Crash course in Mobile technology from 1G to 5G

Showing posts with label Network Architecture. Show all posts
Showing posts with label Network Architecture. Show all posts

Sunday, 9 August 2015

Diameter Security is worse than SS7 Security?

Back in December last year, there was a flurry of news about SS7 security flaw that allowed hackers to snoop on an unsuspecting users calls and SMS. The blog readers will also be aware that SS7 is being replaced by the Diameter protocol. The main reason being to simplify roaming while at the same time being able to manage the signalling storm in the networks.

The bad news is that while is case of SS7, security issues are due to network implementation and configuration (above pic), the security issues in Diameter seem to be due to the protocol and architecture themselves (below pic)

Diameter is very important for LTE network architecture and will possibly continue in the future networks too. It is very important to identify all such issues and iron them before some hackers start exploiting the network vulnerabilities causing issues for everyone.

The presentation by Cédric Bonnet, Roaming Technical Domain Manager, Orange at Signalling Focus Day of LTE World Summit 2015 is embedded below:

From SS7 to Diameter Security from Zahid Ghadialy

Some important information from this post has been removed due to a valid complaint.

Sunday, 12 July 2015

S8HR: Standardization of New VoLTE Roaming Architecture

VoLTE is a very popular topic on this blog. A basic VoLTE document from Anritsu has over 40K views and my summary from last years LTE Voice summit has over 30K views. I assume this is not just due to the complexity of this feature.

When I attended the LTE Voice summit last year, of the many solutions being proposed for roaming, 'Roaming Architecture for Voice over LTE with Local Breakout (RAVEL)' was being touted as the preferred solution, even though many vendors had reservations.

Since then, GSMA has endorsed a new VoLTE roaming architecture, S8HR, as a candidate for VoLTE roaming. Unlike previous architectures, S8HR does not require the deployment of an IMS platform in VPLMN. This is advantageous because it shortens time-to-market and provides services universally without having to depend on the capability of VPLMN.

Telecom Italia has a nice quick summary, reproduced below:

S8HR simplicity, however, is not only its strength but also its weakness, as it is the source of some serious technical issues that will have to be solved. The analysis of these issues is on the Rel13 3GPP agenda for the next months, but may overflow to Rel14. Let’s see what these issues are, more in detail:

Regulatory requirements - S8HR roaming architecture needs to meet all the current regulatory requirements applicable to voice roaming, specifically:
  • Support of emergency calls - The issues in this context are several. For example, authenticated emergency calls rely on the existence if an IMS NNI between VPLMN and HPLMN (which S8HR does not provide); conversely, the unauthenticated emergency calls, although technically feasible in S8HR, are allowed only in some Countries subject to the local regulation of VPLMN. Also, for a non-UE-detectable IMS Emergency call, the P-CSCF in the HPLMN needs to be capable of deciding the subsequent action (e.g. translate the dialed number and progress the call or reject it with the indication to set up an emergency call instead), taking the VPLMN ID into account. A configuration of local emergency numbers per Mobile Country Code on P-CSCF may thus be needed.
  • ­Support of Lawful Interception (LI) & data retention for inbound roamers in VPLMN -  S8HR offers no solution to the case where interception is required in the VPLMN for inbound roamers. 3GPP is required to define a solution that fulfill such vital regulatory requirement, as done today in circuit switched networks. Of course VPLMN and HPLMN can agree in their bilateral roaming agreement to disable confidentiality protection to support inbound roamer LI but is this practice really viable from a regulatory point of view?
Voice call continuity – The issue is that when the inbound roamers lose the LTE coverage to enter into  a 2G/3G CS area, the Single Radio Voice Call Continuity (SRVCC) should be performed involving the HPLMN in a totally different way than current specification (i.e. without any IMS NNI being deployed).
Coexistence of LBO and S8HR roaming architectures will have to be studied since an operator may need to support both LBO and S8HR VoLTE roaming architecture options for roaming with different operators, on the basis of bilateral agreement and depending on the capability.
Other issues relate to the capability of the home based S-CSCF and TAS (Telephony Application Server) to be made aware about the VPLMN identity for charging purposes and to enable the TAS to subsequently perform communication barring supplementary services. Also, where the roaming user calls a geo-local number (e.g. short code, or premium numbers), the IMS entities in HPLMN must do number resolution to correctly route the call.
From preliminary discussions held at Working Group level in SA2 (architecture) and SA3 (security) in April, it was felt useful to create a new 3GPP Technical Report to perform comprehensive technical analysis on the subject. Thus it is expected that the discussions will continue in the next months until the end of 2015 and will overheat Release 13 agenda due to their commercial and “political” nature. Stay tuned to monitor the progress of the subject or contact the authors for further information!
NTT Docomo also did some trials back in February and got some brilliant results:

In the trials, DOCOMO and KT achieved the world's first high-definition voice and video call with full end-to-end quality of service. Also, DOCOMO and Verizon achieved the world's first transoceanic high-definition VoLTE roaming calls. DOCOMO has existing commercial 3G and 4G roaming relations with Verizon Wireless and KT.
The calls were made on an IP eXchange (IPX) and network equipment to replicate commercial networks. With only two months of preparation, which also proved the technology's feasibility of speedy commercialization, the quality of VoLTE roaming calls using S8HR architecture over both short and long distances was proven to be better than that of existing 3G voice roaming services.

In fact, NTT Docomo has already said based on the survery from GSMA's Network 2020 programme that 80% of the network operators want this to be supported by the standards and 46% of the operators already have a plan to support this.

The architecture has the following technical characteristics:
(1) Bearers for IMS services are established on the S8 reference point, just as LTE data roaming.
(2) All IMS nodes are located at Home Public Land Mobile Network (HPLMN), and all signaling and media traffic for the VoLTE roaming service go through HPLMN.
(3) IMS transactions are performed directly between the terminal and P-CSCF at HPLMN. Accordingly, Visited Public Land Mobile Network (VPLMN) and interconnect networks (IPX/GRX) are not service-aware at the IMS level. The services can only be differentiated by APN or QoS levels.

These three technical features make it possible to provide all IMS services by HPLMN only and to minimize functional addition to VPLMN. As a result, S8HR shortens the time-to-market for VoLTE roaming services.

Figure 2 shows the attach procedure for S8HR VoLTE roaming. From Steps 1 to 3, there is no significant difference from the LTE data roaming attach procedure. In Step 4, HSS sends an update location answer message to MME. In order for the MME to select the PGW in HPLMN (Step 5), the MME must set the information element VPLMN Dynamic Address “Allowed,” which is included in the subscribed data, to “Not Allowed.” In Step 6, the bearer for SIP signaling is created between SGW and PGW with QCI=5. MME sends an attach accept message to the terminal with an IMS Voice over PS Session Support Indication information element, which indicates that VoLTE is supported. The information element is set on the basis of the MME’s internal configuration specifying whether there is a VoLTE roaming agreement to use S8HR. If no agreement exists between two PLMNs, the information element will not be set.

The complete article from the NTT Docomo technical journal is embedded

Wednesday, 21 January 2015

Voice over WiFi (VoWiFi) technical details

VoWiFi is certainly a hot topic, thanks to the support of VoWiFi on iPhone 6. A presentation from LTE World Summit 2014 by Taqua on this topic has already crossed 13K views. In this post I intend to look at the different approaches for VoWiFi and throw in some technical details. I am by no means an expert so please feel free to add your input in the comments.

Anybody reading this post is not aware of S2a, S2b, Samog, TWAG, ePDG, etc. and what they are, please refer to our whitepaper on cellular and wi-fi integration here (section 3).

There are two approaches to VoWiFi, native client already in your device or an App that could be either downloaded from the app store or pre-installed. The UK operator '3' has an app known as ThreeInTouch. While on WiFi, this app can make and receive calls and texts. The only problem is that it does not handover an ongoing call from WiFi to cellular and and vice versa. Here are a few slides (slides 36-38) from them from a conference last year:

The other operators have a native client that can use Wi-Fi as the access network for voice calls as well as the data when the device is connected on the WLAN.

A simple architecture can be seen from the picture above. As can be seen, the device can connect to the network via a non-3GPP trusted wireless access network via the TWAG or via a non-3GPP untrusted wireless access network via ePDG. In the latter case, an IPSec tunnel would have to be established between the device and the ePDG. The SIM credentials would be used for authentication purposes so that an intruder cannot access ePDG and the core.

Now, I dont want to talk about VoLTE bearers establishment, etc. which I have already done here earlier. In order to establish S2a (trusted) and S2b (untrusted) connection, the AAA server selects an APN among those which are subscribed to in the HLR/HSS. The PDN-GW (generally referred to as PGW) dynamically assigns an IP address out of a pool of addresses which is associated with this APN. This UE IP address is used by the VoWiFi SIP UA (User Agent) as the contact information when registering to the SIP soft switch (which would typically be the operators IMS network).

