Innovating Telecoms Training

LTE Architecture

Reference Document

www.mpirical.com
LTE Architecture

LTE Architecture

Reference Document

MPI0001-020-010 © Mpirical Limited, 2021 i

 LTE Architecture

This course has been independently assessed and accredited by both the ITP (Institute of
Telecommunications Professionals) and the CPD Standards Office (Continuing Professional
Development). Their marks of excellence awarded to Mpirical provides you with the
recognition that the learning you have completed conforms to best practice and is
appropriate for inclusion in a formal training record.
Our certified courses mean you can be certain you’re receiving the highest quality
training. Both the ITP and the CPD use independent specialists to regularly assess all our
products and services. Including our Learning.

The ITP is the UK’s leading independent institution for people who work in
telecommunications. It is dedicated to promoting the professional development of members
through Professional Registration, training, mentoring and qualifications. The ITP
collaborates with regulators, government associations and other leading bodies on projects
that are important to the future of the industry. It has worked with businesses including; BT,
Cable & Wireless Worldwide, Alcatel-Lucent, Huawei and Vodafone.

By providing independent accreditation, the CPD improve the quality of continuing

professional development. Their marks of excellence for training providers demonstrate to
individual professionals that the learning activity conforms to best practice and is appropriate
for inclusion in a formal record.

Find out more about your certification at:

www.mpirical.com/certified-telecoms-training

Mpirical classes have been developed in accordance with the technical specifications
published by the 3GPP. As such the 3GPP have granted Mpirical Limited the right to use the
3GPP logo to identify specifications, compliant products and services.

First published by Mpirical Limited in 2020

© Mpirical Limited, 2021
All rights reserved. No part of this book or accompanying software may be reproduced or
transmitted in any form by any means, electronic, mechanical, photocopying, recording, or
otherwise without the prior written consent of the publisher. Although every precaution has
been taken in the preparation of this book the publisher assumes no responsibility for errors
and omissions. Nor is any liability assumed for damages resulting from the use of the
information contained within.

ii © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

Contents

Key Trends ............................................................................................................ 1

1.1 Data Growth .................................................................................................. 1
1.2 Migration from UMTS/HSPA ......................................................................... 1
1.3 Virtualization .................................................................................................. 2
1.4 Enhancements to LTE ................................................................................... 3
Evolved Packet System Architecture .................................................................... 4
E-UTRAN Architecture .......................................................................................... 5
3.1 User Equipment ............................................................................................ 5
3.2 Evolved Node B ............................................................................................ 7
3.3 Home Evolved Node B .................................................................................. 8
3.4 E-UTRAN Interfaces and Protocols .............................................................. 9
EPC Architecture ................................................................................................. 11
4.1 Mobility Management Entity ........................................................................ 12
4.2 Serving Gateway ......................................................................................... 12
4.3 Packet Data Network Gateway ................................................................... 13
4.4 Home Subscriber Server ............................................................................. 14
4.5 Dedicated Core Networks ........................................................................... 15
4.6 EPC Interfaces and Protocols ..................................................................... 16
4.7 CUPS .......................................................................................................... 20
PCC Architecture ................................................................................................. 22
5.1 PCC Reference Points and Protocol Stacks ............................................... 23
IMS Architecture .................................................................................................. 24
6.1 IMS Protocols .............................................................................................. 25

Glossary ............................................................................................ 27

MPI0001-020-010 © Mpirical Limited, 2021 iii

LTE Architecture

Figures

Figure 1 Global Mobile Data Traffic Forecasts (Cisco, 2020) ....................................... 1

Figure 2 Migration from UMTS/HSPA ........................................................................... 2

Figure 3 Virtualization and LTE ..................................................................................... 2

Figure 4 IMT Technology Requirements ....................................................................... 3

Figure 5 IMT Advanced Performance Requirements .................................................... 3

Figure 6 LTE Deployment .............................................................................................. 3

Figure 7 Enhancements to LTE ..................................................................................... 4

Figure 8 Example LTE Advanced Features ................................................................... 4

Figure 9 Example LTE Advanced and Advanced Pro Features .................................... 4

Figure 10 Evolved Packet System Architecture ............................................................ 5

Figure 11 E-UTRAN Architecture .................................................................................. 5

Figure 12 User Equipment Key Features ...................................................................... 5

Figure 13 E-UTRA; User Equipment Radio Access Capabilities (Part 1) ..................... 6

Figure 14 E-UTRA; User Equipment Radio Access Capabilities (Part 2) ..................... 6

Figure 15 LTE and LTE Advanced Channels ................................................................ 7

Figure 16 Evolved Node B Functions ............................................................................ 7

Figure 17 Femto Cell Architecture ................................................................................. 9

Figure 18 E-UTRAN Uu Interface.................................................................................. 9

Figure 19 X2 Interface ................................................................................................. 10

Figure 20 EPC Architecture ......................................................................................... 11

Figure 21 MME Functions ........................................................................................... 12

Figure 22 S-GW Functionality ..................................................................................... 13

Figure 23 PDN-GW Functionality ................................................................................ 14

Figure 24 HSS Key Features ...................................................................................... 15

Figure 25 Dedicated Core Network ............................................................................ 16

Figure 26 S1-MME Interface ....................................................................................... 16

Figure 27 S1-U Interface ............................................................................................. 17

Figure 28 S5/S8 Interface ........................................................................................... 17

Figure 29 S10 Interface ............................................................................................... 18

Figure 30 S11 Interface ............................................................................................... 18

MPI0001-020-010 © Mpirical Limited, 2021 v

 LTE Architecture

Figure 31 Control Plane CIoT EPS Optimization ........................................................ 18

Figure 32 SGs Interface .............................................................................................. 19

Figure 33 S3 Interface ................................................................................................. 19

Figure 34 S4 Interface ................................................................................................. 19

Figure 35 S6a Interface ............................................................................................... 20

Figure 36 CUPS Architecture ...................................................................................... 21

Figure 37 Sxa Protocol Stack ...................................................................................... 21

Figure 38 PCC Architecture ......................................................................................... 22

Figure 39 Gx Interface ................................................................................................. 23

Figure 40 IMS Architecture .......................................................................................... 24

Figure 41 Example IMS SIP Protocol Stack ................................................................ 26

vi © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

Key Trends
Since the launch of GPRS (General Packet Radio Service) in 1999, there
have been countless predictions that mobile data volumes would increase
exponentially year on year. However, history tells us this was not the case
until the later part of the last decade with mobile data only really becoming
mainstream with the introduction of flat rate charging and the arrival of the
smartphone / app stores.
In 2010, eleven years after the launch of the world's first GPRS network, data
finally overtook voice as the largest contributor to total network traffic.

1.1 Data Growth

The growth in mobile data has continued apace over recent years and most
analysts predict it will continue to do so for several years to come. This growth
is largely attributed to the prevalence of video based content being distributed
across the network. Note that the introduction of 5G further alleviates the
issue of data growth.
300
278
250
Exabytes per Month

228
200
186
150
151
122
100

50
96
0
2016 2017 2018 2019 2020 2021

Figure 1 Global Mobile Data Traffic Forecasts (Cisco, 2020)

In addition to the need to provide more network capacity, service providers

were also looking for the 4G networks to offer substantial cost savings over
and above the legacy 2G and 3G architectures. This drive to reduce both
CAPEX (Capital Expenditure) and OPEX (Operational Expenditure) was a
significant factor in the move towards a flat IP architecture incorporating only
a packet switched domain. As such, services in LTE are delivered over an IP
centric network, thereby negating the need to maintain a costly circuit
switched infrastructure.
Note that although LTE is now a mature technology, 2G and 3G networks are
still common. Over time, as 5G matures as a technology and as 4G is
enhanced further (LTE Advanced and LTE Advanced Pro deployment), these
earlier technologies will be gradually phased out in order to refarm the
valuable spectrum that they occupy (and make significant OPEX savings).

