User Airplane Traffic

Dual connectivity

Stefan Rommer , ... Catherine Mulligan , in 5G Core Networks, 2020

12.4 MR-DC: Subscription, QoS flows and E-RABs, MR-DC bearers

To improve understand how MR-DC works, we need to become into some details of the radio network and UE aspects first. Hither we provide some basic examples of such functions required by MR-DC characteristic without going into details nearly the bodily Radio system itself. As indicated in Department 12.1, the UE must exist able to connect to two RATs simultaneously and be able to receive and transmit on both RATs simultaneously. This requires careful configuration of radio layer 1 (physical layer) between the two cells that are enabling the MR-DC functioning. In improver, the UE must exist able to interpret how to operate in MR-DC surroundings based on information made available past the MN via defended RRC signaling which includes Radio related information such every bit radio frame timing, system information for initial configuration required past the UE. On the RRC layer, for example, depending on the reason for RRC configuration, either MN itself or MN assisted by information provided by SN, or SN, may (re)configure the UE with required parameters. In case combined MN/SN RRC letters are required for both MCG and SCG reconfiguration, MN is responsible for the coordination between MN and SN and the SN reconfiguration is encapsulated in an MN RRC message so that the UE has combined configuration and UE tin process them jointly.

Similarly, the UE needs to exist configured with two MAC entities: ane MAC for the MCG and 1 MAC for the SCG. The PDCP and SDAP layers, every bit applicable, too needs to adhere to the specific requirements for MR-DC. For instance, for NR-DC, the UE has single SDAP layer per PDU Session whereas in the network both the MN and SN may accept their own SDAP layer for the same PDU session resulting in ii SDAP layers per PDU session.

Some of the of import aspects specific to a MR-DC configuration are treatment of bearers, QoS, SN addition/modification/removal, Inter MN Handover with or without SN, MN to/from ng-eNB/eNB/gNB alter, User Data usage reporting in relation to SN. We talk over very briefly some of these functions later, but firstly some of the additional cadre network managed functions added to facilitate better utilization of the DC are discussed first.

From an operator's perspective, MR-DC provides an opportunity to enhance end users' experience in busy/crowded areas via SN support. Enabling the feature peculiarly in EN-DC configuration (aka EPC with 5G) allows for the possibility of immediately visible functioning improvements and therefore the opportunity to add new services to attract prospective customers. With that in mind, requirements to manage and command which users may receive such services as well as knowledge of the usage of the SN by a user become of import differentiators and requirements.

The addition of subscription command determining which user can receive DC service or not based on mobility restriction from a specific RAT was therefore developed. For a user in EPS, this is delivered past the HSS having boosted subscription information related to permitting the use of NR as SN. Based on this subscription data and the UE indicating that it supports DC, the MME indicates to the MN (i.eastward., E-UTRAN) to actuate the MR-DC feature in RAN. The AMF provides the Mobility Brake list from UDM in case of 5GS and the MME provides the Handover Restriction List with an indication of whether Secondary RAT NR is permitted or not in case of EPS. The MME/AMF may also have local configuration parameters which prevents DC (i.e., setting upwards NR every bit Secondary RAT) for roaming users. The MN has the final decision regarding activation of SN and on the blazon of bearers (MCG, SCG or Dissever) to activate based on data provided by the MME/AMF, likewise as the data that the UE has provided. The UE determines whether DC is supported in a specific prison cell based on the broadcast information indicating DC support for MR-DC.

The MME may too select specific SGW/PGW nodes for DC, based on the knowledge the UE provides about its capability for DC support in example of MR-DC, in improver to the subscription information. In the instance of MR-DC, the MME too indicates to the UE when information technology is non permitted to utilise DC. If available on the device in question, the end-user can receive visual indication of the availability of NR while information technology is connected to EPS.

In the case of MR-DC continued to 5GC, there is no brake about which RAT is the MN and which is the SN. The availability of DC is enabled in the specifications from Release fifteen, eliminating the need for the UE to be informed of the system status of DC availability explicitly.

In the case of roaming users, if DC is activated in the VPLMN, then transfer of User data volume reporting is performed based on the HPLMN-VPLMN roaming agreement and on the indication from HPLMN to the VPLMN. For EPC this information is transferred betwixt SGW and PGW and for 5GC this information is transferred betwixt the V-SMF and H-SMF.

In case of MR-DC with EPC, the MN determines the Radio bearers treatment and manages its resource allotment to the SN. That means that the MN determines the PDCP location as well as which jail cell group(south) the radio resources are to be allocated to. When there is a Split up bearer on SN, the SN may remove any SCG resources for that specific Eastward-RAB, ensuring that the QoS requirements are maintained.

When in MR-DC, the MN is responsible same as for not-DC functioning for QoS framework enforcement, equally discussed in Affiliate 9, QoS. MN is responsible for accordingly guiding the SN with relevant data in order to manage the QoS operation.

In gild to be able to map PDU sessions to different bearer types in MR-DC, the MN can request the cadre network to:

Direct the User Aeroplane traffic of the whole PDU session either to the MN or to the SN. In that example, in that location is a single user plane tunnel termination at the NG-RAN for such PDU session.

Direct the User Plane traffic of a subset of the QoS flows of the PDU session to the SN (MN) while the rest of the QoS flows of the PDU session is directed to the MN (SN). In that instance, there are two user airplane tunnel terminations at the NG-RAN for such PDU session.

Regardless of the type of setup, the MN can request to change this assignment during the life fourth dimension of the PDU session. For MR-DC, NG-RAN may initiate moving QoS Flows from one RAN node to another (i.e., between MN and SN). This procedure works when there is connectivity between the User plane GW terminating the N3 tunnel from both MN and SN RAN nodes (i.e., UPF with N3 termination) and there is no change of SMF and UPF with N3 termination during this process.

