access Network Radio Bearer Radio Network Controller Serving GPRS Support Node

LID_SFO_4_120706

CS Fallback No IMS voice support in UE/NW (or CS voice preferred in UE) Requires TA, LA alignment Combined registration needed
GERAN/ UTRAN BSC/ RNC

CS Fallback
23.272, 29.118
SM-SC HSS

SM

SMS over SGs or IP?

CS or IMS call?
GMSC PSTN/ISDN

7 CS call
MSC/ VLR

4
PS Handover involving SGSN and SGW

5 Paging Respose 6 CS Call setup

2
(

MT call: MSISDN IMSI LAI MME)

Simultaneous PS Session: - Handed over and continued - Suspended during CS call - Disconnected (GBR service)

SGSN

Paging 3 (if ISR active)

SGs

SGsAP
SCTP/IP L1/L2

Registration (Attach & LAU) Paging and Service Request SM transfer (no fallback)

Voice Domain Selection (UE): - Terminal capabilities - User preference/setting - Network policy/indication - Registration status (IMS/CS) - Ongoing call/session

3
Paging with CN domain = CS
MME

Mapping from TA to (default) LA

1
E-UTRAN

Combined Attach or TA/LA Update

SGW PGW

PDN (IMS)

(PS session)

LID_SFO_5_120706

CSFB DTM GBR HO IMS ISR

Circuit Switched Fallback Dual Transfer Mode Guaranteed Bit Rate Handover IP Multimedia Subsystem Idle Mode Signalling Reduction

LA LAI LAU MGCF MSISDN MT

Location Area Location Area Identity Location Area Update Media Gateway Control Function Mobile Station ISDN Number Mobile Terminating

PDN SCTP SGsAP SM SM-SC TA

Packet Data Network Stream Control Transmission Prot. SGs Application Protocol Short Message Short Message Service Center Tracking Area

UE NAS RRC PDCP RLC MAC PHY

Uu

MME eNB RRC PDCP RLC MAC PHY SCTP IP L1/L2

S1-MME

Radio Resource Control Protocol

Synchronisation Signals (PHY)

36.331

NAS S1AP SCTP IP L1/L2

S1AP

System Information MIB Message: 40ms TTI

System Bw Antenna config. System Frame Nr

SIB 1 Message: 80ms

PLMN Id list

RRC Procedures
RRC Connection
eNB

TAC, Cell Id Cell selection info SI scheduling info

System Information Paging

Radio parameters for Idle & Connected mode operation

SI Message: 80-5120ms One or more SIBs /msg

Cell re-selection info

RRC Connection Est.

NAS Message Transfer Security Mode Control UE Capability Transfer RRC Conn. Reconfiguration RRC Conn. Release

RRC Idle-to-Connected Establish SRB 1, Carries 1st NAS msg

PRACH config. Control CH config. Paging cycle

Carries all other NAS messages

Configure AS security Request (additional) UE capabilities Configure SRB2 Configure DRBs Configure measurements Execute Handover Conn to Idle Redirect info Freq/RAT prio

Radio Bearer Configuration

RRC

Control primitives

PDCP/RLC/MAC PHY

RRC CONFIG MESSAGE Header Compression profiles ARQ/HARQ operation parameters Logical channel priorities Usage of control channels .....

SRB0: CCCH, fixed config in specs SRB1: DCCH, signalled or default config. SRB2: DCCH-NAS, signalled/default Config. after DRB: DTCH, always signalled AS security activated

LID_SFO_6_120706

ARQ AS CCCH DCCH DRB

Automatic Repeat Request Access Stratum Common Control Channel Dedicated Control Channel Data Radio Bearer

DTCH HARQ MAC MIB NAS

Dedicated Traffic Channel Hybrid Automatic Repeat Request Medium Access Control Master Information Block Non Access Stratum

PDCP PRACH RAT RLC RRC

Packet Data Convergence Protocol Physical Random Access Channel Radio Access Technology Radio Link Control Radio Resource Control

SI SIB SRB TAC TTI

System Information System Information Block Signalling Radio Bearer Tracking Area Code Transmission Time Interval

UE NAS RRC PDCP RLC MAC PHY

Uu

MME eNB RRC PDCP RLC MAC PHY SCTP IP L1/L2

S1-MME

Medium Access Control Protocol

MAC Architecture (eNB)
LogCHs QoS parameters UE capabilities Schedulers DL & UL LogCH Multiplexing HARQ (8 processes)
DL-SCH

