9.6 UMTS Interfaces
9.6.1 Iu Interface
The Iu interface connects the UTRAN/GERAN radio network to the
The Iu interface has a control plane and a
The IuCs and IuPs control plane consists of radio access network application protocol (RANAP), which is run on top of SS7. AAL5 is the adaptation layer used in the control plane. The IuCs user plane resides directly over AAL2. Since voice is the primary service provided over the IuCs interface, AAL2 has been selected as the adaptation layer for IuCs. GTP-U (GPRS Tunneling Protocol ”User Plane) over UDP/IP/AAL5 is the user plane for IuPs. The protocol stacks for Iu are shown in Figure 9-4.
Figure 9-4. Control and user plane stacks for Iu.
RANAP is the signaling protocol whose functionality includes the following:
The user plane protocol in the case of IuCs is the frame protocol. For IuPs, if the payload is of type IP, it is carried via GTP-U.
The Iub interface connects the Node Bs to the RNC. The Iub interface consists of a control plane and a user plane. Again ATM is used as the underlying protocol for the Iub interaface. The control plane of the Iub interface is called NBAP (Node B application part). NBAP is further divided into common NBAP and dedicated NBAP depending on the signaling link used. The user plane Iub protocol is defined via the frame protocol. It defines the structures of the
The Iur interface is defined for inter-RNC communication. The control plane protocol is refered to as RNSAP (radio network system application part). RNSAP operates over SS7, which is carried over an AAL5-based ATM interface. The user plane consists of the the frame protocol. Two user plane protocols are defined, namely the dedicated channel (DCH) frame protocol and the common channel (CCH) frame protocol. The user plane is carried directly over AAL2. The interface was originally intended to support inter-RNC soft handovers. However, with the development of this interface, new functionality has been added, including support for basic inter-RNC mobility, support for dedicated and common channel traffic, and support for global resource management.
9.7 Protocol Architecture
The UMTS architecture
The transport network is responsible for providing a general purpose transport for all UMTS network elements. The radio network protocols allow interworking between the Mobile station and
9.7.1 User Plane
The user plane of 3G GPRS features few changes from the user plane of the Release 97 GPRS (2.5G GPRS) (Figure 9-5). The 2.5G GPRS protocols in SGSN and BSS are designed by considering the reuse of GSM infrastructure. Therefore, the packet controller unit (PCU) was introduced as a logical element between SGSN and BSS. Because of PCU, 2.5G SGSN performs the
Figure 9-5. User plane protocol architecture.
The PDCP in the RAN provides protocol transparency to the application protocols over the radio interface. So the new protocols can be supported in the future without changing radio interface. This is unlike SNDCP, which also provides IP payload compression. The 3G GPRS provides only IP header compression. The ciphering function of LLC is moved into RLC and MAC. There is one more GTP tunnel between the RAN and SGSN. The SGSN is connected to the RAN using ATM. AAL5 is used for segmenting the IP packet into ATM
The split of radio protocols between RNC and Node B is mentioned for the WCDMA radio interface. There are four types of radio channels: broadcast, control, shared, and dedicated. Node B has radio physical layer and MAC for the broadcast, control, and shared channels. The RNC has PDCP, RLC, and MAC for the dedicated channels.
An IP packet going in the downlink direction is tunneled from the GGSN to the RNC via SGSN using two GTP tunnels. The PDCP in the RNC performs IP header compression and
9.7.2 Signaling Plane
The signaling plane consists of protocols for control and support of the user plane functions. It provides session management (SM) and GPRS mobility management (GMM) for a user along with the short message service (SMS). The SM consists of PDP context activation, modification, and
The RANAP layer provides access control and
The RRC protocol between MS and the RAN provides setup, modification, and release of radio resources. It also provides mobility management functions such as radio link measurements, handovers, and
Figure 9-6. Signaling plane protocol architecture.
9.7.3 GPRS Tunneling Protocol
GTP is used for both signaling (GTP-c) and data transfer (GTP-u) procedures between the GSNs. It provides a header, which together with the UDP/TCP and IP header identifies the destination GSN and handling of the packet at the destination. A variant of GTP, GTP ', is used for transporting charging information to the charging gateway function (CGF) from GSNs.
