1991 in Finland.

Name of technologies for 2G, 3G, and 4G are as follows:

2G – GSM or CDMA
4G – LTE

A cellular network or mobile network is a communication network where the link to and from end
nodes is wireless
What is difference between WiFi and cellular Data?
 WiFi lets you connect to the internet via your router, 
 Cellular data lets you connect to the internet via your cell phone signal. 

What is GSM based technology?

GSM stands for Global System for Mobile Communication.
It is a digital cellular technology used for transmitting mobile voice and data services

During a GSM call, speech is converted from analogue sound waves to digital data by
the phone itself, and transmitted through the mobile phone network by digital means.

Is 2G same as GSM?
2G is basically just a fancy name for the original 1st generation GSM technology.
GSM technology enabled many networks to provide services like text messages, picture
messages and MMS.

MMS stands for 'multimedia messaging service', 

2G technologies enabled the various networks to provide services such as text messages,
picture messages, and MMS (multimedia messages).

What is meant by multimedia message?

Multimedia Messaging Service (MMS) is a standard way to send messages that include
multimedia content to and from a mobile phone over a cellular network.

Networking standards define the rules for

data communications that are needed for
interoperability of networking technologies
and processes
The three main 2G technology
standards are Global System for Mobile
Communications (GSM), which is based on
European Telecommunications Standards Institute (ETSI) standards, time division multiple
access (TDMA) IS-136 and code division multiple access (CDMA). 
What is air interface name in CDMA GSM?
Also called a "radio interface," the air interface defines the frequency, channel
bandwidth and modulation scheme.

For example, TDMA and CDMA modulation are used in GSM and CDMA cellular
networks respectively

The difference between TDMA and CDMA is that TDMA stands for “Time Division Multiple-
Access” which means this technique has the ability to trim down the timeline into several
smaller channels whereas CDMA stands for “Code Division Multiple-Access” which implies that
this technique allows multiplexing into a single
The MSC is stationed between the base station and the Public Switched Telephone
Network (PTSN). All mobile communications are routed from the base station through the MSC.
The MSC is responsible for handling voice calls and SMS including other services like FAX.

Network Switching Subsystem (NSS)

The GSM system architecture contains a variety of different elements, and is often termed the core
network. It is essentially a data network with a various entities that provide the main control and
interfacing for the whole mobile network. The major elements within the core network include:

 Mobile Services Switching Centre (MSC):   The main element within the core network area of
the overall GSM network architecture is the Mobile switching Services Centre (MSC).
And provides l functionality to enable the requirements of a mobile user to be supported.
These include
registration,
authentication,
call location,
inter-MSC handovers and
call routing to a mobile subscriber.
It also provides an interface to the PSTN so that the mobile communications calls can be routed
from the mobile network to a phone connected to a landline.
 Interfaces to other MSCs are provided to enable calls to be made to mobiles on different
networks.
Also connected to other MSC and MSC’s VLN

 Home Location Register (HLR):   This database contains all the administrative information
about each subscriber along with their last known location. In this way, the GSM network is able
to route calls to the relevant base station for the MS. When a user switches on their phone, the
phone registers with the network and from this it is possible to determine which BTS it
communicates with so that incoming calls can be routed appropriately. Even when the phone is
not active (but switched on) it re-registers periodically to ensure that the network (HLR) is aware
of its latest position. There is one HLR per network, although it may be distributed across various
sub-centres to for operational reasons.
 Visitor Location Register (VLR):  

A visitor location register (VLR) is a server in a cellular network that supports roaming
functions for users outside the coverage area of their own HLR.

 This contains selected information from the HLR that enables the selected services for the
individual subscriber to be provided. The VLR can be implemented as a separate entity, but it is
 commonly realised as an integral part of the MSC, rather than a separate entity. In this way
access is made faster and more convenient.

 Equipment Identity Register (EIR):   

The Equipment Identity Register (EIR) is a database that contains a record of the all the
mobile stations (MS)that are allowed in a network as well as an database of all equipment
that is banned, e.g. because it is lost or stolen.

