Short forms:

Qualcomm: Quality communication.

PL: product line number
DSDS: dual sim dual standby
DDS: dedicated data switch
CB: cell broadcast
IRAT: inter radio access technology.
QRD: Q`ualcomm Reference Device
MTP :modem Test Plateform

Setup2-: IDP9205_CT.1.0_RJIL_NB-IOT_Testing: dut

Setup1:- SM8150_LA1.0_AIRTEL_Autoband_Rank4_Route_Scouting:
Nicobar: vowifi , throughput,functional testing
ref Mdm 9206: Nbiot testing

latest build : nicobar;

build: Nicobar.LA.1.0-00191-STD.INT-1
mpss: MPSS.AT.4.3.1-00219 -NICOBAR_GEN_TEST-2T

MDP 9206:
Build :
MPSS:

IDP 9205
Build:
MPSS:

8150:
Build: SM8150.LA.1.0.c5-00025-STD.INT-2
MPSS: MPSS.HE.1.0.c6-00080-SM8150_GEN_TEST-1T

Colours In QXDM :
Green lte
Blue
Purple GSm
Orange 3g

b14D=log_packet mimo
b06876--for dual sim latching
70266--for dual dual sim latching
04398---0
73690---EVS enables
71546--0x07--SW MBN Auto
70210- Hot Swap
00550 - IMEI write
65633- bandlock

How To Band Lock the device:-

1. Connect device to QXDM.
2. Open NV browser.
3. Go to NV 65633 and copy the below values as per band requirement:-

For B40 lock :- 0x0000008000000000

For B41 Lock:- 0x0000010000000000
For B05 Lock:- 0x0000000000000010
For B03 Lock:- 0x0000000000000004
For B5+B40 Lock:- 0x0000008000000010
For B3+B5 Lock:- 0x0000000000000014
For B3+B40 Lock:- 0x0000008000000004
RF Conditions:
Near Cell:
RSRP:  -50 to 65-70 dBm
SINR:    25-30 dB

MID Cell:
RSRP:  -70 to -80 dBm
SINR:   10 to 16 dB

Edge Cell:
RSRP: -80 and above dBm
SINR:  0 to 5-6 dB

How to excecute throughtput testing In QXDM.

1. Connect antenna as per band configuration
2. Connect devices (DUT & REF) in QXDM
3. And observe cell ID and SNR (cell ID of both device should be same).
4. Antenna difference between A0 and A1 should not more than 3 dBm.
5. Run adb logs and open ANDFTP on both devices.
6. Download the same file in DUT and REF serially while performing stationary
testing. E.g.: Near Cell Throughput
7. Download the file with same size with different Name in DUT and REF in
parallel while performing mobility testing. E.g.: Throughput in mobility.
8. After downloading note the time taken by both devices and calculate
throughput value.
9. Throughput Speed (Mbps)= [File size(MB)/Time taken]*8
10.Save both adb & QXDM logs. Using Alt+L or CTlr+i.

ARFCN :
ERFCN :
Airtel band 8 : 3686
40 : 20mhz: 39050
10mhz: 39200
41:
jio : band 40: 38850 20 mhz
38700 10mhz
5: 2539
3: 1234
1:

vodafone :

Device preparation:

 Build (META)
 Camp QCN using QPST (Qualcomm combined NVs)
 MBN using PDC tool (Modem binaries)
 EFS file
 ETM for stability
 VOLTE (IMS) Commands
MPSS (Modem Process Subsystem)
Auto answer NV 74

Build (META)
>>How to load Build 8150
 Download the build from FileZilla (smanjuna server)
 Extract this build
 Open the command folder on build folder
 adb devices (this will show status of devices connected or not)
 adb reboot bootloader ( this will reboot the device into bootloader mode /fastboot mode )
 fastboot devices ( this will show status fastboot devices connected or not)
o fastboot_complete.py --sb -f --st=ufs for 8150 PL
o fastboot_complete.py --st=emmc    for 6150
fastboot_complete.py --st=emmc –sb for nicobar
 o Just run fastboot complete file for 439 device
 Fastboot reboot (this will reboot/restart the device in fastboot mode).

MPSS (Modem Process Subsystem):

Open cmd in MPSS location
1. adb devices
2. adb root
3. adb remount
4. adb shell mount -o rw,remount /vendor/firmware_mnt
5. adb shell
6. #su
7. #cd /vendor/firmware_mnt/image
8. #rm -rf modem.b*
9. #rm -rf modem.mdt
10. #exit
11. #exit
12. adb push . /vendor/firmware_mnt/image       
13. adb shell sync
14. adb reboot

Camp QCN using QPST: (Qualcomm combined NVs)

 Open QPST > start client > software download > restore > browse > Select the device > Select the
QCN path (for MCN 2000 use 436 QCN) > Select ESM mismatch > Start Option

Calibrated QCN using QPST:

Same steps except load downloaded QCN PATH.

For nV write/ iemi write

NV for iemI – 00550

IMEI hexadecimal values for devices

Nv : 00550
Select multisim
Write the values for sub1 then> write >read then again for sub2.
0x08 0x8A 0x56 0x48 0x03 0x12 0x04 0x46 0x65

0x08 0x8A 0x56 0x48 0x03 0x12 0x14 0x10 0x15

MBN using PDC tool (Modem Binaries) :

TO NETWORK ACCESS
To camp device on 4G network

Hardware
 Open PDC tool

 Select device

 Select SR_DSDS-LA-7+7_mode_sm8150 (right click)

 Select config

 Sub0

Hardware only for sub0 then it will automatically support for sub 1

Software
1. For RJIL load commercial reliance
2. For Other operator load Row commercial.

In performance we have to change MBN everytimre as per requirement so for that we do auto MBN

FOR AUTOMATIC mbn IN QXDM >nv> 71546 THIS WILL GIVE US AUTO MBN

MBN manually ( on dial keypad ): (OREO)

*#*#dconfig#*#* - hardware

*#*#mconfig#*#* - software
EFS file pushing:

Open Qpst > start client > EFS file explorer > select device > nv > modem > lte > ml1 > copy
both 4way_Asdiv files to ml1 folder > Reset

ETM file pushing: (to successfully remount adb and for crash analysis)

Just run this bat file.

 etm_enable_MODEM_PC_MEM.bat

VOLTE (IMS) Commands: (to make sim HD capable) only for non Jio sims

 adb root
 adb shell setprop persist.dbg.volte_avail_ovr 1
 adb shell setprop persist.dbg.vt_avail_ovr 1
 adb shell setprop persist.dbg.wfc_avail_ovr 1
 adb reboot

How to write IMEI performance

 Connect device and check in QPST
 Port > select device >

command to connect MI devices in QXDM

Modem Port/ Diag Port/AT Command/PDC:  
adb root
adb shell setenforce 0
adb shell setprop sys.usb.config diag,serial_cdev,rmnet,adb
adb shell setprop persist.sys.usb.config diag,serial_cdev,rmnet,adb

GSM ARCHITECTURE ;
GSM architecture consist of 3 sub blocks :
(1) Core network
(2) Access network
(3) Mobile station control

1.core network
 The elements present in the core network are NSS (network switching subsystem) NSS is used in
GSM to carry out the callout and mobile management for roaming network.
It allows mobile device to communicate with each other
The MSC is a primary node which is used for routing voice, sms ,It set up and releases end to end
connection and handover requirement during the call

Access network: consist of BTS and BSS ,one base station can have multiple of transceiver connected 
via interfaces

Mobile station: It consist of various hardware and software equipment’s  used for communication
 The base station is responsible for handling traffic capacity between mobile and network
NSS consist of HLR(home location register) and VLR (variable location register)
HLR keeps all the details about the user and VLR is just the same but, the regular use of details
for calls and SMS
Authentication: authentication is done on the parameters based on VLR

GSM Location upgrade: The location upgrade is to find the network in the given coverage area ,the
location upgrade consist of 3 categories
Normal, periodic and IMSI attach detach location upgrade Types of keyword ,types of channels

GSM Location update:

For operation like Location Update or Originating Call, MS has to reserve the channels for signaling or
traffic.

Channel Request – MS request as channel from BTS.

Channel Required: BTS decodes the above message and send this to BSC with the calculated distance of
MS with Timing Advance.
Channel Activate: BSC informs the BTS which channel type to activate and which channel number to
reserve.
Channel Activate ACK: BTS confirms the acknowledgement.
Imme diate Assignment: BSC asks to BTS to assign the reserved channel to MS.

GSM CALL FLOW

1. Initially MS is getting Broadcast channels like BCCH (Broadcast Control channel), FCCH
(Frequency correction channel) and SCH (Synchronization channel) and the direction of the
channel as downlink channels.
2. Then BSIC (base station identity code) is sent to MS from network through SCH (synchronization)
channel.
3. Network sends CGI and LAI to MS through BCCH channel.
4. Now for accessing the services, MS sends access request to network through RACH( random
access channel).
5. The network assigns SDCCH (standalone dedicated control channel) to mobile through AGCH
(access grant channel). SDCCH is used to allocated TCH (traffic channel) to MS.
6. Service request is send by MS to network through SDCCH channel.
7. Network sends authentication request to MS through same SDCCH channel.
8. In response to above request MS sends authentication response to network through SDCCH.
9. Ciphering mode command is initiated by network to MS through SDCCH.
 10. And MS responds to network as ciphering mode command complete
11. Call setup request is send from MS to network through SDCCH.
12. Network responds as call setup processing to MS through SDCCH.
13. Also, the network sends assignment command to MS to assign (TCH) Traffic control channel and
FACCH (Fast associated control channel).
14. MS responds as assignment complete through SDCCH.
15. The network now alerts MS that call is being connected and it uses FACCH. Simultaneously
network sends connect response to MS.
16. The MS sends ACK message to network to notify whether the call is connec ted or not, through
FACCH.
17. Now when the user disconnects the call, disconnect request is send to network from MS.
18. In response to above request Network send call release message to MS.
19. Release complete message is send to network from MS.
20. Also channel release message is send to network from MS

GSM Channels:
·         GSM uses a variety of channels in which the data is carried. In GSM, these channels are
separated into physical channels and logical channels. The Physical channels are
determined by the timeslot, whereas the logical channels are determined by the information
carried within the physical channel.
The following logical channels are defined in GSM:
1.       TRAFFIC CHANNELS:
o   TCH f - Full rate traffic channel at a net bit rate of 22.8 Kb/s (TCH/F)
o   TCH h - Half rate traffic channel  at a net bit rate of 11.4 Kb/s (TCH/H)
 
2.       BROADCAST CHANNELS: (Used for DOWNLINK ONLY)
·         BCCH(BROADCAST CONTROL CHANNEL) - Broadcast Network information, e.g. for
describing the current control channel structure. The BCCH is a point-to-multipoint channel (BSS-
to-MS).
·         SCH( SYNCHRONISATION CHANNEL) - Synchronisation of the MSS.
·         FCCH(FREQUENCY CORRECTION CHANNEL) - frequency correction.
 
 COMMON CONTROL CHANNELS: (PCH & AGCH are used for DOWNLINK & RACH is used for
UPLINK.)
AGCH(ACCESS GRANTED CHANNEL) - Acknowledge channel requests from MS and allocate a
SDCCH.
·         PCH(PAGING CHANNEL) - terminating call announcement.
·         RACH(RANDOM ACCESS CHANNEL) - access requests, response to call announcement,
location update, etc.
 
