Showing posts with label 5G. Show all posts
Showing posts with label 5G. Show all posts

Monday 27 July 2020

Key Technology Aspects of 5G Security by Rohde & Schwarz


The 3G4G page contains a lot of useful papers and links to security here but we have also looked at evolution of security from 4G to 5G here. Rohde & Schwarz has a short 8-minute video in which wireless technology manager, Reiner Stuhlfauth, explains the key technology aspects ensuring 5G security. The video is embedded below.



Related Links:
Posted by Zahid Ghadialy at 07:35 Leave a comment...0 comments so far
Labels: , , , , ,

Sunday 19 July 2020

Mobile Initiated Connection Only (MICO) mode in 5G System


Mobile Initiated Connection Only (MICO) mode is designed for IoT devices that send small amounts of data and do not need to be paged. An example of this could be a smart bin that sends a message to the waste collection company saying it is 50% full, etc. This way the bin emptying lorry can plan to empty it in the next collection round. Here there is no reason to page the bin as there is no mobile terminated data that would be required.

MICO mode has to be negotiated between the device and AMF in 5GC. A device in MICO mode cannot be paged as it would not listen to paging to conserve battery power. This extreme power saving mode can ensure that the battery can last for very long time, ideally years thereby making this vision of billions of connected IoT devices a reality.


In an earlier post on RRC Inactive state, we looked at NAS states, along with RRC states. When the UE is in MICO mode, the AMF in 5GC will consider the UE to be unreachable when it is in CM-IDLE state. In addition, a periodic registration timer is also allocated to the MICO mode UEs. The UE has to confirm the MICO mode again during registration update.

The video and presentation are embedded below:





Related Posts:
Posted by Zahid Ghadialy at 07:35 Leave a comment...0 comments so far
Labels: , , , , ,

Sunday 12 July 2020

Anritsu Webinar on 'Evolution of 5G from 3GPP Rel-15 to Rel-17 and Testing Challenges'


At the TSG#88e Plenary meetings that ended on 03 July 2020, Release 16 was completed with both the Stage 3 freeze and the ASN.1 and OpenAPI specification freeze being approved. The 3GPP Release-16 page has more details on timelines but they may shift. See at the bottom of this post.

Anritsu have uploaded a short presentation on their channel that I am embedding below. I have skipped the beginning part but of you feel like you want to listen, jump to the beginning.




Meanwhile in the recently concluded TSG#88e Plenary meetings, there is a discussion on some of the timelines for Release-17 and Rel-18 moving. This graph below is from SP-200606.


In another piece of 3GPP news, RAN Working Group 6 (WG6 or RAN6) – responsible for the GERAN and UTRAN radio and protocol work - was formally closed.  No new features but specs will be maintained as necessary, of course.

Finally, here is a short video interview by 3GPP in which Balazs Bertenyi looks back at the recent TSG RAN Plenary e-meeting. He talks about the challenges, about IMT-2020, Rel-16 being just on time & the prospects for Rel-17.

Release 16 - RAN progress from 3GPPlive on Vimeo.


Related Posts:
Posted by Zahid Ghadialy at 13:18 Leave a comment...0 comments so far
Labels: , , , , , ,

Monday 6 July 2020

A Technical Introduction to 5G NR RRC Inactive State


I looked at the RRC Inactive state back in 2017, but the standards were not completely defined. In the meantime standards have evolved and commercial 5G networks are rolling out left, right and centre. I made a short technical introduction to the RRC_INACTIVE state, comparing it with the 4G states in RRC and NAS. I also looked at some basic signalling examples and there are lots of relevant references at the end. Video and slides embedded below.






Related Posts:

Posted by Zahid Ghadialy at 07:35 Leave a comment...3 comments so far
Labels: , , , , , ,

Saturday 4 July 2020

An Introduction to Vehicle to Everything (V2X) and Cellular V2X (C-V2X)


We made an introductory tutorial explaining vehicle to everything. There are 2 different favours of V2X as shown in this tweet below


One is based on IEEE 802.11p (802.11bd in future). It is known by different names, DSRC, ITS-G5, etc. The other is the cellular V2X or C-V2X. It started as basic D2D but has evolved over the time. The slides and video are embedded below but this topic will need revisiting with more details.







Related Posts:
Posted by Zahid Ghadialy at 07:35 Leave a comment...0 comments so far
Labels: , , , , , , , , , ,

Tuesday 23 June 2020

Comparison Layer 2 Measurements LTE vs. 5G NR


Yesterday (2020-06-22) 3GPP uploaded the version 1.0 of TS 38.314 "Layer 2 Measurements" for 5G New Radio Rel. 16.

I was wondering about the difference compared to the same LTE standard defined in 3GPP TS 36.314.

The initial look at the table of contents shows significantly less measurements in the NR spec, but a new counter for the number of stored inactive UE contexts. This is due to the introduction of RRC Inactive state in NR RRC specified in 3GPP TS 38.331)

All other differences in the NR standard are related to chapter number 4.2.1.6 "Other measurements defined in TS 28.552".

Here one finds the references to Data Volume, Average Throughput Measurement per UE and DRB as well as PRB usage measurements.

Adding these additional measurements to the list we see in the table of contents it emerges that indeed the number of stored inactive UE contexts is the only major difference in comparison with the LTE standard. 

Posted by Ralf Kreher at 15:59 Leave a comment...0 comments so far
Labels: , , , , ,

Monday 22 June 2020

Carrier Aggregation (CA) and Dual Connectivity (DC)


This topic keeps coming up every few months with either someone asking me for clarifications or someone asking us to make a video. While I don't think I will mange to get round to making a video sometime soon, there are some excellent resources available that should help a new starter. Here they are in an order I think works best



The first resource that I think also works best is this webinar / training from Award Solutions. It covers this topic well and the image at the top of the post is a god summary for someone who already understands the technology.


It may also help to understand that in the 5G NSA can have 4G carrier aggregation as well as 5G carrier aggregation in addition to dual connectivity.


If you saw the video earlier, you noticed that DC actually came as part of LTE in Release-12. We covered it in our Telecom Infrastructure blog here. NTT Docomo Technical journal had a detailed article on 'Carrier Aggregation Enhancement and Dual Connectivity Promising Higher Throughput and Capacity' that covered DC in a lot more technical detail, albeit from LTE point of view only. The article is available here. A WWRF whitepaper from the same era can also provide more details on LTE Small Cell Enhancement by Dual Connectivity. An archived copy of the paper is available here.

Another fantastic resource is this presentation by Rapeepat Ratasuk and Amitava Ghosh from Mobile Radio Research Lab, Nokia Bell Labs. The presentation is available here and details the MCG (Master Cell Group) Split Bearer and SCG (Secondary Cell Group) Split Bearer, etc. This article from Ericsson also provides more detail on this topic while ShareTechNote takes it one level even deeper with technical details and signalling here and here.

So hopefully this is a good detailed starting point on this topic, until we manage to make a simple video someday.
Posted by Zahid Ghadialy at 07:35 Leave a comment...0 comments so far
Labels: , , , , , , , , , , , ,

Tuesday 9 June 2020

5G Roaming with SEPP (Security Edge Protection Proxy)

SEPP (Security Edge Protection Proxy) is part of the roaming security architecture as shown in the figure above. Ericsson's article, "An overview of the 3GPP 5G security standard" describes the use of SEPP as follows:

The use of SBA has also pushed for protection at higher protocol layers (i.e. transport and application), in addition to protection of the communication between core network entities at the internet protocol (IP) layer (typically by IPsec). Therefore, the 5G core network functions support state-of-the-art security protocols like TLS 1.2 and 1.3 to protect the communication at the transport layer and the OAuth 2.0 framework at the application layer to ensure that only authorized network functions are granted access to a service offered by another function.

 The improvement provided by 3GPP SA3 to the interconnect security (i.e. security between different operator networks) consists of three building blocks:

  • Firstly, a new network function called security edge protection proxy (SEPP) was introduced in the 5G architecture (as shown in figure 2). All signaling traffic across operator networks is expected to transit through these security proxies
  • Secondly, authentication between SEPPs is required. This enables effective filtering of traffic coming from the interconnect
  • Thirdly, a new application layer security solution on the N32 interface between the SEPPs was designed to provide protection of sensitive data attributes while still allowing mediation services throughout the interconnect

The main components of SBA security are authentication and transport protection between network functions using TLS, authorization framework using OAuth2, and improved interconnect security using a new security protocol designed by 3GPP.

NG.113 5G Roaming Guidelines v2.0 clarifies:

4.2 Inter PLMN (N32) Interface

 The Inter-PLMN specification 3GPP TS 29.573 has been produced by 3GPP to specify the protocol definitions and message flows, and also the APIs for the procedures on the PLMN (Public Land Mobile Network) interconnection interface (i.e. N32)

 As stated in 3GPP TS 29.573 the N32 interface is used between the SEPPs of a VPLMN and a HPLMN in roaming scenarios. Furthermore, 3GPP has specified N32 to be considered as two separate interfaces: N32-c and N32-f.

 N32-c is the Control Plane interface between the SEPPs for performing the initial handshake and negotiating the parameters to be applied for the actual N32 message forwarding. See section 4.2.2 of 3GPP TS 29.573.

 Once the initial HTTP/2 handshake is completed the N32-c connection is torn down. This connection is End-to-End between SEPPs and does not involve IPX to intercept the HTTP/2 connection; although the IPX may be involved for IP level routing.

 N32-f is the Forwarding interface between the SEPPs, that is used for forwarding the communication between the Network Function (NF) service consumer and the NF service producer after applying the application level security protection. See section 4.2.3 of 3GPP TS 29.573.

 N32-f can provide Application Level Security (ALS) as specified in 3GPP TS 33.501 between SEPPs, if negotiated using N32-c. ALS provides the following protection functionalities: -

  • Message protection of the information exchanged between NF service consumer and producer
  • Forwarding of the application layer protected message from a SEPP in one PLMN to another PLMN by way of using IPX providers on the path. The IPX providers on the path may involve the insertion of content modification instructions which the receiving SEPP applies after verifying the integrity of such modification instructions.

The HTTP/2 connection used on N32-f is long lived; and when a SEPP establishes a connection towards another PLMN via IPX, the HTTP/2 connection from a SEPP terminates at the next hop IPX.

 N32-f makes use of the HTTP/2 connection management requirements specified in 3GPP TS 29.500. Confidentiality protection shall apply to all IE’s for the JOSE protected message forwarding procedure, such that hop-by-hop security between SEPP and the IPXs should be established using an IPSec or TLS VPN.

 If an IPX is not in the path between SEPPs, then an IPSec of Transport Layer Security, TLS VPN will be established directly.

 Note: N32-f shall use “http” connections generated by a SEPP, and not “https”

 The SEPP will act as a non-transparent Proxy for the NF’s when service based interfaces are used across PLMNs, however inside IPX service providers, an HTTP proxy may also be used to modify information elements (IE’s) inside the HTTP/2 request and response messages.

 Acting in a similar manner to the IPX Diameter Proxy used in EPC roaming, the HTTP/2 Proxy can be used for inspection of messages, and modification of parameters. 


The picture in the tweet above shows how SEPP will play a role in Local Break Out (LBO) roaming as well as Home Routed (HR) roaming.

Related Posts:
Posted by Zahid Ghadialy at 07:35 Leave a comment...0 comments so far
Labels: , , , , , ,

Tuesday 19 May 2020

5G Dynamic Spectrum Sharing (DSS)

5G Dynamic Spectrum Sharing is a hot topic. I have already been asked about multiple people for links on good resources / whitepapers. So here is what we liked, feel free to add anything else you found useful as part of comments.


Nokia has a nice high level overview of this topic which is available here. I really liked the decision tree as shown in the tweet above. I am going to quote a section here that is a great summary to decide if you want to dive deeper.

DSS in the physical layer
DSS allows CSPs to share resources dynamically between 4G and 5G in time and/or frequency domains, as shown on the left of Figure 3. It’s a simple idea in principle, but we also need to consider the detailed structure at the level of the resource block in order to understand the resource allocations for the control channels and reference signals. A single resource block is shown on the right side of Figure 3.

 The 5G physical layer is designed to be so similar to 4G in 3GPP that DSS becomes feasible with the same subcarrier spacing and similar time domain structure. DSS is designed to be backwards compatible with all existing LTE devices. CSPs therefore need to maintain LTE cell reference signal (CRS) transmission. 5G transmission is designed around LTE CRS in an approach called CRS rate matching.

 5G uses demodulation reference signals (DMRS), which are only transmitted together with 5G data and so minimize any impact on LTE capacity. If all LTE devices support Transmission Mode 9 (TM9), then the shared carrier has lower overheads because less CRS transmission is required. The control channel transmission and the data transmission can be selected dynamically between LTE and 5G, depending on the instantaneous capacity requirements.


The second resource is this Rohde & Schwarz webinar here. As can be seen in the tweet above, it provides nice detailed explanation.

Finally, we have a Comprehensive Deployment Guide to Dynamic Spectrum Sharing for 5G NR and 4G LTE Coexistence, which is a nice and detailed whitepaper from Mediatek. Quoting a small section from the WP for anyone not wanting to go too much in deep:

The DSS concept is based on the flexible design of NR physical layer. It uses the idea that NR signals are transmitted over unused LTE resources. With LTE, all the channels are statically assigned in the time-frequency domain, whereas the NR physical layer is extremely flexible for reference signals, data and control channels, thus allowing dynamic configurations that will minimize a chance of collision between the two technologies. 

 One of the main concepts of DSS is that only 5G users are made aware of it, while the functionalities of the existing LTE devices remain unaffected (i.e. LTE protocols in connected or idle mode). Therefore, fitting the flexible physical layer design of NR around that of LTE is needed in order to deploy DSS on a shared spectrum. This paper discusses the various options of DSS implementation, including deployment challenges, possible impacts to data rates, and areas of possible improvements.

 NR offers a scalable and flexible physical layer design depicted by various numerologies. There are different subcarrier spacing (SCS) for data channels and synchronization channels based on the band assigned. This flexibility brings even more complexity because it overlays the NR signals over LTE, which requires very tight coordination between gNB and eNB in order to provide reliable synchronization in radio scheduling.

 The main foundation of DSS is to schedule NR users in the LTE subframes while ensuring no respective impact on LTE users in terms of essential channels, such as reference signals used for synchronization and downlink measurements. LTE Cell Reference Signals (CRS) is typically the main concept where DSS options are designated, as CRS have a fixed time-frequency resource assignment. The CRS resources layout can vary depending on the number of antenna ports. More CRS antenna ports leads to increased usage of Resource Elements (REs). CRS generates from 4.76% (1 antenna port) up to 14.29% (4 antenna ports) overhead in LTE resources. As CRS is the channel used for downlink measurements, avoiding possible collision with CRS is one of the foundations of the DSS options shown in figure 1. The other aspect of DSS design is to fit the 5G NR reference signals within the subframes in a way to avoid affecting NR downlink measurements and synchronization. For that, DSS considers the options shown in figure 1 to ensure NR reference signals such as Synchronization Signal Block (SSB) or Demodulation Reference Signal (DMRS) are placed in time-frequencies away from any collision with LTE signals.

 MBSFN, option 1 in figure 1, stands for Multi-Broadcast Single-Frequency Network and is used in LTE for point-to-multipoint transmission such as eMBMS (Evolved Multimedia Broadcast Multicast Services). The general idea of MBSFN is that specific subframes within an LTE frame reserve the last 12 OFDM symbols of such subframe to be free from other LTE channel transmission. These symbols were originally intended to be used for broadcast services and are “muted” for data transmission in other LTE UE. Now this idea has been adjusted for use in a DSS concept, so that these reserved symbols are used for NR signals instead of eMBMS. While in general LTE PDCCH can occupy from 1 to 3 symbols (based on cell load), the first two OFDM symbols of such MBSFN subframe are used for LTE PDCCH, and DSS NR UE can use the third symbol. Using MBSFN is completely transparent to legacy LTE-only devices from 3GPP Release 9 onwards, as such LTE UE knows that these subframes are used for other purposes. In this sense this is the simplest way of deploying DSS. This method has disadvantages though. The main one is that if MBSFN subframes are used very frequently and it takes away resources from LTE users, heavily reducing LTE-only user throughput. Note that option 1 shown in figure 1 does not require LTE MBSFN Reference Signals to be used, because the MBSFN subframe is used to mute the subframe for DSS operation only, and LTE CRS shall only be transmitted in the non-MBSFN region (within the first two symbols) of the MBSFN subframe.

 The two other options illustrated in figure 1 are dealing with non-MBSFN subframes that contain LTE reference signals. Option 2 is ‘mini-slot’ based; mini-slot scheduling is available in NR for URLLC applications that require extremely low latency. The symbols can be placed anywhere inside the NR slot. In respect to DSS, mini-slot operation just eliminates the usage of the symbols that contain LTE CRS and schedule only free ones for NR transmission. The basic limitation of this method comes from the concept itself. It is not very suitable for eMBB applications as too many resources are outside of NR scheduling. However it still can be utilized in some special cases like 30 kHz SSB insertion which will be described later in this paper.

 Option 3 is based on CRS rate matching in non-MBSFN subframes, and it is expected to be the one most commonly used for NR data channels. In this option, the UE performs puncturing of REs used by LTE CRS so that the NR scheduler knows which REs are not available for NR data scheduling on PDSCH (Physical Downlink Shared Channel). The implementation of this option can be either Resource Block (RB)-level when the whole RB containing LTE CRS is taken out of NR scheduling, or RE-level where NR PDSCH scheduling avoids particular REs only. The end result of this method is that the scheduler will reduce the NR PDSCH transport block size as the number of REs available for scheduling become less in a slot.


Personally, I am not a big fan of DSS mainly because I think it is only useful in a very few scenarios. Also, it helps operators show a 5G logo but doesn't provide a 5G experience by itself. Nevertheless, it can come in handy for the coverage layer of 5G.


In one of the LinkedIn discussions (that I try and avoid mostly) somebody shared this above picture of Keysight Nemo DSS lab test results. As you can see there is quite a bit of overhead with DSS.

Posted by Zahid Ghadialy at 16:09 Leave a comment...0 comments so far
Labels: , , , , , , ,

Thursday 14 May 2020

A Look into 5G Virtual/Open RAN - Part 4: Intra-gNB DU Handover

In the previous posts of this series I described O-RAN interfaces and protocols, connection establishment and connection release procedures. Now it is time to look at handovers.

As mentioned in one of the earlier posts the gNB-CU CP will be in charge of controlling hundreds of gNB-DUs in a similar way like the 3G RNC was in charge of controlling hundreds of UMTS NodeBs. As a result the most common 5G SA intra-system handovers will be intra-gNB handovers. These handovers can further be classified into intra-gNB-DU handovers (inter- as well as intra-frequency) and inter-gNB-DU handovers.

Due to the virtualization of RAN network functions we will also find another form of switching transmission path, which is a change of the gNB-CU UP during the call without mobility of the UE. This scenario I will discuss later in a separate blog post.

Today I want to focus on the intra-gNB DU handover. Here the UE moves from one cell to another one within the same distributed unit as shown in the figure below.



A prerequisite is the successful establishment of a NR RRC connection and a F1AP UE Context between the gNB-DU and the gNB-CU CP.

The F1AP transports all RRC messages between these two entities. Indeed, it transports the PDCP blocks and the gNB-DU is not aware that these PDCP blocks contain RRC messages. However, for better illustration I have not shown the PDPC part in the ladder diagram.

What we see in step 1 is a NR RRC Reconfiguration message that contains RRC measurement configurations to be enabled on the UE side. A typical trigger event for intra-frequency handovers is the A3 event that is already known from LTE RRC.

Once the UE detects a better neighbor cell meeting the A3 criteria it sends a RRC Measurement Report to the gNB-CU CP (step 2).

In step 3 the gNB-CU CP orders the gNB-DU to perform a F1AP UE Context Modification. The purpose is to allocate radio resources for the UE in the target cell and to prepare the cell change.

The gNB-DU replies with F1AP UE Context Modification Response. This messages contains the new C-RNTI and a large block of lower layer configuration parameters (e.g. for RLC and MAC layer) that need to be sent to the UE and thus, need to be transported to the gNB-CU CP before, because it is the only RAN function capable to communicate with the UE using the RRC protocol.

Hence, in step 5 we see another downlink RRC message transfer. This time it is used to transport the handover command towards the UE. The handover command is a NR RRC Reconfiguration message and it contains the new C-RNTI (new UE identity within the cell) as well as the physical cell ID of the target cell and the full set of lower layer configuration parameters previously provided by the gNB-DU.

When the gNB-CU CP receives the RRC Reconfiguration Complete message sent by the UE in step 6 the handover is successfully completed and the UE is now served by the cell with NR PCI 2.

As mentioned before there is neither XnAP (communication between two neighbor gNBs) nor NGAP (communication between gNB and AMF) involved in this handover procedure.

Related Posts:

Posted by Ralf Kreher at 13:12 Leave a comment...11 comments so far
Labels: , , , , ,

Monday 11 May 2020

5G Remote Surgery and Telehealth Solutions


One of the most controversial 5G use cases is the remote surgery. In this post I want to quickly look at the history and what is possible. Before I go to that, here is a short summary video that I am embedding upfront.



As far as I can recall, Ericsson was the first vendor that started talking about remote surgery. This is a tweet from back in 2017.


Huawei didn't want to be far behind so they did one at MWC Shanghai in 2018. Their tweet with video is embedded below.


In January 2019, South China Morning Post (SCMP) showed a video of a remote surgery on an animal. While the video and the article didn't provide many details, I am assuming this was done by Huawei as detailed here. The video of the surgery below.



This was followed by Mobile World Congress 2019 demo where a doctor used 5G to direct surgery live from a stage at MWC to Hospital Clinic Barcelona over 3 miles away. The team of doctors was removing a cancerous tumor from a patient's colon. This video from that is embedded below.



Vodafone New Zealand had a silly remote surgery of a dog video but looks like they have removed it.  Nothing can beat this Telecom Italia ad embedded below.



There are some realistic use cases. One of them being that with 5G the number of cables / wires in a hospital can be reduced saving on the disinfection.
NTT Docomo showcased 5G Mobile SCOT (Smart Cyber Operating Theater) which is an Innovative solution to enable advanced medical treatment in diverse environments. You can read more details here.

There are lots of other things going on. Here is a short list:
  • April 2020: Because of Coronavirus COVID-19, NT Times has an article on Telemedicine Arrives in the U.K.: ‘10 Years of Change in One Week’ - even though this does not involve 5G, it just shows that we are moving in that direction.
  • February 2020: 5G-aided remote CT scans used to diagnose COVID-19 patients in China (link)
  • February 2020: Verizon teamed with Emory Healthcare to test new 5G use cases for the medical industry at the latter’s Innovation Hub in Atlanta, in a bid to discover how the technology can be used to improve patient care. The collaboration will explore applications including connected ambulances; remote physical therapy; medical imaging; and use of AR and VR for training. (link)
  • February 2020: Vodafone 5G Healthcare – Conference & Experience Day (link)
  • November 2019: TIM enables first live remote-surgery consultation using 5G immersive reality (link)
  • October 2019: Along with a hospital in Malaga, Telefónica has presented what it claims is the first expert assistance system for medical interventions that runs on 5G. (link and video)
  • September 2019: Mobile Future Forward 2019 - World's First Remote VR Surgery Demo conducted on Sept 4th, 2019 in Seattle by Chetan Sharma, James Youngquist, Evie Powell, Nissim Hadar, David Colmenares, and Gabe Jones. (link)

Finally, a nice video on Benefits of 5G for Healthcare Technology by T-Mobile



Related Posts:
Posted by Zahid Ghadialy at 07:35 Leave a comment...0 comments so far
Labels: , , , , , , , , , , , , , , ,

Wednesday 6 May 2020

Virve 2.0 - Finland's 4G/5G Public Safety Network

State Security Networks Group Finland (Erillisverkot) safeguards the Finnish society by offering authorities and critical operators engaged in critical infrastructure and services secure and reliable ICT services. Much like in the civilian world, communication between authorities includes transferring images and video material to an increasing degree, which results in ever-growing data transfer volumes and, subsequently, new kinds of demands for all communication networks. 


Virve is a means of ensuring communication and cooperation between authorities and other partners across organisational borders into the future. It also entails the introduction of a higher service standard, as the transfer to broadband, estimated to take place in 2022, will make it possible to transfer video material, images and data. This will mean that it will be possible to send video material in a reliable and secure way in the case of accidents, for example. The radio network Virve, based on Tetra technology, will reach the end of its lifecycle by the end of the 2020s. The current Virve network will be used simultaneously with the new Virve 2.0 network until, at least, 2025.


Erillisverkot will acquire the broadband Virve 2.0 radio access network as a service from Elisa and the core systems from Ericsson. Separate networks will ensure the continuity of critical communications and operational capability of public safety in all situations in the future.

I would assume this would be MOCN, similar to the UK deployment of ESN networks as shown here.

Virve 2.0 subcribers will use Elisa’s public radio network, which the operator is expanding to become Finland’s largest data and voice network.

 About 80 million messages pass through the Virve system every week. Elisa is committed to increasing the coverage, capacity and verification of its mobile network to meet the requirements of Virve 2.0.

 The new online services will provide support for critical communication between public authorities and other parties.

 The addition of image, video, and other wireless broadband services alongside existing Virve services will enable a better and more up-to-date view of the day-to-day operations of authorities and other actors.

 The IoT enables automatic monitoring of rescue personnel and mobile use of surveillance cameras and drones.

 The Virve 2.0 radio network service will be in use from 2021 and will include the 4G and 5G technologies and the internet of things. The contract is for ten years.

Finally, a recent advert of Elisa explaining 5G to outside world
Further Study:
  • Erillisverkot: Obstacles for MCX Broadband and how to overcome them [PDF]
  • Erillisverkot: Virve Broadband Plans for the Future - Critical Communications Europe 2019 [PDF]
  • 5G-XCast Whitepaper: Rapidly Deployable Network System for Critical Communications in Remote Locations [PDF]
  • Erillisverkot: White paper - Virve 2.0 RFI Summary of responses [PDF]
  • Erillisverkot: Factsheet - What is Virve 2.0? [PDF]

Related Posts:
Posted by Zahid Ghadialy at 07:35 Leave a comment...0 comments so far
Labels: , , , , , , ,

Monday 20 April 2020

A Look at the same RRC Message in LTE and 5G Stand-alone Call Scenarios


Some weeks ago the differences in 4G LTE RRC (3GPP 36.331) and 5G NR RRC (3GPP 38.331) and how both protocols interact in EN-DC call scenarios have been discussed in another blog post.

Now I would like to share a visual comparison of the RRC (Connection) Setup Complete message as it is seen in LTE (including EN-DC) and 5G stand-alone (SA) radio connections.

From the figure below one can see that although this message fulfills the same purpose in both radio access technologies its particular contents may look quite differently.

Different variants of RRC (Connection) Setup Complete message in LTE and 5G stand-alone call scenarios
Posted by Ralf Kreher at 09:29 Leave a comment...0 comments so far
Labels: , , ,

Sunday 19 April 2020

SCF Releases 5G Functional API to Enable Open Small Cells Ecosystem


The Small Cell Forum (SCF) announced the publication of documents focused on stimulating a competitive ecosystem for vendors of 5G-era small cell hardware, software and equipment. The expanded set of specifications contained in these documents are:
According to the press release:

Expanding upon the 5G Physical Layer API specification, published in July 2019, the new specifications enable small cells to be constructed piece-by-piece using components from different vendors, in order to address the diverse mixture of 5G use cases relatively easily, a common goal to all of the specifications made by Small Cell Forum.

The new release also includes two completely new specifications, SCF223: 5G NR FAPI P19 FrontEnd Interface Specification and SCF224: Network Monitor Mode API for Small Cells.


According to Dr. Prabhakar Chitrapu, Chair of SCF, “FAPI helps Equipment Vendors to mix PHY & MAC Software from different suppliers via this open FAPI interface. So, FAPI is an 'internal' interface.”

“5G-nFAPI (network FAPI) is a 'network' interface and is between a Distributed Unit and Centralised Unit  of a Split RAN/Small Cell network solution. An open specification of this interface (nFAPI) will help network architects by allowing them to mix distributed and central units from different vendors.”

SCF nFAPI is enabling Open RAN ecosystem in its own way by allowing any small cell CU/DU (S-CU / S-DU) to connect to any small cell radio unit (S-RU)

Here is a video playlist from SCF that explains the new API's



Related Posts:
Posted by Zahid Ghadialy at 11:31 Leave a comment...0 comments so far
Labels: , , , , ,

Sunday 12 April 2020

Spectrum for 5G NR beyond 52.6 GHz

3GPP TR 38.807: Study on requirements for NR beyond 52.6 GHz has recently been revised with all the new information post WRC-19. There is a section that details potential use cases for this new spectrum.


Quoting from the specs:

The relatively underutilized millimeter-wave (mmWave) spectrum offers excellent opportunities to provide high speed data rate, low latency, and high capacity due to the enormous amount of available contiguous bandwidth. However, operation on bands in frequencies above 52.6GHz will be limited by the performance of devices, for example, poor power amplifier (PA) efficiency and larger phase noise impairment, the increased front-end insertion loss together with the low noise amplifier (LNA) and analog-to-digital converter (ADC) noise. In addition, bands in frequencies above 52.6GHz have high propagation and penetration losses challenge. Even so, various use cases are envisioned for NR operating in frequencies between 52.6GHz and 114.25GHz. Some of the use cases are illustrated in Figure 5.1-1 and following section provide detailed description of the uses cases. It should be noted that there is not a 1-to-1 mapping of use cases and wireless interfaces, e.g. Uu, slidelink, etc. Various wireless interfaces could be applicable to various uses cases described.

  • High data rate eMBB
  • Mobile data offloading
  • Short-range high-data rate D2D communications
  • Vertical industry factory application
  • Broadband distribution network
  • Integrated access backhaul (IAB)
  • Factory automation/Industrial IoT (IIoT)
  • Augmented reality/virtual reality headsets and other high-end wearables
  • Intelligent Transport Systems (ITS) and V2X
  • Data Center Inter-rack Connectivity
  • Smart grid automation
  • Radar/Positioning
  • Private Networks
  • Critical medical communication

There is quite detailed information for each use case in the document that I am not detailing here.


It also details information on the allocation within the frequency range 52.6 GHz to 116 GHz in ITU Radio Regulation (see table below). The column with comments contains (a subset of) information on protection requirements for incumbent services. For the full details please refer to the Radio Regulations.

Quoting from the specs:

Within the range 52.6 to 116 GHz, the frequency bands 66-76 GHz (including 66-71 and 71-76 GHz) and 81-86 GHz are being studied under WRC-19 Agenda Item 1.13 for potential IMT identification. Results of sharing and compatibility studies, potential technical and regulatory conditions are included in Draft CPM Report, and the final decisions are to be made in WRC-19 with respect to IMT identification or no IMT identification, along with the corresponding technical and regulatory conditions.

 For 66-71 GHz, Studies were carried out for the ISS, MSS (Earth-to-space) indicating that sharing is feasible, with a need for separation distance in the order of few kilometers for the case of MSS (space-to-Earth). The need for studies addressing interference from IMT towards RNS is still under debate. Thus, final conclusions in the regulatory and technical conditions for this band cannot be drawn.

 For 71-76 GHz, studies were carried out for the FS, RLS and FSS (space-to-Earth) indicating that sharing with FS and FSS is feasible. However, additional limits of the IMT BS and UE unwanted emissions is needed to protect RLS in the adjacent frequency band 76-81 GHz.

 For 81-86 GHz, studies were carried out for the FS, FSS (Earth-to-space), RAS (in band and adjacent band), EESS (passive) and RLS. Studies are not needed for the SRS (passive), as this service is dealing with sensors around other planets and no interference issue is expected. Studies were also not carried out for the MSS. The results of those studies indicate that sharing with FS, FSS and RAS (in band and adjacent band) is feasible. Notice that additional limits of the IMT BS and UE unwanted emissions would be needed to ensure protection of EESS (passive) in the adjacent frequency band 76-81 GHz and RLS in the adjacent frequency band 86-82 GHz.

An interesting paper looking at Waveforms, Numerology, and Phase Noise Challenge for Mobile Communications Beyond 52.6 GHz is available here.


Related Posts:

Posted by Zahid Ghadialy at 13:31 Leave a comment...0 comments so far
Labels: , , , , ,

Saturday 4 April 2020

5G eXtended Reality (5G-XR) in 5G System (5GS)


We have been meaning to make a tutorial on augmented reality (AR), virtual reality (VR), mixed reality (MR) and extended reality (XR) for a while but we have only managed to do it. Embedded below is video and slides for the tutorial and also a playlist of different use cases on XR from around the world.

If you are not familiar with the 5G Service Based Architecture (SBA) and 5G Core (5GC), best to check this earlier tutorial before going further. A lot of comments are generally around Wi-Fi instead of 5G being used for indoors and we completely agree. 3GPP 5G architecture is designed to cater for any access in addition to 5G access. We have explained it here and here. This guest post also nicely explains Network Convergence of Mobile, Broadband and Wi-Fi.





XR use cases playlist



A lot of info on this topic is from Qualcomm, GSMA, 3GPP and 5G Americas whitepaper, all of them in the links in the slides.


Related Posts:
Posted by Zahid Ghadialy at 10:09 Leave a comment...0 comments so far
Labels: , , , , , , , , ,

Wednesday 1 April 2020

A Look into 5G Virtual/Open RAN - Part 2

In the first blog post of this series the different virtual RAN functions, interfaces and protocols have been discussed. Now it is time to have a look at a set of procedures that are required for the establishment of an UE connection in virtual 5G RAN.

The Big Picture

In 5G standalone RAN the crucial elements for user plane payload transport of an UE connection are  GTP/IP transport tunnels and a dedicated radio bearer on the radio interface.

When looking at the 5G RAN there are two of such tunnels: one on NG-U (aka N3) that is controlled by NGAP, and one on F1-U that is controlled by F1AP - see figure 1.

On behalf  of these two tunnels payload data can be transported between the 5G core network User Plane Function (UPF) to the gNB Distributed Unit (gNB-DU) and vice versa. For the transport over the 5G RAN fronthaul (realized e.g. as eCPRI) and across the radio interface a dedicated radio bearer (DRB) for the user plane transport must be configured by the gNB Central Unit for the Control Plane (gNB-CU CP).

As in LTE it is the RRC protocol that establishes this DRB. However, due to the virtualization the different protocol layers for the air interface are also distributed and the gNB-DU is in charge of all the lower layer PHY/RLC/MAC parameters (e.g the c-RNTI), while the gNB-CU CP assigns higher layer parameters of PDCP and RRC like the DRB-ID. Since only the gNB-CU CP can send downlink RRC messages to the UE the lower layer parameters from the DU first need to be sent in uplink direction to the gNB-CU CP.

Beside this parameter exchange the F1AP is also responsible for the tunnel management of the F1-U Tunnel.

The downlink tunnel endpoint information is provided by the gNB-DU using F1AP, but the uplink tunnel endpoint terminates at the gNB-CU UP and thus, its endpoint parameters are received by the gNB-CU CP when it exchanges information with the gNB-CU UP on behalf of the E1AP protocol.

Figure 1: Network Functions, Protocols and Parameters involved in Setup of User Plane Data Transmission Resources
(click on the image to see full size)
A similar situation we see for the NG-U tunnel that is controlled by NGAP, the protocol for communication between gNB-CU CP and the Access and Mobility Management Function (AMF) in the 5G core. Neither the gNB-CU CP nor hte AMF have direct access to the NG-U tunnel endpoints. Hence, E1AP is used again to transmit the downlink tunnel parameters to the gNB-CU CP while the uplink tunnel endpoint parameters must be sent by the UPF to the Session Management Function (SMF) using the Packet Forwarding Control Protocol (PFCP) and later by the SMF to the AMF over the service-based interface where the tunnel endpoint parameters are embedded in a JavaScript Object Notation (JSON) container.

By the way, JSON is a quite generic format for exchanging and storing different kind of data. Between the AMF and the SMF JSON is used to transport Non-Access Stratum Session Management messages (defined in 3GPP 24.501).

The Ladder Diagram

Having the Big Picture in mind it is now easier to look at the ladder diagram with the individual RAN messages for UE connection setup - shown in Figure 2.

It looks complicated, because the F1AP messages carry RRC plus NAS messages in uplink and downlink direction, but when understanding the underlying logic it is easy.

Figure 2: 5G VRAN Successful UE Connection Setup
(click on the image to see full size)

The very first step (in the figure: step 0) is the random access procedure executed on the MAC layer involving the UE and the gNB-DU.

After successful random access the UE sends the NR RRC Setup Request message. This is the Initial UL RRC Message transported by the F1AP from the gNB-DU to the gNB-CU CP. Actually the F1AP carries PDCP transport blocks and inside the PDCP the NR RRC messages are found, but to keep it simple I do not show the PDCP header in the ladder diagram.

Beside RRC Setup Request there are also some other initial NR RRC messages and RRC response messages possible (see step 1 and 2).

More RRC messages are transported over F1AP until the RRC Connection establishment is complete.

The NR RRC Setup Complete message also transports the initial NAS message and the reception of this message by the gNB-CU CP triggers the setup of a F1AP UE context. The concept of UE context management in F1AP is the same as in NGAP or - when looking back into the E-UTRAN - in S1AP.

The GTP/IP transport tunnel on F1-U is established during F1AP UE Context Setup assisted by E1AP Bearer Context Setup procedure that provides the necessary tunnel endpoint parameters.

In the same manner the NG-U tunnel is established by the NGAP Initial UE Context Setup procedure.

Additional NAS messages (especially for session management) and NR RRC Reconfiguration are exchanged to establish the end-to-end UE connection through the core network. And that's it.

Related Posts:

Posted by Ralf Kreher at 08:14 Leave a comment...2 comments so far
Labels: , , , ,
Subscribe to: Posts (Atom)