Скачать презентацию 1 Cellular Networks and Mobile Computing COMS 6998 Скачать презентацию 1 Cellular Networks and Mobile Computing COMS 6998

7f28834885090811a500fbb55a863adb.ppt

  • Количество слайдов: 111

1 Cellular Networks and Mobile Computing COMS 6998 -7, Spring 2014 Instructor: Li Erran 1 Cellular Networks and Mobile Computing COMS 6998 -7, Spring 2014 Instructor: Li Erran Li ([email protected] columbia. edu) http: //www. cs. columbia. edu/~lierranli/coms 6998 -7 Spring 2014/ 3/7/2014: Introduction to Cellular Networks

Review of Previous Lecture • What are the different approaches of virtualization? 3/7/14 Cellular Review of Previous Lecture • What are the different approaches of virtualization? 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 2

Review of Previous Lecture • What are the different approaches of virtualization? – Bear-metal Review of Previous Lecture • What are the different approaches of virtualization? – Bear-metal hypervisor, hosted hypervisor, container (Linux LXC, Samsung Knox) 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 3

Bare-Metal Hypervisor poor device support / sharing OS Kernel Hypervisor / VMM Hardware 3/7/14 Bare-Metal Hypervisor poor device support / sharing OS Kernel Hypervisor / VMM Hardware 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Jason Nieh et al. 4

Hosted Hypervisor poor device performance OS OS OS Hypervisor / VMM Host OS Kernel Hosted Hypervisor poor device performance OS OS OS Hypervisor / VMM Host OS Kernel kernel module emulated devices Hardware 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Jason Nieh et al. 5

Review of Previous Lecture (Cont’d) • What approach does Cell use? • What are Review of Previous Lecture (Cont’d) • What approach does Cell use? • What are the key design choices for Cell’s extremely low overhead? 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 6

Review of Previous Lecture (Cont’d) • Device namespace – It is designed to be Review of Previous Lecture (Cont’d) • Device namespace – It is designed to be used by individual device drivers or kernel subsystems to tag data structures and to register callback functions. Callback functions are called when a device namespace changes state. – Each VP uses a unique device namespace for device interaction. • Cells leverages its foreground-background VP usage model to register callback functions that are called when the VP changes between foreground and background state. 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 7

Device Namespaces safely, correctly multiplex access to devices VP 2 VP 3 • • Device Namespaces safely, correctly multiplex access to devices VP 2 VP 3 • • • Cellular Networks and Mobile Computing (COMS 6998 -10) • • • Android. . . RTC / Alarms Audio/Video Sensors Input Power Framebuffer Cell Radio Wi. Fi GPU device namespaces Linux Kernel 3/7/14 VP 1 Courtesy: Jason Nieh et al. 8

Review of Previous Lecture (Cont’d) • How to run i. OS applications on Android Review of Previous Lecture (Cont’d) • How to run i. OS applications on Android OS? 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 9

Cider Architecture • Interaction between app and OS is defined by kernel app binary Cider Architecture • Interaction between app and OS is defined by kernel app binary interface (ABI) – ABI includes: binary loader, async signal delivery, and syscall • Mach-O binary loader built into Linux kernel – Kernel tags current thread with i. OS persona • Persona is an execution mode (exec foreign or domestic code) assigned to each thread • Translation layer for async signal (illegal instruction, segmentation fault) delivery • Multiple syscall interface – Wrapper mapping arguments from XNU structures to Linux ones 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 10

Duct Tape • Mach IPC missing in Linux • Duct tape to the rescue Duct Tape • Mach IPC missing in Linux • Duct tape to the rescue – Direct compilation of unmodified foreign kernel source code into domestic kernel – Direct translates foreign Kernel API such as sync, memory allocation, processing control into domestic kernel API • Duct tape has three steps: – Create three distinct coding zones: foreign, domestic, duct tape • No cross access between foreign and domestic • Cross access between foreign (domestic) and duct tape – Identify foreign symbols conflicting with domestic code – Remap conflicting symbols to unique domestic ones • Duct tape advantages: easy to maintain and reusable 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 11

Duct Tape (Cont’d) • Cider uses duct tape to add three subsystems – pthread: Duct Tape (Cont’d) • Cider uses duct tape to add three subsystems – pthread: differ from Linux, use kernel-level support for mutexes, semaphores and condition variables – Mach IPC: direct compilation; rewrite recursive queuing structures – Apple’s I/O Kit device driver framework • Source code at: http: //www. opensource. apple. com/source/xnu 2050. 18. 24/iokit/ 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 12

Diplomatic Functions • Mobile apps often use closed proprietary hardware and software stacks – Diplomatic Functions • Mobile apps often use closed proprietary hardware and software stacks – Open. GL ES libraries directly communicate with GPU through proprietary software and hardware interfaces using device-specific ioctls (Android) or opaque IPC messages (i. OS) • How to direct access to proprietary hardware? • Diplomatic function temporarily switches the persona of a calling thread to exec domestic functions from within foreign app 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 13

Review of Previous Lecture (Cont’d) • What are the most expensive flash memory operations? Review of Previous Lecture (Cont’d) • What are the most expensive flash memory operations? – Random read – Random write – Sequential read 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 14

Random versus Sequential Disparity § Random write performance is orders of magnitude worse Speed Random versus Sequential Disparity § Random write performance is orders of magnitude worse Speed Class Cost US $ Seq Write Rand Write Transcend 2 26 4. 2 1. 18 Ri. Data 2 27 7. 9 0. 02 Sandisk 4 23 5. 5 0. 70 Kingston 4 25 4. 9 0. 01 Wintec 6 25 15. 0 0. 01 A-Data 6 30 10. 8 0. 01 Patriot 10 29 10. 5 0. 01 PNY 10 29 15. 3 0. 01 Performance MB/s • Performance for random I/O significantly worse than seq; inherent with flash storage • Mobile flash storage classified into speed classes based on sequential throughput Vendor (16 GB) Consumer-grade SD performance For several popular apps, substantial fraction of I/O is random writes (including web browsing!) 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Nitin Agrawal et al. 15

