Tuesday, April 28, 2009

LTE : UE initial Attach

Source : 3GPP TS 23.401 & 3GPP TS 29.274 [LTE Bibles :) ]

Lots of people asked me about UE initial attach. So I thought of blogging about it. Initially I was confused about how UE attaches to the network. With specs talking of default bearer and dedicated bearer every thing went over head. I must also say that both specs which I mentioned above are not referring to each other very well. It will definitely take some time figure out how things are working in LTE. I remember attending a webinar conducted by Light reading where the presenter asked a question regarding the clarity and completion of specs. No wonder more that 60% of attendees voted to option saying specs are still not clear. Well understanding UE initial attach proves the point. Lets move ahead.

Now the LTE is all IP, there has to be always a bearer established. That means when the UE comes up it has to get an IP address. When you switch on the UE, UE sends out a attach request to eNB with bunch of IE's attached. Kindly refer to 3GPP TS 23.401 for IE's that UE send out. Note that this is encapsulated in RRC and and send to eNB. eNB forwards the request to MME. Here is where GTPv2 starts. So you should be having 3GPP TS 29.274 open. When MME receives attach request for the first time it puts in few more IE's and forwards the request to SGW, which forward the request to PGW. Now to understand initial attach better lets restrict ourselves to communication between MME, SGW and PGW. The communication between them takes place using GTPv2 protocol.

If you open 29.274 spec you will find create session request. This is used in UE initial attach to create default bearer. Confusion!! The message type is "Create Session Request" and it is creating "Default bearer". Yes, it is like that. This message is also used for other things like " UE requested PDN connectivity", "Tracking area update" etc etc. Spec clearly gives where this message is to be used. Ok! So we have Create session request being sent asking for establishment of default bearer. MME reads the APN and forwards the request to proper SGW, which again forwards it to PGW. Now PGW responds to the request with a response. This is "Create session response". The response contains Ip address to be assigned to the UE, default bearer ID etc. PGW sends the response to SGW which in turn forwards to MME.MME forwards the response to eNB which in turn sends it to UE. With this response we have a default bearer established. This how a create session request look like.


Refer to spec for detailed IEs. Now that you have default bearer established traffic from UE can start. Note that this bearer is always established. It gets torn down only when the UE is powered down or goes out of network area or something. After the default bearer is established traffic has to flow. Since we have direct tunneling, which means the user plane traffic flows from eNB to SGW without the intervention of MME. This is S1-U interface. To indicate this interface to PDN GW, MME sends out a modify bearer request immediately after the default bearer is created. So modify bearer request modifies the default bearer user plan. PGW responds to modify bearer request with modify bearer response. If the response is success then we have user plane setup for traffic flow. This completes the default bearer establishment from my perspective. You can sends other messages based on your implementation. But I think these two requests are must. So how does the call flow look like?

I hope the figure is visible. After that default bearer is established, we can ask for other bearers based on the applications running on UE. These are called dedicated bearers. I was completely confused when the dedicated bearers came in. I could not co-relate the dedicated bearer to secondary PDP context. But later I figured out the trick. I wrote about the dedicated bearers sometime back. Now if you go back to 29.274 you will find create bearer request. This request is used to establish dedicated bearers but not default bearer. I was very confused when I read the dedicated bearers are network initiated. The thing is since LTE is all on IP and if you are receiving a call then network may initiate dedicated bearer to forward that call to you. This doesnt mean that UE cannot ask for dedicated bearers. UE can ask for dedicated bearers by sending out bearer modification command but UE cannot send create bearer request. Bearer modification command will make PDN trigger a dedicated bearer. If you have just started reading the specs it will take a while to understand things, but once you figure out the specs it goes smooth.
I hope the post was useful. Will post more as time permits. As usual comments/questions are greatly welcomed.

Monday, April 27, 2009

PDN GW selection function

Source : 3GPP TS 29.401 Clause: 4.3.8

The inspiration to the post is one of the comments raised by my blog reader. What does this PDN GW selection function mean? How is PDN allocated to the user? Can a UE have multiple PDN connections? Lets take each one step by step.


UE creates attach request and sends it to eNB. eNB forwards the request to MME. During Initial attach a UE "may send" APN in attach request. If UE sends attach request without an APN then MME will contact HSS which returns a default APN. If UE sends attach request with APN then HSS will return the corresponding PDN GW identity which may contain PDN GW IP address or PDN GW FQDN. If the case is where UE already has a PDN connection ,then UE "must" send the APN in attach request. Once the PDN GW is identified then S-GW forwards the attach request to that PDN GW.

So if UE is running two applications app1 and app2 and if app2 wants to use new pdn connection, then it sends out attach request by placing the new APN address. Basic idea is a APN is bound to PDN.

Alternatively a UE may ask for dedicated bearer establishment to the PDN GW. Then app1 can run on one bearer and app2 can run other bearer, but both are pointing to the same PDN. Note that network initiated dedicated bearer can only initiated by PDN GW to which UE has attached to.

Comments/Questions are greatly welcomed.

Mobile blogs and future: From Open Gardens

Iam a follower of Ajit Jaokar's blog Open Gardens. Few days back he posted an very interesting post on Mobile blogs and its social apects. I encourage you to go ahead and read it. This is the link. My fav line from the post is "You should never trust a specific blog.You should read blogs from a variety of sources and then make up your own mind"

Saturday, April 25, 2009

Session Initiation Protocol : My experience

Back in 2006 I was trying to design/code an application over SIP. Well I was trying to submit it to my college so that I could graduate. When I presented the abstract my professors went crazy. The whole college said are you nuts. What is SIP? Being an electronics student how could you work on computers were some questions floating around. In India, especially in electronics fields professors are very unhappy with students. More and more students are turning towards computers leaving the Microwave and Core electronic fields. So with limited knowledge of what is SIP i got through the abstract stage. Then I had to understand the protocol.

SIP was very new in India in 2006. There were few people working in SIP application development, atleast I was told so. I started my design and I wanted to have 3 tier architecture with oracle data base hooked in instead of flat file. I had very fancy ideas I should say. 3 months of time and very limited programming knowledge I turned to Java. I liked Java. It was pretty easy for me to code there. I used Java swings to create the interface, JSP to create webpage and JDBC:ODBC to connect to database. The design seemed good.

But there was huge problem. How do I get SIP stack? Jain SIP was at my rescue. Open source Java API's for SIP. Search for the same in internet, its pretty nice API. So I was equipped with everything. What should I implement was the question.

I had these in my mind : User Agents (SIP phones) and SIP Proxy server. But as I said I wanted to have a very fancy application I thought of doing more. So I thought of implementing Do not Disturb/Call forwarding/RTP. Note that till then my idea was just to write the SIP signaling but not to code the actual voice. But RTP gave me breather and I did voice later. Ok , all set so how does my SIP phone look like?


Isn't it beautiful! I customized the buttons dial panel. I am huge fan of Matrix and green over black for messages was direct lift from matrix. :) People now say UI looks like skype but I had no idea what skype was back then. I loved the project so much that I continued the same in my Masters. For my post graduation I implemented conferencing/IM/Draw board features. I ran everything once and it worked just perfect. It was triumph moment when I submitted project in my engineering and masters. Everyone were impressed. Cool. I passed out with flying colours.


The above screen shows two SIP phones communicating and SIP proxy routing the calls. I tired checking in the code in source forge but I had no idea how to do it. I left it there. As always, I am happy to share the code with you guys if interested.

Write to me or comment here if you would like to know more.

Thursday, April 16, 2009

ALU take on LTE

Some time back I attended Alcatel Lucent sponsored webinar conducted by Light Reading on "LTE,Its business,not Technology". It was an interesting presentation and you can find the pdf version here. Since then I was wondering about ALU presence in LTE Market. Again in MWC, verizon announced ALU as a partner in deploying LTE network. Now recently at CTIA ALU presented its end to end LTE solution.

Note: I was present at none of the events, I read about them in various websites :)

I got very interested in ALU when they said they have an LTE end to end solution. The link has few videos too. What got me the most was LTE test drive. So my job demands testing LTE software and I need a device against which I can test our software. I was googling through and again ALU stuck me. ALU is coming up with new software and hardware blade for their 7750 Service router. Cool. I contact our management and ask them to proceed. What they say is dude, nothing is available right now. Its still under development. What they show cased is prototype at CTIA. So I guess we will have something from ALU in next few months. They said they have wide range of customers using 7750 service routers and provide EPC over it would be a great solution. Interesting.

I am personally cisco fan. I love my Cisco 7200 router. It works great as GGSN. So what is cisco doing in EPC. Unfortunately nobody is talking about it. What happened to cisco? Any ideas? Well I browsed a little found this. They are coming up with EPC too. Their solution is based on Cisco 7600 series routers, atleast initial phase. I am guessing they will bring out new blade for EPC along with new software. Even it is not readily available off the shelf . I am keeping my fingers crossed about these devices to be market ready.

I would like to know your take on this. What do you guys feel about the advances in this section? Comments are welcome.

Tuesday, April 14, 2009

UE initiated Bearer Resource Modification : a.k.a Dedicated Bearer

Source : 3GPP TS 23.401 : Clause : 5.4.5 and 3GPP TS 29.274 Clause : 7.2.5

Some time back I wrote about Dedicated Bearer establishment in LTE. i was still under confusion about how dedicated bearers are established and how different are they from secondary PDP context. I closed that post with an open question can MME initiate a dedicated bearer. After much reading and lot of questions which readers asked me, I understand the behavior of Dedicated bearers to certain extent now. In this post I want to concentrate on UE requested Dedicated bearers, just like secondary PDP contexts yet so different. In GTP v1 UE initiates the secondary PDP context with a new TFT, but in LTE UE starts with Bearer Resource Modification procedure. (3GPP TS 29.274 Clause : 7.2.5)

Bearer resource modification procedure can do more, but lets just consider that we are trying to get a dedicated bearer established.

The UE sends a Request Bearer Resource Modification (LBI, PTI, EPS Bearer Identity, QoS, TAD, Protocol Configuration Options) message to the MME.

TAD : Traffic Aggregate Description indicate add packet filters operation. EPS Bearer Identity may not be sent here. Linked Bearer Identity is sent to indicate to which PDN connection additional bearer resource is linked to. PTI is dynamically allocated by UE.

The MME sends the Request Bearer Resource Modification (IMSI, LBI, PTI, EPS Bearer Identity, QoS, TAD, Protocol Configuration Options) message to the selected Serving GW. The MME validates the request using the Linked Bearer Id

The Serving GW sends the Request Bearer Resource Modification (IMSI, LBI, PTI, EPS Bearer Identity, QoS, TAD, Protocol Configuration Options) message to the PDN GW

If requested is accepted then dedicated bearer establishment is invoked. The PTI allocated by the UE is used as a parameter in the invoked Dedicated Bearer Activation Procedure to correlate it to the UE Requested Bearer Resource Modification Procedure. This provides the UE with the necessary linkage to what EPS Bearer to be used for the new traffic flow aggregate. The PDN GW shall not modify the QoS parameters requested by the UE  

Now go back to the dedicated bearer establishment post.

This takes one more step towards understanding bearers better. As usual comments are welcome.

Friday, April 10, 2009

Concerns over LTE : Developer perspective


While we are breaking our heads to understand what is written in 3GPP specs and try to develop a solution, we hear that specs have changed. Argh! WIth LTE market pushing the limit and planning for more aggressive targets, LTE software developers are definitely under pressure.I was reading 29.274 from last december. There was one revision then. Now the latest revision has several changes which needs our implementation to be changed a bit. This is a big pain.

I would like to hear your perspective. If you are related to LTE in any way I would like to know how are you guys dealing with changing specs. How is the pressure from the market? How are testing the LTE software for conformance? Feel free to comment or write to me. santoshdornal@gmail.com.


3GPP Radius

Radius is the authentication and accounting server used in Rel 7. I have been reading a lot about it as my job demands to create a test plan and cases for testing a AAA server. I thought of blogging about it.

Ok, so authentication is important in mobile world. You need to know if the mobile subscriber is allowed to access packet core or not. So how this is done in Rel 7? Here it its.

3GPP Radius.jpg

This feature is explained in 3GPP TS 29.061. So mobile terminal sends out an PDP context activate request to SGSN. SGSN create a PDP context request and send it to GGSN. Now if you look at PDP context request there is and IE called PCO ( Protocol Configuration Options). SGSN creates the request with authentication details put in PCO field and forwards it to GGSN.

PCO contains : Type of authentication protocol, user name and password. (PAP/CHAP)

GGSN before granting the pdp responses creates a radius access request with user name and password in PDP request and sends it to AAA server. AAA server grants or rejects the access. Once AAA sever gives ok, GGSN creates PDP response and sends it to SGSN. GGSN may send Accounting start request to AAA server before sending the PDP response. This is nice, simple and easy way for authentication.

If you have a cisco 7200, a AAA server and SGSN, try creating a network for your selves. What I did in my lab was configured a Cisco 7200 as GGSN. Believe me its very simple. Our tool can act as SGSN. It can send out tens of thousands of PDP context requests. Then I pulled a Free radius server from internet. Wala! I have my network. I configured out tool acting as SGSN to send out PDP requests, Cisco 7200 process the PDP request and sends out radius requests to free radius. Free radius says ok and I have PDP response from router.

So this is how network operators create their network. Now going to Rel 8, I see that PCO is still present in GTP v2. But I am guessing authentication has to be much more stronger since its all IP. We can compare a Rel 8 network to WLAN network, just for understanding the authentication better. So in WLAN we have EAP authentication methods. Now Consider EAP TLS with certificate based security. A laptop in WLAN network has certificate to attach to a particular network. Access points in WLAN are configured to talk to AAA server for authentication. So lets consider that laptops as Mobile subscribers and Access point as the core network. AAA servers remain the same in both. Once a mobile node request access, it uses it certificate to get validated. Core network talks to AAA server to authenticate the mobile node. Just like the way it is done in WLAN. After that data may flow encrypted. I havent read much about this in Rel 8, but will post something in this security section soon.

Comments are welcome.

Saturday, April 4, 2009

Typealyzer ... Wow!!

OK! Some where I read about this website called www.typealyzer.com. This website tells your personality based on the blogs you write. Cool. So here is what Typealyzer has to say about me. :)

ISTP:-The Mechanics

The independent and problem-solving type. They are especially attuned to the demands of the moment are masters of responding to challenges that arise spontaneously. They generally prefer to think things out for themselves and often avoid inter-personal conflicts.

The Mechanics enjoy working together with other independent and highly skilled people and often like seek fun and action both in their work and personal life. They enjoy adventure and risk such as in driving race cars or working as policemen and firefighters.

Thanks to typealyzer for such a morale boost.