If for any reason the SIP UA in the device is not able to use the SIM for authentication (needs ISIM?) then a username/password based authentication credentials can be used (SIP digest authentication).

Typically, there would be a seperate UA for VoLTE and VoWiFi. They would both be generally registering to the same IMS APN using different credentials and contact addresses. The IMS network can deal with multiple registrations from the same subscriber but from different IP addresses (see 3GPP TS 23.237 - 'IMS Service Continuity' for details).

Because of multiple UA's, a new element needs to be introduced in order to 'fork' the downstream media streams (RTP/RTCP packets) to different IP addresses over time.

3GPP has defined the Access Transfer Gateway (ATGW) which is controlled by the Access Transfer Control Function (ATCF); the ATCF interfaces to the IMS and Service Centralization and Continuity Application Server (SCC AS). All these are not shown in the picture above but is available in 3GPP TS 23.237. The IMS networks in use today as well as the one being deployed for VoLTE does not have ATGW/ATCF. As a result vendors have to come up with clever non-standardised solutions to solve the problem.

When there is a handover between 3GPP and non-3GPP networks, the UE IP address needs to be preserved. Solutions like MIP and IPSec have been used in the past but they are not flexible. The Release-12 solution of eSAMOG (see 3GPP TS 23.402) can be used but the solution requires changes in the UE. For the time being we will see proprietary solutions only but hopefully in future there would be standardised solutions available.

3GPP TS 23.234 describes more in detail the interworking of 3GPP based system and WLAN. Interested readers can refer to that for further insight.

Wednesday, 7 January 2015

Enhancing voice services using VoLTE

VoLTE has been a very popular topic on this blog. My overview of the LTE Voice Summit missed out narrowly from the Top 10 posts of 2014 but there were other posts related to VoLTE that made it.

In this magazine article, NTT Docomo not only talks about its own architecture and transition from 3G to 4G for voice and video, it provides some detailed insights from its own experience.

There is also discussion into technical details of the feature and examples of signalling for VoLTE registration and originating/terminating calls (control, session and user plane establishment), SMS, SRVCC, Video over LTE (ViLTE) and voice to video call switching.

The paper is embedded below and available from slideshare to download.

Related links:

Monday, 29 December 2014

The SS7 flaws that allows hackers to snoop on your calls and SMS

By now I am aware that most people have heard of the flaws in SS7 networks that allow hackers to snoop, re-route calls and read text messages. For anyone who is not aware of these things, can read some excellent news articles here:

Our trusted security expert, Ravi Borgaonkar, informs us that all these flaws have already been discussed back in May, as part of Positive Hack Days (PHDays).

The presentation is embedded below and can be downloaded from Slideshare:

xoxoxo Added this new information on the 4th Jan 2015 oxoxox

The following is this presentation and video by Tobias Engel from the 31st Chaos Communication Congress

Saturday, 1 November 2014

4G Security and EPC Threats for LTE

This one is from the LTE World Summit 2014. Even though I was not there for this, I think this has some useful information about the 4G/LTE Security. Presentation as follows:

Saturday, 26 July 2014

Observed Time Difference Of Arrival (OTDOA) Positioning in LTE

Its been a while I wrote anything on Positioning. The network architecture for the positioning entities can be seen from my old blog post here
Qualcomm has recently released a whitepaper on the OTDOA (Observed Time Difference Of Arrival) positioning. Its quite a detailed paper with lots of technical insights.

There is also signalling and example of how reference signals are used for OTDOA calculation. Have a look at the whitepaper for detail, embedded below.

Monday, 30 June 2014

4.5G: Integration of LTE and Wi-Fi networks

With LTE-A getting ready to meet the IMT-Advanced requirements and fulfilling the role of promised '4G', we believe the next phase of evolution before 5G will be successful interworking of LTE and Wi-Fi networks.

This whitepaper (embedded below) explores this feature, we call 4.5G, in detail.

Understanding WLAN offload in cellular networks by Anritsu

We are very thankful to Anritsu for kindly sponsoring this whitepaper. They have their own whitepaper on this topic which is also worth a read, available here.

Let us know what you think about this.

