Tài liệu Pocket Guide for Fundamentals and GSM Testing pdf

Within a GSM network, different protocols are needed to enable theflow of data and signaling between different GSM subsystems.Figure 3 shows the interfaces that link the different GSM su

Pocket Guide for Fundamentals and GSM Testing Publisher: Wandel & Goltermann GmbH & Co

CONTENTS 1 ªMobilityº ± The magic word 3

2 GSM overview 5

3 GSM system architecture 7

4 Interfaces and protocols 11

5 The air interface Um 13

5.1 Logical channels on the air interface 15

5.2 Traffic channels on the air interface 17

5.3 Signaling channels on the air interface 18

5.4 Burst formats 20

5.5 Protocols on the air interface 22

6 The Abisinterface 24

6.1 The TRAU frame 26

6.2 Protocols on the Abisinterface 28

7 The A interface 30

7.1 Protocols on the A interface 30

8 MSC-based interfaces 32

8.1 MSC protocols 33

9 Call setup 35

10 Test and measurement problems in GSM 37

11 Outlook 46

12 GSM glossary 47

13 Bibliography 51

1

1 ªMobilityª ±

The magic word Hard to fathom, but it really wasn't all that long ago that even a plainold telephone was a luxury item But, as we all know, technology's only

constant is change In this day and age, many folks need to be ible everywhere, whether they're at work or play, in the office or athome To meet this demand, the GSM standard (Global System for Mo-bile Communications) for mobile telephony was introduced in the mid-1980s Today, GSM is the most popular mobile radio standard in theworld A boom is underway, such that many GSM users find life withouttheir phone practically inconceivable

access-Nowadays, when we speak of GSM, we usually mean ªoriginalº GSM ±also known as GSM900 since 900 MHz was the original frequencyband To provide additional capacity and enable higher subscriber den-sities, two other systems were added later: GSM1800 (also DCS1800)and GSM1900 (also PCS 900) Compared to GSM 900, GSM1800 andGSM1900 differ primarily in the air interface Besides using another fre-quency band, they use a microcellular structure (i.e a smaller coverageregion for each radio cell) This makes it possible to reuse frequencies

at closer distances, enabling an increase in subscriber density The advantage is the higher attenuation of the air interface due to the higherfrequency The rest of this booklet will mainly focus on GSM900.Where now? A few years ago, Michael Jackson sang ª just call myname and I'll be thereº While this might seem inconceivable now, itmight become reality sooner than we think, given the rapid pace oftechnological evolution Faced with a whirlwind of speculation, ETSI

dis-3

(the telecom standardization authority in Europe) decided to base theair interface of the planned universal mobile telecommunications sys-tem (UMTS) on a mix of WCDMA and TD/CDMA technologies The in-frastructure of the existing GSM networks will most likely be used.This booklet is intended to provide communications engineers & techni-cians with basic information about the GSM system ± a starting pointfor further study of any given area A word of warning: Look further ifyou need complete GSM system specifications Research sources arelisted in the appendix Also: This booklet assumes you, the reader, have

a basic understanding of telecommunications technology

Enjoy!

Marc Kahabka

2 GSM overview

Fig 1: The Mobile Evolution

Before GSM networks there were public mobile radio networks lar) They normally used analog technologies, which varied from country

(cellu-to country and from manufacturer (cellu-to another These analog networks

5

did not comply with any uniform standard There was no way to use asingle mobile phone from one country to another The speech quality inmost networks was not satisfactory.

GSM became popular very quickly because it provided improved speechquality and, through a uniform international standard, made it possible touse a single telephone number and mobile unit around the world TheEuropean Telecommunications Standardization Institute (ETSI) adoptedthe GSM standard in 1991, and GSM is now used in 135 countries.The benefits of GSM include:

± Support for international roaming

± Distinction between user and device identification

± Excellent speech quality

± Wide range of services

± Interworking (e.g with ISDN, DECT)

± Extensive security features

GSM also stands out from other technologies with its wide range ofservices1:

± Telephony

± Asynchronous and synchronous data services (2.4/4.8/9.6 kbit/s)

± Access to packet data network (X.25)

± Telematic services (SMS, fax, videotext, etc.)

