Lec6 Intro Cellular

Cellular Networks and Mobile
Computing
COMS 6998-10, Spring 2013
Instructor: Li Erran Li
(lierranli@cs.columbia.edu)
http://www.cs.columbia.edu/~lierra
nli/coms6998-10Spring2013/
2/26/2013: Introduction to Cellular
Networks
Announcements
Programming assignment 2 will be
due tomorrow
Programming assignment 3 will be
due March 13. Please start early!
Two lab sessions will be scheduled
Please email me the presentation

slides the day before!
Review of Previous Lecture

What are the different approaches of
virtualization?

What are the different approaches of
virtualization?
Bear-metal hypervisor, hosted hypervisor,
container (Linux LXC, Samsung Knox)
Bare-Metal Hypervisor
poor device support / sharing
OS
Kernel
OS
Kernel
OS
Kernel
Hypervisor / VMM
Hardware
Courtesy: Jason Nieh et al.
Hosted Hypervisor
poor device
performance
OS
OS
OS
Hypervisor / VMM
Host OS Kernel
kernel
module
emulated
devices
Hardware

(Contd)
What approach does Cell use?
What are the key design choices for
Cells extremely low overhead?

(Contd)
Device namespace
It is designed to be used by individual device
drivers or kernel subsystems to tag data
structures and to register callback functions.
Callback functions are called when a device
namespace changes state.
Each VP uses a unique device namespace for
device interaction.
Cells leverages its foreground-background VP

usage model to register callback functions
that are called when the VP changes
between foreground and background state.
Device Namespaces
safely, correctly
multiplex
access to
devices
VP 1
VP 2
VP 3
Android...
RTC / Alarms
Audio/Video
Sensors
Input
Power
Framebufer
Cell Radio
WiFi
GPU
device namespaces
Linux
Kernel

(Contd)
What are the most expensive flash
memory operations?
Random read
Random write
Sequential write
Sequential read
Performance for
random I/O significantly
worse than seq;
inherent with flash
storage
Mobile flash storage
classified into speed
classes based on
sequential throughput
Random write performance is
orders of magnitude worse
Vendor
(16GB)
Spe Cos
ed
t
Clas US
s
$
Seq
Writ
e
Ran
d
Writ
e
Transce
nd
26
4.2
1.18
RiData
27
7.9
0.02
Sandisk
23
5.5
0.70
Kingsto
n
25
4.9
0.01
Wintec
25
15.0
0.01
Consumer-grade
A-Data
6
30 SD
10.8
0.01
10.5
0.01
Patriotperformance
10
29
10
29
15.3
0.01
For several popularPNY
apps, substantial
fraction of I/O is random writes (including
web browsing!)
Courtesy: Nitin Agrawal et al.
Performance MB/s
Random versus Sequential

Disparity
Should OS Manage Context?

export Context Data Units (CDUs) rather
than raw sensor data
higher-level abstraction than bytes
apps query or subscribe to CDUs
each CDU is defined by a CDU Generator:

a graph of processing components
combine Generators into composite context
dataflow
provide a base CDU vocabulary (that is
extensible)
Logical Location
Motion State
Interruptibl
home, office,
sitting,
mall walking, running
yes, no
CondOS Design
app A
app G
app Z
User space
Kernel space
other OS services
Scheduling I/O Memory

Management
CDU1
CDU2
CDU3
Interruptible
yes, no
Logical Location
Motion State
Energy
Security
Management home, office, mall
sitting, walking, running
Audio Features
context
dataflow
example
Context Data
Generators
Motion Features
Location DB
Silence Filter
Geolocation
IMU
GPS, Cell, WiFi accel, gyro, mag
Audio
14
Syllabus
Mobile App Development (lecture 1,2,3)
Mobile operating systems: iOS and Android
Development environments: Xcode, Eclipse with Android SDK
Programming: Objective-C and android programming
System Support for Mobile App Optimization (lecture 4,5)

Mobile device power models, energy profiling and ebug debugging
Core OS topics: virtualization, storage and OS support for power and context
management
Interaction with Cellular Networks (lecture 6,7,8)

Basics of 3G/LTE cellular networks
Mobile application cellular radio resource usage profiling
Measurement-based cellular network and traffic characterization
Interaction with the Cloud (lecture 9,10)
Mobile cloud computing platform services: push notification, iCloud and Google
Cloud Messaging
Mobile cloud computing architecture and programming models
Mobile Platform Security and Privacy (lecture 11,12,13)

Mobile platform security: malware detection and characterization, attacks and
defenses
Mobile data and location privacy: attacks, monitoring tools and defenses
15
Outline
Goal of this lecture: understand the basics of
current networks and future directions
Current Cellular Networks
Introduction
Radio Aspects
Architecture
Power Management
Security
QoS
What Is Next?
A Clean-Slate Design: Software-Defined
Cellular Networks
Conclusion and Future Work
Cellular Networks Impact

our Lives
More Mobile Connection
More Infrastructure
Deployment
1010100100001011001
0101010101001010100
1010101010101011010
1010010101010101010
0101010101001010101
More Mobile Users
More Mobile
Information
Sharing
16
Mobile Data Tsunami