The header has been changed from 2.5G GPRS. Instead of flow label, 3G uses TEID to identify a GTP flow. Also, instead of LLC frame number, 3G uses N-PDU number to coordinate the data transmission after the inter-SGSN RA update procedure. A new field, called extension header type, is used to carry extension headers. 3G also has some new flags, as discussed
The GTP header is depicted in Figure 9-7. The first 8 bytes are the mandatory part of the GTP header. The rest of the bytes are
Figure 9-7. GTP header fields.
The GTP header contains the following fields:
Next extension header type indicates the type of extension header that
9.7.4 UMTS Mobility Management
Iu mode mobility management (MM) handles the terminal mobility for packet communication just like GMM does for GPRS (see Chapter 8). The mobility management state machines are in the terminal and 3G-SGSN. The states are PMM-DETACHED, PMM-IDLE, and PMM-CONNECTED (3GPP TS 23.060). The main difference from GMM is that PDU transmission and
Figure 9-8. UMTS packet session mobility management.
The states relate to terminal mobility management only. They are independent of the PDP contexts and the number of IP addresses allocated to the mobile terminal. In the PMM-DETACHED state the 3G-SGSN does not know the mobile terminal, and incoming IP packets will not reach it. The mobile terminal initiates communication with the GPRS attach procedure and transition to the PMM-CONNECTED state. The serving RNC tracks the mobile location when connected. PS signaling connection release moves the state to PMM-IDLE, where only the routing area of the terminal is known (i.e., less accurate information than in the connected state is available in the 3G-SGSN). The signaling connection can be reestablished after paging the mobile. Transition to the connected state enables packet data transfer again.
UMTS attach and detach procedures are the same as in GPRS and were discussed in Chapter 8. The key differences and improvements are described below.
UMTS ATTACH AND DETACH PROCEDURES
The UMTS attach procedure moves the MM state to PMM-CONNECTED. In the connected state the mobile station (MS) can activate the PDP contexts. During the attach, MS and the visited network authenticate each other. The network authentication toward MS is an UMTS addition to the GSM authentication. A second improvement over the GPRS procedure is that air interface ciphering takes place in RNC instead of the base station. The third improvement is the signaling integrity protection possibility, which
Core network mobility is different from radio network mobility. CN mobility is only handled when the mobile is attached and is not RRC connected. Location areas (LAs) are the CS domain mobility management concept inherited from the GSM networks. Routing areas (RAs) are the corresponding PS domain entities. The core network (CN) uses RA in paging. The temporary P-TMSI subscriber identifiers are unique within RA.
Within the radio access network RA is further divided into UTRAN registration areas (URAs). UTRAN initiated paging uses the URA when the terminal signaling channel has been set up (i.e., the terminal is in the RRC-CONNECTED mode). URA is not visible outside UTRAN.
The relationship between the areas is
Figure 9-9. UMTS area concepts (3GPP TS 23.121).
The radio access security architecture of the 3GPP release 99 standard is largely based on the 2G GSM air interface. Advanced encryption algorithms with longer cipher keys, mutual authentication, and signaling integrity protection are the main improvements over GSM. GSM-EDGE radio access network (GERAN) will adopt the 3GPP security features in later standards.
The 3GPP Security Threats and Requirements technical specification (3GPP 21.133) lists the main 3G security concerns, prioritizes the associated risks, and sets the goals for the countermeasures. The following examples present only a minor subset of the identified risks. From a security perspective, there are several other reasons to update GSM/EDGE to the UMTS security architecture (both MAJOR and medium risks of 21.133).
9.7.5 Session Management
The mobile node is assigned an IP address that corresponds to the GGSN where the PDP context terminates. The UE is anchored to the GGSN for the duration of a session or more. However, the UE tends to move across Node Bs, RNCs, and SGSNs. Hence delivering packets destined to a UE to the appropriate GGSN is only part of the overall solution of supporting IP mobility. Tunneling technology is used to manage the mobility of the UE. A logical connection for forwarding packets from the GGSN to the RNC via the SGSN is established in advance via the PDP context setup procedure. As the UE moves from one area to another and as a result changes the serving RNC or the SGSN, a new logical connection is created between the GGSN and SGSN and/or between the SGSN and RNC.
UMTS session management (SM) is based on GPRS session management but has been enhanced in many areas. GTP is used as the protocol for managing the mobility within the packet core network. QoS control and logical connection setup