NG Mobile Network

Octubre 5-8, 2009 Santiago, Chile
3G UMTS Femtocell
Architecture and Design
BRKAGG-2002
Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Agenda
 Introduction to Femtocell
 Market Drivers
 Femtocell Architecture
 Key Femto Features
 Standards Update
 Cisco Solution Components
 Femto Integration
 Summary
BRKAGG-2002_c1 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Introduction to Femtocell
What Is a Femtocell?
In-Home
Femtocell
Picocell
Microcell
Macrocell
 Focus of this topic is Femtocell

In-house coverage
 Compare and contrast with Macrocell, Microcell or Picocell

Femto provides in fill for Macro, Micro and Pico
What Is a Femtocell?
Contrast With Macro
Tiny 3G Home Access Point
 Gives 3G signal inside the
home
Operator  Very low RF power.
Management &
Licensed Services
Spectrum  Standalone or integrated into
Node-B
home gateway.
RNC
Cellular Network
Standard 3G  Works with all standard
Handset Wireless Core handsets.
(MSC, SGSN)
Connects to the Core Network
via the Internet
Security
Femto Home
Node-B Gateway
 Uses home broadband
Licensed Gateway connection for backhaul
Spectrum (contrast: Dedicated
backhaul)
Internet
Femto Home  Requires Wireless Security

Broadband
Node-B Residential GW
Connection Gateway for protection
(<5mW)
(4 calls in 200kbps)
Standard Connectivity to Core
Femto Cellular Network  Connectivity from Femto
network to Core similar to
Macro network
Market Drivers
Wireless Is Coming Home
Changing Consumer Behavior
 2009: Notebook sales will

surpass desktop PC sales Non-traditional
(Lehman Brothers)
devices will gain
 2011: 20% of devices connecting widespread
to cellular networks will not be
phones or laptops (Yankee Group)
popularity
 30% of mobile usage occurs

at home (Yankee) Anytime/
 85% of iPhone owners use New mobile usage Anywhere
the internet; Smartphone Service
users spend more than 4.6
trends growing
Expected
hrs/month browsing mobile
web (M:Metrics)
 33% of 18-24 year old Americans

post photos to website via mobile
New generation
phones (M:Metrics) will influence new
 Social networking sites—fastest purchases and drive
growing among web browsing network traffic
Mobile Operator Opportunities
With Femto
Reducing Operational Costs Increasing Revenue/Reducing Churn
 Backhaul of cell tower traffic accounts  High quality WiFi/3G/4G signal in the home
for 20% of mobile operator OpEx
 Enables new bundled service offerings
 Site acquisition, leasing costs, (triple/ quad play)
power costs
 New Home Zone tariffs (two-edged sword)
 Capacity demand is expected to
be 4x to 10x as migration to 3G
and 4G proceeds
Improving In-Home Coverage

 Significant percentage of mobile
voice originates in the home
 Poor coverage leads to unhappy
customers – churn
 Delivery of high speed data in
the home is challenging with
macrocell network
Mobile Operator Opportunities
With Femto
Femtozone Services Leveraging Location Awareness and
Local IP Breakout Capabilities
 Virtual home number
 Presence alerts in entering and exiting the home
 Photo and video upload to web
 Instant Podcast reload
 Seamless mobility between home and
macro network
Connected Home Services

 All data flows within the home network
 Media Sharing using UPnP over 3G
 Synchronize music and video
 Automatically backup content
 Media Shifting
Mobile Operator:
Femto Market Insertion*
Connected Home
 Device convergence, home gateway
Subscriber Traffic & Revenue Growth
 Improved applications; QoS, presence,

immersion gaming
 More trust in SP
Connected Enterprise / UC
 Managed voice and data
 Always secure
Standalone Femto  Triple play for businesses
 Improve indoor
coverage
 Mostly voice, some data
 Price and business
case being worked on
Early Adopters Cross Chasm Mass Market
2008 Service Adoption Timeline 2012
*Based on Operator’s feedback and present industry direction

Femtocell Architecture
Femtocell Reference Architecture
Femto Management
System
FAP-MS FGW-MS
Fm TR- Fg
069
tbd HPLMN Core Network
Fr Subscriber
Databases
Fb-cs
CS core
Fa Iu-cs
Femto GW
Femto Fixed Broadband Iuh Fb-ps
Radio
Interconnect PS core
Access Fl
Home Iu-ps
Mobile GW
device
Point
Uu Fb-ims
SeGW
IMS core
tbd
HPLMN RAN
Cisco Femtocell End-to-End Architecture
 Fully redundant and  Auto discovery of the network
scalable architecture to provide full visibility of
 TR-069 standard network changes (Cisco NCM)
compliance  Alarm Monitoring, reporting
 Deployed in more than 150 (Cisco CIC)
SP customers worldwide  SLA, statistics monitoring (HP
supporting millions of CPEs PI/others)
 Northbound interface/API
for OSS&BSS integration
 Low (5mW) output power Fm Fm
 Network Listen (NWL) for auto  Provides secure DMZ for  Fully redundant ATCA-based
configuration, interference access controllers and architecture (IP.Access)
management and location management system  Closed access control (initial
verification  Provides single point of rel)
 Four simultaneous users termination for signaling/  Hand-in/Hand-out support
 Up to 3.6Mbps HSDPA management security  Scaling: 20k HNB per HNB
 Emergency call support Gw (initial rel)
Iuh
Uu
Simplified Protocol Stack
Optimize
Bearer Plane
Bandwidth
control user Iu-cs