Challenges Current Cellular
Technologies
Global growth 18 times
from 2011 to 2016
AT&T network:
Over the past five years,
wireless data traffic has
grown 20,000%
At least doubling every
year since 2007
Existing cellular
technologies are
inadequate
Fundamental redesign of
cellular networks is
needed
Source: CISCO Visual Networking Index (VNI) Global Mobil Data

Traffic Forecast 2011 to 2016
17
Global Convergence
LTE is the major technology for future
mobile broadband
Convergence of 3GPP and 3GPP2 technology tracks
Convergence of FDD and TDD into a single technology
track
D-AMPS
3GPP
PDC
GSM
IS-95
WCDMA
HSPA
TD-SCDMA
HSPA/TDD
cdma2000
EV-DO
LTE
FDD and TDD
3GPP2
WiMAX
IEEE
LTE deployments
89 commercial networks launched
Courtesy: Zoltn Turnyi
Mobile subscriptions by
technology
2008-2017 (estimate)
3GPP introduction
3rd Generation Partnership Program
Established in 1998 to define UMTS
Today also works on LTE and accessindependent IMS
Still maintains GSM
3GPP standardizes systems

Architecture, protocols
Works in releases
All specifications are consistent within a
release
3GPP way of working

Stage 1
Requirements
Stage 2
Architecture
It shall be possible to...

It shall support
E.g., 22-series specs
Stage 3
Protocols
Nodes, functions
Reference points
Procedures (no errors)
E.g., 23-series
specs
Message formats
Error cases
E.g., 29-series
specs
Specification numbering example:

3GPP TS 23.401 V11.2.0
Updated after a meeting

TS=Technical Specification (normative)
TR=Technical Report (info only)
Release
Spec. number Consistent set of specs per releas
New release every 1-2 years
3GPP specification groups

2G
3G/LTE
System
Protocols
Starting points on 3GPP

specifications
http://www.3gpp.org/specification-numberin
g
Pointers to the series of specifications
Architecture documents in 23-series
Main architecture references

23.002 Overall architecture reference
23.401 Evolved Packet Core with LTE access,
GTP-based core
23.060 2G/3G access, and integration to
Evolved Packet Core
23.402 Non-3GPP access, and PMIP-based
Example
A base station
with 3 sectors
(3 cells)
Key challenges
Large distances
Terminals do not see each other
Tight control of power and timing needed
Highly variable radio channel quick adaptation needed
Many users in a cell

A UMTS cell can carry roughly 100 voice calls on 5 MHz
Resource sharing must be fine grained but also flexible
Quality of Service with resource management

Voice low delay, glitch-free handovers
Internet traffic more, more, more
Battery consumption critical

Low energy states, wake-up procedures
Parsimonious signaling
Radio basics
28
Physical Layer: UMTS

Simultaneous meetings in diferent rooms
(FDMA)
Simultaneous
meetings in the
same room at
diferent times
(TDMA)
Multiple meetings in the
same room at the same time
(CDMA)
Courtesy: Harish Vishwanath

(Contd)
Code Division Multiple Access (CDMA)
Use of orthogonal codes to separate different
transmissions
Each symbol or bit is transmitted as a larger
number of bits using the user specific code
Spreading
Spread spectrum technology
The bandwidth occupied by the signal is much
larger than the information transmission rate
Example: 9.6 Kbps voice is transmitted over
1.25 MHz of bandwidth, a bandwidth
expansion of ~100
29

(Contd)
Uses spread-spectrum to separate users
Common 5 MHz channels
Supports soft-handover
RNC
Multiple base stations send/receive same data to

the user
Recombining the two paths result in better
channel
Requires real-time network between base station
and RNC
RNC
RNC
UMTS Universal Mobile Telecommunication System

CDMA Code Division Multiple Access
UE User Equipment
RNC Radio Network Controller
Resource control
HSPA
DCH
DCH
Cost:
RNC processing
power when
switching between
states
FACH
HSPA channel
(packet-oriented high data rate)
Dedicated channels
(64, 128, 384 kbits/s, 2 Mbit/s)
Common channel
(low data rate, random access)
URA
Battery saving
IDLE
Battery saving
Cost:
More radio
resources
More battery need
(connected)
(disconnected)
HSPA
High Speed Packet Access
Packet oriented extension to WCDMA
Time Division Multiplexing within a common channel
Opportunistic scheduling
Users with currently good reception receive more
resources
Higher overall capacity than equal share
Hybrid ARQ with soft combining

Only additional redundancy is transmitted on a
frame error, not the full frame
Most radio functions moved to NodeB

No soft handover in downlink
LTE air interface

The key improvement in LTE radio is the
use of OFDM
Orthogonal Frequency Division Multiplexing
2D frame: frequency and time
Narrowband channels: equal fading in a channel
Allows simpler signal processing implementations
One resource block
Sub-carriers remain orthogonal
multipath
12 subcarriers during oneunder
slot
(180 kHz 0.5 ms)
One resource element
propagation
y
nc
ue
q
fre
12 subcarriers
Time domain structure