 The EIR is the entity that decides whether a given mobile equipment may be allowed onto the
network. Each mobile equipment has a number known as the International Mobile Equipment
Identity. This number, as mentioned above, is installed in the equipment and is checked by the
network during registration. Dependent upon the information held in the EIR, the mobile may be
allocated one of three states - allowed onto the network, barred access, or monitored in case its
problems.
 Authentication Centre (AuC):   The AuC is a protected database that contains the secret key
also contained in the user's SIM card. It is used for authentication and for ciphering on the radio
channel.
 Gateway Mobile Switching Centre (GMSC):   The GMSC is the point to which a ME terminating
call is initially routed, without any knowledge of the MS's location. The GMSC is thus in charge of
obtaining the MSRN (Mobile Station Roaming Number) from the HLR based on the MSISDN
(Mobile Station ISDN number, the "directory number" of a MS) and routing the call to the correct
visited MSC. The "MSC" part of the term GMSC is misleading, since the gateway operation does
not require any linking to an MSC.
 SMS Gateway (SMS-G):   The SMS-G or SMS gateway is the term that is used to collectively
describe the two Short Message Services Gateways defined in the GSM standards. The two
gateways handle messages directed in different directions. The SMS-GMSC (Short Message
Service Gateway Mobile Switching Centre) is for short messages being sent to an ME. The SMS-
IWMSC (Short Message Service Inter-Working Mobile Switching Centre) is used for short
messages originated with a mobile on that network. The SMS-GMSC role is similar to that of the
GMSC, whereas the SMS-IWMSC provides a fixed access point to the Short Message Service
Centre.
These entities were the main ones used within the GSM network. They were typically co-located, but
often the overall core network was distributed around the country where the network was located.
This gave some resilience in case of failure.

Although the GSM system was essential a voice system, the core network was a data network as all
signals were handled digitally.

Base Station Subsystem (BSS)

The Base Station Subsystem (BSS) section of the 2G GSM network architecture that is
fundamentally associated with communicating with the mobiles on the network.

It consists of two elements:

 Base Transceiver Station (BTS):   The BTS used in a GSM network comprises the radio
transmitter receivers, and their associated antennas that transmit and receive to directly
communicate with the mobiles. The BTS is the defining element for each cell. The BTS
 communicates with the mobiles and the interface between the two is known as the Um interface
with its associated protocols.
 Base Station Controller (BSC):   The BSC forms the next stage back into the GSM network. It
controls a group of BTSs, and is often co-located with one of the BTSs in its group. It manages
the radio resources and controls items such as handover within the group of BTSs, allocates
channels and the like. It communicates with the BTSs over what is termed the Abis interface.
The base station subsystem element of the GSM network utilised the radio access technology to
enable a number of users to access the system concurrently. Each channel supported up to eight
users and by enabling a base station to have several channels, a large number of subscribers could
be accommodated by each base station.

Base stations are carefully located by the network provider to enable complete coverage of an area.
The area being covered bay a base station often being referred to as a cell.

As it is not possible to prevent overlap of the signals into the adjacent cells, channels used in one
cell are not used in the next. In this way interference which would reduce call quality is reduced
whilst still maintaining sufficient frequency re-use.

It is important to have the different BTSs linked with the BSS and the BSSs linked back to the core
network.

A variety of technologies were used to achieve this. As data rates used within he GSM network were
relatively low, E1 or T1 lines were often used, especially for linking the BSS back to the core
network.

As more data was required with increasing usage of the GSM network, and also as other cellular
technologies like 3G became more widespread, many links used carrier grade Ethernet.

Often remote BTSs were linked using small microwave links as this could reduce the need for the
installation of specific lines if none were available. As base stations often needed to be located to
provide good coverage rather than in areas where lines could be installed, the microwave link option
provided an attractive method for providing a data link for the network.

Mobile station
Mobile stations (MS), mobile equipment (ME) or as they are most widely known, cell or mobile
phones are the section of a GSM mobile communications network that the user sees and operates.
In recent years their size has fallen dramatically while the level of functionality has greatly increased.
A further advantage is that the time between charges has significantly increased.

There are a number of elements to the cell phone, although the two main elements are the main
hardware and the SIM.

The hardware itself contains the main elements of the mobile phone including the display, case,
battery, and the electronics used to generate the signal, and process the data receiver and to be
transmitted.

The mobile station, or ME also contains a number known as the International Mobile Equipment
Identity (IMEI). This is installed in the phone at manufacture and "cannot" be changed. It is accessed
by the network during registration to check whether the equipment has been reported as stolen.

The SIM or Subscriber Identity Module contains the information that provides the identity of the user
to the network. It contains are variety of information including a number known as the International
Mobile Subscriber Identity (IMSI). As this is included in the SIM, and it means that by moving the
SIM card from one mobile to another, the user could easily change mobiles. The ease of changing
mobiles whilst keeping the same number meant that people would regularly upgrade, thereby
creating a further revenue stream for network providers and helping to increase the overall financial
success of GSM.

