GSM Networks: Protocols, Terminology, and Implementation GSM Networks: Protocols, Terminology, and Implementation Gunnar Heine Artech House Boston • London Library of Congress Cataloging-in-Publication Data Heine, Gunnar. [GSM—Signalisierung verstehen und praktisch anwenden. English] GSM networks : protocols, terminology, and implementation / Gunnar Heine p. cm. — (Artech House mobile communications library) Translation of: GSM—Signalisierung verstehen und praktisch anwenden. Includes bibliographical references and index. ISBN 0-89006-471-7 (alk. paper) 1. Global system for mobile communications. I. Title. TK5103.483.H4513 1998 621.3845’6—dc21 98-51784 CIP British Library Cataloguing in Publication Data Heine, Gunnar GSM networks : protocols, terminology, and implementation— (Artech House mobile communications library) 1. Global system for mobile communications I. Title 621.3’8456 ISBN 0-89006-471-7 Cover design by Lynda Fishbourne © 1998 Franzis’ Verlag GmbH Translated from GSM - Signalisierung verstehen und praktisch anwenden (Franzis’ Verlag 1998) English translation version: © 1999 ARTECH HOUSE, INC. 685 Canton Street Norwood, MA 02062 All rights reserved. Printed and bound in the United States of America. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permis- sion in writing from the publisher. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Artech House cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. International Standard Book Number: 0-89006-471-7 Library of Congress Catalog Card Number: 98-51784 10987654321 Contents 1 Introduction 1 1.1 About This Book 1 1.2 Global System for Mobile Communication (GSM) 2 1.2.1 The System Architecture of GSM: A Network of Cells 3 1.2.2 An Overview on the GSM Subsystems 4 1.3 The Focus of This Book 7 1.4 Signaling 8 1.4.1 What is Signaling? 8 1.4.2 How is Signaling Performed? 8 1.4.3 What is Signaling Used For? 10 1.5 Representation of Messages 10 2 The Mobile Station and the Subscriber Identity Module 13 2.1 Subscriber Identity Module 13 2.1.1 The SIM as a Database 15 2.1.2 Advantage for the Subscriber 15 2.2 Mobile Station 17 2.2.1 Types of Mobile Stations 17 v 2.2.2 Functionality 17 2.2.3 Mobile Stations as Test Equipment 18 3 The Base Station Subsystem 19 3.1 Base Transceiver Station 19 3.1.1 Architecture and Functionality of a Base Transceiver Station 20 3.1.2 Base Transceiver Station Configurations 22 3.2 Base Station Controller 25 3.2.1 Architecture and Tasks of the Base Station Controller 26 3.3 Transcoding Rate and Adaptation Unit 28 3.3.1 Function of the Transcoding Rate and Adaptation Unit 28 3.3.2 Site Selection for Transcoding Rate and Adaptation Unit 28 3.3.3 Relationship Between the Transcoding Rate, Adaptation Unit, and Base Station Subsystem 29 4 The Network Switching Subsystem 31 4.1 Home Location Register and Authentication Center 32 4.2 Visitor Location Register 33 4.3 The Mobile-Services Switching Center 34 4.3.1 Gateway MSC 36 4.3.2 The Relationship Between MSC and VLR 36 4.4 Equipment Identity Register 37 5 The OSI Reference Model 39 5.1 Reasons for Standardization 39 5.2 Layering in the OSI Reference Model 40 5.3 Data Types of the OSI Reference Model 41 5.4 Information Processing in the OSI Reference Model 42 vi GSM Networks: Protocols, Terminology, and Implementation 5.5 Advantages of the OSI Reference Model 42 5.6 The Seven Layers of the OSI Reference Model 43 5.6.1 Layer 1: The Physical Layer 43 5.6.2 Layer 2: The Data Link Layer 43 5.6.3 Layer 3: The Network Layer 44 5.6.4 Layer 4: The Transport Layer 44 5.6.5 Layer 5: The Session Layer 45 5.6.6 Layer 6: The Presentation Layer 45 5.6.7 Layer 7: The Application Layer 46 5.7 Comprehension Issues 46 5.7.1 An Analogy: The Move to Europe 47 6 The Abis-Interface 51 6.1 Channel Configurations 51 6.2 Alternatives for Connecting the BTS to the BSC 52 6.2.1 BTS Connection in a Serial Configuration 54 6.2.2 Connection of BTSs in Star Configuration 55 6.3 Signaling on the Abis-Interface 55 6.3.1 OSI Protocol Stack on the Abis-Interface 55 6.3.2 Layer 2 56 6.3.3 Layer 3 71 6.4 Bringing an Abis-Interface Into Service 87 6.4.1 Layer 1 87 6.4.2 Layer 2 87 7 The Air-Interface of GSM 89 7.1 The Structure of the Air-Interface in