Frame (10 ms)
One OFDM
symbol
One slot
time
Slot (0.5 ms)
Subframe (1 ms)
34
LTE air interface: Downlink

1
T
T large compared to
channel delay
spread
Orthogonal Frequency Division

Multiple Access (OFDM)
Closely spaced sub-carriers without guard

band
Each sub-carrier undergoes (narrow

band) flat fading
Frequency
Narrow Band (~10 Khz)

Wide Band (~ Mhz)
- Simplified receiver processing
Frequency or multi-user diversity through

coding or scheduling across sub-carriers
Dynamic power allocation across sub-
Sub-carriers remain orthogonal under carriers allows for interference mitigation

across cells
multipath propagation
Orthogonal multiple access
35
LTE air interface: Uplink

User 1
Users are carrier

synchronized to the base
Differential delay between

users signals at the base
need to be small compared
to symbol duration
Efficient use of spectrum by multiple
User 2
users
Sub-carriers transmitted by different

users are orthogonal at the receiver
- No intra-cell interference
User 3
CDMA uplink is non-orthogonal

since synchronization requirement is
~ 1/W and so difficult to achieve
LTE air interface:

Multiplexing
Frequency
Each color represents a user

Each user is assigned a
frequency-time tile which
consists of pilot sub-carriers and
data sub-carriers
Block hopping of each users tile
for frequency diversity
Time
Typical pilot ratio: 4.8 % (1/21)

for LTE for 1 Tx antenna and
9.5% for 2 Tx antennas
Pilot sub-carriers
36
LTE vs UMTS (3G): Physical

Layer
UMTS has CELL_FACH
Uplink un-synchronized
Base station separates random access
transmissions and scheduled transmissions
using CDMA codes
LTE does not have CELL_FACH

Uplink needs synchronization
Random access transmissions will interfere
with scheduled transmissions
37
LTE Scheduling
Assign each Resource Block to one of the
terminals
LTE channel-dependent scheduling in time and
frequency domain
HSPA scheduling in time-domain only
data1
data2
data3
data4
Time-frequency fading, user #2

Time-frequency fading, user #1
User #1 scheduled
User #2 scheduled
1m
s
Tim
e
ncy
Freque
z
180 kH
LTE vs. WCDMA

No Soft handover in OFDM
All real-time functions can be done in the base
station
No need for a central RNC
No need for a real-time network between the
RNC and base station
Packet oriented
Supports bursty traffic and statistical
multiplexing by default
No specific support for circuit switched traffic
Much more flexible spectrum use

1.4 MHz
3 MHz
5 MHz
RB (1.4 MHz)
10 6
MHz
15 MHz
20 MHz
100 RB (20 MHz)

Architecture
Pre-rel.8 Architecture
PS Core Network
CS
CN
MSC
Gi
GGSN
Gn/Gp
SGSN
IuCS
First-hop router
GW towards external PDNs
VPN support over Gi
IP address management
Policy Control
Manage CN procedures
HSS connection (authenticator)
Idle mode state
Lawful Intercept
Bearer management
IuPS
RNC
Iub
NodeB
Real-time radio control

Radio Resource Management
Soft handover
UP Ciphering
Header Compression
L1
HSPA scheduling
3G Radio Access Network
Why separate RAN and CN?
Two CNs with same RAN

Multiple RANs with same CN
Modularization
Independent scaling,
deployment and vendor
selection
Why two GSNs?

Roaming: traffic usually taken
home
Independent scaling,
deployment
and vendor
GPRS Generic Packet Radio Service
GGSN Gateway GPRS Support Node
selection
SGSN Serving GPRS Support Node
UserRNC
Radio
Network Controller
can
connect
to multiple
PDN Packet Data Network
PDNs CN Core Network
PS Packet Switched
CS Circuit Switched
MSC Mobile Switching Center
HSS Home Subscriber Server
Drivers for change

CS
CN
MSC
Overhead of
PS Coreseparate
Network CS core
when bulk of
Gi
First-hop router
GW towards
external PDNs
traffic
is PS
GGSN
Gn/Gp
SGSN
IuCS
VPN support over Gi

Policy Control
Idle mode state
Lawful Intercept
Bearer management
Too many
specialized user
plane nodes
IuPS
RNC
Iub
NodeB

Soft handover
UP Ciphering
Header Compression
Complex, realtime RAN
L1
HSPA scheduling
Vendor lock-in
due to
3G Radio Access Network
proprietary Iub
features
From 3G to EPC/LTE architecture

CS
CN
MSC
Only two user

PS Core Network plane nodes in the
typical case.
Gi
SGi
GGSN
PDN GW
SGW
Gn/Gp
SGSN
IuCS
Evolved Packet Core (EPC)
IuPS
RNC
user
e
plan
Serving GW
S11
control plane
User plane/control
plane split for
better scalability.
Packet Data Network GW
MME
S1-UP
S1-CP
Mobility
Management
Entity
PS only
RAN and CN
Iub
NodeB
3G Radio
Access Network
eNodeB eNodeB Evolved Node B

RNC functions
moved down to
base station
LTE Radio
Access Network
Why separate SGW and PDN GW?