4.       DEDICATED CONTROL CHANNELS: (Used for both UPLINK & DOWNLINK.)
·         FACCH(FAST ASSOCIATED CONTROL CHANNEL) - For time critical signalling over the TCH
(e.g. for handover signalling). Traffic burst is stolen for a full signalling burst.
·         SACCH(SLOW ASSOCIATED CONTROL CHANNEL) - TCH in-band signalling, e.g. for link
monitoring.
·         SDCCH(STAND ALONE DEDICATED CONTROL CHANNEL) - For signalling exchanges, e.g.
during call setup, registration / location updates.
 UMTS ARCITECTURE:

UMTS consist of  mainly 3 blocks:

1.UE
2.RADIO NETWORK SWITCH
3.CORE NETWORK

User Equipment (UE)

Mobile Equipment (ME) : It is a radio terminal which is used to connect the UMTS subscriber
with the fixed part of UMTS system via the radio interface Uu.

UMTS Subscriber Identity Module (USIM):  A smartcard which contains the subscriber identity,
authentication algorithms, encryption keys etc.

UMTS Terrestrial Radio Access Network(UTRAN)

Nodes B (Base Stations): It performs physical level processing such as channel coding, data
interleaving, rate matching, modulation etc.

Radio Network Controllers (RNC): RNC’s controls and manages radio resources to Node B.

Core Network(CN)

The core network is shared with GSM and GPRS. The CN contains functions for intersystem
handover, gateways to other networks and performs location management. It contains:

1. Home Location Register (HLR)

2. Mobile Station Controller / Visitor Location Register (MSC/VLR).
3. Gateway MSC: Connect UMTS to external circuit switch n/w (e.g PSTN)
4. Serving GPRS Support Node (SGSN): It serves the Packet-switched traffic
5. Gateway GPRS Support Node (GGSN): The Gateway GPRS Support Node (GGSN) is the
central element within the UMTS packet switched network.

LTE Architecture
The main blocks of LTE architecture is as mention below.

1.The User Equipment (UE).

2.The Evolved UMTS Terrestrial Radio Access Network (E-UTRAN).

3.The Evolved Packet Core (EPC).

The User Equipment (UE)

The internal architecture of the user equipment for LTE is identical to the one used by UMTS and
GSM which is actually a Mobile Equipment (ME). 

Mobile Termination (MT) : This handles all the communication functions.

Terminal Equipment (TE) : This terminates the data streams.

The Evolved UMTS Terrestrial Radio Access Network (E-UTRAN)

The E-UTRAN handles the radio communications between the mobile and the evolved packet
core and just has one component, the evolved base stations, called eNodeB or eNB. Each eNB
is a base station that controls the mobiles in one or more cells. The base station that is
communicating with a mobile is known as its serving eNB.

The eBN sends and receives radio transmissions to all the mobiles using the analogue and
digital signal processing functions of the LTE air interface.
The eNB controls the low-level operation of all its mobiles, by sending them signaling messages
such as handover commands
The Evolved Packet Core (EPC).

The main component of EPC are as follows.

Home Subscriber Server (HSS): component has been carried forward from UMTS and GSM and is
a central database that contains information about all the network operator's subscribers.

Packet Data Network (PDN) Gateway (P-GW) :communicates with the outside world ie. packet data
networks PDN, using SGi interface. Each packet data network is identified by an access point name
(APN). The PDN gateway has the same role as the GPRS support node (GGSN) and the serving
GPRS support node (SGSN) with UMTS and GSM.

serving gateway (S-GW): it acts as a router, and forwards data between the base station and the
PDN gateway.

mobility management entity (MME) : It controls the high-level operation of the mobile by means of
signalling messages and Home Subscriber Server (HSS).
Policy Control and Charging Rules Function (PCRF) : is a component which is not shown in the
above diagram but it is responsible for policy control decision-making, as well as for controlling the
flow-based charging functionalities in the Policy Control Enforcement Function (PCEF), which
resides in the P-GW.

The interface between the serving and PDN gateways is known as S5/S8. This has two
slightly different implementations, namely S5 if the two devices are in the same
network, and S8 if they are in different networks.

SRVCC
SRVCC - Single Radio Voice Call Continuity is required within LTE as voice calls often need to be
transferred between LTE and legacy circuit switched services like 2G GSM or 3G UMTS as
coverage of LTE may not be complete.

As voice calls in LTE are packet data based within the IMS environment, call continuity with legacy
circuit switched services is not straightforward and can be handled in various ways. SRVCC, single
radio voice call continuity provides a standardised means by which these transfers can be made in a
seamless manner with the minimum of dropped calls.

SRVCC, Single radio Voice Call Continuity, is a scheme that enables Inter Radio Access Technology,
Inter RAT handover as well as a handover from packet data to circuit switched data voice calls.

By using SRVCC operators are able to make the handovers while maintaining existing quality of
service, QoS and also ensuring that call continuity meets the critical requirements for emergency
calls.

Some ideas for handover require that the handset has two active radios to facilitate handover. This is
not ideal because it requires additional circuitry to enable the two radios to be active simultaneously
and it also adds considerably to battery drain.

The SRVCC requires only a single active radio in the handset and requires some upgrades to the
supporting network infrastructure.

Overall SRVCC Mechanism

 
The simplest use model can be illustrated as in < Case 1 > of the following figure showing the
SRVCC between LTE and UMTS (The detailed mechanism would vary depending on what kind
of legacy technology is involved). A little bit complicated use-model can be illustrated as in <
Case 2 >. In < Case 2 >, user is doing VoIP while he is using another packet transaction (e.g,
email, browsing etc). In this case, the radio bearer on WCDMA side should be a multiple Radio
Bearer (CS + PS). There may be many different type of use model as well.
 http://www.sharetechnote.com/image/SRVCC_Concept.PNG

Csfb:
CSFB (Circuit Switched Fall Back) :-
Circuit Switched FallBack (CSFB) is a technology whereby voice and SMSservices are
delivered to LTE devices through the use of GSM or another circuit-switched network.

Circuit Switched FallBack is needed because LTE is a packet-based all-IP network that cannot
support circuit-switched calls. When an LTE device is used to make or receive a voice call or
SMS, the device "falls back" to the 3G or 2G network to complete the call or to deliver the SMS
text message.

CSFB was specified in 3rd Generation Partnership Project (3GPP) Release 8. CSFB requires
a software upgrade of the operators core and radio network.
CSFB is often seen as an interim solution for LTE operators. Voice over LTE (VoLTE) is
considered to be the long-term goal for the delivery of voice services on LTE networks.

Applies when there is no active voice call.When an user is on LTE network and initiates a call,
the switch from LTE to legacy network (2G/3G) is carried out through CSFB.
Basically LTE is a Packet only technology. It is well designed for data traffic. It normally done via
CS call in existing technology (WCDMA, GSM, C2K etc). There can be a couple of options to
achieve voice call in LTE. One of the option is just to use packet based voice call (e.g, VoIP or
IMS). Another option is to use multiple technology. For example, if UE wants to have packet
communication, the network redirect it to the normal LTE core network and if UE wants to do
voice call the network redirect the call to one of the existing technology like WCDMA, GSM or
C2K. This technology that enables to redirect connection to other technology (eg, WCDMA,
GSM, C2K) is called 'CS Fallback'.
 
UE should support multiple technologies and network side would be even more complicated
.,there should be some link point between LTE network and 2G/3G network to make this CS
fallback happen. In this case, the connection point is between MSC and MME and the interface
connecting these two entities are called 'SG' interface.
http://w
w w
.sh
arete
chno
te.co
m /ima
ge/CsFa
llba
ck_
SAE.PN
G

Now LTE and 2G/3G network is connected. Now let's look into the interplay of the two networks
to make the voice call possible. I think these interplay can be explained by adding just three
lines as follows.
h
ttp
://w
ww.sha
rete
chn
ote
.co
m /im
age/C
sFa
llba
ck_
Reg_
Paging
.PN
G
LTE
LTE stands for Long Term Evolution and it was started as a project in 2004 by
telecommunication body known as the Third Generation Partnership Project (3GPP). SAE
(System Architecture Evolution) is the corresponding evolution of the GPRS/3G packet core
network evolution. The term LTE is typically used to represent both LTE and SAE.

LTE evolved from an earlier 3GPP system known as the Universal Mobile Telecommunication
System (UMTS), which in turn evolved from the Global System for Mobile Communications
(GSM). Even related specifications were formally known as the evolved UMTS terrestrial radio
access (E-UTRA) and evolved UMTS terrestrial radio access network (E-UTRAN). First version
of LTE was documented in Release 8 of the 3GPP specifications.

A rapid increase of mobile data usage and emergence of new applications such as MMOG
(Multimedia Online Gaming), mobile TV, Web 2.0, streaming contents have motivated the 3rd
Generation Partnership Project (3GPP) to work on the Long-Term Evolution (LTE) on the way
towards fourth-generation mobile.

The main goal of LTE is to provide a high data rate, low latency and packet optimized
radioaccess technology supporting flexible bandwidth deployments. Same time its network
architecture has been designed with the goal to support packet-switched traffic with seamless
mobility and great quality of service.

Advantages of LTE
 High throughput: High data rates can be achieved in both downlink as well as uplink.
This causes high throughput.

 Low latency: Time required to connect to the network is in range of a few hundred

milliseconds and power saving states can now be entered and exited very quickly.

 FDD and TDD in the same platform: Frequency Division Duplex (FDD) and Time
Division Duplex (TDD), both schemes can be used on same platform.

 Superior end-user experience: Optimized signaling for connection establishment and

other air interface and mobility management procedures have further improved the user
experience. Reduced latency (to 10 ms) for better user experience.

 Seamless Connection: LTE will also support seamless connection to existing networks

such as GSM, CDMA and WCDMA.
  Plug and play: The user does not have to manually install drivers for the device.
Instead system automatically recognizes the device, loads new drivers for the hardware
if needed, and begins to work with the newly connected device.

Simple architecture: Because of Simple architecture low operating expenditure (OPEX).

Channel in LTE

The information flows between the different protocols layers are known as channels. These are used
to segregate the different types of data and allow them to be transported across different layers.
These channels provide interfaces to each layers within the LTE protocol stack and enable an
orderly and defined segregation of the data. Actually, LTE uses several different types of logical,
transport and physical channel, which can be distinguished by the kind of information they carry and
by the way in which the information is processed.

Classification

Broadly in LTE Channel are divided into three categories named as below:

 Logical channels
 Transport channels
 Physical Channels

These all three types of channel are present in Downlink as well as Uplink direction. Mapping
of these channels is shown in below pictures.
 http://www.techplayon.com
/wp-content/uploads/2017/08/Chan1.png

 
http://www
.techplayon.com
/wp-content/uploads/2017/08/chan2.png

Logical Channels

Logical channels define what type of information is transferred. These channels define the data-
transfer services offered by the MAC layer. Data and signaling messages are carried on logical
channels between the RLC and MAC layers. Logical channels further can be divided into two
categories as control channels and traffic channels. control channels carry signaling messages in
the control plane and they can be either common channel or dedicated channel.

A common channel means  common to all users in a cell (Point to multipoint ) whereas  Dedicated

channels means channels can be used only by one user (Point to Point).

Traffic channels carry data in the user plane, while logical control channels carry signaling
messages in the control plane.

Downlink Logical Channel :

Control channel: In Downlink there are 4 Control channel which carried Common channel
information as well as dedicated channel information

 Broadcast Control Channel (BCCH) – It Used for broadcasting MIBs/SIBs

 Paging Control Channel (PCCH) – It is used for paging the UE
  Common Control Channel (CCCH) -It is Common to multiple UE’s
 Dedicated Control Channel (DCCH) – It used to transmit dedicated control information for a
particular UE
 Multicast Control Channel (MCCH) – It is used for transmit information for Multicast
Traffic Channel

Dedicated Traffic channel (DTCH):    Dedicated Traffic for a particular UE

 Multicast Traffic Channel (MTCH):    used to transmit Multicast data

Uplink Logical Channel : In Uplink we have 2 control channels and one traffic channel.