plane plane De- AAL2 Encap
Jitter GTP Encap Iu-ps
IPSec
IPSec
RRC PDCP PDCP RRC
Paging
RLC RLC Control
RANAP
Access to CN
MAC MAC
Control
PHY PHY
SRNC
relocation
Uu Control Plane
UE Femto Cell Femto Gateway
Cisco Solution Protocol Stack
lu+ Control Plane
 HNB and HNBGW use IP based stack (instead of legacy stack)

Encapsulated within IPSEC
 Regular RANAP stack towards MSC
 HNB and HNBGW have persistent SOIP and URSL connections
SOIP is pre-Iuh protocol to carry signaling and management messages
URSL is an enhanced RANAP (Iu)
Part of RLC / RRC functionality moved from RNC to HNB and Access-List functionality added
*Iu+: Pre-version of Iuh Protocol stack

CS Bearer Plane
 RTP used to transport voice, RTP multiplexing supported to optimize bandwidth requirements
 Keepalives to ensure IPSEC layer remains up all the time
 Regular Iu-CS stack towards MSC
PS Bearer Plane
 PDCP interworking performed at HNB

 Standards seem to incline towards GTP-U encapsulation to initiate at HNB
 Regular Iu-PS stack towards SGSN
Key Femto Features
Consumer Services
 Most macro services are offered

through Femto
Voice Services
Data Services
Emergency Calls
Messaging – SMS,MMS
Multi-RAB
 Potential future services:

Local Breakout
Consumer Homezone services
Connected Home services
Femtocell Specific Features
 Location Awareness
Controlling where the Femto is operating
 Security and Access Control

Controlling the allowed users on femto (CSG) and securing all traffic
 Interference Management (to macro and between femto)

Making sure the Femto does not impact the macro layer
 Impact on the broadband network (for backhaul)

Guaranteed Delay and Jitter; End-to-End Security; Synchronization
 Handover Support (hand-in/hand-out)

Macro to/from Femto and Femto to Femto
 Zero-touch Provisioning
Safely installing an operator owned Node B in the user environment
 Emergency call support

Meet the regulatory requirements
 Local Breakout of IP traffic

Enabling new services and further offloading the core network
Info: 3GPP Mobility Identifiers
 Public Land Mobile Network (PLMN) is the mobile network that
use land based radio and is uniquely identified by its PLMN
identifier that consists of Mobile Country Code (MCC) and
Mobile Network Code (MNC). MCC identifies uniquely the
country of domicile of the mobile subscriber. MNC identifies the
home PLMN of the mobile subscriber.
 Location Area Code (LAC) uniquely identifies a LA (Location
Area) within a PLMN. A Location Area groups a number of
discrete cells. Location Area Identity (LAI) is core network
domain identifier for Circuit Switching (CS) and is PLMN
concatenated with LAC. Routing Area Code (RAC) identifies a
routing area within a location area. The Routing Area Identity
(RAI) is the core network domain identifier for Packet Switching
(PS) and is LAI concatenated with RAC.
 Service Area Code (SAC) or Cell identifier (C-Id) is used to
uniquely identify a cell within a Radio Network System (RNS)
network. The Service Area Identifier (SAI) generally used in 3G
(equivalent of the Cell Global Identification (CGI) used in 2G
GSM networks) is the concatenation of the LAI and C-Id.
 Scrambling Codes are used for cell separation in the downlink
and user separation in the uplink. Each cell is allocated one
primary scrambling code. In order to reduce the cell search time,
the primary scrambling codes are divided into 512 sets.
Network Listen
 Network listen is a scan of radio environment by HNB which detects
neighbor cells, their frequencies and transmit power levels.
 Network listen procedure allows the HNB to monitor surrounding 2G and
3G macrocell and femtocell layer.
 Results are used to select and adjust the access related parameters
(frequency, power, scrambling code, neighbour list).
Invoke (re-)set internal oscillator model
Frequency (re-)synchronization Set transmitter maximum power
Measure noise power – DL and UL Select DL scrambling code
Measure code powers Update/ report hand-out