Evolved Packet Core (EPC)
SGi
PDN GW
Packet Data Network GW
S5/S8
SGW
Serving GW
S11
MME
S1-UP
Mobility
Management
Entity
S1-CP
eNodeB eNodeB Evolved Node B

LTE Radio
Access Network
SGW and PDN GW separate in

some special cases:
Roaming:
PDN GW in home
network,
SGW in visited network
Mobility to another region in a
large network
Corporate connectivity
Debate of 2005:
B1 vs B2
B1*: All accesses connected to EPC
GERAN
B2*: Inter-AS MM on top of GPRS Core

GERAN
SGSN
GPRS Core
SGSN
UTRAN
GGSN
UTRAN
Evolved Access
LTE
Non-3GPP
access
Evolved
Packet Core
Internet/
Op.nw.
LTE
Evolved
Packet Core
Inter-AS
MM
Internet/
Op.nw.
Non-3GPP
access
Conclusion: B1.
Better integration between 3GPP accesses

Fewer user plane entities
*Note: Simplified view
Interworking with 3G
SGi
HSS
PDN GW
S5
Gn
SGW
S11
MME
SGSN
MSC
IuCS
IuPS
S1-U
S1-CP
RNC
Iub
eNodeB
UE
NodeB
MSC Mobile Switching Center
Interworking with
non-3GPP accesses
SGi
HSS
PDN GW
S5
S2
Gn
SGW
S11
MME
SGSN
MSC
IuCS
IuPS
Non-3GPP
Access
(cdma2000, WiMax,
WiFi)
S1-U
S1-CP
RNC
Iub
eNodeB
UE
NodeB
PMIP Proxy Mobile IP
Debate of 2006:
GTP vs. PMIP
SGi
HSS
PDN GW
GTP
GTP?
GTP
S5
S2
PMIP
PMIP
PMIP?
SGW
S11
Gn
MME
SGSN
MSC
IuCS
IuPS
Non-3GPP
Access
(cdma2000, WiMax,
WiFi)
S1-U
S1-CP
RNC
GTP
Iub
eNodeB
UE
NodeB
Conclusion: Specify both
EPC + LTE: 23.401

EPC + 2G/3G: 23.060
SGi
HSS
PDN GW
GTP
S5
Gn
GTP
SGW
S11
MME
SGSN
MSC
IuCS
IuPS
S1-U
S1-CP
RNC
GTP
Iub
eNodeB
NodeB
UE
EPC + non-3GPP: 23.402

SGi
HSS
PDN GW
S5
S2
PMIP
Non-3GPP
Access
(cdma2000, WiMax,
WiFi)
PMIP
SGW
S1-U
S11
MME
S1-CP
GTP
eNodeB
UE
EPC Evolved Packet Core

51
Access Procedure
Cell Search
Base station
Base station broadcasts

synchronization signals and
cell system information
(similar to WiFi)
UE obtains physical layer
information
UE acquires frequency and
synchronizes to a cell
Determine the start of the
downlink frame
Determine the cell identity
Random access to
establish a radio link
UE 1
UE 2
52
Random Access
Client
Base station
Core network
Step 1: random access request (pick one of 64 preambles)

Step 2: random access response
Adjust uplink timing
Step 3: transmission of mobile ID
Only if UE is not known in Base station
Step 4: contention resolution msg

If ID in msg matches UE ID, succeed.
If collision, ID will not match!
53
Random Access (Contd)

Why not carrier
sensing like WiFi?
Base station coverage
is much larger than
WiFi AP
Base station
UEs most likely cannot

hear each other
How come base

station can hear UEs
transmissions?
Base station receivers
are much more
sensitive and
UE 1
UE 2
Modes of operation
Connected mode
Used during communication
Signaling connection exists between
network and UE
Both CN and RAN keeps state about the UE
UE location is tracked on a cell granularity
Needed to deliver the data
Network controlled mobility
SGW
MME
Network controlled
mobility
SGW
MME
Procedure
1.
2.
3.
4.
5.
UE measures nearby cells

UE sends measurement reports to network
Network decides on and controls handover
Handover is prepared by network
Handover executes
5
4.
3.
1.
2.
1. 5
1.
Reason: To allow the network to tune handovers

1. Select proper target cell
2. Network has additional information for handover decision
3. Collect and analyze data for cell planning and
troubleshooting
4. Penalize ping-ponging UEs
5. Penalize microcells for fast UEs
6. Cell breathing
Handover Procedure
LTE
UE
source eNB
target eNB
Fast PMIPv6
MME
SGW PDN GW
User Data
1: Measurement
report
2: Handover decision
3: Handover
Request
4: Allocate TEID
6: handover
command
5: Handover
Request Ack
7: SN Status
Transfer
User Data
buffer DL data
8: Sync+RRC complete
User Data
9: Path Switch
Request
10: Modify Bearer
Request
User Data
end marker
stop fw
stop fw
12: Path Switch

13: UE Context Request Ack
Release
11: Modify Bearer

Response
http://msc-generator.sourceforge.net v3.4.18
Idle Mode
Used when the UE is not communicating
UE location is tracked on a Tracking Area (TA)
granularity
eNodeBs advertise their TA
UE periodically listens to advertisements (every few
seconds)
UE sends Tracking Area Update to MME, when TA
changes
TAU also sent periodically (e.g., once every 2 hours)
No eNodeB state is kept for UE

