Professional Documents
Culture Documents
Agenda
User
plane
Architecture:
Traffic
S1-flex Mechanism
Allows:
Network redundancy,
Load sharing of traffic across network
elements in the CN, the MME and the SGW,
Flexible architecture
S1 Flex + MME Pooling network redundancy and traffic load
sharing
S1 Flex: eNB can connect to a maximum of 16 MMEs
In practice geographical redundancy is desired, connecting each
eNB to 2 MMEs, in different locations.
6
2. LTE Interfaces
HSS
Gr
IP networks
PCRF
S7
S6
SGi
S4
SGSN
S3
MME
SAE GW
S2a/b
S11
Iu CP
Gb
2G
networks
Iu UP
3G networks
S1 CP
Iu CP
LTE networks
non 3GPP
networks
10
S1-flex: eNB (enhanced Node B) and aGW (access Gateway) multipointto-multipoint links,
X2: inter-eNBs direct interface for HO management and RRM.
GGSN, SGSN and RNC elements: unique and central node ACGM (Access
Core Gateway) or a-GW (in 3GPP LTE/SAE, aGW refers to the Serving
Gateway (SGW)).
A-GW: terminates control and used planes for UE and manages the core
network features implemented in the GGSN and SGSN in Release 6.
UE Control plane protocol similar to Release 6 RRC (Radio Resource
Control): mobility control and radio bearer configuration.
ACGW user plane: header compression, ciphering, integrity and ARQ
11
Two interfaces:
S1 for the control plane
X2 for the user plane
Inter-eNode Bs X2 interface (includes Control and user planes)
12
Interfaces
13
Interfaces
14
15
GTP
All variants of GTP have certain features in common. The structure of the messages is the same, with a
GTP header following the UDP/TCP header.
GTPv1 headers contain the following fields:
+
Bit 0-2
Version
5
Extension
Header Flag
32
64
6
7
8-15
Sequence
N-PDU
Message Type
Number Flag Number Flag
16-23
24-31
Total length
TEID
Sequence number
N-PDU number
GTP principle
17
18
3. LTE Identities
19
User Identities
User Identities
21
User Identities
Temporary Mobile Subscriber Identity (TMSI) structure and coding is chosen by agreement
between operator and ME manufacturer in order to meet local needs.
The TMSI consists of 4 octets. It can be coded using a hexadecimal representation. The
network shall not allocate a TMSI with all 32 bits equal to 1, because TMSI must be stored
in the SIM, and SIM uses 4 octets with all bits equal to 1 to indicate that no valid TMSI is
available.
Globally Unique Temporary UE Identity (GUTI ): unambiguous identification of the UE that
does not reveal the UE or the user's permanent identity in the Evolved Packet System
(EPS). It allows the identification of the MME and network.
GUTI = GUMMEI + M-TMSI, where
GUMMEI = MCC + MNC + MME Identifier
MME Identifier = MME Group ID + MME
Code
MCC and MNC shall have the same field
size as in earlier 3GPP systems.
M-TMSI shall be of 32 bits length.
MME Group ID shall be of 16 bits length.
MME Code shall be of 8 bits length.
22
LTE Identities
ID
IMSI
PLMN ID
MCC
MNC
Meaning
Description
International Mobile
Subscriber Identity
Structure
IMSI (not more than 15
digits) = PLMN ID +
MSIN = MCC + MNC +
MSIN
PLMN ID (not more
than 6 digits) = MCC +
MNC
3 digits
2 or 3 digits
9 or 10 digits
GUTI (not more than 80
bits) = GUMMEI + MTMSI
TIN = GUTI
LTE Identities
ID
M-TMSI
Meaning
MME Mobile
Subscriber Identity
Description
Unique within a MME
ECGI
Structure
32 bits
GUMMEI (not more
than 48 bits)= PLMN ID
+ MMEI
MMEI (24 bits) =
MMEGI + MMEC
16 bits
8 bits
0x0001 ~ 0xFFF3 (16
bits)
IMEI (15 digits) = TAC +
SNR + CD
IMEI/SV (16 digits) =
TAC + SNR + SVN
ECGI (not more than 52
bits) = PLMN I D+ ECI
24
LTE Identities
ID
ECI
Meaning
E-UTRAN Cell
Identifier
TAI
TAC
TAI List
Tracking Area
Identity
Description
To identify a Cell within a PLMN
Structure
ECI (28 Bits) = eNB ID
+ Cell ID
IP address (4 bytes)
or FQDN (variable
length)
25
LTE Identities
ID
Meaning
Description
To identify an PDN (IP network), that
mobile data user wants to
communicate with
PDN Identity (APN) is used to
Packet Data Network determine the P-GW and point of
PDN ID
Identity
interconnection with a PDN
With APN as query parameter to the
DNS procedures, the MME will receive
a list of candidate P-GWs, and then a PGW is selected by MME with policy
EPS
Evolved Packet System To identify an EPS bearer (Default or
Bearer ID Bearer Identifier
Dedicated) per an UE4
E-UTRAN Radio Access
E-RAB ID
To identify an E-RAB per an UE
Bearer Identifier
Data Radio Bearer
DRB ID
To identify a DRB per an UE
Identifier
To identify the default bearer
LBI
Linked EPS Bearer ID
associated with a dedicated EPS bearer
Tunnel End Point
To identify the end point of a GTP
TEID
identifier
tunnel when the tunnel is established
Structure
4 bits
4 bits
4 bits
4 bits
32 bits
26
LTE Identities
27
4. Network Entities
28
MME
MME host the following functions:
AS security control
Roaming
Authentication
S-GW
E-UTRAN idle mode downlink packet buffering and initiation of network tri
ggered service request procedure
Lawful Interception
30
P-GW
Lawful Interception
UE IP address allocation
Note
The S-GW and P-GW are usually integrated in the same equipment (direct
tunnel).