neighbor list; Select LAC & RAC
Decode neighbor cell info

Report nearby MCCs
GPS
 GPS chipset within HNB is authority for
location verification.
 Since the GPS test can potentially take
minutes to complete, NWL is preferred
first.
 GPS results are passed back from HNB
to Provisioning System for comparison
against Expected Lat/Long based on a
tolerance value set.
 Restrictions: direct line of sight
requirements to the sky.
 Restrictions: More applicable for US.
Location Verification
 Location Verification is the process of
confirming the HNB (and radio) location is
within a specified tolerance of its expected
location.
 There are 2 primary steps in Location
Verification:
Network Listen
GPS
 Location Verification is performed on
boot/provisioning and also periodically (once
per day)
 Operators may define to set policies. E.g.
Location Verification must pass before the HNB can
be activated by the Provisioning system.
Frequency Synchronization
 Frequency synchronization of Home Node-B is required for:
Successful handover processing and minimizing dropped
sessions during handover
Improve frame synchronization optimizing handover times
Minimizing spectrum channel overlap to reduce channel co-
interference
User signal delay and user signal jitter
 3GPP has relaxed the frequency accuracy for Femto to
250ppb. This would reduce synchronization related traffic.
 Cisco Home Node-B uses the following order to meet the
pre-relaxed tolerance limit of 100ppb:
Network Listen for fast-lock frequency synchronization to macro
network
GPS lock and frequency synchronization (in the future releases)
NTP for slow maintenance of frequency synchronization
24-hour holdover period of internal on-board oscillator for the
stability.
 In some cases depending on operator’s requirements, one
of the above can be missed. Many operators may choose
to not implement GPS lock feature which could be difficult
inside a closed building.
Location Verification Reject
Successful
Info: UE States
 When a UE is switched on, a PLMN is selected
and the UE searches for a suitable cell of this
PLMN, chooses that cell to provide available
services, and tunes to its control channel. This
choosing is known as “camping on the cell”.
 The UE will then register its presence by means
of Location Registration Update procedure.
 The UE then repeatedly searches for a better cell
in terms of path loss to a cell site. If the UE is
roaming away from its home network, the UE
shall search for higher priority PLMNs at regular
time intervals. If the UE finds a more suitable cell,
it reselects onto that cell and camps on it. The
UE in idle mode will perform camping, cell
selection and reselection and Location
Registration procedures.
 When the UE requires to access services of the
UMTS network, it establishes a RRC connection
with the serving RNC and is in connected mode.
Femto Access Control
 Most operators feel the need for femtocells to primarily
deploy in Closed Access Mode whereby access is
restricted to a defined set of users identified by their IMSI
 Aligns with 3GPP Closed Subscriber Group (CSG)
feature principles
3GPP relies on information stored in HLR/HSS
 Access control is invoked upon user registration events
(IMSI attach, Location Update, Session Establish) at
Home Node-B and hand-in scenario at Femto Gateway
 All procedures used to accept/reject users are 3GPP
standard compliant. Two rejection methods are being
used:
LU Reject, resulting in whole LAC being barred for the duration of a
power cycle (up to 12-24hrs). Conserves battery life.
Authentication failure, resulting in cell-only being barred for ~20mins.
Home Node-B sends wrong info to UE during mutual authentication.
If UE has access to other femto that belong to the same LAC,
authentication failure method is used. Femto Gateway can choose the
appropriate method.
 If not accepted by the Femto, a UE may still camp on the
cell (in the absence of surrounding macro coverage) and
then be able to establish emergency calls. LU Reject is
used in such scenario.
Access Control – Registration Accepted
Registration Rejected:
Location Update Reject
Registration Rejected:
Authentication Failure
Interference Management
 Minimize Interference: Femto-to-Macro (non-femto
user, femto user, reselect), Femto-to-Femto, UE
performance
 Factors affecting interference:
Open or Closed Access – Unauthorized femto user should be
able to access Macro in close femto vicinity
Dedicated channel or Co-channel – same or distinct carriers
Power control (adaptive or fixed)
 Radio assumptions for WCDMA Femto
Single carrier for Femto network
Defined set of scrambling codes used for location updates and
handovers
 For an effective femtocell deployment, interference
management shall be done automatically.
 Factors for Home Node-B transmit power:
Power is too high: there is effectively a macro dead zone
around the Home Node-B.
Power is too low: femto coverage will be poor and femto UEs
may not reselect the femtocell itself.
Interference Management
 Both 3GPP RAN WG4 and Femto Forum, recognizing
that one of the serious questions which needs to be
answered is the RF interference of Femto with the
Macro, have embarked on studies for RF Interference.
 Summary from these studies is that femto and macro
networks can co-exist and cooperate with the
incorporation of proper power management techniques
that are already becoming available in the industry.
Following is a quick list of those features:
Adaptive Attenuation or Automatic Gain Control (dynamic receiver gain
management in the femto) – ensures that femtocell can offer good
service to both near and far UEs without unnecessarily increasing the
UE transmit power, therefore keeping the noise rise contribution to a
minimum.
Power capping of the UE – when operating in the femto environment
ensures that even in difficult radio conditions, the UE hands-off to the
macro network before its transmit power increases to the point where
macro noise rise is a problem.
Downlink Power Management – femtocell to dynamically adjust its
transmit power by measuring its environment or for required cell
coverage area.
Increased Receiver Dynamic Range – to accommodate femto
operation reliably even in the presence of nearby non-allowed high
power UE. This has already been incorporated into the latest 3GPP
Release-8 25.104 specification.
Info: Measurements
 UTRAN may control a measurement in the UE either by
broadcast of SYSTEM INFORMATION and/or by transmitting a
MEASUREMENT CONTROL message. Common Pilot Channel
(CPICH) is used to enable channel estimation. CPICH uses a pre
defined bit sequence at a fixed rate and allows the UE to estimate
power measurements. The different types of measurements are:
Intra-frequency measurements - measurements on downlink physical channels at the
same frequency as the active set
Inter-frequency measurements - measurements on downlink physical channels at
frequencies that differ from the frequency of the active set and on downlink physical
channels in the active set
Inter-RAT measurements - measurements on downlink physical channels belonging to
another radio access technology than UTRAN, e.g. GSM
Traffic volume measurements - measurements on uplink traffic volume
Quality measurements - measurements of downlink quality parameters, e.g. downlink
transport block error rate
UE-internal measurements - measurements of UE transmission power and UE received
signal level
UE positioning measurements - measurements of UE position.
 Since the WCDMA system requires continuous transmission and

