Protocol Analysis in UMTS Networks

Similar documents
Complement Drive Test for UTRAN using a passive Protocol Monitor

New service standardisation approach

K1297-G20 Protocol Tester

UMTS System Architecture and Protocol Architecture

100GBASE-SR4/TDEC Compliance and Characterization Solution

Tektronix Logic Analyzer Probes P5900 Series Datasheet

Troubleshooting Ethernet Problems with Your Oscilloscope APPLICATION NOTE

RTPA2A. TekConnect probe adapter for real-time spectrum analyzers. Tektronix high-performance probing solutions. Applications. Notice to EU customers

Power Analyzer Firmware Update Utility Version Software Release Notes

FB-DIMM Commands/Data and Lane Traffic Verification

Troubleshooting Ethernet Problems with Your Oscilloscope APPLICATION NOTE

GPRS and UMTS T

4 GHz Active Probe P7240 Datasheet

MTS4EA Elementary Stream Analyzer

UMTS & New Technologies «Wireless data world»

Call Establishment and Handover Procedures of PS Calls using HSDPA

High-Performance Differential Probes P7350 P7330 P6330 Datasheet

GSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS

UMTS course. Introduction UMTS principles. UMTS Evolution. UMTS Project

Chapter 2 The 3G Mobile Communications

4 GHz Active Probe P7240 Datasheet

Application Overview. Preparing. for FB-DIMM and DDR2. Are you ready?

3GPP TS V ( )

Advanced Test Equipment Rentals ATEC (2832)

Safety. Introduction

UMTS Addresses and Identities Mobility and Session Management

50GBASE-FR/LR, 100GBASE-DR, 200GBASE-DR4/ LR4/FR4 & 400GBASE-LR8/FR8/DR4 Optical Conformance and Characterization Solution for Sampling Scopes

NETWORK DIAGNOSTICS Testing HSDPA, HSUPA for 3G mobile apps

Digital Pre-emphasis Processor BERTScope DPP Series Datasheet

Digital Pre-emphasis Processor BERTScope DPP Series Datasheet

EXPERIMENT N0: 06 AIM:TO DESIGN UMTS NETWORK USING OPNET MODELER APPARATUS: OPNET MODELER 14.0

ETSI TS V3.1.0 ( )

UTRAN Procedures. Elementary procedures. RRC connection release. Transaction reasoning

UTRAN Procedures. MM procedures -> see MM slides CM procedures -> see CM slides

WIRELESS SYSTEM AND NETWORKING

Nexus8610 Traffic Simulation System. Intersystem Handover Simulation. White Paper

Differential Probes TDP1500 TDP3500 Data Sheet

TekVPI Technology Delivers Versatility and Ease-of-Use in a New Probe Interface Architecture

Fast 3D EMC/EMI Scan with Detectus Scanning System and Tektronix Real Time Spectrum Analyzers CASE STUDY

Cerify Automated QC of File-based Video

Multi-Site Parallel Testing with the S535 Wafer Acceptance Test System APPLICATION NOTE

TekExpress 10GBASE-T Automated Compliance Software Features & Benefits

Network Node for IMT-2000

New service standardisation approach

E1-E2 UPGRADATION COURSE CONSUMER MOBILITY. 3G Concept

End-to-end IP Service Quality and Mobility - Lecture #6 -

CDMA Network Technologies: A Decade of Advances and Challenges

HEVC / AVC Video and Compressed Audio Analyzer MTS4EAV7 Datasheet

Cross-Bus Analysis Reveals Interactions and Speeds Troubleshooting

3GPP TR V4.0.0 ( )

ETSI TS V ( )

TS-3GA (Rel4)v4.7.0 UTRAN Iu interface data transport and transport signalling

ETSI TS V4.1.0 ( )

CTRL7100A CTRL7100A Instrument Controller

Communication Systems for the Mobile Information Society

JP 3GA (R99) UTRAN Iu Interface Signalling Transport

ETSI TS V4.4.0 ( )

ETSI TS V4.3.0 ( )

T325 Summary T305 T325 B BLOCK 2 4 PART III T325. Session 1 Block III Part 2 Section 2 - Continous Network Architecture. Dr. Saatchi, Seyed Mohsen