In MR-DC with 5GC, the MN and SN can support any bearer type and thus makes it possible to change the bearer types appropriately enabling changing of:

MCG bearer to/from Split bearer;

MCG bearer to/from SCG bearer;

SCG bearer to/from Separate bearer.

For MR-DC with 5GC, Fig. 12.10 (from 3GPP TS 37.340) illustrates how these bearers are defined on the Radio side:

Fig. 12.10

Fig. 12.10. MR-DC (NE-DC and NR-DC) user plane network protocol termination for three types of DC bearers.

The MN is responsible for the location of the SDAP function per PDU session, i.e., whether it shall exist hosted by the MN or the SN or by both (split PDU session);

When the MN itself hosts an SDAP part, it makes the decision on how some of the related QoS flows to be realized (i.east., some as MCG bearer, some equally SCG bearer, and others to be realized as Split bearer);

When the MN designates the SN to host an SDAP function, some of the related QoS flows may be realized as SCG bearer, some as MCG bearer, while others may be realized as Split bearer. The SN assigns the corresponding DRB IDs, based on the DRB IDs indicated by the MN. The SN may remove or add SCG resources for the corresponding QoS flows, if the QoS for the respective QoS flow is guaranteed;

For each PDU session, including dissever PDU sessions, at nearly i default DRB may exist configured.

Read full chapter

URL:

https://www.sciencedirect.com/science/commodity/pii/B9780081030097000120

Security

Stefan Rommer , ... Catherine Mulligan , in 5G Core Networks, 2020

8.2.3.2 Network access security

Network admission security refers to the security features that provide a user with secure access to the network. This includes common hallmark as well as privacy features. In addition, protection of signaling traffic and User Plane traffic in the access is also included. This protection may provide confidentiality and/or integrity protection of the traffic. Network access security generally has admission specific components – that is, the detailed solutions, algorithms, etc. differ between access technologies. With 5GS, a big degree of harmonization has been washed beyond access technologies, e.g. to use common access hallmark. The organization at present allows authentication over NAS to be used over both 3GPP and Non-3GPP access technologies. Further details are provided later in this chapter.

Read total chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780081030097000089

Security

Magnus Olsson , ... Catherine Mulligan , in SAE and the Evolved Packet Cadre, 2010

1. Network access security

By network admission security we mean the security features that provide a user with a secure access to the EPS. This includes mutual authentication likewise as privacy features. In addition, protection of signalling traffic and user airplane traffic in the particular admission is besides included. This protection may provide confidentiality and/or integrity protection of the traffic. Network access security is in general access specific, that is, the detailed solutions, algorithms, etc differ between accesses. Further details for different types of accesses are provided later in this chapter.

2. Network domain security

Mobile networks contain many network entities and reference points between these entities. The network domain security refers to the features that let these network nodes to deeply exchange data and protect against attacks on the network between the nodes.

3. User domain security

User domain security refers to the set of security features that secure the admission to terminals. This can for example, exist that the user needs to enter a Pin lawmaking earlier being able to access the terminal.

iv. Application domain security

With awarding domain security is meant the security features used by applications such every bit HTTP (for spider web access) or IMS.

Application domain security is in general stop-to-terminate between the application in the terminal and the peer entity providing the service. This is in contrast to the previous security features listed which provide hop past hop security, that is, they use to a single link in the network just. If each link (and node) in the chain that requires security is protected, the whole terminate-to-terminate chain tin can be considered secure.

Since application level security traverses on meridian of the user plane send provided by EPS, and every bit such is more or less transparent to EPS, it will not exist discussed further in this book. For more information on IMS security, see for case Camarillo and Garcia-Martin (2008).

5. Visibility and configurability of security

This is the fix of features that allows the user to acquire whether a security feature is in operation or not and whether the use and provision of services should depend on the security characteristic. In almost cases the security features are transparent to the user and the user is unaware that they are in functioning. For some security features the user should however exist informed near the operational status. For example, usage of encryption in Eastward-UTRAN depends on operator configuration and it should be possible for the user to know whether information technology is used or not, for example, by a symbol on the terminal brandish. Configurability is the property that the user can configure whether the use or the provision of a service should depend on whether a security characteristic is in operation.

Read full affiliate

URL:

https://www.sciencedirect.com/science/article/pii/B9780123748263000072

Protocols

Magnus Olsson , ... Catherine Mulligan , in EPC and 4G Parcel Networks (2nd Edition), 2013

16.3.seven Additional MIPv6 Features – Route Optimization

MIPv6 is a quite all-encompassing protocol and so far we accept only provided a very-high-level description of a few primary functions. I feature that was only briefly mentioned above is Route Optimization (RO). RO is supported for MIPv6 simply not available in Mobile IPv4. It is an alternative to the bidirectional tunneling between UE and HA. With RO, the user-aeroplane traffic is sent directly betwixt the UE and the Correspondent Node (CN) without passing the HA.

RO is not supported past EPS and in that location are different reasons for this. In EPS the HA is located in the PDN GW and it is always causeless that the user-plane traffic goes through ane PDN GW where charging, policy enforcement, and lawful intercept tin can take place. Furthermore, MIPv6 RO is limited to IPv6 traffic and IPv6 foreign networks. RO is thus non supported for IPv4 traffic fifty-fifty when DSMIPv6 is used. EPS provides other solutions that can enable efficient routing. In roaming situations information technology is, for example, possible to assign a PDN GW located in the visited PLMN, thus avoiding the transport of all user-airplane traffic to the dwelling PLMN. Also, PDN GW selection functions in EPS accept an impact on the routing, for example by selecting a PDN GW that is geographically close to the UE.