reception, the UE measurements on different frequencies or
different systems, e.g., GSM, requires UTRAN to command that
the UE enters in compressed mode. When the UE is in
compressed mode, the transmission and reception are stopped
for a short duration to take the measurements. To ensure the
data is not lost, the data is compressed in the frame making an
empty space where measurements are performed.
Info: Handover
 The simplest definition of handover is the transfer of a
user’s connection from one radio channel to another (can
be same or different cell). It is important to note that the
handover procedure comes into effect when the RRC
connection is established i.e. a call is in progress.
Following is a list of different scenarios for handoff that
are manifested:
Intra Node-B – intra-cell (softer), inter-cell (soft)
Inter Node-B – intra-RNS, inter-RNS with Iur interface (soft or hard
handover), inter-RNS (hard handover)
Inter Core Network – when the two radio are part of two different core
network
Inter-URAN (handover from UMTS to GSM BSS, GERAN or other RAN
network) – intra core network or inter core network
During a soft (or softer) handover, the UE is connected to at least one
radio cell at every instance. This requires an optimal combining of
physical layer data collected from UE through two (or one) node-Bs, and
the transmission of the same physical layer data through two (or one)
node-Bs to the UE. In case of soft handover, if the two node-Bs are in
different RNC, such recombining requires a real-time interface (Iur)
between the serving and target RNCs.
Hard handover occurs when there is no common radio link between the
source and target networks or where the architecture does not support
soft handover, e.g., GSM, HSDPA or WCDMA in the cell-FACH state. In
hard handover the radio connection gets broken between the UE and
BRKAGG-2002_c1
source network before a new radioCisco
© 2009 Cisco Systems, Inc. All rights reserved.
connection
Public
is established with the 35
Femto Mobility Support
 Both Hand-out (Femto to Macro) and Hand-in (Macro
to Femto) of active sessions are supported. Hand-out
more vital for operators.
 All handover are hard handover (no soft/softer
handover) and leverages existing 3GPP procedures
All HO are followed by a SRNS relocation (no Iur from HNB GW to a
macrocell RNC)
 For Hand-out, neighbor macro cells list (2G or 3G) is

created after Network Listen (NWL). Same list used for
cell reselect.
 For Hand-in, a « dummy Femto id » which is common
for all Femto under the same HNB Gw and LAC/RAC is
configured in the macro network
Hand-in request are directed to the HNB Gw which performs access
control and IMSI-based filtering to find the targeted Femto in the LAC
Note that a high number of Femtos will likely be associated to a single
LAC and that a user may be associated to multiple Femtos.
Femto gateway requests all matching candidate APs to send out a
beacon signal on the downlink sync channel to which the UE responds
with an uplink sync on the correct hand-in candidate AP.
Femto Mobility Support
 Hard Handover has the following impact:
Iu-CS (voice) hard handover is seamless in that is
accompanied by a simultaneous Serving Radio Network
Subsystem (SRNS) relocation procedure. The switchover of
media streams on the Iu interface is simultaneous with the
switchover of radio links on Uu.
Iu-PS (data) hard handover may be either lossless or lossy.
Lossy handover makes no attempt to ensure that the data flow
is continuous. Data that is waiting to be sent on the old cell
context is simply lost. The system relies on higher layer retry
mechanisms (such as exist in TCP) to maintain continuity of
data at the application level. Lossless handover requires that
the whole of the PDP context including the pending data is
transferred to the new cell at the point of handover. Cisco
solution supports lossless Iu-PS handover at this time.
 Since the hard handover is supported, the
handover between Femto and 3G macro or 2G
macro will be similar except the RAN network will
be either UTRAN for 3G or BSS or GERAN for
2G.
Voice and Data Call Hand-Out
Data Call
Voice Call
Voice Call Hand-In
QoS and Backhaul Requirements
 Backhaul used for femto owned by the Femtocell
SP or 3rd party ISP
 Backhaul requirements
Backhaul shared between Femto traffic and other home
network traffic  Potential for a solution to prioritise Femto
traffic in the home
Signalling and bearer traffic overhead shall be optimised 
Compressed/multiplexing
 QoS requirements:
Delay: RTT < 300 ms to preserve voice quality. Max 100ms
one-way recommended.
Jitter: 30ms rolling average for CS; buffering capable of
holding 100msec of data at the RAB rate for PS.
Packet Loss: Connection can operate reliably at up to 1%
packet loss. For CS (i.e. AMR), speech quality can be
preserved with up to 3% packet loss
 IP addressing requirement
Public/Private IP address support at the HNB. NAT traversal
required.
Femto End-to-End Security
 HNB related security
Mutual authentication with network based on X.509
certificates
Private Key Protection and Certification Revocation list
Tamper resistance
 Traffic Encryption
Signaling and Bearer Plane
IPsec per 3GPP with SeGW
Management traffic
TR-069 over SSL
Statistics/Alarms file upload with HTTPS
 Core Network Security

ACLs, Firewalling, Intrusion Detection
Femto Secure Connectivity
ACLs for SSL termination Management and

Firewalling
whole traffic & load balancing
Provisioning
SSL Connection
(mgmt traffic) Iu-cs
HNB MSC
Iu-ps
HNBGW
Uu
IPSec Tunnel
WSG
FWSM
(Iu+ and CS/PS
SGSN
ACE
bearer traffic) SUP
3G UE IPSec
termination
BRKAGG-2002_c1 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public
7609 Chassis 42
Femto Zero-Touch Provisioning
 Requires true zero-touch provisioning for Femto to

scale
 Standards-based solution
Based on an extended TR-069 interface
Actively contribute to O&M standards (FemtoForum & 3GPP)
 Plug-n-Play installation
Automatic discovery of the provisioning system
Activation procedure requiring strong integration work prior to
deployment
No macro network reconfiguration at new HNB activation
 Specific Workflows defined for Femtocell allowing for:
Location verification
Use of information gathered through Network Listen
Software download and auto-configuration
Femto user IMSI-based ACL management
HNB Register/Activate
HNB
IPSEC
IPSEC
IPSEC
Re-Direct
Baseline Configs
SW Download
Connection Request
Note: within the above flow, if the location verification process failed to match within a specified
tolerance, a ToleranceFailure message would be sent. At that point, the provisioning process would
require intervention from Ops to determine whether to Activate the HNB.
Provisioning Updates
Forced
Femto Management Specifics
 Active and Passive HNB monitoring
 HNB can be configured to send specific alarms
directly to the NMS layer for immediate
resolution
 HNB Gw and HNB statistics and alarms are
collected into a file which is sent (typically daily)
via HTTPS to the NMS layer (Statistics Server)
Format is aligned with 3GPP Performance Management
Specification (3G TS 32.401, 32.432, 32.435)
Data reflects measures taken over a defined period of time
(fully configurable)
 HNB can be remotely controlled based on

TR-069
Remote activation/shutdown
Software/firmware upgrade
Emergency Call
 Location of the UE making an emergency
call can be identified using the SAI of the
cell where the call was made. The
coverage of the femtocell is within ~150ft.
 Access Control is not applied for
emergency calls, following could be the
two cases:
An emergency call for a UE that has camped on
to the Home Node-B for emergency calls only in
the absence of macro coverage of the AP’s
Home PLMN. (Such a UE will have been LU-
rejected by Access Control when it attempted to
register.)
An emergency call for a SIM-less UE. (Note that
such a UE will not have attempted to register
previously but may have “silently” camped on.)
Local Breakout Support
 Local Breakout means support of local IP
connectivity from the UE attached to the HNB
to the home environment
Access to local media server, printers, etc.
 Key enabler for advanced Femto services
Examples are local media streaming, filesharing,
remote control etc.
 Controllable by the service providers on a per
user or traffic basis
e.g. download of dynamic ACL or application profile
 Split tunneling of local-identified traffic is
required at the AP thus creating potential
security breach in the architecture
 Overall local breakout requires further study
and will not be part of first 3GPP
standardised H(e)NB architecture
Femto Call Flow – Voice
 Resembles
closely with
Macro
 Mobile
Terminated
includes
Paging
 Mostly seen
support for
12.2kbps
UL/DL
(Highest AMR)
Femto Call Flow – Data
 Timeout for PS
RAB on HNB
 Multi RAB,
Multi-PS RAB
 Supports for R5
or R6 handsets,
HSxPA
Standards Update
Organisations and Standards Bodies
involved in Femtocell
 Market representative organisation pushing femto as the de facto solution for
in home coverage for all technologies (WCDMA, CDMA, WiMAX)
Several working groups covering service requirements (wg1), radio and
interference management (wg2), network architecture (wg3) and legal issues
www.femtoforum.org (wg4)
 3G/GSM standardisation Body

Defining standards femtocell architecture and interface for 3G and LTE
www.3gpp.org R8 contains initial set of standards published. Follow-on functionalities being
specified in R9 and R10.
 DSL standardisation body

Objective is to reuse TR-069 framework for zero-touch provisioning of
www.broadband-forum.org Femtocell Access Point. Femto specific data model (WT-196) published in
April 2009
 Mobile SP organisation looking at beyond 3G services and architecture

www.ngmn.org Fully supporting FemtoForum work on Femtocell for LTE
 Mobile SP organisation defining interoperability and deployment guidelines

www.gsmworld.com Published guidelines on Femto security and broadband network reqs
Femtoforum Activities
 Defined Femtocell requirements (including end user, OAM,
Security, integration, etc.)
 Focus on enabling femto industry:
Business Requirements
Interference management (covering multiple scenarios)
Homezone services, taking advantage of ‘presence’ capabilities of
Femto
Enterprise Femto
 Feature focus:
Local breakout support
Architecture evolution (IMS integration)
Legal and regulatory requirements
Network Listen Mode capabilties
UE power consumption
Chipset API (FAPI)
Support of new access technologies (LTE, WiMAX)
3GPP Femto Standard Activities
 3GPP currently working on H(e)NB concept
HNB (Home Node B) supports 3G WCDMA radio (part of R8)
HeNB (Home enhanced Node B) supports upcoming LTE radio (part of R9)
 RAN-based achitecture (i.e. connecting to existing core network)
 Iuh interface between HNB and HNB Gw (3G TS 25.467, 468, 469)
RTP for voice user plane (RTP multiplexing is included in R9)
GTP for data user plane
 Access control
Closed Subscriber Group definition
 Mobility
Full idle mode support and hand-out only for active mode
 Security
IPSec tunnel mode with IKEv2 for negotiation
X.509 based authentication (SIM based is optional)
 Management (3G TS 32.581, 582, 583, 584)
Standard configuration and performance management interface (XML based)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
3GPP Femto Standard Activities (cont)
 HeNB architecture specification
 Full Femto mobility
Hand-in and inter-femto (esp. Important for pico)
 Open/hybrid access mode specification
 Roaming support
 IMS-based femto architecture
Different options being discussed: IMS interworking in Femto or in core
 Local Breakout
Mechanism to allow traffic to egress directly in the home environment
Likely to be based on local GGSN/PGW in the Femtocell
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
3G Femto and UMA/Dual-Mode
Comparison
Characteristic UMA/Dual Mode Femtocell
Requires broadband Yes Yes
backhaul
Requires new handsets Yes No
Requires new radio No, though new CPE could Yes
CPE at home optimize performance
Handset mobility Phone can be used in any Phone needs to be within
public hotspot, e.g. Starbucks femtocell range, and *might* be
locked to a residence or
location
Licensed Radio No Yes
Enables Quad Play Yes Yes
New Family/Zone plans Yes Yes
Integration into SIP/IMS Core UMA – Generally No Yes/Eventually
Dual-Mode - Yes
Battery Life Not as good Better
Bearer Primarily Voice Voice and Data
UMA/Dual Mode and Femtocell can be complementary FMC applications
Cisco Femtocell Components
Mobilizing the Connected Home
Public
Internet
Voice and Data Integrated in Enterprise
Cisco UC Express
+ Security
Call Signaling 2G/3G
MSC
2G Pico A/
3GPP:
Iu-cs
Remote
User Agent
SMB Internet
LAN
Enterprise IPSec
User
3G Pico SSL
Security
EFR/AMR
Voice GW
Mobile Control Plane
Media 3G AC
2G BSC
Femto/Residential Super Femto/Enterprise

 Connected Home premise based  Managed Service/Unified Communications
integration premise based integration
Cisco HNB
 Standalone Femto HNB
Integrated with DSL gateway or STB planned in future release
 3G R6 Radio compliant
UMTS Band I, II and V support
Single carrier with up to 5mW (7dBm) output power
CS and PS support ; up to 3.6Mbps HSDPA (7.2Mbps and 1.4Mbps
HSUPA in next release)
 NetworkListen (NWL) for autoconfiguration/optimisation
Macro network (2G & 3G) scan to select 3G SC, LAC/RAC and create neighbor list
Interference management (CPICH and power control) based on macro measures
Macro synchronization to set internal oscillator (NTP used as backup)
MCC Scan to check country of operation
 Service mix
Four simultaneous user service limit: Multi-RAB CS/PS combinations per user
Emergency call support (RANAP SAI handling)
 Backhaul capability
Secure transport (IPSec tunnel), NAT traversal, bandwidth management)
Cisco 7600 DMZ Router
Engines Ethernet Services Modules

Route Switch Processor 720 GE and 10GE
with Rich QoS, Distributed,
Line-rate Performance
S Chassis
7609-S, 7606-S,
SeGW 7603-S, 7604 Services Modules
Scalable IPsec Firewall, IDS,
Traditional Chassis
Termination SSL termination,
7606, 7609, 7613
Load Balancing
HNB Gateway
 Femtocell Access Control
Closed Access Control based on a list of authorized IMSI
Open Access Control planned in subsequent release (assessing impact on performance)
 Handover capabilities
Simultaneous hard handover and SRNS relocation
Outgoing to Macro (2G, 3G)—Based on identified neighbour cell list
Incoming from Macro
Femto-femto handover not supported initially (targeted for Picocell deployment)
 Fully redundant ATCA-based architecture

 Physical Interfaces
GE Towards to the HNB
ATM-based (IP in future) Iu-cs/Iu-ps to 3G Core Network
 Performance Figures
20k Femtos per HNB Gw (to be enhanced in future)
5200 voice/video call Erlangs (90s hold time, 60 cps, 60 LUs/s)
1Gbit/sec PS traffic
Cisco Broadband Access Center (BAC)
 Carrier grade solution for CPE provisioning and management deployed at
over 150 SP worldwide supporting millions of CPEs
 Fully redundant and scalable architecture
 Key Features
TR-069 Standard compliance
Flow through (top down or pre-provisioning)
Northbound interface/API for OSS&BSS integration
Device Profile Templates and Group Management
Extensible Configuration Engine
Support of automatic upgrades
 BAC RDU (Regional Distribution Unit)
Centralized authority for all Femtocell Provisioning
Software Image Management and Distribution
Up to 8Mios CPEs per pair of RDU
 BAC DPE (Distributed Policy Engine)
Provides scalable CWMP support
Locally store Femto related information
Up to 500k CPEs per pair of DPEs
NMS Components Overview
 Configuration Management
Auto discovery of the network to provide full visibility of network
changes
Track and regulate configuration and software changes for the
whole solution
 Compliance
Enforce compliance to defined policies, software versions and
configurations
Regular reporting of network configuration status
 Fault Management
Auto discovery of network
Alarm Monitoring and browsing through customizable GUI
Collect, Filter, Consolidate Alarms and Report
 Performance Management
Rich Reporting collecting information from all network elements
SLA, statistics monitoring
Capacity planning
Femto Integration
Iuh Integration
Routing & Internet Routing (BGP) with Internet Provider

Switching
Aggregation Router for the site
VRF-Lite for Internet Routing and OAM
QoS / CoS Management
Security Stateful firewall
Intrusion Prevention (optional)
IPSEC Tunnel termination
CA Server, Certificates, Certificate Verification,
CRL
DSCP Marking of tunnel traffic
Load Load-balancing of servers, SeGW farm
Balancing
SSL Offload for server traffic
Management Control Plane Policing
Security
Core Network Integration
Iu-CS: ATM RANAP / ALCAP / Bearer VCs
Class of Service and Parameters
AESA Addresses of Media Gateways and Femto
Gateway (for Voice Bearer only)
SS7 RANAP / ALCAP Point Codes for MSC/Media-
Gateway
Point Code for Femto Gateway
RAN MCC, MNC
RAC, LAC, SAC
RNC-ID
Iu-PS: ATM RANAP / ALCAP / Bearer VCs
Class of Service and Parameters
SS7 RANAP / ALCAP Point Codes for SGSN
Point Code for Femto Gateway
RAN MCC, MNC
RAC, LAC
RNC-ID
IP Transport IP Addressing for Bearer VCs
Addressing
GTP-U IP Addressing
OSS Integration
Coverage, RAN and Hexagonal maps of county/market
Location Awareness
LAC, RAC for Femto
Macro Neighbor List
Provisioning IT Integration
Auto-discover and Auto-provisioning call-flows
New HNB addition, deletion
User MSISDN, MSID changes
Friend’s list
Compliance Dashboard Integration
Performance OSS Integration
HNB Statistics (Bulk)
Network performance and KPIs
Fault OSS and IT Integration
Remote HNB shutdown
Network Fault monitoring
Integration and Integrate with operator’s provisioning, fault and
Customization performance systems
APIs – XML and SOAP
E911 Location Identification
Summary
Cisco Femtocell Complements Macro
Macrocell Femtocell
Area Cisco Value Add
Network Network
Connectivity Point-to-Point IP Provisioning, Voice/Data Call Control, and Network
Links Management are all handled by discrete elements
Network Carrier Unmanaged NAT’s, limited uplink, unsecure IP links, and problematic
Owned / and Untrusted home IP networks do not impact system performance
Managed ISP Network
and Home IP
Network
Provisioning Manual Automated Each endpoint gets registered, located for E911 and
(High Touch) (Zero Touch) macro cell handoff, provisioned, and managed
automatically (with exceptions flagged as alarms)
Equipment Carrier Class CPE Low price, with custom per carrier modifications, and
rapid innovation of CPE products
Additional None Many Integration with Video STB, PVR, Satellite, Second Line
Services Voice, WiFi, and Home Media Gateway over time
Required
Summary
Operators looking to offload/complement their Macro
with Femto to provide Mobile Internet to indoor users
Standard bodies, 3GPP and Femto Forum, have