Performance Challenge of 3G over Satellite Methods for Increasing Revenue & Quality of Experience. February 2018

General Packet Radio Service (GPRS) 13 年 5 月 17 日星期五

Trillium 3G Wireless Software

3GPP TS V8.0.0 ( )

Adaptive Bitrate Streaming

3GPP TS V9.0.0 ( )

Understanding and Performing Precise Jitter Analysis

3G/UMTS Complete Mobile Originated Circuit Switched Call Setup. July 2009, Turin

Modeling of Gigabit Backplanes from Measurements

3GPP TS V ( )

3GPP TS V1.3.1 ( )

TECHNOLOGY OPTIONS FOR EVOLUTION FROM EXISTING MOBILE SYSTEMS TO IMT-2000

3GPP TS V7.2.0 ( )

How to Troubleshoot System Problems Using an Oscilloscope with I 2 C and SPI Decoding APPLICATION NOTE

HDMI Compliance Test Software

UNIK4230: Mobile Communications Spring Semester, Per Hj. Lehne

UMTS. Antti Siitonen. Technologist, MSc (EE), Radiolinja

COPYRIGHTED MATERIAL. Contents. 1 Short Message Service and IP Network Integration 1. 2 Mobility Management for GPRS and UMTS 39

A Study of Throughput for Iu-CS and Iu-PS Interface in UMTS Core Network

TSGW3#2(99)173. TSG-RAN Working Group 3 meeting #2 Nynäshamn, Sweden, 15th 19th March Agenda Item:

TS-3GA (Rel5)v5.3.0 UTRAN Iu interface data transport and transport signalling

USB 2.0 Application Software

3G Mobile UMTS. Raghavendra J 1, Anji Reddy Y 2, Deepak Kumar R 2, Ravi T 3

3GPP TS V7.0.0 ( )

Basics of Performance Measurement in UMTS Terrestrial Radio Access Network (UTRAN)

Long Term Evolution - Evolved Packet Core S1 Interface Conformance Test Plan

3GPP TS V ( )

3GPP TS V7.1.0 ( )

Talk 4: WLAN-GPRS Integration for Next-Generation Mobile Data Networks

BSAPCI3 PCI 3.0 Receiver Test Software Datasheet

Mobility management: from GPRS to UMTS

JP-3GA (R99) Network Architecture

ETSI TS V ( )

System Architecture Evolution

3GPP TS V9.1.0 ( )

GPRS System Architecture

3GPP TS V8.0.0 ( )

3GPP TR V3.2.0 ( )

3GPP TS V9.4.0 ( )

E-Seminar. Voice over IP. Internet Technical Solution Seminar

Wireless Communication

Transcription:

Protocol Analysis in UMTS Networks Introduction As of today, there are still very few UMTS networks offering commercial service. However, since third-generation (3G) handset functionality is improving and a wider range of handsets is becoming available, the number of 3G UMTS subscribers is increasing. By March 2003 there were more than 350,000 UMTS users and more than 6,000,000 cdma2000 users in Japan, and the rollout of UMTS throughout Europe is underway. Even some GSM operators in the US are already testing or are about to test UMTS. Therefore, there is an urgent need to provide hands-on practical examples of protocol testing in the first UMTS islands of this world. Call tracing and similar tasks haven t vanished with the advent of UMTS; in fact, tasks such as these have become even more complex. This is also valid for engineers with many years of protocol testing experience in GSM-networks. This document is intended to ease troubleshooting and protocol testing tasks in today and tomorrow s UMTS-networks. Standards The International Telecommunication Union (ITU) solicited several international organizations for descriptions of their ideas for a 3G mobile network: CWTS China Wireless Telecommunication Standard group ARIB Association of Radio Industries and Businesses, Japan T1 Standards Committee T1 Telecommunications, USA TTA Telecommunications Technology Association, Korea TTC Telecommunication Technology Committee, Japan ETSI European Telecommunications Standards Institute As a result, ITU combined different technologies for IMT-2000 standards at 2000 MHz. The main advantage of IMT-2000 is that it specifies international standards and also the interworking with existing PLMN standards, such as GSM. In general the quality of transmission is improved. The data transfer rate is increased dramatically. Transfer rates of 144 kbps or 384 kbps is available in a short time; however, 2Mbps will only be available in certain small areas or will remain a theoretical value for a long time. New service offerings will help UMTS to become financially successful for operators and attractive to users. For example, users will have worldwide access with a mobile phone, and the look and feel of services will be the same wherever he or she may be. There is a migration path from second-generation (2G) to 3G systems that may include an intermediate step the so-called 2.5G network. Packet switches, the GPRS support nodes (GGSN / SGSN), are implemented in the already existing core network while the radio access network is not changed significantly. In the case of a migration from GSM to UMTS a new radio access technology (W-CDMA instead of TDMA) is introduced. This means the networks are equipped with completely new radio access networks that replace the 2G network elements in the RAN. EDGE is a different way to offer high-speed IP services to GSM subscribers without introducing W-CDMA. The already existing CDMA cellular networks, which are especially popular in Asia and North America, will undergo an evolution to become cdma2000 networks with larger bandwidth and higher data transmission rates. 1 www.tektronix.com/signaling