MIPv6 RO allows a UE to inform a CN about its current CoA. The UE basically sends a BU to the CN and the CN in plow creates a bounden in between the HoA and the CoA. When the CN sends a bundle to a specific IP address, it checks its bindings for an entry (i.e. a HoA) that matches the IP accost. If a match is found, the CN tin communicate with the UE using the CoA. Traffic sent by the CN will thus be routed to the strange network directly without passing the home network. MIPv6 defines special letters as well equally security mechanisms to prepare up the route bounden in the CN. Considering that RO is not used in EPS, and this is a book on EPS, we will not become into farther details on this topic. The interested reader is instead referred to IETF RFC 3775.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780123945952000165

Architecture extensions and vertical industries

Stefan Rommer , ... Catherine Mulligan , in 5G Core Networks, 2020

16.3.two 5G LAN-type services

xvi.3.2.1 Introduction

In that location are multiple market place segments in the realm of residential, office, enterprise and manufacturing plant, where Local Expanse Network (LAN) and Virtual Private Network (VPN) technologies are deployed today. This is an important expanse where the 5G System will need to provide services with like functionalities as LANs and VPNs just improved with 5G capabilities (e.k. loftier functioning, long distance admission, mobility and security). One feature defined in Rel-16 for this type of deployment is the "5G-LAN type services" where the 5G System is evolved to offer individual communication for UEs that are members of a 5G Virtual Network (5G VN) group. A 5G VN in this context is a virtual network based on 5GS. Access to a 5G VN is provided with a PDU Session that is established for a specific 5G VN. UEs that are members of a specific 5G VN grouping are authorized to establish PDU Sessions for that 5G VN group, and can communicate with other UEs in the group and tin can also, if applicable, access services on the DN. A 5G VN supports private communication, i.eastward. it is not possible to use a PDU Session to 1 5G VN group to communicate with a UE belonging to another 5G VN grouping. A 5G VN grouping may be configured to use either IP PDU Session types or Ethernet PDU Session type.

Support for 5G LAN-blazon services is based on the Rel-15 5G System, i.due east. the regular compages and procedures are re-used. There are even so two main additional aspects that accept been enhanced in Rel-16 to better back up 5G LAN-blazon services:

Group management to enable the NEF to expose an API for 5G VN group management. This allows a third party AF to create, modify and delete 5G VNs and to add and remove 5G VN group members.

Enhanced User Aeroplane traffic handling, where new features have been added to SMF and UPF for additional capabilities for UE-to-UE communication within a 5G VN group.

Beneath we volition describe these two aspects in some more detail.

xvi.three.2.ii 5G VN group management

The northbound API exposed by the NEF towards third parties have been enhanced in Release-sixteen to support functionalities to create, modify and delete 5G VN groups. By making apply of the API, a 3rd party, such equally a corporate, can manage 5G VN groups, including calculation and removing group members. The AF may provide the following data to the NEF:

Group Identifier

Group membership data (GPSIs of the 5G VN grouping members)

Group data (DNN, S-NSSAI, PDU Session type, etc. of the 5G VN group)

The NEF provides the received information to UDM that in plow stores it in UDR under the relevant Information Types. When a UE requests establishment of a PDU Session to a DNN that corresponds to a 5G VN grouping, the UDM volition fetch the subscription data from UDR in the normal fashion and will also fetch the 5G VN group data (DNN, etc.) if the UE is subscribed to that 5G VN group. The subscription data is and so provided to AMF and SMF in the normal way. PCF will as well request the 5G VN group data from UDR, in order to generate URSP rules with the corresponding DNN, S-NSSAI, etc. Fig. xvi.5 illustrates the overall procedure.

Fig. 16.5

Fig. 16.5. 5G VN grouping management.

16.three.two.3 5G VN User Airplane handling

1 target of the work on 5G VNs was to enable efficient support of UE-to-UE communication. To accomplish that, 2 User Aeroplane forwarding enhancements accept been added every bit part of Release-sixteen:

Local switch, where up-link traffic from ane UE is locally forwarded by a UPF as down-link traffic to another UE. This selection requires that this UPF is the mutual anchor point (PSA UPF) of the dissimilar PDU Sessions for the UEs in the 5G VN group.

N19-based forwarding, where direct UPF-to-UPF forwarding via an N19 tunnel is done. With this machinery the traffic for the 5G VN communication is forwarded between PSA UPFs of different PDU Sessions via a shared (group-level) tunnel connecting PSA UPFs of a single 5G VN group.

These mechanisms are added as extensions to the Release-15 mechanisms for User Plane handling. The regular UPF handling of traffic forwarding, QoS enforcement, measurements, etc., including N6-based forwarding, still apply to 5G VN groups. Fig. 16.six summarizes the different information forwarding options.

Fig. 16.6

Fig. 16.6. User aeroplane forwarding for 5G VN groups.

The dissimilar forwarding options are not mutually exclusive, they may all be applied in a 5G VN group for different PDU Sessions depending on which UPFs are serving the different PDU Sessions. Information technology is the SMF that is in charge of configuring the UPFs with appropriate forwarding rules for the local switch, N19 based forwarding and N6 based forwarding. The SMF does this be including relevant N4 rules in each UE's N4 session. In addition, the SMF may establish a group level N4 session with each UPF that has PDU Sessions in the group, in order to manage the N19 tunnels. In Release-16, it is assumed that a single SMF manages all PDU Sessions in a 5G VN group. This allows the SMF to have visibility of all PDU Sessions and respective UPFs and can thus generate forwarding rules for the N19 tunnels.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780081030097000168

EPS deployment scenarios and operator cases

Magnus Olsson , ... Catherine Mulligan , in SAE and the Evolved Package Core, 2010

iv.4 Scenario v: Consideration for EPC-just Deployment with Existing 2G/3G Accesses

