fundamentals of wimax
DESCRIPTION
A presentation by IEEE Wireless MAN and Wimax Forum for understanding the Wimax technologyTRANSCRIPT
IEEE Standard 802.16:A Technical Overview of the Mobile WiMAX Air Interface and Beyond
Eyal Verbin
Contents
1. Overview of WiMAX• Background on IEEE 802.16 and WiMAX• Salient Features of WiMAX
2. Physical Layer• The Broadband Wireless Channel• OFDM Principles• Channel Coding• Hybrid-ARQ• OFDM Symbol Structure • Frame Structure• Fractional Frequency Reuse• Transmit Diversity and MIMO• Ranging• Power Control• Channel Quality Measurements
3. Medium Access Control Layer• Convergence Sublayer• MAC PDU Construction and Transmission• Bandwidth Request and Allocation
• ARQ• Quality of Service• Scheduling• Adaptive Modulation and Coding• Security• Network Entry Procedures• Power saving Modes• Mobility Management
4. WiMAX Network Architecture• Network Reference Model• Protocol Layering• IP Address Assignment• Authentication and Security Architecture• Quality of Service Architecture• Mobility Management• Paging
Background on IEEE 802.16 and WiMAX
Air interface is based on IEEE 802.16-2009 IEEE 802.16 was formed in 1998 to develop LOS point to multipoint for operation in the 10GHz –
66GHz band The original 802.16 standard was based on single carrier Many of the MAC concepts were adopted from the cable modem DOCSIS In December 2005 IEEE 802.16e-2005 was approved as a standard for mobile wireless system,
which forms the basis for Mobile WiMAX and adopts multi carrier technology
WiMAX forum used IEEE work to develop interoperable standard For practical reasons a smaller set of design choices (profiles) were selected System profile defines the subset of mandatory and optional PHY and MAC features WiMAX forum also defines higher layers networking specifications
Salient Features of WiMAX (1)
OFDM based physical layer Enables good resistance to multipath and allows operation in NLOS conditions
High peak data rates Typically, using 10MHz spectrum using TDD scheme with 3:1 DL/UL split, the peak PHY data rate is
about 25Mbps (DL) and 7Mbps (UL)
Scalable bandwidth FFT size may scale from 128 bit to 1024 bit FFT allowing channel bandwidths of 1.25MHz to
10MHz.
Adaptive modulation and coding WiMAX supports a number of modulation and channel coding schemes and allows the scheme to be
changed on a per user and per frame basis
Link layer retransmission Auto retransmission requests (ARQ) are supported on top of physical layer error correction schemes
to enable reliable data transmission
Orthogonal frequency division multiple access (OFDMA) Different users can be allocated with different subsets of the OFDM tones
Salient Features of WiMAX (2)
Flexible and dynamic per user resource allocation DL and UL resources and transmission schemes are controlled by the scheduler in the base station.
Advance antenna techniques Beamforming, space time coding and spatial multiplexing may be used to improve system capacity
and spectral efficiency
Quality of service support Connection oriented architecture to support variety of applications, each with its own characteristics.
Robust security Strong encryption using Advance Encryption Standard (AES) and flexible authentication architecture
based on Extensible Authentication Protocol (EAP)
Support for mobility Secure seamless handover for full mobility applications and various power saving mechanisms
IP based architecture Network architecture is based on an all IP platform. All end to end services are delivered over an IP
architecture
Part IWiMAX Physical Layer
The Broadband Wireless Channel (1)
The main challenge of broadband wireless system is the multipath propagation
Fast Fading: different reflection arrive at the receiver with different phases. The combined effect can be constructive or destructive, which causes very large observed difference in amplitude of the receive signal
Different symbols arrive at different time to the receiver, resulting in Inter Symbol Interference (ISI)
Different approached for mitigation of fading: Spread spectrum and rake receivers Equalization Multicarrier transmission
The Broadband Wireless Channel (2)
Spatial Multiplexing Used to increase system capacity by exploiting the
dispersive nature of the wireless channel System capacity grows linearly with Min{NTx, NRx} Spatial Multiplexing (MIMO Matrix B)
Multiple data streams are transmitted at the same time and in the same frequency from different BS antennas
Mandates multiple receive antennas at the MS Assuming channels are uncorrelated, receiver can
retrieve the data using decoding algorithm known as VBLAST
Collaborative Spatial Multiplexing (CSM) Multiple data streams are transmitted at the same time
and in the same frequency from different MS Assuming channels are uncorrelated, BS can retrieve the
data using the same Matrix B technique
Open Loop MIMO in WiMAX (2)
OFDM Principles (1)
Multicarrier transmission Dividing high bit rate data stream into several parallel lower bit rate streams (subcarriers) Minimize intersymbol interference (ISI) by making the symbol time substantial larger than
the channel delay spread
OFDM is a spectrally efficient version of multicarrier scheme Subcarriers are orthogonal, so that guard bands between subcarriers is not required Created using inverse discrete Fourier transform (IDFT)
To completely eliminate ISI, guard intervals are inserted between consecutive OFDM symbols
The duration of the guard interval is a tradeoff between the delay spread that can be handled and the power loss associated with it.
Size of FFT is chosen as a balance between protection against multipath, Doppler shift and design complexity.
OFDM Principles (2)
Advantages Robustness to channel delay spread Reduced computational complexity Exploitation of frequency diversity
Coding and interleaving the information across the subcarriers
Provides a flexible multiple access scheme Resources are allocated in a frequency-time grid
Robustness against narrowband interference Suitable for coherent demodulation using pilot based channel estimation
Drawbacks High peak to average ratio that causes non linearities and clipping distortion
Can be mitigated using digital pre-distortion techniques
Sensitivity to phase noise and frequency dispersion Requires accurate frequency synchronization
Channel Coding
Channel Encoder
Subcarrier Mapping and Pilot Insertion
Space Time
Encoder
Symbol Mapping
Interleaver
IFFT
IFFT
D/A
D/A
Randomizer
Subcarrier Mapping and Pilot Insertion
Antenna #0
Antenna #1
From MAC
Channel Coding
Randomizer Improves FEC performance and synchronization capabilities
Channel Encoder Convolution Code (CC)
Used for encoding of Frame Control Header (FCH)
Convolution Turbo Code (CTC) Used for all transport and management connections
Repetition Code Further increase signal margin over the modulation and FEC mechanisms Applies only to QPSK modulation
Interleaver Improves FEC performance by ensuring that adjacent coded bits are mapped onto non
adjacent subcarriers (frequency diversity) and that adjacent bits are alternately mapped to less and more significant bits of modulation constellation
Symbol Mapping QPSK 16QAM 64QAM (optional for UL)
Hybrid ARQ (1)
HARQ is an optional part of the PHY and can be enabled on a per connection basis. HARQ renders performance improvements due to SNR gain and time diversity
achieved by combining previously erroneously decoded sub packets and retransmitted sub packet.
Based on N ‘Stop and Wait’ mechanism Transmitter waits for ACK/NACK before transmitting again Multiple HARQ processes (channels) may be activated per connection to increase the rate
Operates at the FEC block level and combines PHY and MAC (Hybrid) The FEC encoder is responsible for generating HARQ sub packets. The sub packets are combined by the receiver FEC decoder as part of the decoding process.
