Chap03 gmm prot_03_kh

2,559 views
2,308 views

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,559
On SlideShare
0
From Embeds
0
Number of Embeds
58
Actions
Shares
0
Downloads
139
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • Source: TS 23.060 Chap. 6.3.3.1, chap.
  • TS 24.008 Chap. 4.7.7 and chap. 9.4.9, Ciphering algorithm: no ciphering used, GEA/1 A&C authentication and ciphering GPRS ciphering key sequence number is the data base reference in the SGSN, which tells mich, which currently storred Tripple was used for ciphering
  • Source: copied from TC UMTS CN Signalling course
  • Source: copied from TC UMTS CN Signalling course
  • Cancel Location is triggered by a HLR request. Question: What is an Implicit Detach? What is an abnormal RLC condition?
  • Source: copied from TC UMTS CN Signalling course Question: What are MS network capabilities?
  • Cancel Location is triggered by a HLR request. Note: Force to standby deactivates the ready timer – thus unwanted cell updates are avoided. Question: how does the MS get the READY timer value? (can the MS be forced from the rEADY into the STANDBY state?) 5 times T3350 expiry: the SGSN regards old and new (p-)TMSI and (P-)TMSI signatures valid, till old (p-)tmsi can be regarded as invalid. T3310 exiry five times: What happens exactly, when this times expires 5 times? See T3311 and T3302. Question: When will the MS get its TLLI. Does it always have a TLLI in the READY and STANDBY state. Attach result: 001: GPRS attached only 011: combined GPRS/IMSI attached Includes follow on request pending bit: 0: no follow-on request pending Question: What is an Implicit Detach? What is an abnormal RLC condition?
  • Source: copied from TC UMTS CN Signalling course; see also TS 23.060 chap. 6.6.1 A GPRS Detach can be used for a GPRS detach, and combined detach, and trigger a re-attach by the MS after a network failure to re-activate a PDP context.
  • Source: copied from TC UMTS CN Signalling course, see also TS 23.060 chap. 6.6 and 6.6.1, and TS 24.008 chap. 4.7.4 Question: Prüfe GMM common procedures, evtl ersetzen durch Authentication only. Question:Unter welchen bedingungen kann ich auf die P-TMSI verzichten (sh. optional)
  • Source: copied from TC UMTS CN Signalling course; see also TS 23.060 chap. 6.6.2.2 and TS 24.008 chap. Question: Prüfe roten Teil. Note: A GGSN can cancel a PDP context, but not a GMM Detach!
  • Source: copied from TC UMTS CN Signalling course, see also TS 23.060 chap. 6.6 and 6.6.1, and TS 24.008 chap. 4.7.4 Question: Prüfe GMM common procedures, evtl ersetzen durch Authentication only. Question:Unter welchen bedingungen kann ich auf die P-TMSI verzichten (sh. optional)
  • Source: copied from TC UMTS CN Signalling course; see also TS 23.060 chap. TS 24.008 chap. 4.7.2.2. Question: What happens if the MS is in the READY state and selects a cell in a new routing area – cell or routing area update? Question: Clarify the meaning of a suspended MS which has to be resumed by the BSS. Devellopment note: add cell update: see TS 23.060, chap. 6.9.0. There are two types of cell update processes. They require knowledge on the BSSGP and LLC layer. Check also, whether paging must be seen in a similar way, including knowledge of the lower layers.
  • Source: copied from TC UMTS CN Signalling course, see also TS 23.060 chap. 6.6 and 6.6.1, and TS 24.008 chap. 4.7.4 Question: Prüfe GMM common procedures, evtl ersetzen durch Authentication only. Question:Unter welchen bedingungen kann ich auf die P-TMSI verzichten (sh. optional)
  • TS 23.060 chap. 6.9.1.2 Wh LLC regarding the TLLI transport. Add a template explaining the TLLI calculation and its relationship to routing areas/cells.
  • Question: Prüfe GMM common procedures, evtl ersetzen durch Authentication only. Question:Unter welchen bedingungen kann ich auf die P-TMSI verzichten (sh. optional) Question: what is the exact idea of a N-PDU number. (sh. Active PdP context and maybe SGSN change). The purpose of the Receive N-PDU Numbers list information element is to specify the current SNDCP Receive N-PDU Number values. Optional in accept message. If there it has to be added to the complete message.
  • Source: partially copied from TC UMTS CN Signalling course; see also TS 23.060 chap. 6.9.1.2.2 P-tmsi signature is explained in TS23.060 chap. 6.8.2.3 P-TMSI Signature is optionally sent by the SGSN to the MS in Attach Accept and Routeing Area Update Accept messages. If the P-TMSI Signature has been sent by the SGSN to the MS since the current P-TMSI was allocated, then the MS shall include the P-TMSI Signature in the next Routeing Area Update Request, Detach Request, and Attach Request for identification checking purposes. If the P-TMSI Signature was sent, then the SGSN shall compare the P-TMSI Signature sent by the MS with the signature stored in the SGSN. If the values do not match, the SGSN should use the security functions to authenticate the MS. If the values match or if the P-TMSI Signature is missing, the SGSN may use the security functions to authenticate the MS. The P-TMSI Signature parameter has only local significance in the SGSN that allocated the signature. If the network supports ciphering, the SGSN shall send the P-TMSI Signature ciphered to the MS. Routeing Area Update Request and Attach Request, into which the MS includes the P-TMSI Signature, are not ciphered.