Existing 2G/3G operators may choose to deploy/upgrade to EPC without the necessity of deploying LTE. Some aspects of this scenario has been already touched upon in Scenario i, and here we highlight a few of these aspects. Some of the main benefits have already been mentioned such every bit support for handover to/from LTE, support for handover with non-3GPP access networks, the power to provide local breakout more than efficiently, and the built-in support of optimized user plane traffic (too known as Direct Tunnel for 3G bundle cadre) for both roaming and non-roaming scenarios. Other benefits include assuasive IP-only networks thus avoid maintaining SS7 networks for the packet cadre, beingness prepared for support/inclusion of other non-3GPP admission network connectedness (such every bit explained in Scenario 4), efficient network operations and maintenance and enhanced QoS and Policy Command and Charging back up. Since the terminals that support existing 2G/3G procedures will exist supported without any problems, operators tin continue to serve their existing subscribers. In addition, the selection of the GW (GGSN vs. Serving GW/PDN GW) based on the concluding'south network capability (which indicates if the terminal can support LTE or non) tin can be used to divert the subscriber towards a Serving GW/PDN GW (when LTE capable) or towards a GGSN (when not LTE capable). As it becomes increasingly costly for vendors besides as operators to continue to maintain multiple tracks of architecture which leads to multiple tracks of products, it would serve the overall customs to converge over time towards a minimal set of product variants

There are patently other possible scenarios that we have not discussed hither. The purpose of this section has been to explore some possible cardinal scenarios. During 3G deployment, some interesting aspects came most such as incumbent national operators not getting the license for 3G operations. Such obstacles also led to the creation of new solutions in 3GPP, for example the Network sharing feature assuasive an operator with a 3G license to share their radio network with an operator without a 3G license and thus able to provide services using 3G to their subscribers. LTE and EPC take been developed when keeping such scenarios in heed, pregnant that radio network sharing as well as sharing of MMEs past multiple operators are supported in the standard specifications.

Read full affiliate

URL:

https://www.sciencedirect.com/science/article/pii/B9780123748263000047

Security

Magnus Olsson , ... Catherine Mulligan , in EPC and 4G Bundle Networks (Second Edition), 2013

7.2 Security Services

Before nosotros go into the actual security mechanisms of EPS, information technology may be useful to briefly go through some basic security concepts that are important in cellular networks.

Before a user is granted access to a network, hallmark in general has to be performed. During authentication the user proves that he or she is who he/she claims to be. Typically, mutual authentication is desired, where the network authenticates the user and the user authenticates the network. Authentication is generally done via a process where each party proves that it has admission to a secret known just to the participating parties, for example a countersign or a secret primal.

The network also verifies that the subscriber is authorized to access the requested service, for instance to get access to EPS using a particular admission network. This ways that the user must have the right privileges (i.e. a subscription) for the blazon of services that are requested. Say-so for an access network is often done at the same fourth dimension as authentication. It should be noted that different kinds of dominance may be required in unlike parts of the network and at unlike instances during an IP session. The network may, for example, qualify the apply of a sure admission technology, a sure QoS profile, a certain bit charge per unit, access to certain services, etc.

In one case the user has been granted admission, in that location is a want to protect the signaling traffic and user-plane traffic between the UE and the network, and betwixt different entities within the network. Ciphering and/or integrity protection may be applied for this purpose. With ciphering (i.e. encryption and decryption) we ensure that the data transmitted is only readable to the intended recipients. To accomplish this, the traffic is modified so that information technology becomes unreadable to anyone who manages to intercept it, except for the entities that have access to the right cryptographic keys. Integrity protection, on the other hand, is a means of detecting whether traffic that reaches the intended recipient has non been modified, for example by an attacker between the sender and the receiver. If the traffic has been modified, integrity protection ensures that the receiver is able to discover it. Ciphering and integrity protection serve different purposes and the need for computation and/or integrity protection differs depending on what traffic it is. Furthermore, the data protection may be done on unlike layers in the protocol stack and, every bit we will run into, EPS supports data protection features on both protocol layers ii and 3 depending on the scenario.

In guild to encrypt/decrypt as well as to perform integrity protection, the sending and receiving entities need cryptographic keys. It may seem tempting to use the same primal for all purposes, including hallmark, computation, integrity protection, etc. Nevertheless, using the same key for several purposes should generally be avoided. 1 reason is that if the same fundamental is used for authentication and traffic protection, an assaulter that manages to recover the computation fundamental by breaking, for example, the encryption algorithm would at the same time learn the fundamental used also for authentication and integrity protection. Furthermore, the keys used in one access should non be the same equally the keys used in another access. If they were to exist the same, the keys recovered past an assaulter in one access with weak security features could exist reused to break accesses with stronger security features. The weakness of ane algorithm or access thus spreads to other procedures or accesses. To avert this, keys used for unlike purposes and in different accesses should be singled-out, and an assaulter who manages to recover one of the keys should not be able to learn annihilation useful most the other keys. This holding is called key separation and, every bit we volition see, this is an of import attribute of EPS security design. In social club to achieve key separation, the UE and the EPC derives distinct keys that are used for dissimilar purposes. The keys may be derived during the authentication process, at mobility events, and when the UE moves to a connected state.

By privacy protection nosotros here mean the features that are available to ensure that information about a subscriber does not become available to others. For example, it may include mechanisms to ensure that the permanent user ID is not sent unnecessarily oftentimes in clear text over the air link. If washed, this would mean that an eavesdropper could find the movements and travel patterns of a item user.

Laws and directives of individual nations and regional institutions (east.thousand. the European Matrimony) typically ascertain a need to intercept telecommunications traffic and related information. This is referred to every bit lawful intercept and may be used by law enforcement agencies in accordance with the laws and regulations.

7.ii.one Security Domains

In order to describe the different security features of EPS information technology is useful to split the consummate security compages into different security domains. Each domain may take its ain ready of security threats and security solutions. 3GPP TS 33.401 divides the security architecture into unlike groups or domains:

1.

Network access security

2.

Network domain security

three.

User domain security

iv.

Awarding domain security

five.

Visibility and configurability of security.

The first group is specific to each access technology (E-UTRAN, GERAN, UTRAN, etc.), whereas the others are mutual for all accesses. Effigy seven.1 provides a schematic illustration of different security domains.

