Brkagg 2002

3G UMTS Femtocell Architecture and Design
BRKAGG-2002
Presentation_ID
2009 Cisco Systems, Inc. All rights reserved.
Cisco Public
Agenda
Introduction to Femtocell Market Drivers Femtocell Architecture Key Femto Features Femto Call Flows Standards Update Cisco Solution Components Femto Integration Summary S
BRKAGG-2002_c1 2009 Cisco Systems, Inc. All rights reserved. Cisco Public
Introduction to Femtocell
BRKAGG-2002_c1
Cisco Public
What Is a Femtocell?
In-Home
Femtocell Picocell Microcell Macrocell
Focus of this topic is Femtocell

In-house coverage
Compare and contrast with Macrocell, Microcell or Picocell

Femto provides in fill for Macro, Micro and Pico
What Is a Femtocell?
Contrast With Macro
Tiny 3G Home Access Point
Gives 3G signal inside the home
Licensed Spectrum
Node-B
Operator Management & Services RNC

Wireless Core (MSC, SGSN)
Very low RF power. Standalone or integrated into home gateway. Works with all standard handsets.
Cellular Network Standard 3G Handset
Connects to the Core Network via the Internet

Uses home broadband connection for backhaul (contrast: Dedicated ) backhaul) Requires Wireless Security Gateway for protection
Licensed Spectrum
Security Gateway
Femto Home Node-B Gateway
Internet
Femto Home Node-B (<5mW)
Broadband Residential GW Connection (4 calls in 200kbps)
Standard Connectivity to Core

Connectivity from Femto network to Core similar to Macro network
Femto Cellular Network

Market Drivers
BRKAGG-2002_c1
Cisco Public
Wireless Is Coming Home

Changing Consumer Behavior
2009: Notebook sales will surpass desktop PC sales (Lehman Brothers) 2011: 20% of devices connecting to cellular networks will not be phones or laptops (Yankee Group) 30% of mobile usage occurs at home (Yankee) 85% of iPhone owners use the internet; Smartphone users spend more than 4.6 hrs/month browsing mobile web (M:Metrics) 33% of 18-24 year old Americans post photos to website via mobile phones (M:Metrics) Social networking sitesfastest growing among web browsing
Non-traditional devices will gain widespread popularity
New mobile usage trends growing
Anytime/ Anywhere S i Service Expected
New generation will influence new purchases and drive network traffic
BRKAGG-2002_c1
Cisco Public
Mobile Operator Opportunities With Femto

Reducing Operational Costs
Backhaul of cell tower traffic accounts for 20% of mobile operator OpEx Site acquisition, leasing costs, power costs p Capacity demand is expected to be 4x to 10x as migration to 3G and 4G proceeds
Increasing Revenue/Reducing Churn

High quality WiFi/3G/4G signal in the home Enables new bundled service offerings (triple/ quad play) New Home Zone tariffs (two-edged (two edged sword)
Improving In-Home Coverage

Significant percentage of mobile voice originates in the home P Poor coverage leads l d t to unhappy h customers churn Delivery of high speed data in the home is challenging with macrocell network
BRKAGG-2002_c1
Cisco Public
Mobile Operator Opportunities With Femto

Femtozone Services Leveraging Location Awareness and Local IP Breakout Capabilities
Virtual home number Presence alerts in entering and exiting the home Photo and video upload to web Instant Podcast reload Seamless mobility y between home and macro network
Connected Home Services

All data flows within the home network Media Sharing using UPnP over 3G Synchronize music and video Automatically backup content Media Shifting
Mobile Operator: Femto Market Insertion Insertion*

Connected Home
Subscr riber Traffic c & Revenue Growth Device convergence, home gateway Improved applications; QoS, presence, immersion gaming More trust in SP
Connected Enterprise / UC Standalone Femto

Improve indoor coverage Mostly voice, some data Price and business case being worked on Managed voice and data Always secure Triple play for businesses
Early Adopters
2008
Cross Chasm
Mass Market
2012
Service Adoption Timeline
*Based on Operators feedback and present industry direction

10
Femtocell Architecture
BRKAGG-2002_c1
Cisco Public
11
Femtocell Reference Architecture

Femto Management System
HNB-MS FGW-MS
Fm/ TR-069 TR 069
Fg/ tbd
HPLMN Core Network

Fr/ tbd Fb-cs/ Iu-cs
CS core Subscriber Databases
Femto GW
Radio/ Uu
Mobile device
Fa/ Iuh
Femto Access Point
FL
Home GW
Fixed Broadband Interconnect
Fb-ps/ Iu-ps
PS core
SeGW
Fb-ims/ tbd
IMS core
HPLMN RAN
BRKAGG-2002_c1
Cisco Public
12
Cisco Femtocell End End-to-End to End Architecture

9 Fully redundant and scalable architecture 9 TR-069 standard compliance 9 Deployed D l di in more than h 150 SP customers worldwide supporting millions of CPEs 9 Northbound interface/API for OSS&BSS integration 9 Auto discovery of the network to provide full visibility of network changes (Cisco NCM) 9 Alarm Monitoring, reporting (Cisco CIC) 9 SLA, statistics monitoring (HP PI/others)
9 Low (5mW) output power (NWL) ) for auto 9 Network Listen ( configuration, interference management and location verification 9 Four simultaneous users 9 Up to 3.6Mbps HSDPA 9 Emergency call support
Fm
Fm
9 Provides secure DMZ for access controllers and management system 9 Provides single point of termination for signaling/ management security
9 Fully y redundant ATCA-based architecture (IP.Access) 9 Closed access control (initial rel) 9 Hand-in/Hand-out support g 20k HNB p per HNB 9 Scaling: Gw (initial rel)
Iuh Uu
BRKAGG-2002_c1
Cisco Public
13
Simplified Protocol Stack