1.2 Migration from UMTS/HSPA

In 2004, the 3GPP (Third Generation Partnership Project) began the
development of a fourth generation network with the formation of two study
groups. The LTE (Long Term Evolution) group was set up to investigate the
development of a new access network whereas the SAE (System Architecture

MPI0001-020-010 © Mpirical Limited, 2021 1

 LTE Architecture

Evolution) group had responsibility over a new packet core network. Today
however, the term LTE is synonymous with the entire network and SAE has
tended to drift into archives of history. This concept is represented in Figure 2.

GMSC GGSN

MME PDN
GW
MSC SGSN System
Architecture S-GW
Evolution

BSC RNC Long Term

Evolution

BTS Node B eNB

MS UE UE

Figure 2 Migration from UMTS/HSPA

1.3 Virtualization
Beyond the logical LTE architecture that was introduced in Release 8 of the
3GPP specifications, it is also worth noting that NFV (Network Functions
Virtualization) is now making a significant impact on today’s LTE networks. In
essence, service providers are seeking to deploy the various elements of the
LTE architecture as VNFs (Virtualized Network Function) running over a
shared NFVI (NFV Infrastructure). As such, what was once potentially a piece
of dedicated hardware performing the role of a specific LTE network element
now becomes a software based implementation. The NFVI essentially
provides all of the compute, storage and network resources that the VNFs
require. This concept is shown in Figure 3.

Control Plane Subscriber

Elements eg MME Management eg HSS Virtualized
Network
Management and

User Plane Elements Billing and Policy Functions

Orchestration

eg P-GW Control eg PCRF

NFV Infrastructure

“Commercial Off The Shelf” Server

(Compute, Storage and Networking Resources)

Figure 3 Virtualization and LTE

Note that MANO (Management and Orchestration) performs a critical role in

the virtualized infrastructure, ensuring that VNFs can be managed
(instantiated, modified and removed) accordingly. This provides huge benefits
to the service provider because it allows the network to be highly flexible and
highly scalable. In essence, if more or less capacity is required in the network,
rather than deploying or removing hardware (which can take weeks or even
months), capacity can be added or removed in a matter of minutes (since the
network functions are software based and as long as the NFVI resources are
available, it is just a matter of allocating resources accordingly).

2 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

1.4 Enhancements to LTE

LTE Performance Goals
The performance goals of what 4G should deliver were set down by the ITU in
the IMT Advanced guidelines. Although LTE was the 3GPP’s technology
offering which was designed to fulfill the IMT Advanced criterion, technologies
such as the IEEE’s WiMAX were also put forward. Generally speaking, LTE is
by far the most popular technology deployed as a “4G” service. However in
truth, LTE failed to meet a number of the performance requirements of IMT
Advanced; it is only with the advent of LTE-A and LTE-A Pro that these goals
are now being met.

2000 2008 2015

IMT 2000 IMT Advanced IMT 2020

3G 4G 5G

Figure 4 IMT Technology Requirements

The overall performance requirements of IMT Advanced are outlined in Figure

5.

Peak Data Rate User Experienced Spectral Efficiency Mobility (km/h)

(Gbps) Data Rate (Mbps) (Peak bits/s/Hz)

1 10 15 DL, 6.75 UL 350

Connection Density Area Traffic

Latency (ms)
(devices/km2) Capacity (Mbps/m2)

10 105 0.1

Figure 5 IMT Advanced Performance Requirements

As can be seen in Figure 6, the majority of LTE deployment was completed

between 2012 and 2016. Today, there are very few countries that do not have
an LTE network deployment in place.

140 700

120 600

100 500

80 400

60 300

40 200

20 100

0 0
2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

Launched Per Year Cumulative Total Source: GSA Statistics

Figure 6 LTE Deployment

MPI0001-020-010 © Mpirical Limited, 2021 3

 LTE Architecture

Note that although many service providers deployed LTE several years ago,
their networks have continued to evolve since. In particular, the introduction of
LTE-A (LTE Advanced) and LTE Advanced Pro have allowed service providers
to improve data rates and capacity, as well as introduce additional LTE based
services and features.

Figure 7 Enhancements to LTE

Figure 9 outlines a selection of key features introduced as part of LTE-A:

Carrier Higher Spectral

MIMO
Aggregation Efficiency

Increased no. Improved Cell

Simultaneously Edge
Active Users Performance

Figure 8 Example LTE Advanced Features

Figure 9 outlines a selection of key features introduced as part of LTE-

Advanced Pro:
Carrier
MTC Public Safety
Small Cell Dual - Aggregation
Enhancements Features
Connectivity Enhancements
(eMTC) (D2D and ProSe)
(eCA)
Licensed Full-Dimension
V2X (Vehicle to
Assisted Access MIMO
Everything)
(LAA & eLAA) (FD-MIMO)

Figure 9 Example LTE Advanced and Advanced Pro Features

Evolved Packet System Architecture

Figure 10 outlines the high level architecture of the end to end LTE network,
termed the EPS (Evolved Packet System). The EPS is comprised of three
main elements:
 E-UTRA (Evolved – Universal Terrestrial Radio Access) – this
describes the LTE air interface.
 E-UTRAN (Evolved – Universal Terrestrial Radio Access Network) –
this describes the LTE radio access network.
 EPC (Evolved Packet Core) – this describes the packet switched core
network of LTE.
Collectively, the EPS provides access to a PDN (Packet Data Network), such
as the Internet or IMS (IP Multimedia Subsystem). At any given time, the
device could be connected to multiple PDNs simultaneously. The term given
to this connectivity is an “EPS Bearer”.
From an architectural perspective, the following narrative will cover the E-
UTRAN and EPC aspects of the EPS.

4 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

E-UTRA
Packet Data
E-UTRAN EPC
Network
UE
Evolved Packet System

Figure 10 Evolved Packet System Architecture

E-UTRAN Architecture

EPC

ME
-M
S1
-U
S1

Uu eNB X2
AN
TR
E-U

UE eNB

Figure 11 E-UTRAN Architecture

The LTE study group proposed a new access network termed the E-UTRAN
(Evolved - Universal Terrestrial Radio Access Network) and in so doing a new
air interface - E-UTRA (Evolved - Universal Terrestrial Radio Access). Strictly
speaking, the E-UTRAN does not include the device or UE (User Equipment)
but in the interests of clarity, it has been included here. The E-UTRAN
architecture is illustrated in Figure 11.