Figure 7.1. Schematic Diagram of Different Security Domains.
7.two.1.1 Network Access Security

By network access security we hateful the security features that provide a user with a secure admission to the EPS. This includes mutual hallmark as well as privacy features. In addition, protection of signaling traffic and user-plane traffic in the particular admission is also included. This protection may provide confidentiality and/or integrity protection of the traffic. Network access security is mostly access specific – that is, the detailed solutions, algorithms, etc. differ between access technologies. Further details for different types of accesses are provided later in this chapter.

vii.two.1.2 Network Domain Security

Mobile networks contain many network entities and reference points betwixt these entities. Network domain security refers to the features that allow these network nodes to deeply exchange data and protect against attacks on the network betwixt the nodes.

7.2.i.3 User Domain Security

User domain security refers to the set of security features that secure the physical admission to terminals. For example, the user may demand to enter a Pivot code before being able to access the last.

7.2.i.iv Application Domain Security

Application domain security is the security features used by applications such every bit HTTP (for web access) or IMS.

Awarding domain security is generally end to end between the application in the last and the peer entity providing the service. This is in dissimilarity to the previous security features listed that provide hop-by-hop security – that is, they apply to a single link in the network only. If each link (and node) in the concatenation that requires security is protected, the whole terminate-to-end chain can exist considered secure.

Since awarding-level security traverses on peak of the user-aeroplane transport provided by EPS, and as such is more or less transparent to EPS, it will not be discussed farther in this book. For more data on IMS security, run into for instance Camarillo and Garcia-Martin (2008).

7.ii.1.5 Visibility and Configurability of Security

This is the set of features that allows the user to learn whether a security characteristic is in operation or not and whether the use and provision of services volition depend on the security feature. In virtually cases the security features are transparent to the user and the user is unaware that they are in functioning. For some security features the user should, however, be informed about the operational status. For example, use of encryption in E-UTRAN depends on operator configuration and it should be possible for the user to know whether it is used or not, for case using a symbol on the terminal display. Configurability is the property where the user can configure whether the employ or provision of a service will depend on whether a security feature is in performance.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780123945952000074

EPS network entities and interfaces

Magnus Olsson , ... Catherine Mulligan , in SAE and the Evolved Packet Core, 2010

x.i Network Entities

The network compages of SAE is comprised of a few dissimilar network entities; each network entity has a distinct role in the compages. This section covers the roles of the unlike nodes; the eNodeB, the Mobility Management Entity (MME), the Serving GW, the PDN GW and the PCRF.

10.1.one eNodeB

The eNodeB provides the radio interface and performs radio resource management for Long-Term Development (LTE) including radio bearer control, radio admission control and scheduling of uplink and downlink radio resources for individual UEs. The eNodeB also supports IP header compression and encryption of the user plane data. eNodeBs are interconnected to one another via an interface named X2; this interface has several uses, e.yard. handover. eNodeBs are also connected to the EPC via the S1 interface, which is dissever upwards into the user plane and the command plane. The control plane interface is referred to equally S1-MME and terminates in the MME. The S1-U interface, meanwhile, terminates at the Serving GW and handles user plane traffic. The S1 interface supports pooling, that is a many-to-many relation betwixt the eNodeBs and the MMEs and as well between the eNodeBs and the Serving GW. The S1 interface too supports network sharing. This allows operators to share the radio network, that is the eNodeBs, while maintaining their own EPC networks.

x.1.2 Mobility direction entity

From a Core Network perspective, the MME is the main node for control of the LTE access network. It selects the Serving GW for a UE during the initial attach and as well during handover, if neces­sary, between LTE networks. Information technology is responsible for the tracking and paging procedures for UEs in idle style and too the activation and de-activation of bearers on behalf of a UE. The MME through interaction with the HSS is responsible for authenticating the stop-user. For UEs that are roaming, the MME terminates the S6a interface towards the UEs home HSS. The MME as well ensures that the UE has dominance to use (campsite on) an Operator's PLMN and besides enforces any roaming restrictions that the UE may have.

In add-on, the MME provides command plane functionality for mobility between LTE and 2G/3G access networks. The S3 interface terminates at the MME from the SGSN.

An MME is selected by the MME choice role. Selection is based on network topology, dependent on which MME serves the particular location that a UE is in. If several MMEs serve a detail area, the pick procedure is based on a few different criteria, for case selecting an MME that reduces the demand to modify it later or peradventure based on load balancing needs. A full description of the MME pick role is covered in Section 9.2.3.

The MME is also responsible for Not-Admission Stratum (NAS) signalling, which terminates at the MME; the MME also acts every bit the termination indicate in the network for the security of NAS signalling, handling the ciphering protection and management of security keys.

Lawful Intercept related to signalling as well handled past the MME.

10.1.3 Serving GW

The Serving GW performs several functions for both the GTP-based and PMIP-based network architectures. The Serving GW terminates the interface towards E-UTRAN; every UE that attaches to an EPS is associated with a single Serving GW. In the same was as the MME, the Serving GW is selected for the UE based on network topology and UE location. The Domain Name Service (DNS) may be used to resolve a DNS cord of possible Serving GW addresses which serve the UE'south location. The selection of Serving GW may be affected past a few criteria; firstly, a Serving GW may be selected based on the fact that its service area may reduce the necessity to change the Serving GW at a subsequently fourth dimension. Secondly, Serving GW selection may be based on the need for load balancing between different Serving GWs. A total clarification of the selection procedure is covered in Chapter 9.

Once a UE is associated with a Serving GW, it handles the forwarding of terminate-user data packets and as well acts as a local anchor point when required for inter-eNodeB handover. During handover from LTE to other 3GPP access technologies (inter-RAT handover for other 3GPP access technologies), the Serving GW terminates the S4 interface and provides a connection for the transfer of user traffic from 2G/3G network systems and the PDN GW. During both the inter-NodeB and inter-RAT handovers, the Serving GW sends one or more than 'finish-markers' to the source eNodeB, SGSN, or RNC in order to assist the re-ordering function in the eNodeB.

