\section{The GSM core network}

\subsection{GSM core network components}

\begin{frame}{GSM core network components}
    \begin{description}[MSC]
      \item[MSC] (Mobile Switching Center): The central switch
      \item[HLR] (Home Location Register): Database of subscribers
      \item[AUC] (Authentication Center): Database of authentication keys
      \item[VLR] (Visitor Location Register): For roaming users
      \item[EIR] (Equipment Identity Register): To block stolen phones
    \end{description}
\end{frame}

\begin{frame}{GSM network structure}
\begin{description}[BTS]
\item[MSC] Actual call switching and top-level mobility functions.  May serve dozens of location areas
\item[VLR] Temporary cache of subscriber data from HLR + TMSI
\item[HLR] Subscriber databases + subscriber location information
\item[AUC] Generation of authentication tuples
\item[SMSC] SMS Service Centre, store+forward for SMS
\end{description}
\end{frame}

\begin{frame}{GSM core network integration}
\begin{itemize}
	\item VLR often integrated into MSC
	\item AUC often integrated with AUC
	\item integration so common, many graphs/diagrams are actually
not 100\% correct
\end{itemize}
\end{frame}

\begin{frame}{GSM Network Structure}
\includegraphics[width=100mm]{gsm_network.png}
\end{frame}

\begin{frame}{GSM network interfaces}
  \begin{description}[D]
    \item[C] Interface between GMSC and HLR
    \item[D] Interface between MSC and HLR
    \item[E] Interface between MSC and MSC
  \end{description}
All of them based on MAP, so C/D/E not commonly distinguished
\end{frame}

\subsection{GSM core network protocols}

\begin{frame}{core network protocol stack}
Traditional telephony based on SS7 / CS7, GSM too
\begin{itemize}
	\item Lower layers (MTP2/MTP3) re-used
	\item ISUP used for actual call control signalling
	\item SCCP for routing / GTT
	\item TCAP for transaction supprt
	\item MAP for actual GSM related signalling
\end{itemize}
\end{frame}

\begin{frame}{SS7 networks}
\begin{itemize}
	\item STP - Signalling Transfer Point
	\begin{itemize}
		\item {\em Router} for SCCP
		\item performs GTT (see below)
	\end{itemize}
	\item SCP - Signalling Control Point
	\begin{itemize}
		\item {\em End-node} like MSC/HLR
		\item SCP has GT, PC, ..
	\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{SS7 addresses}
\begin{itemize}
	\item Point Code (PC)
	\begin{itemize}
		\item typically unique within PLMN / country
	\end{itemize}
	\item Global Title (GT)
	\begin{itemize}
		\item world-wide unique address
		\item translated into PC by GTT at STP
	\end{itemize}
	\item Subsystem Number (SSN)
	\begin{itemize}
		\item logical function address inside network (MSC, VLR, HLR, ...)
		\item not used on international links
	\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{SS7 GTT (Global Title Translation)}
Global Title Translation
\begin{itemize}
	\item can happen at any STP
	\item translates a Destination GT into new destination address
	\item new dest address can be any address, such as
	\begin{itemize}
		\item new global title (GT)
		\item point code (PC)
		\item sub-system number (SSN)
	\end{itemize}
	\item GTT rules explicitly configured by operator, e.g.
	\begin{itemize}
		\item prefix or range based match
		\item (inter)nationalize numbering plan
		\item add digits at beginning or end
	\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{SS7 physical layer}
\begin{itemize}
	\item{classic SS7 signalling over TDM circuits}
	\begin{itemize}
		\item E1 timeslot (64kbps)
		\item multiple E1 timeslots (N*64kbps)
		\item MTP Level 2 / MTP Level 3
	\end{itemize}
	\item modern networks use SIGTRAN
	\begin{itemize}
		\item IP as network layer replaces E1 lines
		\item SCTP on top(no TCP/UDP!)
		\item many different SIGTRAN stacking options
	\end{itemize}
	\item some vendor-proprietary protocols like SCCPlite
\end{itemize}
\end{frame}

\begin{frame}{SIGTRAN stacking options}
SIGTRAN != SIGTRAN
\begin{itemize}
	\item IP/SCTP/M2PA/MTP2/MTP3/SCCP/TCAP/MAP
	\item IP/SCTP/M2UA/MTP3/SCCP/TCAP/MAP
	\item IP/SCTP/M3UA/SCCP/TCAP/MAP
	\item IP/SCTP/SUA/TCAP/MAP
\end{itemize}
\end{frame}

\begin{frame}{SCCP}
SCCP takes care of
\begin{itemize}
	\item Global Title based addressing
	\item Global Title Translation
	\item connection-oriented or connectionless semantics
	\item GSM core network interfaces with MAP/CAP only use
connection-less UDT service
\end{itemize}
\end{frame}