3.1 User Equipment

The mobile device, like that of UMTS, is termed the User Equipment and is
comprised of two distinct elements: the USIM (Universal Subscriber Identity
Module) and the ME (Mobile Equipment). Key features of the UE are outlined
in

4G E-UTRA UE Category
Support

Identification Security

UE

Dual Connectivity

Figure 12 User Equipment Key Features

 4G E-UTRA Support - first and foremost, the UE must be able to
support the technologies and techniques used in the 4G air interface.
This includes support for areas such as the frequency bands used for
4G operation, modulation techniques, multiple access techniques and

MPI0001-020-010 © Mpirical Limited, 2021 5

 LTE Architecture

enhanced transmission modes, including MIMO (Multiple Input Multiple

Output) and Carrier Aggregation
 UE Category - In addition to the numerous capabilities an LTE device
will be able to support, it must also be able to support the LTE air
interface, termed the E-UTRA. In so doing, the 3GPP have defined a
number of UE categories 1 which are summarized in Figure 13 and
Figure 14. Note that Figure 13 and Figure 14 accommodate LTE-A and
LTE Advanced Pro, but do not feature the additional categories
introduced for LTE based CIoT (Cellular Internet of Things) technology;
namely LTE-M and NB-IoT (Narrowband IoT).
Max Downlink No. of Max Uplink Support for Support for
UE Category Data Rate Downlink Data Rate 64QAM in 256QAM in
(Mbps) Streams (Mbps) Uplink Uplink
1 10.3 1 5.2 No No
2 51 2 25.5 No No
3 102 2 51 No No
4 150.8 2 51 No No
5 299.6 4 75.4 Yes No
6 301.5 2 or 4 51 No No
7 301.5 2 or 4 102 No No
8 2998.5 8 1497.8 Yes No
9 452.3 2 or 4 51 No No
10 452.3 2 or 4 102 No No

Figure 13 E-UTRA; User Equipment Radio Access Capabilities (Part 1)

No. of Support for Support for

Max Downlink Max Uplink
UE Category Downlink 64QAM in 256QAM in
Data Rate Data Rate
Streams Uplink Uplink
11 603Mbps 2 or 4 51Mbps No No
12 603Mbps 2 or 4 102Mbps No No
13 391.6Mbps 2 or 4 150Mbps Yes No
14 3.916Gbps 8 9.59Gbps Yes No
15 749.9 - 807.7Mbps 2 or 4 226Mbps Yes No
16 979 - 1.051Gbps 2 or 4 105Mbps Yes Yes
17 25Gbps 8 2.1Gbps Yes Yes
18 1.17 – 1.21Gbps 2 or 4 211 Yes Yes
19 1.56 – 1.65Gbps 2 or 4 13.56Gbps Yes Yes
20 1.94 – 2Gbps 2 or 4 316.6 Yes Yes
21 1.35 – 1.41Gbps 2 or 4 301 Yes No

Figure 14 E-UTRA; User Equipment Radio Access Capabilities (Part 2)

 Identification - as with earlier technologies, 4G will utilize different
identifiers for both the physical device, as well as the subscriber using
it. These identifiers will be in the form of the IMEI (International Mobile
Equipment Identity) and IMSI (International Mobile Subscriber Identity)
respectively, as well as a temporary ID.
 Security - the UE must have the capability to store a permanent
security key and also generate new keying material as part of the EPS
AKA (Authentication and Key Agreement) process. Both integrity
1
3GPP TS 36.306 - E-UTRA; User Equipment Radio Access Capabilities

6 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

checking and encryption of signalling and user plane traffic will be

conducted by the UE (if activated).
 Dual Connectivity - this involves the UE being in communication with
two radio network nodes simultaneously, one of which is termed the
Master RAN node, the other of which is the Secondary RAN node.
Ultimately, this provides the UE with a higher data rate.
In terms of radio spectrum, the mobile can support various scalable channels
including: 1.4MHz, 3MHz, 5MHz, 10MHz, 15MHz and 20MHz whilst operating
in FDD (Frequency Division Duplex) and TDD (Time Division Duplex) mode.

1.4MHz 3MHz 5MHz 10MHz

15MHz 20MHz

20MHz

100MHz (5×20MHz - LTE Advanced)

Figure 15 LTE and LTE Advanced Channels

Furthermore, mobiles supporting LTE Advanced features will be able to utilize

channel bandwidths of 100MHz. This is unlikely to be available as one
contiguous allocation of spectrum so LTE Advanced enables devices to
transmit and receive on up to five component carriers, each with a maximum
bandwidth of 20MHz. This technique is referred to as CA (Carrier
Aggregation) and is a key feature of LTE Advanced and LTE Advanced Pro.

3.2 Evolved Node B

Radio Resource
QoS Enforcement
Management

Data User Data

Compression Encryption

eNB

Handover Dual Connectivity

Figure 16 Evolved Node B Functions

The eNB (Evolved Node B) is comprised of the following functions:

 Radio Resource Management - this process involves the allocation of
physical radio resources to the mobile for uplink and downlink

MPI0001-020-010 © Mpirical Limited, 2021 7

 LTE Architecture

transmission. In terms of allocation, this also includes admission and

commitment of the requested radio resource or the downgrading of this
resource due to availability. In addition, the eNB will also be in control
of Carrier Aggregation and MIMO operation as part of this.
 QoS Enforcement - traffic flowing in both the uplink and downlink
direction could be subject to QoS enforcement, particularly with respect
to services such as VoLTE (Voice over LTE) in which a GBR
(Guaranteed Bit Rate) bearer is required. As such, the eNB will ensure
that resources are appropriately reserved across the air interface and
also ensure that uplink traffic is appropriately marked when sent to the
EPC. This marking is with respect to the DiffServ (Differentiated
Services) QoS framework.
 Data Compression - IP compression is performed using PDCP (Packet
Data Convergence Protocol), focusing on ensuring that only data that is
changing on an unpredictable basis gets transmitted; data fields which
repeat on a per header basis or perhaps are predictable do not need to
be transmitted.
 User Data Encryption - encryption of the radio link is performed by the
eNB. It should be noted that this only protects the data across the air
interface.
 Handover - in LTE, the eNBs are capable of coordinating a handover
between themselves through the use of the X2 interface. As such,
handover responsibility, for the most part, is taken away from the core
network and conducted on a localised basis (assuming that the service
provider has chosen to implement X2).
 Dual Connectivity - introduced in Release 12 of the 3GPP
specifications as part of LTE-A, Dual Connectivity is a mechanism
which sees the device utilizing both a MeNB (Master eNode B) and a
SeNB (Secondary eNode B). This configuration results in a higher data
rate being delivered to the device. Typically, the MeNB will be a macro
cell, whereas the SeNB will be a small cell of some description
(although this configuration is by no means the only configuration
option).

3.3 Home Evolved Node B

Often discussed under the general topic of Femto Cells or Small Cells, the
3GPP have defined a specific base station to improve network coverage and
capacity within the SoHo (Small Office Home Office) environment. Termed the
HeNB (Home Evolved Node B), this node also forms part of the E-UTRAN.
The system may also include a HeNB-GW (Home Evolved Node B -
Gateway) which is designed to support large numbers of HeNBs in the role of
a concentrator. This concept is illustrated in Figure 17.

8 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

HNB
GW EPC

S1
S1

Uu HeNB
AN
TR
E-U

UE HeNB

Figure 17 Femto Cell Architecture

3.4 E-UTRAN Interfaces and Protocols

Uu Interface
As shown in Figure 18, the Uu interface contains both a Control and User
Plane. The principle control plane protocol is RRC (Radio Resource Control) 2
whereas the user plane is designed to transport IP datagrams. Both planes
use the services of PDCP (Packet Data Convergence Protocol) 3, RLC (Radio
Link Control) 4 and MAC (Medium Access Control) 5.