Optimize Bandwidth control user plane plane
IPSec IPSec
Bearer Plane De- AAL2 Encap Jitter GTP Encap p Iu-cs Iu-ps
RRC PDCP RLC MAC PHY
PDCP RRC R RANAP RLC MAC PHY Paging Control Access Control SRNC relocation to CN
Uu UE
BRKAGG-2002_c1
Control Plane Femto Cell Femto Gateway

14
Cisco Public
Cisco Solution Protocol Stack

lu+ Control Plane
Iu Iu+ Uu Routing/Distribution RANAP SCCP MTP3-b SSCF-NNI
SSCOP AAL5 ATM Sonet/SDH
Relay URSL SigIP SSL IPSEC TCP

IP Ethernet
RANAP SCCP MTP3-b SSCF-NNI

SSCOP AAL5 ATM Sonet/SDH
URSL SigIP SSL IPSEC TCP

IP Ethernet
RRC RLC MAC-d Phy
RRC RLC MAC-d Phy
MSC
3G AC
3G AP
UE
3GAP and 3GAC use IP based stack (instead of legacy stack)

Encapsulate within IPSEC
Functionality moved from RNC to Home Node-B Regular RANAP stack towards MSC persistent URSL connection AP and AC have a p URSL is an enhanced RANAP including HNB management procedures
*Pre-version of Iuh Protocol stack
15

CS Bearer Plane
Keepalives IPSEC
Keepalives IPSEC

Encapsulate within IPSEC
Regular g Iu-CS stack towards MSC Keepalives layer is similar to session layer ensuring the IPSEC remains up all the time
16

PS Bearer Plane
Keepalives
Keepalives
IPSEC
IPSEC

Encapsulate p within IPSEC
Regular Iu-PS stack towards SGSN Standards seem to incline towards GTP-U encapsulation to start at AP
17
Key Femto Features
BRKAGG-2002_c1
Cisco Public
18
Consumer Services
Most macro services are offered through Femto
Voice Services D t Services Data S i Emergency Calls Messaging SMS,MMS SMS MMS Multi-RAB
Additional Consumer Homezone/ Connected Home services
BRKAGG-2002_c1
Cisco Public
19
Femtocell Specific Features

Location Awareness
Controlling where the Femto is operating
Security and Access Control

Controlling the allowed users on femto (CSG) and securing all traffic
Interference Management (to macro and between femto)

Making sure the Femto does not impact the macro layer
Impact on the broadband network (for backhaul)

Guaranteed Delay and Jitter; End-to-End Security; Synchronization
Handover Support (hand-in/hand-out)

Macro to/from Femto and Femto to Femto
Zero-touch Provisioning
Safely installing an operator owned Node B in the user environment
Emergency call support

Meet the regulatory requirements
Local Breakout of IP traffic

Enabling new services and further offloading the core network
20
Info: 3GPP Mobility Identifiers

Public Land Mobile Network (PLMN) is the mobile network that use land based radio and is uniquely q y identified by y its PLMN identifier that consists of Mobile Country Code (MCC) and Mobile Network Code (MNC). MCC identifies uniquely the country of domicile of the mobile subscriber. MNC identifies the home PLMN of the mobile subscriber. L Location ti Area A Code C d (LAC) uniquely i l id identifies tifi a LA (L (Location ti Area) within a PLMN. A Location Area groups a number of discrete cells. Location Area Identity (LAI) is core network domain identifier for Circuit Switching (CS) and is PLMN concatenated with LAC. Routing Area Code (RAC) identifies a routing area within a location area. The Routing Area Identity (RAI) is the core network domain identifier for Packet Switching (PS) and is LAI concatenated with RAC. Service Area Code (SAC) or Cell identifier (C-Id) is used to uniquely identify a cell within a Radio Network System (RNS) network. The Service Area Identifier (SAI) generally used in 3G (equivalent of the Cell Global Identification (CGI) used in 2G GSM networks) is the concatenation of the LAI and C-Id. Scrambling Codes are used for cell separation in the downlink and user separation in the uplink. Each cell is allocated one primary scrambling code. In order to reduce the cell search time, the primary scrambling codes are divided into 512 sets.
21
Network Listen
Network listen is a scan of radio environment by HNB which detects neighbor cells cells, their frequencies and transmit power levels levels. Network listen procedure allows the HNB to monitor surrounding 2G and 3G macrocell and femtocell layer. Results esu ts a are e used to se select ect a and d adjust t the e access related e ated pa parameters a ete s (frequency, power, scrambling code, neighbour list).
Invoke Frequency (re-)synchronization Measure noise power DL and UL Measure code powers Decode neighbor cell info
(re-)set internal oscillator model
Set transmitter maximum power
S l Select DL scrambling bli code d Update/ report hand-out neighbor g list; ; Select LAC & RAC Report nearby MCCs
22
Network Listen
Network Listen feature on the Home Node-B uses both 3G and 2G downlink receivers and signal processing chains for:
Fast synchronize the internal Home Node-B clock with any nearby macro cell frequency. Validate the Mobile Country Code (MCC) used by nearby cells to help in verification of the territory of operation. Check Interference levels on uplink & downlink for each operational permitted frequency. Decode the System y Information of nearby y Home Node-Bs as the basis for selecting LAC. Detect the scrambling codes used by nearby Home Node-Bs to help choose an optimal scrambling code for the location. Decode the System Information of nearby macro cells as the b i f basis for constructing t ti neighbor i hb li lists t i in th the H Home N Node-B. d B Estimate the noise power in the band, to set the Home Node-B transmit power.
Network Listen feature is a mode of the device i.e. when in NWL mode, Home Node-B is not providing service. Intelligent scheduling algorithms used to minimize service interruption.
23
GPS
GPS chipset within HNB is authority for l location ti verification. ifi ti Since the GPS test can potentially take minutes to complete, NWL is preferred first. GPS results are passed back from HNB to Provisioning Pro isioning S System stem for comparison against Expected Lat/Long based on a tolerance value set. Restrictions: direct line of sight requirements to the sky.
BRKAGG-2002_c1
Cisco Public
24
Location Verification
HNB must pass Location Verification before it can be activated activated. Location Verification is the process of confirming the HNB (and radio) location is within a specified tolerance of its expected location. There are 2 primary steps in Location Verification:
Network Listen GPS
Location Verification is performed on boot/provisioning and also periodically (once per day) policies. E E.g. g Operators may define to set policies
Location Verification must pass before the HNB can be activated by the Provisioning system.
25
Frequency Synchronization
Frequency synchronization of Home Node-B is required forsuccessful for successful handover processing and minimizing dropped sessions during handover, minimizing spectrum channel overlap to reduce channel co-interference, improve frame synchronization optimizing handover g delay y and user signal g j jitter. times, user signal 3GPP has relaxed the frequency accuracy for Femto to 250ppb. This would reduce synchronization related traffic. Cisco Home Node-B uses the following order to meet the pre-relaxed tolerance limit of 100ppb:
Network Listen for fast-lock frequency synchronization to macro network GPS lock and frequency synchronization (in the future releases) NTP for slow maintenance of frequency synchronization 24-hour holdover period of internal on-board oscillator for the stability.
In some cases depending on operators requirements, one of the above can be missed. missed Many operators may choose to not implement GPS lock feature which could be difficult inside a closed building.
26
Info: UE States
When a UE is switched on, a PLMN is selected and the UE searches for a suitable cell of this PLMN, chooses that cell to provide available services, and tunes to its control channel. This choosing is known as camping on the cell. The Th UE will ill th then register i t it its presence b by means of Location Registration Update procedure. The UE then repeatedly searches for a better cell in terms of path loss to a cell site. If the UE is roaming away from its home network, the UE shall search for higher priority PLMNs at regular time intervals. If the UE finds a more suitable cell, it reselects onto that cell and camps on it. The UE in idle mode will perform camping, cell selection and reselection and Location Registration procedures. When the UE requires req ires to access ser services ices of the UMTS network, it establishes a RRC connection with the serving RNC and is in connected mode.
27
Femto Access Control

Most operators feel the need for femtocells to primarily p y in Closed Access Mode whereby y access is deploy restricted to a defined set of users identified by their IMSI Aligns with 3GPP Closed Subscriber Group (CSG) feature principles Access control is invoked upon user registration events (IMSI attach, Location Update, Session Establish) at Home Node-B and hand-in scenario at Femto Gateway All procedures used to accept/reject users are 3GPP standard compliant. Two rejection methods are being used:
LU Reject, resulting in whole LAC being barred for the duration of a power cycle (up to 12-24hrs). Conserves battery life. Authentication failure, resulting in cell-only being barred for ~20mins. Home Node-B sends wrong info to UE during mutual authentication authentication. If UE has access to other femto that belong to the same LAC, authentication failure method is used. Femto Gateway can choose the appropriate method.
If not accepted by the Femto, a UE may still camp on the cell (in the absence of surrounding macro coverage) and then be able to establish emergency calls. LU Reject is used in such scenario.
28
Interference Management
Minimize Interference: Femto-to-Macro (non-femto user femto user, user, user reselect) reselect), Femto-to-Femto Femto to Femto, UE performance Factors affecting interference:
Open or Closed Access Unauthorized femto user should be able bl to access M Macro i in close l f femto vicinity i i i Dedicated channel or Co-channel same or distinct carriers Power control (adaptive or fixed)
Radio assumptions for WCDMA Femto