Syllabus • Mobile App Development (lecture 1, 2, 3) – Mobile operating systems: i. Syllabus • Mobile App Development (lecture 1, 2, 3) – Mobile operating systems: i. OS and Android – Development environments: Xcode, Eclipse with Android SDK – Programming: Objective-C android programming • System Support for Mobile App Optimization (lecture 4, 5) – Mobile device power models, energy profiling and ebug debugging – Core OS topics: virtualization, storage and OS support for power and context management • Interaction with Cellular Networks (lecture 6, 7, 8) – Basics of 3 G/LTE cellular networks – Mobile application cellular radio resource usage profiling – Measurement-based cellular network and traffic characterization • Interaction with the Cloud (lecture 9, 10) – Mobile cloud computing platform services: push notification, i. Cloud and Google Cloud Messaging – Mobile cloud computing architecture and programming models • Mobile Platform Security and Privacy (lecture 11, 12, 13) – Mobile platform security: malware detection and characterization, attacks and defenses – Mobile data and location privacy: attacks, monitoring tools and defenses 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 16

Outline Goal of this lecture: understand the basics of current networks and future directions Outline Goal of this lecture: understand the basics of current networks and future directions • Current Cellular Networks – – – Introduction Radio Aspects Architecture Power Management Security Qo. S • What Is Next? • A Clean-Slate Design: Software-Defined Cellular Networks • Conclusion and Future Work 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 17

Cellular Networks Impact our Lives More Mobile Connection More Infrastructure Deployment 1010100100001011001 010101001010100 10101010110100101010100101 Cellular Networks Impact our Lives More Mobile Connection More Infrastructure Deployment 1010100100001011001 010101001010100 10101010110100101010100101 More Mobile Users 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) More Mobile Information Sharing 18

Global Convergence • LTE is the major technology for future mobile broadband – Convergence Global Convergence • LTE is the major technology for future mobile broadband – Convergence of 3 GPP and 3 GPP 2 technology tracks – Convergence of FDD and TDD into a single technology track D-AMPS 3 GPP PDC GSM WCDMA HSPA TD-SCDMA IS-95 HSPA/TDD cdma 2000 EV-DO 3 GPP 2 IEEE Wi. MAX 3/7/14 LTE Cellular Networks and Mobile Computing (COMS 6998 -10) FDD and TDD ? 19

3 GPP introduction • 3 rd Generation Partnership Program – Established in 1998 to 3 GPP introduction • 3 rd Generation Partnership Program – Established in 1998 to define UMTS – Today also works on LTE and access-independent IMS – Still maintains GSM • 3 GPP standardizes systems – Architecture, protocols • Works in releases – All specifications are consistent within a release 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 20

3 GPP way of working Stage 1 Requirements • “It shall be possible to. 3 GPP way of working Stage 1 Requirements • “It shall be possible to. . . ” • “It shall support…” E. g. , 22 -series specs Stage 2 Architecture Stage 3 Protocols • Nodes, functions • Reference points • Procedures (no errors) E. g. , 23 -series specs • Message formats • Error cases E. g. , 29 -series specs Specification numbering example: 3 GPP TS 23. 401 V 11. 2. 0 Updated after a meeting TS=Technical Specification (normative) TR=Technical Report (info only) Release Spec. number • Consistent set of specs per releas • New release every 1 -2 years 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Zoltán Turányi 21

3 GPP specification groups 2 G 3/7/14 3 G/LTE System Cellular Networks and Mobile 3 GPP specification groups 2 G 3/7/14 3 G/LTE System Cellular Networks and Mobile Computing (COMS 6998 -10) Protocols 22

Starting points on 3 GPP specifications • http: //www. 3 gpp. org/specification-numbering – Pointers Starting points on 3 GPP specifications • http: //www. 3 gpp. org/specification-numbering – Pointers to the series of specifications – Architecture documents in 23 -series • Main architecture references – 23. 002 – Overall architecture reference – 23. 401 – Evolved Packet Core with LTE access, GTPbased core – 23. 060 – 2 G/3 G access, and integration to Evolved Packet Core – 23. 402 – Non-3 GPP access, and PMIP-based core 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Zoltán Turányi 23

Example A base station with 3 sectors (3 cells) Courtesy: Zoltán Turányi Example A base station with 3 sectors (3 cells) Courtesy: Zoltán Turányi

Key challenges • Large distances – Terminals do not see each other – Tight Key challenges • Large distances – Terminals do not see each other – Tight control of power and timing needed – Highly variable radio channel – quick adaptation needed • Many users in a cell – A UMTS cell can carry roughly 100 voice calls on 5 MHz – Resource sharing must be fine grained – but also flexible • Quality of Service with resource management – Voice – low delay, glitch-free handovers – Internet traffic – more, more • Battery consumption critical – Low energy states, wake-up procedures – Parsimonious signaling Courtesy: Zoltán Turányi

26 Radio basics 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 26 Radio basics 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10)

LTE air interface • The key improvement in LTE radio is the use of LTE air interface • The key improvement in LTE radio is the use of OFDM • Orthogonal Frequency Division Multiplexing – 2 D frame: frequency and time – Narrowband channels: equal fading in a channel • Allows simpler signal processing implementations – Sub-carriers remain orthogonal under multipath One resource block propagation One resource element y nc e qu fre 12 subcarriers during one slot (180 k. Hz × 0. 5 ms) 12 subcarriers Time domain structure Frame (10 ms) One OFDM symbol One slot 3/7/14 time Cellular Networks and Mobile Computing (COMS 6998 -10) Slot (0. 5 ms) Subframe (1 ms) 27