 Common Control Channel (CCCH) -It is Common to multiple UEs

 Dedicated Control Channel (DCCH) – It used to transmit dedicated control information for a
particular UE
 Dedicated Traffic channel (DTCH):  Dedicated Traffic for a particular UE

Transport Channels:

Transport channels define how and with what type of characteristics the data is transferred to the
physical layer. Data and signalling messages are carried on transport channels between the MAC
and the physical layer.

Downlink Transport Channels :

 Broadcast Channel (BCH) :  This LTE transport channel maps to Broadcast Control Channel
(BCCH) and carries information like used for MIB and send information to Physical
Broadcast channel (PBCH)
 Downlink Shared Channel (DL-SCH)  This transport channel is the main channel for
downlink data transfer . The information carried by this channel is SIB, Data transfer
 Paging Channel (PCH) :  To convey the PCCH information and mapped to Physical Downlink
Shared Channel (PDSCH) and carries Paging Information
 Multicast Channel (MCH) :   This transport channel is used to transmit MCCH information to
set up multicast transmissions. This channel is mapped to Physical Multicast Channel
(PMCH) this is basically used for MBMS services.
Uplink Transport channel: 

 Uplink Shared Channel (UL-SCH) :   This transport channel is the main channel for uplink
data transfer. It is used by many logical channels like CCCH, DCCH DTCH.
 Random Access Channel (RACH) : This is used for random access procedure.

Physical Channels

These channels are also in both direction downlink and uplink directions. So we can divide these into
Downlink Physical channels and uplink Physical Channels. Based on Data and signalling messages
are carried on physical channels in LTE ,we can further classified as
  Physical Data channels (DL, UL)
 Physical Control Channels (DL,UL)
Downlink Physical  Channel: 

 Downlink physical Data Channel          (PBCH, PDSCH,PMCH)

 Downlink Physical Control Channel  (PCFICH,PHICH,PDCCH)

1. Physical Broadcast Channel (PBCH) This physical channel carries system information for
UEs requiring to access the network. It only carries what is termed Master Information Block,
MIB, messages
2. Physical Downlink Shared Channel  (PDSCH): The PDSCH can carry DL-SCH or PCH. It
carries SIB information, Paging Information and user plan Data.
3. Physical Multicast Channel (PMCH) : This channel type is used to carry MCH and mainly
used for MBMS Services.
4. Physical Control Format Indicator Channel (PCFICH) :  

PCFICH informs the UE about the format of the signal being received. It indicates the
number of OFDM symbols used for the PDCCH channel, whether 1, 2, or 3. The information
within the PCFICH is essential because the UE does not have prior information about the
size of the control region (PDCCH). A PCFICH is transmitted on the first symbol of every
sub-frame and carries a Control Format Indicator CFI.

5. Physical Downlink Control Channel (PDCCH)  :

The PDCCH carries information known as the Downlink Control Information or DCI . It
carries the control information for a particular UE or group of UEs. Basically A DCI provides
the following information. Downlink resource scheduling, Uplink power control instructions.
Uplink resource grantThe DCI format has several different types which are defined with
different sizes.

Physical Hybrid ARQ Indicator Channel (PHICH): This channel is used to report the
Hybrid ARQ status. It carries the HARQ ACK/NACK signal indicating whether a transport
block has been correctly received.The PHICH is transmitted within the control region of the
subframe and is typically only transmitted within the first symbol. If the RF conditions  are
poor, then the PHICH is extended to a number symbols for robustness
Uplink Physical  Channel:

 Uplink physical Data Channel ( PUSCH,PRACH)

 Uplink Physical Control Channel  (PUCCH)

1. Physical Uplink Shared Channel (PUSCH) : This physical channel is used for Uplink data
transmission by the UE. They may also carries the uplink control information sometimes.
This channel is the counterpart of PDSCH channel in Uplink
2. Physical Random Access Channel (PRACH) :This Uplink physical channel is used for
random access procedure called RACH procedure. UE does RACH procedure to get the
Uplink synchronization
3. Physical Uplink Control Channel (PUCCH) : The Physical Uplink Control Channel,
PUCCH provides the various control signaling. These signaling are known as Scheduling
request, Downlink data ACK/NACK and  CQI information.
MPSS(Modem Process Subsystem) observed and
performed :
Today I learned to perform MPSS on particular devices in which there are devices like 6150 / 7150 /
8150 :

There are different steps which includes,

 downloading files from FileZilla

 extracting it to desired location
 performing the steps on CMD of that file location after connecting the device.

The MPSS procedure is as follows for 6150 / 7150 / 8150 :

adb root
adb disable-verity
adb reboot
adb root
adb remount
//Now Remove modem files using below commands:
adb shell
#su
#cd /vendor/firmware_mnt/image
#rm -rf modem.b*
#rm -rf modem.mdt
#exit
//Then push split bins to /vendor/firmware_mnt/image with below commandexit
adb push . /vendor/firmware_mnt/image
adb shell sync
adb reboot

LTE Handover:
The Handover is the process of transferring an ongoing data session/Call from one (source) cell
connected to the core network to another (target) cell. Handovers are needed when UE moved
out of its serving cell’s coverage or for load balancing purposes.
The basic objective of handover procedures are:

 QoS should be maintained all the time. Not after handover but during handover as well.
 Handover should not drain UE battery.
 UE should able to continue its  normal services before and after handover. For example a voice
call before handover should be maintained after handover as well. As Seamless handoff between
2G/3G/CDMA/LTE technologies.

Normally there are two type of handover approach available in mobile networks.
 Network Controlled: In this case network makes handover decisions.
 Mobile Evaluated: The UE will make handover decisions and inform network about it. But still
network takes the final decision based on radio resource available in target cell.
In LTE network a hybrid approach is used. UE sends measurement information to network and based on
those measurements network asks UE to move to a target cell.
Types of Handover in LTE network:
 Intra-LTE Handover: In this case source and target cells are part of the same LTE
network.
 Inter-LTE Handover: Handover happens towards other LTE nodes. (Inter-MME and Inter-
SGW)
 Inter-RAT: Handover between different radio technologies. For example handover from
LTE to WCDMA.

Intra-LTE Handovers:    There are different use cases for Intra-LTE handovers. There are primarily three
types of Intra-LTE handover can be possible

Intra-MME/SGW: Handover using X2 InterfaceX2::     is the interface between two eNodeB, serving
eNodeB and target eNodeB in this case.
When X2 interface is present then handover is completed without EPC (Evolved Packet Core)
involvement The release of the resources at source eNodeB is triggered by target eNodeB.

Intra-MME/SGW: Handover using S1 Interface

In case when X2 interface is not available and source eNodeB and target eNodeB are part of same
MME/SGW then handover is carried out through S1 interface. The S-eNB initiates the handover by
sending a Handover required message over the S1-MME reference point. The EPC does not change the
decisions taken by the S-eNB.

Inter-LTE Handovers:
 Inter-MME Handover
In Inter-MME handover two MME are involved in handover, source MME and target MME. The source
MME (S-MME) is in charge of the source eNodeB and target MME (T-MME) is in charge of target
eNodeB.
Inter-MME handover occurs when UE moves between two different MMEs but connected to same SGW.
 Inter-MME/SGW Handover
This is same as Inter-MME but only difference is that here UE need to move from one MME/SGW to
another MME/SGW. Source eNodeB is part of one MME/SGW and target eNodeB is in another
MME/SGW.
 Inter-RAT Handover:
Handover from eUTRAN to UTRAN
In case of handover between eUTRAN to UTRAN, the source eNodeB is connected to source MME and
SGW and target RNC is connected to Target SGSN and Target SGW.First the required resources are
reserved in UTRAN system and the handover is carried out.
Observed and performed MPSS, QCN :
 Observe how to prepare devices of PL8150 & 7150.
 Preparing Computer with software’s for testing
 call support
 Observing and learning how to perform QCN on devices.

QCN  (QUALCOMM combined Non-volatile memories )

Open QPST > start client > software download > restore > browse > Select the device > Select the QCN
path (for MCN 2000 use 436 QCN) > Select ESM mismatch >  Start Option

LTE Frame structure

The LTE frame structure are of two types based on topology
either FDD or TDD. Total Frame duration is about 10ms. There are total 10
subframes in a frame. Each subframe composed of 2 time slots.
Type 1, LTE frame structure is applicable to FDD system. As shown in the figure
below, an LTE TDD frame is made of total 20 slots, each of 0.5ms. Two
consecutive time slots will form one subframe. 10 such subframes form one radio
frame. One subframe duration is about 1 ms. Hence LTE radio frame will have
duration of about 10ms. Each radio frame will have 307200 Ts. Where in one Ts
equals 1/(15000 x 2048) seconds.
 http://www.techplayon.com/wp-content/uploads/2018/04/LTE-Frame-2-FDD.png

Type2, In TDD, the transmission is divided into time domain, means at one moment of time either
downlink subframe is transmitted or uplin As one can see in above image, one frame is divided into

10 subframes (1ms each), and that subframe can be either downlink, uplink or special subframe.

Now the question comes, who decides the sequence of these subframes. That has been defined by
3GPP with the name TDD Frame Configurations. There are fixed patterns of these configurations
and network
operator has to
choose out of
these defined
patters. There
are total 7 TDD
configurations
as shown
below:
 h
t
p
t:
//
www
.
te
ch
p
la
yo
n
.c
om
/w
p-
con
t
en/
t
upl
oad
s
/2
01
8
/0
4/
LTE
-
Fr
ame
-
4-
TDD
-
CO
nf
ig
.p
ng

   
                                                                    
http://w
w w.te
chpla
yon.com
/wp-con
tent/u
plo
ads/2
018/0
4/LTE
-Fra
m e
-5-SSF
.png

Special

And there comes a Special subframe which comes when there is transition from downlink subframe
to uplink subframe. It has three parts –  DwPTS(Downlink Pilot Time Slot),GP (Guard Period) and
UpPTS (Uplink Pilot Time Slot) and all of these have configurable lengths, which depends upon
Special subframe configuration.

VOLTE
VoLTE stands for voice over Long Term Evolution. Utilising IMS technology, it is a digital
packet voice service that is delivered over IP via an LTE access network.
Voice calls over LTE are recognised as the industry-agreed progression of voice services
across mobile networks, deploying LTE radio access technology.
Voice over Long-Term Evolution (VoLTE) is a standard for high-speed wireless
communication for mobile phones and data terminals - including IoT devices and wearables. It is
based on the IP Multimedia Subsystem (IMS) network, with specific profiles for control and media
planes of voice service on LTE defined by GSMA in PRD IR.92. This approach results in the voice
service (control and media planes) being delivered as data flows within the LTE data bearer. This
means that there is no dependency on (or ultimately, requirement for) the legacy circuit-
switched voice network to be maintained.