Single carrier for Femto network Defined set of scrambling codes used for location updates and handovers
For an effective femtocell deployment, deployment interference management shall be done automatically. Factors for Home Node-B transmit power:
Power is too high: g there is effectively y a macro dead zone around the Home Node-B. Power is too low: femto coverage will be poor and femto UEs may not reselect the femtocell itself.
29
Interference Management
Both 3GPP RAN WG4 and Femto Forum, recognizing questions which needs to be that one of the serious q answered is the RF interference of Femto with the Macro, have embarked on studies for RF Interference. Summary from these studies is that femto and macro p with the networks can co-exist and cooperate incorporation of proper power management techniques that are already becoming available in the industry. Following is a quick list of those features:
Adaptive Attenuation or Automatic Gain Control (dynamic receiver gain management in the femto) ensures that femtocell can offer good service to both near and far UEs without unnecessarily increasing the UE transmit power, therefore keeping the noise rise contribution to a minimum. Power capping of the UE when operating in the femto environment ensures that even in difficult radio conditions, the UE hands-off to the macro network before its transmit power increases to the point where macro noise rise is a problem. Downlink Power Management femtocell to dynamically adjust its transmit power by measuring its environment or for required cell coverage area. I Increased dR Receiver i D Dynamic i R Range to accommodate d f femto operation reliably even in the presence of nearby non-allowed high power UE. This has already been incorporated into the latest 3GPP Release-8 25.104 specification.
30
Info: Measurements
UTRAN may control a measurement in the UE either by broadcast of SYSTEM INFORMATION and/or by transmitting a MEASUREMENT CONTROL message. Common Pilot Channel (CPICH) is used to enable channel estimation. CPICH uses a pre defined bit sequence at a fixed rate and allows the UE to estimate power measurements. The different types of measurements are:
Intra-frequency measurements - measurements on downlink physical channels at the same frequency f as the th active ti set t Inter-frequency measurements - measurements on downlink physical channels at frequencies that differ from the frequency of the active set and on downlink physical channels in the active set Inter-RAT measurements - measurements on downlink physical channels belonging to another radio access technology than UTRAN, e.g. GSM T ffi volume Traffic l measurements t - measurements t on uplink li k t traffic ffi volume l Quality measurements - measurements of downlink quality parameters, e.g. downlink transport block error rate UE-internal measurements - measurements of UE transmission power and UE received signal level UE positioning measurements - measurements of UE position.
Since the WCDMA system requires continuous transmission and reception, the UE measurements on different frequencies or different systems, e.g., GSM, requires UTRAN to command that the UE enters in compressed mode. When the UE is in compressed p mode, , the transmission and reception p are stopped pp for a short duration to take the measurements. To ensure the data is not lost, the data is compressed in the frame making an empty space where measurements are performed.
31
Info: Handover
The simplest definition of handover is the transfer of a ( users connection from one radio channel to another (can be same or different cell). It is important to note that the handover procedure comes into effect when the RRC connection is established i.e. a call is in progress. Following is a list of different scenarios for handoff that are manifested: if t d
Intra Node-B intra-cell (softer), inter-cell (soft) Inter Node-B intra-RNS, inter-RNS with Iur interface (soft or hard handover), inter-RNS (hard handover) Inter Core Network when the two radio are part of two different core net ork network Inter-URAN (handover from UMTS to GSM BSS, GERAN or other RAN network) intra core network or inter core network During a soft (or softer) handover, the UE is connected to at least one radio cell at every instance. This requires an optimal combining of physical p y layer y data collected from UE through g two ( (or one) ) node-Bs, , and the transmission of the same physical layer data through two (or one) node-Bs to the UE. In case of soft handover, if the two node-Bs are in different RNC, such recombining requires a real-time interface (Iur) between the serving and target RNCs. Hard handover occurs when there is no common radio link between the source and target networks or where the architecture does not support soft handover, e.g., GSM, HSDPA or WCDMA in the cell-FACH state. In hard handover the radio connection gets broken between the UE and source network before a new radio connection is established with the target network.
32
Femto Mobility Support

Both Hand-out (Femto to Macro) and Hand-in (Macro to Femto) of active sessions are supported supported. Hand-out Hand out more vital for operators. All handover are hard handover (no soft/softer handover) and leverages existing 3GPP procedures
All HO are followed by a SRNS relocation (no Iur from HNB GW to a macrocell RNC)
For Hand-out, neighbor macro cells list (2G or 3G) is created after Network Listen (NWL). Same list used for cell ll reselect. l t For Hand-in, a dummy Femto id which is common for all Femto under the same HNB Gw and LAC/RAC is g in the macro network configured
Hand-in request are directed to the HNB Gw which performs access control and IMSI-based filtering to find the targeted Femto in the LAC Note that a high number of Femtos will likely be associated to a single LAC and that a user may be associated to multiple Femtos. Femto gateway requests all matching candidate APs to send out a beacon signal on the downlink sync channel to which the UE responds with an uplink sync on the correct hand-in candidate AP.
33
Femto Mobility Support

Hard Handover has the following impact:
Iu-CS Iu CS (voice) hard handover is seamless in that is accompanied by a simultaneous Serving Radio Network Subsystem (SRNS) relocation procedure. The switchover of media streams on the Iu interface is simultaneous with the switchover of radio links on Uu. Iu-PS (data) hard handover may be either lossless or lossy. Lossy handover makes no attempt to ensure that the data flow is continuous. Data that is waiting to be sent on the old cell context is simply lost. The system relies on higher layer retry mechanisms (such as exist in TCP) to maintain continuity of data at the application level. Lossless handover requires that the whole of the PDP context including the pending data is transferred to the new cell at the point of handover. In this way, an unreliable transport (such as RTP or UDP) can maintain data continuity over handover handover. Cisco solution supports lossless Iu-PS handover at this time.
Since the hard handover is supported, the handover between Femto and 3G macro or 2G macro will ill b be similar i il except t th the RAN network t k will ill be either UTRAN for 3G or BSS or GERAN for 2G.
34
QoS and Backhaul Requirements

Backhaul used for femto owned by the Femtocell SP or 3rd party ISP Backhaul requirements
Backhaul shared between Femto traffic and other home network traffic Potential for a solution to p prioritise Femto traffic in the home Signalling and bearer traffic overhead shall be optimised Compressed/multiplexing
QoS requirements:
Delay: RTT < 300 ms to preserve voice quality. Max 100ms one-way recommended. Jitter: 30ms rolling average for CS; buffering capable of holding 100msec of data at the RAB rate for PS PS. Packet Loss: Connection can operate reliably at up to 1% packet loss. For CS (i.e. AMR), speech quality can be preserved with up to 3% packet loss
IP addressing dd i requirement i t
Public/Private IP address support at the HNB. NAT traversal required.
35
Femto End End-to-End to End Security

HNB related security
Mutual authentication with network based on X.509 certificates Private Key Protection and Certification Revocation list T Tamper resistance i t HNB Secure tunnel for data/control and management traffic
Core Network Net ork protection (Traffic Encr Encryption) ption)

Signaling and Bearer Plane IPsec per 3GPP with SeGW Management traffic TR-069 over SSL Statistics/Alarms file upload with HTTPS
Additional network security capabilities

ACLs, Firewalling, Intrusion Detection
36
Femto Secure Connectivity

Femto Access Controller
Iu to CN Voice over RTP Data over GTP IPSec Tunnel (est. (est based on IKEv2)
Voice (RTP) Data (GTP) Si Signalling lli (RANAP+) (RANAP )
OAM via SOIP / HTTP HTTP Connection Requests
ISP
SSL
Cisco HNB
Home Gateway Cisco 7609 with SSL termination (ACE) and Firewall (FWSM) IPSec termination (SAMI) Cisco BAC (DPE) Statistics Server (OAM)
Home Premises
SP Regional/Central PoP
37
Femto Zero-Touch Zero Touch Provisioning

True zero-touch provisioning for Femto to scale Standards-based St d d b d solution l ti
Based on an extended TR-069 interface Actively contribute to O&M standards (FemtoForum & 3GPP)
Plug-n-Play installation
Automatic discovery of the provisioning system Activation procedure requiring strong integration work prior to deployment No macro network reconfiguration at new HNB activation
Specific Workflows defined for Femtocell allowing for:

Location verification Use of information gathered through Network Listen Software download and auto-configuration Femto user IMSI-based ACL management
Future F t proof f solution l ti reusable bl f for:

Connected Home (Broadband Gateways, Set-Top-Boxes) Macro network (LTE)
38
Femto Management Specifics

Active and Passive HNB monitoring HNB can be configured to send specific alarms directly to the NMS layer for immediate resolution HNB G Gw and d HNB statistics t ti ti and d alarms l are collected into a file which is sent (typically daily) via HTTPS to the NMS layer (Statistics Server)
Format is aligned with 3GPP Performance Management Specification (3G TS 32.401, 32.432, 32.435) Data reflects measures taken over a defined period of time (fully configurable)
HNB can b be remotely t l controlled t ll d b based d on TR-069

Remote activation/shutdown Software/firmware upgrade
BRKAGG-2002_c1
Cisco Public
39
Emergency Call
Location of the UE making an emergency call ll can b be id identified tifi d using i th the SAI of f th the cell where the call was made. The coverage of the femtocell is within ~150ft. Access Control is not applied for emergency calls, following could be the two cases:
An emergency call for a UE that has camped on to the Home Node-B for emergency calls only in the absence of macro coverage of the APs Home PLMN. (Such a UE will have been LUrejected by Access Control when it attempted to register.) An emergency call A ll f for a SIM SIM-less l UE UE. (N (Note t th that t such a UE will not have attempted to register previously but may have silently camped on.)
40
Local Breakout Support

Local Breakout means support of local IP connectivity from the UE attached to the HNB to the home environment
Access to local media server, printers, etc.
Key enabler for advanced Femto services

Examples are local media streaming, filesharing, remote control etc.
Controllable by the service providers on a per user or traffic basis

e.g. download of dynamic ACL or application profile
Split tunneling of local-identified traffic is required at the AP thus creating potential security breach in the architecture Overall local breakout requires further study and will not be part of first 3GPP standardised H(e)NB architecture
41
Femto Call Flows
BRKAGG-2002_c1
Cisco Public
42
HNB Register/Activate
HNB
IPSEC
IPSEC
IPSEC
Re-Direct Baseline Configs SW Download Location Verification
Connection Request
Note: within the above flow, if the location verification process failed to match within a specified tolerance, a ToleranceFailure message would be sent. At that point, the provisioning process would require intervention from Ops to determine whether to Activate the HNB.
43
Femto Call Flow Voice

Resembles closely with Macro Mobile T Terminated i t d includes Paging
BRKAGG-2002_c1
Cisco Public
44
Femto Call Flow Data

Resembles closely with Macro Mobile T Terminated i t d includes Paging
BRKAGG-2002_c1
Cisco Public
45
Access Control Registration Accepted

Femto :UE RRC_Connection_Request(UE_Id, Cause) URSL_Add_UE_Context_Request(UE_Id,Cau se, S-RNTI) URSL_UE_Context_Accept(RNC_UE_Id, SRNTI) RRC_Connection_Setup(UE_Id, Configuration) RRC_Connection_Setup_Complete(U E_Capabilities) 3G_AC :CN
RRC Connection Establishment
RRC_Initial_Direct_Transfer(Loc Upd Req)
RRC_Downlink_Direct_TRansfer( CN_Domain, MM-Identity Request (IMSI) RRC_Uplink_Direct_Transfer CN Domain MM-Identity CN_Domain, MM Identity Response)
Access Control
URSL_ Initial_Direct_Transfer (Loc Upd Req) SCCP_Connection_Request(RANAP_ Initial_UE_Message(LUREQ)) SCCP_Connection_Confirm() URSL_ UplinkDirect_Transfer (MM_null) RANAP_Direct_Transfer (MM-Null)
Identity Procedure (normal procedures)
Authentication & Ciphering (normal procedures)
URSL_ Downlink_Direct_Transfer (LUACC) RRC_Downlink_Direct_Transfer (LUACC)
RANAP_Downlink_Direct_Transfer (LUACC)
BRKAGG-2002_c1
Cisco Public
46
Registration Rejected: Authentication Failure

Femt o : UE RRC_Conn ection_ Re quest( UE _Id, Cause) URSL_Ad d_UE_Context_Req uest(UE_ Id,Cau se, S-RNTI) URSL_UE _Co nte xt_Accept(RNC_UE_ Id, S RNTI) RRC_Conn RRC Conn ection_ ection Setup(UE Setup(UE_ Id Id, Confi guration) RRC_Conne ction_S etu p_Complete(U E_Capabi liti es) 3 G_AC : CN
RRC_ Initial_Dire ct_Transfer(CM Service Re quest) RRC_Downlin k_Dire ct_Transfer( CN_ Domai n MM_Identity_Req uest (IMSI))
RRC_Upli nkl _Di rect_Transfer(CN_Do main MM-Identity main, MM Identity_Respon Respon se)
URS L_Home_LA L H LA C C_Req R ( IMSI)
RRC_Downlin k_Dire ct_Transfer( CN_Domai n, Use r_Auth_Req uest(RAND,AUTN)
URSL_Home_ LAC(IMS I, LA C)
RRC_Upli nkl _Di rect_Transfer(CN_Do main, User_A uth _Reject(S ync Failure))
Loop x3
URSL_Context_ Rel ease(AC_UE_Id,Re lease_ Cause)
BRKAGG-2002_c1
Cisco Public
47
Registration Rejected: Location Update Reject

Fem to : UE RRC_Conn ection_ Re quest( UE _Id, Cause) URSL_Ad d_UE_Context_Req uest(UE_ Id,Cau se, S-RNTI) URSL_UE _Co nte xt_Accept(RNC_UE_ Id, S RNTI) RRC Conn ection_ RRC_Conn ection Setup(UE Setup(UE_ Id Id, Confi guration) RRC_Conne ction_S etu p_Complete(U E_Capabi liti es) 3 G_AC : CN
RRC_ Initial_Dire ct_Transfer(CM Service Re quest)
RRC_Downlin k_Dire ct_Transfer( CN_ Domai n MM_Identity_Req uest (IMSI))
RRC_Upli nkl _Di rect_Transfer(CN_Do main, MM-Identity_Respon se)
URSL_Home_LA C_ Re q ( IMSI)
RRC_Downlin kl_ Dir ect_Transfer(CN_ Domain, MM-LU-Reject)
URSL_Ho me_ LAC(IMS I, L AC)
URSL_Context_ Rel ease(AC_UE_Id,Re lease_ Cause)
BRKAGG-2002_c1
Cisco Public
48
Voice Call Hand Hand-Out Out
BRKAGG-2002_c1
Cisco Public
49
Data Session Hand Hand-Out Out
BRKAGG-2002_c1
Cisco Public
50
Voice Call Hand Hand-In In
BRKAGG-2002_c1
Cisco Public
51
Provisioning
Forced
BRKAGG-2002_c1
Cisco Public
52
Standards Update
BRKAGG-2002_c1
Cisco Public
53
Main Organisations and Standards Bodies Involved in Femto Definition

Market representative organisation pushing femto as the de facto solution for mobile coverage in the home for all access technologies (WCDMA, CDMA, WiMAX architecture)
www.femtoforum.org
Organised in working groups covering service requirements (wg1), radio and interference management (wg2), network architecture (wg3) and legal issues (wg4)
Mobile Service Providers organisation defining deployment guidelines and interoperability procedures
www.gsmworld.com
Published guidelines on Femto security and broadband network reqs
3G/GSM standardisation Body

www.3gpp.org
Defining standards for 3G W-CDMA and SAE/LTE Femtocell services and architecture
DSL standardisation body

www.broadband-forum.org
Objective is to reuse TR-069 framework for zero-touch provisioning of Femtocell Access Point
Mobile Service Provider organisation looking at beyond 3G services and architecture

www.ngmn.org
BRKAGG-2002_c1 2009 Cisco Systems, Inc. All rights reserved.
Fully supporting FemtoForum work on Femtocell

Cisco Public
54
Femtoforum Activities
Defined Femtocell requirements (including end user, OAM, Security, integration, etc.) Focus on enabling femto industry:
Interference management (covering multiple scenarios) Business Requirements Homezone services, services taking advantage of presence presence capabilities of Femto Enterprise Femto
Feature focus:
Local breakout support Architecture evolution (IMS integration) Legal and regulatory requirements
55
3GPP Femto Standard Activities

3GPP currently working on H(e)NB concept
HNB (Home Node B) supports 3G WCDMA radio HeNB (Home enhanced Node B) supports upcoming LTE radio
UTRAN
3G HNB
Core Network (CN)

CS Domain
3G HNB GW
Iu-CS PS Domain Iu-PS BC Domain Iu-BC
3G HNB
Full standardization will likely span p two 3GPP releases: R8 and R9 3GPP R8 adopts RAN-based architecture Home Node B Technical Report on RAN aspects completed (3G TR 25.820)
Focus on Radio related aspects (interference, power control, etc.)
3G HNB
3G HNB GW
3G HNB
I h Interface Iuh I t f
Iu Interface
56
3GPP H(e)NB Release 8

Interfaces
Iuh I hi interface t f with: ith RANAP/SCTP for signalling control plane (possibly adding new capabilities) RTP with multiplexing for voice user plane GTP for data user plane
Closed/Open Access model

Definition of Closed Subscriber Group (CSG) Location Update/Reject p j p procedures
Handover scenarios
Macro to/from Femto, Femto to Femto
Encrypted traffic between AP and HNB

IPSec specified in 3GPP standards, IKEv2 for security parameters
Security impacts Addresses attack scenarios for H(e)NB (brute , eavesdropping, pp g, sw manipulation, p , etc.) ) force attack,
ftp://ftp.3gpp.org/tsg_sa/WG3_Security/TSGS3_52_Sophia/Docs/S3-080608.zip
Authentication options UICC or Certificates

57
3GPP H(e)NB Release 9

Alignment with other work items
Self Organising Network (SON) LTE/SAE integration (S1 to MME, no X2 interworking)
3GPP R9 for remaining aspects including

SIP/IMS integration Local Breakout MBMS support
BRKAGG-2002_c1
Cisco Public
58
3G Femto and UMA/Dual-Mode Comparison

Characteristic
Requires broadband backhaul Requires new handsets Requires new radio CPE at home Handset mobility Yes Yes No, though new CPE could optimize performance Phone can be used in any public hotspot, e.g. Starbucks
UMA/Dual Mode
Yes No Yes
Femtocell
Phone needs to be within femtocell range, and *might* be locked to a residence or location Yes Yes Yes Yes/Eventually Better Voice and Data
Licensed Radio Enables Quad Play New Family/Zone plans Integration into SIP/IMS Core Battery Life Bearer
No Yes Yes UMA Generally No Dual-Mode - Yes Not as good Primarily Voice
UMA/Dual Mode and Femtocell can be complementary FMC applications

59
Cisco Femtocell Components
BRKAGG-2002_c1
Cisco Public
60
Mobilizing the Connected Home
Public Internet
BRKAGG-2002_c1
Cisco Public
61
Voice and Data Integrated in Enterprise

Cisco UC Express + Security
Call Signaling g g
2G/3G MSC
2G Pico
SMB LAN Internet
A/ Iu-cs
3GPP: Remote User Agent
Enterprise User
3G Pico
EFR/AMR Voice GW
IPSec SSL Security Mobile Control Plane 3G AC 2G BSC
Media
Femto/Residential
Connected Home premise based integration
Super p Femto/Enterprise p
Managed Service/Unified Communications premise based integration
62
Cisco HNB
Standalone Femto HNB
I t Integrated t d with ith DSL gateway t or STB planned l di in f future t release l
3G R6 Radio compliant
UMTS Band I, II and V support Single carrier with up to 5mW (7dBm) output power CS and PS support ; up to 3.6Mbps HSDPA (7.2Mbps and 1.4Mbps HSUPA in next release)
NetworkListen (NWL) for autoconfiguration/optimisation

Macro network (2G & 3G) scan to select 3G SC, LAC/RAC and create neighbor list Interference management (CPICH and power control) based on macro measures Macro synchronization to set internal oscillator (NTP used as backup) MCC Scan to check country of operation
Service mix
Four simultaneous user service limit: Multi-RAB CS/PS combinations per user Emergency call support (RANAP SAI handling)
Backhaul capability
Secure transport (IPSec tunnel), NAT traversal, bandwidth management)
63
Cisco 7600 DMZ Router
Engines
Route Switch Processor 720
Ethernet Services Modules

GE and 10GE with Rich QoS, Distributed, Line-rate Performance
S Chassis SeGW
Scalable IPsec Termination 7609-S, 7606-S, 7603-S, 7604
Services Modules
Firewall, IDS, SSL termination, termination Load Balancing
Traditional Chassis
7606, 7609, 7613
BRKAGG-2002_c1
Cisco Public
64
HNB Gateway
Femtocell Access Control
Cl Closed dA Access C Control t lb based d on a li list t of f authorized th i d IMSI Open Access Control planned in subsequent release (assessing impact on performance)
Handover capabilities
Si l Simultaneous h hard dh handover d and d SRNS relocation l i Outgoing to Macro (2G, 3G)Based on identified neighbour cell list Incoming from Macro Femto-femto handover not supported initially (targeted for Picocell deployment)
Fully redundant ATCA-based architecture Physical Interfaces

GE Towards to the HNB ATM-based (IP in future) Iu-cs/Iu-ps to 3G Core Network
Performance Figures
20k Femtos per HNB Gw (to be enhanced in future) 5200 voice/video call Erlangs (90s hold time, 60 cps, 60 LUs/s) 1Gbit/sec PS traffic
65
Cisco Broadband Access Center (BAC)

Carrier grade solution for CPE provisioning and management deployed at over 150 SP worldwide supporting millions of CPEs Fully redundant and scalable architecture Key Features
TR-069 TR 069 Standard compliance Flow through (top down or pre-provisioning) Northbound interface/API for OSS&BSS integration Device Profile Templates and Group Management E t Extensible ibl C Configuration fi ti E Engine i Support of automatic upgrades
BAC RDU (Regional Distribution Unit)

Centralized authority for all Femtocell Provisioning Software Image Management and Distribution Up to 8Mios CPEs per pair of RDU
BAC DPE (Distributed Policy Engine)

Provides scalable CWMP support Locally store Femto related information Up to 500k CPEs per pair of DPEs
66
NMS Components Overview

Proposed NMS architecture allows to manage the Femto components (HNB and HNB Gw) as well as all of the IP networking elements (Routers, Firewalls, LoadBalancers) Configuration Management (Cisco NCM)
Auto discovery of the network to provide full visibility of network changes Track and regulate configuration and software changes for the whole solution Enforce compliance to defined policies Regular reporting of network configuration status
Fault Management (Cisco CIC)

Auto discovery of network Al Alarm M Monitoring it i and db browsing i th through h customizable t i bl GUI Collect, Filter, Consolidate Alarms and Report
Performance Management (provided by third-party partner)

Rich Reporting collecting information from all network elements SLA, statistics monitoring Capacity planning
67
Cisco Femtocell Complements Macro

Area Macrocell Network Femtocell Network
IP
Cisco Value Add

Provisioning, Voice/Data Call Control, and Network Management are all handled by discrete elements
Connectivity Point-to-Point Links Network Carrier Owned / Managed
Unmanaged NATs, NAT s, limited uplink, unsecure IP links, and problematic and Untrusted home IP networks do not impact system performance ISP Network and Home IP Network Automated (Zero Touch) CPE Many Each endpoint gets registered, located for E911 and macro cell handoff, provisioned, and managed automatically (with exceptions flagged as alarms) Low price, with custom per carrier modifications, and rapid innovation of CPE products Integration with Video STB, PVR, Satellite, Second Line Voice, WiFi, and Home Media Gateway over time
Provisioning
Manual (High Touch) Carrier Class None
Equipment Additional Services Required
BRKAGG-2002_c1
Cisco Public
68
Femto Integration
BRKAGG-2002_c1
Cisco Public
69
Iuh Integration
Routing & Switching Internet Routing (BGP) with Internet Provider Aggregation Router for the site VRF-Lite for Internet Routing and OAM Q S / CoS QoS C S Management M t Security IPSEC Stateful firewall Intrusion Prevention (optional) Tunnel termination CA Server, Certificates, Certificate Verification, CRL DSCP Marking of tunnel traffic Load Balancing Management Security Load-balancing of servers, SeGW farm SSL Offload for server traffic Control Plane Policing
BRKAGG-2002_c1
Cisco Public
70
Core Network Integration

Iu-CS: ATM
RANAP / ALCAP / Bearer VCs Class of Service and Parameters AESA Addresses of Media Gateways and Femto Gateway (for Voice Bearer only) RANAP / ALCAP Point Codes for MSC/MediaGateway Point Code for Femto Gateway MCC, MNC RAC, LAC, SAC RNC ID RNC-ID
SS7
RAN
Iu-PS: ATM
SS7 RAN
RANAP / ALCAP / Bearer VCs Class of Service and Parameters RANAP / ALCAP Point Codes for SGSN Point Code for Femto Gateway MCC, MNC RAC, LAC
IP Addressing
BRKAGG-2002_c1
RNC-ID RNC ID Transport IP Addressing for Bearer VCs GTP-U IP Addressing

Cisco Public
71
OSS Integration
Coverage RAN Provisioning
Hexagonal maps of county/market LAC, RAC for Femto LAC, RAC for Macro New AP addition, deletion User MSISDN, MSID changes Friends list
E911
Location Identification
BRKAGG-2002_c1
Cisco Public
72
Summary
BRKAGG-2002_c1
Cisco Public
73
Summary
Operators looking to offload/complement their Macro with ith Femto F t to t provide id Mobile M bil I Internet t t to t indoor i d users Standard bodies bodies, 3GPP and Femto For Forum, m ha have e churned major interest. RAN-Gateway approach by 3GPP makes it easier to integrate with Macro. Femto Success = Seamless Integration with Macro + Auto Provisioning / Self Optimizing Auto-Provisioning Femto trend continues with LTE Femto and Super Femto interests.
74
References
3GPP Standards http://www.3gpp.org 3GPP Standards http://www.3gpp.org/femto TR-069 with CPE WAN Management g Protocol proposed as a framework http://www.broadbandforum.org/technical/download/TR-069Amendment2.pdf
BRKAGG-2002_c1
Cisco Public
75
Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now ( (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Dont forget f to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the h year. A Activate i your account at the h Cisco booth in the World of Solutions or visit www.ciscolive.com.
76
BRKAGG-2002_c1
Cisco Public
BRKAGG-2002_c1
Cisco Public
77

Brkagg 2002

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Brkagg 2002

Încărcat de

Drepturi de autor:

Formate disponibile

3G UMTS Femtocell Architecture and Design

2009 Cisco Systems, Inc. All rights reserved.

2009 Cisco Systems, Inc. All rights reserved.

Femtocell Picocell Microcell Macrocell

Focus of this topic is Femtocell

Compare and contrast with Macrocell, Microcell or Picocell

Operator Management & Services RNC

Cellular Network Standard 3G Handset

Connects to the Core Network via the Internet

Femto Home Node-B Gateway

Femto Home Node-B (<5mW)

Broadband Residential GW Connection (4 calls in 200kbps)

Standard Connectivity to Core

Femto Cellular Network

2009 Cisco Systems, Inc. All rights reserved.

Wireless Is Coming Home

Non-traditional devices will gain widespread popularity

New mobile usage trends growing

Anytime/ Anywhere S i Service Expected

2009 Cisco Systems, Inc. All rights reserved.

Mobile Operator Opportunities With Femto

Increasing Revenue/Reducing Churn

Improving In-Home Coverage

2009 Cisco Systems, Inc. All rights reserved.

Mobile Operator Opportunities With Femto

Connected Home Services

Mobile Operator: Femto Market Insertion Insertion*

Connected Enterprise / UC Standalone Femto

Service Adoption Timeline

*Based on Operators feedback and present industry direction

2009 Cisco Systems, Inc. All rights reserved.

Femtocell Reference Architecture

Fm/ TR-069 TR 069

HPLMN Core Network

Femto Access Point

Fixed Broadband Interconnect

2009 Cisco Systems, Inc. All rights reserved.

Cisco Femtocell End End-to-End to End Architecture

2009 Cisco Systems, Inc. All rights reserved.

Simplified Protocol Stack

RRC PDCP RLC MAC PHY

Control Plane Femto Cell Femto Gateway

2009 Cisco Systems, Inc. All rights reserved.

Cisco Solution Protocol Stack

Relay URSL SigIP SSL IPSEC TCP

RANAP SCCP MTP3-b SSCF-NNI

URSL SigIP SSL IPSEC TCP

RRC RLC MAC-d Phy

RRC RLC MAC-d Phy

3GAP and 3GAC use IP based stack (instead of legacy stack)

Cisco Solution Protocol Stack

3GAP and 3GAC use IP based stack (instead of legacy stack)

Cisco Solution Protocol Stack

3GAP and 3GAC use IP based stack (instead of legacy stack)

Key Femto Features

2009 Cisco Systems, Inc. All rights reserved.

Additional Consumer Homezone/ Connected Home services

2009 Cisco Systems, Inc. All rights reserved.

Femtocell Specific Features

Security and Access Control

Interference Management (to macro and between femto)

Impact on the broadband network (for backhaul)

Handover Support (hand-in/hand-out)