LTE air interface: Downlink 1 T T large compared to Orthogonal Frequency Division channel LTE air interface: Downlink 1 T T large compared to Orthogonal Frequency Division channel delay Multiple Access (OFDM) spread §Closely spaced sub-carriers without guard band § Each sub-carrier undergoes (narrow band) flat fading - Simplified receiver processing Frequency Narrow Band (~10 Khz) Wide Band (~ Mhz) § Frequency or multi-user diversity through coding or scheduling across sub-carriers § Dynamic power allocation across sub- carriers allows for interference mitigation Sub-carriers remain orthogonal under across cells multipath propagation § Orthogonal multiple access 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Harish Vishwanath 28

LTE air interface: Uplink User 1 § Users are carrier synchronized to the base LTE air interface: Uplink User 1 § Users are carrier synchronized to the base § Differential delay between User 2 users’ signals at the base need to be small compared W to symbol duration § Efficient use of spectrum by multiple users § Sub-carriers transmitted by different users are orthogonal at the receiver - No intra-cell interference User 3 § CDMA uplink is non-orthogonal since synchronization requirement is ~ 1/W and so difficult to achieve 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Harish Vishwanath 29

LTE air interface: Multiplexing Frequency Each color represents a user Each user is assigned LTE air interface: Multiplexing Frequency Each color represents a user Each user is assigned a frequency-time tile which consists of pilot sub-carriers and data sub-carriers Block hopping of each user’s tile for frequency diversity Time 3/7/14 Typical pilot ratio: 4. 8 % (1/21) for LTE for 1 Tx antenna and 9. 5% for 2 Tx antennas Pilot sub-carriers Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Harish Vishwanath 30

LTE Scheduling • Assign each Resource Block to one of the terminals – LTE LTE Scheduling • Assign each Resource Block to one of the terminals – LTE – channel-dependent scheduling in time and frequency domain – HSPA – scheduling in time-domain only Time-frequency fading, user #2 Time-frequency fading, user #1 User #1 scheduled User #2 scheduled 1 m s Tim e 3/7/14 ncy Freque z 180 k. H Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Zoltán Turányi 31

Architecture 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 32 Architecture 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 32

UMTS Architecture PS Core Network CS CN MSC Gi GGSN Gn/Gp SGSN Iu. CS UMTS Architecture PS Core Network CS CN MSC Gi GGSN Gn/Gp SGSN Iu. CS • First-hop router • GW towards external PDNs • VPN support over Gi • IP address management • Policy Control • Manage CN procedures • HSS connection (authenticator) • Idle mode state • Lawful Intercept • Bearer management Iu. PS RNC Iub Node. B • Real-time radio control • Radio Resource Management • Soft handover • UP Ciphering • Header Compression • L 1 • HSPA scheduling 3 G Radio Access Network • Why separate RAN and CN? – – Two CNs with same RAN Multiple RANs with same CN Modularization Independent scaling, deployment and vendor selection • Why two GSNs? – Roaming: traffic usually taken home – Independent scaling, deployment and vendor selection – User can connect to multiple PDNs GPRS – Generic Packet Radio Service GGSN – Gateway GPRS Support Node SGSN – Serving GPRS Support Node RNC – Radio Network Controller PDN – Packet Data Network CN – Core Network PS – Packet Switched CS – Circuit Switched MSC – Mobile Switching Center HSS – Home Subscriber Server

Drivers for change CS CN MSC Overhead of separate CS core PS Core Network Drivers for change CS CN MSC Overhead of separate CS core PS Core Network when bulk of Gi • First-hop router • GW towards external PDNs traffic is PS GGSN Gn/Gp SGSN Iu. CS • VPN support over Gi • IP address management • Policy Control • Manage CN procedures • HSS connection (authenticator) • Idle mode state • Lawful Intercept • Bearer management Too many specialized data plane nodes Iu. PS RNC Iub Node. B • Real-time radio control • Radio Resource Management • Soft handover • UP Ciphering • Header Compression Complex, realtime RAN • L 1 • HSPA scheduling Vendor lock-in due to 3 G Radio Access Network proprietary Iub features Courtesy: Zoltán Turányi

From 3 G to EPC/LTE architecture CS Only two data PS Core Network plane From 3 G to EPC/LTE architecture CS Only two data PS Core Network plane nodes in the Evolved Packet Core (EPC) typical case. SGi GGSN MSC Gi PDN GW SGW Gn/Gp p user Serving GW S 11 SGSN Iu. CS lane Packet Data Network GW Iu. PS RNC control plane Data plane/control plane split for better scalability. MME Mobility Management Entity PS only S 1 -UP S 1 -CP Iub Node. B 3 G Radio Access Network e. Node. B – Evolved Node B RNC functions moved down to base station LTE Radio Access Network Courtesy: Zoltán Turányi 35

Why separate SGW and PDN GW? Evolved Packet Core (EPC) SGi PDN GW Packet Why separate SGW and PDN GW? Evolved Packet Core (EPC) SGi PDN GW Packet Data Network GW S 5/S 8 SGW Serving GW S 11 MME S 1 -UP Mobility Management Entity S 1 -CP e. Node. B – Evolved Node B LTE Radio Access Network SGW and PDN GW separate in some special cases: • Roaming: • PDN GW in home network, • SGW in visited network • Mobility to another region in a large network • Corporate connectivity Courtesy: Zoltán Turányi 36

Interworking with 3 G SGi HSS PDN GW S 5 Gn SGW S 11 Interworking with 3 G SGi HSS PDN GW S 5 Gn SGW S 11 MME SGSN MSC Iu. CS Iu. PS S 1 -U S 1 -CP RNC Iub e. Node. B UE 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Node. B MSC – Mobile Switching Center Courtesy: Zoltán Turányi 37