Control Plane User Plane

RRC IP
PDCP PDCP
RLC RLC
MAC MAC
Layer 1 Layer 1

E-UTRAN Uu

UE eNB

Figure 18 E-UTRAN Uu Interface

Radio Resource Control

RRC is a sublayer of Layer 3 on the LTE radio interface; it exists in the control
plane only and provides an information transfer service to NAS (Non Access
Stratum) signalling. RRC is also responsible for controlling the configuration of
the LTE radio interface, facilitating the establishment and management of
radio bearers, mobility management and security.
Packet Data Convergence Protocol
PDCP fundamentally provides a compression service to higher layer data,
which may be control plane or user plane (IP) traffic. When the LTE variant of
PDCP compresses data (PDCP is also used in 3G), a separate standard
termed ROHC (Robust Header Compression) is utilized. Moreover, the LTE
variant of PDCP is also responsible for implementing ciphering and integrity
checking.

2
3GPP TS 36.331 - E-UTRA RRC Protocol Specification
3
3GPP TS 36.323 - E-UTRA Packet Data Convergence Protocol Specification
4
3GPP TS 36.322 - E-UTRA Radio Link Control Protocol Specification
5
3GPP TS 36.321 - E-UTRA Medium Access Control Protocol Specification

MPI0001-020-010 © Mpirical Limited, 2021 9

 LTE Architecture

Radio Link Control

RLC provides a segmentation and reassembly function for higher layer data
such as RRC (Radio Resource Control) signalling or user plane data, in order
to ensure higher layer data is the correct size for transmission over the air
interface. The protocol can also provide concatenation and error correction if
required.
Medium Access Control
The MAC protocol layer is present in the mobile and the eNB in order to
support the correct multiplexing/demultiplexing of signalling and user plane
traffic onto the various transport channels of the air interface.

X2 Interface
The X2 interface connects two eNBs and supports both signalling and user
data. The control plane protocol operating across X2 is X2AP (X2 Application
Protocol) 6 which utilizes the services of SCTP (Stream Control Transmission
Protocol) 7 whereas the user plane utilizes GTPv1-U (GPRS Tunnelling
Protocol version 1 - User) 8 to carry the IP datagrams.

Control Plane User Plane

X2AP GTPv1-U
SCTP UDP
IP IP
Layer 2 Layer 2
Layer 1 Layer 1

X2

eNB eNB

Figure 19 X2 Interface

X2 Application Protocol
X2AP is a control protocol found between eNBs on the X2 control plane. Main
functions of X2AP include X2 based mobility, as well as X2 "Global
Procedures". The former is largely associated with eNB (Evolved Node B)
controlled handover procedures whereas the latter deals with the
establishment and management of the X2 connection.
User Datagram Protocol
UDP 9 is a lightweight Transport Layer protocol, providing source and
destination port addressing for the multiplexing/demultiplexing of higher layer
applications onto the same transport bearer. Other than port addressing, the
UDP header contains a Length and a Checksum field, resulting in a low
transmission overhead, albeit at the cost of reliable delivery (UDP does not
provide a retransmission facility).
Stream Control Transmission Protocol
SCTP provides sequential, reliable delivery of higher layer data, using logical
streams to separate this functionality and hence avoid head of line blocking.
An SCTP connection between two network nodes e.g. eNB to MME is termed

6
3GPP TS 36.423 - X2 Application Protocol
7
IETF RFC 4960 - Stream Control Transmission Protocol
8
3GPP TS 29.281 - General Packet Radio System (GPRS) Tunnelling Protocol User Plane (GTPv1-U)
9
IETF RFC 768 - User Datagram Protocol

10 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

an SCTP Association, which can feature flow control and multihoming as

standard capabilities.
SCTP provides much of the same functionality as TCP (Transmission Control
Protocol), without the inherent drawbacks that TCP can suffer from.
GPRS Tunneling Protocol version 1 - User
GTPv1-U is used to tunnel user plane data between different network nodes
e.g. on the Gn, Gp, S1-U and S5 interfaces. GTPv1-U is used with UDP (User
Datagram Protocol) and IPv4/IPv6 as supporting layers. In order to multiplex
multiple users onto the same transport bearer (port/IP address), TEIDs
(Tunnel Endpoint Identifier) are used to differentiate one traffic stream from
another (the TEID is simply a numerical identity which has to be unique for a
given traffic stream). The receiving end side of a GTP tunnel locally assigns
the TEID value that the transmitting side must use and vice versa, assuming
bidirectional transmission. TEIDs will be negotiated during the establishment
of the GTP tunnel, which is achieved using GTPv2-C (GPRS Tunnelling
Protocol version 2 - Control).

EPC Architecture

MME S1
0

MME PDN
HSS PDN
GW SG
i
S6
a

S1
1 S-GW S5

S1
-M
ME

-U
S1

eNB

eNB

Figure 20 EPC Architecture

The 3GPP defined the EPC (Evolved Packet Core) as part of its evolution of
cellular networks to a higher data rates, lower latency, packet optimized
system that supports multiple RAT (Radio Access Technology). The focus of
this work was in the packet switched domain, with the assumption that it
would support all services including voice, video and multimedia. The EPC
architecture is illustrated in Figure 20.
Each network element will be discussed in turn within the narrative that
follows.

MPI0001-020-010 © Mpirical Limited, 2021 11

 LTE Architecture

4.1 Mobility Management Entity

NAS Signalling Mobility

(EMM and ESM) Management

MME
Paging Authentication

Bearer
CS Interworking
Management

Figure 21 MME Functions

The MME (Mobility Management Entity) is responsible for the following

functions:
 NAS (Non Access Stratum) Signalling - NAS signalling includes EMM
(EPS Mobility Management) and ESM (EPS Session Management)
information. This includes procedures such as Initial Attach, Tracking
Area Updating and Service Requests. The MME is also responsible for
the security of signalling between itself and the mobile, with lawful
interception of signalling traffic part of this.
 Mobility Management - whilst the mobile is in the ECM (EPS
Connection Management) Idle State, its position is tracked by the MME
to the granularity of a TA (Tracking Area) or TAI (Tracking Area Identity)
List. When the mobile is in an ECM Connected state, the MME will
know the location of the mobile to the granularity of a Cell ID.
 Paging - due to the fact that the MME tracks the TA or TAI list that the
subscriber is in, the MME is responsible for paging the mobile when
downlink data enters the network destined for the subscriber.
 Authentication - the MME interacts with functions such as the HSS
(Home Subscriber Server) to obtain AAA (Authentication, Authorization
and Accounting) information with which to authenticate the subscriber.
Authentication in LTE is based upon AKA (Authentication and Key
Agreement). The AAA server will reside in the subscriber’s home
network. Consequently the MME must be capable of supporting these
procedures even in the roaming environment.
 Bearer Management - when a mobile transitions from ECM Idle to ECM
active in order to send or receive data, the MME is responsible for
ensuring that the eNB and S-GW are provided with the correct
information in order to provide E-RAB (Evolved Radio Access Bearer)
connectivity.
 CS Interworking - the MME has connectivity to the CS voice core in
order to support CSFB (Circuit Switched Fallback) and VoLTE to 2G/3G
mobility, termed SR-VCC (Single Radio Voice Call Continuity).