\begin{frame}{TCAP}
\begin{itemize}
	\item Idea: decouple transaction logic from actual application
	\item transaction semantics can be used by multiple higher-layer protocols
	\item state machines on both sides maintained outside of application
	\item protocol specified in ASN.1, BER encoding
\end{itemize}
\end{frame}

\begin{frame}{MAP - Mobile Application Part}
\begin{itemize}
	\item used between all classic GSM core network components
	\item application protocol on top of TCAP
	\item protocol specified in ASN.1, BER encoding
\end{itemize}
\end{frame}

\begin{frame}{CAP - Camel Application Part}
\begin{itemize}
	\item used for CAMEL entities (gsmSCF, gsmSSF, gprsSSF, gsmSRF)
	\item application protocol on top of TCAP
	\item protocol specified in ASN.1, BER encoding
\end{itemize}
\end{frame}

%\section{Roaming interfaces}
%
%\subsection{Roaming introduction}
%
%\begin{frame}{Introduction to Roaming}
%Roaming enables subscribers to use other operators' networks
%\begin{itemize}
%	\item Home Network is called HPLMN
%	\item Visited Network is called VPLMN
%	\item Roaming requres between HPLMN and VPLMN
%	\begin{itemize}
%		\item Roaming agreement (contract)
%		\item SS7 connectivity (ISUP/MAP/CAP)
%		\item IP connectivity (for packet data)
%	\end{itemize}
%\end{itemize}
%\end{frame}
%
%\begin{frame}{Roaming principle}
%\begin{itemize}
%	\item MS, MSC, VLR and SGSN are in VPLMN
%	\item HLR, AUC, GMSC and GGSN are in HPLMN
%	\item they talk to each other via MAP, just like in non-roaming case
%	\item selection of HPLMN based on IMSI of subscriber
%	\item non-roaming caes: HPLMN == VPLMN
%\end{itemize}
%\end{frame}
%
%\begin{frame}{MVNO - Mobile Virtual Network Operators}
%A MVNO setup is a special case of roaming
%\begin{itemize}
%	\item MNO operates PLMN with RAN and CN
%	\item MVNO operates HPLMN without RAN (BSC/BTS)
%	\item MVNO subscribers always roam into MNO network
%\end{itemize}
%\end{frame}
%
%\subsection{Roaming transactions}
%FIXME

%\subsection{Traditional Billing}
%
%\begin{frame}{Traditional Billing}
%Initially, GSM was designed for business users
%\begin{itemize}
%	\item Billing was always post-paid
%	\item Each PLMN simply logs all call/sms
%	\item Logs called CDR (Call Data Record)
%	\item At the end of the month, invoices are generated
%	\item CDR records are exchanged between roaming partners
%\end{itemize}
%\end{frame}
%
%\begin{frame}{Billing for Roaming}
%\begin{itemize}
%	\item CDR files often vendor-specific / custom
%	\item GSMA established a standard called TAP
%	\item TAP is the standard for exchange of billing records
%between roaming partners
%	\item Summary: Intra-PLMN: CDR, Inter-PLMN: TAP
%	\item TAP has many versions/generations
%	\item Specified in ASN.1
%\end{itemize}
%\end{frame}
%
%\begin{frame}{The advent of pre-paid}
%\begin{itemize}
%	\item At some point, users wanted pre-paid services
%	\item Difficult to implement in traditional billing architecture
%	\item In HPLMN, every operator could come up with custom
%solution
%	\item Thus, pre-paid initially not supported in roaming
%	\item In the early pre-paid days, there were lots of ways to exceed pre-paid balance 
%\end{itemize}
%\end{frame}
%
%\begin{frame}{Pre-paid required fundamental changes}
%\begin{itemize}
%	\item The pre-paid balance / account is maintained in HPLMN
%	\item HPLMN needs much more control over user while roaming
%	\item A new protocol (CAMEL) was introduced, as well as new
%entities in the network
%	\item Lots of changes all over netowrk elements (MSC, SGSN, HLR)
%\end{itemize}
%\end{frame}
%
%\subsection{CAMEL}
%
%\begin{frame}{CAMEL - Customized Applications Mobile Enhanced Logic}
%\begin{itemize}
%	\item gsmSCF - Service Control Function
%	\begin{itemize}
%		\item receives per-subscriber specific config from HLR
%(CSI: CAMEL Subscription Information)
%		\item remotely controls call, SMS, etc. processing
%	\end{itemize}
%	\item gsmSSF - Service Switching Function
%	\begin{itemize}
%		\item built into MSC
%		\item hooks / triggers at key state changes
%		\item allows gsmSCF to alter/override/abort transactions
%	\end{itemize}
%	\item gprsSSF provides similar feature inside SGSN
%\end{itemize}
%\end{frame}