± Many value-added features (call forwarding, caller ID, voice mailbox)

± E-mail and Internet connections

1 Available services vary from operator to operator

7

They are characterized as follows:

The mobile station

(MS) A mobile station may be referred to as a ªhandsetº, a ªmobileº, a ªport-able terminalº or ªmobile equipmentº ME) It also includes a subscriber

identity module (SIM) that is normally removable and comes in twosizes Each SIM card has a unique identification number called IMSI(international mobile subscriber identity) In addition, each MS is as-signed a unique hardware identification called IMEI (international mobileequipment identity)

In some of the newer applications (data communications in particular),

an MS can also be a terminal that acts as a GSM interface, e.g for

a laptop computer In this new application the MS does not look like anormal GSM telephone

The seemingly low price of a mobile phone can give the (false) sion that the product is not of high quality Besides providing a trans-ceiver (TRX) for transmission and reception of voice and data, themobile also performs a number of very demanding tasks such asauthentication, handover, encoding and channel encoding

impres-The base station

subsystem (BSS) The base station subsystem (BSS) is made up of the base stationcontroller (BSC) and the base transceiver station (BTS)

The base transceiver station (BTS): GSM uses a series of radio mitters called BTSs to connect the mobiles to a cellular network Theirtasks include channel coding/decoding and encryption/decryption ABTS is comprised of radio transmitters and receivers, antennas, the in-terface to the PCM facility, etc The BTS may contain one or more

trans-transceivers to provide the required call handling capacity A cell sitemay be omnidirectional or split into typically three directional cells The base station controller (BSC): A group of BTSs are connected

to a particular BSC which manages the radio resources for them.Today's new and intelligent BTSs have taken over many tasks thatwere previously handled by the BSCs

The primary function of the BSC is call maintenance The mobile tions normally send a report of their received signal strength to theBSC every 480 ms With this information the BSC decides to initiatehandovers to other cells, change the BTS transmitter power, etc.The network

sta-subsystem The mobile switching center (MSC): Acts like a standard exchange

in a fixed network and additionally provides all the functionalityneeded to handle a mobile subscriber The main functions are regis-tration, authentication, location updating, handovers and call routing

to a roaming subscriber The signaling between functional entities(registers) in the network subsystem uses Signaling System 7 (SS7)

If the MSC also has a gateway function for communicating with othernetworks, it is called Gateway MSC (GMSC)

The home location register (HLR): A database used for management ofmobile subscribers It stores the international mobile subscriber identity(IMSI), mobile station ISDN number (MSISDN) and current visitor locationregister (VLR) address The main information stored there concerns thelocation of each mobile station in order to be able to route calls to the mo-bile subscribers managed by each HLR The HLR also maintains the ser-vices associated with each MS One HLR can serve several MSCs

9

The visitor location register (VLR): Contains the current location ofthe MS and selected administrative information from the HLR, neces-sary for call control and provision of the subscribed services, for eachmobile currently located in the geographical area controlled by theVLR A VLR is connected to one MSC and is normally integrated intothe MSC's hardware.

The authentication center (AuC): A protected database that holds acopy of the secret key stored in each subscriber's SIM card, which isused for authentication and encryption over the radio channel TheAuC provides additional security against fraud It is normally locatedclose to each HLR within a GSM network

The equipment identity register (EIR): The EIR is a database thatcontains a list of all valid mobile station equipment within the net-work, where each mobile station is identified by its international mo-bile equipment identity (IMEI) The EIR has three databases:

± White list: for all known, good IMEIs

± Black list: for bad or stolen handsets

± Grey list: for handsets/IMEIs that are uncertainOperation and

Maintenance Center

(OMC)

The OMC is a management system that oversees the GSM functionalblocks The OMC assists the network operator in maintaining satisfac-tory operation of the GSM network Hardware redundancy and intelli-gent error detection mechanisms help prevent network down-time TheOMC is responsible for controlling and maintaining the MSC, BSC andBTS It can be in charge of an entire public land mobile network (PLMN)

or just some parts of the PLMN

11

Within a GSM network, different protocols are needed to enable theflow of data and signaling between different GSM subsystems.Figure 3 shows the interfaces that link the different GSM subsystemsand the protocols used to communicate on each interface.