4.2 Serving Gateway

The S-GW is responsible for the following functions:
 User Plane Traffic Switching - with the exception of certain CIoT
scenarios, all user plane traffic entering and leaving the EPC from the
perspective of the E-UTRAN flows through the S-GW. As such, the S-

12 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

GW is responsible for subscriber traffic separation through the use of

distinct GTP (GPRS Tunnelling Protocol) tunnels. Depending on
network activity e.g. is the user browsing the Internet, conducting a
VoLTE call etc. any given subscriber will have several GTP tunnels in
existence at any one time. The S-GW must ensure user plane traffic is
taken from its GTP tunnel on the S1-U interface and switched to the
appropriate tunnel on the S5 interface (and vice versa). Depending on
the capabilities of the S-GW, it may need to support hundreds of
thousands of GTP tunnels at any given time.
 E-UTRAN Mobility - the S-GW acts as the mobility anchor point for the
User Plane during handovers between eNBs. Likewise it must also
anchor mobility for inter 3GPP handovers such as those towards
legacy 3G network elements. It should be noted that the PDN-GW
anchors mobility when non 3GPP interworking is invoked.
 Data Buffering - when traffic arrives in the EPC for a mobile in the ECM
Idle state, the S-GW must buffer this traffic prior to the mobile being
paged and entering the ECM Connected state. As such, the S-GW will
notify the MME that data has arrived in the network for a particular
subscriber by using the S11 interface.
 Roaming - many roaming scenarios for LTE employ “Home Routing”,
whereby user plane traffic from a roaming subscriber is sent from the
Visited Network back to the Home Network before being sent to a PDN.
To support this, the S-GW in the Visited Network will use the S8
interface to a PDN-GW in the Home Network.

User Plane E-UTRAN

Traffic Switching Mobility

S-GW

Data Buffering Roaming

Figure 22 S-GW Functionality

4.3 Packet Data Network Gateway

The PDN-GW, also termed the P-GW (PDN Gateway), terminates the SGi
interface and is responsible for the following functions:
 PDN Anchor - typically, when a user attaches to the LTE network, they
will connect to at least one PDN, identified by an APN (Access Point
Name). The exception to this is for certain CIoT and 5G mobility
scenarios, the attach can take place without PDN connectivity being
established. This aside, for the duration of the attachment to the
network, although the eNB, S-GW and MME could change for the
subscriber, the PDN-GW will stay the same. Hence, the PDN-GW acts
as a mobility anchor for a given APN.
 Policy Enforcement - as part of the PCC (Policy and Charging
Control) 10 framework, the PDN-GW could house the PCEF (Policy and
Charging Enforcement Function). As such, the PDN-GW will be the
10
3GPP TS 23.203 - Policy and Charging Control Architecture

MPI0001-020-010 © Mpirical Limited, 2021 13

 LTE Architecture

central point at which policy can be enforced for user plane traffic eg.
throttle a user because they have reached their download limit, stop a
particular service due to the geographical location of a user, etc.
 Accounting - due to the inclusion of the PCEF within the PDN-GW’s
architecture, the PDN-GW is a logical point for:
 generating offline billing data which will be turned into a CDR
(Charging Data Record).
 obtaining credit as part of online billing, from the OCS (Online
Charging Server).
 IP Address Allocation - IP addressing information for the device is
allocated by the PDN Gateway. This allocation is included as part of the
initial attachment to the PDN and could include IPv4 addresses or IPv6
prefixes. It is possible that the PDN-GW will use a AAA server to
facilitate this process, or possibly DHCP (Dynamic Host Configuration
Protocol). For CIoT applications, the PDN-GW may also handle NIDD
(Non IP Data Delivery) traffic.
 Lawful Interception - there are several “choke” points for user plane
traffic in the network such as the S-GW and PDN-GW which may mean
they are suitable points for gathering CC (Content of Communication)
in order to support LI (Lawful Intercept).
It is common to see the functions of the S-GW and PDN-GW combined into a
single physical entity. As such, the S5 interface will be transparent to the
network.

Policy
PDN Anchor Enforcement

PDN
GW
IP Address
Accounting
Allocation

Lawful Intercept

Figure 23 PDN-GW Functionality

4.4 Home Subscriber Server

The HSS is the master database for the PLMN (Public Land Mobile Network)
and incorporates the functionality of the HLR (Home Location Register). While
logically it is viewed as one entity, in practice it will be made up of several
physical databases depending on the number of subscribers and the extent of
the services that need to be supported. Alternatively, the HSS could be based
on the UDR (Unified Data Repository) architecture and as such, may be
functioning as a front-end into a shared back-end common database.
The HSS holds variables and identities for the support, establishment and
maintenance of calls and data sessions made by subscribers. In summary,
the key features of the HSS include:
 Mobility Management - this function supports the user mobility through
registration procedures within the EPC.
 Authentication Vector Generation - the generation of user
authentication, integrity and ciphering data for the EPC domain,

14 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

including interaction with appropriate AAA functions when necessary.

The HSS will provide a security quintet as part of the EPS-AKA
procedure.
 Service Provisioning Support - the HSS provides access to the service
profile data for use within the LTE network.
 Session Establishment Support - during the PDN connection process,
the HSS will provider APN (Access Point Name) configuration profiles
to the MME in order to define, for each APN, whether the subscriber is
allowed to access the APN and what default QoS levels they should be
allocated.
 Roaming Authorization - mobile access is authorized by the HSS when
requested by the MME, by checking that the user is allowed to roam to
that visited network.
 User Identification Handling - this function provides the appropriate
relationship among all the identifiers relating to a user's subscription.
These include IMSI and MSISDN, IP addresses, Private Identity and
Public Identities (the latter two are identities used in the IMS).

Authentication
Mobility Vector
Management Generation

Service Session
Provisioning HSS Establishment
Support Support

User
Roaming
Identification
Authorization
Handling

Figure 24 HSS Key Features

4.5 Dedicated Core Networks

The concept of a DCN (Dedicated Core Network) or DECOR (Dedicated
Core) was introduced into the 3GPP Release 13 specifications to enable
mobile service providers to deploy one or more dedicated core networks
within their PLMN (Public Land Mobile Network) with each, dedicated for a
specific type of subscriber. For example, a dedicated core network could be
established for CIoT (Cellular IoT) devices keeping them separate from the
more traditional MBB (Mobile Broadband) type devices.

MPI0001-020-010 © Mpirical Limited, 2021 15

 LTE Architecture

MME PDN
GW
S-GW
EPC

CIoT
MME PDN
GW
S-GW
EPC
E-UTRAN
MBB
MME PDN
GW
S-GW
UE EPC

Corporate

Figure 25 Dedicated Core Network

Further enhancements were made in the Release 14 3GPP specifications

(eDECOR) to reduce the signalling load of the network. Finally, it is worth
pointing out that the principles behind DCN have been extended into the 5G
specifications (Release 15) with the introduction of network slicing and the
ability to differentiate slices in terms of eMBB (Enhanced Mobile Broadband),
MIoT (Massive Internet of Things) and URLLC (Ultra Reliable Low Latency
Communications).

4.6 EPC Interfaces and Protocols

S1-MME Interface
The S1-MME interface links the eNB and the MME and as such carries
control signalling between the E-UTRAN and the EPC. In so doing, it uses the
service of S1AP (S1 Application Protocol) 11. However, it should be stated that
some protocols such as NAS pass across the S1-MME interface but terminate
on the mobile rather than the eNB.
S1AP
SCTP
IP
Layer 2
Layer 1

MME
S1-MME

eNB

Figure 26 S1-MME Interface

S1 Application Protocol
S1AP is used between the eNB and the MME in order to support operations
such as E-RAB (E-UTRAN Radio Access Bearer) Management, transfer of
UE Context information, NAS Signalling transport, Paging and EPC based
mobility.

11
3GPP TS 36.413 - S1 Application Protocol

16 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

S1-U Interface
GTPv1-U
UDP
IP
Layer 2
Layer 1
S-GW

S1-U

eNB

Figure 27 S1-U Interface

The S1-U interface spans the link between the eNB and S-GW. This carries
user plane information using the services of GTP-U and the underlying IP
network.

S5/S8 Interface
The S5 and S8 interfaces span the link between the S-GW and the PDN-GW;
either within the same PLMN (Public Land Mobile Network) as in the case of
S5, or in visited networks in the case of S8. These interfaces carry both
control and user plane information using the services of GTPv2-C (GPRS
Tunnelling protocol v 2 - Control) 12 and GTPv1-U respectively.

Control Plane User Plane

GTPv2-C GTPv1-U
UDP UDP
IP IP
Layer 2 Layer 2
Layer 1 Layer 1
S-GW PDN
GW
S5/S8

Figure 28 S5/S8 Interface

GPRS Tunnelling Protocol version 2 - Control

GTPv2-C is a control plane protocol used to manage the establishment,
modification and termination of GTPv1-U user plane tunnels, as well as
support various mobility related scenarios. For the E-UTRAN and EPC, these
tunnels are relative to the end to end EPS bearer, whether Default or
Dedicated.

S10 Interface
The S10 interface carries control plane information between MMEs. This uses
the protocol GTPv2-C on top of the underlying IP network.

12
3GPP TS 29.274 - Evolved General Packet Radio Service (GPRS) Tunnelling Protocol for Control plane

MPI0001-020-010 © Mpirical Limited, 2021 17

 LTE Architecture

GTPv2-C
UDP
IP
Layer 2
Layer 1

MME MME
S10

Figure 29 S10 Interface

S11 Interface
The S11 interface carries the control plane signalling between the MME and
the S-GW. It also uses the protocol GTPv2-C and the underlying IP network.
Note that with the introduction of CIoT EPS optimization, S11 also now
features a user plane (S11-U) to support user plane traffic delivery via NAS
(as part of the LTE-M and NB-IoT specifications).

Control Plane User Plane

GTPv2-C GTPv1-U
UDP UDP
IP IP
Layer 2 Layer 2
Layer 1 Layer 1
S-GW
MME S11

Figure 30 S11 Interface

Figure 31 shows how, using S11-U, the control plane has been optimized for
CIoT operation. Normally, the user plane would flow through the eNB
however, with this approach, user plane connectivity to the eNB does not
need to be established since the NAS signalling connection is being used to
carry the data to the EPC.

MME

Co
Us ntr
er ol
l
tro
n
Co

S-GW PDN
GW

eNB
Control Control

User User IP Data

Figure 31 Control Plane CIoT EPS Optimization

SGs Interface
The SGs interface connects the MME with a 2G or 3G MGCF (Media
Gateway Control Function) and in so doing supports SGsAP (SGs Application

18 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

Protocol) 13 over SCTP. The interface is used to support the Combined Attach
procedure and other signalling associated with CSFB (Circuit Switched
Fallback) operation.
SGsAP
SCTP
IP
Layer 2
Layer 1

MME MSC-S
SGs

Figure 32 SGs Interface

SGs Application Protocol

SGsAP is designed to facilitate mobility management and paging procedures
on the SGs interface, as part of CSFB operation. In addition, SGsAP permits
the transfer of SMS delivery via the circuit switched core network when IP
based messaging services are not available. Key capabilities of SGsAP
include: Paging for non-EPS services, Location Updates for non EPS
services, alert procedures, IMSI detach from EPS services, Mobility
Management procedures and failure conditions.

S3 Interface
The S3 interface links the MME with the SGSN (Serving GPRS Support
Node) in order to support interworking and PS (Packet Switched) handovers.
It utilizes the GTPv2-C protocol.
GTPv2-C
UDP
IP
Layer 2
SGSN
Layer 1

MME
S3

Figure 33 S3 Interface

S4 Interface
Control Plane User Plane
GTPv2-C GTPv1-U
UDP UDP
IP IP
Layer 2 Layer 2
Layer 1 Layer 1 SGSN
S-GW
S4

Figure 34 S4 Interface

13
3GPP TS 29.118 - MME-VLR SGs Interface Specification

MPI0001-020-010 © Mpirical Limited, 2021 19

 LTE Architecture

The S4 interface links the SGSN with the S-GW. It is used during PS
handovers between LTE and UMTS/GPRS and in so doing utilizes the
GTPv2-C protocol.

S6a Interface
The S6a interface connects the MME with the HSS which resides within the
IMS (IP Multimedia Subsystem). The application protocol on this interface is
Diameter.
Diameter
SCTP
IP
Layer 2
Layer 1

MME
S6a
HSS

Figure 35 S6a Interface

Diameter (S6a)
The Diameter S6a/S6d 14 application allows entities such as the MME and
SGSN to provide mobile device related location information to the HSS. In
turn, the HSS can use the same application to provide subscriber
management information in return. This includes pushing the latest subscriber
information as and when any parameters associated with the subscription are
modified.

SGi Interface
The SGi interface links the LTE network with the external world or specifically
the PDN-GW with the PDN (Packet Data Network). The interface is typically
based on IP and as such supports a vast array of IETF (Internet Engineering
Task Force) protocols.

4.7 CUPS
CUPS (Control and User Plane Separation of EPC nodes) 15 was introduced in
Release 14 of the 3GPP specifications. In essence, CUPS is a mechanism
which allows the service provider to separate control and user plane
functionality in core network nodes such as the S-GW and PDN-GW. The
concept is outlined in Figure 36, which introduces a new packet forwarding
control interface between the control plane and user plane element of each
node.