The receiver combines the newly received burst with the formerly received bursts to enhance decoding performance.
Based on 16 bit CRC, the receiver replies with an ACK if the sub packet decoding succeeded and with a NACK if the decoding failed.
Hybrid ARQ (2)
ACK/NACK signaling DL: Dedicated PHY layer ACK/NACK UL channel
Feedback is synchronized with the transmission, i.e. receiver provides feedback in a fixed delay relative to the transmission (default is one frame)
UL: ARQ ACK message. Feedback is implicitly indicated through the UL allocation Feedback is unsynchronized, i.e. receiver may provide feedback any time following the HARQ
transmission
In order delivery Due to the N ‘Stop and Wait’ scheme, out of order delivery of HARQ packets is possible. Since some applications are sensitive to the delivery order, e.g. TCP, there is an option to
guarantee in order delivery by using PDU SN subheaders.
Symbol Structure
Mobile WiMAX Profile includes support of 512 and 1024 FFT, depending on channel BW 512FFT: 3.5MHz, 5MHz 1024FFT: 7MHz, 8.75MHz, 10MHz
The guard interval used to prevent ISI is a cyclic prefix. This structure is needed to prevent Inter Carrier Interference (ICI)
Frequency Domain Representation
Time Domain Representation
OFDM Symbol Parameters
Primitive parameter definitions BW: Nominal channel bandwidth (e.g. 10MHz) Nused : Number of used subcarriers (e.g. 840 for 10MHz)
Ndata: Number of data subcarriers (e.g. 720 for 10MHz) n: Over sampling factor (e.g. 28/25 for 10MHz) CP: Cyclic prefix, i.e. Tg/Tu (1/8)
Derived parameter definitions NFFT : Smallest power of two greater than Nused (e.g. 1024 for 10MHz)
Sampling Frequency Fs = nBW: (e.g. 11.2 MHz for 10MHz)
Subcarrier spacing ∆f=Fs/NFFT: (e.g. 10.9 KHz for 10MHz)
Useful symbol time Tu = 1/∆f: (e.g. 91.4 Sec 10MHz)
CP time Tg = CP∙Tu: (e.g. 11.4 Sec for 10MHz)
OFDMA symbol time Ts = Tg + Tu: (e.g. 102.9 Sec for 10MHz)
OFDM Spectral Efficiency
Data Rate
Spectral Efficiency
DL Example (10 MHz, 64QAM 5/6) Spectral efficiency = 3.5 bit/sec/Hz
(1 )data m r
FFT
N b c nREfficiency
BW CP N
/data m r sR N b c T
535 720 6 /102.9
6Mbps
OFDM Symbol Structure: Terminology
Slot: Smallest allocation unit in the time-frequency domain. Consists of a single subchannel and of one to three OFDM symbols. Contains 48 data subcarriers
Data Region: A contiguous allocation of slots in the time-frequency domain
Subchannel Group: A single set of contiguous logical subchannels. Each logical subchannel is mapped to a set of physical subcarriers
Segment: One or more subchannel groups that are controlled by a single instance of BS MAC
Symbol Structure & Permutation
Permutation: The mapping of physical subcarriers to logical subchannels Permutation Zone: A set of OFDM symbols over which the same permutation is
used. A frame may contain one or more permutation zones Two categories of permutations:
Distributed Permutation: Draws subcarriers pseudo randomly to form subchannel. Provides frequency diversity and inter cell interference averaging. Includes two permutations:
Contiguous Permutation: Groups a block of contiguous subcarriers to form a subchannel. Enables multi user diversity by choosing the subchannel with the best frequency response.
In general, distributed permutation perform well in mobile applications, while contiguous permutation are well suited for fixed or low mobility environments.
DL Partial Use of Subcarriers (PUSC) Symbol Structure
Used subcarriers are split into clusters of fourteen contiguous subcarriers. Clusters are mapped to six major groups as a function of Cell ID and DL Permutation Base
parameters Three segments are created from the groups Logical subchannels are created from a permutation of cluster pairs such that each group is
made up of clusters that are distributed throughout the subcarriers space
Slot is one subchannel by two OFDM symbols. It contains 48 data subcarriers and eight pilot subcarriers
DL PUSC Symbol Structure
Parameter 1024 FFT 512 FFT
DC subcarriers 1 1
Guard subcarriers 183 91
Data subcarriers 720 360
Pilot subcarriers 120 60
Subcarriers per cluster 14 14
Clusters 60 30
Data subcarriers per slot 48 48
Subchannels 30 15
UL PUSC Symbol Structure
Subcarriers are split into groups of four consecutive physical subcarriers over three OFDM symbols. Each group is termed a tile
Six tiles generate a subchannel. Tiles are mapped to logical subchannels based on UL Permutation Base parameter
Slot is one subchannel by three OFDM symbols. It is comprised of 48 data subcarriers and 24 pilot subcarriers in 3 OFDM symbols Pilot density is higher than DL since no preamble is available on the UL
OFDMA PHY: UL PUSC Symbol Structure
Parameter 1024 FFT 512 FFT
DC subcarriers 1 1
Guard subcarriers 183 103
Used subcarriers 840 408
Tiles 210 102
Subcarriers per tile 4 4
Data subcarriers per slot 48 48
Subchannels 35 17
Tiles per subchannels 6 6
Frame Structure (Time Division Duplex)
IEEE 802.16e PHY supports both FDD and TDD. Mobile WiMAX profiles currently available for TDD only
Each frame is divided into DL and UL sub frames separated by Transmit To receive Gap (TTG) and Receive to Transmit Gap (RTG)
Profiles define a finite set of possible DL/UL splits (UL varies between 25% and 45% of the frame) Frame duration: 5msec Subframe may be divided into multiple zones on OFDM symbol boundaries. Each Zone is
characterized by a specific permutation mode and multiple antenna scheme
Preambles & Pilots
The first symbol in the DL transmission used for synchronization and channel estimation.
Preamble subcarriers are boosted BPSK modulated with a specific PN code To generate the preamble the PHY uses a series of 114 binary PN sequences. The
sequence to be used is determined by the segment number and the Cell ID. It is mapped to every third subcarrier except the DC carrier.
