IEEE Standard 802.

16:
A Technical Overview of the Mobile
WiMAX Air Interface and Beyond

Eyal Verbin

Contents
1.

2.

Background on IEEE 802.16 and WiMAX

Salient Features of WiMAX

Physical Layer

3.

Overview of WiMAX

The Broadband Wireless Channel

OFDM Principles
Channel Coding
Hybrid-ARQ
OFDM Symbol Structure
Frame Structure
Fractional Frequency Reuse
Transmit Diversity and MIMO
Ranging
Power Control
Channel Quality Measurements

Medium Access Control Layer

Convergence Sublayer
MAC PDU Construction and Transmission
Bandwidth Request and Allocation
ARQ

4.

Quality of Service
Scheduling
Adaptive Modulation and Coding
Security
Network Entry Procedures
Power saving Modes
Mobility Management

WiMAX Network Architecture

Network Reference Model

Protocol Layering
IP Address Assignment
Authentication and Security Architecture
Quality of Service Architecture
Mobility Management
Paging

Background on IEEE 802.16 and WiMAX

Air interface is based on IEEE 802.16-2009

IEEE 802.16 was formed in 1998 to develop LOS point to multipoint for operation in the 10GHz
66GHz band
The original 802.16 standard was based on single carrier
Many of the MAC concepts were adopted from the cable modem DOCSIS
In December 2005 IEEE 802.16e-2005 was approved as a standard for mobile wireless system,
which forms the basis for Mobile WiMAX and adopts multi carrier technology

WiMAX forum used IEEE work to develop interoperable standard

For practical reasons a smaller set of design choices (profiles) were selected
System profile defines the subset of mandatory and optional PHY and MAC features
WiMAX forum also defines higher layers networking specifications

Salient Features of WiMAX (1)

OFDM based physical layer

High peak data rates

WiMAX supports a number of modulation and channel coding schemes and allows the scheme to be
changed on a per user and per frame basis

Link layer retransmission

FFT size may scale from 128 bit to 1024 bit FFT allowing channel bandwidths of 1.25MHz to
10MHz.

Adaptive modulation and coding

Typically, using 10MHz spectrum using TDD scheme with 3:1 DL/UL split, the peak PHY data rate is
about 25Mbps (DL) and 7Mbps (UL)

Scalable bandwidth

Enables good resistance to multipath and allows operation in NLOS conditions

Auto retransmission requests (ARQ) are supported on top of physical layer error correction schemes
to enable reliable data transmission

Orthogonal frequency division multiple access (OFDMA)

Different users can be allocated with different subsets of the OFDM tones

Salient Features of WiMAX (2)

Flexible and dynamic per user resource allocation

Advance antenna techniques

Strong encryption using Advance Encryption Standard (AES) and flexible authentication architecture
based on Extensible Authentication Protocol (EAP)

Support for mobility

Connection oriented architecture to support variety of applications, each with its own characteristics.

Robust security

Beamforming, space time coding and spatial multiplexing may be used to improve system capacity
and spectral efficiency

Quality of service support

DL and UL resources and transmission schemes are controlled by the scheduler in the base station.

Secure seamless handover for full mobility applications and various power saving mechanisms

IP based architecture

Network architecture is based on an all IP platform. All end to end services are delivered over an IP
architecture

Part I
WiMAX Physical Layer

The Broadband Wireless Channel (1)

The main challenge of broadband wireless system is the multipath

propagation

Fast Fading: different reflection arrive at the receiver with different phases. The
combined effect can be constructive or destructive, which causes very large
observed difference in amplitude of the receive signal
Different symbols arrive at different time to the receiver, resulting in Inter Symbol
Interference (ISI)

Different approached for mitigation of fading:

Spread spectrum and rake receivers

Equalization
Multicarrier transmission

The Broadband Wireless Channel (2)

OFDM Principles (1)

Multicarrier transmission

OFDM is a spectrally efficient version of multicarrier scheme

Subcarriers are orthogonal, so that guard bands between subcarriers is not required
Created using inverse discrete Fourier transform (IDFT)

To completely eliminate ISI, guard intervals are inserted between consecutive

OFDM symbols

Dividing high bit rate data stream into several parallel lower bit rate streams (subcarriers)
Minimize intersymbol interference (ISI) by making the symbol time substantial larger
than the channel delay spread

The duration of the guard interval is a tradeoff between the delay spread that can be
handled and the power loss associated with it.

Size of FFT is chosen as a balance between protection against multipath, Doppler

shift and design complexity.

OFDM Principles (2)

Advantages

Robustness to channel delay spread

Reduced computational complexity
Exploitation of frequency diversity

Provides a flexible multiple access scheme

Coding and interleaving the information across the subcarriers

Resources are allocated in a frequency-time grid

Robustness against narrowband interference

Suitable for coherent demodulation using pilot based channel estimation

Drawbacks

High peak to average ratio that causes non linearities and clipping distortion

Can be mitigated using digital pre-distortion techniques

Sensitivity to phase noise and frequency dispersion

Requires accurate frequency synchronization

Channel Coding

From MAC
Randomizer

Channel
Encoder

Interleaver

Symbol
Mapping

Subcarrier
Mapping
and Pilot
Insertion

IFFT

D/A

Subcarrier
Mapping
and Pilot
Insertion

IFFT

D/A

Antenna #0

Space
Time
Encoder
Antenna #1

Channel Coding
Randomizer
Improves FEC performance and synchronization capabilities

Channel Encoder
Convolution Code (CC)

Used for encoding of Frame Control Header (FCH)

Convolution Turbo Code (CTC)

Used for all transport and management connections

Repetition Code

Further increase signal margin over the modulation and FEC mechanisms
Applies only to QPSK modulation

Interleaver
Improves FEC performance by ensuring that adjacent coded bits are mapped onto non

adjacent subcarriers (frequency diversity) and that adjacent bits are alternately mapped
to less and more significant bits of modulation constellation
Symbol Mapping
QPSK
16QAM
64QAM (optional for UL)

Hybrid ARQ (1)

HARQ is an optional part of the PHY and can be enabled on a per connection basis.
HARQ renders performance improvements due to SNR gain and time diversity

achieved by combining previously erroneously decoded sub packets and

retransmitted sub packet.
Based on N Stop and Wait mechanism
Transmitter waits for ACK/NACK before transmitting again
Multiple HARQ processes (channels) may be activated per connection to increase the rate

Operates at the FEC block level and combines PHY and MAC (Hybrid)
The FEC encoder is responsible for generating HARQ sub packets.
The sub packets are combined by the receiver FEC decoder as part of the decoding process.

The receiver combines the newly received burst with the formerly received bursts to enhance decoding performance.

Based on 16 bit CRC, the receiver replies with an ACK if the sub packet decoding

succeeded and with a NACK if the decoding failed.

Hybrid ARQ (2)

ACK/NACK signaling
DL: Dedicated PHY layer ACK/NACK UL channel
Feedback is synchronized with the transmission, i.e. receiver provides feedback in a fixed delay

relative to the transmission (default is one frame)

UL: ARQ ACK message.
Feedback is implicitly indicated through the UL allocation
Feedback is unsynchronized, i.e. receiver may provide feedback any time following the HARQ
transmission

In order delivery
Due to the N Stop and Wait scheme, out of order delivery of HARQ packets is possible.
Since some applications are sensitive to the delivery order, e.g. TCP, there is an option to
guarantee in order delivery by using PDU SN subheaders.

Symbol Structure

Frequency Domain
Representation

Mobile WiMAX Profile includes

support of 512 and 1024 FFT,
depending on channel BW

512FFT: 3.5MHz, 5MHz

1024FFT: 7MHz, 8.75MHz, 10MHz

The guard interval used to prevent ISI

is a cyclic prefix. This structure is
needed to prevent Inter Carrier
Interference (ICI)

Time Domain Representation

OFDM Symbol Parameters

Primitive parameter definitions
BW: Nominal channel bandwidth
Nused : Number of used subcarriers
Ndata: Number of data subcarriers
n: Over sampling factor
CP: Cyclic prefix, i.e. Tg/Tu

(e.g. 10MHz)
(e.g. 840 for 10MHz)
(e.g. 720 for 10MHz)
(e.g. 28/25 for 10MHz)
(1/8)

Derived parameter definitions

NFFT : Smallest power of two greater than Nused (e.g. 1024 for 10MHz)
Sampling Frequency Fs = nBW:
Subcarrier spacing f=Fs/NFFT:

Useful symbol time Tu = 1/f:

CP time Tg = CPTu:
OFDMA symbol time Ts = Tg + Tu:

(e.g. 11.2 MHz for 10MHz)

(e.g. 10.9 KHz for 10MHz)
(e.g. 91.4 Sec 10MHz)
(e.g. 11.4 Sec for 10MHz)
(e.g. 102.9 Sec for 10MHz)

OFDM Spectral Efficiency

Data Rate

Spectral Efficiency

DL Example (10 MHz, 64QAM 5/6)

Spectral efficiency = 3.5 bit/sec/Hz

R Ndata bm cr / Ts
N databm cr n
R
Efficiency

BW (1 CP) N FFT

5
35Mbps 720 6 /102.9
6

OFDM Symbol Structure: Terminology

Slot: Smallest allocation unit in

the time-frequency domain.
Consists of a single subchannel
and of one to three OFDM
symbols. Contains 48 data
subcarriers

Data Region: A contiguous

allocation of slots in the timefrequency domain

Subchannel Group: A single set

of contiguous logical
subchannels. Each logical
subchannel is mapped to a set
of physical subcarriers

Segment: One or more

subchannel groups that are
controlled by a single instance
of BS MAC

Symbol Structure & Permutation

Permutation: The mapping of physical subcarriers to logical subchannels
Permutation Zone: A set of OFDM symbols over which the same permutation is used.

A frame may contain one or more permutation zones

Two categories of permutations:

Distributed Permutation: Draws subcarriers pseudo randomly to form subchannel.

Provides frequency diversity and inter cell interference averaging. Includes two
permutations:
Contiguous Permutation: Groups a block of contiguous subcarriers to form a
subchannel. Enables multi user diversity by choosing the subchannel with the best
frequency response.
In general, distributed permutation perform well in mobile applications, while

contiguous permutation are well suited for fixed or low mobility environments.

DL Partial Use of Subcarriers (PUSC) Symbol Structure

Used subcarriers are split into clusters of fourteen contiguous subcarriers.

Clusters are mapped to six major groups as a function of Cell ID and DL Permutation Base
parameters

Three segments are created from the groups

Logical subchannels are created from a permutation of cluster pairs such that each group is
made up of clusters that are distributed throughout the subcarriers space

Slot is one subchannel by two OFDM symbols. It contains 48 data subcarriers and eight pilot
subcarriers

DL PUSC Symbol Structure

Parameter

1024 FFT

512 FFT

Guard subcarriers

183

91

Data subcarriers

720

360

Pilot subcarriers

120

60

Subcarriers per cluster

14

14

Clusters

60

30

Data subcarriers per slot

48

48

Subchannels

30

15

DC subcarriers

UL PUSC Symbol Structure

Subcarriers are split into groups of four consecutive physical subcarriers over three

OFDM symbols. Each group is termed a tile

Six tiles generate a subchannel. Tiles are mapped to logical subchannels based on UL

Permutation Base parameter

Slot is one subchannel by three OFDM symbols. It is comprised of 48 data

subcarriers and 24 pilot subcarriers in 3 OFDM symbols

Pilot density is higher than DL since no preamble is available on the UL

OFDMA PHY: UL PUSC Symbol Structure

Parameter

1024 FFT

512 FFT

Guard subcarriers

183

103

Used subcarriers

840

408

Tiles

210

102

Subcarriers per tile

Data subcarriers per slot

48

48

Subchannels

35

17

Tiles per subchannels

DC subcarriers

Frame Structure (Time Division Duplex)

IEEE 802.16e PHY supports both FDD and TDD. Mobile WiMAX profiles currently

available for TDD only

Each frame is divided into DL and UL sub frames separated by Transmit To receive Gap
(TTG) and Receive to Transmit Gap (RTG)
Profiles define a finite set of possible DL/UL splits (UL varies between 25% and 45% of
the frame)
Frame duration: 5msec
Subframe may be divided into multiple zones on OFDM symbol boundaries. Each Zone
is characterized by a specific permutation mode and multiple antenna scheme

Preambles & Pilots

The first symbol in the DL transmission used for synchronization and channel

estimation.
Preamble subcarriers are boosted BPSK modulated with a specific PN code

To generate the preamble the PHY uses a series of 114 binary PN sequences. The

sequence to be used is determined by the segment number and the Cell ID. It is
mapped to every third subcarrier except the DC carrier.
Enables MS to obtain signal measurements and extract Cell ID for multiple co-

channel cells with a single reception of preamble

No preambles are available on the UL (except for AAS zone). Channel estimation on

the UL is derived from the pilots

DL Subframe (1)
Multiplexing: OFDMA
Preamble
Used for time and frequency

DL Burst #12

DL Burst #2
DL Burst #9
DL MAP
(Contd)

DL Burst #1
(UL MAP)
DL Burst #10

DL MAP

DL Burst #13
DL Burst #3

DL Burst #11

DL Burst #14

Preamble

synchronization, initial channel

estimation, noise and interference
estimation
Carries BS information (Cell ID and
segment)

DL Burst #8

FCH

Frequency

First symbol of the DL subframe

Time

Not Allocated

DL Burst #15

Frame Control Header (FCH)

DL Burst #16

Transmitted with QPSK and

repetition of four and occupies the first

four subchannels of the segment
Indicates used subchannel groups (PUSC zone)
FEC scheme for the MAPS

MAPS are transmitted at QPSK with

FEC and repetition as indicated by FCH

Indicates MAP length

Zone #1: PUSC 1/3 SISO

Zone #2: PUSC 1/3 MIMO

Zone #3: PUSC All MIMO

DL Subframe (2)
DL MAP and UL MAP are broadcast

messages carrying information elements (IE)

Symbol offset (start of burst in time domain)

Subchannel offset (start of burst in frequency domain)
Number of symbols (burst duration in time domain)
Number of subchannels (burst duration in frequency
domain)

Boosting (power boosting for the burst +6 dB to -

12 dB to provide DL power control)

DL Burst #12

DL Burst #2
DL Burst #9
DL MAP
(Contd)

DL Burst #1
(UL MAP)
DL Burst #10

DL MAP

DL Burst #13
DL Burst #3

DL Burst #11

DL Burst #14

Preamble

Standard DL IE includes:
Connection Identifier (CID)
Downlink Interval Usage Code (DIUC), which
defines the MCS and the FEC used for the
burst
Repetition coding indication
Burst boundaries

DL Burst #8

FCH

Frequency

IE defines the DL and UL bursts

The scope of the DL MAP is the current frame
The scope of the UL MAP is the next frame

Time

Not Allocated

DL Burst #15

DL Burst #16

Zone #1: PUSC 1/3 SISO

Zone #2: PUSC 1/3 MIMO

Zone #3: PUSC All MIMO

UL Subframe
Multiple Access: OFDMA
Time

No Preambles
Frequency

Standard UL IE includes:

3 Symbols

6 SC

Initial
Ranging/HO
Ranging

3 Symbols

Perio
dic
Rang
ing/
BWR

UL Burst #1

CQICH

Connection Identifier (CID)

6 SC

12 SC

ACK
UL Burst #2

Uplink Interval Usage Code

Duration (in OFDMA slots)

UL Burst #3

Repetition coding indication

Dedicated Control Zones

Not Allocated

UL Ranging

Not Allocated

Noise Burst

Dedicated UL ranging subchannel

Used for BW requests as well

Quality Information Channel

UL CQICH is allocated for the MS to feedback

channel state information

UL ACK Channel
Allocated to feedback DL HARQ acknowledgement

Zone #1
Segmented PUSC

Zone #2
Un-Segmented PUSC

10 SC

Fractional Frequency Reuse (1)

PUSC symbol structure enables division of the

subcarriers into three segments and allows a reuse 3
scheme with a single channel assignment

Reuse 1 scheme has higher capacity at the center

of the cell but is susceptible to interference at the
cell edge.
Reuse 3 scheme has lower capacity but provides a
more reliable link at the cell edge

F1

F2

F2

F1

F3

F3
F2

(1x3x3)

Reuse 3: Marked as (133) and requires 3

frequency assignment
Reuse 1: Marked as (113) and requires one
frequency assignment

Segmentation

C - number of BS in the reuse cluster

N - number of the channels (or channel group)
S - number of the sectors of each BS

F3

Examples of classical frequency reuse schemes:

F1

Frequency reuse is defined as (CNS):

F1
F1
F1

F1

F1

F1

F1

F1
F1

(1x1x3)

F1
{Seg. 0}
F1
{Seg. 0}
F1
{Seg. 2}

F1
{Seg. 2}

F1
{Seg. 1}

F1
{Seg. 0}
F1
{Seg. 2}

(1x3x3)

F1
{Seg. 1}

F1
{Seg. 1}

Fractional Frequency Reuse (2)

Fractional Frequency Reuse (FFR): By exploiting the frequency time grid structure
of the OFDM frame it is possible to combine Reuse 1 and Reuse 3
FFR can be implemented in both time and frequency domain
Time domain FFR
Subframe is divided into two zones
R3 zone in which a single segment is allocated and subcarriers are boosted
by 5dB
R1 zone in which all subcarriers are allocated
The zones boundary is static across the whole coverage area
Users are allocated dynamically to one of the zones based on their CINR reports

Frequency Reuse Parameters Selection

Cell ID

Each three sector BS is assigned with Cell ID (range: 0..31)

Should be unique among neighbors

Each sector in the BS is assigned with unique segment (range: 0..2)

The preamble index is calculated as 32*Segment + Cell ID

DL Permutation Base

Used to randomize pilot modulation and subcarrier permutation

If R1 is used, DL Permutation Base should be set to a unique value among neighbors (range: 0..31)

UL Permutation Base

Used to randomize pilot modulation and subcarrier permutation

If R1 is used, UL Permutation Base should be set to a unique value among neighbors (range: 0..127)

If R1 is not used

UL Permutation Base for neighbor BS with the same FA should be set with an offset of 35 (e.g. 0, 35,
70, 115)

UL Permutation Base the three sectors in the same BS should be set to the same value (to maintain
orthogonality)

Multiple Antenna Techniques

Open Loop MIMO (IO-MIMO)

Channel State Information (CSI) is not available at the

transmitter
Space Time Block Coding (STBC) Matrix A
Spatial Multiplexing Matrix B
Collaborative UL MIMO (CSM)

Closed Loop MIMO (IO-BF)

CSI is required at the transmitter, through feedback

channels or reciprocity in TDD

Beamforming techniques

Open Loop MIMO (1)

Diversity

Improves probability of the receiver to overcome

fades.
Diversity order (d) = NTx x NRx
BER is proportional to CINR-d
Maximum Receive Ratio Combining (MRC)

Multiple receive paths are combined coherently

Space Time Block Code (STBC or Matrix A)

A single data stream is replicated and

transmitted over two antennas
Redundant data is encoded using a
mathematical algorithms known as STBC.
Receiver may combine this with MRC to
increase diversity order

Open Loop MIMO (2)

Spatial Multiplexing

Used to increase system capacity by exploiting the

dispersive nature of the wireless channel

System capacity grows linearly with Min{NTx, NRx}

Spatial Multiplexing (MIMO Matrix B)

Multiple data streams are transmitted at the same time

and in the same frequency from different BS antennas
Mandates multiple receive antennas at the MS
Assuming channels are uncorrelated, receiver can
retrieve the data using decoding algorithm known as
VBLAST

Collaborative Spatial Multiplexing (CSM)

Multiple data streams are transmitted at the same time

and in the same frequency from different MS
Assuming channels are uncorrelated, BS can retrieve the
data using the same Matrix B technique

Closed Loop MIMO

Beamforming

Leverage arrays of transmit and receive antennas to control

the directionality and shape of the radiation pattern.
Channel information is communicated from the MS to the
BS using Uplink Sounding. Based on CSI, the BS utilizes
signal processing techniques to calculate weights to be
assigned to each transmitter controlling the phase and
relative amplitude of the signal
Can be used for interference cancellation.
Can be used for both coverage and capacity enhancements

Dynamic Selection of MIMO Mode

Adaptive Mode Selection

Dynamic adaptation algorithms are required to
optimize system performance and select the
appropriate mode based on DL SNR and
channel conditions

Ranging

Ranging is an UL PHY procedure that maintains

the quality of the radio link communication
between BS and MS.
BS estimates CINR, time of arrival and frequency
error of MS transmission and provides power,
timing and frequency adjustment commands
Initial and periodic ranging procedures are defined
Both regular transmission and contention
transmission can be used
Contention transmission is done in special UL
regions using ranging (CDMA code)
Codes are created using PRBS generator and are
BPSK modulated
Each MS randomly chooses one ranging code from
a bank of specified binary codes.

256 distinct codes are available and are divided by

configuration into four groups:

IR codes
PR codes
BR codes
HO codes

Since codes are orthogonal, BS can process multiple

codes transmitted simultaneously by different MS

Power Control (1)

Power control mechanisms are supported in the UL to maintain the quality of the
link. Basic requirements of the power control mechanism are:

Power control is designed to support fluctuations of 30dB/sec

BS accounts for the effect of various bust profiles on amplifier saturation while issuing
power control commands

MS reports maximum transmission power for each modulation

MS maintains the same transmitted power spectral density (PSD), regardless of the
number of assigned subchannels. Therefore, transmission power level is proportionally
decrease or increased with the subchannel assignment without specific power control
messages

The requirements calls for a complex link adaptation algorithm that makes a
joint decision regarding MCS, resource allocation and power adjustment
MS reports available power headroom periodically and on a per demand basis

Power Control (2)

Closed Loop Power Control

MS adjust its PSD based on BS commands only.

BS command may be explicit or implicit (by modifying the MCS)

Open Loop Power Control

MS adjust its PSD independently, based on changes in the DL signal level according
the following formula

P(dBm)= L+CN+NI 10log10(R)+Offset_SSperSS+Offset_BSperSS

L: Estimated propagation loss

C/N: Carrier to noise for the burst profile in the current transmission

NI: Estimated average power level of noise an interference

R: repetition rate

Offset SS per SS: Correction factor employed by the SS (set to zero for passive mode)

Offset BS per SS: Correction factor employed by the BS

Closed loop power control may be combined with open loop as an outer mechanism,
using the Offset BS per SS parameter

Channel Quality Measurements

MS provides BS with feedback on the quality of the DL signal. This feedback

drives the link adaptation algorithm. Reported metrics include:

Received Signal Level (RSSI)

Carrier to Interference and Noise Ratio (CINR)

Based on preamble for R3 and R1 frequency reuse schemes

Based on pilots in specific zone

Preferred MIMO mode

Feedback can be carried over the Channel Quality Indication Channel (CQICH) in a special UL region
or over MAC control message

Throughput Calculation Example

Calculate number of OFDM symbols in frame

1.

47 symbols for 10MHz channel

Determine DL/UL split based on profile

2.

26/21

Deduce one symbol from DL subframe for preamble

Deduce overhead

3.
4.

DL: 4 symbols for the MAPs

UL 3 symbols for ranging, HARQ feedback and CQICH zones

Calculate number of slots available for data

5.

DL: PUSC 30 x (20/2)=300

UL: PUSC 35 x (18/3)=210

Determine burst profile and MIMO mode

6.

DL: 64QAM 5/6 Matrix B

UL: 16QAM 1/2

Calculate bits per frame

7.

DL: 300 x 48 x 6 x (5/6) x 2=144,000

UL: 210 x 48 x 4 x (1/2)=20,160)

Calculate bits per second by dividing by frame duration

8.

DL: 28.8Mbps
UL: 4Mbps

Part II
Medium Access Control Layer

MAC Functions
Segment or concatenate service data units (SDU) received from higher layers

into the MAC protocol data unit (PDU)

Select the appropriate burst profile and power level to be used for

transmission (link adaptation)

Retransmission of MAC PDU (ARQ)
Provide QoS control and priority handling of MAC PDU associated with

different data and signaling bearers (Packet Scheduling)

Schedule MAC PDU over PHY resources (frame building)
Mobility management (handover)
Security and key management
Provide power saving modes (Idle/Sleep)

MAC: Protocol Layers

Network
Network Interface
Received SDUs
MAC-CS
Con #1

Con #2

Con #n

MAC-CPS
Fragmentation

BW Request
ARQ
Manager

Scheduler

Link
Maintenance

AMC

Security
Data Encryption

PHY and RF
ACK
Feedback

PHY module

UL ACK channel

DL burst

Link Quality
Feedback
(e.g. CINR)

Ranging channel

CQICH channel

Radio
Resource
Control

Convergence Sublayer (CS)

Convergence sublayer is an adaptation layer that masks the higher layer protocol

and its requirements from the MAC layer

Several convergence sublayers are supported

IPv4/IPv6 with and without ROHC

802.3 (Ethernet)

802.1/Q VLAN

IPv4/IPv6 over 802.3

IPv4/IPv6 over 802.1/Q VLAN

Upper Layer Entity (e.g. bridge, router)

Upper Layer Entity (e.g. bridge, router)

SDU

SAP

SAP
CID 1
CID 2

Classification

Reconstruction
(e.g. undo
text PHS)

text
CID n
{SDU, CID,...}

{SDU, CID,...}

SAP

SAP

802.16 MAC CPS

802.16 MAC CPS

Convergence Sublayer Functions

Classification

WiMAX MAC is connection oriented. Each unidirectional logical connection between MS and BS is
identified by a Connection Identifier (CID). Connection can carry user plane data and control plane
information
CS performs many-to-one mapping between higher layer applications and a specific connection.
Applications with different QoS requirements are mapped to different connections.
The mapping is performed on the basis of the header fields of the higher layer protocol, e.g. VLAN,
IP source address.
Classification may be performed at the BS or at the ASN-GW

Packet Header Suppression (PHS):

Repetitive portion of the packet header may be suppressed by the transmitter and restored by the
receiver
Improves efficiency of the network, especially for applications with small packet size (e.g. VoIP)
PHS rules at the transmitter and the receiver are synchronized during service flow initiation and
modification
PHS may be performed at the BS or at the ASN-GW
Robust Header Compression (ROHC) is an alternative to PHS, which is transparent to the MAC
operation. Defined by RFC 3095, ROHC compress the IP, UDP, RTP and TCP headers of IP packets
(can compress 60 bytes of overhead into 3 bytes)

MAC PDU Construction and Transmission

SDU arriving from higher layer are assembled to create MAC PDU.
Depending on the size of allocation, multiple SDU can be packed on a single

PDU, or a single SDU can be fragmented over multiple PDUs.

Multiple MAC PDUs intended for the same receiver can be concatenated onto a

single transmission burst

SDU 1

Fragment 1

Header

Fragment 1
PDU 1

SDU 2

ARQ Block

Fragment 2

Header

10

11

Fragment 1

Fragment 2
PDU 2

DL/UL Burst

Fragment 1

12

13

14

15

16

17

Fragment 2

Header

Fragment 2
PDU 3

ARQ
For application sensitive to packet error (TCP), ARQ can be used on top of

HARQ to eliminate residual error rate.

ARQ can be enabled on a per connection basis.
For ARQ-enabled connection, SDU is first partitioned into fixed length ARQ

blocks and a block sequence number (BSN) is assigned to each block.

The length of the ARQ blocks and the ARQ window size (number of blocks managed by the
transmitter and receiver at an given time) are set during connection establishment.

Once SDU is partitioned into ARQ blocks, the partition remains in effect until all the blocks have
been received and acknowledged by the receiver

ARQ enable connection are limited in throughput by Block Size x Window Size / ACK Latency

For ARQ enabled connection, fragmentation and packing subheader contains the

BSN of the first ARQ block following the subheader.

Receiver feedback (ACK) can be sent as a stand alone MAC PDU or piggybacked

on the payload of a regular MAC PDU

ARQ feedback can be selective or accumulative

MAC PDU Structure (1)

Each MAC PDU consists of a header which may followed by a payload and a
LSB

MSB

cyclic redundancy check (CRC)

Payload: SDUs & Subheaders
(Optional)
0-2038 bytes

Generic MAC
Header
6 bytes

CRC
(Optional)
4 bytes

Generic MAC Header (GMH) is used for carrying user plane data and MAC

EC: Encryption control

Type: Indicates subheaders included in the payload

CI: CRC indicator

EKS: Encryption key sequence

LEN: Length of MAC PDU in bytes

CID: Connection ID associated with the PDU

HCS: Header check sequence

Type (6)

EKS
(2)

Rsv (1)

Rsv (1)
CI (1)

HT: Header type (HT = 0 for GMH)

EC (1)

HT=0 (1)

control messages
LEN
MSB (3)

LEN LSB (8)

CID MSB (8)

CID LSB (8)

HCS (8)

MAC PDU Structure (2)

Signaling MAC header is defined used for the UL

(this header is not followed by payload)

Signaling header type I

BW request header (aggregate/incremental)

BW request and UL TX power report header

BW request and CINR report header

CQICH allocation request header

PHY channel report header (DIUC, TX power, TX power

headroom)

BW request and UL sleep control header

SN report header (ARQ)

Signaling header type II

Used for MS feedback report

14 feedback permutations are defined: CINR, TX power,

DIUC, AMC band indication bitmap, MIMO feedback, etc.

Bandwidth Request and Allocation

All decisions related to DL resource allocation to various MS are made by the BS on a

per CID basis. BS schedules MAC PDUs based on the connection QoS requirements.
The allocation is indicated in the DL MAP.
MS requests UL BW in bytes on a per connection basis by using either stand alone

BW requests or piggybacking BW requests on generic MAC PDU.

BW request can be incremental or aggregate

UL grants are done on a per MS basis and indicated in the UL MAP. MS UL scheduler

distribute the granted allocation among its various connections.

BS supports BW polling, whereby dedicated (unicast polling) or shared (multicast

polling) UL resources are provided to the MS to make BW requests.

Multicast polling is based on contention mechanism, in which MS sends a randomly selected code in a
dedicated UL region.

Contention is resolved using an exponential backoff window mechanism

Quality of Service
Each service flow is associated with QoS parameters: maximum traffic rate,

guaranteed traffic rate, maximum latency and Priority. MAC layer is responsible
to ensure QoS requirements subject to loading conditions.
Each service flow is mapped to a certain transport connection with its own QoS

parameters. Transport connections may be Unicast, Multicast or Broadcast

Two Management connections are established for each MS to reflect different

levels of QoS requirements

Basic management connection: Used to transfer short, time-critical MAC and radio control messages

Primary management connection: Used to transfer longer, more delay-tolerant messages such as
authentication and connection setup

QoS Architecture

Data Packet
(SDU)

Classification

Classification
IP Protocol
Source/Dest IP Address
ToS
Source/Dest MAC Address
VLAN

Scheduler

Service Flow Attributes

Maximum traffic rate
Minimum reserved traffic rate
Latency
Priority
Grant/polling interval

Scheduler
Select PDU based on SF
attributes and subject to
available resources

Service Flows: Three Phase Activation

Provisioned

SF defined in BS/MS

QoS parameters known to BS/MS. Usually defined by

higher layer entity

SFID assigned

Traffic disabled

Transient stage

QoS parameters are a subset of the provisioned set,

following BS admission control

Resources are allocated

CID assigned

Traffic disabled

Traffic enabled

Admitted

Active

Data Services & Scheduling Types

Five scheduling services used to collect BW requirements from MSs:
Unsolicited Grant Service (UGS)

Real time applications generating fixed rate data

Provides fixed size grants on periodic basis and does not need the MS to explicitly request BW.

Extended Real Time Polling Service (ertPS)

Real time applications with variable rate, guaranteed rate and latency, e.g. VoIP with silence
suppression
Similar to UGS, but allows dynamic adaptation of grant size based on MS feedback

Real Time Polling Service (rtPS)

Real time applications generating variable rate data

BS provides unicast polling opportunities for the MS to request BW

Non Real Time Polling Service (nrtPS)

Delay tolerant applications with guaranteed data rate

Similar to nrtPS, except that MS is allowed to use contention BW requests in addition to the polling

Best Effort (BE)

Applications with no rate or delay requirements

Based on contention based polling opportunities

Scheduling Algorithms

The scheduler prioritizes the backlogged SDUs in the DL and the pending BWR in the UL.
Prioritization is done on a per SF basis based on the various attributes associated with the
service flow.
Scheduler target: Maximize system capacity subject to service requirements of each flow.
Scheduling procedure is outside the scope of the WiMAX standard and has been left to the
equipment manufacturers to implement. It has a profound impact on the overall capacity and
performance of the system, thus it serves as a key differentiator among vendors.
Classical scheduling algorithm
Strict Priority (SP)
SFi = argmax(iPi)
Proportional Fairness (PF)
SFi = argmin(iri /Ri)
Adaptive PFS takes into account link condition (spectral efficiency) in order to maximize
system capacity

APFS metric
SFi = argmin((1+wi)ri /Ri)
The weight i is inversely proportional to the link quality
The parameter can be controlled by the operator in order to balance between absolute
fairness and maximization of capacity
Combination of different algorithms is possible, e.g. SP for the guaranteed rate and APFS for
the excess bandwidth

Adaptive PFS

8 SF with equal BW requirements and different channel conditions

Absolute fairness: each SF

receives equal BW

Lower system capacity

=0

Link quality awareness: SF

with better link quality are
preferred

Higher spectral efficiency

=100

Adaptive Modulation and Coding Algorithms

WiMAX supports dynamic adaptation of modulation and coding scheme as well as MIMO
mode on a per connection and per frame basis.

Link adaption algorithms aim to maximize spectral efficiency while maintaining link quality
metric (typically target packet error rate)

DL adaptation

Input:

DL CINR feedback from the MS based on DL preamble and/or DL pilots

Preferred MIMO mode based on channel conditions as perceived by the MS

HARQ error rate based on MS feedback received on the HARQ ACK UL channel

Output:

MCS

MIMO Mode (Matrix A/Matrix B)

Zone (e.g. R1 zone or R3 zone) in case FFR is used

DL Adaptation
Phase I (current) Algorithm

Select MCSA if MS reported CINR margin(fixed, global) > Threshold(MCSA) and no higher order MCS
meets this requirement

Select Matrix B if MS reported CINR margin(fixed, global) > Matrix B Threshold AND MS reported
Matrix B as its preferred MIMO mode. Otherwise, select Matrix A

Phase II Algorithm

Adds HARQ error rate feedback into consideration, by adjusting both the MCS and the margins in case
HARQ error rate goes outside a certain window

This approach makes the system much less sensitive to the configured CINR thresholds

Select MCSA if MS reported CINR margin(dynamic, per MS) > Threshold(MCSA) and no higher order
MCS meets this requirement

Select Matrix B if MS reported CINR margin(dynamic, per MS) > Matrix B Threshold AND MS
reported Matrix B as its preferred MIMO mode. Otherwise, select Matrix A

If HARQ error rate falls below a HARQ Error Low threshold, decrease margin and increase MCS by one
step (e.g. From 16QAM to 16QAM ) or based on CINR, whichever provides better spectral
efficiency

If HARQ error rate rises above HARQ Error High threshold, increase margin and decrease MCS by one
step or base on CINR, whichever provides better link budget

UL Adaptation (1)
Input:

UL CINR as measured by the BS PHY

MS transmission power headroom as reported by the MS

HARQ error rate as indicated by BS PHY

Output:

MCS

Power adjustment

Maximum number of subchannels that may be allocated

MIMO mode

UL Adaptation (2)
For each MS with each UL CINR measurement, for each supported MCS calculate

required power adjustment, expected power headroom and maximum possible

number of subchannels for the MS, where

The required power adjustment is based on the difference between measured CINR and the CINR
threshold of the specific MCS, including margins

The expected power headroom is the difference between MS reported maximum power per MCS and the
MS transmission power following the required adjustment

Expected power headroom is updated by the BS based on periodic power headroom reports from the
MS

Maximum number of subchannels per MCS is calculated as N = Floor(10^(Power Headroom/10)/24)

Two modes of operation are supported: The first selects a solution that maximize the

spectral efficiency (highest order possible MCS) and the second selects a solution
that maximizes the user throughput, i.e. the spectral efficiency multiplied by the
maximum number of subchannels:

In Spectral Efficiency Mode: From the list of MCS for which the calculated number of subchannels is not
less then the minimum configuration (typically 2) Select MCSi = argmaxi(bi)

In User Throughput Mode: Select MCSi = argmaxi(biNi)

UL Adaptation - Example
Assumptions:

CINR thresholds are 2, 5, 8 and 11 dB for QPSK , QPSK , 16QAM and 16QAM , respectively.

CINR margin 4dB

MS maximum TX power 25dBm and 23dBm for QPSK and 16QAM, respectively

MS current transmission power 3dBm per subcarrier (PSD)

MS measured UL CINR 8dB

Minimum subchannels per user: 1

Required power offset is -2dB, +1dB, +4dB and +7dB for QPSK , QPSK ,

16QAM and 16QAM , respectively

Expected power headroom following adjustment is 24dB, 21dB, 16dB and 13dB for
QPSK , QPSK , 16QAM and 16QAM , respectively
Maximum number of subchannels is 10, 5, 1 and 0 for QPSK , QPSK , 16QAM
and 16QAM , respectively
In spectral efficiency mode the selected MCS will be 16QAM with power
correction of +4dB and a single allocated subchannel
In user throughput mode the selected MCS will be QPSK with power correction of
-2dB and maximum of 10 allocated subchannels

Security
Security architecture of mobile WiMAX support the following requirements:

Privacy: Provide protection from eavesdropping as the user data traverse the network

Data integrity: Ensure the user data and control messages are protected from being modified
while in transit

Authentication: A mechanism to ensure that a given user/device is the one it claims to be.
Conversely, the user/device should be able to verify the authenticity of the network that it is
connecting to (mutual authentication)

Authorization: Mechanism to verify that a given user is authorized to receive a particular

service

Access control: Ensure that only authorized users are allowed to get access to the offered
services

Public Key Infrastructure (PKI)

On way to enable secure symmetric key encryption is to establish a shared secret

between transmitter and receiver.

Asymmetric key encryption is a solution to the key distribution problem.

Based on a public key and a private key that are generated simultaneously using the same algorithm,
RSA

Ciphertext that is encrypted with one key can be decrypted by the other key

Public key infrastructure can be used for variety of security applications:

Authentication (see example in next slide)

Shared secret key distribution

Message integrity

Digital certificates

PKI Mutual Authentication

User A

User B
Send (Random Number A, My Name) encrypted with public key of B
Send (Random Number A, Random Number B, Session Key) encrypted with public key of A
Send (Random Number B) encrypted with session key
Begin transferring data encrypted with session key

Authentication and Access Control

In general, access control system has three elements:

Supplicant: an entity that desired to get access

Authenticator: an entity that controls the access gate

Authentication server: an entity that decides whether the supplicant should be admitted

Extensible Authentication Protocol (EAP)

A simple encapsulation protocol that can run on any L2 protocol

Based on a set of negotiated messages that are exchanged between the supplicant and the
authentication server

EAP includes a number of EAP methods, which define the rules for authenticating a user and/or a
device and the set of credentials.

EAP Transport Layer Security (TLS) defines a certificate based strong mutual authentication.

In WiMAX, EAP runs from the MS to the BS over PKMv2 (Privacy Key Management) security
protocol. The BS relays the authentication protocol to the authenticator in the ASN-GW. From the
authenticator to the authentication server, EAP is carried over RADIUS or DIAMETER.

Encryption
Mobile WiMAX encryption is based on Advanced Encryption Standard (AES)

which is a symmetric key encryption system.

AES algorithm operates on a 128 bit block size of data. The encryption key size

in the case of WiMAX is 128 bits long.

The AES Traffic Encryption Key (TEK) is also AES encrypted using the Key

Encryption Key (KEK)

The KEK is a derivative of the Authorization Key (AK) which is a shared

secret between the MS and the BS.

Cipher based MAC (CMAC) is used as the mandatory mode for message

authentication
AES data encryption provides a built in data authentication capability
AES encryption adds 12 bytes of overhead.

Network Entry

Frequency Scanning

Authentication

DL & UL Synchronization

Registration

Initial Ranging

Service Provisioning

Negotiate Basic Capabilities

Network Entry: Frequency Scanning

MS scans frequency bands in search for the DL
preamble
Scanning is performed on a predefined list of
frequencies
MS selects best carrier frequency base on signal
strength or CINR
MS scans for all preamble indexes in the selected
carrier (114 indexes) and selects the best based on
RSSI or CINR

Frequency Scanning

Authentication

DL & UL Synchronization

Registration

Initial Ranging

Service Provisioning

Negotiate Basic Capabilities

Network Entry: Downlink and Uplink Acquisition

BS regularly broadcasts control messages:

Downlink Channel Descriptor (DCD)

Uplink Channel Descriptor (UCD)
DL-MAP
UL MAP

Frequency Scanning

Authentication

DL & UL Synchronization

Registration

Initial Ranging

Service Provisioning

Negotiate Basic Capabilities

MS acquires DL once valid DCD and DL-MAP are decoded

To make a valid DCD and DL-MAP BSID and NAI should match MS configuration and
DCD and DL MAP should indicate the same DCD change counter
To maintain DL SYNC MS should periodically receive DL-MAP and DCD

MS acquires UL once valid UCD and UL-MAP are decoded

To make a valid UCD and UL-MAP UCD and UL MAP should indicate the same UCD
change counter
To maintain UL SYNC MS should periodically receive UL-MAP and UCD

Network Entry: Ranging

Ranging is required to align BS and MS in terms of
power, frequency and timing
BS measure MS offsets from the UL transmission and
provides appropriate adjustments

Frequency Scanning

Authentication

DL & UL Synchronization

Registration

Initial Ranging

Service Provisioning

Negotiate Basic Capabilities

MS

CDM
( IR C A
ode)

(A
MS makes adjustments

-RSP
e)
RNG Continu
nt ,
e
m
t
djus
CDM
( IR C A
ode)

-RSP
RNG ess)
c
c
(Su
on I E
ocati
l
l
A
A
CDM
R
(MS NG-REQ
MAC
A ddr
ess)

-RSP
D)
RNG imary CI
r
P
d
ic an
(Bas

BS

BS measures arrival time and

signal power and determines
required adjustments

Network Entry: Negotiation of Basic Capabilities

Basic capabilities include supported modulations, FEC,
MIMO modes, HARQ, Privacy, etc.

MS

BS

SBC-R
EQ

-RSP
C
B
S

Frequency Scanning

Authentication

DL & UL Synchronization

Registration

Initial Ranging

Service Provisioning

Negotiate Basic Capabilities

Network Entry: Authentication

Based on PKMv2 which uses EAP as the underlying
authentication mechanism
MS

Authenticator
(ASN)

BS
SBC-REQ
SBC-RSP

Frequency Scanning

Authentication

DL & UL Synchronization

Registration

Initial Ranging

Service Provisioning

AAA Server

MS Status Update

EAP Request/Identity
Negotiate Basic Capabilities

EAP Response/Identity
(my ID, e.g. MS MAC address)
EAP Request/EAP TLS
(TLS Start)
EAP Response/EAP TLS
(TLS Client Hello)
EAP Request/EAP TLS
(TLS Server Hello, TLS Certificate)

EAP over RADIUS

EAP Response/EAP TLS

(TLS Certificate)
EAP Request/EAP TLS
(TLS Finished)
EAP Response/EAP TLS
EAP Success
MSK, PMK, AK
Established

MSK Established
MSK
PMK, AK
Established
AK Transferred to BS
SA-TEK Challenge
SA-TEK Request

SA-TEK Response
Key Request

Key Reply

Network Entry: Registration

Registration capabilities include management mode, IP
version supported, ARQ support, supported CS, etc.

Frequency Scanning

Authentication

DL & UL Synchronization

Registration

Initial Ranging

Service Provisioning

Negotiate Basic Capabilities

MS

BS

REG-R
EQ

-RSP
REG

Network Entry: Service Provisioning

Creation of service flows can be initiated by either the
MS or the BS

MS

BS

DSA

-REQ

DSA-R
SP

-A
DSA

CK

Frequency Scanning

Authentication

DL & UL Synchronization

Registration

Initial Ranging

Service Provisioning

Negotiate Basic Capabilities

Power Saving Modes

Power saving modes enable the MS to conserve its battery resources a critical

feature required for handheld devices.

Two power saving modes are defined:

Sleep Mode

Idle Mode

Sleep Mode

Sleep Mode is a state in which an MS conducts pre-negotiated periods of

absence from the Serving BS air interface. These periods are characterized
by the unavailability of the MS, as observed from the Serving BS, to DL or
UL traffic. Sleep Mode is intended to minimize MS power usage.

Power Saving class may be activated per connection basis. Activation of

certain Power Saving Class means starting sleep/listening windows
sequence associated with this class. There are three types of Power Saving
Classes, which differ by their parameter sets, procedures of
activation/deactivation and policies of MS availability for data
transmission.

Example: Sleep mode operation

Idle (Paging) Mode

Idle Mode is a mechanism that allows MS to become periodically available

for DL broadcast traffic messaging without registration at specific BS.

Idle Mode benefits MS by removing the active requirement for Handovers

and all normal operation requirements. By restricting MS activity to
scanning at discrete intervals, Idle Mode allows the MS to conserve power
and operational resources.

Idle Mode helps the network and BS to conserve resources by eliminating

the need to perform any link maintenance activity and handover related
procedures for MS in idle mode.

Idle Mode: Theory of Operation (1)

The BS are divided into logical groups called paging groups. A BS may
be a member of one or more paging groups.

MS in idle mode periodically monitors DL broadcast to determine the

paging group of its current location. When MS detects that it has moved
to a new paging group it performs location update, in which it informs
the network its new location.

In case of pending DL traffic, the network needs to page the MS only in

all BS belonging to the current paging group of the MS

Idle Mode: Theory of Operation (2)

On a periodic basis, the MS shall scan and synchronize on the DL for the
preferred BS in order to decode any BS broadcast paging message

A BS Broadcast Paging message is an MS notification message indicating

either the presence of DL traffic pending, through the BS or some network
entity, for the specified MS or to poll the MS and request a location update
without requiring a full network entry.

During idle mode MS can be in one of two states: paging-unavailable or

paging-listen interval.

Paging-unavailable: MS is not available for paging and can power down or scan for
neighbouring BS.
Paging-listen interval: MS listens to DCD and DL MAP of the serving BS to
determine when the broadcast paging message is scheduled
Paging broadcast message can indicate pending DL traffic and instruct the MS to
perform network re-entry, request MS to perform location update or indicate to the
MS to return to paging unavailable state.

Mobility Management
Handover: The migration of the MS from the air interface of one BS to the air

interface of another BS, while maintaining connection

Network topology advertisement: BS broadcasts information about the network

topology using the MOB_NBR-ADV message:

The message provides channel information for neighbouring base stations, which is
normally provided by each BS own DCD/UCD message. The BS obtains that information
over the backbone.

MS scanning of neighbour BS: A BS may allocate time intervals to MS for the

purpose of monitoring and measuring the radio conditions of neighbouring BS. The
time during which the MS scans for available BS will be referred to as a scanning
interval.
Handover may be MS initiated (typically in order to improve link quality) or BS

initiated (typically to perform load balancing)

Handover Process
Scanning and target cell selection
Based on certain triggers (e.g. CINR of target BS falls below 20dB, MS scans link quality of neighbouring BS

and select a suitable target BS.

Handover Initiation
MS initiated using MOB_MSHO-REQ
BS initiated using MOB_BSHO-REQ

Network re-entry with target BS

Target BS DL SYNC and acquisition of DL/UL channel parameters
Using information from NBR-ADV, this process can be shortened
Initial ranging or Handover ranging
MS RNG-REQ includes serving BS ID and target BS ID
If the Target BS had previously received HO notification from Serving BS over the backbone then Target BS

may place a non-contention based Initial Ranging opportunity

Negotiate Basic Capabilities, Authorization, etc.
Handover optimization: target BS may request MS data from backbone to accelerate network entry. This data
may be used by the target BS to skip certain NE steps.

Termination of context with previous BS

Handover Messaging - Example

MS

Serving BS

Target BS

ASN-GW

Operational

MOB_N

MOB_S

V
BR-AD

CN-REQ

MOB_S

CN-RSP

Scanning & Association

Association Coordination
RNG-REQ
RNG-RSP

MOB_M

SHO-RE
Q

MOB_B

SHO-RS

MOB_H

O-IND

Network re-entry

Operational

Obtain MS operational
parameters

Part IV
Network Architecture

General Design Principles of the Architecture

Functional decomposition: Required features are decomposed into functional

entities. The architecture shall specify open and well defined reference points
between the functional entities.
Deployment modularity and flexibility: The architecture shall support a broad
range of deployment options. It shall scale from the simple case of a single
operator with a single base station to a large scale deployment by multiple
operators with roaming agreements
Support of variety of usage models: Architecture shall support fixed, nomadic,
portable and mobile usage models. Both Ethernet and IP services shall be
supported.
Decoupling of access and connectivity services: The architecture shall allow
decoupling of the access network from the IP connectivity network and services
Support for a variety of business models: The architecture shall allow for logical
separation between the network access provider (NAP), the network service
provider (NSP) and the application service provider (ASP)
Extensive use of IETF protocols: Network layer procedures and protocols used
across the reference points shall be based on appropriate IETF RFCs.

Network Reference Model

Access Service Network (ASN) Functions

Access Service Network (ASN): Owned by the NAP and includes a complete set of

network functions needed to provide radio access to a WiMAX subscriber:

WiMAX L2 connectivity with the MS

Network discovery and selection of the WiMAX subscribers preferred NSP

AAA proxy: transfer of device and/or user credentials to selected NSP AAA and temporary
storage of user profiles.

Relay functionality for establishing IP connectivity between MS and CSN

Mobility related functions, such as handover, location management and paging within the
ASN, including support for mobile IP

ASN comprises network elements such as one or more Base Stations and one or more

ASN Gateways.
BS is defined as representing one sector with one frequency assignment implementing

the R1 interface. BS functions include scheduling, service flow management,

admission control, tunnelling toward the ASN-GW, DHCP proxy, authentication
relaying, user plane encryption
ASN-GW functions include ASN location management and paging, temporary

caching of subscriber profiles and keying material, authenticator, service flow

authorization and user plane routing

Connectivity Service Network (CSN) Functions

Connectivity Service Network (CSN): A set of network functions that provide IP

connectivity services to the WiMAX subscribers. CSN provides the following functions:

IP address allocation to the MS for user sessions

AAA proxy or server for user and/or device authentication, authorization and accounting

Policy and access control based on user subscription profiles

Subscriber billing and inter-operator settlement

Inter-CSN tunnelling for roaming

Inter-ASN mobility and mobile IP home agent functionality

Connectivity infrastructure for services such as Internet access, VPN and IP multimedia

CSN comprises network elements such as routers, AAA proxy/servers and subscribers

database.

Protocol Layering
Control plane is based on UDP/IP
Data plane is based on GRE tunnelling within the ASN and IP in IP tunnelling

between ASN and CSN

WiMAX architecture is designed to support both IP packets and Ethernet packets,

using IP-CS and ETH-CS, respectively.

Within the ASN packets can be either routed or bridged

Protocol Layer Architecture: IP-CS

Example presents a routed ASN. For bridged ASN, the shaded layers (GRE, IP)

would be replaced by Ethernet layer

Protocol Layer Architecture: Ethernet-CS

Example presents a routed ASN. For bridged ASN, the shaded layers (GRE, IP)

would not be needed

GRE Tunneling

Generic Routing Encapsulation (GRE) may be used as

tunnelling mechanism across R4 or R6.

Allows for tunnelling of IP packets, Ethernet frames

or WiMAX specific payload

DSCP in the Encapsulation IP Header specifies the

QoS Class. Note that it MAY differ from the DSCP in
the Encapsulated Payload.

Source and Destination IP Addresses specify the

tunnel end points.

The meaning of the GRE Key value is defined by the

node that allocates the Key value. GRE Key can
indicate one of the following: Specific connection, in
case classification is done by ASN-GW or Specific
MS, in case classification is done by BS

The Sequence Number may be used for

synchronization of Data Delivery during HO.

Network Discovery and Selection

In the general case, it is assumed that MS operates in an environment in which multiple

access networks are available and multiple service providers are offering services over
those networks. Mobile WiMAX specifies a process for network discovery and selection

NAP discovery

NSP discovery

MS discovers available NSPs associated with the discovered NAPs

based on information either broadcasted by the BS using System
Identity Information message (SII-ADV) or unicasted to the MS
(SBC-RSP). NSP ID is assigned by IEEE

NSP enumeration and selection

MS detects available NAPs in a wireless coverage area based on

information broadcasted by BS (Operator ID). Operator ID is
assigned by IEEE

MS selects preferred NSP based on dynamic information obtain

through the air interface and configuration information. Selection
may be automatic or manual.

ASN attachment

MS indicates its NSP selection by attaching to an ASN associated

with the selected NSP, and by providing its identity and home NSP
domain in the form of NAI
The ASN uses the realm portion of the NAI to determine the next
AAA hop to where the MSs AAA packets should be routed.

IP Address Assignment (1)

Network Architecture supports either Mobile IP or Simple IP
Mobile IP requires Home Agent
Simple IP reduces scope of network and does not support mobility
Mobile IP is used to provide CSN Anchored Mobility
CSN Anchored Mobility Management or Macro mobility is when the MS changes to a new
anchor Foreign Agent
Mobile IP allows an MS to communicate with other nodes after changing its point of
attachment to the network
For example, handover between BS on separate ASN-GW, or inter-technology handover
Mobile IP is achieved by allocating an MS both a Home Address (HoA) and a Care-of
Address (CoA)
Two forms of Mobile IP are defined; Proxy Mobile IP (PMIP) and Client Mobile IP (CMIP)

CMIP is required to enable Inter-technology handover

IP Address Assignment (2)

Dynamic Host Control Protocol (DHCP) is used as the primary mechanism to

allocate IP address to the MS

The network architecture provides flexibility in allocating IP addresses to MS

ASN-GW provides a DHCP Proxy Server

Home Agent can be configured with local pool of Mobile IP Addresses

Mobile IP only

ASN-GW can be configured with local pool of IP addresses

Mobile IP or Simple IP

Simple IP only

AAA Server can allocate IP addresses using IP Address Manager

Mobile IP or Simple IP

Simple IP

IP address is either assigned from local address pool, or retrieved as RADIUS attributes from
AAA Server

The ASN-GW DHCP proxy is used to transfer IP address information to MS

Authentication and Security Architecture

Designed to support all IEEE 802.16 security services using EAP based AAA

framework.
Supports both user and device authentication

Supported EAP methods: EAP-TLS and EAP-TTLS

In addition, AAA framework is used for service flow authorization, QoS policy

control and secure mobility management

AAA framework basic steps:

MS sends a request to the network access server (NAS) function in the

ASN
NAS forwards the request to the service provider AAA server (NAS acts as
an AAA client on behalf of the user)
AAA server evaluates the request and returns an appropriate response to
the NAS
NAS sets up a service and notifies the MS

ASN Security Architecture

Authenticator (ASN-GW or BS)

Communicates with the AAA server using RADIUS/DIAMETER

Authentication Relay (BS)

Functional entity that relays EAP packets to the authenticator via an authentication relay protocol

Key Distributor (ASN-GW or BS)

Functional entity that holds the keys (MSK and PMK) generated during the EAP exchange

The MSK is sent to the Key Distributor from the home AAA server, and the PMK is derived
locally from the MSK.

Derives AK and creates AKID for an <MS, BS> pair and distributes the AK and its context to the
Key Receiver in a BS via an AK Transfer protocol

Key Receiver (BS)

Holds the AK and responsible for generation of IEEE 802.16e specified keys from AK

Authentication Protocols

PKMv2 is used to perform over-the-air user/device authentication. PKMv2 transfers EAP over the
IEEE 802.16 air interface between MS and BS in ASN.

Depending on the Authenticator location in the ASN, a BS may forward EAP messages over
authentication relay protocol (e.g. over R6 reference point) to Authenticator.

The AAA client on the Authenticator encapsulates the EAP in AAA protocol packets and forwards
them via one or more AAA proxies to the AAA Server in the CSN of the home NSP

Authentication Procedure
Initial network entry and

negotiation
Exchange of EAP messages

MS

Authenticator
(ASN)

BS
Network Entry

Link Activation

Establishment of the shared

EAP Request/Id

master session key (MSK)

entity

EAP Response/
Identity

Generation of authentication

EAP over RADIUS

key (AK)
MSK and EMSK Establish

Transfer of authentication

key
Transfer of security

associations

PMK derivation from MSK

AK derivation from MSK

AK
SA-TEK Challenge

Generation and transfer of

SA-TEK Request

traffic encryption keys

(TEK)

SA-TEK Response

Service flow creation

AAA Server

Key Request

Key Reply

ement

MSK

Quality of Service Architecture

Architecture designed to support static and

dynamic service flow provisioning

Home Policy Function (PF)

Application Function (AF)

An entity that can initiate service flow creation on behalf of a

user, e.g. SIP proxy client

AAA server

Holds users QoS profile and associated policy rules

Option 1: The information is downloaded to the SFA during NE

as part of the authentication and authorization procedure

Option 2: AAA server can provision the PF with subscriber

related information and the PF shall determine how incoming
SF are handled

Service Flow Authorization (SFA)

Contains policy database of the home NSP and evaluates

service requests against these policies. Requests may come
from the SFA or from the AF

Evaluates SF request against user QoS profile (in case AAA

information was downloaded to SFA)

Service Flow Management (SFM)

Responsible for creation, admission, activation, modification

and deletion of SF

Service Flow Creation (Static)

Example assumes users

associated policies were
downloaded to the SFA
from the AAA

Based on Resource
Reservation
Request/Response

ASN Gateway: Mobility Function

HA

ASN anchored mobility anchored Foreign Agent

(FA) unchanged
No impact on IP level

Data Path function (DPF): responsible for setting up and

managing bearer paths needed for data packet transmission.

Handover function (HO): responsible for making HO decisions

and performing the signalling procedures related to HO

Context function: responsible for exchange of state information

among network elements impacted by HO

CSN anchored mobility anchored FA changed

Two types of Mobile IP implementations are defined

Client MIP based on mobile IP client at the MS

Proxy MIP ASN-GW implements the mobile IP client

on behalf of the MS. PMIP is transparent to the MS.

BS2

BS3

R8

R1

BS1

R1

Involves mobility across different IP subnets and therefore

requires IP layer mobility management

ASNGW2
R4

R1

ASNGW1

R6

R3

R3

R6

Handover may be MS initiated (typically for link

quality maintenance) or ASN initiated (typically for
load balancing)

R6

Handover Procedures
MS Initiated preparation phase

Handover Procedures
MS Initiated action phase
MS

Serving/
Target
ASN-GW

Serving BS

Anchor ASNGW

Target BSs

MOB_HO-IND
HO_cnf
HO_cnf
HO_Ack
HO_Ack

Context_Req
Context_Req
Context_Rpt
Context_Rpt

Path_Prereg_Req
Path_Prereg_Req
Path_Prereg_Rsp
Path_Prereg_Rsp
Path_Prereg_Ack
Path_Prereg_Ack

RNG-REQ
Path_Reg_Req
Path_Reg_Req
Path_Reg_Rsp
Path_Reg_Rsp
RNG-RSP

CMAC_Key_Count_Update
CMAC_Key_Count_Update
CMAC_Key_Count_Update_Ack
CMAC_Key_Count_Update_Ack

Path_Dereg_Req
Path_Dereg_Req
Path_Dereg_Rsp
Path_Dereg_Rsp
Path_Dereg_Ack
Path_Dereg_Ack

HO_Complete
HO_Complete

Authenticator

Paging and Idle Mode Operation

Paging is the method used to alert an idle MS about incoming message.
Paging architecture is based on three functional entities

Paging Controller (PC)

Administrates activities of idle mode MS

Typically located at the ASN-GW

Paging Agent (PA)

BS functional entity that handles interaction between PC and air interface related paging functionalities

One or more PA can form a Paging Group (PG), which is managed by the network operator. PA may
belong to more than one PG

Location Register (LR)

A database containing information on idle mode MS (e.g. PGID, paging cycle, paging offset, SF
information)

Contents
1.

2.

Background on IEEE 802.16 and WiMAX

Salient Features of WiMAX

Physical Layer

3.

Overview of WiMAX

The Broadband Wireless Channel

OFDM Principles
Channel Coding
Hybrid-ARQ
OFDM Symbol Structure
Frame Structure
Fractional Frequency Reuse
Transmit Diversity and MIMO
Ranging
Power Control
Channel Quality Measurements

Medium Access Control Layer

Convergence Sublayer
MAC PDU Construction and Transmission
Bandwidth Request and Allocation
ARQ

4.

Quality of Service
Scheduling
Adaptive Modulation and Coding
Security
Network Entry Procedures
Power saving Modes
Mobility Management

WiMAX Network Architecture

Network Reference Model

Protocol Layering
IP Address Assignment
Authentication and Security Architecture
Quality of Service Architecture
Mobility Management
Paging

Thank You