Operation and Support Subsystem (OSS)

The OSS or operation support subsystem is an element within the overall GSM mobile
communications network architecture that is connected to components of the NSS and the BSC. It is
used to control and monitor the overall GSM network and it is also used to control the traffic load of
the BSS. It must be noted that as the number of BS increases with the scaling of the subscriber
population some of the maintenance tasks are transferred to the BTS, allowing savings in the cost of
ownership of the system.

The 2G GSM network architecture follows a logical method of operation. It is far simpler than current
mobile phone network architectures which use software defined entities to enable very flexible
operation. However the 2G GSM architecture does show the voice and operational basic functions
that are needed and how they fit together. As the GSM system was all digital, the network was a
data network.

PREVIOUS PAGE 

2G Call Flow

Basic Call Flow For Same Operator

1) Subscriber A dials Subscriber B

2) MSC1 receives B number and SRI is sent to MNP server instead of HLR as in case of traditional call
flow.

3) MNP checks its database and founds that this is own subscriber and relays that SRI to HLR.

4) HLR on receiving SRI check the VLR address of subscriber and send PRN to MSC2.
5) In response to PRN MSC2 returns with MSRN.

6) HLR forward that MSRN number to MSC1 in SRI Response Message

7) MSRN is now dialled out from MSC1 to MSC2 to establish the voice path between two MSCs

https://www.slideshare.net/Avanitrambadiya/gsm-
technology-38907508
Mobile Station-MS
ME
ME is used by subscriber to access the network

ME has an identity number associated with it

The subscriber equipment is identified by an Identity number called the International Mobile Equipment
Identity (IMEI)

It could be used to track stolen phones, and to lock them out from networks

SIM
This smart electronic card identifies the MS subscriber

also provides other information regarding the service that subscriber should receive.

The subscriber is identified by an identity number called the International Mobile Subscriber
Identity (IMSI).

GSM can route calls and perform billing based on the identity of the ‘subscriber’ rather than the
equipment or its location.

The SIM contains several pieces of information:

International Mobile Subscriber Identity (IMSI)l: Roaming possible due to IMSI

IMSI = MCC+ MNC+NMSI = Mobile country Code +Mobile Network code + Mobile subscriber
identification Number

Temporary Mobile Subscriber Identity (TMSI): Assign by VLR and stored in VLR

Location Area Identity (LAI) continuously update: Identifies the current location of the subscriber

Subscriber Authentication Key (Ki): This is used to authenticate the SIM card
Mobile Station International Services Digital Network (MSISDN)

MSISDN = CC+ NDC+SN

NDC: National destination code

SN: Subscriber Number(variable)

Network Identities
MSRN IMEI IMSI TMSI MSISDN

Base Station Sub-System (BSS)

The BSS consists of three major hardware components:

1) BTS 2) BSC 3) XCDR

The Base Transceiver Station – BTS

The BTS contains the RF components that provide the air interface for a particular cell.

BTS communicates with the MS.

The Base Station Controller – BSC

BSC communicates directly with the MSC.

The BSC may control single or multiple BTSs.

Network Switching System-NSS
The Network Switching System includes the main switching functions of the GSM network. It also
contains the databases required for subscriber data and mobility management. Its main function is to
manage communications between the GSM network and other telecommunications networks

The components of the Network Switching System are listed below:

Mobile Services Switching Centre – MSC
Home Location Register – HLR
Visitor Location Register – VLR
Equipment Identity Register – EIR
Authentication Centre – AUC
InterWorking Function – IWF
Echo Canceller – EC

MSC
The MSC is included in the GSM system for call-switching.

The MSC will carry out several different functions depending upon its position in the network.

When the MSC provides the interface between the PSTN and the BSSs in the GSM network it will be
known as a Gateway MSC.

The functions carried out by the MSC are listed below:

Call Processing
Includes control of data/voice call setup, inter-BSS and inter-MSC handovers and
control of mobility management (subscriber validation and location).
Operations and Maintenance Support
Includes database management, traffic metering and measurement, and a man–machine interface.
Internetwork Interworking
Manages the interface between the GSM network and the PSTN.
Billing
Collects call billing data.

Home Location Register (HLR)

The HLR database contains the master database of all the subscribers to a GSM PLMN.