Saturday, 28 June 2014

EE: The Implications of RAN Architecture Evolution for Transport Networks

Here is a presentation by Andy Sutton, EE from the recent LTE World Summit 2014. Unfortunately the event was too big to be present in all presentations but in his own words, "As always the bullet points don’t tell the full story as there’s considerable narrative that goes with this, however it does stress some major themes."

Slides embedded below, can be downloaded from Slideshare:

Friday, 27 June 2014

Voice over WiFi (VoWiFi)

One of the changes that I have noticed in the last year is that some of the operators who have been opposed to WiFi in the past have not only embraced it but are now trying to monopolise the same WiFi spectrum they billed as interference prone. Personally, I think the future of Wi-Fi is not just offloading but also working together with LTE. We are billing this as 4.5G and have recently produced a whitepaper, available here.

There has been a flurry of activity on Voice over Wi-Fi in the last few months. Recently the UK operators '3' and EE announced that they are both allowing WiFi calling and SMS. While '3' customers will have to use an OTT app for the time being, EE customers will experience this seamlessly.

I heard Taqua in the recent LTE World Summit talking about their solution and have offered to share their slides (embedded below). It was interesting to find out while having a discussion with them that their solution supports 'hand-in' and 'hand-out'. This takes away a major advantage that Small Cells offered, seamless roaming. Anyway, feel free to let me know of you have any opinion on this topic

Wednesday, 25 June 2014

Diamater: Market Status, Roaming, NFV and Case Studies

Some more interesting presentations from the Signalling Focus Day of LTE World Summit. Good overview of market by Greg Collins of Exact ventures is embedded below.

A good presentation by Tieto where they presented some good case studies for Diameter Interworking. Presentation embedded below:

The final presentation by Diametriq is very interesting because they presented interesting way of mining the control plane. Thee case study presented was of a 'silent roamer' who is not going to spend money while roaming because he is not sure how much money is spent. This can be exploited by the operator to offer flat packages, 1 day pass, etc. to get some revenue from these roamers. Their presentation included some animations that cannot be shown while being embedded. Please download the PPT from Slideshare to view them.

Monday, 23 June 2014

LTE Roaming using IPX

A very interesting presentation from Raphaël Glatt of Bics in the Signalling Focus Day of LTE World Summit 2014. IPX is probably the most popular solution as its already being used by many operators for roaming agreements. Anyway, his presentation was the most detailed one I have come across and he was happy to share it with me for this blog. His complete presentation is embedded below:

Saturday, 17 May 2014

NFV and SDN - Evolution Themes and Timelines

We recently held our first Virtual Networks SIG event in Cambridge Wireless. There were some great presentations. The one by the UK operator EE summarised everything quite well. For those who are not familiar with what NFV and SDN is, I would recommend watching the video on my earlier post here.

One of the term that keeps being thrown around is 'Orchestration'. While I think I understand what it means, there is no easy way to explain it. Here are some things I found on the web that may explain it:
Orchestration means Automation, Provisioning, Coordination and Management of Physical and Virtual resources.  
Intelligent service orchestration primarily involves the principles of SDN whereby switches, routers and applications at Layer 7 can be programmed from a centralized component called the controller with intelligent decisions regarding individual flow routing in real time.
If you can provide a better definition, please do so.
There are quite a few functions and services that can be virtualised and there are some ambitious timelines.

ETSI has been working on NFV and as I recently found out (see tweet below) there may be some 3GPP standardisation activity starting soon.
Anyway, here is the complete presentation by EE:

There was another brilliant presentation by Huawei but the substance was more in the talk, rather than the slides. The slides are here in case you want to see and download.

Related post:

Friday, 18 April 2014

International LTE Data and VoLTE Roaming - NTT Docomo

Quick recap of the Bearer Architecture: Remember the interface between S-GW and P-GW is known as S5/S8. S5 in case the S-GW and P-GW are part of the same network (non-roaming case) and S8 in case where P-GW belongs to another network than S-GW (roaming case). The S5/S8 interfaces are generally exactly the same. There is a possibility of different types of S5/S8 interfaces like GTP based and PMIP based but lets not discuss that here.

NTT Docomo published an excellent article in their magazine recently showing the different approaches to International Data roaming.

The different scenarios above are based on the guidelines provided in GSMA PRD IR.88. Each operator has to adopt one of the scenarios above, NTT Docomo has selected scenario 4. The Home PLMN (HPLMN) and the Visited PLMN (VPLMN) connect via IP eXchange (IPX).

As can be seen above, the MME in VPLMN communicates with HSS in HPLMN using Diameter Edge Agent (DEA).

