BASIC PS CORE & PLANNING

1st Session : Basic PS Core (15th August,2020) 10.00 am – 01.00 pm

2nd Session : PS Core Planning (16th August,2020) 02.00 pm – 05.00 pm

Sinta Novanana
[email protected]
AGENDA
Topik yang akan dibahas :

1 PS Core in 3GPP Releases

2 PS Core Network Element

3 PS Core Interfaces

4 Evolved Packet Core

AGENDA
Topik yang akan dibahas :

5 Evolved Packet Core - Summary

6 Core Network Dimensioning

7 Case Study
EPS Connection Management ECM states

RRC
RRC idle
Connected

ECM
ECM idle
Connected
EPS Connection Management ECM states, cont.

The EPS Connection Management (ECM) states are as follows:

• UE and MME enter ECM-CONNECTED state when the signaling

connection is established between the UE and MME.

• UE and E-UTRAN enter RRC-CONNECTED state when the signaling

connection is established between the UE and E-UTRAN.
EPS Connection Management
EPS bearer architecture
EPS bearer architecture, cont.

The EPS bearers correspond to the PDP context in 2G/3G networks:

• Radio bearer

• S1 bearer

• S5/S8 bearer
S5 S8 bearer

• Located between the P-GW to S-GW.

• This is usually a GPRS Tunneling Protocol (GTP) or Mobile IP (MIP)

tunnel between the two network elements.
S1 bearer

• Located between eNB and S-GW.

• The S1 bearer is implemented using the 2G/3G GTP protocol which

builds a GTP tunnel between eNB and S-GW.

• The setup of this S1 bearer is managed by the MME. S-GW and eNB do
not directly exchange signaling to create it.
Radio bearer

• Located between UE and eNB.

• The eNB connects a radio bearer internally with the associated S1

bearer on S1-U interface.

• The mapping of radio bearers to physical resources on the air interface

is the major task of the eNB scheduler.
EPS bearer management

Default EPS Bearer

Dedicated EPS Bearer
Dedicated EPS Bearer

There are two types of EPS bearers:

• Default bearer - created when UE attaches to EPC and remains active as long as UE is
attached to EPC

• Dedicated bearer - Dedicated bearer is created for QoS differentiation purposes and is
controlled by EPC
EPS bearers establishment

EPS Bearer External Bearer

LTE EPS procedures
The main LTE/EPS procedures are listed as follows:

• Attach

• Tracking Area Update (TAU)

• PDN connectivity

• Dedicated Bearer Activation

• Handover
Attach 1

EMM_Deregistered

RRC_Connected

ECM_Connected
Attach 2

EMM_Registered
ECM_Connected
TAU procedure

EMM_Registered
RRC_Idle+ECM_idle

RRC_Connected

ECM_Connected
TAU

EMM_Registered
RRC_Connected+ECM_Connected
UE requested PDN connectivity
UE requested PDN disconnection
MME requested PDN disconnection
Network initiated dedicated bearer activation
UE initiated dedicated bearer activation
MME Initiated Dedicated Bearer Deactivation
PDN GW initiated dedicated bearer deactivation
Intra LTE EPS Network handover types

• Intra eNB handover

• Inter eNB handover with X2 interface (with or without Serving Gateway

relocation)

• Inter eNB handover without X2 Interface (S1-based handover)

LTE SAE handover principles

The LTE SAE handover principles are as follows:

• Lossless
Downlink Packets are forwarded from the source cell to the target cell.

• Network Controlled
Target cell is selected by the network, not by the UE.

Handover control in E-UTRAN (not in the packet core).

• UE-assisted
Measurements are collected by the UE and reported to the network.

• Late path switch

Once the handover is successful, the packet core is involved.
Handover procedure
User plane switching in handover
X2 based handover with SGW relocation

Handover
Preparation
Handover execution

Forwarding of data
--------------→
3G to EPS QoS Profile Structure

ARP

Max. bit rate

Guaranteedbitrate

ARP

Max. bit rate Aggregate max. bit rate

Guaranteedbitrate
QoS Class Identifier

The resource type of a default bearer is always non-GBR, while a dedicated

bearer can be either GBR or non-GBR.

• It is an integer number assigned to the bearer.

• It acts as a reference to control bearer level user plane packet forwarding

treatment (For example, scheduling weights, queue management thresholds
and so on).

• It can be translated into a DiffServ-tag used on S1-U and S5/S8 in the IP

header.

• For non-GBR bearer, QCI values 5-9 are used, whereas for GBR bearer, QCI
values 1-4 are used.

• QCI is enforced in eNB and S-GW/P-GW. It is also used in UE.

QCI Table in 3GPP

The operators create their own QoS class identifiers.

The QoS attributes associated with the QCI parameter are:
Priority: It is used to define the priority for the Packet Scheduler function in
the eNB.
Delay Budget: It helps the packet scheduler to ensure that users are
scheduled sufficiently often to guarantee the delay requirements of the
bearer.
Loss Rate: It is a tolerance primarily intended for setting the Radio Link
Control (RLC) protocol settings. For example, the number of RLC
retransmissions. The label most likely also include a priority parameter,
which the packet scheduler uses for differentiation.
The standardized characteristics are not signaled on any interface. They
should be understood as guidelines for the pre-configuration of node
specific parameters for each QCI.
Allocation and Retention Priority ARP
• It contains information about the priority level, the pre-emption capability (flag) and the pre-
emption vulnerability (flag).

• It decides whether a bearer establishment / modification request can be accepted or needs to

be rejected due to resource limitations.

• Once successfully established, a bearers ARP shall not have any impact on the bearer level
packet forwarding treatment.
For example, scheduling and rate control. Such packet forwarding treatment should be solely
determined by the other EPS bearer QoS parameters: QCI, GBR and MBR, and by the
Aggregate Maximum Bit Rate (AMBR) parameters.

• It is enforced in eNB and S-GW/P-GW.

• Video telephony is one use case where it may be beneficial to use EPS bearers with different
ARP values for the same UE.
In this use case, an operator could map voice to one bearer with a higher ARP and video to
another bearer with a lower ARP. In a congestion situation (for example, cell edge). The eNB
can then drop the video bearer without affecting the voice bearer. This would improve
service continuity.
Traffic Flow Template (UL DL TFT)

• A single UE has multiple EPS bearers. The system requires some kind
of packet filter to decide which IP datagram has to go to which EPS
bearer.

• The purpose of the TFT IE is to specify the TFT parameters and

operations for a EPS bearer context.

• These packet filters are formed by the uplink and downlink TFT.

• TFT consists of L3 and L4 data.

• A default bearer may or may not be associated with a TFT.

• Each dedicated EPS bearer has to have one UL and one DL TFT.
EPS bearer TFT
EPS bearer usage example
EPS bearer QoS attributes 4 GBR and MBR

The bit rate is expected to be provided by a GBR bearer.

It limits the bit rate that expected to be provided by a GBR bearer.
The excess traffic get discarded.
EPS bearer QoS Attributes 5 APN AMBR Non GBR bearer only

per APN Aggregate Maximum Bit Rate (APN-AMBR)

• The APN-AMBR is a subscription parameter stored per APN in the HSS.

• It limits the aggregate bit rate that is expected to be provided across all Non-GBR
bearers of the same APN.

• Excess traffic get discarded.

• Each of those Non-GBR bearers potentially utilize the entire APN-AMBR when the
other Non-GBR bearers do not carry any traffic.

• GBR bearers are outside the scope of APN-AMBR.

• The P-GW enforces the APN-AMBR in downlink. Enforcement of APN-AMBR in

uplink is done in the UE and additionally in the P-GW.

• Enforced in UE and S-GW/PGW.

EPS bearer QoS Attributes 6 UE AMBR Non GBR bearer only

per UE Aggregate Maximum Bit Rate (UE-AMBR)

• The UE-AMBR is limited by a subscription parameter stored in the HSS.

• It limits the aggregate bit rate that is expected to be provided across all Non-GBR bearers of
a UE.

• The MME set the UE-AMBR to the sum of the APN-AMBR of all active APNs up to the value
of the subscribed UE-AMBR.

• Excess traffic get discarded.

• Each of those Non-GBR bearers potentially utilize the entire UE-AMBR when the other Non-
GBR bearers do not carry any traffic.

• GBR bearers are outside the scope of UE-AMBR.

• The E-UTRAN enforces the UE-AMBR in uplink and downlink.

• Only enforced in eNB.

Example UE AMBR and APN AMBR

Example settings in HSS:

UE AMBR UL/DL: 5 Mbit/sec/10 Mbit/sec
APN1 AMBR UL/DL: 3 Mbit/sec/7 Mbit/sec
APN2 AMBR UL /DL: 4 Mbit/sec/5 Mbit/sec
In case APN1 is selected for the default bearer, and the mobile is
configured with the APN2 for the Second Default Bearer, the MME sends
as UE aggregate Maximum Bitrate on S1AP the values from the HSS (5
Mbit/sec/10 Mbit/sec).
UE AMBR (from HSS) < Sum of activate APN AMBR (APN1 AMBR
(Default Bearer) + APN2 AMBR (Second Default Bearer)
eNode B work with QoS parameters

The following example tells how does eNode B work with QoS parameters:
As example UE AMBR of 5 Mbit/sec in DL direction:
Default Bearer with QCI 8 with Scheduling weight 5
Dedicated Bearer with QCI 5 with Scheduling weight 40
According to the defined weight values, the dedicated bearer reaches DL
throughput of 4,44 Mbit/sec and the Default Bearer reaches DL throughput
of 0,56 Mbit/sec.
In NG, for QoS profile used for Service Bandwidth Management no QCI is
performed. The parameter maximum-bit-rate-dl limits its downlink
throughput.
For the assignment to the PCC-Rule, the qos-profile-name and the
internal policy-id are used.
Summary EPS Bearer QoS Attributes
LTE EPC Security architecture
LTE EPC security architecture

The MME supports the following security algorithms:

• NULL ciphering

• AES-CTR encryption

• SNOW 3G algorithm
C-plane Security Architecture
The C-plane security architecture comprises integrity protection and ciphering according
to the following:

• NAS signaling is protected above the eNB.

• NAS signaling is ciphered and integrity protected between the UE and MME.

• RRC signaling is always integrity protected by PDCP in the eNB and UE.

• RRC signaling is ciphered between the UE and eNB by PDCP.

• S1-AP signaling is ciphered and integrity protected between the eNB and MME by an
underlying transport network mechanism (IPSec).

• X2-AP signaling is protected as S1-AP signaling (IPSec).

Algorithms in EPS

The Algorithm in EPS are of two types:

• EPS Encryption Algorithms (EEA)

• EPS Integrity Algorithms (EIA)

EPS Encryption Algorithms (EEA)

• "0000" 128-EEA0 Null ciphering algorithm

• "0001" 128-EEA1 SNOW 3G

• "0010" 128-EEA2 AES

EPS Integrity Algorithms (EIA)

• "0001" 128-EIA1 SNOW 3G

• "0010" 128-EIA2 AES

Notes Algorithms in EPS
• EEA0 specifies the null ciphering algorithm, which implies that ciphering is not
activated, hence no confidentiality protection is offered.

• No EIA0 is specified, since integrity protection is mandatory for RRC (AS) and NAS
signaling messages, with exceptions specified in 36.331 [9] and 24.301 [6] for the AS
and NAS respectively.

• EEA1/EIA1 is based on SNOW3G and is identical to the UMTS Encryption Algorithm,

UEA2 introduced as part of 3GPP Release 7 for UMTS confidentiality protection.

• EEA2/EIA2 is based on the Advanced Encryption Standard (AES).

• AS and NAS EEA/EIA selected may not be the same. Selection of EIA and EEA are
independent. RRC and User Plane in AS uses the same EEA selected for ciphering.

• RRC signaling, user plane, and NAS signaling use different keys generated from the
base key (KASME) through the EPS AKA procedure.
Hierarchy of Security Keys
Hierarchy of security keys

The generation of keys is triggered by Authentication and Key Agreement

(AKA) procedures.
In LTE, the MME acts as the Access Security Management Entity (ASME).
This is the access network entity that receives top level keys from the HSS.
UMTS AKA is capable of agreeing two keys, CK and IK on the USIM and in
the AuC. For LTE, these keys never leave the HSS. They are used to
derive KASME, which is transferred from the HSS to the MME as part of
the Authentication Vector.
The keys used for UP, NAS and AS protection are dependent on the
algorithm at which they are used.
The keys used for UP, NAS and RRC (AS) protection are dependent on the
algorithm at which they are used.
Key Generation Procedure
NAS security
Integrity protection of NAS signaling messages:

• Integrity protected signaling is mandatory for the NAS messages, once a valid EPS security
context exists and has been taken into use.

• The use of "null integrity protection algorithm" EIA0 is only allowed for an unauthenticated
UE.

Ciphering of NAS signaling messages:

• When the UE establishes a new NAS signaling connection, it sends the initial NAS message
unciphered.

• The UE sends the ATTACH REQUEST message always unciphered.

• The UE sends the TRACKING AREA UPDATE REQUEST message always unciphered.
Authentication vectors

Authentication vectors are used in the network for the following purposes:

• Authentication Token (AUTN) includes a Message Authentication Code

(MAC). The MAC enables the UE to verify that the authentication
challenge and the PLMN are legitimate. AUTN also includes security
data that provides protection against replay attacks, such as a sequence
number.

• Expected Response (XRES) is used by the MME to authenticate the

UE.

• Root key (KASME) is used by the MME to derive NAS and AS security
keys.
Evolved Packet Core -Summary
Perkembangan Teknologi Core Network

Sinta Novanana
[email protected]
Core Network Dimensioning

Sinta Novanana
[email protected]
Case Study

Sinta Novanana
[email protected]
THANK YOU

Sinta Novanana
[email protected]
References

www.netmanias.com

https://www.nokia.com/networks/

https://www.ericsson.com/en

https://e.huawei.com/id/solutions/enterprise-networks

https://www.etsi.org/technologies/mobile

https://www.3gpp.org/

Digital cellular telecommunications system (Phase 2+);General Packet Radio Service (GPRS);
Service description;Stage 2 (GSM 03.60 version 6.3.2 Release 1997), etc