36.321

NAS S1AP SCTP IP L1/L2

S1AP

Scheduling

LogCHs PDCCH: MCS & PRBs

MAC Control Procedures

RA-PREAMBLE

BSR PHR

DL-SCH PUCCH/PUSCH: A/N UL-SCH PHICH: A/N

PDCCH: RA-RNTI
RA-RESPONSE: UL grant, TA, C-RNTI C-RNTI/ P-RNTI/ SI-RNTI DATA/ PAGING/ SYS INFO DATA [ TA UPDATE ] DATA [ BSR/PHR ]

De-multiplexing

HARQ (8 proc)
UL-SCH

HARQ A/N

CQI, SR

DL assign. UL grants

HARQ A/N

Channel and QoS aware Dynamic scheduling: UE monitors PDCCH each TTI Semi - Persistent scheduling: Preconfigured periodic resource HARQ Operation

1 Transport Block (= MAC PDU) per TTI to PHY

Random access: Initial access, HO access, TA update (UE init) Addressing: x-RNTI TA Update: eNB init when needed, UE init when TA timer expires Buffer Status Reporting (BSR) Periodic, new higher prio data, # padding bits > BSR size Power Headroom Reporting (PHR) Periodic, when pathloss change > X
N

Scheduling Request Sequence

(UL Grant needed) N N

PUCCH? Y Send SR!

Initiate RA!

RESP? Y

8-process Stop-and-Wait HARQ DL: Asynchronous, Adaptive UL: Synchronous, eNB controlled

GRANT? Y Use Grant!

SR is repeated until an UL Grant is received

LID_SFO_7_120706

A/N BSR CQI C-RNTI DL-SCH HARQ LogCH MCS PDCCH PDU PHICH PHR

ACK/NACK Buffer Status Report Channel Quality Indicator Cell RNTI Downlink Shared Channel Hybrid Automatic Repeat Request Logical Channel Modulation and Coding Scheme Physical Downlink Control Channel Protocol Data Unit Physical HARQ Indicator Channel Power Headroom Report

PRB P-RNTI PUCCH PUSCH RA RA-RNTI RNTI SI-RNTI SR TA TTI UL-SCH

Physical Resource Block Paging RNTI Physical Uplink Control Channel Physical Uplink Shared Channel Random Access Random Access RNTI Radio Network Temporary Identity System Information RNTI Scheduling Request Timing Advance Transmission Time Interval Uplink Shared Channel

Layer 1 Information Processing - Part 1

Example: Fixed Reference Channel R.11 FDD

DL-SCH Channel Coding

4352 /block (3 blocks) 13068/ block
S P1 P2 Parity bits are interlaced

36.212

8800 /block

12960 bits

12984

3 blocks: 26400 bits = 1 Code Word

Scrambling Modulation Antenna & resource mapping

1 TB

CRC 24 (bit error detection)

Code Block Segmentation

If input > 6144 bits CRC24 added per block

Turbo Coding R=1/3 (bit error correction)

Includes 12 termination bits

Sub-block Interleaving

Rate matching (circular buffer)

Depends on: - Wanted code rate - Available PhyCH bits - Redundancy version

Code Block Concatenation

MIMO: 1 or 2 TB/TTI

Described in 36.211

Turbo Coder Systematic bits (S) + 3 bits 1 code block (4352 bits) Convolutional coder 1 Parity 1 bits (P1) + 3

Circular Buffer Rate Matching

S ...

S ...

Redundancy version 0 (RV0) always contains ALL systematic bits

P2

Inter leaver

CONV coder 2

Parity 2 bits (P2)

Termination bits

+ 3 3

P1

RV2

P2

P1

RV1

LID_SFO_8_120706

CONV CRC DL-SCH FDD MIMO P1

Convolutional Coder Cyclic Redundancy Check Downlink Shared Channel Frequency Division Duplex Multiple Input Multiple Output Parity 1 bits

P2 PhyCH RV S TB TTI

Parity 2 bits Physical Channel Redundancy Version Systematic bits Transport Block Transmission Time Interval

Layer 1 Information Processing - Part 2

DL-SCH Scrambling and Modulation
26400 bits (3 code blocks) 6600 16QAM symbols Layer Mapping (symbols 1-4 layers) 2 layers 36.211 Mod. symbol RE 6600 REs needed (8400 available/port) Precoding (mapping to 1,2 or 4 antennas)
Yi ...

2 antenna ports OFDM (IFFT)

Xi ...

Code Word q0

Cell-specific Scrambling Pseudo-random bit sequence

Modulation (QPSK/xQAM) Code Word q1 (if MIMO)

RE Mapping
...

RE Mapping

OFDM (IFFT)

Depends on Tx mode: - Single antenna tx - Tx diversity - Spatial multiplexing - Beamforming

Mixing data, control channels and reference signals

Not standardised

Scrambling Sequence Randomizes inter-cell interference

Sequence Generation (PDSCH example) Purpose dependent Fixed rules in specs Cinit Extend to desired length Code Word Cn

Phy Cell ID RNTI

Phy Cell ID

Initiate sequence

UE de-masks all DL signals with cell-specific scrambling seq.

Cinit = (RNTI 214 ) + (q 213 ) + ns/ 2 29 + PhyCell-ID

Code Word Slot number number

LID_SFO_9_120706

DL-SCH IFFT OFDM QAM QPSK

Downlink Shared Channel Inverse Fast Fourier Transform Orthogonal Frequency Division Multiplexing Quadrature Amplitude Modulation Quadrature Phase Shift Keying

RE RNTI TB Tx XOR

...
Resource Element Radio Network Temporary Id. Transport Block Transmission/Transmit Exclusive-Or

Downlink Transmission Procedures

Scheduling and HARQ
PCFICH PDSCH
DL

1 subframe DATA P5 Physical Resource Block pair Re-Tx P1 DL Retransmissions: Always scheduled (may be adaptive)

DATA P1

PDCCH: DL Assignment UE-ID: RNTI PRBs: bitmap/RIV MCS (TB size implicit) HARQ info: RV, NDI HARQ Process Id PUCCH TPC

Bitmap allows Distributed PRB allocation

Minimum HARQ RTT = 8 subframes need 8 Processes

DL/UL Scheduling Dynamic (C-RNTI): - PDCCH read each TTI Semi-persistent (SPS-RNTI): - Preconfigured resource - PDCCH-less PUCCH ACK P5

PUSCH
UL

PUCCH CSR (A/N)

PUCCH NACK P1 On PUCCH: Periodic (2-128ms) PUSCH: Aperiodic (on eNB request) Both: Wideband or subband CQI: downlink channel quality PMI: preferred precoding RI: preferred # layers

DATA P7 CSR

LID_SFO_10_120706

CQI C-RNTI CSR DCI HARQ MCS

Channel Quality Indicaton Cell RNTI Channel Status Reporting Downlink Control Information Hybrid Automatic Repeat Request Modulation & Coding Scheme

MIMO NDI P PCFICH PDCCH PDSCH

Multiple Input Multiple Output New Data Indicator (HARQ) Process Physical Control Format Indicator CH Physical Downlink Control CH Physical Downlink Shared CH

PMI PRB PUCCH PUSCH RI RIV

Precoding Matrix Indication Physical Resource Block Physical Uplink Control CH Physical Uplink Shared CH Rank Indicaton Resource Indication Value

RNTI RTT RV SPS-RNTI TB TPC

Radio Network Temporary Id. Round-Trip Time Redundancy Version Semi Persistent Scheduling RNTI Transport Block Transmit Power Command

Uplink Transmission Procedures

DCI Format 0 UE-ID: RNTI PRBs: RIV MCS, RV, NDI PUSCH TPC DL CQI request ind.

Scheduling and HARQ

1 subframe DCI 0 & DCI 1/2 UL grant & DL assignm. DATA P7 PHICH NACK for P1 (acts as implicit grant)

DCI 3 Transmit Power Commands to multiple UEs

PHICH A/N for P5

Scheduling Request TA valid: SR on PUCCH TA invalid: SR on PRACH TA timer: 500-10240 ms PUSCH

UL

PUSCH DATA P5

PUSCH with UL control info

Re-Tx P1 A/N (CSR) UL Retransmissions: PHICH: non-adaptive With PDCCH: adaptive

Scheduling Request

DATA P1

UCI Formats: 1: Scheduling Request 1a: ACK/NACK, 1 TB 1b: ACK/NACK, 2 TB 2: CQI/PMI/RI 2a: CQI..., 1 A/N 2b: CQI..., 2 A/N

PUCCH region

PUSCH transmission forbidden in all SRS symbols

PUSCH for all UEs

Sounding RS (SRS) Periodic SRS (2-160ms) used for: - UL CH quality estimation - input for TA regulation - input for power control Wideband or hopping narrowband

PUCCH
CQI CSR DCI HARQ MAC MCS Channel Quality Indicaton Channel Status Reporting Downlink Control Information Hybrid Automatic Repeat Request Medium Access Control Modulation & Coding Scheme NDI PDCCH PHICH PMI PRACH PRB New Data Indicator Physical Downlink Control CH Physical HARQ Indication CH Precoding Matrix Indication Physical Random Access CH Physical Resource Block PUCCH PUSCH RI RIV RNTI RV Physical Uplink Control CH Physical Uplink Shared CH Rank Indicaton Resource Indication Value Radio Network Temporary Id. Redundancy Version SR SRS TA TB TPC UCI Scheduling Request Sounding Reference Signal Timing Advance Transport Block Transmit Power Command Uplink Control Information

LID_SFO_11_120706