When a UE is in idle state, the Serving GW will end the downlink (DL) path for information. If new packets arrive, the Serving GW triggers paging towards the UE. Every bit part of this, the Serving GW manages and stores information relevant to the UE; for instance parameters of the IP bearer service or internal network routing information.

The Serving GW is besides responsible for the reproduction of user traffic in the example of lawful intercept.

10.ane.four PDN GW

The PDN GW provides connectivity to external PDNs for the UE, functioning as the entry and exit point for the UE data traffic. A UE may be connected to more than one PDN GW if it needs to admission more than one PDN. The PDN GW also allocates an IP address to the UE. These PDN GW functions apply to both the GTP-based and the PMIP-based versions of the SAE architecture. This is covered in more detail in Section 6.i.

In its role as a gateway, the PDN GW may perform deep bundle inspection, or parcel filtering on a per-user basis. The PDN GW also performs service level gating control and rate enforcement through rate policing and shaping. From a QoS perspective, the PDN GW also marks the uplink and downlink packets with, for example, the DiffServ Code Signal. This is covered in more particular in Section eight.one and 8.2 Section viii.1 Department 8.two .

Some other key role of the PDN GW is to human action every bit the ballast for mobility between 3GPP and non-3GPP technologies such as WiMAX and 3GPP2 (CDMA/HRPD).

10.1.5 Policy and charging rules office

The Policy and Charging Rules Function (PCRF) is the policy and charging control element of the SAE architecture and encompasses policy control conclusion and flow-based charging control functionalities. This means that it provides network-based control related to service data menstruum detection, gating, QoS and menstruum-based charging towards the Policy and Charging Enforcement Function (PCEF). It should exist noted, however, that the PCRF is non responsible for credit management.

The PCRF receives service data from the Application Office (AF) and decides how the information flow for a detail service will be handled past the PCEF. The PCRF also ensure that the user airplane traffic mapping and treatment is in accord with the subscription profile associated with an end-user. The PCRF functions are described in more detail in Department eight.2.

Read total chapter

URL:

https://world wide web.sciencedirect.com/scientific discipline/article/pii/B9780123748263000102

Wide-Expanse Wireless Networks (WANs) — GSM Evolution

Vijay Thou. Garg , in Wireless Communications & Networking, 2007

15.8 UMTS Core Network Architecture

Figure 15.28 shows the UMTS core network (UCN) in relation to all other entities within the UMTS network and all of the interfaces to the associated networks.

Figure xv.28. UMTS core network architecture.

The UCN consists of a CS entity for providing vocalization and CS data services and a PS entity for providing packet-based services. The logical architecture offers a clear separation between the CS domain and PS domain. The CS domain contains the functional entities: mobile switching centre (MSC) and gateway MSC (GMSC) (see Figure 15.28). The PS domain comprises the functional entities: serving GPRS support node (SGSN), gateway GPRS support node (GGSN), domain name server (DNS), dynamic host configuration protocol (DHCP) server, packet charging gateway, and firewalls. The cadre network tin exist carve up into the following different functional areas:

Functional entities needed to back up PS services (east.g. 3G-SGSN, 3G-GGSN)

Functional entities needed to back up CS services (eastward.thou. 3G-MSC/VLR)

Functional entities mutual to both types of services (e.yard. 3G-HLR) Other areas that can be considered role of the core network include:

Network management systems (billing and provisioning, service direction, chemical element management, etc.)

IN system (service command point (SCP), service signaling betoken (SSP), etc.)

ATM/SDH/IP switch/ship infrastructure

Figure 15.29 shows all the entities that connect to the core network — UTRAN, PSTN, the Internet and the logical connections between final equipment (MS, UE), and the PSTN/Cyberspace.

Figure fifteen.29. Logical architecture of the UMTS core network.

15.8.1 3G-MSC

The 3G-MSC is the main CN chemical element to provide CS services. The 3G-MSC also provides the necessary control and corresponding signaling interfaces including SS7, MAP, ISUP (ISDN user part), etc. The 3G MSC provides the interconnection to external networks like PSTN and ISDN. The post-obit functionality is provided by the 3G-MSC:

Mobility management: Handles attach, authentication, updates to the HLR, SRNS relocation, and intersystems handover.

Phone call management: Handles telephone call set up-up letters from/to the UE.

Supplementary services: Handles call-related supplementary services such as call waiting, etc.

CS information services: The IWF provides charge per unit adaptation and bulletin translation for circuit mode data services, such as fax.

Vocoding

SS7, MAP and RANAP interfaces: The 3G-MSC is able to consummate originating or terminating calls in the network in interaction with other entities of a mobile network, e.grand., HLR, AUC (Hallmark heart). Information technology too controls/communicates with RNC using RANAP which may apply the services of SS7.

ATM/AAL2 Connection to UTRAN for transportation of user airplane traffic beyond the Iu interface. Higher charge per unit CS information rates may exist supported using a unlike adaptation layer.

Brusque message services (SMS): This functionality allows the user to send and receive SMS data to and from the SMS-GMSC/SMS-IWMSC (Inter working MSC).

VLR functionality: The VLR is a database that may be located within the 3G-MSC and can serve every bit intermediate storage for subscriber data in order to back up subscriber mobility.

IN and CAMEL.

OAM (operation, assistants, and maintenance) agent functionality.

fifteen.8.ii 3G-SGSN

The 3G-SGSN is the master CN element for PS services. The 3G-SGSN provides the necessary command functionality both toward the UE and the 3G-GGSN. It as well provides the appropriate signaling and data interfaces including connection to an IP-based network toward the 3G-GGSN, SS7 toward the HLR/EIR/AUC and TCP/IP or SS7 toward the UTRAN.

The 3G-SGSN provides the following functions:

Session management: Handles session gear up-up messages from/to the UE and the GGSN and operates Admission Control and QoS mechanisms.