Interworking with non-3 GPP accesses SGi HSS PDN GW S 5 S 2 Gn Interworking with non-3 GPP accesses SGi HSS PDN GW S 5 S 2 Gn SGW S 11 MME SGSN MSC Iu. CS Iu. PS Non-3 GPP Access (cdma 2000, Wi. Max, Wi. Fi) S 1 -U S 1 -CP Iub e. Node. B UE 3/7/14 RNC Cellular Networks and Mobile Computing (COMS 6998 -10) Node. B PMIP – Proxy Mobile IP Courtesy: Zoltán Turányi 38

Debate of 2006: GTP vs. PMIP SGi HSS PDN GW GTP? GTP S 5 Debate of 2006: GTP vs. PMIP SGi HSS PDN GW GTP? GTP S 5 S 2 PMIP Gn PMIP? SGW S 11 MME SGSN MSC Iu. CS Iu. PS Non-3 GPP Access (cdma 2000, Wi. Max, Wi. Fi) S 1 -U S 1 -CP GTP Iub e. Node. B UE 3/7/14 RNC Cellular Networks and Mobile Computing (COMS 6998 -10) Node. B • Conclusion: Specify both Courtesy: Zoltán Turányi 39

EPC + LTE: 23. 401 EPC + 2 G/3 G: 23. 060 SGi HSS EPC + LTE: 23. 401 EPC + 2 G/3 G: 23. 060 SGi HSS PDN GW GTP S 5 Gn GTP SGW S 11 MME SGSN MSC Iu. CS Iu. PS S 1 -U S 1 -CP RNC GTP Iub e. Node. B UE 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Zoltán Turányi 40

41 EPC + non-3 GPP: 23. 402 SGi HSS PDN GW S 5 S 41 EPC + non-3 GPP: 23. 402 SGi HSS PDN GW S 5 S 2 PMIP Non-3 GPP Access (cdma 2000, Wi. Max, Wi. Fi) PMIP SGW S 1 -U S 11 MME S 1 -CP GTP e. Node. B UE 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) EPC – Evolved Packet Core Courtesy: Zoltán Turányi

Access Procedure • Cell Search Base station – Base station broadcasts synchronization signals and Access Procedure • Cell Search Base station – Base station broadcasts synchronization signals and cell system information (similar to Wi. Fi) – UE obtains physical layer information • UE acquires frequency and synchronizes to a cell • Determine the start of the downlink frame • Determine the cell identity UE 1 UE 2 • Random access to establish a radio link 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 42

Random Access Client Base station Core network Step 1: random access request (pick one Random Access Client Base station Core network Step 1: random access request (pick one of 64 preambles) Step 2: random access response Adjust uplink timing Step 3: transmission of mobile ID Only if UE is not known in Base station Step 4: contention resolution msg If ID in msg matches UE ID, succeed. If collision, ID will not match! 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 43

Random Access (Cont’d) Why not carrier sensing like Wi. Fi? • Base station coverage Random Access (Cont’d) Why not carrier sensing like Wi. Fi? • Base station coverage is much larger than Wi. Fi AP Base station – UEs most likely cannot hear each other • How come base station can hear UEs’ transmissions? – Base station receivers are much more sensitive and expensive 3/7/14 UE 1 Cellular Networks and Mobile Computing (COMS 6998 -10) UE 2 44

Modes of operation 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 45 Modes of operation 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 45

Connected mode • • Used during communication Signaling connection exists between network and UE Connected mode • • Used during communication Signaling connection exists between network and UE Both CN and RAN keeps state about the UE UE location is tracked on a cell granularity – Needed to deliver the data • Network controlled mobility 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) SGW MME 46

Network controlled mobility SGW 5 MME • Procedure 1. 2. 3. 4. 5. • Network controlled mobility SGW 5 MME • Procedure 1. 2. 3. 4. 5. • UE measures nearby cells UE sends measurement reports to network Network decides on and controls handover Handover is prepared by network Handover executes 5 3. 4. 1. 5 1. 2. 1. 5 Reason: To allow the network to tune handovers 1. 2. 3. 4. 5. 6. Select proper target cell Network has additional information for handover decision Collect and analyze data for cell planning and troubleshooting Penalize ping-ponging UEs Penalize microcells for fast UEs Cell breathing Courtesy: Zoltán Turányi 47

Idle Mode • Used when the UE is not communicating • UE location is Idle Mode • Used when the UE is not communicating • UE location is tracked on a Tracking Area (TA) granularity – e. Node. Bs advertise their TA – UE periodically listens to advertisements (every few seconds) – UE sends Tracking Area Update (TAU) to MME, when TA changes – TAU also sent periodically (e. g. , once every 2 hours) • No e. Node. B state is kept for UE • When traffic arrives to the UE, the UE is paged 48

PAGING • UE periodically checks if data is available for it – Wakes up, PAGING • UE periodically checks if data is available for it – Wakes up, (re)selects cell, reads broadcast and the paging channel – Exact timing is pseudo-random per UE › If packet arrives to SGW… – …it buffers the packet – …and notifies MME. – MME sends a Paging Request to all e. Node. Bs in the TA of the UE – e. Node. Bs page the UE on its paging slot locally – UE responds with a Service Request… – …e. Node. B state is built up… – …and UE is moved to connected state. PDN GW SGW Courtesy: Zoltán Turányi MME UE 49

Idle mode issues • Idle mode is a great power-saving feature – A system-wide Idle mode issues • Idle mode is a great power-saving feature – A system-wide feature – Also saves a lot of RAN resources • Balancing of TA size is needed – Too large: many paging messages – Too small: many TAU messages from UE – Lot of optimizations: per-UE TA, overlapping TA, etc. • Connected Idle transitions are costly – Usually a timeout is used to go to idle • Not a good fit for chatty packet traffic • Easy to attack: an IP address range scan wakes up everyone – Key application design goal: reduce chattyness • The Phone OS also has responsibility – However, can be very effective when combined with DRX Cellular Networks and Mobile Computing (COMS 6998 -10) 50

LTE RRC State Machine • UE runs radio resource control (RRC) state machine • LTE RRC State Machine • UE runs radio resource control (RRC) state machine • Two states: IDLE, CONNECTED • Discontinuous reception (DRX): monitor one subframe per DRX cylce; receiver sleeps in other subframes 3/7/14 Courtesy: Morley Mao 51

UMTS RRC State Machine • State promotions have promotion delay • State demotions incur UMTS RRC State Machine • State promotions have promotion delay • State demotions incur tail times Tail Time Delay: 1. 5 s Delay: 2 s IDLE Channel Radio Power Not allocated Almost zero 3/7/14 Courtesy: Feng Qian Cellular Networks and Mobile Computing (COMS 6998 -10) Low CELL_DCH Tail Time CELL_FACH Shared, Low Speed High Dedicated, High Speed 52

Why Power Consumptions of RRC States so different? • IDLE: procedures based on reception Why Power Consumptions of RRC States so different? • IDLE: procedures based on reception rather than transmission – Reception of System Information messages – Reception of paging messages with a DRX cycle (may trigger RRC connection establishment) – Location and routing area updates (requires RRC connection establishment) • CONNECTED: need to continuously receive, and sent whenever there is data 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 53

Security 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 54 Security 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 54

The SIM card • Subscriber Identity Module – Usually embedded in a physical SIM The SIM card • Subscriber Identity Module – Usually embedded in a physical SIM card • Initially specified in 1990 for GSM (freeze date of TS 11. 11) • Carries subscriber credentials – IMSI: International Mobile Subscriber Identity – 14 -15 digits • MCC: Mobile Country Code – 3 digits • MNC: Mobile Network Code – 2 or 3 digits • Rest of the digits identify the subscriber – Keying material (essentially symmetric keys) • In the network HSS stores subscriber data – Including keying and phone number (MSISDN) • Enables roaming and phone replacement – Key features in GSM MSISDN – Mobile Subscriber ISDN Number 55

KEY hierarchy Au. C SGi HSS PDN GW S 5 AKA procedure SGW MME KEY hierarchy Au. C SGi HSS PDN GW S 5 AKA procedure SGW MME S 11 S 1 -U S 1 -CP e. Node. B UE USIM Au. C – Authentication Centre AKA – Authentication and Key Agreement CK: Encryption, IK: integrity Protection ASME: Access Security Management Entity NH – Next Hop Courtesy: Zoltán Turányi 56

Authentication at initial attach 57 Authentication at initial attach 57

handover • MME pre-calculates NH keys – From KASME and NCC – NCC: NH handover • MME pre-calculates NH keys – From KASME and NCC – NCC: NH Chaining Counter • • 3: Source e. Node. B sends {NH, NCC} to target e. Node. B Target e. NB uses NH for Ke. NB UE also calculates new Ke. NB 12: MME sends next {NH, NCC} to target e. NB

59 Qo. S architecture 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 59 59 Qo. S architecture 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 59

Bearers SGi • A bearer is a L 2 packet transmission channel – – Bearers SGi • A bearer is a L 2 packet transmission channel – – HSS PDN-GW S 5 …to a specific external Packet Data Network, …using a specific IP address/prefix, …carrying a specific set of IP flows (maybe all) …providing a specific Qo. S. SGW MME S 11 S 1 -U S 1 -CP e. Node. B • In 2 G/3 G also known as “PDP Context” • Bearer setup is explicitly signaled UE – In LTE one bearer is always set up at attachment See more in: 23. 107 Qo. S concept and architecture Cellular Networks and Mobile Computing (COMS 6998 -10) Courtesy: Zoltán Turányi 60

Traffic to the same external network Bearers IP microflows A set of IP microflows Traffic to the same external network Bearers IP microflows A set of IP microflows Traffic with the same IP address A set of or IPv 6 prefix IP microflows with the same Qo. S Service Data Flow External networks PDN 1 PDN connection Terminal APN traffic Service Data Flow dedicated bearer Service Data Flow PDN 2 APN 1 SGi default bearer All traffic of a UE SGi APN 2 PDN GW Dedicated bearer: bearer with special Qo. S Default bearer: rest of traffic with default Qo. S SGW MME e. Node. B UE Two default bearers to different APNs Courtesy: Zoltán Turányi PDN – Packet Data Network APN – Access Point Name 61

Why then no Qo. S today? (Apart from voice) • Terminal apps do not Why then no Qo. S today? (Apart from voice) • Terminal apps do not use Qo. S – Original IP socket API has minimal Qo. S features • No widespread Qo. S mechanism in fixed networks • Usually IP app developers do not care about network Qo. S – A number of Qo. S API failures • Conceptual difficulties – Qo. S must be authorized and charged • Qo. S can only be effectively decided in the face of its price – Complex Qo. S descriptors • Determining Qo. S parameters is challenging – E. g. , 10 -3 or 10 -4 bit error rate? – Yet not flexible enough to cater for e. g. , VBR video 62

#1: Simple parameters • QCI: Qo. S Class Indicator – Scalar value encompassing all #1: Simple parameters • QCI: Qo. S Class Indicator – Scalar value encompassing all packet treatment aspects – 9 mandatory, operators can define new • MBR: Max bitrate • GBR: Guaranteed bitrate – If nonzero, admission control is performed • ARP: Allocation and Retention Priority – priority (scalar): Governs priority at establishment and handover – pre-emption capability (flag): can this bearer pre-empt another? – pre-emption vulnerability (flag): can another bearer pre-empt this one? • AMBR: Aggregated Maximum bitrate – Both a per-terminal and per-APN value Source: 23. 401, 23. 203 GPRS Enhancements for E-UTRAN Policy and Charging Control Architecture 63

#2: Network initiated bearers • Allow a network application request Qo. S – Terminal #2: Network initiated bearers • Allow a network application request Qo. S – Terminal app can remain Qo. S un-aware – Network can fully control Qo. S provided & payment charged No Qo. S API 1. Session setup App LTE UE 3. Bearer setup App LTE + EPC 2. Request Qo. S Network • First specified in Release 7 for 3 G – Not all terminals support it • Mandatory mode in LTE Courtesy: Zoltán Turányi 64

Policy and Charging • Policy and Charging Rules Function – Decides on Qo. S Policy and Charging • Policy and Charging Rules Function – Decides on Qo. S and Charging – Controls gating – Service Policy Based on • Request • Subscription data – Makes no resource decisions App • Flow descriptor (5 -tuple) • Bandwidth • Application (voice/video/etc. ) Rx SGi PCRF PDN GW Gx • Flow descriptor (5 -tuple) • Qo. S descriptor • Charging rules • Gating (on/off) S 5 SGW MME S 11 S 1 -U S 1 -MME e. Node. B UE Courtesy: Zoltán Turányi 65

What Is Next? 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 66 What Is Next? 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 66

LTE Evolution • LTE-A – meeting and exceeding IMT-Advanced requirements – Carrier aggregation – LTE Evolution • LTE-A – meeting and exceeding IMT-Advanced requirements – Carrier aggregation – Enhanced multi-antenna support LTE-C – Relaying – Enhancements for heterogeneous deployments Rel-13 Rel-14 LTE-B Rel-12 LTE-A Rel-11 LTE 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) Rel-10 Rel-9 Rel-8 67

LTE Evolution • LTE-B – Work starting fall 2012 • Topics (speculative) – Device-to-device LTE Evolution • LTE-B – Work starting fall 2012 • Topics (speculative) – Device-to-device communication – Enhancements for machine-to-machine communication LTE-B – Green networking: reduce energy use LTE-A – And more… LTE 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) LTE-C Rel-14 Rel-13 Rel-12 Rel-11 Rel-10 Rel-9 Rel-8 68

Outline Goal of this lecture: understand the basics of current networks and future directions Outline Goal of this lecture: understand the basics of current networks and future directions • Current Cellular Networks • What Is Next? • A Clean-Slate Design: Software-Defined Cellular Networks – Radio Access Networks – Core Networks – Wide Access Networks • Conclusion and Future Work 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 69

A Clean-Slate Design: Software-Defined Radio Access Networks 3/7/14 Cellular Networks and Mobile Computing (COMS A Clean-Slate Design: Software-Defined Radio Access Networks 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 70

Carrier’s Dilemma Exponential Traffic Growth Limited Capacity Gain 8 7 6 5 Shannon (3 Carrier’s Dilemma Exponential Traffic Growth Limited Capacity Gain 8 7 6 5 Shannon (3 d. B) 4 3 4 G 2 1 -15 -12. 5 -10 -5 -2. 5 0 2. 5 5 7. 5 10 12. 5 15 17. 5 20 0 • Poor wireless connectivity if left unaddressed 71

LTE Radio Access Networks • Goal: high capacity wide-area wireless network – Dense deployment LTE Radio Access Networks • Goal: high capacity wide-area wireless network – Dense deployment of small cells Base Station (BS) Serving Gateway Packet Data Network Gateway User Equipment (UE) Serving Gateway access core Internet 72

Dense and Chaotic Deployments • Dense: high SNR per user leads to higher capacity Dense and Chaotic Deployments • Dense: high SNR per user leads to higher capacity o Small cells, femto cells, repeaters, etc 73

Problems • Current LTE distributed control plane is ill-suited o Hard to manage inter-cell Problems • Current LTE distributed control plane is ill-suited o Hard to manage inter-cell interference • o Hard to optimize for variable load of cells Dense deployment is costly o Need to share cost among operators o Maintain direct control of radio resources o Lacking in current 3 gpp RAN sharing standards 74

Soft. RAN: Big Base Station Abstraction Big Base Station Radio Element 1 time controller Soft. RAN: Big Base Station Abstraction Big Base Station Radio Element 1 time controller frequency Radio Element 2 time Radio Element 3 frequency fre qu en io cy rad ent m ele frequency 75

Radio Resource Allocation 3 D Resource Grid time Flows fre qu en cy io Radio Resource Allocation 3 D Resource Grid time Flows fre qu en cy io rad t en m ele 76

Soft. RAN: SDN Approach to RAN Coordination : X 2 Interface Control Algo PHY Soft. RAN: SDN Approach to RAN Coordination : X 2 Interface Control Algo PHY & MAC BS 1 Control Algo PHY & MAC BS 3 Control Algo PHY & MAC BS 2 Control Algo PHY & MAC BS 4 BS 5 77

Soft. RAN: SDN Approach to RAN Control Algo Operator Inputs Network OS Radio. Visor Soft. RAN: SDN Approach to RAN Control Algo Operator Inputs Network OS Radio. Visor PHY & MAC RE 3 RE 1 PHY & MAC Radio Element (RE) RE 2 RE 5 PHY & MAC RE 4 78

Soft. RAN Architecture Summary CONTROLLER RAN Information Base Periodic Updates Controller API • • Soft. RAN Architecture Summary CONTROLLER RAN Information Base Periodic Updates Controller API • • • RADIO ELEMENTS Interference Map Bytes Rate Queue Size Flow Records Network Operator Inputs Qo. S Constraints Radio Element API Radio Element 3 D Resource Grid e Tim POWER FLOW Radio Resource Management Algorithm Frequency 79

Soft. RAN Architecture: Updates • Radio element -> controller (updates) – Flow information (downlink Soft. RAN Architecture: Updates • Radio element -> controller (updates) – Flow information (downlink and uplink) – Channel states (observed by clients) • Network operator -> controller (inputs) – Qo. S requirements – Flow preferences 80

Soft. RAN Architecture: Controller Design • RAN information base (RIB) – Update and maintain Soft. RAN Architecture: Controller Design • RAN information base (RIB) – Update and maintain global network view • Interference map • Flow records • Radio resource management – Given global network view: maximize global utility – Determine RRM at each radio element 81

Soft. RAN Architecture: Radio Element API • Controller -> radio element – Handovers to Soft. RAN Architecture: Radio Element API • Controller -> radio element – Handovers to be performed – RF configuration per resource block • Power allocation and flow allocation – Relevant information about neighboring radio elements • Transmit Power being used 82

Refactoring Control Plane • Controller responsibilities: - Decisions influencing global network state • Load Refactoring Control Plane • Controller responsibilities: - Decisions influencing global network state • Load balancing • Interference management • Radio element responsibilities: - Decisions based on frequently varying local network state • Flow allocation based on channel states 83

Soft. RAN Advantages • Logically centralized control plane: – Global view on interference and Soft. RAN Advantages • Logically centralized control plane: – Global view on interference and load • Easier coordination of radio resource management • Efficient use of wireless resources – Plug-and-play control algorithms • Simplified network management – Smoother handovers • Better user-experience 84

Soft. RAN: Evolving the RAN • Switching off radio elements based on load – Soft. RAN: Evolving the RAN • Switching off radio elements based on load – Energy savings • Dynamically splitting the network into Big-BSs – Handover radio elements between Big-BSs 85

Implementation: Modifications • Soft. RAN is incrementally deployable with current infrastructure – No modification Implementation: Modifications • Soft. RAN is incrementally deployable with current infrastructure – No modification needed on client-side – API definitions at base station • Femto API : Standardized interface between scheduler and L 1 (http: //www. smallcellforum. org/resourcestechnical-papers) • Minimal modifications to Femto. API required 86

Radio. Visor Design • Slice manager o Traffic to Slice Mapping 3 D Resource Radio. Visor Design • Slice manager o Traffic to Slice Mapping 3 D Resource Grid Allocation & Isolation Radio. Visor • Slice Manager • Slice configuration, creation, modification, deletion and multi-slice operations Traffic to slice mapping at Radio. Visor and radio elements 3 D resource grid allocation and isolation o Considers traffic demand, interference graph and policy 87

Slice Manager • • • Slice definition o Predicates on operator, device, subscriber, app Slice Manager • • • Slice definition o Predicates on operator, device, subscriber, app attributes o A slice can be all M 2 M traffic of operator 1 Slice configuration at data plane and control plane o PHY and scheduler: narrow band PHY for M 2 M slice o Interference management algorithm Slice algebra to support flexible slice operations o Slice merge, split, (un)nest, duplicate 88

 • • Slices present resource demands every time window Max min fair allocation • • Slices present resource demands every time window Max min fair allocation Example o Red slice entitles 2/3 and demands 2/3 RE 1 only o Blue slice entitles 1/3 and demand 1/3 RE 2 and 1 RE 3 Interference Edge Radio Element 1 Radio Element 2 Element 3 Frequency • Resource Grid Allocation and Isolation Tim en e io d Ra m Ele 89 t

Conclusion • • • Dense deployment calls for central control of radio resources Deployment Conclusion • • • Dense deployment calls for central control of radio resources Deployment costs motivate RAN Sharing We present the design of Radio. Visor o Enables direct control of per slice radio resources o Configures per slice PHY and MAC, and interference management algorithm o Supports flexible slice definitions and operations

A Clean-Slate Design: Software-Defined Cellular Core Networks 3/7/14 Cellular Networks and Mobile Computing (COMS A Clean-Slate Design: Software-Defined Cellular Core Networks 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 91

Cellular Core Network Architecture Base Station (BS) Serving Gateway Packet Data Network Gateway User Cellular Core Network Architecture Base Station (BS) Serving Gateway Packet Data Network Gateway User Equipment (UE) Serving Gateway access core Internet 92

Soft. Cell Overview Simple hardware + Soft. Cell software Controller Interne t 93 Soft. Cell Overview Simple hardware + Soft. Cell software Controller Interne t 93

Soft. Cell Design Goal Fine-grained service policy for diverse app needs » » Video Soft. Cell Design Goal Fine-grained service policy for diverse app needs » » Video transcoder, content filtering, firewall M 2 M services: fleet tracking, low latency medical device updates with diverse needs! 94

Characteristics of Cellular Core Networks 1. “North south” traffic pattern 2. Asymmetric edge 3. Characteristics of Cellular Core Networks 1. “North south” traffic pattern 2. Asymmetric edge 3. Traffic initiated from low-bandwidth access edge Gateway Edge Internet ~1 million Users ~10 million flows ~400 Gbps – 2 Tbps Access Edge ~1 K Users ~10 K flows ~1 – 10 Gbps 95

Challenge: Scalability Packet classification: decide which service policy to be applied to a flow Challenge: Scalability Packet classification: decide which service policy to be applied to a flow » How to classify millions of flows per second? Traffic steering: generate switch rules to implement policy paths, e. g. traversing a sequence of middleboxes » How to implement million of paths? • Limited switch flow tables: ~1 K – 4 K TCAM, ~16 K – 64 K L 2/Ethernet Network dynamics: setup policy paths for new users and new flow? 96

Soft. Cell: Design-in-the-Large Controller 1. Scalable system design » » Classifying flows at access Soft. Cell: Design-in-the-Large Controller 1. Scalable system design » » Classifying flows at access edge Offloading controller tasks to switch local agent 2. Intelligent algorithms » » LA LA Gateway Edge LA Enforcing policy LA consistency under mobility Multi-dimension Access Edge aggregation to reduce ~1 K Users ~10 K flows switch rule entries ~1 million Users ~10 million flows ~up to 2 Tbps ~1 – 10 Gbps 97