14
3GPP TS 29.272 - MME and SGSN related interfaces based on Diameter protocol
15
3GPP TS 23.214 - Architecture enhancements for control and user plane separation of EPC nodes

20 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

MME S1
0

MME PDN
HSS P-GW i
C SG

S6
a

S1 S-GW -C P-GW
1 S5
C Sx
b U
S1
-M
ME

S-GW -U
S5
Sx
a U
S1
-U

eNB

Figure 36 CUPS Architecture

By separating control and user plane components, network deployment can

be much more flexible eg centralized or distributed deployment models.
Moreover, the control and user plane elements are now independently
scaleable, which saves cost and addresses the requirement to accommodate
more data in the network but not necessarily more subscribers (with CIoT, the
opposite concept is just as valid – more devices but not necessarily a
significant increase in data). With a distributed user plane function, this has
the potential to facilitate low latency solutions, particularly if MEC (Multi
access Edge Computing) is also deployed in the network. Finally, CUPS
compliments a virtualized infrastructure which adopts SDN (Software Defined
Networking).
With respect to the CUPS architecture shown in Figure 36, S5-C and S5-U
are based on GTPv2-C and GTPv1-U respectively. However, both Sxa and
Sxb are based on a new protocol stack for the EPC, as outlined in Figure 37
(which shows Sxa only; Sxb is identical).
Note that the Sx interfaces also includes a user plane based on GTPv1-U. For
Sxa, this user plane connection could be used if the S-GW-C is responsible
for buffering downlink data. Alternatively, for Sxb, this is present to facilitate
scenarios whereby the device must exchange data indirectly with the P-GW-
C, such as for DHCP configuration or Router Advertisement / Router
Solicitation messages.
PFCP GTPv1-U
UDP UDP
IP IP
Layer 2 Layer 2
S-GW Layer 1 Layer 1 S-GW
C U
Sxa

Figure 37 Sxa Protocol Stack

Packet Forwarding Control Protocol

PFCP (Packet Forwarding Control Protocol) 16 is a control protocol used by a
packet forwarding controller to control a packet forwarding user plane

16
3GPP TS 29.244 – Interface between the Control Plane and User Plane Nodes

MPI0001-020-010 © Mpirical Limited, 2021 21

 LTE Architecture

function. PFCP facilitates the establishment, modification and deletion of Sx

sessions within the user plane function (for LTE, a session could relate to a
PDN connection). Control of a session is based on PFCP rules which are
passed from the control plane function to the user plane function. PFCP
request messages can include a PDR (Packet Detection Rule), FAR
(Forwarding Action Rule), QER (QoS Enforcement Rule), URR (Usage
Reporting Rule) or BAR (Buffering Action Rule).

PCC Architecture
Given that all user plane communication across the LTE network will be via a
packet switched network, PCC (Policy and Charging Control) is necessary to
ensure that the correct service is provided to the subscriber on a per packet
flow basis. This is achieved through the use of a PCRF (Policy and Charging
Rules Function) and PCEF (Policy and Charging Enforcement Function)
which provide bearer network control regarding the QoS which should be
provisioned and applied for a given service data flow, charging vectors and
the rules which may be associated with these flows. The basic architecture of
the PCC is illustrated in Figure 38.

OFCS OCS

Sy
AF
PCRF

Gz Rx

Gy Gx Sp

PCEF SPR

IP-CAN

UE

Figure 38 PCC Architecture

Policy and Charging Rules Function

The PCRF (Policy and Charging Rules Function) creates “PCC rules” which
define how a particular SDF (Service Data Flow) can be detected (through
identification of IP addresses, ports etc), what level of QoS must be applied to
that SDF and the charging information associated with the SDF. PCC Rules
are created through interaction with the AF (Application Function) and the
SPR (Subscription Profile Repository), allowing the PCRF to determine
whether or not a particular SDF is authorized in the first instance.
A PCC rule can be activated or modified on the basis of dynamically changing
network conditions, such as device type, time of day, geolocation, network
congestions, etc.
Policy and Charging Enforcement Function
The PCEF (Policy and Charging Enforcement Function) is responsible for
filtering traffic within the IP-CAN based on PCC rules provided by the PCRF.
As such, the PCEF is responsible for ensuring SDFs are treated with the

22 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

appropriate QoS within the IP-CAN, in addition to ensuring that billing

information is passed to online/offline charging as appropriate.
Application Function
An AF (Application Function) is capable of generating triggers in the form of
Diameter AAR (Authorization Authentication Request) messages in order to
cause the PCRF to dynamically create a PCC rule.
In the case of the 3GPP IMS (IP Multimedia Subsystem), an example of an
AF would be the P-CSCF (Proxy - Call Session Control Function), although
the AF could also potentially be a 3rd party application server. During IMS
session establishment, the AF will take information from the SIP (Session
Initiation Protocol) signalling and pass it to the PCRF in order for the
appropriate PCC rule to be formulated. This information would include
parameters such as IP addressing, ports, media type, media format,
bandwidth requirements etc, all of which will be pertinent to the media
streams (Service Data Flows) which are attempting to be established.
Subscription Profile Repository
The SPR (Subscription Profile Repository) provides a similar role to the HSS
(Home Subscriber Server) in terms of providing subscriber information to
relevant network nodes. In the case of the SPR, subscriber information is
provided to the PCRF in order to allow the PCRF to ascertain who is allowed
to access the IP-CAN and what kind of QoS they are permitted to request on
a per service basis. Information provided by the SPR would include the
subscriber’s allowed services, guaranteed bandwidth QoS level and charging
related information.
Charging Servers
Charging servers include the OCS (Online Charging Server) and OFCS
(Offline Charging Server). The Diameter based Gy and Gz connect the PCEF
to the OCS and OFCS respectively. Although billing information may
potentially be generated for all sessions and events, this may not necessarily
be reflected in the subscriber’s tariff/bill.

5.1 PCC Reference Points and Protocol Stacks

Gx Interface
Diameter
SCTP
IP
Layer 2
Layer 1
PDN
GW
PCEF PCRF
Gx

Figure 39 Gx Interface

The Diameter based Gx interface utilizes the "Diameter Credit Control"

application. The messages found on the Gx interface are largely associated
with the management of the IP-CAN (IP Connectivity Access Network)
sessions, such as during the establishment of a Default EPS Bearer or
triggering of a Dedicated EPS Bearer. As part of this, the Gx interface is used

MPI0001-020-010 © Mpirical Limited, 2021 23

 LTE Architecture

to push rules from the PCRF to the PCEF, as well as facilitate event reporting
from the PCEF to the PCRF.
Diameter (Gx)
The Diameter based Gx 17 interface utilizes the "Diameter Credit Control"
application, which was initially standardized in RFC 4006. The messages
found on the Gx interface are largely associated with the management of IP-
CAN (IP Connectivity Access Network) sessions, such as during the
establishment of a Default EPS Bearer or triggering of a Dedicated EPS
Bearer. As part of this, the Gx interface is used to push rules from the PCRF
(Policy and Charging Rules Function) to the PCEF (Policy and Charging
Enforcement Function), as well as facilitate event reporting from the PCEF to
the PCRF.

IMS Architecture
For seamless mobility and service delivery to be successful, a viable
architecture must be established to ensure that a subscriber’s services can be
delivered to them irrespective of their terminal, access network and core
network connectivity. This may be within the home network or on a visited
network. In order to achieve this, the session signalling must be independent
of the underlying bearer network to enable it to provide a consistent interface
between the mobile and the AS (Application Server).