  • Source: partially copied from TC UMTS CN Signalling course;
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 23.060 chap. 14.
  • Source: copied from TC UMTS CN Signalling course; see TS 23.060 chap. 14. Question: How many PDP contexts can be active in parallel?
  • Source: copied from TC UMTS CN Signalling course; see TS 23.060 chap. 14. Question: Verify the red part. Question: Is the TEID indeed in use in 2G GPRS? What happened with the TID? Is the GTP-U in use between BSC and SGSN, too? See here 23.060 chap. 14.6! It may be possible that the TEID is used in the BSC only given the IP based higher layer data transfer on the Gb-interface??? This part has still has to be done! For TI and extended TI, have a closer look to 24.007! See there also for linked TI.
  • Source: copied from TC UMTS CN Signalling course; see TS 23.060 chap. 14. ´Question: What about the TEIDs? Verify if necessary.
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7 Check the red parts. Question: Wann triggered der SGSN genau den RAB setup (in Geran natürlich).
  • Question: What is radio priority, why is PDP address optional, what is a packet flow identifer Question: An welcher Stelle wird die radio access bearer establishment getriggered? Note: End user address in create PDP Context schein PDP address des end users zu sein. Create PDP Context Request: The Tunnel Endpoint Identifier Data field specifies a downlink Tunnel Endpoint Identifier for G-PDUs which is chosen by the SGSN. The GGSN shall include this Tunnel Endpoint Identifier in the GTP header of all subsequent downlink G-PDUs that are related to the requested PDP context. The Tunnel Endpoint Identifier Control Plane field specifies a downlink Tunnel Endpoint Identifier Control Plane messages which is chosen by the SGSN. The GGSN shall include this Tunnel Endpoint Identifier in the GTP header of all subsequent downlink control plane messages that are related to the requested PDP context. If the SGSN has already confirmed successful assignment of its Tunnel Endpoint Identifier Control Plane to the peer GGSN, this field shall not be present. Achtung: mache später mal ein extra-bild, was die bedeutung der TEIDs erklärt, und wie der TEID bestimmt wird. After activate PDP context, following is possible: In A/Gb mode and if BSS trace is activated, the SGSN shall send an Invoke Trace (Trace Reference, Trace Type, Trigger Id, OMC Identity) message to the BSS. Trace Reference, and Trace Type are copied from the trace information received from the HLR or OMC.
  • TS 23.060 chap. 9.2.2.2.1 Question: Is the IMSI indeed contained in the Send Routing Info for GPRS message? Prüfen! Und wie bekommt der GGSN die IMSI?
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7 Question: Question: Könnte ein TFT nicht auch im ersten PDP context eingeführt werden, mit Modify PDP request message? (ja, siehe 24.008 chap. 6.1.3.3., erster abschnitt). Und was passiert dann, wenn alle PDP contexts einen packet filter haben, und keiner passt? Question: was ist ein ipv6 flow label.
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7 Question: TI immer noch nicht verstanden.
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7 Question: I do not understand the use of linked TI? I strongly assume, that the NSAPI is different for the first and secondary PDP context. I assume, that the LLC SAPI is the same in both cases. And between SGSN and GGSN, the tunnels are separated due to the TEIDs.
  • Source: one-to-one copied from TC UMTS CN Signalling course; Question: Why is the NSAPI included in the update PDP context request – the pdp context is already uniquely identified by the TEID – or can the NSAPI change?
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7 Question: In 23.060 chap. 9.2.3.3 wird auch eine radio access bearer modification genannt. Die fehlt hier im Bild. Wie wichtig ist die. Und wie wird die im MS/SGSN ausgelöst? Question: There may be also an BSS initated PDP context modification: 23.060, chap. 9.2.3.4, Was hat es damit auf sich? Durchlesen?
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7 Ps.: The update pdp context request holds a trace reference. What‘s that?
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7
  • Source: one-to-one copied from TC UMTS CN Signalling course;
  • Source: one-to-one copied from TC UMTS CN Signalling course; see TS 24.008 chap. 14., TS23.060 chap. 9.2.2.1, TS 2960, chap. 7 Question: nach der Deactivate PDP Context accept message kann noch folgendes passieren: „In A/Gb mode, BSS packet flow context procedures may be executed. These procedures are defined in subclause "BSS Context".“ Was heißt das, was bedeutet das? Was ist ein BSS Context? Question: Was passiert, wenn die deactivate PDP context accept message nie ankommt: Denke an charging – den der PDP context sollte nicht so einfach weitervergebührt werden: answer: the MS makes 5 attempts. After the 5th attempt, it releases all resources and ereases all PDP context related data. (Same principle on the network side – T3395) Q-Question: How does the network know, that the resources were released. Question: The Delete PDP Context Request message does not contain a TEID. The NSAPI does not uniquely identify the subscriber. It the affected tunnel uniquely identified, because this message is transmitted in an IP-packet with a IP address for GTP-C frames uniquely allocatede to the subscriber? Wenn ja, was ich nicht glaube, wie gelingt und da noch eine vernünftige verwaltung des Addressraums für IP. Question: wo bestimme ich die genauen kriterien fuer einen implicite detach?