31
PCRF HSS
PCRF (Policy Control and Charging Rules Function)
-
Provides the QoS authorization (QoS class identifier [QCI] and bit rates) that
decides how a certain data flow will be treated in the PCEF and ensures that
this is in accordance with the users subscription profile.
Holds information about the PDNs to which the user can connect (in the form
of an access point name (APN) (which is a label according to DNS naming
conventions describing the access point to the PDN) or a PDN address
(indicating subscribed IP address(es))
Holds dynamic information such as the identity of the MME to which the user is
currently attached or registered
Integrates the authentication center (AUC), which generates the vectors for
authentication and security keys.
32
RR: Radio Resource RRC: Radio Resource Control EMM: Evolved Mobility Management ECM: Evolved Connection Management
33
5. LTE/EPC Bearers
34
35
Default/Dedicated Bearer
38
Default/Dedicated bearer
39
Default/Dedicated Bearer
Aggregated bandwidth
Total volume
limit exceeded
Cell capacity
Aggregated load in the cell
Normal users
THP=2
THP=2
THP=2
THP=3
Heavy user
43
Wireless Backhaul
Access Network
Copper
Fiber
Handset,
PDA or Laptop
Public Switched
Telephone Network
Mobile Switching Office
(provisioning, call routing, etc)
Fiber quickly
replacing
copper to meet LTE
bandwidth
requirements
Point-to-point
microwave
backhauled to fiber
to save cost
- Ethernet over E1
driving savings, greater data flow and greater reliability
45
Mobile backhaul is
increasingly becoming
a strategic investment
for service providers
(source: World Mobile
Backhaul Infrastructure
Market,
Frost
&
Sullivan,
February
2009) and hence the
need for flexibility is
ever growing.
46
Distance
Capacity
125Mbps
Up to 4 Miles(KM)
Upgrade to Gig-E
125Mbps
Up to 5 Miles(8.0KM)
Upgrade to Gig-E
Up to 5 miles(8 km)
100 Mbps
Up to 6 miles(9.7 km)
100 Mbps
Up to 4 miles( km)
1000 Mbps
Up to 5 miles(8 km)
1000 Mbps
Up to 5 miles(8 km)
100/1000 Mbps
Summary
The E-UTRAN
The E-UTRAN consists of eNodeBs which provide E-UTRA user plane (PDCP/RLC/MAC/PHY) and control plane
(RRC) protocol terminations toward the user equipment (UE).
The eNBs are interconnected with each other by means of the X2 interface.
The eNBs connected through S1 interface to the Evolved Packet Core (EPC), more specifically to the Mobility
Management Entity (MME) by means of the S1-MME interface and to the Serving Gateway (SGW) by means
of the S1-U interface.
LTE Architecture
49
7. Security
50
IPsec
KUPenc
Security concerns:
As UMTS, UE authentication
(USIM: 128 bits key imposed);
The internal signaling protection
(integrity), signaling and traffic
encryption;
Additional signaling encryption for
RRC and NAS.
Safety
is
enhanced
protecting all entities
eNodeB
S-GW
KNASenc
KRRCenc
RRC
KNASint
MME
KRRCint
USIM / AuC
by
CK, IK
UE / HSS
KASME
UE / MME
KNASenc
KNASint
KeNB
UE / eNB
KUPenc
KRRCint
KRRCenc
51
53
Key hierarchy
Faster handovers and key changes, independent of AKA
Added complexity in handling of security contexts
USIM / AuC
CK, IK
UE / HSS
KASME
UE / MME
KNASenc
KNASint
KeNB
UE / eNB
KUPenc
KRRCint
KRRCenc
57
58
59
60
eNodeB keys:
KeNB: Derived by the terminal and the MME from KASME ('Master
Key') and issued by the MME in eNodeB (Master Key)
KeNB is used to derive the AS traffic keys and handover key KeNB *
KeNB*: Derived from the terminal and the source from eNodeB
KeNB or valid NH (Next Hop) During the handover, the terminal
and the target eNodeB derive a new KeNB* from KeNB
61
KUPenc: Derived from KeNB and used to encrypt the user plane
KRRCint: Derived from KeNB and used to ensure the integrity of RRC
message
KRRCenc: Derived from KeNB and used to encrypt RRC messages
Next Hop (NH): Intermediate key used to derive KeNB* during intra-LTE
handover security
The NCC (Next Hop Chaining Counter) determines if the next KeNB*
must be based on a current KeNB* or fresh NH:
If no fresh NH available
Fresh NH
Target PCI + NH
62
63
eNB
- Does AUTN come from
HSS?
MME
RES
Derive KASME, KeNB ....
RAND, XRES,
AUTN, KASME
RAND, AUTN
HSS
OK, SELECTED_ALG,
SUPPORTED_ALGS
RAND = RANDOM()
Check: RES == XRES ??
SQN = SQN + 1
AUTN = AES1(K, RAND, SQN)
RES = AES2(K, RAND)
(Ck, Ik) = AES3(K,
KA RAND)
KASME = F(Ck, Ik, ...) F
- Verify OK
- Switch on security
Ke
KN-int
KN-enc
[OK]
KeNB
Protected signaling
Protected traffic
KeNB
F
KeUP-enc
KeRRC-int
KeRRC-enc
64
Backhauling Security
65
Thank you
66