BENEFITS:
Superior call quality
Improved coverage and connectivity

Better battery life

Video calling

Device Preparation Procedure:

1. Flashing
2. QCN : Camping QCN, Calibration QCN.
3. MBN Loading
4. MPSS

1.Flashing    for 8150

download file
common > Build > cmd
adb Devices
adb bootloader
fastboot devices
Fastboot_complete.py--sb-f --st=ufs
fastboot reboot

for 6150

downlaod file
common > Build > cmd
adb Devices
adb bootloader
fastboot devices
fastboot_complete.py --st=emmc
fastboot reboot

2.QCN (for latching network)

Open QPST > start client > software download > restore > browse > Select the device >
Select the QCN path (for MCN 2000 use 436 QCN) > Select ESM mismatch >  Start Option

3 MBN's (lte setup for sub1 and sub2)

open pdc > device connect > LA s 7+7 for HARDWARE -- sub0 >
for software check the operator in sub, accordingly select ,
if sub is jio then go to Reliance commercial and for airtel ROW commercial
4.Mpss
MPSS procedure for 8150,6150,7150 :

adb root
adb disable-verity
adb reboot
adb root
adb remount
adb shell mount -o rw,remount /vendor/firmware_mnt
Now Remove modem files using below commands:
adb shell
#su
#cd /vendor/firmware_mnt/image
#rm -rf modem.b*
#rm -rf modem.mdt
#exit
Then push split bins to /vendor/firmware_mnt/image with below commandexit

adb push . /vendor/firmware_mnt/image

adb shell sync
adb reboot

one plus 7, flashing procedure.

1. open build folder

2. now right click on MSM download tool and open it as run as administrator
3. click on start button
4. press volume up and down button and plug in USB simultaneously.
5. once devices is flashed successfully it will reboot automatically.

Login steps of one plus seven

1. Dial *#800#  number on Dial pad > then  select one Plus log kit.
2.get QXDM log option
3.  select open device  log option
4. go to back and save log.
5 reboot
6 after reboot perform the scenario.
7.after performance again dial  *#800#
8. untick on save log
9. get QXDM log option
10. select  close device log .

MPSS Procedure:  
1.open filezilla and open the desired folder.
2.download the build from the folder in filezilla.
3.copy the path from filezilla of downloaded file.
4.paste the path in my computer search bar.
5.cut and paste the zip file at desktop and then extract there.(optional)
6.open the extracted folder and open CMD of that folder.
7.attach the devices to the laptop through cable.
8.type commands as per the steps .
9.first start from adb devices and check if device is connected or not.
10. run following command in cmd

MPSS Procedure SDM439.LA.1.0.c2 with Android Version O Only

------------------------------------------------------------
adb root
adb remount
adb shell mount -o remount,rw /firmware
adb shell rm /firmware/image/modem*
adb shell rm /firmware/image/mba*
adb shell rm /firmware/image/qdsp6m.qdb
adb push . /firmware/image/
adb shell sync
adb reboot

Circuit Switching
In circuit switching network dedicated channel has to be established before the call is made
between users. The channel is reserved between the users till the connection is active. For half
duplex communication, one channel is allocated and for full duplex communication, two
channels are allocated. It is mainly used for voice communication requiring real time services
without any much delay. 
c
ir
cuts
i w
it
chin
g(C
S)
vspa
ck
ets
wit
chin
g(
PS)f
ig1

 
if user-A wants to use the network; it need to first ask for the request to obtain the one and then
user-A can communicate with user-C. During the connection phase if user-B tries to
call/communicate with user-D or any other user it will get busy signal from the network.

Packet Switching
In packet switching network unlike CS network, it is not required to establish the connection
initially. The connection/channel is available to use by many users. But when capacity or
number of users increases then it will lead to congestion in the network. Packet switched
networks are mainly used for data and voice applications requiring non-real time scenarios. 
 c
ir
cuits
wit
chin
gvspa
c
ket
s w
it
chin
gfig
2

 
if user-A wants to send data/information to user-C and if user-B wants to send data to user-D, it
is simultaneously possible. Here information is padded with header which contains addresses of
source and destination. This header is sniffed by intermediate switching nodes to determine
their route and destination.
In packet switching, station breaks long message into packets. Packets are sent one at a time to
the network. Packets are handled in two ways, viz. datagram and virtual circuit.
In datagram, each packet is treated independently. Packets can take up any practical route.
Packets may arrive out of order and may go missing. 

In virtual circuit, pre-planned route is established before any packets are transmitted. The
handshake is established using call request and call accept messages. Here each packet
contains virtual circuit identifier(VCI) instead of the destination address. In this type, routing
decisions for each packet are not needed.

Logging Procedure for OPPO & MTK:

1.Enable all switch ports by dialling user *#564#
2.EnableContact,Mms,Dialer,Phone,Email,NFC,Blacklist,OppoSimSetting,PhoneNu
mberAttrubution,OppoWirelessSetting
3.Then dial user *#800# for starting log
4.go to Log and Debugging
5.Log and Debugging >  OppoLogKit
6.In OppoLogKit select the option which is required for testing
7.Select Default > Screen Recording on > Start Logging > reboot.
8. In OppoLogKit there is option of setting, we can customize it as per Scenario
9. In setting > Default > enable all the sub options in each folder like Mobile log,
ATCI log and many 10. In setting there is option of MTKLogger which is used to
take log of different types like  MobileLog, ModemLog, NetworkLog, ConnsysLog
which has to be enabled for the log to be taken
MTKLogger is for Mediatek Log which is being stored in phone memory
11. After the issue has been found by Red assertion screen or any issue stop the
log by same procedure as start log and select Stop Logging option
12.The logs will be in phone memory in “oppo_log” folder.
In “oppo_log” folder the log has been saved by the name for example
“debug@stop@2019-01-31_12-54-46-493”. > Rename it > save
14. collect that log and copy to appropriate device.
 observed and performed different scenarios.

Today I visited to field test and observed SRVCC.

MIB:-Master Information Block       

1. It is the broadcast information transmitted by eNodeB to UE
2. Give physical layer information like channel bandwidth, no of transmit
antenna, signal transmit power  
3. MIB is transmitted by PBCH (Physical Broadcast channel)
4. It transmits in every 40 seconds

SIB:-System Information Block

SIB:  
SIB stands for System Information Block.
There are 11 SIB which share information about neighbour cell, handover info. [It
is transmitted by PDSCH (Physical Downlink Shared Channel)]

1. SIB 1:
I) Carry the Information about cell related parameters, like cell ID, cell status,
PLMN identity list
II) Also carrying scheduling Information List I.e. Information about presence of
SIB type (SIB 2 to SIB 13).
2. SIB 2:
I) Require for initiate attach procedure
II) II) Carry RACH related information

3. SIB 3: Carry information for intra/inter frequency cell reselection.

4. SIB 4: It is for Intra frequency neighbour cell information.
5. SIB 5: It carries inter frequency neighbours (on different frequencies) 
6. SIB 6: It carries WCDMA neighbours information i.e., carries neighbour cell
frequencies useful for cell reselection
7. SIB 7: It carries GSM neighbour’s information
8. SIB 8: It carries CDMA neighbour’s information
9. SIB 9: It carries information about e NB (Transmitting power, Frequency,
neighbouring cell)
SIB 10: It carries ETWS (Earthquake and Tsunami Warning System) primary
notification
SIB 11: It carries ETWS (Earthquake and Tsunami Warning System) secondary
notification
SIB12: Measurement control information to be used in the cell for UE in
connected mode.
SIB13: ANSI-41 system information. ANSI-41 facilitates inter-switch operations
like hand-offs and roaming authentications
SIB14: TDD physical channel parameters.
SIB15: Location Services
SIB16: Parameters to be stored by UE for use during handovers to UTRAN.
SIB17: TDD fast changing parameters for shared channels in connected mode.
SIB18: PLMN identity parameters of neighboring cells to be considered in idle
mode as well as in connected mode.
SIB19: Priority information for E-UTRAN frequencies, selection lists and
information parameters broadcast to the LTE/UMTS capable UEs.

Login steps of one plus seven

1. *#800#  > select one Plus log kit.
2.get qxdm log.
3. open log.
4. save log.
5 reboot
6 after reboot perform scenario.
6 after reboot perform the scenario.
7.after performance again dial  *#800#
8. untick on save log
9. get QXDM log option
10. select  close device log .

In this I observed and performed scenario and observed issues.

Carrier Aggregation (CA):
LTE Advanced Carrier Aggregation, CA, is one of the key techniques used to enable the very high
data rates of 4G to be achieved.
By combining more than one carrier together, either in the same or different bands it is possible
to increase the bandwidth available and in this way increase the capacity of the link.

Carrier aggregation, CA requires many different features to be implemented to enable it to

operate effectively, as the two channels are likely to have very different characteristics,
especially if they are on different bands.

LTE carrier aggregation, CA, enables the most to be made of the available radio spectrum. Often
bands are small as the availability of spectrum is limited in the sectors required and as a result
many country administrations have released as much as they can but this may only be as small
bands. Carrier aggregation seeks to be able to utilise this and large bands equally effectively.

Carrier aggregation is supported by both formats of LTE, namely the FDD and TDD variants. This
ensures that both FDD LTE and TDD LTE are able to meet the high data throughput requirements
placed upon them.

Carrier aggregation (CA) helps in increasing bandwidth allocation to the UE. Increase
throughput with additional antenna.  Improves cell edge performance.
Types of Carrier Aggregation:

A) Intra-band contiguous:
This form of carrier aggregation uses a single band. In this instance, only one transceiver is required
within the terminal or UE.

      b)    Intra - band non - contiguous

This form of carrier aggregation uses a single band.  Two tranceiver are required
                                                                                                                                                                                            
c). Interband non -contiguous
This form of carrier aggregation uses different bands.   This form of carrier aggregation uses different
bands.

SVLTE:
Simultaneous Voice and LTE (Long Term Evolution)

A protocol and technical standard that allows a phone to use both voice and data networks at the same
time. Specifically, when the voice network is CDMA 1xRTT and the data network is LTE (4G.)
Not all CDMA/LTE phones support SVLTE.
SVLTE only works with 4G (LTE) networks. A different but related standard - SVDO - applies to CDMA 3G
(EV-DO) data networks.
SVLTE is important because CDMA 3G and LTE 4G networks were initially only built to handle data, not
voice. Without SVLTE, the LTE data network is unavailable during a voice call.
SVLTE will be less important when VoLTE (voice over LTE) launches on a large scale. This will allow both
voice and data to operate seamlessly on one LTE network.

Login Procedure of TOPAZ and performed some retest.

1. dial *#800# on the dial pad.
2.  goto the log and debugging  panel and select oppologkit.
3. select log module under network Mode.
4 Enable the Screen Recording >ok
5 Then select the start mode
6.Reboot alert display will popup > select reboot.

Types of Transmission Path:

There are 3 types of transmission path as per theire nature of transmission.
1. Simplex.
2. Half duplex.
3. Full duplex.

1.Simplex:
In this type data transmission is only occure In one direction only.

2. half duplex:
In this type of transmission signal can transmit in both direction I.e uplink and
Downlink ,but one at a time. If transmitter is transmitting from one nd then at the
other end one has to wait till the data transmission process is not completed.
Ex. Walkie- talkie, CB

3.full duplex:
In this type of communication data can be transmit in both direction
simultaneously.

TDD:
 TDD stand for Time division Duplex.
 Time division duplex is a technique by which the Uplink and the Downlink
transmissions are carried over the same frequency by using synchronized
time intervals.
 The available frequency bands for TDD will be 1900–1920 MHz and 2010 –
2025 MHz.
  User are allocated time slots for uplink and downlink transmission
 transmissions from base station to subscriber stations is referred as
downlink and transmissions from subscriber stations to base station is
referred as uplink in cellular/wireless communication systems. In TDD, both
uplink and downlink transmissions are arranged one after the other on time
scale i.e. uplink is transmitted at say 't1' instance and downlink is
transmitted at 't2' instance. Here t2 is considered to be t1 plus some
duration. Both uplink and downlink transmissions will take place at same RF
carrier frequency(Fc). 
 in some TDD systems, time slots are of the same duration or have equal DL
and UL times. However, the system doesn’t have to be 50/50 symmetrical.
The system can be asymmetrical as required.
 For instance, in Internet access, download times are usually much longer
than upload times so more or fewer frame time slots are assigned as
needed. Some TDD formats offer dynamic bandwidth allocation where
time-slot numbers or durations are changed on the fly as required.
 TDD is favourable compare to FDD for advanced antenna technques such as
beamforming  wireless sysytems and AAS(Adaptive Antenna System). This is
due to channel reciprocity in TDD between the uplink and downlink paths.
 In india we use band 40 and 41 for TDD.

