example: - measurement report a rr message has the the

Mobile communications

Example: - MEASUREMENT_REPORT – a RR message has the

message type field: 00010 - 101 and the PD field equal to 0110

The message will be decoded by BTS; BTS adds its own

measurements (uplink) and sends the message to BSC

Information elements – body of the signaling message

5.4 Signaling on the Abis interface

-several destinations/origins possible

(the BSC must be able to communicate

with each TRX)

-each TRX has its own signaling link (RSL)

at 16kbps or 64kbps and a supplementary

O&M 64kbps link

is provided per BTS

Example (revisited) :BSC-BTS with 4 TRXs


5.4.2 Data link layer

- LAPD- Link Access Protocol for D channel

-error correction is not provided by the lower layer -> a FCS is needed

for ensuring reliable data transfer ; a go-back-N retransmission strategy

is employed on the Abis interface

-the HDLC addressing facilities must allow the BSC to communicate

with each TRX within a BTS and to process the information with the

right software module

-addressing is carried out on two levels:

SAPI

= 0 – signaling data coming or going from/to the radio interface (RSL-

Radio Signaling Link- CM,MM and RR signaling)

= 62- O@M (software downloading for example)

= 63- layer 2 management – dynamic allocation of TEIs

TEI (Terminal Endpoint Identifier)

= allows distinction between TRXs at a data link layer level


BSC

TRX, frequency

and TS known

MS

BTS

TRX jSAPI = 0

TEI->TRX j

LAPDm LAPD

Logical

channel

BSC

MS

BTS

TRX kSAPI = 0

TEI

Layer 3

RR(meas.

report)meas. report

for uplink

Examples

TEI->TRX k


5.4.3 Layer 3 signaling on the Abis interface

MS BTS BSC

PD = CM, MM

MSC

-MM, CM related signaling is not interpreted by a BSS and must be transmitted

in a transparent way.

-for RR messages destinations/origins can be MS/BTS/BSC

-The solution is implemented through a dedicated protocol BTSM (BTS

Management) that add in the header a supplementary byte called Message

Discriminator (MD)

MD Layer 3 message

000xxxxT transparent if 1

0000001 RLM

0000100 DCM

0000110 CCM

0001000 TRX management

MS BTS BSCActive link

MD->RLM

- RLM (Radio Link Management) used for transmitting layer 3 messages in

transparent mode and for releasing/establishing/configuring/maintaing layer 2

signaling links – ex: the MS initiates a LAPDm connection on the radio interface at

handover time; the message arrives at BSC which releases the old channel


❑DCM – Dedicated Control Channel Management – BSC-BTS messages used

for activation /deactivation of a dedicated channel in a specific TRX of the BTS

and setting up of its parameters, power control, reception of measurement reports

etc.

BTS BSC

MD->DCM

❑CCM – Common Control Channel Management (CCM)

– messages for managing information transferred on the common control

channels on the radio interface (RACH, paging, BCCH information, AGCH etc)

❑TRX management – TRX management

BTS BSC

MD=CCM

Common

control

channels


5.5 Signaling on the A interface

- based on SS7 (Signaling System no.7)

5.5.1 SS7 signaling

- GSM employs “out of band” signaling – the signaling path is not

identical with the voice/data path

Signaling messages for

establishing voice/data circuits

SSPA SSPB

STP

interrogations, insertion of new

fields etcSCP

Voice/data


SSP –signaling switching points – can terminate or initiate calls (MSCs

in GSM)

STP – signaling transfer points – packet switches dealing with routing of

SS7 messages

SCP - signaling control points – databases that can be interrogated and

updated (example HLR in GSM) accepting queries from an SSP

Each SS7 node has an unique address denoted SPC (Signaling Point

Code)

SS7 terminology:

SS7 lower layers:

MTP3 – routing role: each messages carries destination/origin

information – Destination Point Code/Originating Point Code DPC/SPC



MTP3 – handles routing of SS7 messages at national level and operates in

connectionless mode each packet must carry besides OPC/DPC a full

description of the signaling message

SCCP – Signaling Connection Control Part – provides enhancements to

MTP3 for handling routing at international level and can it can operate in

connection oriented mode for reducing the overhead information needed by

simple MTP3 transfer

BSC MSC

MS1=TSx, ARFCnx

SCCP reference

for MS1

MS

SCCP reference

for MS1

Transaction 1

Unique

SCCP

connection

RR

connection

Transaction 2


CR

Location updating request (SLR=10)+ IMSI

CC

Autentication request(SLR=35/DLR=10)

DT1

Authetication response(DLR=35)

DT1

Location updating accept (DLR=10)

Example of a SCCP connection

CR- connection request

CC- connection confirm

DT1 – data form 1

SLR – source local reference

DLR- destination local reference

BSC MSC

-for routing purposes SCCP provides an extra addressing field denoted

SSN- Subsystem Number (Example : VLR, HLR, EIR, AUC in GSM have

all distinct SSNs) for allowing non-call related signaling like database

interrogation procedures

-SCCP also adds to MTP3 a GTT (Global Translation Title) facility used

for simplified, incremental routing

-when using GTT the originator of the message might not be aware of the

DPC and for routing a GT (Global Title) is used.