  • Chap03 gmm prot_03_kh

    1. 1. Chapter 3 The GMM/SM Protocol Contents: 3.1 GMM tasks 1. GMM Procedures 2. The concept of Routing Areas 3. GPRS Mobility Management State Transition 4. Combined /not combined GMM/MM procedures 3.2 Session Management SM 1. PDP State Model 2. Elements involved in PDP contexts 3. PDP related parameters 3.3 Message formatting 1. GMM/SM message formats 2. Mandatory message fields 3. SM Message types 4. ATTACH REQUEST message content 5. PDP context activation example
    2. 2. Chapter 3 The GMM/SM Protocol 3.4 GMM procedures 1. Authentication and Ciphering 2. GPRS Attach Procedure 3. MS Initiated Detach 4. Network Initiated Detach 5. Routing Area Update 6. GMM Information 3.5 SM procedures 1. General Aspects about PDP Contexts 2. PDP Context States and Packet Sessions 3. PDP Context Related Parameters 4. Successful PDP Context Activation Procedure 5. Secondary PDP Contexts 6. PDP Context Modification 7. PDP Context Deactivation
    3. 3. Chapter 3.1 The GMM/SM Protocol Contents: 3.1 GMM tasks 1. GMM Procedures 2. The concept of Routing Areas 3. GPRS Mobility Management State Transition 4. Combined /not combined GMM/MM procedures
    4. 4. GPRS Mobility Management GMM Procedures GMM Common Procedures GMM Specific Procedures • GPRS Attach,Combined GPRS Attach • GPRS Authentication and Ciphering • GPRS Detach, Combined GPRS Detach • GPRS Identification • Normal Routing Area Update • GPRS Information Combined Normal Routing Area Update • P-TMSI (Re-)allocation Periodic Routing Area Update GMM GMM •GMM common procedures GMM common procedures can be always initiated when a LLC LLC packet switched signalling connection exists. Relay RLC RLC BSSGP BSSGP •GMM specific procedures GMM specific procedures are used to establish and NS NS MAC MAC FR FR maintain a GMM context between MS and SGSN. If the network supports combined procedures, also circuit GSM RF GSM RF L1 L1 switched mobility related MM tsks are performed by the Um Gb SGSN. MS BSS SGSN
    5. 5. The concept of Routing Areas MS initiates: GMM Specific Procedures Normal Routing Area Update combined Normal Routing Area Update (with Location Area Update), Periodic Routing Area Update. RA size : by default one RA is equal to one LA. This is reasonable until the PS LA paging load is increasing and the RA available paging capacity is exceeded. The number of paging is a function of the number of subscribers and of the used services. To reduce the paging load a LAI may be split into RAs (of course increasing the number of RA updates) or the PPCH channel may be configured (of CI course loosing resources on the air) CGI MCC MNC LAC (16 bits) CI (16 bits) = Mobile Country Code Mobile Network Code Location Area Code Cell Identity Cell Global Identity LAI RAC (8 bits) RAI = Local Area Identifier Routing Area Code Routing Area Identifier
    6. 6. GPRS Mobility Management State Transition GMM Specific ProceduresSeen by MS: GPRS Attach READY Timer expiry/ Force to STANDBY/ IDLE READY STANDBY GPRS Detach PDU transmission READY Timer expiry/ Seen by SGSN Force to STANDBY/ Abnormal RLC conditions GPRS Attach IDLE READY STANDBY GPRS Detach/ PDU reception Cancel Location Implicit Detach/ Cancel Location MS location known to Cell Level. MS is MS location known to RA Level.MS location not known. transmitting or has just been MS is capable of receiving Point-Subscriber is not reachable by transmitting. MS is capable of receiving to-Multipoint data and beingthe GPRS NW. Point-to-Point data and Point-to- paged for Point-to-Point data Multipoint data.
    7. 7. Combined /not combined GMM/MM procedures The NMO (Network Mode of Operation) parameter is broadcast in BCCH or PBCCH. Pictures are valid only for classA and B MSs. A class C MS can not be attached in MSC and SGSN simultaneously!!! NMO I NMO II NMO III IMSI GPRS IMSI GPRS IMSI GPRS attached attached attached attached attached attached GsMSC/VLR SGSN MSC/VLR SGSN MSC/VLR SGSN cs paging message ps paging message PCH PCH, PCH, or PCH or PPCH, or PPCH (if used) PACCH - Gs interface required - works with or without PBCCH - no Gs interface - no Gs interface - Paging Coordination -no PBCCH -works with or without PBCCH - Combined Mobility Management -separate Mobility Management -separate Mobility Management
    8. 8. Chapter 3.2 The GMM/SM Protocol 3.2 Session Management SM 1. PDP State Model 2. Elements envolved in PDP contexts 3. PDP related parameters
    9. 9. PDP State Model PDP State Model Activate PDP Context INACTIVE ACTIVE • no routing and mapping of PDP • routing and mapping of PDUs possible PDP PDUs possible • no data transmission • location update takes place Deactivate last PDP Context MM state change to IDLE SM SM The session management functions are used for activation, LLC LLC modification and deactivation of PDP (Packet Data Protocol) Relay contexts, i.e. for packet routing and to enable the transfer of user RLC RLC BSSGP BSSGP data. The SM functions are located in MS, SGSN and GGSN. INACTIVE State: A data service has not been activated. PDP NS NS MAC MAC FR FR PDUs can neither be routed nor mapped to this PDP address. Actually, no data transmission for this PDPcontext is possible GSM RF GSM RF L1 L1 (except SMS). Um Gb ACTIVE State: The PDP context for one or several PDP address is MS BSS SGSN set active in the MS, SGSN, and GGSN. By doing so, the transfer of user data between the MS and the GGSN via the SGSN is possible.
    10. 10. Elements envolved in PDP contextsSeveral PDPs may be active simultaneously (not every phone supports that,-one PDP = 1 set of QoSparameters). Different applications may require different QoS, that means different PDPs have to be activated.The information about the PDP has to be configured in the phone. Required is the so called APN (Access PointName, eg operator.net) to create the logical connection between MS and external Packet Data Network. Withthe PDP context activation the GTP tunnel between the SGSN and GGSN is created. applications MMS several applications GTP tunnel via 1 PDP context WAP to one AP GPRS Backbone applications several applications streaming GTP tunnel via different PDP contexts to one AP WAP GTP tunnel applications several applications MMS via 1 PDP context GTP tunnel to different APs WAP not possible!!! MS SGSN GGSN
    11. 11. PDP related parameters The NSAPI is used as a global identifier for a PDP context. It is especially used NSAPI from outside of the GPRS network to access a PDP context. So if the PDP context is usedfor the tunnelling of IP datagrams, the associated IP layer in the MS (or equipment connected to the MS) will usethe NSAPI as interface identifier. In fixed line IP networks this is mainly used to distinguish between severalinterface cards (e.g. Ethernet cards, modems, etc.). The PDP type indicates which protocol is tunnelled through the PDP context PDP type (e.g. IPv4/v6 or PPP). PDP The PDP address is a routing address of the tunnelled protocol. The MS uses the PDP address address to be connected to the external data network. For the GPRS network this addresshas no meaning, which means that it will not be used for routing within the GPRS network. (e.g. IP v4/v6address) APN The APN is the name of the external data network. Hence it indicates the internet service provider (ISP). Within the GPRS network the APN is used by the SGSN to find a suitableGGSN using a Domain Name Server. The GGSN uses the APN to find the correct port to the specified ISP. The SM protocol that handles the PDP contexts between MS and SGSN uses the TI APN TI (Transaction Identifier) to differentiate between different PDP contexts. This is the sameas for circuit switched calls. QoS Profile Requested others APN Dynamic Address Allowed QoS Profile Negotiated Radio Priority PDP State
    12. 12. Chapter 3.3 The GMM/SM Protocol 3.3 Message formatting 1. GMM/SM message formats 2. Mandatory message fields 3. SM Message types 4. ATTACH REQUEST message content 5. PDP context activation example
    13. 13. GMM/SM message formatsThe GPRS Mobility Management and Session Management procedures are defined in therecommendation 3GPP 03.60. Every GMM/SM message contains several parameters, also known asInformation Elements (IE). Section 9 of GSM Guideline 04.08 defines the mandatory and optionalparameters for every message. The same parameter may be mandatory for one message andoptional for another. Optional parameters bear an identifier (Information Element Identifier, IEI) toshow their presence. The identifier is always located at the beginning of the parameter. Mandatoryparameters, by contrast, include sometimes - dependent on the position - an identifier.The parameters are sub-divided into 5 parameter formats (described in GSM 04.07): 1 Message: several mandatory or optional (conditional) Information Elements
    14. 14. GMM/SM message formatsInformation Element formats:V(value only) parameters have neither an identifier (IEI) nor a length indicator; they are mandatory parameters offixed length. The length is either an integer amount of bytes or 1/2 byte. In the last case, V-parameters of 1/2 bytelength are combined to form pairs whenever possible. The first parameter in the combination encompasses the 4least significant bits, the second parameter the 4 most significant bits. If the total number of V-parameters of 1/2byte is odd, the 4 most significant bits of the last byte are filled with 0000.TV(type and value) parameters have an identifier (IEI) but no length indicator. If the length of the contents is aninteger amount of bytes, then the IEI is 1 byte in length, and the most significant IEI bit is 0. If the length of thecontents is 1/2 byte, then the IEI is likewise 1/2 byte in length. The most significant bit is 1, and the succeedingbits must not be 010 (to distinguish them from T-parameters, see below).T(type only) parameters have 0 byte content. The communicated information consists solely in the presence orabsence of the parameter. Obviously, such parameters can only be considered as optional. The identifier (IEI) is1 byte in length and begins with 1010 (so that no confusion with TV-parameters is possible). One example of atype-2 parameter is the authorization given in "Location Update Accept" for the Mobile Station to set up a MMconnection directly after the location update (i.e. in the same RR connection). This authorization may, or may not,be present.LV(length and value) parameters have a length indicator but no identifier (IEI); they are mandatory parameters ofvariable length. The length indicator is the first byte and indicates how many bytes of contents follow.TLV(type, length and value) parameters have an identifier (IEI) and a length indicator. The IEI is the first byte of theparameter; its most significant bit is 0. The length indicator is the second byte of the parameter and indicates howmany bytes of contents follow.
    15. 15. Message formatsParameter Format Length integer amount of Bytes Length of 1/2 Byte Example: 5 parameters Each message begins with the same three V-parameters: V alue content 2 content 1 content The protocol discriminator content 4 content 3 0 0 0 0 content 5 is a parameter of 1/2 byte length. The transaction identifier is 0 IEI a V-parameter of 1/2 byte. T ype, The message type identifies V alue 1 IEI content the nature of the message. It content #0 1 0 is a V-parameter with a length of 1 byte. T ype 1 0 1 0 IEI Transaction identifier or Skip indicator Protocol discriminator Length indicator L ength, content V alue TI- TI-value Protocol discriminator flag Message type 0 IEI T ype, Length indicator L ength, V alue content Message Type
    16. 16. Mandatory message fields The protocol discriminator specifies the layer 3 part 0000 group call control 0001 broadcast call control to which the message belongs. It is a parameter of 0010 Reserved: was allocated in earlier phases of the protocol 1/2 byte length.(3 GPP 04.07) 0011 call control; call related SS messages 0100 GPRS Transparent Transport Protocol (GTTP) Attach request 0101 mobility management messages Attach accept 0110 radio resources management messages Attach complete 1000 GPRS mobility management messages Attach reject Same format used 1001 SMS messages Detach request to CS/PS core 1010 Detach accept GPRS session management messages 1011 non call related SS messages 1 1 00 Location services Routing area update request 1110 reserved for extension of the PD to one octet length Routing area update accept 1111 reserved for tests procedures Routing area update complete Routing area update reject Service Request Service Accept Service Reject P-TMSI reallocation command P-TMSI reallocation complete Authentication and ciphering req Authentication and ciphering resp Authentication and ciphering rej Authentication and ciphering failure Identity request Identity response The message type ( here for GMM) identifies the nature of the message. GMM status It is a V-parameter with a length of 1 byte.(3GPP 4.08) GMM information
    17. 17. ATTACH REQUEST message content I 7 6 5 4 3 2 1 0Example (start) 0 0 0 0 1 0 0 0 PD=GMM, Skip indicator 0 0 0 0 0 0 0 1 Message Type = Attach Request 0 0 0 0 0 0 0 1 MS Network Capability Length 1 Byte 0 0 0 0 0 1 1 0 MS Network Capabilty value CKSN 0 0 0 1 Attach Type = GPRS Attach 0 0 0 0 0 0 0 1 DRX parameter 0 0 0 0 1 1 1 1 non DRX timer, split on CCCH 0 0 0 0 1 0 0 0 1. digit 1 0 0 1 3. digit 2. digit Mobile Identity Length 8 Byte Type of Identity = IMSI odd number of digits n - digit MCC DUMMY Old Routing Area Identification MNC
    18. 18. ATTACH REQUEST message content II 7 6 5 4 3 2 1 0 LAC Old Routing Area Identification RAC 0 0 0 0 1 0 0 1 MS MS Radio Access Capability Radio Length 9 Byte Access Capability Example end
    19. 19. ATTACH REQUEST message content III Table 9.4.1/3GPP TS 24.008: Information Element Type/Reference Presence Format Length Protocol discriminator Protocol discriminator M V 1/2 10.2 Skip indicator Skip indicator M V ½ 10.3.1 Attach request message identity Message type M V 1 10.4 MS network capability MS network capability M LV 3-9 10.5.5.12 Attach type Attach type M V ½ 10.5.5.2 GPRS ciphering key sequence Ciphering key sequence number M V ½ number 10.5.1.2 DRX parameter DRX parameter M V 2 10.5.5.6 P-TMSI or IMSI Mobile identity M LV 6-9 10.5.1.4 Old routing area identification Routing area identification M V 6 10.5.5.15 MS Radio Access capability MS Radio Access capability M LV 6 - 52 10.5.5.12a Old P-TMSI signature P-TMSI signature O TV 4 10.5.5.8 Requested READY timer GPRS Timer O TV 2 value 10.5.7.3 TMSI status TMSI status O TV 1 10.5.5.4
    20. 20. ATTACH REQUEST message content IV MS Radio Access Capability Length 9 Byte This shows an example of the IE Radio Access capability example contained in the GPRS attach request message for example.|MS Radio Access Capability ||00001000 |IE Length |8 | |---0---- |1 HSCSD MultiSlot Flag |not present ||0001---- |1 Access Technology Type |GSM E | |----1--- |1 GPRS MultiSlot/Ext. Flag |present ||***b7*** |1 Access technology type len |25 | |***b5*** |1 GPRS MultiSlot Class |4 ||---100-- |1 RF Power CAP1ability |4 | |--0----- |1 GPRS Extended Dynamic Allo. CAP1. |not implemented ||------1- |1 Encryption Alogorithm Flag |present | |---0---- |1 SMS and SM Value Flag |not present ||-------1 |1 A5/1 |available | |----1--- |1 MS RA capability Flag |present ||1------- |1 A5/2 |available | |***b4*** |2 Access Technology Type |GSM 1800 ||-0------ |1 A5/3 |not available | |-0001001 |2 Access technology type len |9 ||--0----- |1 A5/4 |not available | |001----- |2 RF Power CAP1ability |1 ||---0---- |1 A5/5 |not available | |---0---- |2 Encryption Alogorithm Flag |not present ||----0--- |1 A5/6 |not available | |----1--- |2 Early classmark |implemented ||-----0-- |1 A5/7 |not available | |-----0-- |2 Pseudo Synchronisation |not present ||------1- |1 Early classmark |implemented | |------0- |2 Voice Group Call Service |no VGCS wanted ||-------0 |1 Pseudo Synchronisation |not present | |-------0 |2 Voice Broadcast Service |no VBS wanted ||0------- |1 Voice Group Call Service |no VGCS wanted | |0------- |2 MultiSlot CAP1ability flag |not present ||-0------ |1 Voice Broadcast Service |no VBS wanted I |-0------ |2 MS RA capability Flag |not present ||--1----- |1 MultiSlot CAP1ability flag |present | |--000000 |Padding |0 |
    21. 21. PDP context activation example 7 6 5 4 3 2 1 0 0 TI-value 1 0 1 0 PD=SM, TI-flag=0 0 1 0 0 0 0 0 1 Msg T.=Activate PDP Context Request 0 0 0 0 NSAPI Requested NSAPI e.g. NSAPI=5 0 0 0 0 LLC SAPI Requested LLC SAPI e.g. SAPI=3 0 0 0 0 0 0 1 1 0 0 Delay Class Reliability Class Quality of Service Peak throughput 0 Precedence Class Length 3 Byte 0 0 0 Mean throughput 0 0 0 0 0 0 1 0 PDP address 0 0 0 0 0 0 0 1 Length 2 Byte IETF specified address 0 0 1 0 0 0 0 1 IPv4 address (dynamic addressing) 0 0 1 0 0 1 1 1 0 0 1 0 0 1 0 0 Protocol Configuration Options 1 0 0 0 0 0 0 0 Length 36 Byte Options format value, extension bit Content n-Byte
    22. 22. PDP context activation example 0000---- |Spare |0Activate PDP context request |00100001 |Packet data protocol type |IPv4|----1010 |Protocol Discriminator |Session management messages |Access Point Name ||-000---- |Transaction Id value |TI value 0 |00101000 |IE Name |Access Point Name|0------- |Transaction Id |message sent from orig TI |00010000 |IE Length |16|01000001 |Message Type |65 |**B16*** |Access Point Name Value XXXXXXXXXXX|Network Service Access Point |Protocol Configuration Options|----0101 |NSAPI value |NSAPI 5 |00100111 |IE Name |Protocol Configuration Options|0000---- |Spare |0 |01010000 |IE Length |80|LLC SAPI |-----000 |Options format value |PPP|----0011 |SAPI |SAPI 3 |-0000--- |Spare |0|0000---- |Spare |0 |1------- |Extension bit |Octet 3 is extended|Quality of Service |**B79*** |Address information |c2 23 19 01 01 00 19 14 9b e0 d4 6f ||00000011 |IE Length |3 |Protocol Config. Options PAP(RFC 1334) CHAP(RFC 1994) IPCP(RFC 1332)|-----011 |Reliability class |Unack. GTP&LLC,Ack.RLC,Prot. data (CHAP_PAP) ||--100--- |Delay class |Delay class 4 (best effort) |---v--- DECODING ERROR: PE_DEC_AUFZ_LEN ---v---|00------ |Spare |0 |CHAP-Challenge|-----011 |Precedence class |Low priority |***B2*** |Challenge-Handshake Authentication Protocol |c223|----0--- |Spare |0 |00011001 |Total length |25|0101---- |Peak throughput |Up to 16000 octet/s |00000001 |Algorithm |1|---11111 |Mean throughput |best effort |00000001 |Code |Challenge|000----- |Spare |0 |00000000 |Identifier |0|Packet Data Protocol Address |***B2*** |Length |6420|00000010 |IE Length |2 |Challenge|----0001 |Type of address |IETF specified address |10011011 |Value size |155
    23. 23. Chapter 3.4 The GMM/SM Protocol 3.4 GMM procedures 1. Authentication and Ciphering 2. GPRS Attach Procedure 3. MS Initiated Detach 4. Network Initiated Detach 5. Routing Area Update 6. GMM Information
    24. 24. Authentication and Cipher Setting MS SGSN T3360 expiry ⇒ retransmission (max. 4 times) Authentication And Ciphering Request Start T3360 (= 6s) (ciphering algorithm, RAND, A&C reference number, GPRS ciphering key sequence number) Authentication And Ciphering Response Stop T3360 (A&C reference number, SRES, IMEISV) Authentication And Ciphering Reject SRESMS ≠ SRESAC ()
    25. 25. GPRS Attach Procedure RAI = MCC + MNC + LAC + RAC IMSI = MCC + MNC + MSIN RA 1 RA 3 MSISDN = CC + NDC + SN RA 2 IMSI/MSISDN MS SGSN HLR IMSI IMSI Subscriber record Subscriber record • ps service data • Service data • RAI / CI • SGSN no. (E.164) • SGSN IP address
    26. 26. GPRS Attach Procedure - Example MS ( old [RAI,P-TMSI] ) HLR Attach RequestSGSN SGSN Identification Request ( RAI, P-TMSI ) Authentication Identification Response ( cause, IMSI, authentication data ) Update GPRS Location ( IMSI, SGSN-no., SGSN-IP-address ) Cancel Location ( IMSI, type=update ) Cancel Location Ack () Insert Subscriber Data ( IMSI, PS subscription information ) Insert Subscriber Data Ack Attach Accept Update GPRS Location Ack ( new PTMSI, new RAI ) ( HLR number ) Attach Complete ()
    27. 27. Successful GPRS Attach MS SGSN Start T3310 Attach Request ( MS network capability, Access type, (= 15 s) GPRS ciphering key sequence number, P-TMSI or IMSI, old RAI, MS radio access capability ) GMM common procedures (e.g. Authentication and Ciphering) Stop T3310 Attach Accept Start T3350 (= 6 s) ( Attach result, Force to standby, Period RA update timer, (only if (P-)TMSI Radio Priority for SMS, new RAI, allocated) optional: allocated P-TMSI, equivalent PLMNs Cell Notification ) Attach Complete Stop T3350 ()
    28. 28. MS Initiated Detach MS SGSN GGSN Start T3321 Detach Request ( Detach type : (= 15 s) • GPRS detach or IMSI detach or combined GPRS/IMSI detach • normal detach or power switch detach, optional: P-TMSI, P-TMSI signature ) Authentication Delete PDP Context Request ( TEID ) Delete PDP Context Response ( TEID ) Stop T3321 Detach Accept ( ) only with power switch detach
    29. 29. Network Initiated Detach (Example) MS SGSN HLR GGSN Cancel Location ( IMSI, type = subscription withdrawn ) Detach Request Start T3322 ( Detach type : (= 6 s) re-attach required or re-attach not required or IMSI detach (after VLR failure) ) Delete PDP Context Request ( TEID ) Delete PDP Context Response ( TEID ) Detach Accept Stop T3322 ( ) Cancel Location Ack ( )
    30. 30. Routing Area Update Causes periodic RA update Attach Accept or Routing Area Update Accept ( T3312: default: 54 min )RA 1 no RA update SGSN normal RA update Combined RA/LA updating Combined RA/LA updating with IMSI attachRA 2 no RA update
    31. 31. Intra Routing Area Update MS SGSN Start T3330 Routing Area Update Request ( Update type: RA updated or combined RA/LA updated, (= 15 s) GPRS ciphering key sequence number, old RAI, MS radio access capability ) Authentication Stop T3330 Routing Area Update Accept Start T3350 (= 6 s) ( Update result, only when Period RA update timer, current RAI, • P-TMSI and/or optional: allocated P-TMSI, P-TMSI signature, • Receive N-PDU numbers Receive N-PDU number ) were allocated Routing Area Update Complete Stop T3350
    32. 32. P-TMSI Reallocation and Identity Request MS SGSN P-TMSI Relocation Command Start T3350 (= 6 s) ( Allocated P-TMSI , RAI , Force to standby, optional: P-TMSI signature ) P-TMSI Relocation Complete Stop T3350 ( ) Identity Request Start T3370(= 6 s) ( Identity type: IMSI, IMEI, IMEISV, TMSI ) Identity Response Stop T3370 ( Mobile Identity )
    33. 33. GMM InformationOptional: MS SGSN GMM Information ( Full name for network, Short name for network, Local time zone, Universal time and local time zone, LSA identity, Network daylight saving time ) GMM Status ( GMM cause ) only when the GMM request is rejected
    34. 34. Chapter 3.5 The GMM/SM Protocol 3.5 SM procedures 1. General Aspects about PDP Contexts 2. PDP Context States and Packet Sessions 3. PDP Context Related Parameters 4. Successful PDP Context Activation Procedure 5. Secondary PDP Contexts 6. PDP Context Modification 7. PDP Context Deactivation
    35. 35. PDP Context States and Packet Sessions Activate PDP Context INACTIVE ACTIVE Deactivate PDP Context / GMM changes to IDLE state MS ISP SGSN GGSN Packet Session (using PDP) PDP Context PDP Bearer Session Management GPRS Tunnelling Protocol
    36. 36. PDP Context Parameters Except MS ISP SGSN GGSN NSAPI NSAPI NSAPI PDP type PDP type PDP type PDP PDP PDP PDP address address address address APN APN APN GGSN SGSN address address TEIDGGSN TEIDSGSN for control for control TEIDGGSN TEIDSGSN for data for data
    37. 37. Successful PDP Context Activation Procedure MS SGSN GGSNStart T3380 Activate PDP Context Request (= 30s) ( Transaction Identifier, Requested NSAPI, Requested LLI SAPI, Requested QoS, Requested PDP address optional: APN ) Create PDP Context Request Authentication ( TEIDSGSN data, TEIDSGSN control plane, NSAPI, QoS profile, End user address, SGSN address for control plane and for user traffic ) Create PDP Context Response ( TEIDGGSN data, TEIDCGSN control plane, Activate PDP Context Accept QoS profile, End user address,Stop T3380 GGSN address for control plane ( Transaction Identifier, and for user traffic ) Negotiated LLI SAPI, Negotiated QoS, Radio priority, optional: PDP address, packet flow id )
