502 lines
15 KiB
TeX
502 lines
15 KiB
TeX
% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $
|
|
|
|
\documentclass{beamer}
|
|
|
|
\usepackage{url}
|
|
\makeatletter
|
|
\def\url@leostyle{%
|
|
\@ifundefined{selectfont}{\def\UrlFont{\sf}}{\def\UrlFont{\tiny\ttfamily}}}
|
|
\makeatother
|
|
%% Now actually use the newly defined style.
|
|
\urlstyle{leo}
|
|
|
|
|
|
% This file is a solution template for:
|
|
|
|
% - Talk at a conference/colloquium.
|
|
% - Talk length is about 20min.
|
|
% - Style is ornate.
|
|
|
|
|
|
|
|
% Copyright 2004 by Till Tantau <tantau@users.sourceforge.net>.
|
|
%
|
|
% In principle, this file can be redistributed and/or modified under
|
|
% the terms of the GNU Public License, version 2.
|
|
%
|
|
% However, this file is supposed to be a template to be modified
|
|
% for your own needs. For this reason, if you use this file as a
|
|
% template and not specifically distribute it as part of a another
|
|
% package/program, I grant the extra permission to freely copy and
|
|
% modify this file as you see fit and even to delete this copyright
|
|
% notice.
|
|
|
|
|
|
\mode<presentation>
|
|
{
|
|
\usetheme{Warsaw}
|
|
% or ...
|
|
|
|
\setbeamercovered{transparent}
|
|
% or whatever (possibly just delete it)
|
|
}
|
|
|
|
|
|
\usepackage[english]{babel}
|
|
% or whatever
|
|
|
|
\usepackage[latin1]{inputenc}
|
|
% or whatever
|
|
|
|
\usepackage{times}
|
|
\usepackage[T1]{fontenc}
|
|
% Or whatever. Note that the encoding and the font should match. If T1
|
|
% does not look nice, try deleting the line with the fontenc.
|
|
|
|
|
|
\title{Cellular Protocols for Mobile Internet}
|
|
|
|
\subtitle
|
|
{GPRS, EDGE, UMTS, HSPA demystified}
|
|
|
|
\author{Harald Welte <laforge@gnumonks.org>}
|
|
|
|
\institute
|
|
{gnumonks.org\\OpenBSC\\OsmocomBB\\hmw-consulting.de\\sysmocom GmbH}
|
|
% - Use the \inst command only if there are several affiliations.
|
|
% - Keep it simple, no one is interested in your street address.
|
|
|
|
\date[28c3] % (optional, should be abbreviation of conference name)
|
|
{28C3, December 2011, Berlin/Germany}
|
|
% - Either use conference name or its abbreviation.
|
|
% - Not really informative to the audience, more for people (including
|
|
% yourself) who are reading the slides online
|
|
|
|
\subject{Communications}
|
|
% This is only inserted into the PDF information catalog. Can be left
|
|
% out.
|
|
|
|
|
|
|
|
% If you have a file called "university-logo-filename.xxx", where xxx
|
|
% is a graphic format that can be processed by latex or pdflatex,
|
|
% resp., then you can add a logo as follows:
|
|
|
|
% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename}
|
|
% \logo{\pgfuseimage{university-logo}}
|
|
|
|
|
|
|
|
% Delete this, if you do not want the table of contents to pop up at
|
|
% the beginning of each subsection:
|
|
%\AtBeginSubsection[]
|
|
%{
|
|
% \begin{frame}<beamer>{Outline}
|
|
% \tableofcontents[currentsection,currentsubsection]
|
|
% \end{frame}
|
|
%}
|
|
|
|
|
|
% If you wish to uncover everything in a step-wise fashion, uncomment
|
|
% the following command:
|
|
|
|
%\beamerdefaultoverlayspecification{<+->}
|
|
|
|
|
|
\begin{document}
|
|
|
|
\begin{frame}
|
|
\titlepage
|
|
\end{frame}
|
|
|
|
\begin{frame}{Outline}
|
|
\tableofcontents[hideallsubsections]
|
|
% You might wish to add the option [pausesections]
|
|
\end{frame}
|
|
|
|
|
|
% Structuring a talk is a difficult task and the following structure
|
|
% may not be suitable. Here are some rules that apply for this
|
|
% solution:
|
|
|
|
% - Exactly two or three sections (other than the summary).
|
|
% - At *most* three subsections per section.
|
|
% - Talk about 30s to 2min per frame. So there should be between about
|
|
% 15 and 30 frames, all told.
|
|
|
|
% - A conference audience is likely to know very little of what you
|
|
% are going to talk about. So *simplify*!
|
|
% - In a 20min talk, getting the main ideas across is hard
|
|
% enough. Leave out details, even if it means being less precise than
|
|
% you think necessary.
|
|
% - If you omit details that are vital to the proof/implementation,
|
|
% just say so once. Everybody will be happy with that.
|
|
|
|
\begin{frame}{About the speaker}
|
|
\begin{itemize}
|
|
\item Using + playing with Linux since 1994
|
|
\item Kernel / bootloader / driver / firmware development since 1999
|
|
\item IT security expert, focus on network protocol security
|
|
\item Former core developer of Linux packet filter netfilter/iptables
|
|
\item Board-level Electrical Engineering
|
|
\item Always looking for interesting protocols (RFID, DECT, GSM)
|
|
\item OpenEXZ, OpenPCD, Openmoko, OpenBSC, OsmocomBB, OsmoSGSN
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\section{Evolution of cellular networks}
|
|
|
|
\subsection{GSM/GPRS/EDGE}
|
|
|
|
\begin{frame}{GSM / CSD}
|
|
\begin{itemize}
|
|
\item GSM is the first digital cellular system, developed in 1980ies, first deployment 1990
|
|
\item GSM is a pure circuit-switched technology, like POTS/ISDN in the land-line world
|
|
\item GSM offers CSD (circuit switched data) to provide similar service as analog modems in land-line telephone network
|
|
\item CSD offers data rates 2400 / 4800 / 9600 / 14400 bps
|
|
\item CSD still supported by a number of operators today
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GSM / HSCSD}
|
|
\begin{itemize}
|
|
\item HSCSD is High-Speed CSD
|
|
\item HSCSD bundles up to four GSM time-slots to achieve 38.4/57.6kbps data speeds
|
|
\item very expensive in terms of network load (1 data session occupies 4 to 8 times the bandwidth of a phone call)
|
|
\item was popular for a very short time only, dead by now
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GPRS}
|
|
\begin{itemize}
|
|
\item GPRS (General Packet Radio Servie) specified in 1990ies, first deployed 1999
|
|
\item A separate, independent network to GSM, using same modulation/channeling and time-slot structure
|
|
\item Introduces lots of GPRS-specific equipment (CCU, PCU, SGSN, GGSN) to the network
|
|
\item packet-switched, not circuit switched
|
|
\item net band-width for IP around 56 to 114 kbits/sec
|
|
\item available virtually anywhere on the world except Japan/Korea
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{EDGE}
|
|
\begin{itemize}
|
|
\item Enhanced Data-rates for GSM evolution, EGPRS and ECSD
|
|
\item Actually, most people mean only EGPRS when they say EDGE
|
|
\item uses same channel/bandwidth/TDMA as GPRS
|
|
\item physical layer uses 8PSK modulation instead of GMSK
|
|
\item no real changes to any higher protocol layers
|
|
\item most phones support EGPRS up to 236 kbits/sec
|
|
\item available virtually anywhere on the world except Japan/Korea
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{UMTS - 3G}
|
|
|
|
\begin{frame}{UMTS}
|
|
\begin{itemize}
|
|
\item UMTS (Universal Mobile Telephony System) developed in 1996-1999
|
|
\item First commercial deployments 2002
|
|
\item 384 kbits/sec downlink, 128 kbits/sec uplink
|
|
\item entirely new system, not an evolution/extensions of GSM/GPRS/EDGE
|
|
\item Wideband CDMA (WCDMA) used as modulation technique
|
|
\item Supports CS (ciruit switched) and PS (packet switched) services
|
|
\item fixed part of the network heavily uses ATM over SONET/SDH
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{HSDPA}
|
|
\begin{itemize}
|
|
\item introduces new transport channel: HS-DSCH (High Speed Downlink Shared Channel)
|
|
\item added in UMTS Release >= 5
|
|
\item uses new physical channels: HS-SCCH, HS-DPCCH, HS-PDSCH
|
|
\item adaptive modulation (QPSK, 16-QAM, 64-QAM)
|
|
\item 3.6 Mbits/sec downlink
|
|
\item Rel-5 also introduces 384 kbits/sec uplink
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{HSUPA}
|
|
\begin{itemize}
|
|
\item HSUPA (High Speed Uplink Packet Access) == EUL (Enhanced Uplink)
|
|
\item added in UMTS Releae >= 6
|
|
\item similar techniques as for HSUPA but uplink
|
|
\item new physical channels: E-AGCH, E-RGCH, E-DPCH, E-HICH, E-DPCCH, E-DPDCH
|
|
\item Hybrid-ARQ to improve performance of re-transmissions
|
|
\item common use up to 5.76 Mbits/sec
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{HSPA+}
|
|
\begin{itemize}
|
|
\item HSPA+ == ESPA (Evolved High Speed Packet Access)
|
|
\item added in UMTS Release >= 7
|
|
\item up to 84 Mbits/sec DL, up to 22Mbits/s UL
|
|
\item MIMO, QAM-64, combining two cells (dual-cell)
|
|
\item theoretical maximum at 186 Mbit/s
|
|
\item first deployments in 2008
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|
|
\section{GSM / GPRS / EDGE}
|
|
|
|
\subsection{Circuit Switched Data (CSD)}
|
|
|
|
\begin{frame}{Circuit Switched Data}
|
|
\begin{itemize}
|
|
\item Not covered here, only historic relevance...
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{GPRS Stacking and Layers}
|
|
|
|
\begin{frame}{GSM / GPRS Network Structure}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=95mm]{Gsm_structures.pdf}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GPRS Control Plane Stacking}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=115mm]{gprs_control_stack.pdf}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GPRS User Plane Stacking}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=115mm]{gprs_user_stack.pdf}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GPRS Lower Layers}
|
|
\begin{itemize}
|
|
\item MAC (Medium Access Control), TS 44.060
|
|
\item MAC layer immediately on top of PDTCH physical channel
|
|
\item RLC (Radio Lonk Control), also TS 44.060
|
|
\item RLC layer on top of MAC layer
|
|
\item resource allocation always controlled by network
|
|
\item message encoding specified in CSN.1 (Concrete Syntax Notation)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GPRS Gb Layers}
|
|
\begin{itemize}
|
|
\item NS (Network Service) layer, TS 08.16
|
|
\begin{itemize}
|
|
\item maintains (redundant) physical links on top of frame relay
|
|
\item fail-over and load-sharing over various links
|
|
\item NS originally used over FR (Frame Relay)
|
|
\item sometimes NS in FR in IP
|
|
\item later also NS-over-IP (NSIP) using UDP
|
|
\end{itemize}
|
|
\item BSSGP (Base Station Subsystem Gateway Protocol), TS 08.18
|
|
\begin{itemize}
|
|
\item BVCI (BSSGP Virtual Connection Identifier)
|
|
\item maintains one BVC for each BTS in a BSS
|
|
\item maintains one additional BVC for each BSS (paging)
|
|
\item implements flow control (BSS, MS, PFC)
|
|
\item very inefficient due to large headers for every msg
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GPRS LLC Layer}
|
|
\begin{itemize}
|
|
\item SNDCP (Sub-Network Dependent Convergence Protocol), TS 04.64
|
|
\item LLC (Logical Link Control) established between SGSN and MS
|
|
\item supports acknowledged and unacknowledged mode
|
|
\item one SAPI for signalling (GMM, SM)
|
|
\item additional SAPIs available for user traffic in SNDCP
|
|
\item GEA encryption happens on LLC layer
|
|
\item Checksumming
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GPRS SNDCP Layer}
|
|
\begin{itemize}
|
|
\item SNDCP (Sub-Network Dependent Convergence Protocol), TS 04.65
|
|
\item general-purpose encapsulation for user packte data
|
|
\item intiially intended for X.25 and OSI protocols, also IP
|
|
\item today only used with IP payload
|
|
\item IP header compression, v.42bis payload compression
|
|
\item multiple streams (NSAPI) can exist over a LLC SAPI
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{GPRS Mobility Management}
|
|
\begin{itemize}
|
|
\item GMM (GPRS Mobility Management) corresponds to GSM MM
|
|
\item signalling directly on top of LLC, no SNDCP is used
|
|
\begin{itemize}
|
|
\item Routeing Area Update
|
|
\item GPRS Attach/Detach
|
|
\item Authentication (same as GSM A3/A8)
|
|
\item P-TMSI reallocation
|
|
\item Identification Procedure
|
|
\item SMS delivery via GPRS
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Example GRPS MM Procedure}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=65mm]{gprs_ra_upd.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{GPRS Session Management}
|
|
\begin{itemize}
|
|
\item SM (Session Management) maintains tunnels to external
|
|
packet data networks
|
|
\item each session is called a PDP Context
|
|
\item multiple PDP contexts can be active at any point in time
|
|
\item Address of tunnel broker (GGSN) called APN (access point name)
|
|
\item SSGN uses (private) DNS zones for resolving GGSN IP based on APN
|
|
\item SGSN maintains state, but actual establishment is handled via GTP-C by the GGSN
|
|
\item each PDP context has its APN, QoS, IPv4/IPv6 address, etc.
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Example GRPS SM Procedure}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=85mm]{gprs_pdp_ctx_act.png}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\subsection{Core Network Protocols}
|
|
|
|
\begin{frame}{GTP Protocol between SGSN and GGSN}
|
|
\begin{itemize}
|
|
\item GTP (GPRS Tunnelling Protocol), TS 29.060
|
|
\item the only protocol specified over IP right from the beginning
|
|
\item GGSN can be an IP-only device, no SS7/SIGTRAN/E1/FR required
|
|
\item GTP-C for tunnel setup/teardown (SM procedures)
|
|
\item GTP-U for encapsulating actual user data
|
|
\item no authentication/encryption, intended to be used in private intra or inter-operator links only
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|
|
\section{UMTS / HSDPA / HSUPA}
|
|
|
|
\subsection{UMTS Protocol Overview}
|
|
|
|
\begin{frame}{UMTS PS Intro}
|
|
\begin{itemize}
|
|
\item Higher layers (GMM, SM) re-used from GPRS
|
|
\item SGSN and GGSN functional entities remain almost unchanged
|
|
\item Large differences in SGSN-RAN communication (RANAP instead of BSSGP/NS)
|
|
\item Anything below RANAP again quite different from GPRS
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{UMTS Network Architecture}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=90mm]{UMTS_Network_Architecture.pdf}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}{UMTS Control Plane Stacking}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=110mm]{umts_ps_control.pdf}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}{UMTS User Plane Stacking}
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=110mm]{umts_ps_user.pdf}
|
|
\end{figure}
|
|
\end{frame}
|
|
|
|
\begin{frame}{UMTS RLC/MAC Layer}
|
|
\begin{itemize}
|
|
\item MAC specified in TS 25.321
|
|
\item RLC specified in TS 25.322
|
|
\item not in any formal syntax (uncommon in UMTS!)
|
|
\item RLC level implements encryption, segmentation, retransmission
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{UMTS RRC Layer}
|
|
\begin{itemize}
|
|
\item RRC specified in TS 25.331
|
|
\item completely new protocol, unlike GSM/GRPS RR
|
|
\item formally specified in ASN.1, uses PER
|
|
\begin{itemize}
|
|
\item measurement control
|
|
\item ciphering control
|
|
\item paging
|
|
\item radio bearer management
|
|
\item SYS\_INFO broadcast
|
|
\item integrity check
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{UMTS PDCP Layer}
|
|
\begin{itemize}
|
|
\item PDCP specified in TS 25.323
|
|
\item corresponds to functionality of SNDCP in GPRS
|
|
\item handles user data payload and header compression
|
|
\item utilizes RFC 3095 (ROHC) and RFC 2507 (IP Hdr Comp)
|
|
\item between User IP and RLC
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\subsection{UMTS network internal protocols}
|
|
|
|
\begin{frame}{UMTS RANAP Layer}
|
|
\begin{itemize}
|
|
\item RANAP (Radio Access Network Application Part), TS 25.413
|
|
\item signalling between SGSN and RAN (RNC)
|
|
\item formally specified in ASN.1, uses PER encoding
|
|
\item never visible to the user, only in back-haul network
|
|
\item Vodafone UK / Alcatel-Lucent Femtocells use RANAP!
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{UMTS NBAP Layer}
|
|
\begin{itemize}
|
|
\item NBAP (NodeB Application Part), TS 25.443
|
|
\item signalling between RNC and NodeB inside RAN
|
|
\item formally specified in ASN.1
|
|
\item never visible to the user, only in back-haul network
|
|
\item is what you need to implment first to drive UMTS NodeBs from eBay ;)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{UMTS GTP Layer between SGSN and GGSN}
|
|
\begin{itemize}
|
|
\item exactly the same as for GPRS
|
|
\item some new/extended information elements for e.g. 3G QoS
|
|
\item GGSN doesn't need to change between 2G and 3G networks
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{HSPA+ related changes}
|
|
\begin{itemize}
|
|
\item SGSNs have become a bottleneck in modern data-driven cellular networks
|
|
\item SGSNs can be bought up to 40Gbps throughput, but most are smaller
|
|
\item think of 20,000 cells, each 3 sectors with 20Mbps+ each...
|
|
\item HSPA+ eNodeB contains small SGSN internally, user data directly passed to GGSN
|
|
\item this means segmentation, compression and encryption is no longer on a centralized node but done on the edge of the network
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Thanks}
|
|
Thanks for your attention. I hope we have time for Q\&A.
|
|
\end{frame}
|
|
|
|
|
|
\end{document}
|