Figure 1. An Abstract View at the UMTS Protocol Stack. UMTS For the purpose of this paper, we are focusing on UMTS, the clear 3G successor to GSM and GPRS. As we discuss the most important UMTS procedures and with consideration of transaction-tracing possibilities, the experienced reader will frequently recognize the spirit of GSM, because much of the so-called Non-Access-Stratum or NAS-messaging in UMTS is actually adopted from GSM. However, in the lower layers within the UTRAN, UMTS introduces a set of new protocols, which deserve close understanding and attention for protocol testing. Even more important, the UMTS control plane and user plane (figure 1) are essentially based on ATM and on AAL-2 and AAL-5 within the transport plane. While the generic objectives of a mobile network, and therefore the NAS-messaging, didn t significantly change from GSM and GPRS, the underlying access network signaling fully supports the new, and by far, more flexible requirements of a 3G- and W-CDMA-based standard. The philosophy of UMTS is therefore continuously targeted at the separation of user plane and control plane, of radio and transport network, of access network and core network and of access stratum and non-access stratum. The User Plane is again separated into two traffic-dependent domains. The circuit switched domain (CS Domain) and the packet switched domain (PS Domain). Both trafficdependent domains use the functions of the remaining entities the Home Location Register (HLR) together with the Authentication Center (AC), or the Equipment Identity Register (EIR) for subscriber management, mobile station roaming and identification, and handle different services. Thus, the HLR contains GSM, GPRS, and UMTS subscriber information. The two domains handle their traffic types at the same time for both the GSM and the UMTS access networks. The CS domain handles all circuit switched type of traffic for the GSM as well as for the UMTS access network; similarly, the PS domain takes care of all packet switched traffic in both access networks. Protocol Analysis in UMTS Networks The analysis of protocol recordings in UMTS is much more complex than in GSM-/GPRS-networks for a number of reasons: 1. No Pre-configured Timeslots or Channels for Signaling Messages and User Data First of all, UMTS networks use the packet-switched ATM protocol to provide for the highest possible flexibility in resource allocation. Using so called cells on a serial link with a payload of just 48 octets, ATM is capable to share an E1, T1 or STM-1 link among a literally unlimited number of users or, at the other extreme, to provide all resources to only a single user. With respect to ATM, the term user refers to virtual paths and channels, which in turn, are only bearers for the higher UMTSlayers. This and other advantages of using ATM are good for UMTS but unfortunately, ATM does not come with pre-configured timeslots or dedicated channels. This issue appears to be trivial, but finding signaling messages on the Iub- or Iu-interfaces in a UMTS-network without knowing where to look for them is impossible. As a matter of fact, ATM is not providing dedicated timeslots or channels for neither signaling messages nor user data. Rather, ATM is providing virtual channels and virtual paths that need to be configured by the higher protocol layers of UMTS upon putting an interface and a network node (e.g. RNC, NodeB or cell) into service. 2 www.tektronix.com/signaling