The data it contains is remotely accessed by all the MSCs and the VLRs in the network and, although
the network may contain more than one HLR, there is only one database record per subscriber - each
HLR is therefore handling a portion of the total subscriber database.

The subscriber data may be accessed by either the IMSI or the MSISDN number.
The data can also be accessed by an MSC or a VLR in a different PLMN, to allow inter-system and
inter-country roaming.

contains all the administrative information about each subscriber along with their last known location.
In this way, the GSM network is able to route calls to the relevant base station for the MS.

Visitor Location Register (VLR)

The VLR contains a copy of most of the data stored at the HLR.

It is, however, temporary data which exists for only as long as the subscriber is “active” in the particular
area covered by the VLR.

The VLR database will therefore contain some duplicate data as well as more precise data relevant to the
subscriber remaining within the VLR coverage.

The additional data stored in the VLR is listed below:

Mobile status (busy/free/no answer etc.).
Location Area Identity (LAI).
Temporary Mobile Subscriber Identity (TMSI).
Mobile Station Roaming Number (MSRN).

Equipment Identity Register (EIR)

The EIR contains a centralized database for validating the International Mobile Equipment Identity (IMEI).
This database is concerned solely with MS equipment and not with the subscriber who is
using it to make or receive a call.
The EIR database consists of lists of IMEIs (or ranges of IMEIs) organized as follows:
White List
Contains those IMEIs which are known to have been assigned to valid MS
equipment.
Black List
Contains IMEIs of MS which have been reported stolen or which are to be denied
service for some other reason.
Grey List
Contains IMEIs of MS which have problems (for example, faulty software). These
are not, however, sufficiently significant to warrant a ‘‘black listing”.
The EIR database is remotely accessed by the MSCs in the network and can also be
accessed by an MSC in a different PLMN
AUC
To discuss the authentication process we will assume that the VLR has all the
information required to perform that authentication process (Kc, SRES and RAND). If
this information is unavailable, then the VLR would request it from the HLR/AUC.
1. Triples (Kc, SRES and RAND) are stored at the VLR.
2. The VLR sends RAND via the MSC and BSS, to the MS (unencrypted).
3. The MS, using the A3 and A8 algorithms and the parameter Ki stored on the MS
SIM card, together with the received RAND from the VLR, calculates the values of SRES and Kc.
4. The MS sends SRES unencrypted to the VLR
5. Within the VLR the value of SRES is compared with the SRES received from the
mobile. If the two values match, then the authentication is successful.
6. If cyphering is to be used, Kc from the assigned triple is passed to the BTS.
7. The mobile calculates Kc from the RAND and A8 and Ki on the SIM.
The first time a subscriber attempts to make a call, the full authentication process takes
place.
However, for subsequent calls attempted within a given system control time period, or
within a single system provider’s network, authentication may not be necessary, as the
data generated during the first authentication will still be available.
GSM Control Channel Groups
BCCH Group
CCCH Group
DCCH Group

Sub-Channel MOC
CCCH
Common Control Channel-CCCH is responsible for transferring control information Between all mobiles
and the BTS. This is necessary for the implementation of “call origination” and “call paging” functions. The
CCCH Group works in both uplink and downlink directions.

It consists of the following:

Random Access Channel (RACH) is used by MSs to gain access to the system. Used by the
mobile when it requires to gain access to the system. This occurs when the mobile initiates a call
or responds to a page.

Paging Channel (PCH) and Access Granted Channel (AGCH) operate in the “downlink” direction.
The PCH is used by the system to call a MS. Used by the BTS to page MS, (paging can be
performed by an IMSI, TMSI or IMEI)

The AGCH is used to assign resources to the MS, such as a Stand-alone Dedicated Control
Channel (SDCCH). AGCH Used by the BTS to assign a dedicated control channel to a MS in
response to an access message received on the Random-Access Channel. The MS will move to
the dedicated channel in order to proceed with either a call setup, response to a
paging message, Location Area Update or Short Message Service.
 DCCH

Dedicated Control Channels are assigned to a single MS for call setup and subscriber validation.
The DCCH is a single timeslot on an RF carrier which is used to convey eight Stand-alone
Dedicated Control Channels (SDCCH).

A SDCCH is used by a single MS for call setup, authentication, location updating and SMS point
to point. As we will see later, SDCCH can also be found on a BCCH/CCCH timeslot, this
configuration only allows four SDCCHs.

DCCH comprises:

Stand-alone Dedicated Control Channel (SDCCH) which supports the transfer of Data to and
from the MS during call setup and validation.