 TDD technology is used in various IEEE 802.16 WiMAX, 3G TD-SCDMA and

4G TDD LTE. Also used in Zigbee and Bluetooth.

Disadvantage :
 The disadvantage is that the successful implementation of TDD requires a
timing system. The precise timing to both the transmitter and the receiver is
needed to ensure that the time intervals do not overlap or interfere with
another.
 Uplink and downlink transmissions occur at different time instants at same
carrier frequency. As transmissions are not continuous, the required data
rates can not be achieved as compare to FDD at similar distances from Base
Station (or eNB). 
 As TDD supports lesser distances compare to FDD, it needs more base
stations to achieve given coverage area.
 TDD - time division duplex

                       
Related image

FDD :
FDD stands for Frequency division Duplexing.

FDD - frequency division duplex

 In fdd transmission technique there are  2 different frequency are allocated

for both transmission of data and receiving of data signal.
  Because of  the FDD technique uses different frequency bands for send and
receive operations, the sending and receiving data signals don't interfere
with each other. This makes FDD a better choice than Time Division Duplex
(TDD) for symmetric traffic such as voice applications in broadband wireless
networks.
 FDD transmissions require a guard band between the transmitter and
receiver frequencies.
 FDD requires lots of frequency spectrum, generally at least twice the
spectrum needed by TDD. there must be adequate spectrum separation
between the transmit and receive channels. In fdd there is no interference
of signal  takes place.
 As per current scenario, FDD is widely used in mobile phones.
 In india we use band 3 and band 5 for FDD.
 For downlink Frequency band is:  869mhz – 894 mhz
 For Uplink Frequency band is:      824 MHz- 849 Mhz.

Advantages:
 1. The full data capacity is always available in each direction because the
send and receive functions are separated;
 2. It offers very low latency since transmit and receive functions operate
simultaneously and continuously;
 3. It can be used in licensed and license-exempt bands;
 4. Most licensed bands worldwide are based on FDD; and
 5. Due to regulatory restrictions, FDD radios used in licensed bands are
coordinated and protected from interference, though not immune to it.

Disadvantages:
 The drawback of FDD is that it does not allow special techniques like
multiple antennas, multiple input-output (MIMO), and beamforming. These
technologies are an essential element of the new strategies Long Term
Evolution (LTE) 4G cell phone to increase the data rate.
 FDD require more power
 FDD is more costlier than TDD.
 Complex to install setup.

Evolution of Mobile Communication

  In the last few decades, Mobile Wireless Communication networks have experienced a
remarkable change. The mobile wireless Generation (G) generally refers to a change in the
nature of the system, speed, technology, frequency, data capacity, latency etc. Each generation
have some standards, different capacities, new techniques and new features which differentiate
it from the previous one.
 The first generation (1G) mobile wireless communication network was analog used for voice calls
only.
 The second generation (2G) is a digital technology and supports text messaging.
  The third generation (3G) mobile technology provided higher data transmission rate, increased
capacity and provide multimedia support.
 The fourth generation (4G) integrates 3G with fixed internet to support wireless mobile internet,
which is an evolution to mobile technology and it overcome the limitations of 3G. It also
increases the bandwidth and reduces the cost of resources.
 5G stands for 5th Generation Mobile technology and is going to be a new revolution in mobile
market which has changed the means to use cell phones within very high bandwidth.

1G:
 It was 1st generation technology which used in mobile communication.
 1G technology is based on Advanced mobile  Phone System(AMPS), system was frequency
modulated an division multiple access (FDMA) with a channel capacity of 30 KHz and frequency
band of 824- 894MHz.
 data rate -2.4 kbps
 Use Analog signal.

DISADVNTAGE OF 1G:
 Poor voice quality
 Poor battery life
 Limited capacity
 Poor handoff reliability
 Poor security
 Offered very low level of spectrum efficiency

To overcome this drawback 2G was introduced.

 2G:
 2G was based on GSM architecteture.
 It uses digital signal for voice transmission.
 It use the bandwidth of 30 to 200 KHz
 Data rate upto 64kbps
 Enables services such as text messages, picture messages and MMS
 Provides better quality and capacity

Disadvantage:
 Unable to handle complex data such as videos.
 Required strong digital signals to help mobile phones work. If there is no network coverage in
any specific area, digital signals would weak.
2.5G:
The GSM technology was continuously improved to provide better services which led to development of
advanced Technology.
It known as GPRS.
Data rate of GPRS is 171 kbps max.
 Send/receive e-mail messages
 Web browsing
 Speed : 64-144 kbps

2.75G:
 2.75G is called as EDGE
 EDGE stands for enhanced data rates for GSM evolution
 It has increased the data rate from GPRS  
 It uses 8PSK modulation technique
 Data rate of EDGE is 384 kbps max.
 While using GPRS it is assigned G and for EDGE it is assigned E in mobile
In 2G we also have CDMA code division multiple access is provided by qualcomm as they have
patent of it,it is prominent in some countries like US but some countries are using GSM

 Benefits-
-conversations were fully digitally encrypted
-more efficient on spectrum
-greater mobile phonbe penetration
-introduce data service that is SMS

3G:
The original technology was improved to allow data up to 14 Mbps and more using packet switching. It
uses Wide Band Wireless Network with which clarity is increased.
It operates at a range of 2100MHz and has a bandwidth of 15-20MHz used for High-speed internet
service, video chatting.
3G which is known as UMTS-universal mobile terrestrial /telecommunications systems
 It has speed of 384kbps
 It works on Packet switching.
 This supports video calling which is required as we have smart phones which can support video
calling.
 Provides faster communication
 Send/receive large email messages
 High speed web/more security/video conferencing/3D gaming
 Large capacities and broadband capable.

3.5G:
 HSDPA-highspeed downlink packet access – focused on downloading because most users
download more than upload
  HSUPA- high speed uplink packet access - it is developed because of era of cloud computing
 HSDPA and HSUPA under 3.5G
 It has a data rate of 2mbps

     3.75G:
 HSPA+ it is high speed packet access plus represents  increased in data rate
 It has a data rate of 14.4 mbps

3.75 system is an improved version of 3G network with HSPA+ High Speed Packet Access plus. Later this
system will evolve into more powerful 3.9G system known as LTE (Long Term Evolution).

Disadvantages of 3G:

a. The cost of cellular infrastructure, upgrading base stations is very high

b. Needs different handsets.
c. Roaming and data/voice work together has not yet been implemented
d. Power consumption is high
e. Requires closer base stations and are expensive
f. Spectrum-license costs, network deployment costs and handset subsidies subscribers are
tremendous

4G:
 LTE (Long Term Evolution) is considered as 4G technology
 Data rates upto 1 Gbps.
 High definition video streaming and gaming
 Voice over LTE network VoLTE (use IP packets for voice)
 Capable of provide 10Mbps-1Gbps speed
 High quality streaming video
 Combination of Wi-Fi and Wi-Max
 High security
 Provide any kind of service at any time as per user requirements anywhere
 Expanded multimedia services

5G:
5G Technology stands for 5th Generation Mobile technology. 5G technology has extraordinary data
capabilities and has ability to tie together unrestricted call volumes and infinite data broadcast within
latest mobile operating system
It is highly supportable to WWWW (wireless World Wide Web)
 High speed, high capacity
 Provides large broadcasting of data in Gbps.
 Multi-media newspapers, watch TV programs with the clarity(HD Clarity)
 Faster data transmission that of the previous generation
 Large phone memory, dialing speed, clarity in audio/video
 Peak data rate: 10 Gbps
OFDM:
OFDM stands for Orthogonal frequency-division multiplexing.
OFDM technology was first conceived of in the 1960s and 1970s during research into minimizing
interference among channels near each other in frequency and to achieve clean data transmission in
situations prone to interference and signal corruption when more conventional modulation schemes are
used.
In telecommunications, OFDM is a method of encoding digital data on multiple carrier frequencies.
OFDM has developed into a popular scheme for wideband digital communication, used in
applications such as digital television and audio broadcasting, DSL internet access, wireless
networks, power line networks, and 4G mobile communications.
OFDM is a method of digital signal modulation in which a single data stream is split across several
separate narrowband channels at different frequencies to reduce interference and crosstalk. The original
data stream bits- that in a conventional single-channel modulation scheme would be sent serially (one
after the other) --are transmitted in parallel  but at lower speed in each substream  relative to the
original signal.
OFDM is used in Wi-Fi, DSL internet access, 4Gwireless communications, and digital television and radio
broadcast services.
The main advantage of OFDM over single-carrier schemes is its ability to cope with
severe channel conditions

CONDITIONS LIKE
 attenuation of high frequencies in a long copper wire
 narrowband interference and frequency-selective fading due to multipath without complex
equalization filters.

Channel equalization is simplified because OFDM may be viewed as using many slowly

modulated narrowband signals rather than one rapidly modulated wideband signal.

Application:
OFDM is used in Wi-Fi, DSL internet access, 4Gwireless communications, and digital television and radio
broadcast services.
The main advantage of OFDM over single-carrier schemes is its ability to cope with
severe channel conditions

QXDM:

The QXDM Professional software is also known as the Qualcomm eXtensible Diagnostic Monitor. It is a
utility for those who have devices using Qualcomm ASICs and trial hardware, and allows them to test,
evaluate and potentially diagnose issues in the RF performance of their mobile devices. It is often used in
order to facilitate product development of these devices.
Using the software, users can see all the signaling messages made by their mobile devices, as the
software generates a log of them. These logs can be annotated through the software as well. Any mix of
network and phone parameters can be added to the screens, and users are allowed to use complex
formulae when working with their parameters. Myriad statistical data is also generated by the program
in real-time so that users can better identify potential performance issues. Users can access Markov
statistics, Mux statistics, RLP statistics, the block error rate, mobility management data, paging and
access statistics, forward and reverse link statistics, and more. The program also gives users a graphic
display of the portable device’s signals. The program is compatible with Windows operating systems.

Files supported by QXDM professional : DMC and ISF

2.How to save log:

   Method 1 :
   -alt+l:
   -open qxdm->goto file-> item stored setting-> then select the path in log file path
   -then to save the log, press alt+l and the log will be directly saved to path saved earlier
  
   Method 2 :
   -ctrl+i:
   -A popoup window will open after pressing ctrl+i in which where to save the log will be asked and input
there the path where to save

There are two types of logs:

1.Qxdm log:-
2.Android log:-

Different capturing methods :                                                         

one method in which all the required logs are stored in one txt file

adb logcat -b main -b radio -b system -b events -v threadtime > logs.txt

The other method in which different txt files for different log

adb logcat -v time > Main1.txt

adb logcat -b radio -v time > Radio2.txt

GSM Call flow:

FROM MO side:
1. User dial the number > press send from   this takes place from User to mobile.

all information of call related is transported via MSC For that we need channel / carrier for data
transportation

2. send RR CHANNEL REQUEST from mobile to BSS. Using RACH channel.

for allocation for radio resources for the RR connection setup. The mobile now waits for an
assignment on        the Access Grant Channel (AGCH). At this point the mobile is listening to the
AGCH for a reply.
RACH: this slotted aloha channel can be used as random without any conformation.
 3. BSS allocate the TCH to mobile , in this TCH allocate the Frequency and timeslots. 