    38. 38. Successful PDP Context Activation by the Network MS ISP SGSN HLR GGSN PDP PDU Send Routing Info for GPRS Request ( IMSI) Send Routing Info for GPRS Response ( IMSI, SGSN address ) PDU Notification Request ( IMSI, TEIDCGSN control plane, End user address, APN, GGSN address for control plane) PDP ACTIVATE IND PDU Notification Response ( Offered PDP address, Start T3385 (= 8s) optional: APN ) PDP Context Activation Procedure Activate PDP Context Response Stop T3385
    39. 39. Secondary PDP Contexts PDP context 1 (PDP address: A, APN: a) TFT 1 TFT 2 PDP context 1a TFT 3 (PDP address: A, APN: a) Packet PDP context 2 Filter Dest address: A (PDP address: B, APN: a) Dest. address: B ISP GGSN Traffic Flow Template (TFT) IPv4 source address Dest. Port Number IPv6 source address Dest. Port Number Range Protocol ID / Next Header Type of Service/Traffic Class Source Port Number Flow Label Source Port Number Range IPsec security parameter
    40. 40. Successful Secondary PDP Context Activation MS SGSN GGSN Activate Secondary PDPStart T3380 Context Request (= 30s) ( Transaction Identifier, Requested NSAPI, Requested LLC SAPI, Requested QoS, Linked TI optional: TFT ) Create PDP Context Request ( TEIDSGSN data, TEIDSGSN control plane, Authentication NSAPI, QoS profile, End user address, SGSN address for control plane and for user traffic, TFT ) Create PDP Context Response ( TEIDGGSN data, TEIDCGSN control plane, Activate Secondary PDP NSAPI, QoS profile, End user address, GGSN address for control plane Context Accept and for user traffic )Stop T3380 ( Transaction Identifier, Negotiated LLI SAPI, Negotiated QoS, Radio priority )
    41. 41. Successful PDP Context Modification (MS initiated) MS SGSN GGSNStart T3381 Modify PDP Context Request (= 8s) ( Transaction Identifier, optional: Requested LLC SAPI, Requested new QoS, New TFT ) Update PDP Context Request Authentication ( TEIDSGSN data, TEIDSGSN control plane, NSAPI, QoS profile, SGSN address for control plane and for user traffic ) Update PDP Context Response ( TEIDGGSN data, TEIDCGSN control plane, Modify PDP Context Accept QoS profile,,Stop T3381 GGSN address for control plane ( Transaction Identifier, and for user traffic ) optional: Negotiated LLI SAPI, Negotiated QoS, New radio priority, packet flow id )
    42. 42. PDP Context Modification (SGSN initiated) MS SGSN GGSN Update PDP Context Request ( TEIDSGSN data, TEIDSGSN control plane, NSAPI, QoS profile, SGSN address for control plane and for user traffic ) Update PDP Context Response ( TEIDGGSN data, TEIDCGSN control plane, NSAPI, QoS profile,, GGSN address for control plane and for user traffic ) Modify PDP Context Request Start T3386 ( Transaction Identifier, Requested LLC SAPI, Radio priority, Requested new QoS, (= 8s) optional: PDP address, TFI ) Modify PDP Context Accept Stop T3386 ( Transaction Identifier )
    43. 43. PDP Context Modification (GGSN initiated) MS SGSN GGSN Update PDP Context Request ( NSAPI, optional: end user address, QoS profile ) Modify PDP Context Request Start T3386 ( Transaction Identifier, Requested LLC SAPI, Radio priority, Requested new QoS, (= 8s) optional: PDP address, TFI ) Modify PDP Context Accept Stop T3386 ( Transaction Identifier ) Update PDP Context Response ( optional: QoS profile )
    44. 44. PDP Context Deactivation (MS initiated) MS SGSN GGSNStart T3390 Deactivate PDP Context Request (= 8s) ( Transaction Identifier, SM cause optional: Teardown indicator ) Authentication Delete PDP Context Request ( NSAPI, Teardown indicator ) Delete PDP Context Response ( cause ) Deactivate PDP Context AcceptStop T3390 ( Transaction Identifier )
    45. 45. SM Message types3 GPP 04.07 GPRS session management messages PRIMITIVE PARAMETER (message, info elements of message, other parameters)SMREG-PDP-ACTIVATE-REQ PDP address, QoS, NSAPI, APN, Protocol configuration optionsSMREG-PDP-ACTIVATE-CNF PDP address, QoS, NSAPI, Protocol configuration optionsSMREG-PDP-ACTIVATE-REJ Cause, NSAPI, Protocol configuration optionsSMREG-PDP-ACTIVATE-IND PDP address, APNSMREG-PDP-ACTIVATE-REJ-RSP Cause, PDP address, APNSMREG-PDP-DEACTIVATE-REQ NSAPI(s) tear down indicator, causeSMREG-PDP-DEACTIVATE-CNF NSAPI(s)SMREG-PDP-DEACTIVATE-IND NSAPI(s), tear down indicator, causeSMREG-PDP-MODIFY-IND QoS, NSAPISMREG-PDP-MODIFY-REQ QoS, NSAPI, TFTSMREG-PDP-MODIFY-CNF QoS, NSAPISMREG-PDP-MODIFY-REJ Cause, NSAPISMREG-PDP-ACTIVATE-SEC-REQ QoS, NSAPI, TFT, Primary NSAPISMREG-PDP-ACTIVATE-SEC-CNF QoS, NSAPISMREG-PDP-ACTIVATE-SEC-REJ Cause, NSAPI

    ×