GSM 89 7.1.1 The FDMA/TDMA Scheme 89 7.1.2 Frame Hierarchy and Frame Numbers 90 7.1.3 Synchronization Between Uplink and Downlink 93 7.2 Physical Versus Logical Channels 94 7.3 Logical-Channel Configuration 94 Contents vii 7.3.1 Mapping of Logical Channels Onto Physical Channels 95 7.3.2 Possible Combinations 97 7.4 Interleaving 100 7.5 Signaling on the Air Interface 101 7.5.1 Layer 2 LAPD m Signaling 101 7.5.2 Layer 3 107 8 Signaling System Number 7 125 8.1 The SS7 Network 125 8.2 Message Transfer Part 126 8.3 Message Types in SS7 127 8.3.1 Fill-In Signal Unit 127 8.3.2 Link Status Signal Unit 128 8.3.3 Message Signal Unit 128 8.4 Addressing and Routing of Messages 130 8.4.1 Example: Determination of DPC, OPC, and SLS in a Hexadecimal Trace 131 8.4.2 Example: Commissioning of an SS7 Connection 132 8.5 Error Detection and Error Correction 133 8.5.1 Send Sequence Numbers and Receive Sequence Numbers (FSN, BSN, BIB, FIB) 135 8.5.2 BSN/BIB and FSN/FIB for Message Transfer 135 8.6 SS7 Network Management and Network Test 138 8.6.1 SS7 Network Test 139 8.6.2 Possible Error Cases 140 8.6.3 Format of SS7 Management Messages and Test Messages 142 8.6.4 Messages in SS7 Network Management and Network Test 142 9 Signaling Connection Control Part 153 9.1 Tasks of the SCCP 153 viii GSM Networks: Protocols, Terminology, and Implementation 9.1.1 Services of the SCCP: Connection-Oriented Versus Connectionless 154 9.1.2 Connection-Oriented Versus Connectionless Service 154 9.2 The SCCP Message Format 156 9.3 The SCCP Messages 158 9.3.1 Tasks of the SCCP Messages 158 9.3.2 Parameters of SCCP Messages 159 9.3.3 Decoding a SCCP Message 167 9.4 The Principle of a SCCP Connection 167 10 The A-Interface 171 10.1 Dimensioning 171 10.2 Signaling Over the A-Interface 173 10.2.1 The Base Station Subsystem Application Part 173 10.2.2 The Message Structure of the BSSAP. 174 10.2.3 Message Types of the Base Station Subsystem Management Application Part 176 10.2.4 Decoding of a BSSMAP Message 183 11 Transaction Capabilities and Mobile Application Part 185 11.1 Transaction Capabilities Application Part 185 11.1.1 Addressing in TCAP 186 11.1.2 The Internal Structure of TCAP 187 11.1.3 Coding of Parameters and Data in TCAP 189 11.1.4 TCAP Messages Used in GSM 198 11.2 Mobile Application Part 208 11.2.1 Communication Between MAP and its Users 209 11.2.2 MAP Services 211 11.2.3 Local Operation Codes of the Mobile Application Part 214 Contents ix 11.2.4 Communication Between Application, MAP, and TCAP 220 12 Scenarios 225 12.1 Location Update 227 12.1.1 Location Update in the BSS 227 12.1.2 Location Update in the NSS 227 12.2 Equipment Check 227 12.3 Mobile Originating Call 233 12.3.1 Mobile Originating Call in the BSS 233 12.3.2 Mobile Originating Call in the NSS 233 12.4 Mobile Terminating Call 244 12.4.1 Mobile Terminating Call in the BSS 244 12.4.2 Mobile Terminating Call in the NSS 244 12.5 Handover 251 12.5.1 Measurement Results of BTS and MS 251 12.5.2 Analysis of a MEAS_RES/MEAS_REP 255 12.5.3 Handover Scenarios 256 13 Quality of Service 275 13.1 Tools for Protocol Measurements 275 13.1.1 OMC Versus Protocol Analyzers 276 13.1.2 Protocol Analyzer 278 13.2 Signaling Analysis in GSM 280 13.2.1 Automatic Analysis of Protocol Traces 280 13.2.2 Manual Analysis of Protocol Traces 284 13.3 Tips and Tricks 285 13.3.1 Identification of a Single Connection 285 13.4 Where in the Trace File to Find What Parameter? 287 13.5 Detailed Analysis of Errors on Abis Interface and A-Interface 287 13.5.1 Most Important Error Messages 291 x GSM Networks: Protocols, Terminology, and Implementation 13.5.2 Error Analysis in the BSS 296 Glossary 303 About the Author 405 Index 407 Contents xi [...]... year 19 91 also saw the definition of the first derivative of GSM, the Digital Cellular System 18 00 (DCS 18 00), which more or less translates the GSM system into the 18 00 MHz frequency range In the United States, DCS 18 00 was adapted to the 19 00 MHz band (Personal Communication System 19 00, or PCS 19 00) The next phase, GSM Phase 2, will provide even more end-user features than phase 1 of GSM did In 19 91, ... access lines • All cellular networks require that, as the mobile station moves, an active call is handed over from one cell to another, a process known as handover 4 GSM Networks: Protocols, Terminology, and Implementation Frequency 3 BTS TRX Frequency 1 Frequency 2 BTS BTS TRX TRX Frequency 3 Frequency 4 BTS BTS TRX TRX Frequency 2 Frequency 1 BTS BTS TRX TRX Figure 1. 