Iu and Gn MAP interface: The 3G-SGSN is able to complete originating or terminating sessions in the network by interaction with other entities of a mobile network, e.g., GGSN, HLR, AUC. It also controls/communicates with UTRAN using RANAP.

ATM/AAL5 physical connection to the UTRAN for transportation of user data plane traffic across the Iu interface using GPRS tunneling protocol (GTP).

Connection across the Gn interface toward the GGSN for transportation of user plane traffic using GTP. Note that no concrete ship layer is divers for this interface.

SMS: This functionality allows the user to transport and receive SMS data to and from the SMS-GMSC/SMS-IWMSC.

Mobility management: Handles attach, hallmark, updates to the HLR and SRNS relocation, and intersystem handover.

Subscriber database functionality: This database (like to the VLR) is located inside the 3G-SGSN and serves as intermediate storage for subscriber data to support subscriber mobility.

Charging: The SGSN collects charging information related to radio network usage past the user.

OAM agent functionality.

15.8.iii 3G-GGSN

The GGSN provides interworking with the external PS network. Information technology is continued with SGSN via an IP-based network. The GGSN may optionally support an SS7 interface with the HLR to handle mobile terminated packet sessions.

The 3G-GGSN provides the following functions:

Maintain information locations at SGSN level (macro-mobility)

Gateway betwixt UMTS packet network and external data networks (e.g. IP, X.25)

Gateway-specific admission methods to intranet (e.one thousand. PPP termination)

Initiate mobile terminate Road Mobile Terminated packets

User data screening/security can include subscription based, user controlled, or network controlled screening.

User level address allotment: The GGSN may take to allocate (depending on subscription) a dynamic address to the UE upon PDP context activation. This functionality may be carried out by utilise of the DHCP part.

Charging: The GGSN collects charging information related to external data network usage by the user.

OAM functionality

15.eight.4 SMS-GMSC/SMS-IWMSC

The overall requirement for these 2 nodes is to handle the SMS from point to point. The functionality required can be split into two parts. The SMS-GMSC is an MSC capable of receiving a terminated short message from a service center, interrogating an HLR for routing information and SMS data, and delivering the short bulletin to the SGSN of the recipient UE. The SMS-GMSC provides the following functions:

Reception of curt message parcel information unit (PDU)

Interrogation of HLR for routing data

Forwarding of the brusk message PDU to the MSC or SGSN using the routing data

The SMS-IWMSC is an MSC capable of receiving an originating brusque bulletin from inside the PLMN and submitting it to the recipient service heart. The SMS-IWMSC provides the post-obit functions:

Reception of the brusque bulletin PDU from either the 3G-SGSN or 3G-MSC

Establishing a link with the addressed service center

Transferring the short message PDU to the service heart

Annotation: The service center is a function that is responsible for relaying, storing, and forwarding a short message. The service centre is not function of UCN, although the MSC and the service heart may be integrated.

15.eight.5 Firewall

This entity is used to protect the service providers' backbone information networks from attack from external packet information networks. The security of the backbone information network can exist ensured by applying packet filtering mechanisms based on access control lists or any other methods deemed suitable.

xv.viii.six DNS/DHCP

The DNS server is used, every bit in any IP network, to interpret host names into IP addresses, i.e., logical names are handled instead of raw IP addresses. As well, the DNS server is used to translate the access point name (APN) into the GGSN IP address. It may optionally be used to permit the UE to use logical names instead of concrete IP addresses.

A dynamic host configuration protocol server is used to manage the allocation of IP configuration information past automatically assigning IP addresses to systems configured to use DHCP.

Read full chapter

URL:

https://www.sciencedirect.com/scientific discipline/article/pii/B9780123735805500491

EPS Network Entities and Interfaces

Magnus Olsson , ... Catherine Mulligan , in EPC and 4G Packet Networks (2d Edition), 2013

15.1 Network Entities

The network architecture of SAE consists of a few unlike network entities; each network entity has a distinct role in the compages. This section covers the roles of the dissimilar nodes: the eNodeB, the Mobility Management Entity (MME), the Serving GW, the PDN GW, and the PCRF.

15.1.1 eNodeB

The eNodeB provides the radio interface and performs radio resource direction for Long-Term Evolution (LTE), including radio bearer command, radio admission control, and scheduling of uplink and downlink radio resources for individual UEs. The eNodeB also supports IP header compression and encryption of the user-plane information. eNodeBs are interconnected to one some other via an interface called X2; this interface has several uses, eastward.g. handover. eNodeBs are also continued to the EPC via the S1 interface, which is separate upward into the user plane and the control airplane. The command-airplane interface is referred to every bit S1-MME and terminates in the MME. The S1-U interface, meanwhile, terminates at the Serving GW and handles user-aeroplane traffic. The S1 interface supports pooling, i.e. a many-to-many relation between the eNodeBs and the MMEs, and also between the eNodeBs and the Serving GW. The S1 interface also supports network sharing. This allows operators to share the radio network, i.e. the eNodeBs, while maintaining their ain EPC networks.

xv.i.2 Mobility Management Entity

From a Core Network perspective, the MME is the main node for control of the LTE admission network. Information technology selects the Serving GW for a UE during the initial attachment and also during handover, if necessary, between LTE networks. It is responsible for the tracking and paging procedures for UEs in Idle manner and besides the activation and deactivation of bearers on behalf of a UE. The MME, via interaction with the HSS, is responsible for authenticating the end-user. For UEs that are roaming, the MME terminates the S6a interface towards the UE's dwelling HSS. The MME besides ensures that the UE has dominance to apply (camp on) an operator's PLMN and also enforces any roaming restrictions that the UE may accept.

In addition, the MME provides control-aeroplane functionality for mobility between LTE and 2G/3G access networks. The S3 interface terminates at the MME from the SGSN.