churned major interest. RAN-Gateway approach by
3GPP makes it easier to integrate with Macro.
Femto Success = Seamless Integration with Macro +

Auto-Provisioning / Self Optimizing
Femto trend continues with LTE Femto and Super
Femto interests.
Cisco value = IP Expertise + Connected Home +
Enterprise Strength.
References
 3GPP Standards http://www.3gpp.org
 Femto Forum http://www.femtoforum.org
 CPE WAN Management Protocol (CWMP) Framework
http://www.broadband-forum.org/technical/download/TR-069.pdf
 Cisco Mobile Solutions for Service Provider
http://www.cisco.com/en/US/netsol/ns523/networking_solutions_m
arket_segment_solution.html
Join the Cisco Service Provider Mobility
Community
 Collaborate and communicate
with Mobility industry leaders
 Find answers to business and
technology questions
 Participate in user-driven
discussions and learn from
peers and experts worldwide
 Share unfiltered opinions and
perspectives Webcasts
Discussions
 Stay up-to-date on the latest Blogs Social Media
industry news, trends and buzz Polls Demos News
Online Collaboration Research
www.myciscocommunity.com/community/service/spmobility
Complete Your Session Evaluation
 Please give us your feedback!!

Complete the evaluation form you were
given when you entered the room
 This is session BRKAGG-2002
Don’t forget to complete the overall
event evaluation form included in
your registration kit
YOUR FEEDBACK IS VERY

IMPORTANT FOR US!!! THANKS
Cisco Femtocell Architecture
Iu control-plane (RANAP) Iu user-plane (CS

and PS)
BMC ACL IMSI cache

(per AP)
Mgmt
Connectionless CS data PS data
handler
TR-069
Stats File
Iu+/IP (pre-Iuh)
ACL IMSI cache PDCP
RRC RLC
HNB Connection
Mgmt
Oriented MAC MAC-hs
W-CDMA air interface
(NBAP)

NG Mobile Network

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NG Mobile Network

Uploaded by

Copyright:

Available Formats

Octubre 5-8, 2009 Santiago, Chile

 Focus of this topic is Femtocell

 Compare and contrast with Macrocell, Microcell or Picocell

Femto Home  Requires Wireless Security

 2009: Notebook sales will

 30% of mobile usage occurs

 33% of 18-24 year old Americans

Improving In-Home Coverage

Connected Home Services

 Improved applications; QoS, presence,

Early Adopters Cross Chasm Mass Market

2008 Service Adoption Timeline 2012

*Based on Operator’s feedback and present industry direction

 Low (5mW) output power Fm Fm

control user Iu-cs

 HNB and HNBGW use IP based stack (instead of legacy stack)

*Iu+: Pre-version of Iuh Protocol stack

 PDCP interworking performed at HNB

 Most macro services are offered

 Potential future services:

 Security and Access Control

 Interference Management (to macro and between femto)

 Impact on the broadband network (for backhaul)

 Handover Support (hand-in/hand-out)

 Emergency call support

 Local Breakout of IP traffic

Frequency (re-)synchronization Set transmitter maximum power

Measure noise power – DL and UL Select DL scrambling code

Measure code powers Update/ report hand-out

Decode neighbor cell info

Location Verification Reject

 Since the WCDMA system requires continuous transmission and

 For Hand-out, neighbor macro cells list (2G or 3G) is

 Core Network Security

ACLs for SSL termination Management and

 Requires true zero-touch provisioning for Femto to

 HNB can be remotely controlled based on

 3G/GSM standardisation Body

 DSL standardisation body

 Mobile SP organisation looking at beyond 3G services and architecture

 Mobile SP organisation defining interoperability and deployment guidelines

UMA/Dual Mode and Femtocell can be complementary FMC applications

Femto/Residential Super Femto/Enterprise

Engines Ethernet Services Modules

 Fully redundant ATCA-based architecture

Routing & Internet Routing (BGP) with Internet Provider

Standard bodies, 3GPP and Femto Forum, have

Femto Success = Seamless Integration with Macro +

 Please give us your feedback!!

YOUR FEEDBACK IS VERY

Iu control-plane (RANAP) Iu user-plane (CS

BMC ACL IMSI cache

ACL IMSI cache PDCP

You might also like