Figure 2. Extract of a Cell Configuration, recorded by Tektronix Protocol tester on an Iub-interface. Figure 2 illustrates an example: In this case, the new cell No 5 is put into service at a given NodeB. Among other things, the common control channels need to be configured. Figure 2 highlights part of the configuration of a PCH on channel 11 of the ATM-path and circuit with VPI = 6 and VCI = 58. Note that VPI/VCI = 6/58 is only an example. The respective values are dynamic and need to be pre-configured in the protocol tester. You can also see that a few rows underneath this highlighted part on channel 12 ( same VPI/VCI), a FACH is opened and on channel 13 ( same VPI/VCI) a RACH is opened. Without tracking these configuration messages, protocol tracing on the respective channels becomes an almost impossible undertaking. One way to quickly gather information on which VPI/VCI values are used by the NBAP and ALCAP and on what VPI/VCI/CID values are used by the Common Control Channel is to simply re-start the Node B and look at the content of the initialization messages. However, it interrupts service to subscribers the one thing no network can afford to do unnecessarily. Another way is to use an Iub Automatic Configuration application, available on Tektronix K15 protocol analyzer;. This Expert software can automatically configure all the logical links required to monitor NBAP, ALCAP for each Node B under observation and RACH, FACH, PCH for each cell under observation. The ability to perform automatic analysis on the Iub-interface will give users a large advantage. It will automatically track the configured channels and display the configuration of each channel in plain text. The Protocol tester locks to these channels and allows tracing the upcoming signaling messages. www.tektronix.com/signaling 3

2. Limited Possibility of HEX-Trace Analysis Another challenge for the experienced GSM-protocol expert is the fact that some higher layer UMTS-protocols like RANAP, NBAP or RRC do not only use ASN.1 encoding rules but for optimization, apply the so called Packed Encoding Rules (PER). Figure 3 illustrates the basic parameter encoding rules of ASN.1: Each parameter is encoded using a unique tag, followed by a length indication and finally the parameter value. Of course, ASN.1 provides many more capabilities, but what is important to consider is the fact this type of encoding is a waste of radio resources. Figure 4 clearly highlights this problem, using the example parameter MyInteger. This parameter can take on only two values: 0 and 1. Besides, the presence of the parameter MyInteger shall be mandatory in the message to be encoded. Just applying ASN.1 basic encoding leaves us with three octets to be transmitted. But after applying PER, only a single bit ( 0 or 1 ) needs be sent. The benefits of PER are obvious; however, one may still miss the possibility to easily match hexadecimal values to protocol tester mnemonics. In UMTS, it is therefore no longer trivial to translate hexadecimal recordings into mnemonics just by using the respective specifications. One needs a PER decoding and therefore, a protocol tester for almost any kind of protocol analysis. The hexadecimal debugging alternative is cumbersome for all protocols that apply the PER. 3. Following a Single Call Flow Protocol Analysis in UMTS, compared to GSM, has an essential impact on the very basic task to follow a single call setup or registration or PDP context activation. To recall some of the very basic questions: Which parameters tie the various messages to each other? Which call was successful and which one wasn t? Did this transaction fail because of errors in the previous parameterization? Now, let s clearly line out how you can follow a single transaction in your recording. Figure 3. Parameter Encoding in ASN.1. Figure 4. The Impact of Applying PER on a Mandatory Parameter MyInteger ( example). Selected UMTS-Procedures Registration / Location Updating Upon power-on, the UE will register to the network. The following pages illustrate the respective message flow on the terrestrial interfaces Iub ( NodeB RNC) and Iu-Cs ( RNC MSC). Please note the additional information to reflect how the parameters relate the messages of a single call flow to each other. Example: The NBAP: successful Outcome-message [Procedure Code: id-radiolinksetup] being sent from the Node-B to the RNC can be linked to the related ALCAP: ERQ-message by means of the parameter Binding ID which value is repeated in the ERQ-message in the Served User Generator Reference parameter. To continue, one may use the parameter Originating Signaling Association ID in the ALCAP: ERQ-message to relate it to the respective ALCAP: ECF-message (the parameter Originating Signaling Association ID is mirrored in the ALCAP: ECF-message as Destination Signaling Association ID ). 4 www.tektronix.com/signaling