When traffic arrives to the UE,
the UE is paged
PAGING
UE periodically checks if data is available for it
Wakes up, (re)selects cell, reads broadcast and the
paging channel
Exact timing is pseudo-random per UE
If packet arrives to SGW

it buffers the packet
and notifies MME.
MME sends a Paging Request to all
eNodeBs in the TA of the UE
eNodeBs page the UE on its paging
slot locally
UE responds with a Service
Request
eNodeB state is built up
and UE is moved to connected
PDN GW
SGW
MME
UE
Idle mode issues

Idle mode is a great power-saving feature
A system-wide feature
Also saves a lot of RAN resources
Balancing of TA size is needed

Too large: many paging messages
Too small: many TAU messages from UE
Lot of optimizations: per-UE TA, overlapping TA, etc.
Connected Idle transitions are costly

Usually a timeout is used to go to idle
Not a good fit for chatty packet traffic
Easy to attack: an IP address range scan wakes up everyone
Key application design goal: reduce chattyness

The Phone OS also has responsibility
However, can be very effective when combined with DRX
61
LTE RRC State Machine

UE runs radio
resource control
(RRC) state machine
Two states: IDLE,
CONNECTED
Discontinuous
reception (DRX):
monitor one
subframe per DRX
cylce; receiver sleeps
in other subframes
Courtesy:Morley Mao
62
UMTS RRC State Machine

State promotions have promotion delay
State demotions incur tail times
Tail Time
Delay: 1.5s
Delay: 2s
Tail Time
Courtesy: Feng Qian
Channel
Radio
Power
IDLE
Not
allocated
Almost
zero
CELL_FA
CH
Shared,
Low
Speed
Low
CELL_DC
Dedicate
High
Why Power Consumptions of

RRC States so different?
IDLE: procedures based on reception
rather than transmission
Reception of System Information
messages
Cell selection registration (requires RRC
connection establishment)
Reception of paging messages with a DRX
cycle (may trigger RRC connection
establishment)
Location and routing area updates
(requires RRC connection establishment)
63

(Contd)
CELL_FACH: need to continuously
receive (search for UE identity in
messages on FACH), data can be sent
by RNC any time
Can transfer small data
UE and network resource required low
Cell re-selections when a UE moves
Inter-system and inter-frequency handoff
possible
Can receive paging messages without a
DRX cycle
64

(Contd)
CELL_DCH: need to continuously receive,
and sent whenever there is data
Possible to transfer large quantities of uplink
and downlink data
UE and network resource requirement is
relatively high
Soft handover possible for dedicated
channels and Inter-system and interfrequency handover possible
Paging messages without a DRX cycle are
used for paging purposes
65
Security
The SIM card

Subscriber Identity Module
Usually embedded in a physical SIM card
Initially specified in 1990 for GSM (freeze date of TS

11.11)
Carries subscriber credentials
IMSI: International Mobile Subscriber Identity 14-15 digits
MCC: Mobile Country Code 3 digits
MNC: Mobile Network Code 2 or 3 digits
Rest of the digits identify the subscriber
Keying material (essentially symmetric keys)
In the network HSS stores subscriber data

Including keying and phone number (MSISDN)
Enables roaming and phone replacement

Key features in GSM
MSISDN Mobile SubscriberISDNNumber
KEY hierarchy
AuC
SGi
HSS
PDN GW
S5
AKA procedure
SGW
MME
S11
S1-U
S1-CP
eNodeB
UE
USIM
Source: 33.401
Security architecture
AuC Authentication Centre
AKA Authentication and Key Agreement
NH Next Hop
Authentication at initial
attach
UE
eNodeB
1: Attach Request
(GUTI or IMSI)
MME
PDN GW
HSS
old MME
2: Identity Request
(GUTI)
3: Identity Response
(IMSI)
4: Identity Request
(GUTI)
5: Identity Response
(IMSI)
7: KASME
computed
SGW
6: Security functions (incl. AKA)

8: KASME
computed
9: Update Location Request

10: Update Location Ack
(subscription data)
11: Create Sesstion Request
12: Create Sesstion Request
13: IP address allocation
15: Create Sesstion Response 14: Create Sesstion Response

16: Attach Accept
+ keying
17: KeNB
received
18: Attach Accept
19: KeNB
computed
20: Attach Complete

21: First uplink packet
22: Modify Bearer
23: First downlink packet
S1 User Plane Security

Core Network
Gi
GGSN
First-hop router
GW towards external PDNs
VPN support over Gi
Policy Control
SGSN
IuPS
RNC
Iub
NodeB
UE
HSS
PDN GW
S5
Gn/Gp
Idle mode state
Lawful Intercept
Bearer management
AuC
SGi
SGW
No UP ciphering!
MME
S11
S1-U
S1-CP