The BSS transmits the radio resource assignment to the Mobile via the AGCH channel. The
message also contains the time and frequency corrections. The time corrections allow the
mobile to time it's transmissions so that they reach the BSS only in the specified slot.

4. RR SAMB + MM CM    SERVICE REQUEST (TCH ,SAPI=0)  ( Mobile to BSS)

 This is the first message that is sent after tuning to the channel. The Mobile initiates a
LAPm connection with the BSC by sending a Set Asynchronous Balanced Mode (SABM)
message. The service request message meant for the MSC is also sent in this message
5. RR UA  (BSS to Mobile)
 BSS reply with Unnumbered Acknowledge (UA) to complete the LAPm setup handshake

6   SSCP CONNECTION REQUEST + MM CM SERVICE REQUEST

 The BSS receives the CM Service Request message from the mobile and The BSS then
piggy backs the message on the SCCP connection request message
7 BSS >NSS> PSTN

MSC checks if the subscriber has been authenticated. In this case, the subscriber has already
been authenticated, so the authentic ation procedure is skipped

        8   BSSMAP CIPHER MODE COMMAND      (NSS to BSS)

Since the subscriber has been successfully authenticated, the MSC initiates ciphering of the data
being sent on the channel. The channel is ciphered so as so protect the call from eavesdropping

        9. Ciphering on the radio link is enabled in three steps

 first step, the BSS starts expecting ciphered data from the mobile but continues to send
data in clear. Since the mobile has not been informed about the ciphering, all data
received from the mobile will be in error

The BSS sends the CIPHERING MODE COMMAND to the mobile. The mobile will be able
to receive this message as the transmission from the BSS is still in clear

 As a second step, the Mobile receives the message and enables ciphering in transmit
and receive directions. This action will result in all BSS data being received in error. (The
BSS is still transmitting data in clear.

The BSS will receive this message as it is already expecting ciphered data in the receive
direction

BSSMAP CIPHER MODE COMPLETE   (BSS to MSC)

 The third and final step in the ciphering handshake. The BSS enables the ciphering in
transmit direction. From this point on ciphering is enabled in both directions

BSS replies back to the MSC, indicating that ciphering has been successfully enabled.

     10.     CC CALL PROCEEDING   ( MSC tO Mobile) then Connecting with User .   
The mobile is informed that the call setup is in progress. Connecting... At this point, the mobile
phone displays a message on the screen to indicate that call setup is being attempte
      11. BSSMAP ASSIGNMENT REQUEST   (MSS to BSS )
              MSC informs the BSS about the allocated voice circuit. The call is also switched from signaling to
voice.

      12.   RR CHANNEL MODE MODIFY

            The BSS notifies the Mobile about the changeover to voice mode.

      13. RR CHANNEL MODE MODIFY ACKNOWLEDGE    >>>> Mobile acknowledges.

       14.  BSSMAP ASSIGNMENT COMPLETE     >>>> The BSS responds back to the MSC      

       15.   ISUP INITIAL ADDRESS MESSAGE    >>>>  The MSC routes the call and sends the call towards the
called subscriber

        16. The MSC informs the mobile that the called subscriber is being alerted via a ring then The called
subscriber answers the call.

          17. CC Connect  >>>>  The MSC informs the mobile that the call has been answered.

          18. CC CONNECT ACKNOWLEDGE   >>>>  acknowledge  the receipt of CC Connect

          19. speech / conversation

           20. CC DISCONNECT >>    The mobile sends the disconnect message to the MSC
                                 
         21.  ISUP RELEASE      >>> The MSC initiates release on the PSTN side.

         22. The MSC disconnects the voice path and also releases the voice circuit between the BSS and the
MSC , The MSC informs the Mobile that it has        initiated call release and then

        23. ISUP RELEASE COMPLETE  >>>>  The PSTN informs that call release has been completed at its
end

         24. then  Mobile indicates that the call has been released.

         25. Mobile goes back to the default display to indicate that call has been completely released.

Carrier aggregation
        Carrier Aggregation is a technology to combine two or more carriers into
one data channel to enhance the data capacity.
        Carrier aggregation is used in LTE-Advanced in order to increase the
bandwidth, and thereby increase the bit rate
        It is possible to combine carriers in the same or different frequency bands.
         Each aggregated carrier is referred to as a component carrier, CC. The
component carrier can have a bandwidth of 1.4, 3, 5, 10, 15 or 20 MHz and
a maximum of five component carriers can be aggregated, hence the
maximum aggregated bandwidth is 100 MHz.
        In FDD the number of aggregated carriers can be different in DL and UL,
However, the number of UL component carriers is always equal to or lower
than the number of DL component carriers.
        For TDD the number of CCs as well as the bandwidths of each CC will
normally be the same for DL and UL.
 
 
 

 
To arrange carrier aggregation the above techniques are used
 
a.     Intra-band contiguous carrier aggregation  
In intra-band contiguous carrier aggregation same operating frequency spectrums
are used without any spaces in between, This might not always be possible, due to
operator frequency allocation scenarios.
b.     Intra-band non contiguous carrier aggregation
In inter-band non contiguous carrier aggregation same operating frequency
spectrums are used but there is gap or gaps in between those frequencies.
c.      Inter-band carrier aggregation
In inter-band carrier aggregation two different operating frequency bands are
used.

NETWORK BANDS:
Network band is a specific range of frequencies in a spectrum. With each band
defined Upper and down limit. By default Spectrum is government property and it
is leased by carriers for fixed amount of time. Government agencies allocates
spectrum in auctions to various network carriers.

In India, Telecom Regularity Authority of India is responsible for spectrum

allocations. Spectrum is allocated to network operator

Spectrum:
Spectrum is collection of various types of electromagnetic radiations of different
wavelengths.

BANDS of 2G/3G/4G in India:

2G Bands 3G Bands 4G Bands

900MHz 900MHz LTE 850MHz(5)FDD

1800MHz 2100MHz LTE 1800MHz(3)FDD

LTE 2100MHz(1)FDD

LTE 2300MHz(40)TDD

LTE 2500MHz(41)TDD
             

Higher frequency band-Higher data speed

Lower frequency band –higher coverage.

BAND 1-BAND 22 are used for FDD.

BAND 33-BAND 41 are used for TDD.

Following TABLE Shows the Bands and frequency range of jio.

Reliance Jio
Band & Topology Frequency Bandwidth

1710-1785 MHz Uplink Frequency 

Band-3 (LTE- FDD topology) 1805-1880 MHz Downlink Frequency 5 MHz

824 to 849 MHz Uplink Frequency 

Band-5 (LTE- FDD topology) 869 to 894 MHz Downlink Frequency 5 MHz

Band-40 (LTE- TDD 2300 to 2400 MHz Uplink/Downlink

topology) Frequency  20 MHz

Band 3
 Among different network bands, Band 3 is already used by various network
companies in India to provide 2G services. Band 3 runs on 1800 MHz
spectrum and provides an superb ecosystem in world to deploy LTE services
to users. In auction of 2015, almost every cellular company leased out Band
3 spectrum to provide their services. In India,

Band 5
Band 5 is another out of another network bands that your smartphone
should support. Band 5 runs on 850MHz which results into best network
coverage. Reliance Jio has already launched its LTE services on Band 5 and
network is available in almost every part of the country.

Band 40
Another Popular Network Bands used includes Band 40 which run on radio
frequency of 2300 MHz. It is specially used by 4G networks to provide their
services with great data speeds. 

Band 40 is also supported on almost every 4G smartphones in India.

Reliance Jio holds PAN India license for 2300 MHz spectrum and already
launched it throughout the country.

BANDS Used by different network companies   

SINR:
SINR stands for signal-to-interference-plus-noise ratio.

 It is a quantity used to give theoretical upper bounds on channel capacity (or the
rate of information transfer) in wireless communication systems such as networks
The SINR is defined as the power of a certain signal of interest divided by the sum
of the interference power (from all the other interfering signals) and the power of
some background noise.
If the power of noise term is zero, then the SINR reduces to the signal-to-
interference ratio (SIR). Conversely, zero interference reduces the SINR to
the signal-to-noise ratio (SNR)
SINR is commonly used in wireless communication as a way to measure the
quality of wireless connections. Typically, the energy of a signal fades with
distance, which is referred to as a path loss in wireless networks. 

S: it is termed as power measurement of usable signals. in this Reference signal

and Physical downlink Shared channel are involved.
I: Average interference Power
N: it is indicates background noise.
Unit of SINR is dB.

RSRP:
It stands for Reference Signal Receive Power.
It is the average power of Resource Elements (RE) that carry cell specific Reference
Signals (RS) over the entire bandwidth, so RSRP is only measured in the symbols
carrying RS.
RSRP is the linear average of reference singal power (in Watts) accorss the
specified bandwidth (in number of REs). This is the most important item UE
has to measure for cell selection, reselection and handover. You can think of
this as the one similar to CPICH RSCP in WCDMA.
RSRP is the average received power of a single RS resource element.
UE measures the power of multiple resource elements used to transfer
the reference signal but then takes an average of them rather than summing
them.
It is the power of the LTE Reference Signals spread over the full bandwidth and
narrowband.
Unit of RSRP is dBm.
RSRP levels for usable signal typically range from about -65 dBm close in to an LTE
cell site to-90 to  -120 dBm at the edge of LTE coverage.

RF Conditions:
Near Cell:
RSRP:  -50 to 65-70 dBm
SINR:    25-30 dB

MID Cell:
RSRP:  -70 to -80 dBm
SINR:   10 to 16 dB

Edge Cell:
RSRP: -80 and above dBm
SINR:  0 to 5-6 dB

How to excecute throughtput testing In QXDM.

1. Connect antenna as per band configuration
2. Connect devices (DUT & REF) in QXDM
3. And observe cell ID and SNR (cell ID of both device should be same).
4. Antenna difference between A0 and A1 should not more than 3 dBm.
5. Run adb logs and open ANDFTP on both devices.
6. Download the same file in DUT and REF serially while performing stationary
testing. E.g.: Near Cell Throughput
7. Download the file with same size with different Name in DUT and REF in
parallel while performing mobility testing. E.g.: Throughput in mobility.
8. After downloading note the time taken by both devices and calculate
throughput value.
9. Throughput Speed (Mbps)=  [File size(MB)/Time taken]*8
10.Save both adb & QXDM logs. Using Alt+L or CTlr+i.

VoWiFi:-
VoWi-Fi simply stands for voice over (EPC-integrated) Wi-Fi. VoWi-Fi is a complementary
technology to VoLTE and utilises IMS technology to provide a packet voice service that is
delivered over IP via a Wi-Fi network. Where possible, VoLTE calls may be seamlessly handed
over between LTE and Wi-Fi and vice versa.

Preparation of DUT MTP_SM8150_LA1.0 for RJIL/Vodafone VoWiFi:-

1. Prepared the device with required Meta and MPSS.
2. Load the proper QCN for device.
3. Activate Reliance commercial MBN for RJIL operator using PDC tool.
4. Then use following steps to make device VoWiFI capable:-

Steps to make device RJIL/Vodafone VoWiFi:- 

Step1:  Run below adb commands in cmd
adb root
adb remount
adb shell setprop persist.dbg.volte_avail_ovr 1
adb shell setprop persist.dbg.vt_avail_ovr 1
adb shell setprop persist.dbg.wfc_avail_ovr 1
adb shell sync
adb reboot
Step2: push the attached file to EFS to below path (For Vodafone only)
Open EFS Explorer—go to /data directory and copy the attached file.

Step3: -
Turn WFC (WiFi calling) option ON from DUT and connect to WiFi and check whether device is
registering on IWLAN or not.

WiMAX
WiMAX Stands for Worldwide Interoperability for Microwave Access.  is a family of wireless
broadband communication standards based on the IEEE 802.16 set of standards, which provide multiple
physical layer (PHY) and Media Access Control (MAC) options

Based on Wireless MAN technology. And  Wimax used OFDM technique.

The 802.16a standard for 2-11 GHz is a wireless metropolitan area network (MAN) technology that will
provide broadband wireless connectivity to Fixed, Portable and Nomadic devices.
It can be used to connect 802.11 hot spots to the Internet, provide campus connectivity, and provide a
wireless alternative to cable and DSL for last mile broadband access.

IEEE 802.16REVd and IEEE 802.16e standards support both Time Division Duplexing and Frequency
Division Duplexing as well as a half-duplex FDD, that allows for a low cost implementation.

Devices that provide connectivity to a WiMAX network are known as subscriber stations (SS).
WiMAX is based on Physical layer operating in the 10 to 66 Ghz range. After that In updated version IEEE
802.16a it added specification for the 2 to 11 GHz range ,in this and further updated version of WiMAX
802.16e it use SOFDM method. (Scalable OFDM).

In this version with 256 sub-carriers (of which 200 are used) in 802.16d. More advanced versions,
including 802.16e, also bring multiple antenna support through MIMO. This brings potential benefits in
terms of coverage, self-installation, power consumption, frequency re-use and bandwidth efficiency.
WiMax is the most energy-efficient pre-4G technique among LTE and HSPA+.

WiMAX would operate similar to WiFi, but at higher speeds over greater distances and for a
greater number of users. WiMAX has the ability to provide service even in areas that are
difficult for wired infrastructure to reach and the ability to overcome the physical limitations
of traditional wired infrastructure.

RANGE:

Wi-Fi typically provides local network access for a fe w hundred feet with the speed of up to
54 Mbps, a single WiMAX antenna is expected to have a range of up to 40 miles with the
speed of 70 Mbps or more. As such, WiMAX can bring the underlying Internet connection
needed to service local Wi-Fi networks.

Bitrate :WiMAX works at 5 bps/Hz and can peak up to 100 Mbps in a 20 MHz channel.
SRVCC:

It Stands for, Single radio Voice Call Continuity

SRVCC, is a technology that enables Inter Radio Access Technology, Inter RAT handover as well as a
handover from packet data to circuit switched data voice calls.

By using SRVCC operators are able to make the handovers while maintaining existing quality of service,
QoS and also ensuring that call continuity meets the critical requirements for emergency calls.

it is a Handover technology between "VoIP over IMS in LTE" and Voice Call (CS) in a legacy system
(eg.WCDMA). It means it is for Handover between a Packet call in LTE and a Circuit Call in a legacy system
(WCDMA).

LTE to legacy network handover

Handover from LTE to the legacy network is required when the user moves out of the LTE coverage area.
Using SRVCC, the handover is undertaken in two stages.

 Radio Access Technology transfer:   The handover for the radio access network and this is a well-
established protocol that is in use for transfers from 3G to 2G for example.
 Session transfer:   The session transfer is the new element that is required for SRVCC. It is
required to move the access control and voice media anchoring from the Evolved Packet Core,
EPC of the packet switched LTE network to the legacy circuit switched network.
During the handover process the CSCF within the IMS architecture maintains the control of the whole
operation.

Voice handover using SRVCC on LTE

                                                                                                                                                     

The SRVCC handover process takes place in a number of steps:

1. The handover process is initiated by a request for session transfer from the IMS CSCF.
2. The IMS CSCF responds simultaneously with two commands, one to the LTE network, and the
other to the legacy network.
3. the LTE network receives a radio Access Network handover execution command through the
MME and LTE RAN. This instructs the user device to prepare to move to a circuit switched
network for the voice call.
4. The destination legacy circuit switched network receives a session transfer response preparing it
to accept the call from the LTE network.
5. After all the commands have been executed and acknowledged the call is switched to the legacy
network with the IMS CSCF still in control of
the call.

IMS: IP Multimedia Subsystem

CSCF:  Call Session control function

LTE: Long term Evolution

MME: mobility management Entity

EPC: Evolved packet core

SGSN:  Serving GPRS Support Node

MSC: Mobile Switching Centre

Legacy network to LTE

When returning a call to the LTE network much of the same functionality is again used.

To ensure the VoLTE device is able to return to the LTE RAN from the legacy RAN, there are two options
the legacy RAN can implement to provide a swift and effective return:

 Allow LTE information to be broadcast on the legacy RAN so the LTE device is able to perform the
cell reselection more easily.
 Simultaneously release the connection to the user device and redirect it to the LTE RAN.

Steps involved To setup a Call:

1. A call is routed based on the MSISDN, to an MSC with Gateway functionality belonging to the
HPLMN of the subscriber. The MSC analyzes the MSISDN and determines that before the call
can be routed some addressing information from the HLR is required. The only node that can
interrogate the HLR for information is the Gateway MSC. Therefore the call is passed to the
Gateway functionality.

2. The Gateway sends a MAP message, Send Routing Information (SRI) or Routing Information
Request (RIR), to the HLR asking for routing information for the MS. The MSISDN is transferred
with the MAP message.

3. The HLR checks the subscription of the MS based on the MSISDN and also obtains the IMSI,
which will be used in the GSM network.
4. The HLR sends a MAP message, Provide Roaming Number (PRN), to the MSC/VLR where the
MS is currently located,
    
5. The VLR checks whether the MS is attached or not. If the MS is attached then the MSC/VLR
will allocate a Mobile Station Roaming Number (MSRN) and link it to the IMSI.

6. The MSC/VLR will send the MSRN back to the HLR using the MAP message, PRN
Acknowledge.

7. The HLR returns the MSRN to the Gateway using the MAP message SRI Acknowledgement.
The Gateway then passes the return MSRN to the MSC for further analysis.

8. The MSC will analyze the MSRN and then determine how to route the call to the MSC/VLR
where the MS is currently located.

9. On reception of the TUP/ISUP signal carrying the MSRN, the MSC will analyze the number and
determine that the MSRN belongs to this switch and the call needs to set up a  call to an MS.
10. The MS will now be paged in all cells belonging to the LAI that the MS is currently situated.

KPI :
Key performance Indicators.
KPIs can be used for the following tasks: 

To monitor and optimize the radio network performance in order to provide better subscriber quality or
to achieve better use of installed network resources 

• To detect unacceptable performance related issues in the cellular network immediately. This will
enable the operator to take rapid actions in order to preserve the quality of the existing network
services. 

• To Provide radio frequency planners with the detailed information. This will help them configure the
network parameters for optimum use. 
Typically KPI can be categorized into following subcategories: 
• Accessibility
• Retainability
• Integrity 
• Availability
• Mobility

LTE KPIs

Following table summarizes KPIs for LTE RAN(Radio Access Network). This is used to measure
contribution to subscriber perceived quality and system performance. 
RAN performance monitoring and control is a very important task for O&M team as well as network
engineers.

Accessibility
Test cases:
• RRC Connection Establishment 
• Random Access
• Initial E-RAB Establishment Success Rate 
•  RRC Connection Establishment Counters 
• initial E-RAB Establishment Success Rate Counters 
• Added E-RAB Establishment Success Rate Counters
• Added E-RAB Establishment Success Rate
• S1 Signaling Connection Establishment

Retainability
Test cases:
• MME Initiated E-RAB & UE Context Release with counters Description
• UE Session Time
• RBS Initiated E-RAB & UE Context Release with counters Description
• MME & RBS Initiated UE Context Release Flow Chart
• MME & RBS Initiated E-RAB Release Flow Chart

Integrity
Test case cover.
 EUTRAN Throughput KPIs
• EUTRAN Latency KPIs
• EUTRAN Packet Loss KPIs

Mobility
Test case cover
• X2 Based Handover Preparation & Execution
• Intra RBS Handover Preparation & Execution
• Intra Frequency Handover Preparation & Execution Counters
• S1 Based Handover Preparation & Execution
• Intra-frequency intra-LTE S1 & X2 Handover Flowchart
• Inter Frequency Handover Preparation & Execution Counters
• Inter-frequency intra-LTE S1 & X2 Handover Flowchart

Availability
Test case cover
 Partial cell availability (node restarts excluded)

Important block of VoWI-Fi architecture

ePDG
UE AP IMSLTE

VoWi-Fi simply stands for voice over Wi-Fi VoWi-Fi is a complementary technology
to VoLTE and utilizes IMS technology to provide a packet voice service that is
delivered over IP via a Wi-Fi network. Where possible, VoLTE calls may be
seamlessly handed over between LTE and Wi-Fi and vice versa. Conversational
video is also possible via Wi-Fi

 Vowi-fi and voLTE is provides similar services with difference access point
 Wi-fi calling uses IMS services to provide voice service & also provides all
IMS services
 To connect UE to IMS with wi-fi ePDG performs important role
 We can also use wi-fi calling to spread IP network e.g. in residential
buildings, hotels & offices
 volte call can handed over to vowi-fi when user enters in connected Wi-Fi
coverage

 Elements & Functions:

  UE & AP(Access point): the UE must support Wi-Fi calling client (SIP) and
along with access point AP connects UE to LTE network through SWu
interface and IPsec tunneling
 ePDG(evolved packet data gateway): it is important element to connect UE
with LTE network and also a termination of the IPsec tunnels. it further
connects to LTE n/w through s2b interface(i.e to PDN GW). ePDG is mainly
use to connect AP to LTE network, when UE moves from LTE n/w to wi-fi
network, ePDG helps to connect it to PDN
 PDN-GW(packet data network gateway): it is termination of EPS bearers it
perform packet filtering and connects to other PDN n/w.

LTE Attach Procedure Call Flow

This flow describes the setup of an LTE session. The connection establishment progresses through the
following phases:
(1)RRC Connection Establishment: The Radio Resource Control layer establishes a connection between
the UE and the eNodeB. This procedure is initiated with a random access with a preamble. This is follwed
up with RRC connection establishment signaling on the UL-SCH and DL-SCH.
(2) Attach and Authentication: The UE now attaches to the Core Network. MME and Serving Gateway
also establish a context for the UE. This phase also involves authentication for the UE as well are the
Network.
(3) Default Bearer Setup: the default bearer for data transfer is established. Default bearer session is
established at the UE, eNodeB, MME, Serving GW and PDN Gateway. User data sessions is exchanged
once the default bearer is setup.