Enables MS to obtain signal measurements and extract Cell ID for multiple co-channel cells with a single reception of preamble
No preambles are available on the UL (except for AAS zone). Channel estimation on the UL is derived from the pilots
DL Subframe (1)
Multiplexing: OFDMA Preamble
First symbol of the DL subframe Used for time and frequency
synchronization, initial channel estimation, noise and interference estimation
Carries BS information (Cell ID and segment)
Frame Control Header (FCH) Transmitted with QPSK ½ and
repetition of four and occupies the first four subchannels of the segment Indicates used subchannel groups (PUSC
zone) FEC scheme for the MAPS
MAPS are transmitted at QPSK ½ with FEC and repetition as indicated by FCH
Indicates MAP length
Pre
am
ble
FCH
DL MAP
DL MAP (Cont’d)
DL Burst #2
DL Burst #3
DL Burst #1(UL MAP)
DL Burst #8
DL Burst #9
DL Burst #10
DL Burst #13
DL Burst #11
DL Burst #12
DL Burst #14
Time
Fre
qu
en
cy
Not Allocated
Zone #1: PUSC 1/3 SISO Zone #2: PUSC 1/3 MIMO
DL Burst #15
DL Burst #16
Zone #3: PUSC All MIMO
DL Subframe (2)
DL MAP and UL MAP are broadcast messages carrying information elements (IE) IE defines the DL and UL bursts The scope of the DL MAP is the current frame The scope of the UL MAP is the next frame
Standard DL IE includes: Connection Identifier (CID) Downlink Interval Usage Code (DIUC), which
defines the MCS and the FEC used for the burst Repetition coding indication Burst boundaries
Symbol offset (start of burst in time domain) Subchannel offset (start of burst in frequency domain) Number of symbols (burst duration in time domain) Number of subchannels (burst duration in frequency
domain) Boosting (power boosting for the burst +6 dB to -
12 dB to provide DL power control)
Pre
am
ble
FCH
DL MAP
DL MAP (Cont’d)
DL Burst #2
DL Burst #3
DL Burst #1(UL MAP)
DL Burst #8
DL Burst #9
DL Burst #10
DL Burst #13
DL Burst #11
DL Burst #12
DL Burst #14
Time
Fre
qu
en
cy
Not Allocated
Zone #1: PUSC 1/3 SISO Zone #2: PUSC 1/3 MIMO
DL Burst #15
DL Burst #16
Zone #3: PUSC All MIMO
UL Subframe
Multiple Access: OFDMA No Preambles Standard UL IE includes:
Connection Identifier (CID) Uplink Interval Usage Code Duration (in OFDMA slots) Repetition coding indication
Dedicated Control Zones UL Ranging
Dedicated UL ranging subchannel Used for BW requests as well
Quality Information Channel UL CQICH is allocated for the MS to feedback
channel state information UL ACK Channel
Allocated to feedback DL HARQ acknowledgement
Time
Fre
qu
en
cy
Initial Ranging/HO
Ranging
Periodic
Ranging/
BWR
ACK
UL Burst #1
UL Burst #2
UL Burst #3
CQICH
6 SC
6 SC
Noise Burst 10 SC
12 SC
3 Symbols 3 Symbols
Not AllocatedNot Allocated
Zone #1Segmented PUSC
Zone #2Un-Segmented PUSC
Fractional Frequency Reuse (1)
Frequency reuse is defined as (C×N×S): C - number of BS in the reuse cluster N - number of the channels (or channel group) S - number of the sectors of each BS
Examples of classical frequency reuse schemes: Reuse 3: Marked as (1×3×3) and requires 3
frequency assignment Reuse 1: Marked as (1×1×3) and requires one
frequency assignment Segmentation
PUSC symbol structure enables division of the subcarriers into three segments and allows a reuse 3 scheme with a single channel assignment
Reuse 1 scheme has higher capacity at the center of the cell but is susceptible to interference at the cell edge.
Reuse 3 scheme has lower capacity but provides a more reliable link at the cell edge
F1
F2
F3
F1
F2
F3
F1
F2
F3
(1x3x3)
F1
F1
F1
F1
F1
F1
F1
F1
F1
(1x1x3)
F1 {Seg. 0}
F1 {Seg. 1}
F1 {Seg. 2}
F1 {Seg. 0}
F1 {Seg. 1}
F1 {Seg. 2}
F1 {Seg. 0}
F1 {Seg. 1}
F1 {Seg. 2}
(1x3x3)
Fractional Frequency Reuse (2)
Fractional Frequency Reuse (FFR): By exploiting the frequency – time grid structure of the OFDM frame it is possible to combine Reuse 1 and Reuse 3 FFR can be implemented in both time and frequency domain
Time domain FFR Subframe is divided into two zones
R3 zone in which a single segment is allocated and subcarriers are boosted by 5dB
R1 zone in which all subcarriers are allocated The zones boundary is static across the whole coverage area
Users are allocated dynamically to one of the zones based on their CINR reports
Frequency Reuse Parameters Selection
Cell ID Each three sector BS is assigned with Cell ID (range: 0..31)
Should be unique among neighbors Each sector in the BS is assigned with unique segment (range: 0..2) The preamble index is calculated as 32*Segment + Cell ID
DL Permutation Base Used to randomize pilot modulation and subcarrier permutation If R1 is used, DL Permutation Base should be set to a unique value among neighbors (range: 0..31)
UL Permutation Base Used to randomize pilot modulation and subcarrier permutation If R1 is used, UL Permutation Base should be set to a unique value among neighbors (range: 0..127) If R1 is not used
UL Permutation Base for neighbor BS with the same FA should be set with an offset of 35 (e.g. 0, 35, 70, 115)
UL Permutation Base the three sectors in the same BS should be set to the same value (to maintain orthogonality)
Multiple Antenna Techniques
Open Loop MIMO (IO-MIMO) Channel State Information (CSI) is not available at the
transmitter Space Time Block Coding (STBC) – Matrix A Spatial Multiplexing – Matrix B Collaborative UL MIMO (CSM)
Closed Loop MIMO (IO-BF) CSI is required at the transmitter, through feedback
channels or reciprocity in TDD Beamforming techniques
Diversity Improves probability of the receiver to overcome
fades. Diversity order (d) = NTx x NRx
BER is proportional to CINR-d
Maximum Receive Ratio Combining (MRC) Multiple receive paths are combined coherently
Space Time Block Code (STBC or Matrix A) A single data stream is replicated and
transmitted over two antennas Redundant data is encoded using a
mathematical algorithms known as STBC. Receiver may combine this with MRC to
increase diversity order
Open Loop MIMO (1)
Spatial Multiplexing Used to increase system capacity by exploiting the
dispersive nature of the wireless channel System capacity grows linearly with Min{NTx, NRx} Spatial Multiplexing (MIMO Matrix B)
Multiple data streams are transmitted at the same time and in the same frequency from different BS antennas
Mandates multiple receive antennas at the MS Assuming channels are uncorrelated, receiver can
retrieve the data using decoding algorithm known as VBLAST
Collaborative Spatial Multiplexing (CSM) Multiple data streams are transmitted at the same time
and in the same frequency from different MS Assuming channels are uncorrelated, BS can retrieve the
data using the same Matrix B technique
Open Loop MIMO (2)
Beamforming Leverage arrays of transmit and receive antennas to control
the directionality and shape of the radiation pattern. Channel information is communicated from the MS to the
BS using Uplink Sounding. Based on CSI, the BS utilizes signal processing techniques to calculate weights to be assigned to each transmitter controlling the phase and relative amplitude of the signal
Can be used for interference cancellation. Can be used for both coverage and capacity enhancements
Closed Loop MIMO
Adaptive Mode Selection Dynamic adaptation algorithms are required to
optimize system performance and select the appropriate mode based on DL SNR and channel conditions
Dynamic Selection of MIMO Mode
Ranging
Ranging is an UL PHY procedure that maintains the quality of the radio link communication between BS and MS.
BS estimates CINR, time of arrival and frequency error of MS transmission and provides power, timing and frequency adjustment commands
Initial and periodic ranging procedures are defined Both regular transmission and contention transmission
can be used Contention transmission is done in special UL regions
using ranging (CDMA code) Codes are created using PRBS generator and are BPSK
modulated Each MS randomly chooses one ranging code from a
bank of specified binary codes. 256 distinct codes are available and are divided by
configuration into four groups: IR codes PR codes BR codes HO codes
Since codes are orthogonal, BS can process multiple codes transmitted simultaneously by different MS
Power Control (1)
Power control mechanisms are supported in the UL to maintain the quality of the link. Basic requirements of the power control mechanism are:
Power control is designed to support fluctuations of 30dB/sec BS accounts for the effect of various bust profiles on amplifier saturation while issuing
power control commands MS reports maximum transmission power for each modulation
MS maintains the same transmitted power spectral density (PSD), regardless of the number of assigned subchannels. Therefore, transmission power level is proportionally decrease or increased with the subchannel assignment without specific power control messages
The requirements calls for a complex link adaptation algorithm that makes a joint decision regarding MCS, resource allocation and power adjustment
MS reports available power headroom periodically and on a per demand basis
Power Control (2)
Closed Loop Power Control MS adjust its PSD based on BS commands only.
BS command may be explicit or implicit (by modifying the MCS)
Open Loop Power Control MS adjust its PSD independently, based on changes in the DL signal level according
the following formula
L: Estimated propagation loss C/N: Carrier to noise for the burst profile in the current transmission NI: Estimated average power level of noise an interference R: repetition rate Offset SS per SS: Correction factor employed by the SS (set to zero for passive mode) Offset BS per SS: Correction factor employed by the BS
Closed loop power control may be combined with open loop as an outer mechanism, using the ‘Offset BS per SS’ parameter
P(dBm)= L+C⁄N+NI – 10log10(R)+Offset_SSperSS+Offset_BSperSS
Channel Quality Measurements
MS provides BS with feedback on the quality of the DL signal. This feedback drives the link adaptation algorithm. Reported metrics include:
Received Signal Level (RSSI) Carrier to Interference and Noise Ratio (CINR)
Based on preamble for R3 and R1 frequency reuse schemes Based on pilots in specific zone
Preferred MIMO mode Feedback can be carried over the Channel Quality Indication Channel (CQICH) in a special UL region
or over MAC control message
Throughput Calculation Example
1. Calculate number of OFDM symbols in frame 47 symbols for 10MHz channel
2. Determine DL/UL split based on profile 26/21
3. Deduce one symbol from DL subframe for preamble
4. Deduce overhead DL: 4 symbols for the MAPs UL 3 symbols for ranging, HARQ feedback and CQICH zones
5. Calculate number of slots available for data DL: PUSC 30 x (20/2)=300 UL: PUSC 35 x (18/3)=210
6. Determine burst profile and MIMO mode DL: 64QAM 5/6 Matrix B UL: 16QAM 1/2
7. Calculate bits per frame DL: 300 x 48 x 6 x (5/6) x 2=144,000 UL: 210 x 48 x 4 x (1/2)=20,160)
8. Calculate bits per second by dividing by frame duration DL: 28.8Mbps UL: 4Mbps
Part IIMedium Access Control Layer
MAC Functions
Segment or concatenate service data units (SDU) received from higher layers into the MAC protocol data unit (PDU)
Select the appropriate burst profile and power level to be used for transmission (link adaptation)
Retransmission of MAC PDU (ARQ) Provide QoS control and priority handling of MAC PDU associated with
different data and signaling bearers (Packet Scheduling) Schedule MAC PDU over PHY resources (frame building) Mobility management (handover) Security and key management Provide power saving modes (Idle/Sleep)
MAC: Protocol Layers
Network
Fragmentation
SchedulerARQ
Manager
Link Maintenance
Data Encryption
ACK Feedback
PHY moduleLink Quality
Feedback (e.g. CINR)
Radio Resource Control
Con #1 Con #2 Con #n
Network Interface
Received SDU’s
MAC-CS
MAC-CPS
Security
PHY and RF
UL ACK channel DL burst Ranging channel CQICH channel
BW Request
AMC
Convergence Sublayer (CS)
Convergence sublayer is an adaptation layer that masks the higher layer protocol and its requirements from the MAC layer
Several convergence sublayers are supported IPv4/IPv6 with and without ROHC 802.3 (Ethernet)
802.1/Q VLAN
IPv4/IPv6 over 802.3 IPv4/IPv6 over 802.1/Q VLAN
text
Upper Layer Entity (e.g. bridge, router) Upper Layer Entity (e.g. bridge, router)
802.16 MAC CPS
Classification
CID 1
CID 2
CID n
SAP
SAP
SDU
{SDU, CID,...}
802.16 MAC CPS
text
Reconstruction(e.g. undo PHS)
SAP
SAP
{SDU, CID,...}
Convergence Sublayer Functions
Classification WiMAX MAC is connection oriented. Each unidirectional logical connection between MS and BS
is identified by a Connection Identifier (CID). Connection can carry user plane data and control plane information
CS performs many-to-one mapping between higher layer applications and a specific connection. Applications with different QoS requirements are mapped to different connections.
The mapping is performed on the basis of the header fields of the higher layer protocol, e.g. VLAN, IP source address.
Classification may be performed at the BS or at the ASN-GW
Packet Header Suppression (PHS): Repetitive portion of the packet header may be suppressed by the transmitter and restored by the
receiver
Improves efficiency of the network, especially for applications with small packet size (e.g. VoIP) PHS rules at the transmitter and the receiver are synchronized during service flow initiation and
modification
PHS may be performed at the BS or at the ASN-GW
Robust Header Compression (ROHC) is an alternative to PHS, which is transparent to the MAC operation. Defined by RFC 3095, ROHC compress the IP, UDP, RTP and TCP headers of IP packets (can compress 60 bytes of overhead into 3 bytes)
MAC PDU Construction and Transmission
SDU arriving from higher layer are assembled to create MAC PDU. Depending on the size of allocation, multiple SDU can be packed on a single
PDU, or a single SDU can be fragmented over multiple PDUs. Multiple MAC PDUs intended for the same receiver can be concatenated onto a
single transmission burst
1 171615141312111098765432
Header Fragment 1 Header Fragment 2 Fragment 1 Header Fragment 2
DL/UL Burst
SDU 1 SDU 2
Fragment 1 Fragment 2 Fragment 1 Fragment 2
ARQ Block
PDU 3PDU 2PDU 1
ARQ
For application sensitive to packet error (TCP), ARQ can be used on top of HARQ to eliminate residual error rate.
ARQ can be enabled on a per connection basis. For ARQ-enabled connection, SDU is first partitioned into fixed length ARQ
blocks and a block sequence number (BSN) is assigned to each block. The length of the ARQ blocks and the ARQ window size (number of blocks managed by the
transmitter and receiver at an given time) are set during connection establishment.
Once SDU is partitioned into ARQ blocks, the partition remains in effect until all the blocks have been received and acknowledged by the receiver
ARQ enable connection are limited in throughput by Block Size x Window Size / ACK Latency
For ARQ enabled connection, fragmentation and packing subheader contains the BSN of the first ARQ block following the subheader.
Receiver feedback (ACK) can be sent as a stand alone MAC PDU or piggybacked on the payload of a regular MAC PDU ARQ feedback can be selective or accumulative
MAC PDU Structure (1)
Each MAC PDU consists of a header which may followed by a payload and a cyclic redundancy check (CRC)
Generic MAC Header (GMH) is used for carrying user plane data and MAC control messages HT: Header type (HT = 0 for GMH)
EC: Encryption control
Type: Indicates subheaders included in the payload
CI: CRC indicator
EKS: Encryption key sequence
LEN: Length of MAC PDU in bytes
CID: Connection ID associated with the PDU
HCS: Header check sequence
Generic MAC Header6 bytes
Payload: SDU’s & Subheaders(Optional)
0-2038 bytes
CRC(Optional)
4 bytes
MSB
LSB
CID LSB (8) HCS (8)
LEN LSB (8) CID MSB (8)
LENMSB (3)
Type (6)
HT
=0
(1)
EKS(2)E
C (
1)
Rsv
(1)
CI
(1)
Rsv
(1)
MAC PDU Structure (2)
Signaling MAC header is defined used for the UL (this header is not followed by payload)
Signaling header type I BW request header (aggregate/incremental) BW request and UL TX power report header
BW request and CINR report header
CQICH allocation request header PHY channel report header (DIUC, TX power, TX power
headroom)
BW request and UL sleep control header
SN report header (ARQ)
Signaling header type II Used for MS feedback report
14 feedback permutations are defined: CINR, TX power, DIUC, AMC band indication bitmap, MIMO feedback, etc.
Bandwidth Request and Allocation
All decisions related to DL resource allocation to various MS are made by the BS on a per CID basis. BS schedules MAC PDUs based on the connection QoS requirements. The allocation is indicated in the DL MAP.
MS requests UL BW in bytes on a per connection basis by using either stand alone BW requests or piggybacking BW requests on generic MAC PDU. BW request can be incremental or aggregate
UL grants are done on a per MS basis and indicated in the UL MAP. MS UL scheduler distribute the granted allocation among its various connections.
BS supports BW polling, whereby dedicated (unicast polling) or shared (multicast polling) UL resources are provided to the MS to make BW requests. Multicast polling is based on contention mechanism, in which MS sends a randomly selected code in a
dedicated UL region.
Contention is resolved using an exponential backoff window mechanism
Quality of Service
Each service flow is associated with QoS parameters: maximum traffic rate, guaranteed traffic rate, maximum latency and Priority. MAC layer is responsible to ensure QoS requirements subject to loading conditions.
Each service flow is mapped to a certain transport connection with its own QoS parameters. Transport connections may be Unicast, Multicast or Broadcast
Two Management connections are established for each MS to reflect different levels of QoS requirements Basic management connection: Used to transfer short, time-critical MAC and radio control
messages
Primary management connection: Used to transfer longer, more delay-tolerant messages such as authentication and connection setup
QoS Architecture
Data Packet (SDU)
Classification Scheduler
Classification
• IP Protocol• Source/Dest IP Address• ToS• Source/Dest MAC
Address• VLAN
Service Flow Attributes
• Maximum traffic rate• Minimum reserved traffic rate• Latency• Priority• Grant/polling interval
Scheduler
• Select PDU based on SF attributes and subject to available resources
Service Flows: Three Phase Activation
SF defined in BS/MS
QoS parameters known to BS/MS. Usually defined by higher layer entity
SFID assigned
Traffic disabled
Transient stage
QoS parameters are a subset of the provisioned set, following BS admission control
Resources are allocated
CID assigned
Traffic disabled
Traffic enabled
Provisioned
Admitted
Active
Data Services & Scheduling Types
Five scheduling services used to collect BW requirements from MS’s: Unsolicited Grant Service (UGS)
Real time applications generating fixed rate data Provides fixed size grants on periodic basis and does not need the MS to explicitly request BW.
Extended Real Time Polling Service (ertPS) Real time applications with variable rate, guaranteed rate and latency, e.g. VoIP with silence
suppression Similar to UGS, but allows dynamic adaptation of grant size based on MS feedback
Real Time Polling Service (rtPS) Real time applications generating variable rate data BS provides unicast polling opportunities for the MS to request BW
Non Real Time Polling Service (nrtPS) Delay tolerant applications with guaranteed data rate Similar to nrtPS, except that MS is allowed to use contention BW requests in addition to the
polling Best Effort (BE)
Applications with no rate or delay requirements Based on contention based polling opportunities
Scheduling Algorithms
The scheduler prioritizes the backlogged SDUs in the DL and the pending BWR in the UL. Prioritization is done on a per SF basis based on the various attributes associated with the service flow.
Scheduler target: Maximize system capacity subject to service requirements of each flow. Scheduling procedure is outside the scope of the WiMAX standard and has been left to the equipment manufacturers to implement. It has a profound impact on the overall capacity and performance of the system, thus it serves as a key differentiator among vendors.
Classical scheduling algorithm
Strict Priority (SP) SFi = argmax(iPi)
Proportional Fairness (PF) SFi = argmin(iri /Ri)
Adaptive PFS takes into account link condition (spectral efficiency) in order to maximize system capacity
APFS metric SFi = argmin(iwiri /Ri)
Combination of different algorithms is possible, e.g. SP for the guaranteed rate and APFS for the excess bandwidth
Adaptive Modulation and Coding Algorithms (1)
WiMAX supports dynamic adaptation of modulation and coding scheme as well as MIMO mode on a per connection and per frame basis.
Link adaption algorithms aim to maximize spectral efficiency while maintaining link quality metric (typically target packet error rate)
DL adaptation Input:
DL CINR feedback from the MS based on DL preamble and/or DL pilots
Preferred MIMO mode based on channel conditions as perceived by the MS
HARQ error rate based on MS feedback received on the HARQ ACK UL channel
Output:
MCS
MIMO Mode (Matrix A/Matrix B)
Zone (e.g. R1 zone or R3 zone)
Adaptive Modulation and Coding Algorithms (2)
UL adaptation Input:
UL CINR as measured by the BS PHY
MS transmission power headroom as reported by the MS
HARQ error rate as indicated by BS PHY
Output:
MCS
Power adjustment
Maximum number of subchannels that may be allocated
MIMO mode
Two modes of operation are supported: The first selects a solution that maximize the spectral efficiency (highest order possible MCS) and the second selects a solution that maximizes the user throughput, i.e. the spectral efficiency multiplied by the maximum number of subchannels
Security
Security architecture of mobile WiMAX support the following requirements: Privacy: Provide protection from eavesdropping as the user data traverse the network Data integrity: Ensure the user data and control messages are protected from being modified
while in transit Authentication: A mechanism to ensure that a given user/device is the one it claims to be.
Conversely, the user/device should be able to verify the authenticity of the network that it is connecting to (mutual authentication)
Authorization: Mechanism to verify that a given user is authorized to receive a particular service
Access control: Ensure that only authorized users are allowed to get access to the offered services
Public Key Infrastructure (PKI)
On way to enable secure symmetric key encryption is to establish a shared secret between transmitter and receiver.
Asymmetric key encryption is a solution to the key distribution problem. Based on a public key and a private key that are generated simultaneously using the same algorithm,
RSA
Ciphertext that is encrypted with one key can be decrypted by the other key
Public key infrastructure can be used for variety of security applications: Authentication (see example in next slide) Shared secret key distribution
Message integrity
Digital certificates
PKI – Mutual Authentication
User A
Send (Random Number A, Random Number B, Session Key) encrypted with public key of A
User B
Send (Random Number A, My Name) encrypted with public key of B
Send (Random Number B) encrypted with session key
Begin transferring data encrypted with session key
Authentication and Access Control
In general, access control system has three elements: Supplicant: an entity that desired to get access
Authenticator: an entity that controls the access gate Authentication server: an entity that decides whether the supplicant should be admitted
Extensible Authentication Protocol (EAP) A simple encapsulation protocol that can run on any L2 protocol
Based on a set of negotiated messages that are exchanged between the supplicant and the authentication server
EAP includes a number of EAP methods, which define the rules for authenticating a user and/or a device and the set of credentials. EAP Transport Layer Security (TLS) defines a certificate based strong mutual authentication.
In WiMAX, EAP runs from the MS to the BS over PKMv2 (Privacy Key Management) security protocol. The BS relays the authentication protocol to the authenticator in the ASN-GW. From the authenticator to the authentication server, EAP is carried over RADIUS or DIAMETER.
Encryption
Mobile WiMAX encryption is based on Advanced Encryption Standard (AES) which is a symmetric key encryption system.
AES algorithm operates on a 128 bit block size of data. The encryption key size in the case of WiMAX is 128 bits long.
The AES Traffic Encryption Key (TEK) is also AES encrypted using the Key Encryption Key (KEK)
The KEK is a derivative of the Authorization Key (AK) which is a shared secret between the MS and the BS.
Cipher based MAC (CMAC) is used as the mandatory mode for message authentication
AES data encryption provides a built in data authentication capability AES encryption adds 12 bytes of overhead.
Network Entry
DL & UL Synchronization
Initial Ranging
Negotiate Basic Capabilities
Authentication
Registration
Service Provisioning
Frequency Scanning
Network Entry: Frequency Scanning
• MS scans frequency bands in search for the DL preamble
• Scanning is performed on a predefined list of frequencies
• MS selects best carrier frequency base on signal strength or CINR
• MS scans for all preamble indexes in the selected carrier (114 indexes) and selects the best based on RSSI or CINR
DL & UL Synchronization
Initial Ranging
Negotiate Basic Capabilities
Authentication
Registration
Service Provisioning
Frequency Scanning
Network Entry: Downlink and Uplink Acquisition
• BS regularly broadcasts control messages:– Downlink Channel Descriptor (DCD)– Uplink Channel Descriptor (UCD)– DL-MAP– UL MAP
• MS acquires DL once valid DCD and DL-MAP are decoded– To make a valid DCD and DL-MAP BSID and NAI should match MS configuration and
DCD and DL MAP should indicate the same DCD change counter– To maintain DL SYNC MS should periodically receive DL-MAP and DCD
• MS acquires UL once valid UCD and UL-MAP are decoded– To make a valid UCD and UL-MAP UCD and UL MAP should indicate the same UCD
change counter– To maintain UL SYNC MS should periodically receive UL-MAP and UCD
DL & UL Synchronization
Initial Ranging
Negotiate Basic Capabilities
Authentication
Registration
Service Provisioning
Frequency Scanning
Network Entry: Ranging
• Ranging is required to align BS and MS in terms of power, frequency and timing
• BS measure MS offsets from the UL transmission and provides appropriate adjustments
DL & UL Synchronization
Initial Ranging
Negotiate Basic Capabilities
Authentication
Registration
Service Provisioning
Frequency Scanning
MS
BS
BS measures arrival time and signal power and determines required adjustments
MS makes adjustments
Network Entry: Negotiation of Basic Capabilities
• Basic capabilities include supported modulations, FEC, MIMO modes, HARQ, Privacy, etc.
DL & UL Synchronization
Initial Ranging
Negotiate Basic Capabilities
Authentication
Registration
Service Provisioning
Frequency Scanning
MS
SBC-RSP
BS
SBC-REQ
Network Entry: Authentication
DL & UL Synchronization
Initial Ranging
Negotiate Basic Capabilities
Authentication
Registration
Service Provisioning
Frequency Scanning• Based on PKMv2 which uses EAP as the underlying authentication mechanism
MS BS
EAP Request/Identity
Authenticator (ASN)
AAA Server
MS Status Update
EAP Response/Identity(my ID, e.g. MS MAC address)
MSK
AK Transferred to BSSA-TEK Challenge
SA-TEK Request
SA-TEK Response
Key Request
Key Reply
SBC-REQ
SBC-RSP
EAP Request/EAP TLS(TLS Start)
EAP Response/EAP TLS(TLS Client Hello)
EAP Request/EAP TLS(TLS Server Hello, TLS Certificate)
EAP Response/EAP TLS(TLS Certificate)
EAP Request/EAP TLS(TLS Finished)
EAP Response/EAP TLS
EAP SuccessMSK EstablishedMSK, PMK, AK
Established
PMK, AK Established
EAP over RADIUS
Network Entry: Registration
• Registration capabilities include management mode, IP version supported, ARQ support, supported CS, etc.
MS
REG-RSP
BS
REG-REQ
DL & UL Synchronization
Initial Ranging
Negotiate Basic Capabilities
Authentication
Registration
Service Provisioning
Frequency Scanning
Network Entry: Service Provisioning
DL & UL Synchronization
Initial Ranging
Negotiate Basic Capabilities
Authentication
Registration
Service Provisioning
Frequency Scanning
MS
DSA-REQ
BS
DSA-RSP
DSA-ACK
• Creation of service flows can be initiated by either the MS or the BS
Power Saving Modes
Power saving modes enable the MS to conserve its battery resources – a critical feature required for handheld devices.
Two power saving modes are defined: Sleep Mode Idle Mode
Sleep Mode
Sleep Mode is a state in which an MS conducts pre-negotiated periods of absence from the Serving BS air interface. These periods are characterized by the unavailability of the MS, as observed from the Serving BS, to DL or UL traffic. Sleep Mode is intended to minimize MS power usage.
Power Saving class may be activated per connection basis. Activation of certain Power Saving Class means starting sleep/listening windows sequence associated with this class. There are three types of Power Saving Classes, which differ by their parameter sets, procedures of activation/deactivation and policies of MS availability for data transmission.
Example: Sleep mode operation
Idle (Paging) Mode
Idle Mode is a mechanism that allows MS to become periodically available for DL broadcast traffic messaging without registration at specific BS.
Idle Mode benefits MS by removing the active requirement for Handovers and all normal operation requirements. By restricting MS activity to scanning at discrete intervals, Idle Mode allows the MS to conserve power and operational resources.
Idle Mode helps the network and BS to conserve resources by eliminating the need to perform any link maintenance activity and handover related procedures for MS in idle mode.
Idle Mode: Theory of Operation (1)
The BS are divided into logical groups called paging groups. A BS may be a member of one or more paging groups.
MS in idle mode periodically monitors DL broadcast to determine the paging group of its current location. When MS detects that it has moved to a new paging group it performs location update, in which it informs the network its new location.
In case of pending DL traffic, the network needs to page the MS only in all BS belonging to the current paging group of the MS
Idle Mode: Theory of Operation (2)
On a periodic basis, the MS shall scan and synchronize on the DL for the preferred BS in order to decode any BS broadcast paging message
A BS Broadcast Paging message is an MS notification message indicating either the presence of DL traffic pending, through the BS or some network entity, for the specified MS or to poll the MS and request a location update without requiring a full network entry.
During idle mode MS can be in one of two states: paging-unavailable or paging-listen interval.
Paging-unavailable: MS is not available for paging and can power down or scan for neighbouring BS.
Paging-listen interval: MS listens to DCD and DL MAP of the serving BS to determine when the broadcast paging message is scheduled
Paging broadcast message can indicate pending DL traffic and instruct the MS to perform network re-entry, request MS to perform location update or indicate to the MS to return to paging unavailable state.
Mobility Management
Handover: The migration of the MS from the air interface of one BS to the air interface of another BS, while maintaining connection
Network topology advertisement: BS broadcasts information about the network topology using the MOB_NBR-ADV message: The message provides channel information for neighbouring base stations, which is normally
provided by each BS own DCD/UCD message. The BS obtains that information over the backbone.
MS scanning of neighbour BS: A BS may allocate time intervals to MS for the purpose of monitoring and measuring the radio conditions of neighbouring BS. The time during which the MS scans for available BS will be referred to as a scanning interval.
Handover may be MS initiated (typically in order to improve link quality) or BS initiated (typically to perform load balancing)
Handover Process
Scanning and target cell selection Based on certain triggers (e.g. CINR of target BS falls below 20dB, MS scans link quality of neighbouring BS
and select a suitable target BS.
Handover Initiation MS initiated using MOB_MSHO-REQ BS initiated using MOB_BSHO-REQ
Network re-entry with target BS Target BS DL SYNC and acquisition of DL/UL channel parameters
Using information from NBR-ADV, this process can be shortened Initial ranging or Handover ranging
MS RNG-REQ includes serving BS ID and target BS ID If the Target BS had previously received HO notification from Serving BS over the backbone then Target
BS may place a non-contention based Initial Ranging opportunity Negotiate Basic Capabilities, Authorization, etc. Handover optimization: target BS may request MS data from backbone to accelerate network entry. This data
may be used by the target BS to skip certain NE steps.
Termination of context with previous BS
Handover Messaging - Example
RNG-REQ
MS Serving BS
MOB_NBR-ADV
MOB_SCN-REQ
RNG-RSP
Target BS ASN-GW
Operational
MOB_SCN-RSP
Scanning & Association
MOB_MSHO-REQ
MOB_BSHO-RSP
MOB_HO-IND
Network re-entry
Obtain MS operational parameters
Operational
Association Coordination
Part IVNetwork Architecture
General Design Principles of the Architecture
Functional decomposition: Required features are decomposed into functional entities. The architecture shall specify open and well defined reference points between the functional entities.
Deployment modularity and flexibility: The architecture shall support a broad range of deployment options. It shall scale from the simple case of a single operator with a single base station to a large scale deployment by multiple operators with roaming agreements
Support of variety of usage models: Architecture shall support fixed, nomadic, portable and mobile usage models. Both Ethernet and IP services shall be supported.
Decoupling of access and connectivity services: The architecture shall allow decoupling of the access network from the IP connectivity network and services
Support for a variety of business models: The architecture shall allow for logical separation between the network access provider (NAP), the network service provider (NSP) and the application service provider (ASP)
Extensive use of IETF protocols: Network layer procedures and protocols used across the reference points shall be based on appropriate IETF RFCs.
Network Reference Model
Access Service Network (ASN) Functions
Access Service Network (ASN): Owned by the NAP and includes a complete set of network functions needed to provide radio access to a WiMAX subscriber: WiMAX L2 connectivity with the MS Network discovery and selection of the WiMAX subscriber’s preferred NSP AAA proxy: transfer of device and/or user credentials to selected NSP AAA and temporary
storage of user profiles. Relay functionality for establishing IP connectivity between MS and CSN Mobility related functions, such as handover, location management and paging within the
ASN, including support for mobile IP
ASN comprises network elements such as one or more Base Stations and one or more ASN Gateways.
BS is defined as representing one sector with one frequency assignment implementing the R1 interface. BS functions include scheduling, service flow management, admission control, tunnelling toward the ASN-GW, DHCP proxy, authentication relaying, user plane encryption
ASN-GW functions include ASN location management and paging, temporary caching of subscriber profiles and keying material, authenticator, service flow authorization and user plane routing
Connectivity Service Network (CSN) Functions
Connectivity Service Network (CSN): A set of network functions that provide IP connectivity services to the WiMAX subscribers. CSN provides the following functions: IP address allocation to the MS for user sessions AAA proxy or server for user and/or device authentication, authorization and accounting Policy and access control based on user subscription profiles Subscriber billing and inter-operator settlement Inter-CSN tunnelling for roaming Inter-ASN mobility and mobile IP home agent functionality Connectivity infrastructure for services such as Internet access, VPN and IP multimedia
CSN comprises network elements such as routers, AAA proxy/servers and subscribers database.
Protocol Layering
Control plane is based on UDP/IP Data plane is based on GRE tunnelling within the ASN and IP in IP tunnelling
between ASN and CSN WiMAX architecture is designed to support both IP packets and Ethernet packets,
using IP-CS and ETH-CS, respectively. Within the ASN packets can be either routed or bridged
Protocol Layer Architecture: IP-CS
Example presents a routed ASN. For bridged ASN, the shaded layers (GRE, IP) would be replaced by Ethernet layer
Protocol Layer Architecture: Ethernet-CS
Example presents a routed ASN. For bridged ASN, the shaded layers (GRE, IP) would not be needed
GRE Tunneling
Generic Routing Encapsulation (GRE) may be used as tunnelling mechanism across R4 or R6.
Allows for tunnelling of IP packets, Ethernet frames or WiMAX specific payload
DSCP in the Encapsulation IP Header specifies the QoS Class. Note that it MAY differ from the DSCP in the Encapsulated Payload.
Source and Destination IP Addresses specify the tunnel end points.
The meaning of the GRE Key value is defined by the node that allocates the Key value. GRE Key can indicate one of the following: Specific connection, in case classification is done by ASN-GW or Specific MS, in case classification is done by BS
The Sequence Number may be used for synchronization of Data Delivery during HO.
Network Discovery and Selection
In the general case, it is assumed that MS operates in an environment in which multiple access networks are available and multiple service providers are offering services over those networks. Mobile WiMAX specifies a process for network discovery and selection
NAP discovery MS detects available NAPs in a wireless coverage area based on
information broadcasted by BS (Operator ID). Operator ID is assigned by IEEE
NSP discovery MS discovers available NSPs associated with the discovered
NAPs based on information either broadcasted by the BS using System Identity Information message (SII-ADV) or unicasted to the MS (SBC-RSP). NSP ID is assigned by IEEE
NSP enumeration and selection MS selects preferred NSP based on dynamic information obtain
through the air interface and configuration information. Selection may be automatic or manual.
ASN attachment MS indicates its NSP selection by attaching to an ASN associated
with the selected NSP, and by providing its identity and home NSP domain in the form of NAI
The ASN uses the realm portion of the NAI to determine the next AAA hop to where the MS’s AAA packets should be routed.
IP Address Assignment (1)
Network Architecture supports either Mobile IP or Simple IP Mobile IP requires Home Agent Simple IP reduces scope of network and does not support mobility
Mobile IP is used to provide CSN Anchored Mobility CSN Anchored Mobility Management or Macro mobility is when the MS changes to a new
anchor Foreign Agent Mobile IP allows an MS to communicate with other nodes after changing its point of
attachment to the network For example, handover between BS on separate ASN-GW, or inter-technology handover
Mobile IP is achieved by allocating an MS both a Home Address (HoA) and a Care-of Address (CoA)
Two forms of Mobile IP are defined; Proxy Mobile IP (PMIP) and Client Mobile IP (CMIP) CMIP is required to enable Inter-technology handover
IP Address Assignment (2)
Dynamic Host Control Protocol (DHCP) is used as the primary mechanism to allocate IP address to the MS
The network architecture provides flexibility in allocating IP addresses to MS ASN-GW provides a DHCP Proxy Server
Mobile IP or Simple IP Home Agent can be configured with local pool of Mobile IP Addresses
Mobile IP only
ASN-GW can be configured with local pool of IP addresses Simple IP only
AAA Server can allocate IP addresses using IP Address Manager Mobile IP or Simple IP
Simple IP IP address is either assigned from local address pool, or retrieved as RADIUS attributes from
AAA Server
The ASN-GW DHCP proxy is used to transfer IP address information to MS
Authentication and Security Architecture
Designed to support all IEEE 802.16 security services using EAP based AAA framework.
Supports both user and device authentication Supported EAP methods: EAP-TLS and EAP-TTLS
In addition, AAA framework is used for service flow authorization, QoS policy control and secure mobility management
AAA framework basic steps: MS sends a request to the network access server (NAS) function in the
ASN NAS forwards the request to the service provider AAA server (NAS acts as
an AAA client on behalf of the user) AAA server evaluates the request and returns an appropriate response to
the NAS NAS sets up a service and notifies the MS
ASN Security Architecture
Authenticator (ASN-GW or BS) Communicates with the AAA server using RADIUS/DIAMETER
Authentication Relay (BS) Functional entity that relays EAP packets to the authenticator via an authentication relay protocol
Key Distributor (ASN-GW or BS) Functional entity that holds the keys (MSK and PMK) generated during the EAP exchange
The MSK is sent to the Key Distributor from the home AAA server, and the PMK is derived locally from the MSK.
Derives AK and creates AKID for an <MS, BS> pair and distributes the AK and its context to the Key Receiver in a BS via an AK Transfer protocol
Key Receiver (BS) Holds the AK and responsible for generation of IEEE 802.16e specified keys from AK
Authentication Protocols
PKMv2 is used to perform over-the-air user/device authentication. PKMv2 transfers EAP over the IEEE 802.16 air interface between MS and BS in ASN.
Depending on the Authenticator location in the ASN, a BS may forward EAP messages over authentication relay protocol (e.g. over R6 reference point) to Authenticator.
The AAA client on the Authenticator encapsulates the EAP in AAA protocol packets and forwards them via one or more AAA proxies to the AAA Server in the CSN of the home NSP
Authentication Procedure
MS BS
EAP Request/Identity
Authenticator (ASN)
AAA Server
Network Entry
Link Activation
EAP Response/Identity
EAP over RADIUS
MSK and EMSK EstablishementMSK
PMK derivation from MSK
AK derivation from MSK
AK
SA-TEK Challenge
SA-TEK Request
SA-TEK Response
Key Request
Key Reply
Initial network entry and negotiation
Exchange of EAP messages Establishment of the shared
master session key (MSK) Generation of authentication
key (AK) Transfer of authentication
key Transfer of security
associations Generation and transfer of
traffic encryption keys (TEK)
Service flow creation
Quality of Service Architecture
Architecture designed to support static and dynamic service flow provisioning
Home Policy Function (PF) Contains policy database of the home NSP and evaluates service
requests against these policies. Requests may come from the SFA or from the AF
Application Function (AF) An entity that can initiate service flow creation on behalf of a
user, e.g. SIP proxy client
AAA server Holds users QoS profile and associated policy rules
Option 1: The information is downloaded to the SFA during NE as part of the authentication and authorization procedure
Option 2: AAA server can provision the PF with subscriber related information and the PF shall determine how incoming SF are handled
Service Flow Authorization (SFA) Evaluates SF request against user QoS profile (in case AAA
information was downloaded to SFA)
Service Flow Management (SFM) Responsible for creation, admission, activation, modification
and deletion of SF
Service Flow Creation (Static)
Example assumes users associated policies were downloaded to the SFA from the AAA
Based on Resource Reservation Request/Response
ASN Gateway: Mobility Function
Handover may be MS initiated (typically for link quality maintenance) or ASN initiated (typically for load balancing)
ASN anchored mobility – anchored Foreign Agent (FA) unchanged No impact on IP level
Data Path function (DPF): responsible for setting up and managing bearer paths needed for data packet transmission.
Handover function (HO): responsible for making HO decisions and performing the signalling procedures related to HO
Context function: responsible for exchange of state information among network elements impacted by HO
CSN anchored mobility – anchored FA changed Involves mobility across different IP subnets and therefore
requires IP layer mobility management
Two types of Mobile IP implementations are defined
Client MIP – based on mobile IP client at the MS
Proxy MIP – ASN-GW implements the mobile IP client on behalf of the MS. PMIP is transparent to the MS.
R3R3
R4
R6 R6
R6
R8
HA
BS1
ASN-GW1
ASN-GW2
BS2 BS3
R1 R1
R1
Handover ProceduresMS Initiated – preparation phase
Handover ProceduresMS Initiated – action phase
Anchor ASN-GW
MS Serving BSServing/Target
ASN-GWTarget BS’s
MOB_HO-IND
HO_cnf
HO_Ack
Authenticator
HO_cnf
HO_Ack
Context_Req
Context_Rpt
Context_Req
Context_Rpt
Path_Prereg_Req
Path_Prereg_Req
Path_Prereg_Rsp
Path_Prereg_Rsp
Path_Prereg_Ack
Path_Prereg_Ack
RNG-REQ
Path_Reg_Req
Path_Reg_Req
Path_Reg_Rsp
Path_Reg_Rsp
RNG-RSP
CMAC_Key_Count_Update
CMAC_Key_Count_Update
CMAC_Key_Count_Update_Ack
CMAC_Key_Count_Update_Ack
Path_Dereg_Req
Path_Dereg_Req
Path_Dereg_Rsp
Path_Dereg_Rsp
Path_Dereg_Ack
Path_Dereg_Ack
HO_Complete
HO_Complete
Paging and Idle Mode Operation
Paging is the method used to alert an idle MS about incoming message. Paging architecture is based on three functional entities
Paging Controller (PC)
Administrates activities of idle mode MS
Typically located at the ASN-GW
Paging Agent (PA)
BS functional entity that handles interaction between PC and air interface related paging functionalities
One or more PA can form a Paging Group (PG), which is managed by the network operator. PA may belong to more than one PG
Location Register (LR)
A database containing information on idle mode MS (e.g. PGID, paging cycle, paging offset, SF information)