Soft handover
UP Ciphering
eNodeB
Header Compression
L1
HSPA scheduling
RAN
UP ciphering
UE
USIM
S1 UP security
AuC
SGi
HSS
PDN GW
S5
SGW
IPsec tunnel
MME
S11
S1-U
S1-CP
eNodeB
UP ciphering
UE
USIM
handover
UE
source eNB
target eNB
MME
SGW PDN GW
User Data
1: Measurement
report
2: Handover decision
3: Handover
Request
{NH, NCC}
4: Allocate TEID
6: handover
command
5: Handover
Request Ack
7: SN Status
Transfer
User Data
buffer DL data
8: Sync+RRC complete
User Data
9: Path Switch
Request
User Data
10: Modify Bearer

Request
end marker
stop fw
MME pre-calculates NH keys
stop fw
11: Modify Bearer

12: Path Switch
Response
Request
Ack
13: UE Context
(new
{NH,
NCC}
pair)
Release
From KASME and NCC

NCC: NH Chaining Counter
3: Source eNodeB sends

{NH, NCC} to target eNodeB
Target eNB uses NH for KeNB
UE also calculates new KeNB
12: MME sends next
{NH, NCC} to target eNB
QoS architecture
QoS MATTERS IN CELLULAR

Overprovisioning is difficult
Resources are scarce (few 10s of MHzs)
Equipment and spectrum expensive
You need to use well what you have
Everything is more complicated

Due to the wide-area radio delays are higher
Primary application is delay sensitive
Money
People are (somewhat more) willing to pay
There is an infrastructure to charge
Service and price differentiation happens
Bearers
A bearer is a L2 packet transmission
channel
SGi
PDN-GW
HSS
S5
SGW S11 MME

to a specific external Packet Data
Network,
using a specific IP address/prefix,
S1-U
S1-CP
carrying a specific set of IP flows (maybe
all)
eNodeB
providing a specific QoS.
In 2G/3G also known as PDP Context

Bearer setup is explicitly signaled
UE
In LTE one bearer is always set up at

attachment
See more in: 23.107

QoS concept and architecture
Traffic to the same

external network
Bearers
IP microflows
A set of
IP microflows
Traffic with the

same IP address
A set of or IPv6 prefix
IP microflows
with the same QoS
Service Data Flow

Service Data Flow
External networks
PDN 1
PDN
connection
APN
traffic
Terminal
traffic
Service Data Flow dedicated

bearer
Service Data Flow
PDN 2
APN1 SGi
default
bearer
All traffic of a UE
SGi APN2
PDN GW PDN GW
SGW
Dedicated bearer: bearer with special QoS

Default bearer: rest of traffic with default QoS
MME
eNodeB
UE
Two default bearers

to diferent APNs
PDN Packet Data Network

APN Access Point Name
Why then no QoS?

(Apart from voice)
Terminal apps do not use QoS

Original IP socket API has minimal QoS features
No widespread QoS mechanism in fixed networks
Usually IP app developers do not care about network QoS
A number of QoS API failures
Conceptual difficulties
QoS must be authorized and charged
QoS can only be effectively decided in the face of its price
Complex QoS descriptors

Determining QoS parameters is challenging
E.g., 10-3 or 10-4 bit error rate?
Yet not flexible enough to cater for e.g., VBR video
Pre-rel.8 QoS descriptor
Maximum bit rate (octets 8-9)

0 0 0 0 0 0 0 1 The maximum bit rate is binary coded in
8 bits, using a granularity of 1 kbps
0 0 1 1 1 1 1 1 giving a range of values from 1 kbps to
63 kbps in 1 kbps increments.
0 1 0 0 0 0 0 0 The maximum bit rate is 64 kbps + ((the
binary coded value in 8 bits 01000000) * 8 kbps)
0 1 1 1 1 1 1 1 giving a range of values from 64 kbps to
568 kbps in 8 kbps increments.
1 0 0 0 0 0 0 0 The maximum bit rate is 576 kbps + ((the
binary coded value in 8 bits 10000000) * 64 kbps)
1 1 1 1 1 1 1 0 giving a range of values from 576 kbps
to 8640 kbps in 64 kbps increments.
1 1 1 1 1 1 1 1 0kbps
If the sending entity wants to indicate a Maximum bit
rate for uplink higher than 8640 kbps, it shall set octet 8
to 11111110, i.e. 8640 kbps, and shall encode the
value for the Maximum bit rate in octet 17.
Source: 24.008
Core network protocols; Stage 3
#1: Simple parameters

QCI: QoS Class Indicator
Scalar value encompassing
all packet treatment aspects
9 mandatory,
operators can define new
MBR: Max bitrate

GBR: Guaranteed bitrate
If nonzero, admission control is performed
ARP: Allocation and Retention Priority

priority (scalar): Governs priority at establishment and handover
pre-emption capability (flag): can this bearer pre-empt another?
pre-emption vulnerability (flag): can another bearer pre-empt this
one?
AMBR: Aggregated Maximum bitrate

Both a per-terminal and per-APN value
Source: 23.401, 23.203

GPRS Enhancements for E-UTRAN
Policy and Charging Control Architecture
#2: Network initiated

bearers
Allow a network application request QoS
Terminal app can remain QoS un-aware
Network can fully control QoS provided &
payment charged
No QoS API
1. Session setup
App
LTE
UE
3. Bearer
setup
App
LTE + EPC
2. Request QoS
Network
First specified in Release 7 for 3G

