GPRS

GPRS 簡介

GPRS Logical Architecture

GPRS Architecture

GPRS Network Elements

SGSN and GGSN Functionalities

GPRS Data Transfer

GPRS Addressing

GPRS GPRS Multislot Capabilities

GPRS Core Network

GPRS Protocol Layer

Protocol Stack for Tunneling

GPRS Authentication

MS State Model

MS Attach

MS Dettach

Signal Flow

PDP Activation

PDP Context Activation - 1

PDP Context Activation - 2

PDP Context Activation - 3

PDP Context Activation - 4

Location Management

GPRS Mobility Management

Roaming

Roaming in GPRS

Using Access Point in Home PLMN

Roaming Arrangements between Operators

External Network Connections:

Transparent access to the Internet

Internet Access - Large Subscriber Base

IP Address Translation

Access to Intranets

Access to Intranets: VPN

GPRS Management Functions

GPRS OA&M Architecture

GPRS Core Network Management

MS Class

GPRS Charging

Security Consideration

Using Access Point in Home PLMN

Untitled Document
GPRS 簡介
Concept
 
packet switching
Connection Mode
GSM w/o GPRS end-to-end transmission
GSM with GPRS link-by-link transmission
Flexible Bit Rates
 
from < 100 bit/s to over 100 kbit/s.
Network Elements
Serving GPRS Support Nodes SGSN
Gateway GPRS Support Nodes GGSN
GPRS backbone
Point-to-multipoint Service Centre PTM SC
Additional Facilities
GPRS-specific mobility management:
the location of the MS is handled separately by the SGSN and by the MSC/VLR even if some cooperation exists
network management capable of handling the GPRS-specific elements
a new air interface for packet traffic
new security features for the GPRS backbone and a new ciphering algorithm
new MAP and GPRS-specific signalling
Nokia White Paper
Wed Mar 16 00:26:40 CST 2011

Untitled Document
GPRS Logical Architecture
Wed Mar 16 00:26:41 CST 2011 Untitled Document
GPRS Architecture

Wed Mar 16 00:26:41 CST 2011 Untitled Document
GPRS Network Elements
SGSN Serving GPRS Support Node
GGSN Gateway GPRS Support Node
NMS Network Management System
BG Border Gateway
CG Charging Gateway
FW Firewall
LIG Lawful Interception Gateway
Additional Facilities
GPRS-specific mobility management:
the location of the MS is handled separately by the SGSN and by the MSC/VLR even if some cooperation exists
network management capable of handling the GPRS-specific elements
a new air interface for packet traffic
new security features for the GPRS backbone and a new ciphering algorithm
new MAP and GPRS-specific signalling
Wed Mar 16 00:26:42 CST 2011 Untitled Document
SGSN and GGSN Functionalities
SGSN GGSN
  • Authentication
  • GTP tunneling to GGSN
  • Ciphering & compression
  • Mobility management
  • Interaction with HLR, MSC/VLR
  • Charging & statistics
  • NMS interfaces
  • GTP tunneling to SGSN
  • Interfaces to external IP networks
  • Charging & statistics
  • NMS interfaces
Wed Mar 16 00:26:43 CST 2011 Untitled Document
GPRS Data Transfer

Wed Mar 16 00:26:44 CST 2011 Untitled Document
GPRS Addressing

Core Network and the GPRSsubscribers use different IP address spaces
Core invisible to subscribers and vice versa
Core carries subscriber traffic in GPRS Tunnel
Wed Mar 16 00:26:45 CST 2011 Untitled Document
GPRS GPRS Multislot Capabilities
Wed Mar 16 00:26:45 CST 2011 Untitled Document
GPRS Core Network
   
Connect core elements together
SGSN GGSN Border Gateway
DNS NMS Charging Gateway
   
Private IP network which is isolated and invisible to external networks or GPRSsubscribers
   
Carries subscriber IPtraffic in GPRSspecific tunnels (GTP)
   
Carries GPRS specific signaling between GSNs
   
Carries charging data from GSNs to Charging Gateway
   
Carries GPRS core management information (SNMP, Web)
   
Interconnectd GPRS Core network comprise a large private network
Wed Mar 16 00:26:45 CST 2011 Untitled Document
GPRS Protocol Layer
Wed Mar 16 00:26:46 CST 2011 Untitled Document
Protocol Stack for Tunneling
Wed Mar 16 00:26:47 CST 2011 Untitled Document
GPRS Authentication
Wed Mar 16 00:26:47 CST 2011 Untitled Document
MS State Model
Wed Mar 16 00:26:48 CST 2011 Untitled Document
MS Attach
Wed Mar 16 00:26:48 CST 2011 Untitled Document
MS Dettach
Wed Mar 16 00:26:49 CST 2011 Untitled Document
Signal Flow
Wed Mar 16 00:26:49 CST 2011 Untitled Document
PDP Activation
 
Subscriber data transfer is possible only when the PDP Context is activated
   
MS, SGSN, GGSN
 
PDP Context is activated per PDP address
 
PDP context contains mapping and routing information in MS, SGSN & GGSN
   
Enables data transfer between MS and GGSN
 
PDP Context Activation initiated by the MS
   
Request from application/TE via PPP protocol or AT command
   
GPRS Attach procedure may be performed if not yet GPRS attached
PDP Packet Data Protocol (e.g. IP)
MS Mobile Station
TE Terminal Equipment
PPP Point-to-Point Protocol
Wed Mar 16 00:26:50 CST 2011 Untitled Document
PDP Context Activation - 1
 
(1) MS sends "Activate PDP Context Request" to SGSN
   
Access Point Name
   
PDP Type (IP)
   
PDP Address (empty == dynamic)
   
QoS & other options
 
(2) SGSN checks against HLR
   
Access Point Name
   
Dynamic / static IP address
Wed Mar 16 00:26:51 CST 2011 Untitled Document
PDP Context Activation - 2
Finding the GGSN
 
(1) SGSN gets the GGSN IP address from DNS
   
APN maps to the GGSN IP address
 
(2) SGSN sends "Create PDP Context Request" to GGSN
   
PDP Type (IP)
   
PDP Address (if empty=> dynamic address)
   
Access Point Name
   
QoS & other options
Wed Mar 16 00:26:51 CST 2011 Untitled Document
PDP Context Activation - 3
Access Point Selection
 
Access Point Name refers to the external network the subscriber wants to use
   
Physical/logical interface in GGSN
 
Access Point configuration in GGSN defines where to connect the user
 
If dynamic address, can be allocated by GGSN or external RADIUS or DHCP server
DHCP Dynamic Host Configuration Protocol
RADIUS Remote Authentication Dial In User Service
Wed Mar 16 00:26:52 CST 2011 Untitled Document
PDP Context Activation - 4
Context Activated
 
User authenticated OK (non-transparent case)
 
User dynamic IP address allocated by
   
RADIUS server, or
   
DHCP server, or
   
GGSN internal pool
 
(1) GGSN sends "Create PDP Context Response" back to SGSN
 
(2) SGSN sends "Activate PDP Context Accept" to the MS
 
SGSN now ready to route user traffic between MS and GGSN
Wed Mar 16 00:26:52 CST 2011 Untitled Document
Location Management
Intra SGSN Routing Area Update
MS sends Routing Area Update Request to SGSN
The SGSN validates the MS's presence in the new RA.
If OK SGSN updates MM context for the MS
Routing Area Accept message returned to MS
Inter SGSN Routing Area Update
MS sends Routing Area Update Request to new SGSN
New SGSN sends context request to old SGSN
Old SGSN sends response and starts tunnelling data to new SGSN
The new SGSN sends "Update PDP Context Request" to GGSN
The new SGSN informs HLR of the SGSN change by sending "Update Location" to HLR
HLR sends "Cancel Location" to old SGSN
Wed Mar 16 00:26:53 CST 2011 Untitled Document
GPRS Mobility Management
Wed Mar 16 00:26:54 CST 2011 Untitled Document
Roaming
Roaming Between Two Interconnected Operators
Wed Mar 16 00:26:54 CST 2011 Untitled Document
Roaming in GPRS
 
While attached to the visited network the subscriber can use Access Point provided by
   
Home network, or
   
Visited network
 
HLR subscriber information includes flag if
   
User is allowed to use visited network Access Point
   
User can select home or visited Access Point, or
   
User needs to use the Access Points in home network
Access Point Name syntax:
Wed Mar 16 00:26:55 CST 2011 Untitled Document
Using Access Point in Home PLMN
1. Visiting user selects to use Home APN
2. MS sends "Activate PDP Context"
3. SGSN asks for GGSN IP address (using APN as the key) from Visited DNS
4. Visited DNS asks Root DNS "who knows the IP address for this name ?"
5. Root DNS replies the Home DNS address to Visited DNS
6. Visited DNS asks Home DNS for GGSN address
7. Home DNS replies the GGSN IP address
8. Visited DNS replies SGSN
9. SGSN creates PDP Context with Home GGSN
 
APN: my.isp.com.myoperator.fi.gprs
Wed Mar 16 00:26:56 CST 2011 Untitled Document
Roaming Arrangements between Operators
Routing between operator's networks
 
Border Gateways (routers)
 
Border Gateway Protocol (BGP-4)
Domain Name System
 
Each backbone needs its own DNS
   
SGSN to find GGSN (Access Point Name) for Context Activation
   
SGSNs to find each other during RA Update
 
Root DNS required to manage name resolving between PLMNs
   
Who will establish and maintain root DNS ?
   
MoU ? Some operator ? Service Provider ?
Billing clearing between operators
 
Not defined by ETSI standards, operators need to agree mutually
Wed Mar 16 00:26:56 CST 2011 Untitled Document
External Network Connections:
Basic Access types
 
Transparent access to the Internet
   
GGSN has no active role in user authentication
   
Subscriber IP address static or allocated by GGSN from operator's address space
   
Operator acting as ISP providing Internet access and possibly own Value Added Services (email, web etc)
 
Non-Transparent access to Intranets, ISPs
   
GGSN provides user authentication towards RADIUS server
   
Subscriber IP address allocated from intranet address space
   
This is a typical intranet access case
 
The same GGSN can provide both Transparent and Non-Transparent Access Points
Wed Mar 16 00:26:57 CST 2011 Untitled Document
Transparent access to the Internet
 
Subscriber IP address from operator addres space
 
Static (by subscription) or dynamic address
 
Operator acting as ISP
 
"Transparent access"
Wed Mar 16 00:26:58 CST 2011 Untitled Document
Internet Access - Large Subscriber Base
NAT Network Address Translation
Wed Mar 16 00:26:58 CST 2011 Untitled Document
IP Address Translation
 
Mapping several private, unregistered IP addresses used in GPRS mobiles to a single public IP address + port number.
10.1.1.1 123.45.40.1:61001
10.1.1.2 123.45.40.1:61002
10.1.1.3 123.45.40.1:61003
10.1.1.4 123.45.40.1:61004
10.1.1.5 123.45.40.1:61005
10.1.1.254 123.45.40.1:61254
Pros and Cons
+ Less public IP addresses needed
+ Security: private addresspace invisible to the Internet
- IP Multicast does not work
- IPsec does not work
Wed Mar 16 00:26:59 CST 2011 Untitled Document
Access to Intranets
Non-transparent Access
 
Subscriber IP address allocated from intranet address space
 
Address allocation from GGSN pool or intranet RADIUS server
 
The subscriber can be authenticated by the intranet RADIUS server
 
"Non-transparent access"
RADIUS One widely used protocol/method for dynamic IP address allocation and user authentication
Wed Mar 16 00:26:59 CST 2011 Untitled Document
Access to Intranets: VPN
 
For a small and remote corporation, instead of a dedicated link, a VPN between GGSN and the intranet may be the reasonable solution.
Wed Mar 16 00:27:00 CST 2011 Untitled Document
GPRS Management Functions
Wed Mar 16 00:27:01 CST 2011 Untitled Document
GPRS OA&M Architecture
Wed Mar 16 00:27:01 CST 2011 Untitled Document
GPRS Core Network Management
 
Performance management
 
Configuration management
 
Alarms
 
Security management
 
Real-time clock management
 
Software download
Wed Mar 16 00:27:02 CST 2011 Untitled Document
MS Class
Wed Mar 16 00:27:02 CST 2011 Untitled Document
GPRS Charging
 
Charging data is collected from SGSN and GGSN
 
Collected charging information:
Mobility management data
Duration of PDP context
Data volume uplink/downlink
Usage of external networks (= Access Point)
SGSN & GGSN address
   
Specific GTP' protocol used to carry CDRs from SGSN/GGSN to Charging Gateway
Wed Mar 16 00:27:03 CST 2011 Untitled Document
Security Consideration
Source of Attack
GPRS mobile users
External networks
Operator's personnel
Other mobile networks
Malfunctioning equipment
Damage Zone
Crash of network
Access to management, charging etc. information
Misconfigure the network
Denial of service. lower QoS
Information confidentiality
Integrity and authenticity
etc.
Security Mechanisms
Physical security against network element access
Host authentication
Ciphered links
Personnel security with authorization
Wed Mar 16 00:27:03 CST 2011 Untitled Document
Using Access Point in Home PLMN
Wed Mar 16 00:27:04 CST 2011