GSM protocols are basically divided into three layers:

Layer 1: Physical layer

± Enables physical transmission (TDMA, FDMA, etc.)

± Assessment of channel quality

± Except on the air interface (GSM Rec 04.04), PCM 30 or ISDNlinks are used (GSM Rec 08.54 on Abisinterface and 08.04 on

A to F interfaces)

Layer 2: Data link layer

± Multiplexing of one or more layer 2 connections

Layer 3: Network layer

± Connection management (air interface)

± Management of location data

± Subscriber identification

± Management of added services (SMS, call forwarding, conferencecalls, etc.)

Uplink: 890±915 MHz (= mobile station to base station)Downlink: 935±960 MHz (= base station to mobile station)

13

The air interface for GSM is known as the Uminterface.

Since radio spectrum is a limited resource shared by all users, amethod was devised to divide the bandwidth among as many users aspossible The method chosen by GSM is a combination of time- andfrequency-division multiple access (TDMA/FDMA) The FDMA partinvolves the division by frequency of the (maximum) 25 MHz allocatedbandwidth into 124 carrier frequencies spaced 200 kHz apart One ormore carrier frequencies are assigned to each base station Each ofthese carrier frequencies is then divided in time, using a TDMA scheme.The fundamental unit of time in this TDMA scheme is called a burstperiod and it lasts approx 0.577 ms Eight burst periods are groupedinto a TDMA frame (approx 4.615 ms), which forms the basic unit forthe definition of logical channels One physical channel is one burstperiod per TDMA frame

Several logical channels are mapped onto the physical channels Theorganization of logical channels depends on the application and thedirection of information flow (uplink/downlink or bidirectional) A logicalchannel can be either a traffic channel (TCH), which carries user data,

or a signaling channel (see following chapters)

Fig 6

In addition to these full-rate TCHs (TCH/F, 22.8 kbit/s), half-rate TCHs(TCH/H, 11.4 kbit/s) are also defined Half-rate TCHs double the capa-city of a system effectively by making it possible to transmit two calls

in a single channel If a TCH/F is used for data communications, theusable data rate drops to 9.6 kbit/s (in TCH/H: max 4.8 kbit/s) due tothe enhanced security algorithms Eighth-rate TCHs are also specified,and are used for signaling In the GSM Recommendations, they arecalled stand-alone dedicated control channels (SDCCH)

17

to several mobiles.

The BCHs include the following channels:

± The broadcast control channel (BCCH): General information, specific; e.g local area code (LAC), network operator, accessparameters, list of neighboring cells, etc The MS receives signalsvia the BCCH from many BTSs within the same network and/ordifferent networks

cell-± The frequency correction channel (FCCH): Downlink only; tion of MS frequencies; transmission of frequency standard to MS;

correc-it is also used for synchronization of an acquiscorrec-ition by providingthe boundaries between timeslots and the position of the first time-slot of a TDMA frame

± The synchronization channel (SCH): Downlink only; frame chronization (TDMA frame number) and identification of basestation The valid reception of one SCH burst will provide the MSwith all the information needed to synchronize with a BTS

syn- The common control channels (CCCH): A group of uplink anddownlink channels between the MS card and the BTS These chan-nels are used to convey information from the network to MSs andprovide access to the network The CCCHs include the followingchannels:

± The paging channel (PCH): Downlink only; the MS is informed bythe BTS for incoming calls via the PCH

± The access grant channel (AGCH): Downlink only; BTS allocates aTCH or SDCCH to the MS, thus allowing the MS access to thenetwork

± The random access channel (RACH): Uplink only; allows the MS

to request an SDCCH in response to a page or due to a call; the

MS chooses a random time to send on this channel This creates

a possibility of collisions with transmissions from other MSs.The PCH and AGCH are transmitted in one channel called the pagingand access grant channel (PAGCH) They are separated by time

The dedicated control channels (DCCH): Responsible for e.g.roaming, handovers, encryption, etc

The DCCHs include the following channels:

± The stand-alone dedicated control channel (SDCCH): tions channel between MS and the BTS; signaling during call setupbefore a traffic channel (TCH) is allocated;

Communica-± The slow associated control channel (SACCH): Transmits ous measurement reports (e.g field strengths) in parallel to oper-

continu-19

ation of a TCH or SDCCH; needed, e.g for handover decisions; ways allocated to a TCH or SDCCH; needed for ªnon-urgentº pro-cedures, e g for radio measurement data, power control (downlinkonly), timing advance, etc.; always used in parallel to a TCH orSDCCH.

al-± The fast associated control channel (FACCH): Similar to theSDCCH, but used in parallel to operation of the TCH; if the datarate of the SACCH is insufficient, ªborrowing modeº is used:Additional bandwidth is borrowed from the TCH; this happens formessages associated with call establishment authentication of thesubscriber, handover decisions, etc

Almost all of the signaling channels use the ªnormal burstº format(see section 5.4 Burst formats), except for the RACH (Random AccessBurst), FCCH (Frequency Correction Burst) and SCH (SynCHronizationBurst) channels

5.4 Burst formats A timeslot is a 576 ms time interval, i.e 156.25 bits duration, and its

physical contents are known as a burst Five different types of burstsexist in the system They are distinguished by different TDMA framedivisions

The normal burst (NB): Used to carry information on traffic and controlchannels, except for RACH It contains 116 encrypted bits

The frequency correction burst (FB): Used for frequency tion of the mobile The contents of this burst are used to calculate an

synchroniza-unmodulated, sinusoidal oscillation, onto which the synthesizer of themobiles is clocked.

The synchronization burst (SB): Used for time synchronization of themobile It contains a long training sequence and carries the information

of a TDMA frame number

The access burst (AB): Used for random access and characterized

by a longer guard period (256 ms) to allow for burst transmission from

a mobile that does not know the correct timing advance at the firstaccess to a network (or after handover)

The dummy burst (DB): Transmitted as a filler in unused timeslots ofthe carrier; does not carry any information but has the same format as

a normal burst (NB)

21

5.5 Protocols on the

air interface Layer 1 (GSM Rec 04.04): The physical properties of the Um

inter-face have already been described

Layer 2 (GSM Rec 04.05/06): Here, the LAP-Dm protocol is used(similar to ISDN LAP-D) LAP-Dm has the following functions:

± Connectionless transfer on point-to-point and point-to-multipointsignaling channels,

± Setup and take-down of layer 2 connections on point-to-pointsignaling channels,

± Connection-oriented transfer with retention of the transmissionsequence, error detection and error correction

Layer 3 (GSM Rec 04.07/08): Contains the following sublayers whichcontrol signaling channel functions (BCH, CCCH and DCCH):

± Radio resource management (RR): The role of the RR ment layer is to establish and release stable connection betweenmobile stations (MS) and an MSC for the duration of a call, and tomaintain it despite user movements The following functions areperformed by the MSC:

manage-± Cell selection,

± Handover,

± Allocation and take-down of point-to-point channels,

± Monitoring and forwarding of radio connections,

± Introduction of encryption,

± Change in transmission mode

± Mobility management (MM) handles the control functionsrequired for mobility, e.g.:

± Authentication,

± Assignment of TMSI,

± Management of subscriber location

± Connection management (CM) is used to set up, maintain andtake down calls connections; it is comprised of three subgroups:

± Call control (CC): Manages call connections,

± Supplementary service support (SS): Handles special services,

± Short message service support (SMS): Transfers brief texts.Neither the BTS nor the BSC interpret CM and MM messages Theyare simply exchanged with the MSC or the MS using the direct transferapplication part (DTAP) protocol on the A interface RR messages aremapped to or from the base station system application part (BSSAP) inthe BSCREF for exchange with the MSC

23

Basically, two channel types exist between the BSC and BTS:

± Traffic channels (TCH): Can be configured in 8, 16 and 64 kbit/sformats and transport user data,

± Signaling channels: Can be configured in 16, 32, 56 and 64 kbit/sformats and are used for signaling purposes between the BTS andBSC.

Each transceiver (TRX) in a BSC generally requires a signaling channel

on the Abisinterface The positioning of the user data frames (T = fic) and signaling data frames (S = Signaling) varies from manufacturer

Traf-to manufacturer and from system Traf-to system The only requirement isthat the FAS/NFAS frame must be in timeslot 0 A signaling channelcan run at either 16 kbit/s (sub-channel signaling) or 64 kbit/s

25