Short form:
UE: user Equipment
RRC: Radio Resource Control
MME:  Mobility Management Entity
GUTI:  Globally Unique Temporary ID
GUMMEI: Globally Unique MME Identifier
IMSI:   International Mobile Equipment Identity
GW: gateway
EPS: evolved packet system
PCC:  LTE Policy and Charging Control
LBI: Delete Session Request
CSG: closed subscriber group
SGW: serving Gateway
APN: Access Point Name
PLMN: public land mobile network
Steps:
Step 1. The UE initiates the attach procedure by transmitting an attach request to the eNodeB.
Step 2. The eNodeB derives the MME from the RRC parameters carrying the old GUMMEI and the indicated
Selected Network.
Step 3. If the UE identifies itself with GUTI and the MME has changed since detach, the new MME uses the
GUTI received from the UE to derive the old MME/SGSN address, and send an Identification Request  to the
old MME/SGSN to request the IMSI.
Step 4. If the UE is unknown in both the old MME/SGSN and new MME, the new MME sends an Identity
Request to the UE to request the IMSI. The UE responds with Identity Response (IMSI).
Step 5a. If no UE context for the UE exists anywhere in the network, if the Attach Request (sent in step 1) was
not integrity protected, or if the check of the integrity failed, then authentication and NAS security setup to
activate integrity protection and NAS ciphering are mandatory.
Step 5b. The ME Identity shall be retrieved from the UE.
Step 6. If the UE has set the Ciphered Options Transfer Flag in the Attach Request message
Step 7. If the UE re-attaches to the same MME without having properly detached before , the new MME
deletes these bearer contexts by sending Delete Session Request (LBI) messages to the GWs involved.
Step 8. If the MME has changed since the last detach, or if there is no valid subscription context for the UE in
the MME, the MME sends an Update Location Request message to the HSS.
Step 9. The HSS sends Cancel Location (IMSI, Cancellation Type) to the old MME.
Step 10. If there are active bearer contexts in the old MME/SGSN for this particular UE, the old MME/SGSN
deletes these bearer contexts by sending Delete Session Request (LBI) messages to the GWs involved.
Step 11. The HSS acknowledges the Update Location message by sending an Update Location Ack message to
the new MME.
Step 12. For an Emergency Attach situation, the MME applies the parameters from MME Emergency
Configuration Data for the emergency bearer establishment performed in this step
Step 13. The Serving GW creates a new entry in its EPS Bearer table and sends a Create Session Request
message to the PDN GW indicated by the PDN GW address received in the previous step.
Step 14. If dynamic PCC is deployed and the Handover Indication is not present, the PDN GW performs an IP-
CAN Session Establishment procedure.
Step 15. The PGW creates a new entry in its EPS bearer context table and generates a Charging Id.
Step 16. If the MS Info Change Reporting Action (Start) or the CSG Information Reporting Action (Start) are
received for this bearer context, then the SGW stores this for the bearer context and the SGW reports to that
PGW whenever a UE’s location and/or User CSG information change occurs that meets the PGW request.
Step 17. If an APN Restriction is received, then the MME shall store this value for the Bearer Context and the
MME shall check this received value with the stored value for the Maximum APN Restriction to ensure there
are no conflicts between values

Step 18. The eNodeB sends the RRC Connection Reconfiguration message including the EPS Radio Bearer
Identity to the UE, and the Attach Accept message will be sent along to the UE.
Step 19. The UE sends the RRC Connection Reconfiguration Complete message to the eNodeB.
Step 20. The eNodeB sends the Initial Context Response message to the new MME.
Step 21. The UE sends a Direct Transfer message to the eNodeB, which includes the Attach Complete
message.
Step 22. The eNodeB forwards the Attach Complete message to the new MME in an Uplink NAS Transport
message.
Step 23. Upon reception of both, the Initial Context Response message in step 20 and the Attach Complete
message in step 22, the new MME sends a Modify Bearer Request message to the Serving GW.
Step 23a. If the Handover Indication is included in step 23, the Serving GW sends a Modify Bearer Request
(Handover Indication) message to the PDN GW to prompt the PDN GW to tunnel packets from non 3GPP IP
access to 3GPP access system and immediately start routing packets to the Serving GW for the default and
any dedicated EPS bearers established.
Step 23b. The PDN GW acknowledges by sending Modify Bearer Response to the Serving GW.
Step 24. The Serving GW acknowledges by sending Update Bearer Response (EPS Bearer Identity) message to
the new MME.
Step 25. After the MME receives Modify Bearer Response (EPS Bearer Identity) message, if Request Type does
not indicate handover and an EPS bearer was established and the subscription data indicates that the user is
allowed to perform handover to non-3GPP accesses, and if the MME selected a PDN GW that is different from
the PDN GW identity which was indicated by the HSS in the PDN subscription context, the MME shall send a
Notify Request including the APN and PDN GW identity to the HSS for mobility with non-3GPP accesses. The
message shall include information that identifies the PLMN in which the PDN GW is located.
Step 26. The HSS stores the APN and PDN GW identity pair and sends a Notify Response to the MME

KPI tool :
A performance indicator or key performance indicator (KPI) is a type of performance measurement.
While performing test case on KPI tool we are using following procedure.
1. enter the test case related information in the KPI window.
 Enter the details as Test case name , 
 any one from the test list : DL , UL or BiDirectional
 Scenario : Select scenario as per requirement : DATA, DATA voice , OTHERS , voice  ……. For
throughput testing  we are set as DATA.
 Communication Protocol : ADB/ QMI  select as ADB for both DUT and REF.
1.1 hardware setup:
 Enter the properties for both DUT and REF.
 5G port, , APN , ADB Handle.
1.2 TEST SETUP -SPECIFIC
 FTP_server_directory: in this we put path from where we are going to upload file.
 Dual_SIM_data:   
 Data connection Type: embedded-mobile_data
 ADB logging : 1- enable ; 0- disable 
 TCP logging : 1- enable ; 0- disable 
 IWLAN logging : 0
 Carrier , market , infra , data top logging are keep as it is pre defined.

TEST Setup -common

 Number of iteration:   as per requirement
 Pause_between_iteration: in this we put time in seconds so between two iteration this will
pause.
 FTP_execution: 1. FTP in serial : 1 st in DUT then In REF
 2. FTP in parallel: both DUT and REF will perform test case Parallel
 Ftp_max_duration: 60
 Logfile duration: 300
 Test case ID:
 Restart Mechanism : Disable, enable if required
 FTP blocksize:50000

2. Then select PHONE CONNECTION WIZARD:

   2.1 connect DUT First then Search then automatically configuration of DUT will display in FFA
connection wizard.
   2.2 connect REF then Search  then automatically configuration of REF T will display in FFA connection
wizard.
   2.3 Save and exit .

3 . select on Phone 1 disconnected toolbar to connect click on phone 1 and wait till qxdm Of DUT is open
and run Properly and started showing logs
4. select on Phone 2 disconnected toolbar to connect click on phone 2 and wait till qxdm Of REF is open
and run Properly and started showing logs.
5. click on PRESS HERE TO START.

6. see TEST RESULTS.

7. GO to Debug option and select Trace window and observe the test case running status.
NB-IoT
 It is stands for Narrowband IoT,is proposed as LPWAN technology.
 NB-IoT is a Low Power Wide Area Network (LPWAN) radio technology standard that has been
developed to enable a wide range of devices and services to connected using cellular
telecommunication bands.
 NB-IoT technology can be deployed “In-Band, Guard-Band, Standalone”.
 NB-IoT focuses specifically on indoor coverage, low cost, long battery life, and high connection
density. NB-IoT uses a subset of the LTE standard, but limits the bandwidth to a single narrow-
band of 200kHz. It uses OFDM modulation for downlink communication and SC-FDMA for uplink
communications.
 Narrow Band IoT is a data transmission standards designed to support devices operates in
mobile carrier networks. NB IoT technology uses low bandwidth signals to communicate within
existing GSM network and LTE networks. Find out what are the specifications and applications of
narrow band IoT.

NB IoT can be work in one of the 3 ways.

N
B
-I
o
T-o
p
er
at
i
on-
mod
es

 Independently or it can also known as Stand alone operation.

 In unused 200-kHz bands that have previously been used for GSM (Global System for Mobile
Communications)
 On LTE base stations allocating a resource block to NB-IoT operations or in their guard bands.

Basic working of NB-IoT.

NB-IoT-works

 Embedded devices and sensors are the basic components in the NB-IoT systems. 
These devices collect the information from its surrounding environment and transmit
the data  to NB-IoT base stations or transmission nodes. Each and every  Individual
base stations are connected to an IoT gateway this gateways are further connected
to IoT cloud application servers for centralized monitoring and data analysis like this
the NB-IoT technology work.

 NB-IoT technology gives 20 dB better extended coverage as compared to GPRS.

Based on RSRP (Reference Signal Received Power) and SINR (signal-to-interference-
plus-noise ratio) values following are the coverage levels in NB-IoT:
 ● Normal coverage:
     RSRP >-100 dbm & SINR >16 dB
● Basic coverage:
     RSRP -105 to -100 dbm & SINR 11 to 16 dB
● Robust coverage:
     RSRP -120 to -115 dbm & SINR -4 to 1 dB
● Extreme coverage:
     RSRP <-120 dbm & SINR -12 to -4 dB

Main Features of NB-IoT is as follows:

 Power Saving
 Low cost Module
 Extended coverage.
 Low latency
 It can connect large no of devices in network
 It is easy to deployment and configure.

Application of NB-IoT
 Smart Parking solution
 Smart meter
 Smart trash management
 Vending machine and many more smart sensor based application.

Steps to perform flashing the device for NB Iot testing using QIFL tools.

1 Open the QFIL (Qualcomm Flash image loader) tool

2. select the Build type as File build.
3.then select the programmer file which we want to flash , which is .elf extension file select that file.
4.select the path for the flashing.
5.after that, goto Configuration Option in Menubar. 
6.select the  Download protocol as 0-sahara.
6.1 select the device type as Nand we can select other device type also but for this testing we
are selecting nand as device type.
6.2 enter validation mode as 0-No validation.
6.3 afte all configuration is set as per requirement select OK.
7.load Xml file by clicking on it Rowprogram > select file then >ok again one window will display for patch
file
  Then for safe side verify storage type as nand once it is ok then press download option.
Then device will be flashed.

Camp QCN using QPST: ( Qualcomm combined NVs)

1. Open QPST
2. start client > software download > restore > browse > Select the device > Select the QCN path
3.  Select ESM mismatch > select Start Option
4.  Then write the NV needed for the NB IOT

NV Item 00010:
Digital mode Preference = LTE Only(30)
NV Item 00850:
Service Domain Preference = PS Only (1)
NV Item 65777:
UE usage setting = Data centric (1)
NV Item 73912:
Cellular IOT LTE Preferences = PREF_NB1 (2)
NV Item 06828:
LTE BC Config = 16 for Band 05
 
Thus device is prepare for NB IOT testing.

Steps to perform flashing the device for NB IoT testing using QIFL tools.
For MPSS:

download the file from server extract it then perform the following steps
1 open the MPSS folder
2. replace the 3 files from MPSS  and replace to meta built.
     Those 3 files are  1.qdsp6sw.mbn
                                        2. qdsp6sw_2.mbn
                                        3. qdsp6sw_paging.bin
3. And replace to other folder then open QFIL tool
4. select the Build type as Flat build.
5.then select the programmer file which we want to flash , which is .elf extension file select that file.
6.select the path for the flashing.
7.after that, goto Configuration Option in Menubar.
8.select the  Download protocol as 0-sahara.
8.1 select the device type as Nand we can select other device type also but for this testing we
are selecting nand as device type.
8.2 enter validation mode as 0-No validation.
8.3 after all configuration is set as per requirement select OK.
7.load Xml file by clicking on it Rowprogram > select file then >ok again one window will display for patch
file
  Then for safe side verify storage type as nand once it is ok then press download option.
Then device will be flashed.

Open PuTTY configuration tool.

Select the connection line as serial
Enter the appropriate COMP port for Serial line as at which port device is connected to.
Enter the speed (baud rate) as 9600.
Select open option.
Then command window will open, enter the following AT commands.
commands to create APN profiles:

AT+CGDCONT=1,"IPv4v6","jionet"            ----- Internet PDN APN

AT+CGDCONT=2,"IPv4v6","ims"                 ----- IMS PDN APN
AT$QCPDPIMSCFGE=2,1,0,0                          ----- Enable PCO for IMS PDN

And device will bring up after MPSS.

Command for BPLMN search use following command

at+cops=?

AT commands :
AT commands are instructions used to control a modem. AT is the abbreviation of ATtention. Every
command line starts with "AT" or "at". That's why modem commands are called AT commands. Many of
the commands that are used to control wired dial-up modems, such as ATD (Dial), ATA (Answer), ATH
(Hook control) and ATO (Return to online data state), are also supported by GSM/GPRS modems and
mobile phones