UE开机,通过小区选择和小区重选,驻留到合适的小区后,就进行”Initial EPS Attach”的过程。通过初始EPS附着,UE可以在EPS网络进行分组域服务的注册,同时,建立缺省的EPS承载,进行用户数据的传输。(3GPP 23.401和29.274)。
步骤1:
message c1 : rrcConnectionRequest :
{
criticalExtensions rrcConnectionRequest-r8 :
{
ue-Identity randomValue : '11110111 01001110 00000010 10000110 100 ...'B,
establishmentCause mo-Signalling,
spare '0'B
}
rrcConnectionReqest是在SRB0上传输的, SRB0一直存在, 用来传输映射到CCCH 的RRC信令。
在此消息中, UE-Identity 的目的是为了底层随机接入的竞争消除。它可以是S-TMSI,也可以是UE生成的随机数。在InitialEPSAttach的过程中,UE还没有获得S-TMSI,因此包含了一个40位的随机值。
NAS层通过establishmentCause指明连接的原因。
步骤2:RRCConnectionSetup
message c1 : rrcConnectionSetup :
{
rrc-TransactionIdentifier 0,
criticalExtensions c1 : rrcConnectionSetup-r8 :
{
radioResourceConfigDedicated
{
srb-ToAddModifyList
{
{
srb-Identity 1,
rlc-Configuration defaultValue : NULL,
logicalChannelConfig defaultValue : NULL
}
},
mac_MainConfig
{
...
}
physicalConfigDedicated
{
。。。
}
}
}
}
通过底层的竞争接入冲突解决机制,UE接收到NodeB的rrcConnectionSetup信令,建立了UE与ENodeB之间的SRB1,NodeB为SRB1配置RLC层和逻辑层信道的属性。ENodeB还可以在此信令中对MAC层和物理层进行配置,如果NodeB没有对此进行配置, 36.331中定义了MAC 层和物理层的缺省值。
UE收到NodeB的rrcConnectionSetup信令后,UE和NodeB之间的SRB1就建立起来了。
步骤3:RRCConnectionSetupComplete
UL-DCCH-Message =
message = c1 = rrcConnectionSetupComplete =
rrc-TransactionIdentifier = 0
criticalExtensions = c1 = rrcConnectionSetupComplete-r8 =
selectedPLMN-Identity = 1
dedicatedInfoNAS = 。。。
在UE接收到RRCConnectionSetup消息后,向NodeB发送一个RRCConnectionSetupComplete消息。其中, selectedPLMN-Identity表示UE选中的PLMN在SIB1中广播的PLMN List中的序号值。
RRCConnectionSetupComplete消息中的dedicatedInfoNAS包含了NAS层的信令,在EUTRAN中UE的初始接入过程中,NAS层信令通常是EMM层的AttachRequest消息和ESM层的PDNConnectivityRequest消息。
Msg
aTTACH_REQUEST
securityHeaderType = '0000'B
protocolDiscriminator = '0111'B
messageType = '01000001'B
nasKeySetId
iei = Omit
tsc = '0'B
nasKeySetId = '111'B
epsAttachType
spare = '0'B
typeValue = '001'B
oldGutiOrImsi
iei = Omit
iel = '0B'O
idDigit1 = '1111'B
oddEvenInd = '0'B
typeOfId = '110'B
otherDigits = '00F11000010112345678'O
ueNetworkCapability
iei = Omit
iel = '02'O
networkCap = 'C0C0'O
esmMessage
iei = Omit
iel = '0005'O
esmPdu = '0201D031D1'O
oldPtmsiSignature = Omit
additionalGuti = Omit
lastVisitedRegisteredTai
iei = '52'O
plmnId = '00F110'O
tac = '0001'O
drxParameter = Omit
msNetworkCapability = Omit
oldLai = Omit
tmsiStatus = Omit
msClassmark2 = Omit
msClassmark3 = Omit
supportedCodecList = Omit
PiggybackedPduList
NAS_UL_Pdu_Type
Msg
pDN_CONNECTIVITY_REQUEST
epsBearerId = '0'H
protocolDiscriminator = '0010'B
procedureTransactionIdentifier = '01'O
messageType = '11010000'B
pdnType
spare = '0'B
typeValue = '011'B
requestType
spare = '0'B
typeValue = '001'B
esmInfoTransferFlag
iei = 'D'H
spare = '000'B
eitValue = '1'B
accessPointName = Omit
protocolConfigurationOptions = Omit
PiggybackedPduList = Omit
在AttachRequest中,oldGutiOrImsi会被MME用来在HSS中查询用户的签约信息。其中<GUTI> = <GUMMEI><M-TMSI>。M-TMSI是32位的在MME内UE的ID。而<GUMMEI> = <MCC><MNC><MME Identifier>
<MME Identifier> = <MMEGI><MMEC>
MMGI= MME Group ID, MMEC = MME Code。
由于RRCConnectionSetupComplete消息是明文传送的,为了保护IMSI的私密性,应尽量减少IMSI在空口传播,GUTI的使用就是为了这个目的。当然,手机初始附着,由于不存在OldGUTI,还是会发送一次IMSI。如果eNodeB给UE找到的MME不是之前detach那个MME,新的MME将通过old GUTI找到旧的MME(即上次detach时的MME),再发送Identification Request(GTP-C)消息给旧的MME以获得手机的IMSI。这个Identification Request消息包含old GUTI和完整的Attach请求消息。如果(新的)MME仍然无法得到UE的IMSI, MME会发送IdentityRequest消息给UE, 要求UE上报自己的IMSI。
drxParameter指明UE特定的DRX相关参数。UE通过此参数通知EUTRAN自己特定的寻呼周期, 系统广播消息SIB2中的PCCH Config参数中也定义了缺省的寻呼周期,在这种情况下,UE使用两者中的最小值。
lastVisitedRegisteredTai用来帮助MME生成有效的TAI列表,MME将在Attach Accept消息中返回给UE。
ueNetworkCapability包含NAS和AS的安全参数
pdnType 表示PDN连接的IP类型。(IPv4、IPv6或者IPv4/IPv6)
步骤4:Initial UE Message
eNodeB接收到RRCConnectionComplete消息后,根据里面的信息,选定相应的MME,然后通过eNodeB和MME之间的S1-C接口发送Initial UE Message给MME。在此消息中, eNodeB将UE发送的NAS消息转发给MME(36。413),除此之外,在此消息中,还包括如下项:
| IE/Group Name | Presence |
| Message Type | M |
| eNB UE S1AP ID | M |
| NAS-PDU | M |
| TAI | M |
| E-UTRAN CGI | M |
| RRC Establishment cause | M |
| S-TMSI | O |
| CSG Id | O |
| GUMMEI | O |
| Cell Access Mode | O |
其中eNB UE S1AP ID 值表示在此eNodeB中UE的S1接口。MME侧将利用此标识来确定UE所对应的S1-C逻辑连接。
TAI值由PLMN IDentitity和TAC组成, 唯一表示了UE的Tracking Area。
MME接收到Initial UE Message后,进行网络和UE之间NAS层的安全认证过程。(参见另外的文章)。
NAS层的安全认证成功后,MME会向HSS发送Update Location Request消息,向HSS更新自己的位置信息。同时,MME向HSS请求用户的APN签约信息。包括缺省的APN设置,每个APN对应的PDN类型, 缺省的EPS Bearer 的QOS设置等。
此后,MME就可以与SGW,PGW进行信令交互,为缺省的EPS Bearer建立用户面和控制面的GTP Tunnel 了(GTP隧道)。
对于每个PDN的连接,需要建立一个控制面的GTP Tunnel(GTP-C),包括MME和SGW之间的S11接口和SGW和PGW之间的S5接口。对于每个EPS Bearer,需要建立一个用户面的GTP Tunnel(GTP-U),包括eNodeB 和SGW之间的S1-U接口和SGW和PGW之间的S5接口。
在LTE中, GTP-U使用的版本号为1, 注册的UDP端口号为2152。GTP-C使用的版本号为2, 注册的UDP端口号为2123。
在GTP的头部中,有一个重要的字段,叫做隧道端点标识符(TEID),标识了对端的GTP-U或GTP-C协议中的隧道端点。由GTP隧道的接收端分配本地TEID值,供GTP隧道的发起方使用。通过GTP-C消息在隧道的两个端点间交换TEID(包含在FTEID内)值。通过IP地址,端口号,以及TEID值就可以唯一确定一个GTP的隧道。
MME分配相应的缺省EPS Bearer ID(即EBI),构造S11接口(控制面)上GTP-C Tunnel的MME端标识MME F-TEID (注意,此信令中只有S11上的控制面TEID,而不包含S1-U的用户面FTEID,S1-U的控制面终结在eNodeB和SGW之间,eNodeB的FTEID-U 在后面的Modify Bearer Request消息中发送), 向GW发送Create Session Request消息。
在Create Session Request中,主要包含如下一些主要内容
(1) 用户的身份标识,如IMSI, MSISDN, MEI, ULI (User Location Information)等
(2) 用户接入网的一些信息,(E-UTRAN, UTRAN等)
(3) 服务网络的信息,包括MCC, MNC等。
(4) GTP-C Tunnel的信息, 包括MME F-TEID
(5) S5/S8 Interface 的信息,包括协议类型(GTP-C),PDN 的地址(包含在PDN F-TEID内)。(另外一个可能的协议类型就是PMIPV6)。
(6) PDN的类型(IPV4,IPV6或者IPV4、IPV6),APN,
(7) 将要建立的Default EPS Bearer的相关信息,包括EBI (EPS Bearer ID), QoS, APN-AMBR等,以及用于切换时的Indication Header等。
Create Session Request
Flags: 72
010. .... = Version: 2
.... 1... = T: 1
Message Type: Create Session Request (32)
Message Length: 201
Tunnel Endpoint Identifier: 0 (SGW的TEID值,由于此时并没有建立GTP-C,因而取值为零)
Sequence Number: 7660
Spare: 45056
International Mobile Subscriber Identity (IMSI)
。。。
RAT Type :
IE Type: RAT Type (82)
IE Length: 1
000. .... = CR flag: 0
.... 0000 = Instance: 0
RAT Type: EUTRAN (6)
Fully Qualified Tunnel Endpoint Identifier (F-TEID) :
IE Type: Fully Qualified Tunnel Endpoint Identifier (F-TEID) (87)
IE Length: 9
000. .... = CR flag: 0
.... 0000 = Instance: 0
1... .... = V4 (True-IPV4 address field Exists,False-Doesn't Exist in F-TEID): True
.0.. .... = V6 (True-IPV6 address field Exists,False-Doesn't Exist in F-TEID): False
...0 1010 = Interface Type: S11 MME GTP-C interface (10)
TEID/GRE Key: 3300033 (TEID值是由接收端分配而由发送端使用)
F-TEID IPv4: 30.0.1.1 (30.0.1.1)
Fully Qualified Tunnel Endpoint Identifier (F-TEID) :
IE Type: Fully Qualified Tunnel Endpoint Identifier (F-TEID) (87)
IE Length: 9
000. .... = CR flag: 0
.... 0001 = Instance: 1
1... .... = V4 (True-IPV4 address field Exists,False-Doesn't Exist in F-TEID): True
.0.. .... = V6 (True-IPV6 address field Exists,False-Doesn't Exist in F-TEID): False
...0 0111 = Interface Type: S5/S8 PGW GTP-C interface (7)
TEID/GRE Key: 0
F-TEID IPv4: 20.0.0.1 (20.0.0.1)
PDN Type :
IE Type: PDN Type (99)
IE Length: 1
000. .... = CR flag: 0
.... 0000 = Instance: 0
.... .001 = PDN Type: IPv4 (1)
Selection Mode :
IE Type: Selection Mode (128)
IE Length: 1
000. .... = CR flag: 0
.... 0000 = Instance: 0
.... ..00 = Selection Mode: MS or network provided APN, subscribed verified (0)
PDN Address Allocation (PAA) :
IE Type: PDN Address Allocation (PAA) (79)
IE Length: 5
000. .... = CR flag: 0
.... 0000 = Instance: 0
.... .001 = PDN Type: IPv4 (1)
PDN IPv4: 0.0.0.0 (0.0.0.0)表示需要PGW分配IPV4 Address
Indication :
IE Type: Indication (77)
IE Length: 2
000. .... = CR flag: 0
.... 0000 = Instance: 0
0... .... = DAF (Dual Address Bearer Flag): False
.0.. .... = DTF (Direct Tunnel Flag): False
..0. .... = HI (Handover Indication): False
...0 .... = DFI (Direct Forwarding Indication): False
.... 0... = OI (Operation Indication): False
.... .0.. = ISRSI (Idle mode Signalling Reduction Supported Indication): False
.... ..0. = ISRAI (Idle mode Signalling Reduction Activation Indication): False
.... ...0 = SGWCI (SGW Change Indication): False
.... 0... = PT (Protocol Type): False
.... .0.. = TDI (Teardown Indication): False
.... ..0. = SI (Scope Indication): False
.... ...0 = MSV (MS Validated): False
Access Point Name (APN) :
IE Type: Access Point Name (APN) (71)
IE Length: 18
000. .... = CR flag: 0
.... 0000 = Instance: 0
APN (Access Point Name): apn-1.example.com
APN Restriction :
IE Type: APN Restriction (127)
IE Length: 1
000. .... = CR flag: 0
.... 0000 = Instance: 0
APN Restriction: 0
Aggregate Maximum Bit Rate (AMBR) :
IE Type: Aggregate Maximum Bit Rate (AMBR) (72)
IE Length: 8
000. .... = CR flag: 0
.... 0000 = Instance: 0
AMBR Uplink (Aggregate Maximum Bit Rate for Uplink): 655360000
AMBR Downlink(Aggregate Maximum Bit Rate for Downlink): 655360000
Bearer Context : [Grouped IE]
IE Type: Bearer Context (93)
IE Length: 31
000. .... = CR flag: 0
.... 0000 = Instance: 0
EPS Bearer ID (EBI) :
IE Type: EPS Bearer ID (EBI) (73)
IE Length: 1
000. .... = CR flag: 0
.... 0000 = Instance: 0
.... 0101 = EPS Bearer ID (EBI): 5
Bearer Level Quality of Service (Bearer QoS) :
IE Type: Bearer Level Quality of Service (Bearer QoS) (80)
IE Length: 22
000. .... = CR flag: 0
.... 0000 = Instance: 0
.... ...1 = PVI (Pre-emption Vulnerability): True
..00 00.. = PL (Priority Level): 0
.0.. .... = PCI (Pre-emption Capability): False
Label (QCI): 9
Maximum Bit Rate For Uplink: 65535000
Maximum Bit Rate For Downlink: 65535000
Guaranteed Bit Rate For Uplink: 0
Guaranteed Bit Rate For Downlink: 0
接收到MME发送的Create Session Request消息后,SGW会为S5接口上的GTP Tunnel创建SGW侧的标识,以供PGW侧发来的下行GTP Tunnel使用。由于S5接口上既包含有UE用户面的数据,也包含有控制面的数据。因此,需要建立GTP-C和GTP-U的Tunnel,SGW需要创建SGW GTP-C的FTEID 和SGW GTP-U的FTEID。
SGW向PGW发送Create Session Request消息, 包含上述 TEID信息和接收到MME的Create Session Request中的部分信息。
PGW为UE分配相应的IP地址,建立UE到PDN之间的路由。返回Create Session Response 给SGW。Create Session Response的内容包括有:分配的PDN Address,以及PGW TEID-C和PGW TEID-U等。 这样SGW和PGW之间的EPS Bearer就建立起来了。SGW分配SGW TEID-C 和SGW TEID-U,并将他们包含在返回给MME的Create Session Response中。Create Session Response中的GTP Header的TEID值取为SGW在Create Session Request中报上来的SGW FTEID-C。
GPRS Tunneling Protocol V2
Create Session Response
Flags: 72
010. .... = Version: 2
.... 1... = T: 1
Message Type: Create Session Response (33)
Message Length: 126
Tunnel Endpoint Identifier: 3300033
Sequence Number: 7660
Spare: 45056
Cause :
IE Type: Cause (2)
IE Length: 2
000. .... = CR flag: 0
.... 0000 = Instance: 0
Cause: Request accepted (16)
.... ...0 = Cause Source (CS: True-Error originated by remote node, False-Error originated by Node sending the Message): False
PDN Address Allocation (PAA) :
IE Type: PDN Address Allocation (PAA) (79)
IE Length: 5
000. .... = CR flag: 0
.... 0000 = Instance: 0
.... .001 = PDN Type: IPv4 (1)
PDN IPv4: 40.0.0.1 (40.0.0.1)为UE分配的IPV4地址
Fully Qualified Tunnel Endpoint Identifier (F-TEID) :
IE Type: Fully Qualified Tunnel Endpoint Identifier (F-TEID) (87)
IE Length: 9
000. .... = CR flag: 0
.... 0000 = Instance: 0
1... .... = V4 (True-IPV4 address field Exists,False-Doesn't Exist in F-TEID): True
.0.. .... = V6 (True-IPV6 address field Exists,False-Doesn't Exist in F-TEID): False
...0 1011 = Interface Type: S11/S4 SGW GTP-C interface (11)
TEID/GRE Key: 1
F-TEID IPv4: 30.0.2.1 (30.0.2.1)
Fully Qualified Tunnel Endpoint Identifier (F-TEID) :
IE Type: Fully Qualified Tunnel Endpoint Identifier (F-TEID) (87)
IE Length: 9
000. .... = CR flag: 0
.... 0001 = Instance: 1
1... .... = V4 (True-IPV4 address field Exists,False-Doesn't Exist in F-TEID): True
.0.. .... = V6 (True-IPV6 address field Exists,False-Doesn't Exist in F-TEID): False
...0 0111 = Interface Type: S5/S8 PGW GTP-C interface (7)
TEID/GRE Key: 1
F-TEID IPv4: 20.0.0.1 (20.0.0.1)
APN Restriction : (具体内容请参见29.274)
IE Type: APN Restriction (127)
IE Length: 1
000. .... = CR flag: 0
.... 0000 = Instance: 0
APN Restriction: 0
Bearer Context : [Grouped IE]
IE Type: Bearer Context (93)
IE Length: 63
000. .... = CR flag: 0
.... 0000 = Instance: 0
EPS Bearer ID (EBI) :
IE Type: EPS Bearer ID (EBI) (73)
IE Length: 1
000. .... = CR flag: 0
.... 0000 = Instance: 0
.... 0101 = EPS Bearer ID (EBI): 5
Fully Qualified Tunnel Endpoint Identifier (F-TEID) :
IE Type: Fully Qualified Tunnel Endpoint Identifier (F-TEID) (87)
IE Length: 9
000. .... = CR flag: 0
.... 0000 = Instance: 0
1... .... = V4 (True-IPV4 address field Exists,False-Doesn't Exist in F-TEID): True
.0.. .... = V6 (True-IPV6 address field Exists,False-Doesn't Exist in F-TEID): False
...0 0001 = Interface Type: S1-U SGW GTP-U interface (1)
TEID/GRE Key: 33
F-TEID IPv4: 30.0.2.1 (30.0.2.1)
Fully Qualified Tunnel Endpoint Identifier (F-TEID) :
IE Type: Fully Qualified Tunnel Endpoint Identifier (F-TEID) (87)
IE Length: 9
000. .... = CR flag: 0
.... 0001 = Instance: 1
1... .... = V4 (True-IPV4 address field Exists,False-Doesn't Exist in F-TEID): True
.0.. .... = V6 (True-IPV6 address field Exists,False-Doesn't Exist in F-TEID): False
...0 0101 = Interface Type: S5/S8 PGW GTP-U interface (5)
TEID/GRE Key: 33
F-TEID IPv4: 20.0.0.1 (20.0.0.1)
Cause :
IE Type: Cause (2)
IE Length: 2
000. .... = CR flag: 0
.... 0000 = Instance: 0
Cause: Request accepted (16)
.... ...0 = Cause Source (CS: True-Error originated by remote node, False-Error originated by Node sending the Message): False
Bearer Level Quality of Service (Bearer QoS) :
IE Type: Bearer Level Quality of Service (Bearer QoS) (80)
IE Length: 22
000. .... = CR flag: 0
.... 0000 = Instance: 0
.... ...0 = PVI (Pre-emption Vulnerability): False
..00 00.. = PL (Priority Level): 0
.0.. .... = PCI (Pre-emption Capability): False
Label (QCI): 9
Maximum Bit Rate For Uplink: 65535000
Maximum Bit Rate For Downlink: 65535000
Guaranteed Bit Rate For Uplink: 0
Guaranteed Bit Rate For Downlink: 0
Recovery (Restart Counter) :
IE Type: Recovery (Restart Counter) (3)
IE Length: 1
000. .... = CR flag: 0
.... 0000 = Instance: 0
Restart Counter: 0
MME接收到SGW发送的Create Session Response后,在相应的TAI中为UE注册。并且构造NAS层的相应消息,包括EMM层的Attach Accept消息和ESM层的Activate Default EPS Bearer Context 消息。相应的TAI列表也返回给eNodeB,MME还为UE分配相应的GUTI。MME将上述信息通过InitalContext Setup Request消息返回给eNodeB。SGW的上行GTP-U的TEID值也包含在InitialContextSetupRequeset消息中。
扫一扫
1658
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