SACCH operate in uplink and downlink directions. Slow Associated Control Channel (SACCH)
Conveys power control and timing information in the downlink direction (towards the MS) and
Receive
Paging Request type1
the goal is to page mobiles…
type 1/2/3 depends on the type of pagings generated by the MSC : IMSI Paging or TMSI
paging.
if the MSC generates 4 TMSI pagings, then the paging request will be type 3 (4 x TMSI paging
within a single paging request)
Paging Request type 1 – 2 mobiles
Paging Request type 2 – 3 mobiles
Paging Request type 3 – 4 mobiles

More details present in the

44.018 – section 9.1.22
Paging request message contains
Mobile identity – which determines
whether

-IMSI
-TMSI/P-TMSI(packet)
-IMEI
-IMEISV
-or No Identity to be used

More details in 24.008 section 10.5.1.4

Higher the paging request higher will be processing in BSC and MSC

What is paging in call flow?

Paging is the mechanism in which Network tells UE saying "I have something for
you". Then UE decode the content (Paging Cause) of the Paging message and UE has
to initiate the appropriate the procedure. In most cases, this paging process happens
while UE is in idle mode.

If the UE receives a paging message indicating a system information modification, the UE by

default expects that the system information will change at the next modification period
boundary.

Paging is procedure used for identifying the current location of an MS in order to route an incoming call.
Three type of Paging Types

1)Type 1 can address up to 2 mobiles using either TMSI or IMSI.

2)Type 2 can address up to 3 mobiles using 1 by IMSI and other 2 by TMSI.

3)Type 3 can address up to 4 mobiles using TMSI only.

CM- Service Request 1

What is CM Service Request in GSM?

– CM service type identifying the requested type of transaction (e.g. mobile originating
call establishment, emergency call establishment, short message service,
supplementary service activation), location services) CM = CONNECTION
MANAGEMENT. It is a GSM protocol.

Immediate Assignment

What Is Immediate Assignment In GSM? Immediate assignment in GSM it is for assign an

SDCCH channel for the mobile, whatever the reason is, LU(location update) or MOC(mobile
originating call) Immediate assignment procedure The IMMEDIATE ASSIGN message facilitates
the assignment of the MS onto an SDCCH channel. Correspondingly, the IMMEDIATE ASSIGN
REJECT message facilitates the refusal of the access. If the SDCCH reservation or activation
fails, the BSC sends the IMMEDIATE ASSIGN REJECT message to the MS. The GSM timer
T3101 supervises the immediate assignment procedure. The immediate assignment procedure
is presented in the following figure:

What is immediate assignment in GSM?

Quick Reference - Immediate Assignment. Immediate Assignement is the answering
message to the initial "Channel Request" explained above. This is to say to MS
"OK, I will accept your 'channel request' and here goes the radio resource you can use
for the following steps".

System Information Block type 5 The system information block type 5 contains parameters for the
configuration of the common physical channels in the cell. The block may also contain references to
other system information blocks.

Area scope: cell

UE state: idle mode (and connected mode)

RLC_SAP: TM or UM

Logical channel: BCCH Direction: UTRAN -> UE

System Information Block type 6

The system information block type 6 contains parameters for the configuration of the common physical
channels to be used in connected mode. The block is optional and shall only be transmitted when
different configurations are used in idle- and connected mode. The block may also contain references to
other system information blocks.

Area scope: cell

UE state: connected mode

RLC_SAP: TM or UM

Logical channel: BCCH

Direction: UTRAN -> UE

https://www.rfwireless-world.com/Terminology/GSM-system-information-messages.html

SI Type 5

As far as i have read SI TYPE 5 carries BCCH information of neighbors cells from the same
band as the serving cell.

SI 5 for 900 BCCH

SI 5ter for 1800 BCCH.

If the serving cell with BCCH in 900MHZ, then SI5 contains cells from 900MHz band.

If the serving cell with BCCH in 1800MHZ, then SI5 contains cells from 1800MHz band.

It carries neighbor cell informations. In active mode, MS sends measurement

reports in the uplink and output power/timing advance information in the downlink
(on SACCH). Also gets BCCH carrier related information of the neighbor cells.

SI Type 6

Information on LAI, cell options, Cell identity and PLMN permitted or not is
transmitted on this SI.

Measurement Report

Measurement reports are values reported from the MS that contain information about
channel quality. Measurement reports assist the network in making handover and power
control decisions.