Finally, it is well known that NTT Docomo is not launching VoLTE untill 2015. The above is their proposal on how they handle VoLTE while in Japan and when roaming.

The paper is an interesting read, embedded below:

Another article worth a read is the VoLTE roaming with RAVEL here.

Sunday, 23 March 2014

Securing the backhaul with the help of LTE Security Gateway

An excellent presentation from the LTE World Summit last year, that is embedded below. The slide(s) that caught my attention was the overhead involved when using the different protocols. As can be seen in the picture above, the Ethernet MTU is 1500 bytes but after removing all the overheads, 1320 bytes are left for data. In case you were wondering, MTU stands for 'maximum transmission unit' and is the largest size packet or frame, specified in octets (8-bit bytes), that can be sent in a packet or frame based network such as the Internet.

Anyway, the presentation is embedded below:

Thursday, 13 February 2014

VoLTE Roaming with RAVEL (Roaming Architecture for Voice over IMS with Local Breakout)

Voice over LTE or VoLTE has many problems to solve. One of the issues that did not have a clear solution initially was Roaming. iBasis has a whitepaper on this topic here, from which the above picture is taken. The following is what is said above:

The routing of international calls has always been a problem for mobile operators. All too often the answer—particularly in the case of ‘tromboning’ calls all the way back to the home network—has been inelegant and costly. LTE data sessions can be broken out locally, negating the need for convoluted routing solutions. But in a VoIMS environment all of the intelligence that decides how to route the call resides in the home network, meaning that the call still has to be routed back.

The industry’s solution to this issue is Roaming Architecture for Voice over LTE with Local Breakout (RAVEL). Currently in the midst of standardisation at 3GPP, RAVEL is intended to enable the home network to decide, where appropriate, for the VoIMS call to be broken out locally. 

Three quarters of respondents to the survey said they support an industry-wide move to RAVEL for VoLTE roaming. This is emphatic in its enthusiasm but 25 per cent remains a significant share of respondents still to be convinced. Just over half of respondents said they plan to support VoIMS for LTE roaming using the RAVEL architecture, while 12.3 per cent said they would support it, but not using RAVEL.

Until RAVEL is available, 27.4 per cent of respondents said they plan to use home-routing for all VoLTE traffic, while just under one fifth said they would use a non-standard VoLTE roaming solution.

Well, the solution was standardised in 3GPP Release-11. NTT Docomo has an excellent whitepaper (embedded below) explaining the issue and the proposed solution.

In 3GPP Release 11, the VoLTE roaming and interconnection architecture was standardized in cooperation with the GSMA Association. The new architecture is able to implement voice call charging in the same way as circuit-switched voice roaming and interconnection models by routing both C-Plane messages and voice data on the same path. This was not possible with the earlier VoLTE roaming and interconnection architecture.

Anyway, here is the complete whitepaper

Monday, 20 January 2014

Different flavours of SRVCC (Single Radio Voice Call Continuity)

Single Radio Voice Call Continuity (SRVCC) has been quietly evolving with the different 3GPP releases. Here is a quick summary of these different flavors

In its simplest form, SRVCC comes into picture when an IMS based VoLTE call is handed over to the existing 2G/3G network as a normal CS call. SRVCC is particularly important when LTE is rolled out in small islands and the operator decided to provide VoLTE based call when in LTE. An alternative (used widely in practice) is to use CS Fallback (CSFB) as the voice option until LTE is rolled out in a wider area. The main problem with CSFB is that the data rates would drop to the 2G/3G rates when the UE falls back to the 2G/3G network during the voice call.

The book "LTE-Advanced: A Practical Systems Approach to Understanding 3GPP LTE Releases 10 and 11 Radio Access Technologies" by Sassan Ahmadi has some detailed information on SRVCC, the following is an edited version from the book:

SRVCC is built on the IMS centralized services (ICS) framework for delivering voice and messaging services to the users regardless of the type of network to which they are attached, and for maintaining service continuity for moving terminals.

To support GSM and UMTS, some modifications in the MSC server are required. When the E-UTRAN selects a target cell for SRVCC handover, it needs to indicate to the MME that this handover procedure requires SRVCC. Upon receiving the handover request, the MME triggers the SRVCC procedure with the MSC server. The MSC then initiates the session transfer procedure to IMS and coordinates it with the circuit-switched handover procedure to the target cell.