An MME is selected by the MME selection function. Selection is based on network topology, dependent on which MME serves the item location that a UE is in. If several MMEs serve a particular expanse, the selection procedure is based on a few different criteria, for instance selecting an MME that reduces the need to change information technology later or alternatively based on load balancing needs. A full description of the MME selection function is given in Section nine.2.iii.

The MME is likewise responsible for Non-Access Stratum (NAS) signaling, which terminates at the MME; the MME likewise acts equally the termination signal in the network for the security of NAS signaling, handling the ciphering protection and management of security keys.

The MME besides handles lawful intercept related to signaling.

15.ane.3 Serving GW

The Serving GW performs several functions for both the GTP-based and PMIP-based network architectures. The Serving GW terminates the interface towards E-UTRAN; every UE that attaches to an EPS is associated with a single Serving GW. In the same way equally the MME, the Serving GW is selected for the UE based on network topology and UE location. The Domain Name Service (DNS) may be used to resolve a DNS cord of possible Serving GW addresses that serve the UE'due south location. The option of Serving GW may be affected by a few criteria. Start, a Serving GW may be selected based on the fact that its service area may reduce the necessity to change the Serving GW at a later time. Secondly, Serving GW selection may be based on the need for load balancing between unlike Serving GWs. A full clarification of the selection procedure is given in Chapter ix.

Once a UE is associated with a Serving GW, information technology handles the forwarding of end-user data packets and likewise acts as a local anchor indicate when required for inter-eNodeB handover. During handover from LTE to other 3GPP access technologies (inter-RAT handover for other 3GPP access technologies), the Serving GW terminates the S4 interface and provides a connection for the transfer of user traffic from 2G/3G network systems and the PDN GW. During both the inter-NodeB and inter-RAT handovers, the Serving GW sends one or more "finish-markers" to the source eNodeB, SGSN, or RNC in society to assist the reordering part in the eNodeB.

When a UE is in Idle state, the Serving GW will terminate the downlink (DL) path for data. If new packets arrive, the Serving GW triggers paging towards the UE. As part of this, the Serving GW manages and stores information relevant to the UE, for example parameters of the IP bearer service or internal network routing information.

The Serving GW is likewise responsible for the reproduction of user traffic in the case of lawful intercept.

15.ane.iv PDN GW

The PDN GW provides connectivity to external PDNs for the UE, operation as the entry and leave indicate for the UE information traffic. A UE may be connected to more than one PDN GW if information technology needs to access more than 1 PDN. The PDN GW also allocates an IP address to the UE. These PDN GW functions use to both the GTP-based and the PMIP-based versions of the SAE architecture. This is covered in more than detail in Section 6.one.

In its part as a gateway, the PDN GW may perform deep packet inspection or parcel filtering on a per-user basis. The PDN GW also performs service-level gating control and rate enforcement through rate policing and shaping. From a QoS perspective, the PDN GW besides marks the uplink and downlink packets with, for example, the DiffServ Code Point. This was covered in more detail in Chapter viii.

Another key role of the PDN GW is to act as the anchor for mobility between 3GPP and non-3GPP technologies such as WiFi and 3GPP2 (CDMA/HRPD).

15.1.5 Policy and Charging Rules Function

The Policy and Charging Rules Part (PCRF) is the policy and charging control element of the SAE architecture and encompasses policy control determination and period-based charging control functionalities. This means that information technology provides network-based control related to service information menstruation detection, gating, QoS, and flow-based charging towards the Policy and Charging Enforcement Part (PCEF). It should exist noted, however, that the PCRF is not responsible for credit direction.

The PCRF receives service information from the Awarding Role (AF) and decides how the data period for a particular service will exist handled by the PCEF. The PCRF also ensures that the user-plane traffic mapping and treatment is in accordance with the subscription profile associated with an finish-user. The PCRF functions are described in more detail in Department 8.two.

15.i.vi Home eNodeB Subsystem and Related Entities

The Home eNodeB Subsystem (HeNS) consists of a Home eNodeB (HeNB), optionally a Home eNodeB Gateway (HeNB-GW), and optionally a Local GW (L-GW). The Dwelling eNodeB Subsystem is connected via the S1 interface to the MME and the Serving GW.

A Home eNodeB is customer-premises equipment offering East-UTRAN coverage. The HeNB supports the same functionality as an eNodeB and it supports the aforementioned procedures towards the MME and Serving GW equally en eNodeB. X2-based HO between HeNBs is allowed between closed/hybrid access HeNBs having the same CSG ID or when the target HeNB is an open admission HeNB.

A Home eNodeB Gateway is an optional gateway through which the Home eNodeB accesses the cadre network. The HeNB GW serves every bit a concentrator for the control plane, specifically the S1-MME interface. The S1-U interface from the HeNB may be terminated at the HeNB GW, or a directly logical U-plane connection betwixt HeNB and S-GW may be used. The HeNB GW appears to the MME as an eNB. The HeNB GW appears to the HeNB every bit an MME. The S1 interface between the HeNB and the EPC is the aforementioned, regardless of whether the HeNB is connected to the EPC via a HeNB GW or non.

A Local GW is a gateway towards local IP networks (eastward.g. residential/enterprise networks) associated with the HeNodeB. The Local GW is co-located with the Home eNodeB.

15.one.6.1 CSG Listing Server

The CSG List Server provides the Immune CSG list and the Operator CSG listing on the UE using management procedures such as Over The Air (OTA) procedures or OMA DM procedures. The CSG List Server is located in the subscriber's abode network.

xv.1.half dozen.2 CSG Subscriber Server (CSS)

The CSS is an entity in the Visited network that stores and manages CSG subscription-related data for roaming UEs. The CSS is used to enable autonomous CSG roaming in visited networks. The CSS supports download of CSG subscription information upon request from the serving MME, via the S7a interface. The CSS likewise supports service provision, including updating the MME with modifications of the CSG membership granted to the subscriber.

Read total chapter

URL:

https://www.sciencedirect.com/scientific discipline/article/pii/B9780123945952000153