Not all terminals support it
Mandatory mode in LTE
Policy and Charging

Policy and Charging
Rules Function
Decides on QoS and
Charging
Controls gating
Service Policy Based
on
Request
Subscription data
Makes no resource
decisions
App
Flow descriptor (5-tuple)

Bandwidth
Application (voice/video/etc.)
Rx
SGi
PCRF
PDN GW
Gx
Flow descriptor (5-tuple)

QoS descriptor
Charging rules
Gating (on/of)
S5
SGW
MME
S11
S1-U
S1-MME
eNodeB
UE
Debate of 2007: On-path vs. off-path

for QoS/policy in 23.402
23.402
23.401
PCRF
vPCRF
Filters
Serving
GW
GTP signalling
S8-GTP
S1-GTP
PDN
GW
Filters
GTP signalling on user plane

path to set up bearers
Packets are marked to belong
to one of the bearers
Filters
GTP signalling
Serving
GW
Filters
hPCRF
Gx
Gxc
Gx
S1-GTP
S9
S8-PMIP
PDN
GW
Filters
No bearer with PMIP

Filters on SGW to classify into
bearers on S1
Motivation:
Alignment with other non-3GPP

accesses
Be different from GTP, experiment
What Is Next?
LTE Evolution
LTE-A meeting and exceeding IMTAdvanced requirements
Carrier aggregation
Enhanced multi-antenna support
LTE-C
Relaying
Rel-13
Enhancements for heterogeneous
LTE-B
deployments
Rel-12
Rel-14
LTE-A
Rel-11
LTE
Rel-10
Rel-9
Rel-8
LTE Evolution
LTE-B
Work starting fall 2012
Topics (speculative)
Device-to-device communication
LTE-C
Enhancements for machine-to-machine
Rel-13
communication
LTE-B
Green networking: reduce energy useRel-12
LTE-A
And more
Rel-11
Rel-14
LTE
Rel-10
Rel-9
Rel-8
A Clean-Slate Design:
Software-Defined Cellular
Networks
87
LTE Data Plane is too

Centralized
Data plane is too centralized
UE 1
UE: user
equipment
eNodeB 1
eNodeB: base
station
Cellular Core Network
S-GW: serving
gateway
P-GW: packet
Scalability challenges data
at P-network
eNodeB 2
gateway
GW on charging and policy
S-GW 1 enforcement!
eNodeB 3
UE 2
S-GW 2
GTP Tunnels
P-GW
Internet and
Other IP Networks
88
LTE Control Plane is too

Distributed
No clear separation of control plane and data plane

Control Plane
Data Plane
Mobility
Management
Entity
(MME)
User
Equipme
nt (UE)
Home
Subscriber
Server
(HSS)
Policy
Control and
Charging
Rules
Function
(PCRF)
Base
Serving
Station
(eNodeB)
Gateway
(S-GW)
Problem with
Intertechnology
(e.g. 3G to LTE)
handof
Problem of
inefficient radio
resource
allocation
Packet Data
Network
Gateway
(P-GW)
Advantages of SDN for Cellular

Networks
Advantage of logically centralized control plane
Flexible support of middleboxes
Better inter-cell interference management
Scalable distributed enforcement of QoS and
firewall policies in data plane
Flexible support of virtual operators by partitioning
flow space
Advantage of common control protocol

Seamless subscriber mobility across technologies
Advantage of SDN switch

Traffic counters enable easy monitoring for
network control and billing
89
90
Flexible Middlebox Support

SDN provides fine grained packet classification and flexible routing
eNodeB 1
eNodeB 2
Easy to control flow to

middleboxes for content
adaptation, echo cancellation,
etc
Reduce
traffic to middleboxes
Middlebox
UE 1
SDN Switch
eNodeB 3
UE 2
Path setup for UE
by SDN controller
Internet and
Other IP Networks
91
Flexible Middlebox Support

(Contd)
SDN switch can support some middlebox functionality
eNodeB 1
eNodeB 2
UE 1
Easy to satisfy policy for

traffic not leaving
cellular network
Reduce the need for
extra devices
SDN Switch
eNodeB 3
UE 2
Path setup for UE
by SDN controller
Internet and
Other IP Networks
92
Monitoring for Network Control &

Billing
Packet handling rules in SDN switches can efficiently
monitor traffic at different level of granularity
Enable real time control and billing
Rule
Action
Stats
Packet + byte counters
1. Forward packet to port(s)

2. Encapsulate and forward to controller
3. Drop packet
4. Send to normal processing pipeline
Switch MAC
Port
src
+ mask
MAC
dst
Eth
type
VLAN
ID
IP
Src
IP
Dst
IP
Prot
TCP
sport
TCP
dport
93
Seamless Subscriber
Mobility
UE 1
UE 2
SDN provides
a common
eNodeB 1
control
protocol
works across
different
X+1-Gen Cellular Network
cellular
eNodeB 2
technologies
Forwarding
X-Gen Cellular Network
rules can be
pushed to
switches in
Internet
and
parallel
eNodeB 3
SDN Switch
SDN
Control
Plane
Other IP Networks
Path setup for UE

by SDN controller
94
Distributed QoS and ACL

Enforcement
eNodeB 1
eNodeB 2
LTEs PCEF is
centralized at
P-GW which is
Access policy checked inflexible
In SDN switches distributedly
UE 1
SDN Switch
eNodeB 3
UE 2
Path setup for UE

by SDN controller
Internet and
Other IP Networks
95
Virtual Operators
Flexible network virtualization by slicing flow space
eNodeB 1
Virtual
Operator(V
O)
(Slice 1)
VO1
eNodeB 2
Virtual
Operator
(Slice N)
Slicing Layer: CellVisor
UE 1
VO2
SDN Switch
eNodeB 3
UE 2
Virtual
operators may
want to
innovate in
mobility,
billing,
charging, radio
access
Internet and
Other IP Networks
96
Inter-Cell Interference
Management
Central base station control: better interference management
eNodeB 1
eNodeB 2
Radio
Resour
ce
Manag
er
Global view and

more computing
power
Network Operating
System: CellOS
LTE distributed
interference
management i
suboptimal
UE 1
SDN Switch
eNodeB 3
UE 2
Internet and
Other IP Networks
97
CellSDN Architecture
CellSDN provides scalable, fine-grain
real time control with extensions:
Controller: fine-grain policies on
subscriber attributes
Switch software: local control agents to
improve control plane scalability
Switch hardware: fine-grain packet
processing to support DPI
Base stations: remote control and
virtualization to enable flexible real time
radio resource management
CellSDN Architecture
(Contd)
98
Central control of radio

resource allocation
Radio
Resour
ce
Manag
er
Mobilit
y
Manag
er
Subscrib
er
Informat
ion Base
Policy
and
Charging
Rule
Function
Infrastruct
ure
Routin
g
Network Operating System: CellOS
Translates policies on
subscriber attributes to
rules on packet header
SCTP instead of TCP to
avoid head of line blocking
Cell
Agent
Radio
Hardw
are
Cell
Agent
Packet
Forwardi
ng
Hardwar
e
Cell
Agent
Packet
Forwardi
ng
Hardwar
e
Offloading controller
actions, e.g. change priority
if counter exceed threshold
DPI to packet classification
based on application
99
CellSDN Virtualization
Network
OS
(Slice 1)
Network
OS
(Slice 2)
Network
OS
(Slice N)
Slicing Layer: CellVisor

Cell
Agent
Radio
Hardw
are
Cell
Agent
Packet
Forwardi
ng
Hardwar
e
Cell
Agent
Packet
Forwardi
ng
Hardwar
e
Slice semantic space,

e.g. all roaming
subscribers, all
iPhone users
100
Conclusion and Future Work

LTE promises hundreds of Mbps and
10s msec latency
There are key architecture problems
need to be solved
Software-defined networking can help!

Lec6 Intro Cellular

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Lec6 Intro Cellular

Загружено:

Авторское право:

Доступные форматы

Cellular Networks and Mobile

Please email me the presentation

Review of Previous Lecture

Review of Previous Lecture

Review of Previous Lecture

Review of Previous Lecture

Cells leverages its foreground-background VP

Courtesy: Jason Nieh et al.

Review of Previous Lecture

Random versus Sequential

Should OS Manage Context?

each CDU is defined by a CDU Generator:

Scheduling I/O Memory

GPS, Cell, WiFi accel, gyro, mag

System Support for Mobile App Optimization (lecture 4,5)

Interaction with Cellular Networks (lecture 6,7,8)

Interaction with the Cloud (lecture 9,10)

Mobile Platform Security and Privacy (lecture 11,12,13)

Cellular Networks Impact

More Mobile Users

Mobile Data Tsunami

Source: CISCO Visual Networking Index (VNI) Global Mobil Data

Courtesy: Zoltn Turnyi

Courtesy: Zoltn Turnyi

3GPP standardizes systems

3GPP way of working

It shall be possible to...

E.g., 22-series specs

Specification numbering example:

Updated after a meeting

Courtesy: Zoltn Turnyi

3GPP specification groups

Starting points on 3GPP

Main architecture references

Many users in a cell

Quality of Service with resource management

Battery consumption critical

Physical Layer: UMTS

Physical Layer: UMTS

Physical Layer: UMTS

Multiple base stations send/receive same data to

UMTS Universal Mobile Telecommunication System

(packet-oriented high data rate)

(64, 128, 384 kbits/s, 2 Mbit/s)

(low data rate, random access)

Courtesy: Zoltn Turnyi

Hybrid ARQ with soft combining

Most radio functions moved to NodeB

LTE air interface

Time domain structure

Slot (0.5 ms)

LTE air interface: Downlink

Orthogonal Frequency Division

Closely spaced sub-carriers without guard

Each sub-carrier undergoes (narrow

Narrow Band (~10 Khz)

- Simplified receiver processing

Frequency or multi-user diversity through

Dynamic power allocation across sub-

Sub-carriers remain orthogonal under carriers allows for interference mitigation

LTE air interface: Uplink

Users are carrier