-in GSM the GT is essentially the IMSI or the MSRN of the mobile

subscriber or a derivation of them following some conversion rules (E.212-

IMSI and E. 164- MSRN are most used)

-using GT and SSN a message can reach its final destination even if its

DPC is not known by the originator



MS

MS

MSC/VLR service area 2

HLR

DPC=?

Gateway

STP 1

Gateway

STP 2

Global title -> DPC Gateway STP 2

Routing

table

Routing

table

Country

B

Country AMSC

Global title + SSN -> DPC HLR

MTP3

MTP3

SCCP routing example – international location updating with different LAI and

MSC/VLR (E.212 –IMSI based GTT)

MS moves to a new service MSC/VLR service area and forwards its TMSI; the

new VLR retrieves the IMSI from the old VLR

-the new VLR must indicate its address to the HLR that it handles the MS; it builds

an SCCP message adding GT= IMSI and the HLR’s SSN (05)

MSC/VLR service area 1

MTP3


-the MSC2 inspects the MCC field from IMSI and determines that

international signaling must take place and the message is forwarded to a

gateway STP (Gateway STP1)

-Gateway STP1 – based on the routing table it maintains determines the

address of Gateway STP2 (international STP for the HPLMN)

-Gateway STP2 - translates the GT and SSN into a DPC for the HLR and

builds an MTP3 message an relays the message to the relevant HLR

using MTP3

❑Besides addressing and routing SS7 provides higher layers: User Parts

that are used for call setup and release, for allowing concurrent transactions

to take place etc.


Complete SS7 stack:

User parts: protocols that operate at the application layer level in the

OSI model and define the format and the way of exchanging

messages to establish and tear up calls (ISUP, TUP) or to transfer

signaling information in GSM (TCAP, BSSAP)

BSSAP (BSS Application Part): GSM specific, allows direct transfer of

CM and MM messages (DTAP – Direct Transfer Application Part) and

provides means for protocol interworking to take place (BSS Mobile

Application Part) in case of inter MSC handovers or paging


❑Stack of protocols

5.6 Signaling inside NSS

❑Lower layers

SCCP

MTP (MTP1,MTP2,MTP3)

MAP

TCAP

SCCP

MTP

❑Application layers (OSI model)

MAP –Mobile Application Part

TCAP –Transaction Capability Application Part

- routing – done by MTP3 (national signaling) or by SCCP (international

using global title translation)

- connectionless transfer mode for signaling messages


❑TCAP – Transaction Capability Application Part

- using TCAP a user can invoke a function that runs on a remote

machine and receive answer

- TCAP exchange of messages is structured in dialogues

Equip.2

INVOKE function1

REPLY answer1

function1

Equip.1

INVOKE function3

REPLY answer3

Dialog 1

Dialog 2 function3

Ex: GMSC receives two incoming calls:

Equip.1 = GMSC, Equip. 2 = HLR,

function 1 = function 3 =provision of

MSRNs; dialogues are identified by a

dialogue ID


❑MAP – Mobile Application Part

- specially designed for GSM – GSM 09.02

- used in MSC/HLR/VLR/EIR; these entities communicate using MAP

messages in connection with:

management of mobility related information – updating of addresses in

HLR/VLR, location updating/registration/cancellation etc

inter MSC handovers

transfer of security related data (authentication, IMEI management etc)

handling of subscriber services (data/voice, SMS, SS etc)

- several MAP interfaces are defined – several message formats/contents

- MAP uses TCAP handling facilities to allow transfer of signaling information

between:

2 functional entities (peer to peer mode)

several functional entities

call handling


MSC

MSC

VLR HLR AUC

EIR

GMSC

NSS

E

F

D

CGB

E

❑MAP interfaces


5. 7 Signaling procedures

- the GSM specifications are indicating the succession of signaling messages

for achieving a given task in terms of procedures

- procedures are classified in terms of the involved layer 3 protocols ->

RR/MM/CM procedures

5.7.1 RR procedures

RR procedures are responsible for:

- establishment/maintenance/release of RR connections

(RR connection = bidirectional physical connection to support the dialogue

in between a MS and the network for exchange of upper layer information –

MM/ CM- messages)

- reception of unidirectional logical control channels (BCCH, SCH, FCCH,

AGCH, PCH)

- continuity preservation for ongoing calls - handovers

Functional entities involved: MS, BTS, BSC and MSC (for inter MSC

handovers)


❑RR connection establishment

or whenever a MM/CM procedure is needed

- the procedure is initiated by the MS whenever it attaches to the network

- a MS can initiate such a procedure as a response to paging or at its own

initiative; a single RR connection may exist for each MS at a given instant

BTS BSC

(AGCH)

CHANNEL ACTIVATION (RR-DCM)

CHANNEL REQUIRED (RR-CCM)

CHANNEL ACTIVATION ACKNOWLEDGE

(RR-DCM)

IMMEDIATE ASSIGNEMENT (RR- CCM) – TS, ARFCn,random number , TA value

CHANNEL REQUEST (RACH)

Rand number and reason included

“Contention resolution

SABM (SDCCH)

MS

UA (SDCCH)


- the request is forwarded by a BTS to BSC together with a TA estimate and

the TDMA frame number when the request was received

- the request is sent by a MS using RACH in a TS; the MS inserts a random

number and the reason for the access:

- answer to paging

- location updating

- originating call

- emergency call

- IMSI attach, SMS, SS management

- the BSC determines what channel must be employed (typically a SDCCH and

a SACCH) and activates a channel on a TRX within the BTS, activation is

carried out using RR/BTSM DCM messages and LAPD addressing facilities

(SAPI + TEI)

Steps :


-if activation is successful the BSC constructs an assignment message

containing the channel description (TS, ARFCN, TSC, HSN, MAIO, list of

hopping frequencies, etc) which is sent to the MS together with a TA command;

the logical channel employed on the radio interface is AGCH (the message is

not interpreted by the BTS); distinction among several MSs placing demand on

the same time (same TDMA frame) is done by inserting the random number

sent previously on RACH and the TDMA frame number when request was sent

- the MS tunes on the allocated channel (SDCCH) and sends its identity (TMSI)

on a standard SABM LAPDm frame

- the BTS answers by piggybacking TMSI using an UA frame

- if more than one MS are getting the same channel indication only one of

them is allowed to access the network - contention resolution

- the most important Channel Activation information elements are:

- Channel type –SDCCH number

- ARFCn

- frequency hopping parameters: HSN, MAIO

- training sequence (TSC- Training sequence code)


❑ The paging procedure

- the procedure used to signal incoming calls to MS; the MS is identified on the

radio leg by its TMSI

- the paging command is issued by a MSC on a location area basis

BTSMS MSCBSC

PAGING (include IMSI/TMSI si LAI)BSSMAPPAGING COMMAND(RR)

PAGING REQUEST (RR)

PAGING REQUEST (RR)

.

.

.

(PCH)

(PCH)

RR connection establishement procedure

PAGING RESPONSE

SABM frame

PAGING RESPONSE

RR (RLM)

PAGING RESPONSE

(BSSAP) + CGI


- continuity of incoming calls (terminal mobility component)

- only MSs in dedicated mode are concerned and involves quick switching of

the radio dedicated traffic channel

- hard handover are employed in GSM – the mobile station stops emitting on

the old channel before emitting on the new one

- the main criteria for handovers is the link quality (RXQUAL) and the power

level (RXLEV); traffic balancing based algorithms might be implemented also

❑ Handovers

- the PAGING RESPONSE message includes the MS classmark (its

capabilities in encoded format) and its TMSI

- the message is sent to the MSC and an SCCP connection is established for

further exchange of signaling messages

- decision is taken by the serving BSC and is based on measurement reports

built by MS (downlink ) for its current channel (RXQUAL, RXLEV) and adjacent

beacon frequencies (RXLEV) and by BTS (uplink) for the current traffic channel

- as a result of handover procedures a location updating procedure might

be required after the call has ended

- may involve several MSCs (inter- MSC handovers)

Intra BTS (intra-cell) handovers

- frequency changes performed when signal quality is poor and on

neighboring cells quality is not better; can occur in between different bands for

example in between GSM 900 and DCS 1800

Intra BSC handovers

- a TCH is to be switched from the current cell (BTS) to a target cell controlled

by the same BSC

- even if not involved, the serving MSC is informed after handover is

performed

Intra/Inter MSC handovers – new TCH on different BSC/MSC



Steps involved in an intra BSC handover:

- measurements are taken by the MS for the current cell and for neighboring

cells (indicated by the network on SACCH downlink)

- measurements are forwarded on SACCH (uplink) to the serving BTS; only

the best received beacon frequencies on which the MS has decoded the BSIC

are reported

- complete measurement reports from MS (downlink) and BTS (uplink) are

built and forwarded to BSC

- a new TCH is activated on the new BTS

- the BSC decides that the MS will be better served on another cell

- the MS is informed that a handover is to be performed and is asked to tune

to the newly activated channel (TS, frequency, TSC)


- the MS sends several messages on the new channel using access bursts;

the main purpose is to allow the BTS to estimate TA information for non

synchronized handovers

- the new BTS informs BSC; BSC may send supplementary information to

the MS (TA information , emission power level)

- the MS sends a LAPDm SABM frame on the new channel; acknowledgment

is provided by BTS (UA type LAPDm frame) ; BSC if informed that the MS has

switched on a new channel

- the MSC is informed that a internal BSS handover was performed – the target

cell identity is included in the message; the MSC/VLR keeps track

of the cell for further signaling needs (for example another call arrives)

BTSnewMS MSCBTSold

.

.

.

BSC

MEASUREMENT REPORT (RR)(uplink SACCH)

MEASUREMENT REPORT (RR)

(uplink +downlink)

CHANNEL ACTIVATION

AKNOWLEDGE (RR-DCM)

CHANNEL ACTIVATION (RR-DCM)

HANDOVER COMMAND (RR)

HANDOVER ACCESS (RR)

HANDOVER PERFORMED

PHYSICAL INFORMATION

(RR)

HANDOVER COMPLETE (RR)

BSSMAP

HANDOVER ACCESS (RR)

FACCH

SABM (LAPDm)

UA (LAPDm)

Signaling messages for an intra BSC handover



Intra MSC handovers

- the serving BSC takes the decision as for intra –BSC handovers

- same MSC different BSCs

Steps involved:

- the MSC plays an active role; channel activation in the new BSC is done

under supervision of MSC

- the serving BSC identifies that the new cell its not under its supervision

and indicates to the MSC that a handover is required

- once resources are activated the MSC constructs a handover command and

sends it to MS using its old channel

- the MSC constructs an assignment message for the new BSC

- the MS tunes onto the new channel as for intra-BSC handovers

- on completion MSC is informed and commands clearing of old resources on

the old BSC/BTS


BSCnewMS MSC BSCold

(uplink SACCH)

MEASUREMENT REPORT (via old BTS)

HANDOVER REQUEST

AKNOWLEDGE (RR)

HANDOVER REQUEST (RR)

HANDOVER COMMAND (RR)


HANDOVER REQUIRED (BSSMAP)

Access on the new channel


CLEAR COMMAND (BSSAP)

CLEAR COMPLETE (BSSAP)

Channel activation

Signaling messages for an intra MSC handover


- needs a prior establishment of a RR connection

❑ The authentication procedure

- main purpose : to support mobility of users and to ensure confidentiality

- are taking place between MS and VLR

- prevents access of unauthorized users that do not dispose of a valid SIM

card

- can take takes place on each call attempt (MO/MT/calls between GSM

users) when location updating is performed or when a user changes the status

of its supplementary services

- entities involved : MS and VLR (via BSS /MSC)

- through MM signaling messages VLR verifies if a “signed response ” –SRES

-computed by the MS using as parameter a random number (RAND) is the

same as SRES stored on VLR ; access is granted if responses coincide

5.7.2 Examples of MM procedures


- verification is carried out by VLR; MSC/VLR are communicating using

MAP/B messages

BSSMS MSC

AUTHENTICATION REQUEST (MM/DTAP)

RAND includedA3 (Ki from SIM)

AUTHENTICATION RESPONSE (MM/DTAP)

SRESMS included

VLR

RR connection establishment

procedure

- authentication takes place optionally on each location updating and each call

setup; the standard defines also a selective authentication procedure


❑ The ciphering mode setting procedure

- needed for synchronizing the start of encrypted messages exchange at the

MS and BTS

- performed after authentication

BTS

RR connection establishment

Authentication procedure

encrypted text

MS

ENCRYPTION COMMAND (RR)

Kc

CIPHERING MODE COMMAND (RR)

text in clear

CIPHERING MODE COMPLETE (RR)

BSC

CIPHER MODE COMMAND (BSSMAP)

Kc

CIPHER MODE COMPLETE (BSSMAP)

MSC

example: - measurement report a rr message has the the

Documents