Multi-Dimensional Aggregation Use multi-dimensional tags rather than flat tags Policy Tag Aggregate flows that Multi-Dimensional Aggregation Use multi-dimensional tags rather than flat tags Policy Tag Aggregate flows that share a common policy (even across Users and BSs) BS ID Aggregate flows going to the same (group of) base stations User ID Aggregate flows going to the same Users. Exploit locality in network topology and traffic pattern Selectively match on one or multiple dimensions » Supported by the multiple tables in today’s switch chipset 98

Conclusion and Future Work • Soft. Cell uses commodity switches and middelboxes to build Conclusion and Future Work • Soft. Cell uses commodity switches and middelboxes to build flexible and cost-effective cellular core networks • Soft. Cell cleanly separates fine-grained service policies from traffic management policies • Soft. Cell achieves scalability with Data Plane Control Plane Asymmetric Edge Design Multi-dimensional Aggregation Hierarchical Controller Design • Deploy Soft. Cell in real test bed • Exploit multi-stage tables in modern switches – Reduce m×n rules to m+n rules 99

A Clean-Slate Design: Software-Defined WAN 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) A Clean-Slate Design: Software-Defined WAN 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 100

Current Mobile WANs • Organized into rigid and very large regions • Minimal interactions Current Mobile WANs • Organized into rigid and very large regions • Minimal interactions among regions • Centralized policy enforcement at PGWs Two Regions 101

Mobile WANs Problems • Suboptimal routing in large carriers – Lack of sufficiently close Mobile WANs Problems • Suboptimal routing in large carriers – Lack of sufficiently close PGW is a major cause of path inflation • Lack of support for seamless inter-region mobility – Users crossing regions experience service interruption • Scalability and reliability – The sheer amount of traffic and centralized policy enforcement • Ill-suited to adapt to the rise of new applications – E. g. , machine-to-machine – All users’ outgoing traffic traverses a PGW to the Internet, even for reaching a user served by a close 102

Soft. Mo. W Motivation Question: How to make the packet core scalable, simple, and Soft. Mo. W Motivation Question: How to make the packet core scalable, simple, and flexible for tens of thousands of base stations and millions of mobile users? • Mobile networks should have fully connected core topology, small logical regions, and more egress points • Operators should leverage SDN to manage the whole network with a logically-centralized controller: – Directs traffic through efficient network paths that might cross region boundaries – Handles high amount of intra-region signaling load from mobile users – Supports seamless inter-region mobility and optimizes its performance – Performs network-wide application-based such as region optimization 103

Soft. Mo. W Solution • Hierarchically builds up a network-wide control plane – Lies Soft. Mo. W Solution • Hierarchically builds up a network-wide control plane – Lies in the family of recursive SDN designs (e. g. XBAR, ONS’ 13) • In each level, abstracts both control and data planes and exposes a set of “dynamically-defined” logical components to the control plane of the level above. – Virtual Base stations (VBS), Gigantic Switches (GS), and Virtual Middleboxes (VMB) Union of Coverage Latency Matrix VBS GS Core Net Sum of capacities VMB Radio Net Policy 104

Soft. Mo. W Solution • New Dynamic Feature: In each level, the control logic Soft. Mo. W Solution • New Dynamic Feature: In each level, the control logic can modify its logical components for optimization purposes – E. g. , merge/spilt and move operations Merge/Split Move and Split 105

First Level-Soft. Mo. W Architecture • Replace inflexible and expensive hardware devices (i. e. First Level-Soft. Mo. W Architecture • Replace inflexible and expensive hardware devices (i. e. , PGW, SGW) with SDN switches • Perform distributed policy enforcement using middle-box instances • Partition the network into independent and dynamic logical regions • A child controller manages the data plane of each regions Bootstrapping phase: based on location and processing capabilities of child controllers 106

Second Level-Soft. Mo. W Architecture • A parent runs a global link discovery protocol Second Level-Soft. Mo. W Architecture • A parent runs a global link discovery protocol – Inter-region links are not detected by BDDP and LLDP • A parent participates in the inter-domain routing protocol • A parent builds virtual middlebox chains and egresspoint policies, and dictates to GSs 107

Hierarchical Traffic Engineering • A parent pushes a global label into each traffic group Hierarchical Traffic Engineering • A parent pushes a global label into each traffic group • Child controllers perform label swapping o Ingress point: pop the global label and push some local labels for intraregion paths o Egress point: pop the local labels and push back the global label Push W Pop W 2 Push W Pop W 1 Web Voice GS Rules Latency (P 1, E 2)=300 Latency (P 1, E 4)=100 Push W Pop W Push W 1 Pop W Push W 2 108

Time-of-day Handover Optimization Q: How can an operator reduce inter-region handovers in peak hours? Time-of-day Handover Optimization Q: How can an operator reduce inter-region handovers in peak hours? Abstraction update coordination Handover graph GS Rule: Move Border VBS 1 109

Conclusion Soft. Mo. W: • Brings both simplicity and scalability to the control plane Conclusion Soft. Mo. W: • Brings both simplicity and scalability to the control plane of very large cellular networks – decouples control and data planes at multiple levels ( focused only on two levels here) • Makes the deployment and design of networkwide applications feasible – E. g. , seamless inter-region mobility, time-of-day handover optimization, region optimization, and traffic engineering 110

Summary • Mobile computing depends on cellular networks • Cellular network performance still far Summary • Mobile computing depends on cellular networks • Cellular network performance still far from meeting demands of mobile computing • Cellular network architecture is evolving to meet demands of mobile computing – SDN and NFV • AT&T’s domain 2. 0 3/7/14 Cellular Networks and Mobile Computing (COMS 6998 -10) 111