1 The radio coverage of an area... data and payload PCM is categorized into hierarchies, depending on the transmission rate The PCM link of 2 megabits per second (Mbps) (one that is referred to frequently in this book) is only one variant of many By utilizing a time-division bit value = 1 U(high) > U(low) time 0 0 } } } 1 0 1 0 0 0 1 1 1 1 Ahex Figure 1. 3 Decoding of a bit stream 3hex Chex bit value = 0 U(low) < U(high) 10 GSM Networks: ... (e.g., the size of a medium-size town) are connected to the BSC via an interface called the Abis-interface The 6 GSM Networks: Protocols, Terminology, and Implementation BSC takes care of all the central functions and the control of the subsystem, referred to as the base station subsystem (BSS) The BSS comprises the BSC itself and the connected BTSs 1. 2.2.5 Transcoding Rate and Adaptation Unit TRAU One... the glossary contain references to GSM and International Telecommunication Union (ITU) Recommendations, which in turn allow for further research 1 2 GSM Networks: Protocols, Terminology, and Implementation For the engineer who deals with GSM or its related systems on a daily basis, this book has advantages over other GSM texts in that it quickly gets to the point and can be used as a reference source... is sent by the system and when? How is such an indication interpreted? What are the potential sources of errors? 8 GSM Networks: Protocols, Terminology, and Implementation A word on coding of parameters and messages should be added here: Coding of message types and other essential parameters are always included However, because this book has no intention of being a copy of the GSM Recommendations, it... Telecommunications Standard Institute (ETSI) That, however, did not change the task of GSM The goal of GSM was to replace the purely national, already overloaded, and thus expensive technologies of the member countries with an international standard In 19 91, the first GSM systems were ready to be brought into so-called friendly-user operation The meaning of the acronym GSM was changed that same year to stand for... capabilities application part (TCAP), MAP] 12 GSM Networks: Protocols, Terminology, and Implementation Shows direction User part = ISUP from ITU Q.763, Q.764) ISUP / IAM Initial Address Message Abbreviated ISUP message type Whole name of ISUP message type Figure 1. 4(e) Format for ISUP messages between MSCs and toward the Integrated Services Digital Network (ISDN) [SS7 and the ISDN user part (ISUP)] ... form a public land mobile network (PLMN) Figure 1. 2 provides an overview of the GSM subsystems Introduction 5 PLMN BSS BSS BTS BSS BTS HLR BTS BSC MSC TRAU VLR BTS MSC area BSS BTS BSS MSC area BTS MSC area MSC area HLR MSC area HLR EIR MSC area MSC area Figure 1. 2 The architecture of a PLMN 1. 2.2 .1 Mobile Station GSM- PLMN contains as many MSs as possible, available in various styles and power classes... can be used To make its handling easier, the SIM has the format of a credit card or is inserted as a plug-in SIM The SIM communicates directly with the VLR and indirectly with the HLR 1. 2.2.3 Base Transceiver Station A large number of BTSs take care of the radio-related tasks and provide the connectivity between the network and the mobile station via the Air-interface BTS TRX 1. 2.2.4 Base Station Controller . Part 17 6 10 .2.4 Decoding of a BSSMAP Message 18 3 11 Transaction Capabilities and Mobile Application Part 18 5 11 .1 Transaction Capabilities Application Part 18 5 11 .1. 1 Addressing in TCAP 18 6 11 .1. 2. of TCAP 18 7 11 .1. 3 Coding of Parameters and Data in TCAP 18 9 11 .1. 4 TCAP Messages Used in GSM 19 8 11 .2 Mobile Application Part 208 11 .2 .1 Communication Between MAP and its Users 209 11 .2.2 MAP. Standard Book Number: 0-8 900 6-4 7 1- 7 Library of Congress Catalog Card Number: 9 8-5 17 84 10 9876543 21 Contents 1 Introduction 1 1 .1 About This Book 1 1.2 Global System for Mobile Communication (GSM)