Figure 5. Registration of a UMTS UE (circuit-switched). Figure 6. Registration of a UMTS UE (circuit-switched). Please note that on the Iu-interface the well-known SCCP is used to establish virtual signaling connections between the RNC and the MSC. Also, one should recall SCCP is using SLR / DLR (Source Local Reference and Destination Local Reference) to identify SCCP-messages that belong to the same connection. In this scenario, registration and the following scenarios will be the SLR and the DLR. These are almost always used on the Iu-interface to relate the very RANAP-messages to each other. Following a successful registration, the bearer channels in the transport network are released. Note how the RANAP is initiating this release through an initiating Message (Procedure Code: Id-Iu-Release ). On the Iub-interface, ALCAP will release the respective bearer channel by sending an ALCAP: ERQ-message. www.tektronix.com/signaling 5

Figure 7. Mobile Oriented Call. Mobile Oriented Call The following scenario illustrates a more complex transaction: A mobile oriented call that includes the allocation and release of a radio access bearer. Please note that in case of conversational calls in UMTS opposed to GSM there is no CC: DISC-message sent when the network side releases the call. As seen in the previous registration scenario, the SCCP SLR/DLR is used on the Iu-interface for identification purposes. The situation on the Iub-interface is more complicated, at least during the initial setup phase and for the setup of the radio link ( Figure 7). For example, to link an NBAP-initiating message (Id-radioLinkSetup) to the respective rrcconnectionsetup-message, only the scrambling code can be used. The only difference during the radio link setup phase between the illustrated scenario and the previously presented scenario registration is the measurement initiation through the RNC. It is important to emphasize that this measurement initiation is optional, and that most likely, the RNC will invoke it. For the relation of this rrcconnectionsetup-message and all the RRC-messages that follow in Figure 8, the RRC-transaction identifier is used. Please note that these RRC-messages are really transparent bearers for the respective NAS-messages. Please compare these NAS-messages to the ones that are used in GSM. 6 www.tektronix.com/signaling

Figure 8. Mobile Oriented Call. Figure 9. Mobile Oriented Call. Figure 9 illustrates in detail the establishment of the radio access bearer channel, which is required for the actual conversation. This configuration is required as well on the Iu-interface as on the Iubinterface and is the responsibility of the ALCAP. Please note the use of the AAL-2 path and channel to relate the following RRC-messages to each other. Of course, you may still want to use the RRCtransaction identifier for the same purpose. Again, it is worth emphasizing that there would be no DISC-message if the call release would have been initiated by the network. In this case, the network would have sent just the REL-message. This way, the release procedure is simplified. Note how the RANAP initiating Message (Procedure Code: id-iu-release ) invokes the upcoming release of the allocated bearer channels on the Iu- and Iub-interfaces. Finally, ALCAP will de-allocate the bearer channels on Iu- and Iubinterface. Opposed to the scenario registration, this de-allocation is also required on the Iu-interface. For registration this was obviously not required. www.tektronix.com/signaling 7

Figure 10. Mobile Oriented Call. Figure 11. Mobile Originating PDP-Context Activation and Deactivation. PDP-Context Activation and Deactivation (Mobile Originating) The last scenario is the packet-switched PDP-context activation, which is usually originated by the user equipment. Please note the differences, and in particular, the similarities between circuitswitched call establishment and packet-switched PDP-context activation. Whether the mobile station intends to perform either procedure is identified already in the rrcconnection Request-message through the access reason (in this case originating background call ). The message flow in the first part (Figure 11) is quite similar to what is already known from the registration and mobile oriented call scenario. Obviously, the peer of the mobile station will be in this case the SGSN rather than the MSC. Therefore the mobile station will identify itself through the P-TMSI (if available) or the IMSI. The packet data transfer itself is not illustrated when focused on the control plane. 8 www.tektronix.com/signaling

Figure 12. Mobile Originating PDP-Context Activation and Deactivation. Figure 13. Mobile Originating PDP-Context Activation and Deactivation. www.tektronix.com/signaling 9

Figure 14. Mobile Originating PDP-Context Activation and Deactivation. Figure 15. Mobile Originating PDP-Context Activation and Deactivation. 10 www.tektronix.com/signaling