Handling of any non-voice packet-switched bearer is by the packet-switched bearer splitting function in the MME. The handover of non-voice packet-switched bearers, if performed, is according to a regular inter-RAT packet-switched handover procedure.

When SRVCC is enacted, the downlink flow of voice packets is switched toward the target circuit-switched network. The call is moved from the packet-switched to the circuit-switched domain, and the UE switches from VoIP to circuit-switched voice.

3GPP Rel-10 architecture has been recommended by GSMA for SRVCC because it reduces both voice interruption time during handover and the dropped call rate compared to earlier configurations. The network controls and moves the UE from E-UTRAN to UTRAN/GERAN as the user moves out of the LTE network coverage area. The SRVCC handover mechanism is entirely network-controlled and calls remain under the control of the IMS core network, which maintains access to subscribed services implemented in the IMS service engine throughout the handover process. 3GPP Rel-10 configuration includes all components needed to manage the time-critical signaling between the user’s device and the network, and between network elements within the serving network, including visited networks during roaming. As a result, signaling follows the shortest possible path and is as robust as possible, minimizing voice interruption time caused by switching from the packet-switched core network to the circuit-switched core network, whether the UE is in its home network or roaming. With the industry aligned around the 3GPP standard and GSMA recommendations, SRVCC-enabled user devices and networks will be interoperable, ensuring that solutions work in many scenarios of interest.

Along with the introduction of the LTE radio access network, 3GPP also standardized SRVCC in Rel-8 specifications to provide seamless service continuity when a UE performs a handover from the E-UTRAN to UTRAN/GERAN. With SRVCC, calls are anchored in the IMS network while the UE is capable of transmitting/ receiving on only one of those access networks at a given time, where a call anchored in the IMS core can continue in UMTS/GSM networks and outside of the LTE coverage area. Since its introduction in Rel-8, the SRVCC has evolved with each new release, a brief summary of SRVCC capability and enhancements are noted below

3GPP Rel-8: Introduces SRVCC for voice calls that are anchored in the IMS core network from E-UTRAN to CDMA2000 and from E-UTRAN/UTRAN (HSPA) to UTRAN/GERAN circuit-switched. To support this functionality, 3GPP introduced new protocol interface and procedures between MME and MSC for SRVCC from E-UTRAN to UTRAN/GERAN, between SGSN and MSC for SRVCC from UTRAN (HSPA) to UTRAN/GERAN, and between the MME and a 3GPP2-defined interworking function for SRVCC from E-UTRAN to CDMA 2000.

3GPP Rel-9: Introduces the SRVCC support for emergency calls that are anchored in the IMS core network. IMS emergency calls, placed via LTE access, need to continue when SRVCC handover occurs from the LTE network to GSM/UMTS/CDMA2000 networks. This evolution resolves a key regulatory exception. This enhancement supports IMS emergency call continuity from E-UTRAN to CDMA2000 and from E-UTRAN/UTRAN (HSPA) to UTRAN/ GERAN circuit-switched network. Functional and interface evolution of EPS entities were needed to support IMS emergency calls with SRVCC.

3GPP Rel-10: Introduces procedures of enhanced SRVCC including support of mid-call feature during SRVCC handover (eSRVCC); support of SRVCC packet-switched to circuit-switched transfer of a call in alerting phase (aSRVCC); MSC server-assisted mid-call feature enables packet-switched/ circuit-switched access transfer for the UEs not using IMS centralized service capabilities, while preserving the provision of mid-call services (inactive sessions or sessions using the conference service). The SRVCC in alerting phase feature adds the ability to perform access transfer of media of an instant message session in packet-switched to circuit-switched direction in alerting phase for access transfers.

3GPP Rel-11: Introduces two new capabilities: single radio video call continuity for 3G-circuit-switched network (vSRVCC); and SRVCC from UTRAN/GERAN to E-UTRAN/HSPA (rSRVCC). The vSRVCC feature provides support of video call handover from E-UTRAN to UTRAN-circuitswitched network for service continuity when the video call is anchored in IMS and the UE is capable of transmitting/receiving on only one of those access networks at a given time. Service continuity from UTRAN/GERAN circuitswitched access to E-UTRAN/HSPA was not specified in 3GPP Rel-8/9/10. To overcome this drawback, 3GPP Rel-11 provided support of voice call continuity from UTRAN/GERAN to E-UTRAN/HSPA. To enable video call transfer from E-UTRAN to UTRAN-circuit-switched network, IMS/EPC is evolved to pass relevant information to the EPC side and S5/S11/Sv/Gx/Gxx interfaces are enhanced for video bearer-related information transfer. To support SRVCC from GERAN to E-UTRAN/HSPA, GERAN specifications are evolved to enable a mobile station and base station sub-system to support seamless service continuity when a mobile station hands over from GERAN circuit-switched access to EUTRAN/ HSPA for a voice call. To support SRVCC from UTRAN to EUTRAN/ HSPA, UTRAN specifications are evolved to enable the RNC to perform rSRVCC handover and to provide relative UE capability information to the RNC.

