path: root/2011/cell_prot_int-ccc2011/cell_prot_int.tex

% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $

\documentclass{beamer}

\usepackage{url}
\makeatletter
\def\url@leostyle{%
  \@ifundefined{selectfont}{\def\UrlFont{\sf}}{\def\UrlFont{\tiny\ttfamily}}}
\makeatother
%% Now actually use the newly defined style.
\urlstyle{leo}


% This file is a solution template for:

% - Talk at a conference/colloquium.
% - Talk length is about 20min.
% - Style is ornate.



% Copyright 2004 by Till Tantau <tantau@users.sourceforge.net>.
%
% In principle, this file can be redistributed and/or modified under
% the terms of the GNU Public License, version 2.
%
% However, this file is supposed to be a template to be modified
% for your own needs. For this reason, if you use this file as a
% template and not specifically distribute it as part of a another
% package/program, I grant the extra permission to freely copy and
% modify this file as you see fit and even to delete this copyright
% notice. 


\mode<presentation>
{
  \usetheme{Warsaw}
  % or ...

  \setbeamercovered{transparent}
  % or whatever (possibly just delete it)
}


\usepackage[english]{babel}
% or whatever

\usepackage[latin1]{inputenc}
% or whatever

\usepackage{times}
\usepackage[T1]{fontenc}
% Or whatever. Note that the encoding and the font should match. If T1
% does not look nice, try deleting the line with the fontenc.


\title{Cellular Protocols for Mobile Internet}

\subtitle
{GPRS, EDGE, UMTS, HSPA demystified}

\author{Harald Welte <laforge@gnumonks.org>}

\institute
{gnumonks.org\\OpenBSC\\OsmocomBB\\hmw-consulting.de\\sysmocom GmbH}
% - Use the \inst command only if there are several affiliations.
% - Keep it simple, no one is interested in your street address.

\date[28c3] % (optional, should be abbreviation of conference name)
{28C3, December 2011, Berlin/Germany}
% - Either use conference name or its abbreviation.
% - Not really informative to the audience, more for people (including
%   yourself) who are reading the slides online

\subject{Communications}
% This is only inserted into the PDF information catalog. Can be left
% out. 



% If you have a file called "university-logo-filename.xxx", where xxx
% is a graphic format that can be processed by latex or pdflatex,
% resp., then you can add a logo as follows:

% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename}
% \logo{\pgfuseimage{university-logo}}



% Delete this, if you do not want the table of contents to pop up at
% the beginning of each subsection:
%\AtBeginSubsection[]
%{
%  \begin{frame}<beamer>{Outline}
%    \tableofcontents[currentsection,currentsubsection]
%  \end{frame}
%}


% If you wish to uncover everything in a step-wise fashion, uncomment
% the following command: 

%\beamerdefaultoverlayspecification{<+->}


\begin{document}

\begin{frame}
  \titlepage
\end{frame}

\begin{frame}{Outline}
  \tableofcontents[hideallsubsections]
  % You might wish to add the option [pausesections]
\end{frame}


% Structuring a talk is a difficult task and the following structure
% may not be suitable. Here are some rules that apply for this
% solution: 

% - Exactly two or three sections (other than the summary).
% - At *most* three subsections per section.
% - Talk about 30s to 2min per frame. So there should be between about
%   15 and 30 frames, all told.

% - A conference audience is likely to know very little of what you
%   are going to talk about. So *simplify*!
% - In a 20min talk, getting the main ideas across is hard
%   enough. Leave out details, even if it means being less precise than
%   you think necessary.
% - If you omit details that are vital to the proof/implementation,
%   just say so once. Everybody will be happy with that.

\begin{frame}{About the speaker}
\begin{itemize}
	\item Using + playing with Linux since 1994
	\item Kernel / bootloader / driver / firmware development since 1999
	\item IT security expert, focus on network protocol security
	\item Former core developer of Linux packet filter netfilter/iptables
	\item Board-level Electrical Engineering
	\item Always looking for interesting protocols (RFID, DECT, GSM)
	\item OpenEXZ, OpenPCD, Openmoko, OpenBSC, OsmocomBB, OsmoSGSN
\end{itemize}
\end{frame}