Abbreviation List 0PDCP Packet Data Convergence Protocol (3GTS 25.323) AAL-2 ATM Adaptation Layer 2 PDP Packet Data Protocol AAL2L3 See ALCAP PER Packed Encoding Rules (ITU-T X.691) AAL-5 ATM Adaptation Layer 5 QoS Quality of Service ALCAP Access Link Control Application Protocol (ITU-T Q.2630.1; Q.2630.2 (also referred to as AAL2L3) REL Release Request ( ALCAP) RLC Release Confirm ( SCCP / ALCAP) RLSD Released (SCCP) CRNC Controlling Radio Network Controller AS Access Stratum CID Channel Identifier ASN.1 Abstract Syntax Notation 1 (ITU-T X.690) ATM Asynchronous Transfer Mode DRNC Drift Radio Network Controller ERQ ALCAP: Establishment Request FACH Forward Link Access Channel GGSN Gateway GPRS Support Node PROCOD Procedure Coding (3GTS 25.415) RACH Random Access Channel RANAP Radio Access Network Application Part (3GTS 25.413) RLC Radio Link Control (3GTS 25.322) RNC RNS Radio Network Controller Radio Network Subsystem RRC Radio Resource Control (3GTS 25.331) SGSN SLR DLR Serving GPRS Support Node Source Local Reference (SCCP) Destination Local Reference (SCCP) SCCP Signaling Connection Control Part (ITU-T Q.710 Q714) SM SMS SRNC SSCOP Session Management Short Message Service Serving Radio Network Controller Service Specific Connection Oriented Protocol (ITU-T Q.2110) GMM GPRS Mobility Management TBF Temporary Block Flow GPRS General Packet Radio Service TCP Transmission Control Protocol GSMS Short Message Services through GPRS TLLI Temporary Logical Link Identifier ( packet-switched transmission) UDP User Datagram Protocol HLR Home Location Register UMTS Universal Mobile Telecommunication System for the time IP Internet Protocol beyond the year 2000 MAC Medium Access Control (3GTS 25.321) UTRAN UMTS Terrestrial Radio Access Network NAS Non-Access Stratum VCI Virtual Channel Identifier NBAP Node B Application Protocol (3GTS 25.433) VPI Virtual Path Identifier PCH Paging Channel W-CDMA Wideband Code Division Multiple Access PCU Packet Control Unit www.tektronix.com/signaling 11

Contact Tektronix: ASEAN / Australasia / Pakistan (65) 6356 3900 Austria +43 2236 8092 262 Belgium +32 (2) 715 89 70 Brazil & South America 55 (11) 3741-8360 Canada 1 (800) 661-5625 Central Europe & Greece +43 2236 8092 301 Denmark +45 44 850 700 Finland +358 (9) 4783 400 France & North Africa +33 (0) 1 69 86 80 34 Germany +49 (221) 94 77 400 Hong Kong (852) 2585-6688 India (91) 80-2275577 Italy +39 (02) 25086 1 Japan 81 (3) 3448-3010 Mexico, Central America & Caribbean 52 (55) 56666-333 The Netherlands +31 (0) 23 569 5555 Norway +47 22 07 07 00 People s Republic of China 86 (10) 6235 1230 Poland +48 (0) 22 521 53 40 Republic of Korea 82 (2) 528-5299 Russia, CIS & The Baltics +358 (9) 4783 400 South Africa +27 11 254 8360 Spain +34 (91) 372 6055 Sweden +46 8 477 6503/4 Taiwan 886 (2) 2722-9622 United Kingdom & Eire +44 (0) 1344 392400 USA 1 (800) 426-2200 USA (Export Sales) 1 (503) 627-1916 For other areas contact Tektronix, Inc. at: 1 (503) 627-7111 Updated 20 September 2002 For Further Information Tektronix maintains a comprehensive, constantly expanding collection of application notes, technical briefs and other resources to help engineers working on the cutting edge of technology. Please visit www.tektronix.com Copyright 2003, Tektronix, Inc. All rights reserved. Tektronix products are covered by U.S. and foreign patents, issued and pending. Information in this publication supersedes that in all previously published material. Specification and price change privileges reserved. TEKTRONIX and TEK are registered trademarks of Tektronix, Inc. All other trade names referenced are the service marks, trademarks or registered trademarks of their respective companies. 08/03 FL565636/SFI 2FW-16822-0 12 www.tektronix.com/signaling

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback