GSM NETWORKS

INTRODUCTION
MS AND SIM
SS7

-Varun Ranjit Singh

EVOLUTION OF GSM

GSM (Groupe Spe'ciale Mobile) began in 1982, a committee

under CEPT.
The task of GSM was to define a new standard for mobile comm
in the 900MHz range.
CEPT evolved into ETSI, but this didnt affect GSM
In 1991, the first GSM system was introduced, GSM was
changed to mean Global System for Mobile Communication.
Derivatives of GSM also started to appear the same year, Digital
Cellular System (1800 MHz) – DCS 1800.
In the US, DCS 1800 was adapted to the 1900MHz range and
was called the Personal Communication System, PCS 1900.
GSM has proved to be a major commercial success for system
manufacturers and network operators
Current Tecnologies not under GSM and are growing are CDMA,
DECT, PHS.
Factors for success of GSM

Libralization of the monoply of telecomm in europe during the

1990's and the resulting competition, which lead to lower prices
and more “market”.

The knowledge-base and professional approach of GSM,

together active support from the industry.

Lack of competition, US and Japan started defining mobile

communication standards after GSM had been well established.
System Architecture

GSM utilizes a Cellular structure, the basic ideas for that are:
Frequency reuse: Divide the available freq range, and assign a
part of the frequency spectrum. Reduce range of the Base
Station (BS) so that the same frequency can be reused.

Attenuation: Alternatives were discarded because attenuation

is ver high. Hence Ranges are limited to 5kms.

Diadvatages
Cost of Infrastructure.
Handover
Tracking – when Mobile Station (MS) is in motion
Processing due to Signaling overheads
GSM Subsystem
Public Land Mobile Network (PLMN) – consists of the whole GSM
subsystem.

Mobile Station (MS) – a PLMN contains as many MSs as possible.

Available in various styles and power classes

Subscriber Identity Module (SIM) – stores identity of Subscriber. The

SIM is a chip, and communicates directly with VLR and indirectly with
HLR

Base Tranciever Station (BTS) - large no. of BTSs take care of the
radio related tasks and provide connectivity using Air-interface between
n/w and MS.

Base Station Controller (BSC) – BTSs of an area are connected to the

BSC via an Abis-interface. BSC takes care of central functions and
control of the subsystem, BSS.
BSS comprises of BSC and connected BTSs.

Transcoding Rate and Adaptation Unit (TRAU) – data compression for

better bandwidth management. TRAU is part of the BSS
GSM Subsystem contd...

Mobile Service Switching Center (MSC) – large no. of BSCs are

connected to the MSC via Air Interface.helps in routing of
incoming and outgoing messages and assignmernt of user
channels under A interface

Home Location Register (HLR) – a repository that stores the data

of large no. subscribers, each PLM needs atleast one HLR

Visitor Location Register (VLR) – contains a part of subscribers

data, but only of sunscribers in the VLRs area

Equipment Identity Number (EIR) – a database which stores IMEI

numbers of stolen mobiles
SIM

SIMs are of two types – [no change in functionality except size]

ID-1 SIM (credit card size)
Plug-in SIM (1cm square)

Except for emergency calls the SIM needs to be used.

A mobile equipment only becomes a MS once the SIM is

inserted.

SIMs major task is to store data such as contacts etc

GSM identifies the subscriber by his SIM and not the equipment
hence, the SIM can be used in multiple equipments.
Mobile Station

All functionality known from the BTS TRX (tranciever) like GMSK
upto Channel coding are implemented in the MS.

MS specific functionality such as

DTMF
Economical battery usage

MS is not peer only to BS but communicates directly to

MSC via Mobility Management (MM).
VLR via Call Control (CC).

Plus it has to provide transparent interface (TAF, Terminal

adaptation function) for data and fax connections.

5 power classes were defined for GSM 900, 20W is now

outdated, 8W is now the most powerful rating.
Mandatory features of a MS

DTMF capability

SMS capability

Ciphering Algorithms such as A5/1 and A5/2 (what are they used
for?)

Display capability of SMS, dialled no.s and available PLMN

Support emergency calls without SIM

Burned on IMEI
Signaling

Signaling is the language of telecommunication that machines

and computers use to communicate with each other.

Signaling is required between various elements of the GSM

network

PCM (Pulse Code Modulation), is used for signaling data and

payload.
A 2Mbps PCM link can be effeciently used by using TDMA with
32 channels with each capable of carrying 64kbps.

Sinaling System Number 7 or SS7 is used in GSM networks

SS7
SS7 provides in OSI layers 1 to 3 for signaling traffic on all NSS
interface and A-interface.

User parts of SS7:

SCCP (Signaling Connection Control Part)
TCAP (Transaction Control Application Part) /MAP (Mobile
Application Part).

SS7 Network consists of

Directly connected Signaling Points (SPs).
SPs that are connected through Signaling Transfer Points (STPs).
A combination of SPs and STPs.

An SP is a network node that has user parts (e.g SCCP) that allows
processing of messages addressed to it. (MSC, BSC, PSTN fall in this
category)

Functionality of STP is typically related to that of the SP, but with

additional capability of being able to relay SS7 messages
Message Transfer Part (MTP)

SS7 without its user parts is OSI Layer 1 to 3. Those 3 layers are
represented by MTP. Parts of SCCP are also part of Layer 3.

MTP performs:
Provides all functionality to provide for a reliable transport of
signaling data to various user parts.
Takes necessary measures to ensure that the connection is
maintained and prevent loss of data.

MTP can be partitioned into 3 layers where

MTP1 is responsible for transmission of single bits.
MTP2 defines the basic frame structure for all message types.

FLAG Ack Length Information field (op) FCS* FLAG

Message Types

Definition of SS7 message types is another functionality of MTP2

In Layer 2, 3 different types are defined

FISU, Fill-in Signal Unit. Length = 0
LSSU, Link Status Signal Unit. Length = 1 or 2
MSU, Message Signal Unit. Length > 2
Length is the length of the optional data field.
FISU

Its used to supervise the link status when no traffic is available

Both sides poll each other in this idle state. FSN, BSN, FIB and
BIB dont change their value during polling.

FSN: Forward Sequence Number.

BSN: Backward Sequence Number.
FIB: Forward Indicator Bit
BIB: backward Indicator Bit.

FISU can also be used to acknowledge reciept of an MSU

8 bit 7 1 7 1 6 (LI=0) 2* 16 8
FLAG BSN BIB FSN FIB LI FCS FLAG
LSSU
LSSU is used
only to take the link into and out of service and during error
situations.(e.g. Overload)

To exchange status information between two SPs or STPs.

Status can be 2 octet long but it occupies 1byte, of which only the
first 3 bits contain the actual status message. The recipeint of the
LSSU doesnt confirm its receipt

SIO: Out of alignment – start of link alignment

SIN: Normal alignment – conn. brought into service (8.2s)
SIE: Emergency alignment – A conn brought into service (500ms)
SIOS: Out of service – In case of error, the link is taken out of service
SIPO: when layer 2 detects an error in layer 2
SIB: Signal overload, Acks cant be sent, link failure follows
8 7 1 7 1 6 (LI =1or2) 3+5 (spare) 16 8

FLAG BSN BIB FSN FIB LI Status FCS FLAG

MSU

Used for any type of data transfer between 2 network nodes

Only SS7 message to carry traffic data, used by all user parts
(SCCP, ISUP, OMAP) as a platform particularly fo that task

The Information field consists of the

Service Information Octet (SIO), SIO is furture partitioned into
SubService Field (SSF) and Service Indicator (SI) with 4 bits
each. 2 MSBs of SSF are necessary to describe Network
Indicator (NI).
NI distinguishes b/w national and international messages
SI indicates to which user part the MSU (data in SIF)
belongs.

Signaling Information Field (SIF)

Unlike FISU and LSSU, MSU has to be ack'd to the peer entity
whenever an MSU is received
Addressing and Routing
MSUs arent necessarily exchanged b/w two adjacent SP/STP.

SS7 uses so called Point Codes (PCs) for routing and addressing
MSUs
PCs are Unique IDs within an SS7 network
Exactly one PC – Signaling Point Code (SPC) is assigned to
every SP and STP.

An MSU has a routing label that contains OPC (Originating PC)

and DPC (Destination PC)
The routing label is part of SIF. (Note: LSSU and FISU dont
have a routing label as they are exchanged only b/w adj
nodes)
14 14 4 = 32 bits (4bytes)
DPC OPC SLS
Commissioning of an SS7 Connection

Bringing layer 2 in service:

After layer1 is established, both sides send SIOS-LSSU.

Layer2 comes into service starts with sending SIO-LSSU. The

connection has to be established in both direction.

Test period, both sides examine link quality, starts with sending
LSSU-SIN / LSSU-SIE. Transmitted FISUs must not contain any
errors during this test period.

The difference between LSSU-SIE, LSSU-SIN is the surveillance

time.
Bringing Layer 3 into Service

After the test time is over and no errors were detected, layer 2 is
considered to be in service, Layer3 then initiates further tests

A Signaling Link Test Message (SLTM) is used for testing.

If Signaling Link Test Acknowledge is received by the sender from the

recipient then Layer3 is considered to be in Service .

FLOW diagram

SS7 (idle) -> LSSU–SIO (2 way) -> LSSU-SIOS ->LSSU-SIE/SIN ->

(tests) -> MSU/SLTM -> MSU/SLTA (in service).
Error Detection and Correction

Layer 2 is responsible for it. FSN, BSN, FCS.

All messages not acknowledged within a certain time frame are
retransmitted.
Retransmit when NACK received.

FSN and FIN form the send sequence no, FSN is

incremented when a MSU is sent. If a FISU or LSSU is sent
its not inc.
Similarly for BSN,BIN.

All Acks can be sent in one message by sending the

corresponding last received correct FSN/BSN
In case of transmission error invert FIN/BIN.
SS7 Network Management and Test

Major task in the operation of a big network is its management or

administration.
SS7 has dedicated user parts in layer3 that automatically detect error
situations and able to correct them autonomously.

Errors can be classified in 3 classes

Overload on single SS7 line
Outage/bringing into service an SP/STP
Outage/bringing into service a link between SP/STP.

To differentiate between NM and NT, SI sends 00 and 01 respectively.

Error Cases

Overload Situation:
the affected STP informs its neighbors about the limited availability. The info
is sent in TFC/TFR messages.
Alternate routes are used by neighbors. The changeover procedure (COO
message) is used for rerouting
Once the link is up again it informs its neighbors using TFA link.
The change back sequence is executed (CBD messages)

Outage/Bringing SP/STP into service

All neighbors are informed immediately.
TFP message is sent to all affected SPs, STPs