\section{Evolution of cellular networks}

\subsection{GSM/GPRS/EDGE}

\begin{frame}{GSM / CSD}
\begin{itemize}
	\item GSM is the first digital cellular system, developed in 1980ies, first deployment 1990
	\item GSM is a pure circuit-switched technology, like POTS/ISDN in the land-line world
	\item GSM offers CSD (circuit switched data) to provide similar service as analog modems in land-line telephone network
	\item CSD offers data rates 2400 / 4800 / 9600 / 14400 bps
	\item CSD still supported by a number of operators today
\end{itemize}
\end{frame}

\begin{frame}{GSM / HSCSD}
\begin{itemize}
	\item HSCSD is High-Speed CSD
	\item HSCSD bundles up to four GSM time-slots to achieve 38.4/57.6kbps data speeds
	\item very expensive in terms of network load (1 data session occupies 4 to 8 times the bandwidth of a phone call)
	\item was popular for a very short time only, dead by now
\end{itemize}
\end{frame}

\begin{frame}{GPRS}
\begin{itemize}
	\item GPRS (General Packet Radio Servie) specified in 1990ies, first deployed 1999
	\item A separate, independent network to GSM, using same modulation/channeling and time-slot structure
	\item Introduces lots of GPRS-specific equipment (CCU, PCU, SGSN, GGSN) to the network 
	\item packet-switched, not circuit switched
	\item net band-width for IP around 56 to 114 kbits/sec
	\item available virtually anywhere on the world except Japan/Korea
\end{itemize}
\end{frame}

\begin{frame}{EDGE}
\begin{itemize}
	\item Enhanced Data-rates for GSM evolution, EGPRS and ECSD
	\item Actually, most people mean only EGPRS when they say EDGE
	\item uses same channel/bandwidth/TDMA as GPRS
	\item physical layer uses 8PSK modulation instead of GMSK
	\item no real changes to any higher protocol layers
	\item most phones support EGPRS up to 236 kbits/sec
	\item available virtually anywhere on the world except Japan/Korea
\end{itemize}
\end{frame}

\subsection{UMTS - 3G}

\begin{frame}{UMTS}
\begin{itemize}
	\item UMTS (Universal Mobile Telephony System) developed in 1996-1999
	\item First commercial deployments 2002
	\item 384 kbits/sec downlink, 128 kbits/sec uplink
	\item entirely new system, not an evolution/extensions of GSM/GPRS/EDGE
	\item Wideband CDMA (WCDMA) used as modulation technique
	\item Supports CS (ciruit switched) and PS (packet switched) services
	\item fixed part of the network heavily uses ATM over SONET/SDH
\end{itemize}
\end{frame}

\begin{frame}{HSDPA}
\begin{itemize}
	\item introduces new transport channel: HS-DSCH (High Speed Downlink Shared Channel)
	\item added in UMTS Release >= 5
	\item uses new physical channels: HS-SCCH, HS-DPCCH, HS-PDSCH
	\item adaptive modulation (QPSK, 16-QAM, 64-QAM)
	\item 3.6 Mbits/sec downlink
	\item Rel-5 also introduces 384 kbits/sec uplink
\end{itemize}
\end{frame}

\begin{frame}{HSUPA}
\begin{itemize}
	\item HSUPA (High Speed Uplink Packet Access) == EUL (Enhanced Uplink)
	\item added in UMTS Releae >= 6
	\item similar techniques as for HSUPA but uplink
	\item new physical channels: E-AGCH, E-RGCH, E-DPCH, E-HICH, E-DPCCH, E-DPDCH
	\item Hybrid-ARQ to improve performance of re-transmissions
	\item common use up to 5.76 Mbits/sec
\end{itemize}
\end{frame}

\begin{frame}{HSPA+}
\begin{itemize}
	\item HSPA+ == ESPA (Evolved High Speed Packet Access)
	\item added in UMTS Release >= 7
	\item up to 84 Mbits/sec DL, up to 22Mbits/s UL
	\item MIMO, QAM-64, combining two cells (dual-cell)
	\item theoretical maximum at 186 Mbit/s
	\item first deployments in 2008
\end{itemize}
\end{frame}


\section{GSM / GPRS / EDGE}

\subsection{Circuit Switched Data (CSD)}

\begin{frame}{Circuit Switched Data}
\begin{itemize}
	\item Not covered here, only historic relevance...
\end{itemize}
\end{frame}

\subsection{GPRS Stacking and Layers}

\begin{frame}{GSM / GPRS Network Structure}
\begin{figure}[h]
	\centering
	\includegraphics[width=95mm]{Gsm_structures.pdf}
\end{figure}
\end{frame}

\begin{frame}{GPRS Control Plane Stacking}
\begin{figure}[h]
	\centering
	\includegraphics[width=115mm]{gprs_control_stack.pdf}
\end{figure}
\end{frame}

\begin{frame}{GPRS User Plane Stacking}
\begin{figure}[h]
	\centering
	\includegraphics[width=115mm]{gprs_user_stack.pdf}
\end{figure}
\end{frame}

\begin{frame}{GPRS Lower Layers}
\begin{itemize}
	\item MAC (Medium Access Control), TS 44.060
	\item MAC layer immediately on top of PDTCH physical channel
	\item RLC (Radio Lonk Control), also TS 44.060
	\item RLC layer on top of MAC layer
	\item resource allocation always controlled by network
	\item message encoding specified in CSN.1 (Concrete Syntax Notation)
\end{itemize}
\end{frame}

\begin{frame}{GPRS Gb Layers}
\begin{itemize}
	\item NS (Network Service) layer, TS 08.16
	\begin{itemize}
		\item maintains (redundant) physical links on top of frame relay
		\item fail-over and load-sharing over various links
		\item NS originally used over FR (Frame Relay)
		\item sometimes NS in FR in IP
		\item later also NS-over-IP (NSIP) using UDP
	\end{itemize}
	\item BSSGP (Base Station Subsystem Gateway Protocol), TS 08.18
	\begin{itemize}
		\item BVCI (BSSGP Virtual Connection Identifier)
		\item maintains one BVC for each BTS in a BSS
		\item maintains one additional BVC for each BSS (paging)
		\item implements flow control (BSS, MS, PFC)
		\item very inefficient due to large headers for every msg
	\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{GPRS LLC Layer}
\begin{itemize}
	\item SNDCP (Sub-Network Dependent Convergence Protocol), TS 04.64
	\item LLC (Logical Link Control) established between SGSN and MS
	\item supports acknowledged and unacknowledged mode
	\item one SAPI for signalling (GMM, SM)
	\item additional SAPIs available for user traffic in SNDCP
	\item GEA encryption happens on LLC layer
	\item Checksumming
\end{itemize}
\end{frame}

\begin{frame}{GPRS SNDCP Layer}
\begin{itemize}
	\item SNDCP (Sub-Network Dependent Convergence Protocol), TS 04.65
	\item general-purpose encapsulation for user packte data
	\item intiially intended for X.25 and OSI protocols, also IP
	\item today only used with IP payload
	\item IP header compression, v.42bis payload compression
	\item multiple streams (NSAPI) can exist over a LLC SAPI
\end{itemize}
\end{frame}

\begin{frame}{GPRS Mobility Management}
\begin{itemize}
	\item GMM (GPRS Mobility Management) corresponds to GSM MM
	\item signalling directly on top of LLC, no SNDCP is used
	\begin{itemize}
		\item Routeing Area Update
		\item GPRS Attach/Detach
		\item Authentication (same as GSM A3/A8)
		\item P-TMSI reallocation
		\item Identification Procedure
		\item SMS delivery via GPRS
	\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{Example GRPS MM Procedure}
\begin{figure}[h]
	\centering
	\includegraphics[width=65mm]{gprs_ra_upd.png}
\end{figure}
\end{frame}


\begin{frame}{GPRS Session Management}
\begin{itemize}
	\item SM (Session Management) maintains tunnels to external
packet data networks
	\item each session is called a PDP Context
	\item multiple PDP contexts can be active at any point in time
	\item Address of tunnel broker (GGSN) called APN (access point name)
	\item SSGN uses (private) DNS zones for resolving GGSN IP based on APN
	\item SGSN maintains state, but actual establishment is handled via GTP-C by the GGSN
	\item each PDP context has its APN, QoS, IPv4/IPv6 address, etc.
\end{itemize}
\end{frame}

\begin{frame}{Example GRPS SM Procedure}
\begin{figure}[h]
	\centering
	\includegraphics[width=85mm]{gprs_pdp_ctx_act.png}
\end{figure}
\end{frame}

\subsection{Core Network Protocols}

\begin{frame}{GTP Protocol between SGSN and GGSN}
\begin{itemize}
	\item GTP (GPRS Tunnelling Protocol), TS 29.060
	\item the only protocol specified over IP right from the beginning
	\item GGSN can be an IP-only device, no SS7/SIGTRAN/E1/FR required
	\item GTP-C for tunnel setup/teardown (SM procedures)
	\item GTP-U for encapsulating actual user data
	\item no authentication/encryption, intended to be used in private intra or inter-operator links only
\end{itemize}
\end{frame}


\section{UMTS / HSDPA / HSUPA}

\subsection{UMTS Protocol Overview}

\begin{frame}{UMTS PS Intro}
\begin{itemize}
	\item Higher layers (GMM, SM) re-used from GPRS
	\item SGSN and GGSN functional entities remain almost unchanged
	\item Large differences in SGSN-RAN communication (RANAP instead of BSSGP/NS)
	\item Anything below RANAP again quite different from GPRS
\end{itemize}
\end{frame}

\begin{frame}{UMTS Network Architecture}
\begin{figure}[h]
	\centering
	\includegraphics[width=90mm]{UMTS_Network_Architecture.pdf}
\end{figure}
\end{frame}

\begin{frame}{UMTS Control Plane Stacking}
\begin{figure}[h]
	\centering
	\includegraphics[width=110mm]{umts_ps_control.pdf}
\end{figure}
\end{frame}

\begin{frame}{UMTS User Plane Stacking}
\begin{figure}[h]
	\centering
	\includegraphics[width=110mm]{umts_ps_user.pdf}
\end{figure}
\end{frame}

\begin{frame}{UMTS RLC/MAC Layer}
\begin{itemize}
	\item MAC specified in TS 25.321
	\item RLC specified in TS 25.322
	\item not in any formal syntax (uncommon in UMTS!)
	\item RLC level implements encryption, segmentation, retransmission
\end{itemize}
\end{frame}

\begin{frame}{UMTS RRC Layer}
\begin{itemize}
	\item RRC specified in TS 25.331
	\item completely new protocol, unlike GSM/GRPS RR
	\item formally specified in ASN.1, uses PER
	\begin{itemize}
		\item measurement control
		\item ciphering control
		\item paging
		\item radio bearer management
		\item SYS\_INFO broadcast
		\item integrity check
	\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{UMTS PDCP Layer}
\begin{itemize}
	\item PDCP specified in TS 25.323
	\item corresponds to functionality of SNDCP in GPRS
	\item handles user data payload and header compression
	\item utilizes RFC 3095 (ROHC) and RFC 2507 (IP Hdr Comp)
	\item between User IP and RLC
\end{itemize}
\end{frame}

\subsection{UMTS network internal protocols}

\begin{frame}{UMTS RANAP Layer}
\begin{itemize}
	\item RANAP (Radio Access Network Application Part), TS 25.413
	\item signalling between SGSN and RAN (RNC)
	\item formally specified in ASN.1, uses PER encoding
	\item never visible to the user, only in back-haul network
	\item Vodafone UK / Alcatel-Lucent Femtocells use RANAP!
\end{itemize}
\end{frame}


\begin{frame}{UMTS NBAP Layer}
\begin{itemize}
	\item NBAP (NodeB Application Part), TS 25.443
	\item signalling between RNC and NodeB inside RAN
	\item formally specified in ASN.1
	\item never visible to the user, only in back-haul network
	\item is what you need to implment first to drive UMTS NodeBs from eBay ;)
\end{itemize}
\end{frame}

\begin{frame}{UMTS GTP Layer between SGSN and GGSN}
\begin{itemize}
	\item exactly the same as for GPRS
	\item some new/extended information elements for e.g. 3G QoS
	\item GGSN doesn't need to change between 2G and 3G networks
\end{itemize}
\end{frame}

\begin{frame}{HSPA+ related changes}
\begin{itemize}
	\item SGSNs have become a bottleneck in modern data-driven cellular networks
	\item SGSNs can be bought up to 40Gbps throughput, but most are smaller
	\item think of 20,000 cells, each 3 sectors with 20Mbps+ each...
	\item HSPA+ eNodeB contains small SGSN internally, user data directly passed to GGSN
	\item this means segmentation, compression and encryption is no longer on a centralized node but done on the edge of the network
\end{itemize}
\end{frame}

\begin{frame}{Thanks}
Thanks for your attention.  I hope we have time for Q\&A.
\end{frame}


\end{document}