Tuesday, June 17, 2014

LTE Initial Attach

LTE Initial Attach

To begin, below mentioned is a basic call flow of the UE connecting to the LTE network. The call flow will help you to get the basic understanding of the initial attach procedure of the UE, authentication and default bearer creation which ultimately helps in the DL/UL data transfer.



USIM

UE

eNB

MME

SGW

PGW

HSS






















UICC













E-UTRAN Uu













S1













S11













S5/S8



















S6a






UE powers on.








































Synchronisation and cell selection procedures initiated. MM/RR/PLMN data taken from USIM application.



























To start attach procedure, EMM request RRC Connection.
Initial attach 23.401:5.3.2.1
RRC initiation 36.331:5.3.3.2














RRC Connection Request (Cause, Identity - S-TMSI or random).












eNB invokes RRM and RRC procedures.








































RRC Connection Setup (Radio configs - RLC/PDCP/MAC/PHY related to SRB1)
RRC initiation 36.331:5.3.3.2


























RRC Connection Setup Complete
(PLMN identity, NAS PDU) NAS PDU contain EMM Attach Request (old GUTI or IMSI, ESM PDN Connectivity Request).
RRC initiation 36.331:5.3.3.2
EMM Attach 24.301:5.5.1.2
ESM PDN Connectivity 24.301:6.5.1.2
GUTI 23.003:2.8














S1AP - Initial UE Message
(UE S1AP ID, NAS PDU, RRC cause)
36.413 Initial UE:8.6.2.1













MME may trigger authentication, security & ciphering procedures.
23.401 Overall:5.3.2.1
























Diameter - Authentication Info Request
(IMSI, PLMN ID)
S6a interface/Diameter authentication 29.272:5.2.3

























Diameter - Authentication Info Answer
(Auth Info - RAND, AUTN, SRES, KASME)






S1AP - DL NAS Transport
(NAS PDU - EMM Authentication Request {RAND, AUTN} )
36.413 Initial UE:8.6.2.2
UE-EPC authentication 33.401:6.1
EMM authentication 24.301:5.4.2










RRC DL Information Transfer
(NAS EMM PDU)
RRC DL Info:5.6.1











UICC - Authenticate












UE would execute AUTHENTICATE command in USIM application to get SRES and CK (Cihpering Key).
USIM Authenticate 31.102:5.2.1














RRC UL Information Transfer
(NAS PDU - EMM Authentication Response {SRES} )
RRC UL Info:5.6.2














S1AP - UL NAS Transport
(NAS EMM PDU)
36.413 Initial UE:8.6.2.3













MME compares SRES (received from UE and HSS).
33.102 Authentication:6.3
MME triggers NAS security procedure. NAS encryption and integriry keys (KNASenc and KNASint respectively) will be derived from KASME received from HSS.
33.401 Security keys:6.2




















UE NAS would start ciphering and integrity protection (starting from next Security Mode Complete messsage). UE would derive KASME from CK received from USIM (as part of Authenticate command. UE would then derive NAS encryption and integriry keys (i.e. KNASenc and KNASint respectively).



EMM - Security Mode Command over RRC/S1AP transport
(UE Security capabilities, Ciphering algorithm, Integrity algorithm)
33.401 NAS security:7.2.4.4
24.301 EMM Security:5.4.3.2






















EMM - Security Mode Complete over RRC/S1AP transport











Diameter - Update Location Request
(IMSI, Visited PLMN ID, RAT type)
S6a interface/Diameter authentication 29.272:5.2.1.1




















MME does the SGW (and PGW ?) selection.
23.401 SGW selection:4.3.8.2




Diameter - Update Location Answer
(Subscription data)









GTP-C - Create Session Request
(IMSI, APN, PGW S5/S8 address/F-TEID, PDN type, EPS Bearer ID, Default EPS QoS, Aggregate Maximum Bit Rate, PDN address (fixed?), PCO)
29.274 Create Session:7.2.1














GTP-C - Create Session Request
(IMSI, APN, SGW User plane TEID, PDN type, EPS Bearer ID, Default EPS QoS, Aggregate Maximum Bit Rate, PDN address (fixed?), PCO)
29.274 Create Session:7.2.1













PGW uses QoS policy (local or received from PCRF) to come out with a list of bearers (default + optional dedicated beares).


























GTP-C - Create Session Response
(PDN address, Aggregate Maximum Bit Rate, PCO, Default/Dedicated bearer contexts {EPS bearer ID, PGW User plane TEID, QoS} )
29.274 Create Session:7.2.2

























User DL data (if any) thru GTP tunnel (over S5/S8 interface).









MME has now everything in place to instruct eNB to start Initial Context Setup procedures. S1 UE context {S1AP ID, Bearer ID, TEIDs} would be created. KeNB is derived from KASME.
33.401 Security keys:6.2

GTP-C - Create Session Response
(PDN address, Aggregate Maximum Bit Rate, PCO, Default/Dedicated bearer contexts, SGW User plane TEID)
29.274 Create Session:7.2.2






















RRM procedures would "admit" EPS bearer, create S1 UE context {S1AP ID, Bearer ID, TEIDs}, inform GTP-U about Bearer ID-Tunnel ID mapping and initiate further RRC procedures. First procedure would be AS Security procedure to start Ciphering and Integrity protection. eNB would derive User data encryption and RRC encryption & integrity keys from KeNB. These keys resepectively are KUPenc, KRRCint, and KRRCenc.
33.401 Security keys:6.2
Along with Security, RRC Reconfig procedure can be started.

S1AP - Initial Context Setup Request
(UE S1AP ID, Aggregate Maximum Bit Rate, default/dedicated bearer {E-RAB IDs, QoS, SGW GTP TEID, NAS PDU, EPC Transport address}, UE Security Capabilities, Security key KeNB)
36.413 Initial Context Setup:8.3.1
Transport address is EPC IP address to which user (UL) IP packets are to be forwarded.
36.414 Transport address:5.3
NAS PDU contain EMM Attach Accept (GUTI, ESM message). ESM message would be Activate Default EPS Bearer Context Request (EPS bearer ID, QoS no ARP, PDN Address, APN)
24.301 EMM Attach Accept:5.5.1.2.4
24.301 ESM Default Bearer request:6.4.1.2
























RRC AS Security Mode Command
(Ciphering algorithm, Integrity algorithm)
33.401 AS Security:7.2.4.5
36.331 RRC Security:5.3.4
























Similar to eNB, UE derives KUPenc, KRRCint, and KRRCenc from KeNB to start Ciphering and Integrity protection. This would be acknowledged to network.

RRC Connection Reconfiguraion
[EPS bearer ID, DRB ID, Radio configs - RLC/PDCP/MAC/PHY, NAS pdu]
RRC 36.331:5.3.5


























RRC Security Mode Complete
RRC 36.331:5.3.4.1 RRC/L2/PHY would be configured for SRB2 and DRB. RRC would acknowledge this is to eNB and pass on NAS PDU to EMM.


























RRC Connection Reconfiguration Complete
RRC 36.331:5.3.5










UE NAS would construct EMM Attach Complete message which would contain ESM reply as well.



S1AP - Initial Conext Setup Response
(UE S1AP IDs, E-RABs setup {E-RAB ID, eNB GTP-U TEID, eNB Transport address})
36.413 Initial Conext Setup:8.3.1.2






















EMM - Attach Complete over RRC/S1AP transport
(ESM PDU)
ESM PDU would contain ESM Activate default EPS bearer Context Accept message (PCO).
24.301 EMM Attach:5.5.1.2.4
24.301 ESM Default bearer activation:6.4.1.3

MME would trigger GTP-C procedure towards SGW to inform eNB related details to SGW.














GTP-C - Modify Bearer Request
(EPS bearer IDs, eNB F-TEID)
29.274 Modify Bearer Request:7.2.7













For handover scenarios, SGW will have to trigger GTP modify bearer procedure towards PGW over S8 interface.

























GTP-C - Modify Bearer Response
29.274 Modify Bearer Response:7.2.8









User UL data through DRB












User UL data through GTP tunnel (S11 interface)













User UL data through GTP tunnel (S5/S8 interface)










User DL data (if any buffered earlier) through GTP tunnel (S11 interface)









User DL data through DRB











This complete LTE initial attach procedure. UE is attached, default bearer active. RRC-Connected, EMM-Registered, ECM-Connected state.






No comments:

Post a Comment