NTT Docomo has a presentation on SRVCC and eSRVCC which is embedded below:

Tuesday, 29 October 2013

ANDSF: Evolution and Roaming with Hotspot 2.0

Access Network Discovery and Selection Function (ANDSF) is still evolving and with the introduction of Hotspot 2.0 (HS 2), there is a good possibility to provide seamless roaming from Cellular to Wi-Fi, Wi-Fi to Wi-Fi and Wi-Fi to Cellular.

There is a good paper (not very recent) by Alcatel-Lucent and BT that explains these roaming scenarios and other ANDSF policies related information very well. Its embedded below:

Tuesday, 15 October 2013

What is Network Function Virtualisation (NFV)?

Software Defined Networking (SDN) and Network Function Virtualization (NFV) are the two recent buzzwords taking the telecoms market by storm. Every network vendor now has some kind of strategy to use this NFV and SDN to help operators save money. So what exactly is NFV? I found a good simple video by Spirent that explains this well. Here it is:

To add a description to this, I would borrow an explanation and a very good example from Wendy Zajack, Director Product Communications, Alcatel-Lucent in ALU blog:

Let’s take this virtualization concept to a network environment. For me cloud means I can get my stuff where ever I am and on any device –  meaning I can pull out my smart phone, my iPad, my computer – and show my mom the  latest pictures of  her grand kids.  I am not limited to only having one type of photo album I put my photos in – and only that. I can also show her both photos and videos together – and am not just limited to showing her the kids in one format and on one device.
Today in a telecom network is a lot of equipment that can only do one thing.  These machines are focused on what they are do and they do it really well – this is why telecom providers are considered so ‘trusted.’ Back in the days of landline phones even when the power was out you could always make a call.  These machines run alone with dedicated resources.  These machines are made by various different vendors and speak various languages or ‘protocols’ to exchange information with each other when necessary. Some don’t even talk at all – they are just set-up and then left to run.  So, every day your operator is running a mini United Nations and corralling that to get you to access all of your stuff.  But it is a United Nations with a fixed number of seats, and with only a specific nation allowed to occupy a specific seat, with the seat left unused if there was a no-show. That is a lot of underutilized equipment that is tough and expensive to manage.  It also has a shelf life of 15 years… while your average store-bought computer is doubling in speed every 18 months.
Virtualizing the network means the ability to run a variety of applications (or functions) on a standard piece of computing equipment, rather than on dedicated, specialized processors and equipment, to drive lower costs (more value), more re-use of the equipment between applications (more sharing), and a greater ability to change what is using the equipment to meet the changing user needs (more responsiveness).  This has already started in enterprises as a way to control IT costs and improve the performance and of course way greener.
To give this a sports analogy – imagine if in American football instead of having specialists in all the different positions (QB, LB, RB, etc), you had a bunch of generalists who could play any position – you might only need a 22 or 33 man squad (2 or 3 players for every position) rather than the normal squad of  53.   The management of your team would be much simpler as ‘one player fits all’ positions.   It is easy to see how this would benefit a service provider – simplifying the procurement and management of the network elements (team) and giving them the ability to do more, with less.

Dimitris Mavrakis from Informa wrote an excellent summary from the IIR SDN and NFV conference in Informa blog here. Its worth reading his article but I want to highlight one section that shows how the operators think deployment would be done:

The speaker from BT provided a good roadmap for implementing SDN and NFV:
  1. Start with a small part of the network, which may not be critical for the operation of the whole. Perhaps introduce incremental capacity upgrades or improvements in specific and isolated parts of the network.
  2. Integrate with existing OSS/BSS and other parts of the network.
  3. Plan a larger-scale rollout so that it fits with the longer-term network strategy.
Deutsche Telecom is now considered to be deploying in the first phase, with a small trial in Hrvatski Telecom, its Croatian subsidiary, called Project Terrastream. BT, Telefonica, NTT Communications and other operators are at a similar stage, although DT is considered the first to deploy SDN and NFV for commercial network services beyond the data center.
Stage 2 in the roadmap is a far more complicated task. Integrating with existing components that may perform the same function but are not virtualized requires east-west APIs that are not clearly defined, especially when a network is multivendor. This is a very active point of discussion, but it remains to be seen whether Tier-1 vendors will be willing to openly integrate with their peers and even smaller, specialist vendors. OSS/BSS is also a major challenge, where multivendor networks are controlled by multiple systems and introducing a new service may require risking several parameters in many of these OSS/BSS consoles. This is another area that is not likely to change rapidly but rather in small, incremental steps.
The final stage is perhaps the biggest barrier due to the financial commitment and resources required. Long-term strategy may translate to five or even 10 years ahead – when networks are fully virtualized – and the economic environment may not allow such bold investments. Moreover, it is not clear if SDN and NFV guarantee new services and revenues outside the data center or operator cloud. If they do not, both technologies – and similar IT concepts – are likely to be deployed incrementally and replace equipment that reaches end-of-life. Cost savings in the network currently do not justify forklift upgrades or the replacement of adequately functional network components.
There is also a growing realization that bare-metal platforms (i.e., the proprietary hardware-based platforms that power today’s networks) are here to stay for several years. This hardware has been customized and adapted for use in telecom networks, allowing high performance for radio, core, transport, fixed and optical networks. Replacing these high-capacity components with virtualized ones is likely to affect performance significantly and operators are certainly not willing to take the risk of disrupting the operation of their network.
A major theme at the conference was that proprietary platforms (particularly ATCA) will be replaced by common off-the-shelf (COTS) hardware. ATCA is a hardware platform designed specifically for telecoms, but several vendors have adapted the platform to their own cause, creating fragmentation, incompatibility and vendor lock-in. Although ATCA is in theory telecoms-specific COTS, proprietary extensions have forced operators to turn to COTS, which is now driven by IT vendors, including Intel, HP, IBM, Dell and others.

ETSI has just published first specifications on NFV. Their press release here says:

ETSI has published the first five specifications on Network Functions Virtualisation (NFV). This is a major milestone towards the use of NFV to simplify the roll-out of new network services, reduce deployment and operational costs and encourage innovation.
These documents clearly identify an agreed framework and terminology for NFV which will help the industry to channel its efforts towards fully interoperable NFV solutions. This in turn will make it easier for network operators and NFV solutions providers to work together and will facilitate global economies of scale.
The IT and Network industries are collaborating in ETSI's Industry Specification Group for Network Functions Virtualisation (NFV ISG) to achieve a consistent approach and common architecture for the hardware and software infrastructure needed to support virtualised network functions. Early NFV deployments are already underway and are expected to accelerate during 2014-15. These new specifications have been produced in less than 10 months to satisfy the high industry demand – NFV ISG only began work in January 2013.
NFV ISG was initiated by the world's leading telecoms network operators. The work has attracted broad industry support and participation has risen rapidly to over 150 companies of all sizes from all over the world, including network operators, telecommunication equipment vendors, IT vendors and technology providers. Like all ETSI standards, these NFV specifications have been agreed by a consensus of all those involved.
The five published documents (which are publicly available via include four ETSI Group Specifications (GSs) designed to align understanding about NFV across the industry. They cover NFV use cases, requirements, the architectural framework, and terminology. The fifth GS defines a framework for co-ordinating and promoting public demonstrations of Proof of Concept (PoC) platforms illustrating key aspects of NFV. Its objective is to encourage the development of an open ecosystem by integrating components from different players.
Work is continuing in NFV ISG to develop further guidance to industry, and more detailed specifications are scheduled for 2014. In addition, to avoid the duplication of effort and to minimise fragmentation amongst multiple standards development organisations, NFV ISG is undertaking a gap analysis to identify what additional work needs to be done, and which bodies are best placed to do it.
The ETSI specifications are available at:

The first document that shows various use cases is embedded below:

Monday, 23 September 2013

Push to talk (PTT) via eMBMS

I was talking about push to share back in 2007 here. Now, in a recent presentation (embedded below) from ALU, eMBMS has been suggested as a a solution for PTT like services in case of Public safety case. Not sure if or when we will see this but I hope that its sooner rather than later. Anyway, the presentation is embedded below. Feel free to add your comments: