You are on page 1of 8

LTE NAS Procedures Abstract Non-Access Stratum is a functional layer protocol stack between core network and UE in LTE.

For LTE, t is t!e !i"!est stratum in t!e control plane between UE and ##E. NAS layer runs o$er Uu interface between UE and eN%, and o$er S&-##E interface between eN% and ##E. T!e main functions for NAS protocols are '&(mobility mana"ement, ')(session mana"ement, '*(connection mana"ement and '+(security. Security !as two aspects, inte"rity and cip!erin". T!is article describes all t!e NAS procedures and rele$ant concepts. 1. Introduction UTRAN is access network for LTE. Whenever UE does any signaling message exchanges related to radio resources and accessing the UTRAN those are Access !tratum "rocedures. After ac#uiring radio resources UE needs to communicate to core network nodes. All signaling message exchanges related to accessing the core network are Non$Access !tratum "rocedures. The su%se#uent cha"ters of this article descri%es E&& E'& and E!& NA! "rocedures their su%$categories and other related conce"ts. 2. EMM E&& "rotocol "rovides elementary "rocedures for UE(s mo%ility when UE uses E$UTRAN. !uch "rocedures include determining UE)s location user)s authentication confidentiality and connection management. The "rocedure is a grou" of NA! messages exchange like re#uest and res"onse with s"ecific "ur"ose. There are two kinds of E&& elementary "rocedures* common "rocedures and s"ecific "rocedures. a. Relationship among EMM procedures The E&& common "rocedures are invoked o"tionally %y some of the E&& s"ecific "rocedures. +f one look at this from o%,ect oriented design "oint of view this is like aggregation relationshi" where s"ecific "rocedures are -whole. and common "rocedure/s0 are -"art.. The %elow diagrams de"icts this relationshi" with U&L notations.

EMM Elementary Procedures

EMM Specific Procedures

EMM Common Procedures

Mobility

Connection s

The class diagram looks like 'om"osite design "attern. This diagram does not indicate any s"ecific NA! module design neither at UE nor at &&E. The italic fonts indicates a%stract class. All the "rocedures in the diagrams are ,ust categories. The su%se#uent sections descri%e all "rocedures which %elong to these categories. E&& s"ecific "rocedure has s"ecific "ur"ose of /10 mo%ility management and /20 connection management. b. EMM Mobilit Management The mo%ility management s"ecific "rocedures are /10Attach /203etach and /40 TAU. The attach "rocedures and detach "rocedures are similar to such "rocedures in 56R! and U&T!. When UE is "owered 7N or enters to LTE coverage area it "erforms attach "rocedure. At the time of "ower 788 UE "erforms detach "rocedure. U&T! coverage area is su%divided in multi"le Routing Areas /RAs0 same way LTE coverage area is su%divided in multi"le Trekking Areas /TAs0. Any TA is formed %y coverage are of a grou" of cell sites /eN9s0. The eN9 %roadcasts TA+. Whenever the any UE detects the TA+ change due to UE(s mo%ility UE informs the network a%out its new TA or TA list. UE invokes the -normal TAU "rocedure.. Even the stationary UE "eriodically re"orts its TA with -"eriodic TAU "rocedure.. !ombined procedures

The LTE network also su""orts com%ined attach com%ined detach and com%ined TAU "rocedure. The com%ined "rocedures differ from the normal "rocedures %y "resence of few o"tional +Es. The com%ined "rocedures save radio resources as the LTE networks intimate the legacy 56R! : U&T! network a%out UE attach detach and "eriodic u"date over wireline interface. !o UE does not need to "erform similar "rocedures over legacy network. Thus the com%ined "rocedures also save UE(s %attery. ;owever such su""orts are o"tional for LTE network de"loyment.

56R! &! have three categories* class A class 9 and class '. The similar way LTE UE %elongs to three categories. The -6! only mode. UE works only with LTE networks. These UEs are not mo%ile handsets %ut they are U!9 dongle or 6' card. They never "erform com%ined "rocedure. The -6! only mode. UE is similar to class ' 56R! &!. The other two LTE UE categories are -'!:6! mode 1 UE. and -'!:6! mode 2 UE.. They are dual mode UEs. +f UE is under coverage of %oth LTE and legacy 56R!:U&T! then -'!:6! mode 1 UE. "refers non$E6! /56R!:U&T!0 service and mode 2 UE "refers E6!/LTE0 service. ;owever they can attach to %oth networks /10 E6!/LTE0 network and /20 non$E6! /legacy 56R!:U&T!0 network. EMM "SM

E&& 8!& has seven states. /10 E&& Null /20 E&& 3eRegistered /40 E&& 3eRegistered initiated /<0 E&& Registered /=0 E&& Registered initiated />0 E&& TAU initiated /?0 E&& !ervice Re#uest initiated. 7ut of these seven states most of them are transient states. E&& 8!& has ma,or two states only. E&& 3eRegistered and E&& Registered. They are corres"ond to UE is detached from LTE network and UE is attached to LTE network res"ectively. c. EMM !onnection Management #E!M$ The connection is esta%lished %etween UE and &&E for session management and for !&! transfer. The connection management s"ecific "rocedures are* "aging '! service notification service re#uest extended service re#uest and trans"ort of NA!. Paging

The LTE networks su""orts only 6! data call. The UE can receive "aging signal for incoming 6! data call. The legacy networks /5!& and U&T!0 su""ort %oth '! voice call and 6! data call. The network can send "aging signal to UE for incoming '! voice call using LTE E$UTRAN. Thus "aging "rocedure is used for incoming '! voice call and 6! data call %oth. The 6aging E'& s"ecific "rocedure is used %y network to esta%lish NA! context for incoming '! or 6! call. The NA! context consists of security "arameters %etween UE and &&E for NA! message exchanges. +n the a%sence of NA! context the first message will not %e encry"ted. The E&& "rocedures may invoke other common E&& "rocedure for security "ur"ose. 7ver the air interface Uu RR' "rotocol carries NA! messages and "rovides ci"hering and data integrity %oth. +n addition to that the NA! security module "rovides data integrity and o"tionally ci"hering of the NA! messages. 5enerally LTE network address the UE with its !$T&!+ in -6aging. "rocedure. ;owever if &&E restart or somehow &&E lost !$T&!+ of UE then it uses +&!+. The usage of +&!+ over air interface is rare case and is used to only recover from the error in a%normal conditions. !S Ser%ice Noti&ication

The "aging "rocedure is used to esta%lish NA! context. +f &&E already has valid NA! context for a UE then &&E does not invoke "aging "rocedure for incoming '! call. +nstead of "aging "rocedure &&E invokes @'! !ervice Notification( "rocedure for incoming '! call from legacy 5!& and U&T! networks. Ser%ice Re'uest

UE initiates -!ervice Re#uest. E'& s"ecific "rocedure in res"onse to "aging. After successful -!ervice Re#uest. "rocedure for connection management the E'& 8!& transits to E'& connected /E&& connected0 state. E(tended Ser%ice Re'uest

The -Extended !ervice Re#uest. "rocedure is a variant of -!ervice Re#uest. "rocedure. +t is used for '! fall%ack for voice call and handoff with non$4566 networks. The exam"les of non$4566 networks are '3&A network EA37 /;R630 network Wi&AB network etc. Transport o& NAS

The -Trans"ort of NA!. E'& s"ecific "rocedure is used for sending or receiving !&! over LTE network. E!M "SM

E'& can have its 8!&. 8or E&& Registered state E'& 8!& has two states. /10 E'& idle and /20 E'& connected. They are also known as E&& +dle and E&& 'onnected res"ectively. d. !ommon Procedure The E&& common "rocedures are invoked o"tionally %y E&& s"ecific "rocedures. They are related to security as"ects like authentication and ci"hering. 8or exam"le E&& mo%ility management s"ecific "rocedure named Attach may invoke other E&& common "rocedure/s0 like /105UT+ relocation /20Authentication /40!ecurity &ode control /<0+dentification /=0E&& +nformation and />0E!& +nformation. Another exam"le E&& connection management s"ecific "rocedure -!ervice Re#uest. may initiate o"tional common "rocedure/s0* /10 Authentication and:or /20 !ecurity &ode 'ontrol. All the common "rocedures are o"tional. These common "rocedures set security "arameters at NA! context. e. EMM Summar &ost of the E&& s"ecific "rocedures for mo%ility management and connection management are initiated %y UE. -6aging. and -'! service notification. "rocedures are always initiated %y network. -3etach. and -Trans"ort of NA!. "rocedures can %e invoked %y either network or UE. ;ere the #uick reca" of all E&& s"ecific "rocedures. E&& Elementary "rocedures* 1. &o%ility management s"ecific "rocedure a. Attach i. Attach ii. 'om%ined Attach %. 3etach i. 3etach ii. 'om%ined 3etach c. TAU i. Normal TAU ii. 6eriodic TAU 2. 'onnection &anagement s"ecific "rocedure

a. !ervice Re#uest i. !ervice Re#uest ii. Extended !ervice Re#uest %. 6aging i. With !$T&!+ ii. With +&!+ c. '! !ervice Notification d. Trans"ort of NA! /for !&!0 4. 'ommon "rocedure a. 5UT+ reallocation %. Authentication c. !ecurity &ode control d. +dentification e. E&& information f. E!& information ). ESM* +se&ul concepts a. Multiple ESM The NA! "rocedures for E&& and E'& a""ly "er UE so UE software can have single instance of E'& module and single instance of E&& module. ;owever the NA! "rocedures for E!& are for session management. A UE can have multi"le active sessions /E6! %earers0. Each %earer has its own E!& 8!&. !o UE software can have multi"le instances of E!& module. b. P,N and APN LTE infrastructure includes eUTRAN and E6'. 63N is some network external to o"erator(s LTE infrastructure. The +nternet is the most common exam"le of 63N. 7ther "ossi%le 63N exam"les can %e +&! network cor"orate A6N &&! etc. +f one look at the %ig "icture LTE or any other wireless network ,ust "rovides layer$2 connectivity %etween UE and 63N. !o the UE can transfer its layer$4 user "ackets /most likely +6 "ackets0 to external network 63N /most likely +nternet0. The @name of 63N( is @A6N value(. The 6$5W node is at %oundary %etween LTE network and 63N. !o generally A6N value is 8C3N which ma" to +6 address of 6$5W %y 3N! server. This 3N! server is "rivate one and accessi%le only within 6L&N. c. EPS bearer An E6! %earer connects UE and exit gateway /6$5W0 of LTE network. Unlike U&T! in LTE one default %earer is esta%lished during attach "rocedure itself. LTE NA! "rocedure standard also recommends %undling of LTE E&& NA! "rocedure and E!& NA! "rocedure in a single "acket. The default %earer has neither Co! treatment nor T8T filters for user data. The default %earer ,ust "rovides a %asic connectivity %etween UE and 6$5W for a single 63N. !ome mo%ile a""lications need Co! treatment for user data. E.g. Ao+6 call. The dedicated %earer "rovides Co! treatment and T8T for user data. UE has single +6 address "er 63N regardless of multi"le %earers /default %earer and dedicated %earer0. ;owever if UE and 63N %oth su""ort +6v< and +6v> dual stack then only UE can have two default %earers and two +6 addresses /+6v< address and +6v> address0 "er 63N.

+f UE and network %oth ca"a%le to "rovide connectivity to multi"le 63Ns then UE can have multi"le default %earers and multi"le +6 addresses. +t is analogous to having multi"le Ethernet card to a deskto" 6' so one can connect the 6' to multi"le networks and configure it with multi"le +6 address. Ethernet cards are layer$2 entities. ;ere LTE network a""ears a single layer$2 interface consisting of E$UTRAN and E6'. ;owever still LTE network can emulate like multi"le different layer$ 2 entities. !o a UE can have multi"le layer$4 network layers /+6 layers0 at user "lane. Each layer$4 entity can %e connected to different 6$5Ws and so to different 63Ns. Within a single layer$4 UE can have default %earer for %est effort treatment and o"tional dedicated %earer/s0 for Co! treatment and T8T d. EPS -earer I, All E6! %earers /i.e. default and dedicated0 have E6! 9earer +3 /E9+0 assigned %y the network. The legacy 56R! and U&T! networks were assigning N!A6+ value for each 636 context. E9+ is analogous to N!A6+. UE can have one default %earer and Dero or more dedicated %earer/s0 "er 63N. !o at UE side few E9+ values are used for default %earer/s0 and rest are for dedicated %earer/s0. +t is not "ossi%le to discriminate %etween default %earer and dedicated %earer ,ust %y E9+ values. L9+ "lays im"ortant role to link E9+ values and %undle them together. All dedicated %earer related messages contain L9+ +E. The value of L9+ +E is E9+ value of default %earer for that 63N. e. IP address UE may have static +6 address configured A6N:63N. 5enerally 6$5W acts as 3;'6 server and assigns dynamic +6 address to UE. 6$5W consults external 3;'6 server or radius server or diameter server to allocate dynamic +6 address for UE. 3ynamic +6 address is allocated during default %earer creation. This +6 address does not change for all other su%se#uent new dedicated %earer/s0 for that 63N. 6'7 +E is used to carry UE address. +t also carries 6rimary and !econdary 3N! addresses for that "articular 63N. !o the a""lication can #uery and resolve any domain name to +6 address %y contacting the 3N! server within that 63N. All these three +6 addresses can %e +6v< address or +6v> address or %oth. +f UE already knows their values it mentions them in 6'7 to confirm. Else UE mention value as E.E.E.E /for +6v< case0 and:or **E /for +6v> case0 to re#uest network for new assignment. 6'7 +E contains 666. The 666 contains +6'6 for all these +6 addresses. 666 can also contain 6A6 and:or ';A6 "rotocol/s0 for user authentication. The 6'7 and T8T are im"ortant +Es that are exchanged %etween 6$5W and UE. They are trans"arently carried %y eN9 &&E and !$5W. &. Summar The following tree makes this conce"t clearer. 1. LTE layer$2 connectivity using eUTRANFE6' a. Layer$4 +6 /+6v< or +6v>0connectivity to 63N1 UE +6 G i"1 /i"1 is +6v< address or +6v> address0 i. 3efault %earer. No Co! and no T8T. E9+ G e%i1 ii. 3edicated %earer 1 with Co!1 E9+ G e%i2 L9+ G e%i1 iii. 3edicated %earer 2 with Co!2 E9+ G e%i4 L9+ G e%i1 %. Layer$4 +6 /+6v< or +6v>0connectivity to 63N2 UE +6 G i"2 /i"2 is +6v< address or +6v> address0 i. 7nly single default %earer. No Co! and no T8T E9+ G e%i< c. Layer$4 +6 /+6v<0connectivity to 63N4 UE +6 G i"4 /i"4 is +6v< address0 i. 3efault %earer. No Co! E9+ G e%i= ii. 3edicated %earer 1 with Co!4 E9+ G e%i> L9+ G e%i=

d. Layer$4 +6 /+6v>0connectivity to 63N4 UE +6 G i"< /i"< is +6v> address0 i. 3efault %earer. No Co! E9+ G e%i? ii. 3edicated %earer 1 with Co!< E9+ G e%iH L9+ G e%i? ;ere 63N1 63N2 and 63N4 all are different having different A6N values. The values for i"1 i"2 i"4 and i"< may or may not %e different. Co!1 Co!2 Co!4 and Co!< may or may not different. E9+1 to E9+H all are different values not necessary they are in se#uence. The minimum im"lementation without Co! can %e as %elow* 2. LTE layer$2 connectivity using eUTRANFE6' a. Layer$4 +6 /+6v<0connectivity to only single 63N 1 UE +6 G i"1 i. 7nly single 3efault %earer. No Co! E9+ G e%i1 .. ESM procedures E!& "rocedures also have two categories. /10 -6rocedures related to E6! 9earer 'ontext.. As the name suggest these E!& "rocedures are used for E6! %earer. /20 -6rocedures related to transaction.. ;owever these E!& "rocedure categories are #uite different from E&& "rocedures category. +n case of E&& the s"ecific "rocedures are o"tionally made u" of common "rocedure. !o first an E&& s"ecific "rocedure starts. Then it o"tionally invokes one more E&& common "rocedure/s0. Then E&& common "rocedure/s0 get com"leted and finally the E&& s"ecific "rocedure also gets com"leted. +f a UE wants to mani"ulate E6! %earer context then first UE invokes E!& s"ecific -6rocedure relate to transaction.. UE includes 6T+ +E in the first message. +n the res"onse to that network invokes E!& s"ecific -6rocedure related to E6! 9earer 'ontext.. Network also includes 6T+ +E with same value so that UE can correlate to ongoing -6rocedure relate to transaction.. 7nce network invokes the -6rocedure related to E6! 9earer 'ontext. then at UE side the -6rocedure relate to transaction. is declared:assumed as com"leted. These %oth categories of "rocedures are in se#uence. Thus indirectly UE can also invoke E6! "rocedure III 7nce the -6rocedure relate to transaction. is com"leted then 6T+ +E is discarded. Then UE and network %oth start using E9+ which is allocated %y the network to that "articular /default or dedicated0 %earer. +f network itself initiates -6rocedure related to E6! 9earer 'ontext. then 6T+ +E is a%sent and E9+ +E is mandatory. The exam"les of such "rocedures are /10 E6! %earer context modification /20 E6! %earer context deactivation. As mentioned earlier L9+ +E is used in -6rocedure related to dedicated E6! 9earer 'ontext. to "oint to default %earer for that "articular 63N. This ta%le "rovides a relationshi" among UE initiated -6rocedures related to transaction. and network initiated -6rocedures related to E6! 9earer 'ontext. Default EPS bearer context activation X X x x Dedicated EPS bearer context activation EPS bearer context modification EPS bearer context deactivation

Procedures related to EPS Bearer Cxt --> 1 2 3 Procedures related to Transaction PDN connectivity PDN disconnect Bearer resource allocation

4 5 "

Bearer resource modification ES information re!uest ES status messa#e

x x

As one can see at a%ove ta%le generally -transaction related "rocedures. are invoked %y UE with two exce"tions. /10 E!& !tatus message. +t can %e sent %y %oth UE and network. /20 -E!& information re#uest. is always sent from network to UE. UE res"onds with -E!& information res"onse.. /. Summar The author has "ut his %est efforts to descri%e NA! conce"ts with correct information in lucid language. Any comments suggestions are welcome. The author is thankful to his colleagues su"ervisors and friends for all su""orts and encouragement to write this article. Let all the software "rofessionals and telecom "rofessionals use this article as reference material. Re&erence htt"*::en.wiki"edia.org:wiki:!ystemJArchitectureJEvolution htt"*::www.4g"".org