HSS
AS
I Cx Cx
S
CSCF CSCF

ISC
Mw
Mw
PCRF ISC

Mw
AS
P
Rx CSCF
Gx PDN
GW i
SG

Figure 40 IMS Architecture

As illustrated in Figure 40, this abstraction of service management is

facilitated through the introduction of a service layer that extends across all
functions involved in the delivery of services. This encompasses the AS, that
provides service and session control, the CSCF (Call Session Control
Function) that provides a SIP (Session Initiation Protocol) Proxy function and
the HSS that provides subscription, security and mobility information.
The CSCF controls the session between the mobile and the services that it is
accessing. This relates to both mobile originated and mobile terminated
sessions. Moreover, in supporting the session, the CSCF will interact with AS
such as call servers, media servers, voice mail servers etc, that will provide

17
3GPP TS 29.212 - Policy and Charging Control (PCC); Reference points

24 © Mpirical Limited, 2021 MPI0001-020-010

LTE Architecture

the service logic which will ultimately dictate how services are delivered to the
user.
Proxy CSCF
The P-CSCF (Proxy - Call Session Control Function) acts as the ingress and
egress point to and from a service provider's IMS domain with respect to the
IMS client. The P-CSCF has a large number of responsibilities, including:
onward routing of registration and session requests to the correct nodes in the
network, ensuring the S-CSCF (Serving - Call Session Control Function) is
kept updated on the access network the subscriber is using, providing session
information to the PCRF and maintaining a secure connection with the client
device.
Interrogating CSCF
The I-CSCF (Interrogating - Call Session Control Function) is responsible for
onward routing of SIP messages to the appropriate S-CSCF for a given
subscriber. This routing capability is utilized in specific scenarios only, such as
during registration in order to assign or ascertain the S-CSCF which should be
used. Routing SIP requests arriving from other SIP networks is also a
responsibility of the I-CSCF.
The I-CSCF queries the HSS in order to discover the S-CSCF a particular
subscriber has been assigned to.
Serving CSCF
The S-CSCF (Serving - Call Session Control Function) is the primary node in
the IMS responsible for session control. Subscribers will be allocated a S-
CSCF for the duration of their IMS registration in order to facilitate routing of
SIP messages as part of service establishment procedures. Consequently,
the S-CSCF will download a subscriber profile from the HSS at the time of
registration, which allows the S-CSCF to ascertain which Application Server
any service requests should be sent to. The S-CSCF will also be involved in
breakout to the PSTN, if this is supported.
Home Subscriber Server
The HSS is the master database for a given subscriber, acting as a central
repository of information for network nodes. Subscriber related information
held by the HSS includes user identification, security, location and
subscription profiles.
Application Servers
These platforms are designed to provide specific service features and
capabilities. As an example, for VoLTE, a TAS (Telephony Application Server)
is required to facilitate supplementary services. Other application server
examples include: service continuity, social presence, instant messaging,
converged address book and voicemail service.

6.1 IMS Protocols

The signalling protocols to coordinate service delivery are SIP (Session
Initiation Protocol) and Diameter. SIP is used as the common protocol
interface between the AS, CSCF and terminal whereas Diameter is used as a
common interface between the HSS and IMS functions. It should be stated
that behind the HSS the various databases that comprise this function use
their generic protocols. These include MAP (Mobile Application Part), DHCP
(Dynamic Host Configuration Protocol), DNS (Domain Name System) etc.

MPI0001-020-010 © Mpirical Limited, 2021 25

 LTE Architecture

Ultimately, the IMS moves away from the “stovepipe” approach to service
delivery by allowing all services to utilize a common underlying architecture.
SIP
UDP/TCP
IP
Layer 2
Layer 1
P S
CSCF Mw CSCF

Figure 41 Example IMS SIP Protocol Stack

Session Initiation Protocol

SIP is an IETF protocol which was initially designed to establish, maintain and
terminate multimedia sessions. Since its initial standardization, SIP has been
adopted as the main signalling protocol in a variety of different network
architectures. This includes the 3GPP IMS, where existing SIP features have
been utilized, in addition to new enhancements which have been specifically
created.

26 © Mpirical Limited, 2021 MPI0001-020-010

 LTE Architecture
3GPP (Third Generation Partnership
Project)
AAR (Authorization Authentication
Request)
AF (Application Function)
AKA (Authentication and Key Agreement)
APN (Access Point Name)
AS (Application Server)
BAR (Buffering Action Rule)
CA (Carrier Aggregation)
CAPEX (Capital Expenditure)
CC (Content of Communication)
CDR (Charging Data Record)
CSCF (Call Session Control Function)
CSFB (Circuit Switched Fallback)
DHCP (Dynamic Host Configuration
Protocol)
DiffServ (Differentiated Services)
DNS (Domain Name System)
ECM (EPS Connection Management)
EMM (EPS Mobility Management)
eNB (Evolved Node B)
EPC (Evolved Packet Core)
EPS (Evolved Packet System)
E-RAB (E-UTRAN Radio Access Bearer)
ESM (EPS Session Management)
E-UTRA (Evolved - Universal Terrestrial
Radio Access)
E-UTRAN (Evolved - Universal Terrestrial
Radio Access Network)
FAR (Forwarding Action Rule)
FDD (Frequency Division Duplex)
GPRS (General Packet Radio Service)
GTP (GPRS Tunnelling Protocol)
GTPv2-C (GPRS Tunnelling Protocol
version 2 - Control)
HeNB (Home Evolved Node B)
HeNB-GW (Home Evolved Node B -
Gateway)
MPI0001-020-010 © Mpirical Limited, 2021
Glossary
HLR (Home Location Register)
HSS (Home Subscriber Server)
I-CSCF (Interrogating - Call Session
Control Function)
IMEI (International Mobile Equipment
Identity)
IMS (IP Multimedia Subsystem)
IMSI (International Mobile Subscriber
Identity)
IP-CAN (IP Connectivity Access Network)
LI (Lawful Intercept)
LTE (Long Term Evolution)
LTE-A (LTE Advanced)
MAC (Medium Access Control)
MAP (Mobile Application Part)
ME (Mobile Equipment)
MGCF (Media Gateway Control Function)
MIMO (Multiple Input Multiple Output)
NAS (Non Access Stratum)
NFV (Network Functions Virtualization)
NFVI (NFV Infrastructure)
NIDD (Non IP Data Delivery)
OCS (Online Charging Server)
OFCS (Offline Charging Server)
OPEX (Operational Expenditure)
PCC (Policy and Charging Control)
PCEF (Policy and Charging Enforcement
Function)
PCRF (Policy and Charging Rules
Function)
P-CSCF (Proxy - Call Session Control
Function)
PDCP (Packet Data Convergence
Protocol)
PDN (Packet Data Network)
PDR (Packet Detection Rule)
PFCP (Packet Forwarding Control
Protocol)
P-GW (PDN Gateway)
27

PLMN (Public Land Mobile Network)
QER (QoS Enforcement Rule)
RLC (Radio Link Control)
ROHC (Robust Header Compression)
RRC (Radio Resource Control)
SAE (System Architecture Evolution)
S-CSCF (Serving - Call Session Control
Function)
SDF (Service Data Flow)
SDN (Software Defined Networking).
SGsAP (SGs Application Protocol)
SIP (Session Initiation Protocol)
SPR (Subscription Profile Repository)
28 © Mpirical Limited, 2021
LTE Architecture
SR-VCC (Single Radio Voice Call
Continuity)
TA (Tracking Area)
TAI (Tracking Area Identity)
TCP (Transmission Control Protocol)
TDD (Time Division Duplex)
TEID (Tunnel Endpoint Identifier)
UDP (User Datagram Protocol)
UDR (Unified Data Repository)
UE (User Equipment)
URR (Usage Reporting Rule)
USIM (Universal Subscriber Identity
Module)
VNF (Virtualized Network Function)
MPI0001-020-010
LTE Architecture

Innovating Telecoms Training

Contact Us
Tel: +44 (0) 1524 844669
Email: enquiries@mpirical.com

www.mpirical.com