03_tm51153en04gla2_lte-eps mobility and session and management.pdf
TRANSCRIPT
-
TM51153EN04GLA2 Nokia Solutions and Networks 2014
Nokia AcademyLTE/EPS Fundamentals CourseLTE/EPS Mobility & Session Management
-
2 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Copyright and confidentialityThe contents of this document are proprietary and confidential property of Nokia Solutions and Networks. This document is provided subject to confidentiality obligations of the applicable agreement(s).
This document is intended for use of Nokia Solutions and Networks customers and collaborators only for the purpose for which this document is submitted by Nokia Solutions and Networks. No part of this document may be reproduced or made available to the public or to any third party in any form or means without the prior written permission of Nokia Solutions and Networks. This document is to be used by properly trained professional personnel. Any use of the contents in this document is limited strictly to the use(s) specifically created in the applicable agreement(s) under which the document is submitted. The user of this document may voluntarily provide suggestions, comments or other feedback to Nokia Solutions and Networks in respect of the contents of this document ("Feedback"). Such Feedback may be
used in Nokia Solutions and Networks products and related specifications or other documentation. Accordingly, if the user of this document gives Nokia Solutions and Networks feedback on the contents of this document, Nokia Solutions and Networks may freely use, disclose, reproduce, license, distribute and otherwise commercialize the feedback in any Nokia Solutions and Networks product, technology, service, specification or other documentation.
Nokia Solutions and Networks operates a policy of ongoing development. Nokia Solutions and Networks reserves the right to make changes and improvements to any of the products and/or services described in this document or withdraw this document at any time without prior notice.
The contents of this document are provided "as is". Except as required by applicable law, no warranties of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular
purpose, are made in relation to the accuracy, reliability or contents of this document. NOKIA SOLUTIONS AND NETWORKS SHALL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THIS DOCUMENT or for any loss of data or income or any special, incidental, consequential, indirect or direct damages howsoever caused, that might arise from the use of this document or any contents of this document.
This document and the product(s) it describes are protected by copyright according to the applicable laws.
Nokia is a registered trademark of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of theirrespective owners.
Nokia Solutions and Networks 2014
-
3 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module ObjectivesAfter completing this module, the participant should be able to:
Introduce the LTE Mobility Areas. List different LTE-UE identifications. Compare the terminology used in 3G and LTE when referring to Mobility
and Session Management. Describe the LTE Mobility & Connection States. Explain the EPS Bearer Architecture and Attributes. Analyze different LTE/EPS procedures: Attach, S1 Release, Detach,
Service Request, Tracking Area Update, Dedicated SAE Bearer Activation and inter eNB handover.
Review the LTE/EPS Authentication Procedure
-
4 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module Contents
LTE/EPS Mobility Areas LTE-UE Identifications Mobility & Connection Management Terminology LTE Mobility & Connection States The EPS Bearer LTE/EPS Procedures Security: EPS Authentication
-
5 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module Contents
LTE/EPS Mobility Areas LTE-UE Identifications Mobility & Connection Management Terminology LTE Mobility & Connection States The EPS Bearer LTE/EPS Procedures Security: EPS Authentication
-
6 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE/EPS Mobility Areas
Two areas are defined for handling of mobility in LTE/EPS:
Tracking Area (TA)It is the successor of location and routing areas from 2G/3G.When a UE is attached to the network, the MME will know the UEs position on tracking area level. In case the UE has to be paged, this will be done in the full tracking area. Tracking areas are identified by a Tracking Area Identity (TAI).
The Cell Smallest entity regarding mobilityWhen the UE is connected mode, the MME will know the UEs position on cell levelCells are identified by the Cell Identification (CI) and by the Physical Cell Identification (PCI)
-
7 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Tracking Areas
S-eNBTAI3TAI3
TAI3TAI3
TAI3TAI3
TAI3
MME
eNB
TAI2TAI2
TAI2TAI2
TAI2
TAI2TAI2
TAI2
TAI1TAI1
TAI1TAI1
TAI1 eNB 1 2
MME
3
Cell Identity
Tracking Area
Tracking Area Identity (TAI) vs. Tracking Area Code (TAC)TAI= MCC + MNC + TAC
Tracking Area Update (TAU) Procedure triggered by the LTE-UE moving to a new TA.TAU are performed by the LTE-UE in both idle and connected mode. (GSM/UMTS difference)For further info refer to TS 23.401 chapter 5.3.3.0
-
8 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Multiple Tracking Areas Registration
UE may be told by the network to be registered in several tracking areas simultaneously. Gain: when the UE enters a new cell, it checks which tracking areas the new cell is part of. If this TA is on UEs TA list, then no tracking area update is necessary.
S-eNBTAI3TAI3
TAI3TAI3
TAI3TAI3
TAI3
MME
eNB
TAI2TAI2
TAI2TAI2
TAI2
TAI2TAI2
TAI2
TAI1TAI1
TAI1TAI1
TAI1 eNB 1 2
MME
3
Cell Identity
Tracking Area
TA List:TA1TA2
-
9 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Tracking Areas: Use of S1-flex Interface
MME Pooling:several MME
handle the same
tracking area
TAI1
S-eNB
TAI2
TAI2TAI2
TAI3
TAI3TAI3
TAI3
MME
eNB
TAI2
TAI2TAI2
TAI2
TAI2
TAI2TAI2
TAI2
TAI1
TAI1
TAI1
eNB
S-MME
TAI1
321
1 2 3
3
2
1 TAI1TAI2TAI3
Due to S1-Flex implementation both MME must be aware on how the Radio Network is organized in TAs
-
10 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module Contents
LTE/EPS Mobility Areas LTE-UE Identifications Mobility & Connection Management Terminology LTE Mobility & Connection States The EPS Bearer LTE/EPS Procedures Security: EPS Authentication
-
11 TM51153EN04GLA2 Nokia Solutions and Networks 2014
UE Identifications
IMSI International Mobile Subscriber Identity
GUTI Global Unique Temporary Identity
C-RNTI Cell Radio Network Temporary Identity
S1-AP UE ID S1 Application Protocol User Equipment Identity
-
12 TM51153EN04GLA2 Nokia Solutions and Networks 2014
UE Identifications: IMSI
IMSI: International Mobile Subscriber Identity. Used in LTE to uniquely identify a subscriber world-wide Its structure is kept in form of MCC+MNC+MSIN:
MCC: mobile country code MNC: mobile network codeMSIN: mobile subscriber identification number
A subscriber can use the same IMSI for 2G, 3G and LTE access MME uses the IMSI to locate the HSS holding the subscribers permanent
registration data for tracking area updates and attaches
IMSI
MCC MNC MSIN
3 digits 2 digits 10 digits
-
13 TM51153EN04GLA2 Nokia Solutions and Networks 2014
GUTI: Globally Unique Temporary Identity It is dynamically allocated by the serving MME Its main purpose is to avoid usage of IMSI on air Internally the allocating MME can translate GUTI into IMSI and vice versa The GUTI consists of 2 components: GUMMEI and M-TMSI
UE Identification: GUTI
GUTIM-TMSIGUMMEI
M-TMSI: Temporary Identity of the UE within and specific MME.
GUMMEI: Global Unique MME Identity:Identity of the MME that allocated the GUTIIt Contains:MCC + MNC + MME group ID (MMEGI) + MME Code (MMEC)
-
14 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Further Reading: S-TMSI
S-TMSI: The SAE TMSI (S-TMSI) is a shortened form of the GUTI It is used to identify the UE over the radio path and is included in the RRC connection request and paging messagesThe S-TMSI contains the MMEC and M-TMSI components of the GUTI Note, however, that the S-TMSI does not include the MMEGI that is, the MME pool component
M-TMSIMMEC
GUMMEI
MMEGIMNCMCC
GUTI
S-TMSI
-
15 TM51153EN04GLA2 Nokia Solutions and Networks 2014
UE Identifications: C-RNTI
C-RNTI: Cell Radio Network Temporary Identity C-RNTI is allocated by the eNB serving a UE when it is in active mode
(RRC_CONNECTED) This is a temporary identity for the user only valid within the serving cell of
the UE It is release as soon as the UE moves to idle state (RRC_IDLE) It is exclusively used for radio management procedures.
-
16 TM51153EN04GLA2 Nokia Solutions and Networks 2014
UE Identifications:S1-AP UE ID
S1-AP UE ID: S1 Application Protocol User Equipment Identity. Two additional temporary identifiers allocated by eNB and MME:
- eNB S1-AP UE ID- MME S1-AP IE ID
Their purpose is to allow efficient implementation of S1 control signaling (S1AP=S1 Application Protocol) They shall allow easy distribution of S1 signaling messages inside MME and eNB. NOTE: This concept is similar to SCCP local references known from Iu or A interface in 3G/2G.
-
17 TM51153EN04GLA2 Nokia Solutions and Networks 2014
IMSI International Mobile Subscriber IdentityGUTI Globally Unique Temporary IdentityC-RNTI Cell Radio Network Temporary Identity
UE Identifications Summary
C-RNTIeNB S1-AP UE-ID | MME S1-AP UE-ID
MCCIMSIMNC MSIN
S-eNBTAI2TAI2
TAI2TAI3
TAI3TAI3
TAI3
MME
HSS
eNB
TAI2TAI2
TAI2TAI2
TAI2
TAI2TAI2
TAI2
TAI1TAI1
TAI1TAI1
TAI1eNB
1 2
S-MME
32
Cell Identity MME Identity
3
1
GUTIM-TMSIGUMMEI
TAI Tracking Area Identity (MCC+MNC+TAC) S-MME Serving MMES-eNB Serving E-Node B
-
18 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module Contents
LTE/EPS Mobility Areas LTE-UE Identifications Mobility & Connection Management Terminology LTE Mobility & Connection States The EPS Bearer LTE/EPS Procedures Security: EPS Authentication
-
19 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Terminology in LTE and in 3G Connection and Mobility Management
3G LTE
GPRS attached EMM registered
Handovers (DCH) when RRC connected
Handovers when RRC connected
RNC hides mobility from core network
Core network sees every handover
Mobility management
Connection management
Location area Not relevant (no CS core)Routing area Tracking area
PDP context EPS bearer
Radio access bearer Radio bearer + S1 bearer
-
20 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module Contents
LTE/EPS Mobility Areas LTE-UE Identifications Mobility & Connection Management Terminology LTE Mobility & Connection States The EPS Bearer LTE/EPS Procedures Security: EPS Authentication
-
21 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE Mobility & Connection States
There are two sets of states defined for the UE based on the information held by the MME.
These are:1.- EPS* Mobility Management (EMM) states2.- EPS* Connection Management (ECM) states
*EPS: Evolved Packet System
-
22 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS Mobility Management (EMM) states
EMM deregistered EMM registered
Attach
Detach
-
23 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS Mobility Management (EMM) states
EMM-DEREGISTERED: In this state the MME holds no valid location information about the UE MME may keep some UE context when the UE moves to this state
(e.g. to avoid the need for Authentication and Key Agreement (AKA) during every attach procedure)
Successful Attach and Tracking Area Update (TAU) procedures lead to transition to EMM-REGISTERED
EMM-REGISTERED: In this state the MME holds location information for the UE at least to
the accuracy of a tracking area In this state the UE performs TAU procedures, responds to paging
messages and performs the service request procedure if there is uplink data to be sent.
-
24 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS Connection Management (ECM) and LTE Radio Resource Control (RRC) States UE and MME enter ECM-CONNECTED state when the signaling
connection is established between UE and MME UE and E-UTRAN enter RRC-CONNECTED state when the signaling
connection is established between UE and E-UTRAN
ECM idle ECM connected
S1 connection establishment
S1 connection release
RRC idle RRC connected
RRC connection establishment
RRC connection release
E-UTRAN MMEUE
-
25 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS Connection Management
ECM Connected= RRC Connected + S1 Connection
eNB
MME
UE
RRC Connection S1 Connection
ECM Connected
-
26 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS Connection Management (ECM) states
ECM-IDLE: In this state there is no NAS signaling connection between the UE and the
network and there is no context for the UE held in the E-UTRAN. The location of the UE is known to within the accuracy of a tracking area Mobility is managed by tracking area updates.
ECM-CONNECTED: In this state there is a signaling connection between the UE and the MME
which is provided in the form of a Radio Resource Control (RRC) connection between the UE and the E-UTRAN and an S1 connection for the UE between the E-UTRAN and the MME.
The location of the UE is known to within the accuracy of a cell. Mobility is managed by handovers.
-
27 TM51153EN04GLA2 Nokia Solutions and Networks 2014
RRC States
RRC-IDLE: No signaling connection between the UE and the E-UTRAN. I.e.: PLMN Selection. UE Receives system information and listens for Paging. Mobility based on Cell Re-selection performed by UE. No RRC context stored in the eNB (No C-RNTI). RACH procedure used on RRC connection establishment.
RRC-CONNECTED: UE has an E-UTRAN RRC connection. UE has context in E-UTRAN (C-RNTI allocated). E-UTRAN knows the cell which the UE belongs to. Network can transmit and/or receive data to/from UE. Mobility based on handovers UE reports neighbor cell measurements.
-
28 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EMM & ECM States Transitions
EMM_Deregistered
ECM_Idle
Power On
Registration (Attach)
EMM_Registered
ECM_Connected
Allocate C-RNTI, GUTI Allocate IP address Authentication Establish security context
Release RRC connection Release C-RNTI Configure DRX for paging
EMM_Registered
ECM_Idle
Release due to Inactivity
Establish RRC ConnectionAllocate C-RNTI
New TrafficTAUDeregistration (Detach)Change PLMN
Release C-RNTI, GUTI Release IP address
Timeout of Periodic TAUpdate
Release GUTI Release IP address
-
29 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EMM & ECM States Summary
EMM_Deregistered
ECM_Idle
Network Context: no context exists
Allocated IDs: IMSI
UE Position: unknown to network
Mobility: PLMN/cell selection
UE Radio Activity: none
EMM_Registered
ECM_Connected
Network Context: all info for ongoing transmission/reception
Allocated IDs: IMSI, GUTI IP address C-RNTI
UE Position: known on cell level
Mobility: NW controlled handover
UE Radio Activity: DL w/o DRX UL w/o DTX
EMM_RegisteredECM_Idle
Network Context: security keys enable fast transition to ECM_CONNECTED
Allocated IDs: IMSI, GUTI IP address
UE Position: known on TA level (TA list)
Mobility: cell reselection
UE Radio Activity: DL DRX for paging no UL
-
30 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module Contents
LTE/EPS Mobility Areas LTE-UE Identifications Mobility & Connection Management Terminology LTE Mobility & Connection States The EPS Bearer LTE/EPS Procedures Security: EPS Authentication
-
31 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE/EPS Bearer
The main function of every mobile radio telecommunication network is to provide subscribers with transport bearers for their user data.
In circuit switched networks users get a fixed assigned portion of the networks bandwidth.
In packet networks users get a bearer with a certain quality of service (QoS) ranging from fixed guaranteed bandwidth down to best effort services without any guarantee.
LTE/EPS is a packet oriented system
EPS/SAEBearer
PDN GW
UE
-
32 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE/EPS Bearer: Identity & Architecture
cell
S1-ULTE-Uu S5/S8
PDN
SGieNB Serving
GatewayPDN
Gateway
E-UTRAN EPC PDN
An EPS bearer identity uniquely identifies an EPS bearer for one UE. The EPS Bearer Identity is allocated by the MME.LTE/EPS Bearer spans the complete network, from UE over EUTRAN and EPC up to the connector of the external PDN. The SAE bearer is associated with a quality of service (QoS) usually expressed by a label or QoS Class Identifier (QCI)
LTE-UE
End-to-End Service
EPS Bearer External Bearer
Radio Bearer S1 Bearer S5/S8 Bearer
-
33 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE/EPS Bearer SectionsS5/S8 Bearer Between the P-GW to S-GW. This is usually a GTP or MIP (Mobile IP) tunnel between the two network
elements.
S1 BearerBetween eNB and S-GW.The S1 Bearer is implemented using the 2G/3G GTP (GPRS Tunneling Protocol) protocol which builds a GTP tunnel between eNB and S-GW. The setup of this S1Bearer is managed by the MME. S-GW and eNB do not directly exchange signaling to create it.
Radio BearerBetween UE and eNB. The eNB connects a radio bearer internally with the associated S1 Bearer on S1-U interface. The mapping of radio bearers to physical resources on the air interface is the major task of the eNB scheduler.
-
34 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS Bearers Establishment can be triggered by.
cellS1-U
UES5
PDNSGi
eNB
ServingGateway PDN
Gateway
EPS Bearer External Bearer
MME:This happens typically during the attach procedure of an UE. Depending on the information coming from HSS, the MME will set up an initial bearer, also known as the Default EPS bearer. This EPS bearer provides the initial connectivity of the UE with its external data network or IMS platform. MME
S1-MMES11
PDN Gateway: The external data network can request the setup of an EPS bearer by issuing this request via PCRF to the PDN gateway. This request will include the quality of service granted to the new bearer. Those are referred as Dedicated EPS bearers.
UE: Note here the differences to GPRS in 2G/3G networks, where only MS/UE initiated PDP context setup is defined.
PCRFGx/S7
Rx
Further Reading in Note Page
-
35 TM51153EN04GLA2 Nokia Solutions and Networks 2014
The Default Bearer Concept
Each UE that is attached to the LTE network has at least one bearer available, that is called the default bearer.
Its goal is to provide continuous IP connectivity towards the EPC (always-on concept)
From the QoS point of view, the default bearer is normally a quite basic bearer
If an specific service requires more stringent QoS attributes, then a dedicated bearer should be established.
cellS1-U
UES5
PDNSgi
eNB
ServingGateway
PDNGateway
Default EPS Bearer
MME
S1-MMES11
-
36 TM51153EN04GLA2 Nokia Solutions and Networks 2014
- Dedicated bearer is supported to provide QoS differentiation for applications having different QoS requirements, and to ensure optimal resource use in operators network. Dedicated bearers roughly correspond to 2G/3G secondary PDP contexts.- Once the UE has initiated a default bearer with a particular APN, a dedicated bearer may be established with the same APN and IP addresses but with different QoS parameters to meet specific application needs, such as IMS voice, IMS signalling, video streaming, file transfer, and so forth. The dedicated bearer is either GBR (guranteed bit rate) or non-GBR, and it may have any of the QCI values 1-9.
Dedicated EPS bearer
Figure: Dedicated bearer
-
37 TM51153EN04GLA2 Nokia Solutions and Networks 2014
SAE Bearer QoS Awareness One of the major requirements for EUTRAN and EPC to fulfill is that every SAE
bearer must be QoS aware. All data transmitted within a SAE bearer will get the same QoS handling
(scheduling, prioritization, discarding probability, etc.). Different applications (for example take a packet video streaming service and a ftp
download) have different QoS setting and cannot share the same SAE bearer. Other applications with similar traffic characteristics will be able to be placed inside
the same SAE bearer provided that the bandwidth of the bearer is scaled accordingly .
Due to this fact, the standard will allow a UE to have several SAE bearers, each one with a different QoS setting.
-
38 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS Bearer QoS Attributes
EPS Bearer QoS Parameters (To be defined per Bearer)
Default Bearer/Dedicated Bearer
GBR/N-GBR
MBR
UL/DL-TFT
QCI
ARP
EPS Bearer QoS Parameters (To be defined per User) AMBR
-
39 TM51153EN04GLA2 Nokia Solutions and Networks 2014
QoS Class Identifier (QCI) Table in 3GPP
GBR1
Guarantee Delay budget Loss rate ApplicationQCI
GBR
100 ms 1e-2 VoIP
2
GBR
150 ms 1e-3 Video call
3
GBR
300 ms 1e-6 Streaming
4
Non-GBR 100 ms 1e-6 IMS signaling5
Non-GBR 100 ms 1e-3 Interactive gaming6
Non-GBR 300 ms 1e-6TCP protocols : browsing, email, file download
7
Non-GBR 300 ms 1e-68
Non-GBR 300 ms 1e-69
Priority
2
4
5
1
6
7
8
9
50 ms 1e-3 Real time gaming3
-
40 TM51153EN04GLA2 Nokia Solutions and Networks 2014
SAE Bearer QoS Attributes (1/3)Dedicated or Default bearer: The default bearer is allocated during attach of a UE to the system. Dedicated bearers on the other hand are created on demand by the external PDN
network. Only dedicated bearers can be of Guaranteed Bit rate (GBR) type.
GBR (Guaranteed Bit Rate) or NGBR (Non Guaranteed Bit Rate): GBR bearers will reserve some (physical or virtual) capacity along the transmission path and thus guarantee some bit rate level. This is required for streaming and conversational services with low upper delay and delay jitter bounds. For services that do not have so strong requirements regarding these values typically NGBR bearers will be used. The technical difference between GBR and NGBR will be seen in the admission control functions of eNB, SAE GW and PDN GW. GBR bearers will usually block more virtual resources for the same throughput and peak bit rate than NGBR bearers.
-
41 TM51153EN04GLA2 Nokia Solutions and Networks 2014
SAE Bearer QoS Attributes (2/3)
Traffic Flow Control (UL/DL-TFT): Because a single UE can have multiple SAE bearers, the system requires some
kind of packet filter to decide which IP datagram has to go to which SAE bearer. These packet filters are formed by the uplink and downlink TFT (Traffic Flow
Template). Each dedicated SAE bearer has to have one UL and one DL TFT. Some criteria like source and destination IP address, flow labels, port numbers,
transport layer protocol type, etc. specifies, which IP datagrams will have to be sent in the associated SAE bearer.
In the moment the concrete structure of the TFT is for further study, especially whether additional QoS parameters might be inside or not.
Maximum Bit Rate (MBR):Identifies the Maximum Bit Rate for the SAE Bearer.Can be only specified for GBR SAE BearersNot included in 3GPP Rel.8: in Rel 8 the MBR is always set to equal to the GBR
-
42 TM51153EN04GLA2 Nokia Solutions and Networks 2014
SAE Bearer QoS Attributes (3/3)Label or QCI: The label is simply an integer number assigned to the SAE bearer. This number indicates the QoS category the bearer belongs to by identifying a set
of locally configured values for 3 QoS attributes: Priority, Delay and Loss Rate. It is up to the operator to define these labels, although some standard labels might
be provided by 3GPP. This label can be translated into a DiffServ-tag used on S1-U and S5/S8 in the IP
header to implement IP differentiated service routing in the associated IP protocol stacks.
Refer to next slides for further information on this parameter
Allocation/Retention Priority (ARP):Indicated the priority of the Bearer compared to other bearers.This provides the basic information for admission control for bearer set-up and for bearer dropping (in case of congestion situation).
Aggregate maximum Bit Rate (AMBR):Specifies a maximum bandwidth per user (UE) considering all the simultaneous services established by this user.
-
43 TM51153EN04GLA2 Nokia Solutions and Networks 2014
SAE Bearer Usage ExamplePDN
Gateway
PDN
IMAP server(IP:A, UDP Port:a)
SIP server(IP:B, UDP Port:b)
VoIP User Agent(IP:C, UDP Port:c)
Default EPS Bearer (N-GBR)
Dedicated EPS Bearer (GBR)
E-MAIL
SIP UA
VoIPCodec
DL Packet Filter:(DL TFT)IP Source Add.=C UDP Source Port =cProtocol = UDP/RTP
UL Packet Filter:(UL TFT)IP Dest Add.=C UDP Dest. Port =cProtocol = UDP/RTP
-
44 TM51153EN04GLA2 Nokia Solutions and Networks 2014
IP PackageIP Source:AIP Dest.:B
GTP-U T-PDU
TEID-SG1
SAE bearer GTP option shown on S5/S8
S1-U S5PDN
SgieNB ServingGateway
PDNGateway
Applic.IP
IP: A IP: B
Radio Bearer S1 GTP-U Tunnel S5/S8 GTP-U Tunnel
IP PackageIP Source:B
IP Dest:A
TEID-eNB
TEID-SG1
TEID-SG2
TEID-PG
GTP-U T-PDU
TEID-SG2IP PackageIP Source:B
IP Dest:A
GTP-U T-PDU
TEID-eNBIP PackageIP Source:B
IP Dest:A
Radio Protocols
IP PackageIP Source:B
IP Dest:A
IP PackageIP Source:AIP Dest.:B
Radio Protocols
IP PackageIP Source:AIP Dest.:B
GTP-U T-PDU
TEID-PGIP PackageIP Source:AIP Dest.:B
ProtocolsRadio
Protocols
-
45 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module Contents
LTE/EPS Mobility Areas LTE-UE Identifications Mobility & Connection Management Terminology LTE Mobility & Connection States The EPS Bearer LTE/EPS Procedures Security: EPS Authentication
-
46 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE/EPS Procedures
Attach S1 Release Detach Service Request Tracking Area Update (TAU) Dedicated Bearer Activation Handover
-
47 TM51153EN04GLA2 Nokia Solutions and Networks 2014
MMEHSSPCRF
UE eNB newMME
S-GW P-GW
Attach Request
old GUTI/IMSI, old TAI, CI/eCGI
Authentication Request
Authentication ResponseUpdate Location
Authentication Vector Request (IMSI)
Insert Subscriber Data (IMSI, subscription data = default APN, TA restrictions, )
Insert Subscriber Data Ack
Update Location Ack
EMM_Deregistered
Attach (1/2)
Authentication Vector Respond
RRC_Connected
ECM_Connected
Reference to specs.: TS 23.401 section 5.3.2
-
48 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Update Bearer Response
Update Bearer RequestIP/TEID of eNB for S1U
Attach Complete
IP/TEID of eNB for S1U
RB Est. Resp.Includes Attach Complete
Create Def. Bearer Req.
MMEHSSPCRF
UE eNB newMME
S-GW P-GW
Attach (2/2)
GUTI, UE IP addr. IP/TEID of SGW for S1U
Create Def. Bearer Rsp.
UE IP addr.,IP/TEID SGW QOS according PCRF
Create Def. Bearer Rsp.
select SAE GWCreate Default Bearer Request
IMSI, RAT type, default QoS, PDN address info
IMSI, , IP/TEID of SGW-S5
Attach Accept RB Est. Req.
Includes Attach Accept
UL/DL Packet Data via Default EPS Bearer
PCRF Interaction
EMM_Registered
ECM_Connected
UE IP addr.,IP/TEID PGWQOS according PCRF
Reference to specs.: TS 23.401 section 5.3.2
-
49 TM51153EN04GLA2 Nokia Solutions and Networks 2014
RRC Connection Release
S1 Release
MME
S1 Release Requestcause
Update Bearer Requestrelease of eNB S1U resources
Update Bearer Response
ServingGateway(SGW)
PDNGateway
S1 Release Commandcause
S1 Release Complete
RRC Connection Release Ack
EMM_Registered
ECM_Connected
After attach UE is in EMM_Registered state.The default Bearer has been allocated (RRC_connected + ECM_connected) even it may not transmit or receive dataIf there is a longer period of inactivity by this UE, the Admission Control should free the resources (RRC_idle + ECM_idle)
S1 Signalling Connection ReleaseECM_Idle
EMM_Registered
Reference to specs.: TS 23.401 section 5.3.5
-
50 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Detach Can be triggered by UE or by the Network (MME, SGSN or HSS).During the detach procedure all SAE bearers with their associated tunnels and radio bearers will be deleted. The LTE-UE will lose all the temporary IDs (GUTI, C-RNTI and IP Address)
Note: Detach procedure initiated by UE.
MME
NAS: Detach Accepted
Delete Bearer Request
Delete Bearer Response
EMM-Registered
SGW PGW
NAS Detach Requestswitch off flag Delete Bearer Request
Delete Bearer Response
PCRF
S1 Signalling Connection Release
RRC_Connected
ECM_Connected
EMM-Deregistered
RRC_Idle + ECM Idle
Reference to specs.: TS 23.401 section 5.3.8
IP SessionTermination
HSS
Notify RequestNotify Response
-
51 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Detach Reference to specs.: TS 23.401 section 5.3.8
Note: Detach procedure initiated by MME.
MME
NAS: Detach Accepted
Delete Bearer Request
Delete Bearer Response
EMM-Registered
SGW PGW
NAS Detach Requestswitch off flag Delete Bearer Request
Delete Bearer Response
PCRF
S1 Signalling Connection Release
RRC_Connected
ECM_Connected
EMM-Deregistered
RRC_Idle + ECM Idle
IP SessionTermination
HSS
Notify RequestNotify Response
-
52 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Service Request
MMEServingGateway(SGW)
PDNGateway
NAS Service RequestGUTI/S-TMSI, TAI, service type
Authentication Requestauthentication challengeAuthentication ResponseAuthentication response
RRC_Idle+ ECM_Idle
ECM_Connected
RRC_Connected
Reference to specs.: TS 23.401 section 5.3.4
NAS Service Request
Initial Context Setup Req.
Update Bearer Request(IP/TEID of ENB in S1U)Update Bearer Response
(IP/TEID of SGW in S1U, QoS,..)RB Establishment Req.RB Establishment Rsp.
Initial Context Setup Rsp.
(IP/TEID of eNB in S1U, ..)
Note: Service Request procedure initiated by UE.
UE Triggered Service Request Procedure
-
53 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Service Request
MMEServingGateway(SGW)
PDNGateway
Paging(S-TMSI, TAI/TAI-list)
DL DataDL Data Notification
PagingS-TMSI
RRC_Idle+ ECM_Idle
Reference to specs.: TS 23.401 section 5.3.4
DL Data Notification Ack.
Note: Service Request procedure initiated by the Network
UE Triggered Service Request Procedure
-
54 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Tracking area 1 Tracking area 2
Tracking area update
MME
Tracking Area Update (TAU) Tracking area (TA) is similar to Location/Routing area in 2G/3G .TAI (Tracking Area Identity) = MCC (Mobile Country Code) + MNC (Mobile Network Code) + TAC (Tracking Area Code).When UE is in ECM-Idle, MME knows UE location with Tracking Area accuracy.
-
55 TM51153EN04GLA2 Nokia Solutions and Networks 2014
MMEHSSeNB
new
MME
MME
oldMME new
SGW PGW
TAU Request
Context Request
(Current GUTI/IMSI, old TAI, EPS Bearer Status)
(Old GUTI/IMSI, complete TAU Request Message)Context Response(IMSI, IMEI,MSISDN, unused EPS Authentication vectors, KASME, etc)Authentication Request
Authentication Response
Create Bearer Request(IMSI, bearer contexts, RAT type)
Context Acknowledge
Serving GW change Indication
Update Bearer Request(IP/TEID for new SGW-S5, RAT type)
Create Bearer Response(new SGW-S1 IP/TEID)
Update Bearer Response
(IP/TEID for PDN GW)
OldSGW
TAU (1/2)
UE EMM_Registered
RRC_Idle + ECM_Idle
RRC_Connected
ECM_Connected
MME determines if SGW Change is needed
Reference to specs.: TS 23.401 section 5.3.3
TAU Request
Note: TAU with SGW change
-
56 TM51153EN04GLA2 Nokia Solutions and Networks 2014
MMEHSSeNB
new
MME
MME
oldMME new
SGW PGW
Update Location
(new MME identity, IMSI, update type, )
(IMSI, cancellation type = update)Cancel Location Ack
Delete Bearer Request(TEID)
Delete Bearer Response
Cancel Location
oldSGW
Update Location AckTracking Area Update Accept
(new GUTI, TA/TA-list, EPS Bearer Status)Tracking Area Update Complete
TAU (2/2)
EMM_Registered
RRC_Connected + ECM_Connected
( IMSI, subscription data)
Note: TAU with SGW change
Reference to specs.: TS 23.401 section 5.3.3
-
57 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Dedicated Bearer Activation
The default SAE bearer is created when the UE performs the attach.
Subsequent SAE bearers are known as dedicated SAE bearers.
They are expected to be allocated on a per application base, with parameter that are application dependent.
Dedicated SAE bearers can be triggered by the network, not only by the user, like PDP contexts in GPRS.
-
58 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Update Bearer Response
(SGW-S1 IP/TEID2, QoS param.)
Create Dedicated BearerRequest
Create Dedicated BearerRequest
Dedicated Bearer Activation (1/2)
MMEServingGateway(SGW)
PDNGateway
(PDN GW IP/TEID2, QoS param. )
Service Request
PCRF
PCCDecision
Paging
(S-TMSI, TA/TA-list, ) Paging
(S-TMSI)
(GUTI/S-TMSI, TAI.service type = paging response)Initial Context Setup Req.
Update Bearer Request
(eNB-S1 IP/TEID1)
(SGW-S1 IP/TEID1, EPS Bearer ID,QoS)RB Establishment Req.
RB Establishment Rsp. Initial Context Setup Rsp.
(eNB-S1 IP/TEID1, EPS Bearer ID, ..)
RRC_Connected + ECM_Connected
Network TriggeredService Request Procedure
RRC_Idle+ ECM_Idle
(QoS Policy)
Reference to specs.: TS 23.401 section 5.4.1
Note: procedure initiated by the Network
-
59 TM51153EN04GLA2 Nokia Solutions and Networks 2014
(SGW-S5 IP/TEID2, EPSBearer ID, QoS, )
Create Dedicated BearerResponse
Session Mgmt. Response(NAS message, EPS Bearer ID)
Dedicated Bearer Activation (2/2)
MMEServingGateway(SGW)
PDNGateway
Create Dedicated BearerResponse
PCRF
(eNB IP/TEID2, EPS Bearer ID, QoS, )
PCCProvisionAck
Reference to specs.: TS 23.401 section 5.4.1
Note: procedure initiated by the Network
-
60 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE/EPS Handover - When the UE is in ECM_Connected state, mobility
handling takes place via network controlled handovers with UE assistance.
- UE assistance here simply means that the UE sends measurements and reports to the eNB to assist in the handover decision.
- Currently it is planned that neighbor cells are based on the UEs cell detection capabilities rather than on a network supplied neighbor cell list.
Intra LTE/EPS Network Handover Types: 1.- Intra eNB handover. 2.- Inter eNB handover with X2 interface (with or without Serving Gateway relocation) 3.- Inter eNB handover without X2 Interface (S1-based handover)
-
61 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE/SAE Handover principles
1.- Lossless- Downlink Packets are forwarded from the source cell to
the target cell.2.-Network Controlled
-Target cell is selected by the network, not by the UE-Handover control in E-UTRAN (not in packet core)
3.-UE-assisted-Measurements are collected by the UE and reported to the network.
4.-Late path switch- Only once the handover is successful, the packet core is involved.
-
62 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Handover Procedure
SAE GW
MME
Source eNB Target eNB
SAE GW
MME
SAE GW
MME
SAE GW
MME
= Data in radio= Signaling in radio
= GTP tunnel= GTP signaling
= S1 signaling= X2 signaling
Before handover Handover preparation Radio handoverLate path switching
Note: X2-based handover without Serving GW relocation
-
63 TM51153EN04GLA2 Nokia Solutions and Networks 2014
User plane switching in HandoverNote: X2-based handover without Serving GW relocation
-
64 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Module Contents
LTE/EPS Mobility Areas LTE-UE Identifications Mobility & Connection Management Terminology LTE Mobility & Connection States The EPS Bearer LTE/EPS Procedures Security: EPS Authentication
-
65 TM51153EN04GLA2 Nokia Solutions and Networks 2014
LTE/SAE Security: EPS Authentication and Key Agreement (AKA)
EPS Authentication and Key Agreement (EPS AKA) shall be based on UMTS AKA.
UMTS Authentication and Key Agreement is a protocol designed to support roaming and fast re-authentication.
It was originally designed to achieve maximum compatibility with 2G security mechanisms.
The requirements on EPS AKA are:EPS AKA shall be based on USIM and extensions to UMTS AKAAccess to E-UTRAN with 2G SIM shall not be granted. R99 USIM will be accepted.EPS AKA shall produce keys that are the basis of C-plane and U-plane protectionUMTS AKA achieves mutual authentication between the user and the network by
demonstrating knowledge of a pre-shared secret key K which is only known by the USIM and the AuC in the users HSS.
-
66 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS Authentication Procedure
RAND is a random value KASME is an authentication parameter used, among other tasks, for network authentication AUTN is the Network Authentication Token XRES is the UE expected result of the authentication computation
MME
Authentication Vectors: RAND(i), KASME(i), AUTN, XRES(i)
Authentication Data Response
HSS
NAS: attach RequestUser Id, UE Capabilities, etc. Authentication Data Request
NAS: USER Authentication RequestKASME(i), RAND(i), AUTN
NAS: USER Authentication ResponseRES(i) If RES(i)=XRES(i) Authentication successful
UE uses KASME to verify
the Network
-
67 TM51153EN04GLA2 Nokia Solutions and Networks 2014
Security Functions - Encryption
Signaling protection For core network (NAS) signaling, integrity
and confidentiality protection terminate in MME.
For radio network (RRC) signaling, integrity and confidentiality protection terminate in eNodeB.
User plane protection Encryption terminates in eNodeB.
-
68 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS/LTE Security Keys (1/2)
Keys shared between the UE and HSSK This is a permanent key stored on the USIM and in the Authorization Centre (AuC). The AuC resides in the HSS.CK, IK A pair of keys derived in the AuC and on the USIM during an AKA run.
Intermediate Key shared by the UE and Access Security Management Entity (ASME=MME)KASME This key is derived from the CK, IK and serving PLMNs identity by the UE
and HSS during an AKA run. It is transferred to the ASME (MME) by the HSS as part of the authentication vector response. The serving PLMNs identity becomes known to the UE as part of the attachment procedure.
Intermediate Keys for Access NetworksKeNB This key is derived from KASME by the UE and MME. It depends on theidentity of the eNB. This key is transferred to the eNB.
-
69 TM51153EN04GLA2 Nokia Solutions and Networks 2014
EPS/LTE Security Keys (2/2)
Keys for NAS SignalingKNASint This key is derived from KASME by the UE and MME. It is used for the integrity protection of NAS traffic.KNASenc This key is derived from KASME by the UE and MME. It is used for the encryption of NAS traffic.
Keys for U-plane TrafficKUPenc This key is derived from KeNB by the UE and eNB and is used for the encryption of U-plane data over the LTE-Uu interface. In order
to derive this key an identifier for the encryption algorithm is shared between the eNB and UE.
Keys for RRC SignalingKRRCint This key is derived from KeNB by the UE and eNB and is used for the integrity protection of RRC traffic. In order to derive this key an
identifier for the integrity protection algorithm is shared between the eNB and UE.
KRRC-enc This key is derived from KeNB by the UE and eNB and is used for the encryption of RRC traffic. In order to derive this key an identifier for the encryption algorithm is shared between the eNB and UE.