Professional Documents
Culture Documents
Subject Code
10EC81
: 10EC81
IA Marks
Exam Hours
Exam Marks
: 25
: 03
: 100
PART - A
UNIT 1
Introduction to wireless telecommunication systems and Networks, History and evolution
Different generations of wireless cellular networks 1G, 2g,3G and 4G
etworks.
6 Hours
UNIT - 2
Common Cellular System components, Common cellular network components, Hardware
and software, views of cellular networks, 3G cellular systems components, Cellular
component identification Call establishment.
6 Hours
UNIT - 3
Wireless network architecture and operation, Cellular concept Cell fundamentals, Capacity
expansion techniques, Cellular backbone networks, Mobility management, Radio resources
andpowermanagementWirelessnetwork
6 Hours
UNIT - 4
GSM and TDMA techniques, GSM system overview, GSM Network and system
Architecture,GSMchannelconcepts,GSM
6 Hours
PART - B
UNIT - 5
GSM system operation, Traffic cases, Cal handoff, Roaming, GSM protocol architecture.
TDMA systems
6 Hours
Department of ECE,SJBIT
Page 1
Wireless Communication
10EC81
UNIT - 6
CDMA technology, CDMA overview, CDMA channel concept CDMA operations.
8 hours
UNIT - 7
Wireless Modulation techniques and Hardware, Characteristics of air interface, Path loss
models, wireless coding techniques, Digital modulation techniques, OFDM, UWB radio
techniques, Diversity techniques, Typical GSM Hardware.
6 Hours
UNIT - 8
Introduction to wireless LAN 802.11X technologies, Evolution of Wireless LAN
Introduction to 802.15X technologies in PAN Application and architecture Bluetooth
Introduction to Broadband wireless MAN, 802.16X technologies.
8 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
2.
3.
Department of ECE,SJBIT
Page 2
Wireless Communication
10EC81
INDEX SHEET
Sl.No
Page no.
UNIT --- 1
1
3G and 4G networks
5 to 19
UNIT2
7
10
11
12
13
Call release
20 to 30
UNIT 3
14
15
16
17
18
19
31 to 42
UNIT --4
20
21
22
GSM Network
23
system Architecture
Department of ECE,SJBIT
43 to 54
Page 3
Wireless Communication
10EC81
24
25
GSM identifiers
UNIT 5
26
27
Traffic cases
28
Call handoff
29
Roaming
30
31
TDMA systems
32
NA TDMA
55 to 67
UNIT--6
33
CDMA technology
34
CDMA overview
35
36
37
38
68 to 81
UNIT-7
40
41
42
43
44
45
82 to 94
UNIT-7
46
47
48
Introduction
to
802.15X
technologies
in
PAN
95 to 108
architecture
49
802.16X technologies
Department of ECE,SJBIT
Page 4
Wireless Communication
10EC81
UNIT - 1
Introduction to wireless telecommunication systems and Networks, History and Evolution
Different generations of wireless cellular networks 1G, 2g,3G and 4G networks.
6 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
2.
3.
Department of ECE,SJBIT
Page 5
Wireless Communication
10EC81
UNIT-1
1.2
Department of ECE,SJBIT
Page 6
Wireless Communication
10EC81
The transmitter signal propagates through the air to a receiver which is located at some
distance . At the receiver the detected signal is interpreted by the operator as either a dot or
dash depending upon its duration by use of Morse code.
Modern AM :
Amplitude modulation is used for low frequency radio broadcasting the AM include
quadrature amplitude modulation which is used for high speed data transmission at RF
frequencies.
Department of ECE,SJBIT
Page 7
Wireless Communication
10EC81
Circuit-switched calls
Interoffice calls
T-carrier transport
Department of ECE,SJBIT
Page 8
Wireless Communication
Signaling System #7
10EC81
Signalling System No. 7 (SS7) is a set of telephony signaling protocols which are used to
set up most of the world's public switched telephone network telephone calls. The main
purpose is to set up and tear down telephone calls. Other uses include number translation,
local number portability, prepaid billing mechanisms, short message service (SMS), and a
variety of other mass market services.
It is usually referenced as Signalling System No. 7 or Signalling System #7, or simply
abbreviated to SS7. In North America it is often referred to as CCSS7, an abbreviation for
Common Channel Signalling System 7. In some European countries, specifically the
United Kingdom, it is sometimes called C7 (CCITT number 7) and is also known as
number 7 and CCIS7 (Common Channel Interoffice Signaling 7). In Germany it is often
called as N7 (Signalisierungssystem Nummer 7).
There is only one international SS7 protocol defined by ITU-T in its Q.700-series
recommendations.[1] There are however, many national variants of the SS7 protocols. Most
national variants are based on two widely deployed national variants as standardized by
ANSI and ETSI, which are in turn based on the international protocol defined by ITU-T.
Each national variant has its own unique characteristics. Some national variants with rather
striking characteristics are the China (PRC) and Japan (TTC) national variants.
The Internet Engineering Task Force (IETF) has also defined level 2, 3, and 4 protocols
that are compatible with SS7:
Department of ECE,SJBIT
Page 9
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 10
Wireless Communication
10EC81
All 1G cellular systems rely on analog frequency modulation for speech and data
transmission and in-band signaling to move control information between terminals and the
rest of the network during the call. Advanced Mobile Phone
System is a good example of first-generation analog technology mostly used in the United
States. AMPS is based on FM radio transmission using the FDMA principle where every
user is assigned their own frequency to separate user channels within the assigned spectrum
(see Figure 3.2). FDMA is based on narrowband channels, each capable of supporting one
phone circuit that is assigned to a particular user for the duration of the call. Frequency
assignment is controlled by the system, and transmission is usually continuous in both
uplink and downlink directions. The spectrum in such systems is allocated to the user for
the duration of the call, whether it is being used to send voice, data, or nothing at all.
As with other 1G technologies, in AMPS a circuitrepresented by a portion of spectrum
is allocated to the user and must remain available for this user, similar to the telephone
copper pair used for voice communications. Similar to the analog wireline connection, a
modem is also used for data access (see Chapter 4 for more on this). Error correction
protocols used by wireless modems tend to be more robust than their landline counterparts,
because of the necessity of dealing with a more challenging physical environment with
inherently higher interference and signal-to-noise ratios than copper or fiber. The peak data
rate for an AMPS modem call under good conditions is usually up to 14.4 Kbps, and as low
as 4.8 Kbps under poor conditions. It can take anywhere up 20 seconds or more to establish
an AMPS data connection.
Page 11
Wireless Communication
10EC81
Fig 1.6 AMPS forward and reverse control and voice channels
Department of ECE,SJBIT
Page 12
Wireless Communication
10EC81
Mobile-to-land calls
Handshaking operations
Signaling operations
Service requests
Department of ECE,SJBIT
Page 13
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 14
Wireless Communication
Handoff operations
10EC81
Handshaking operations
Signal strength measurements
MSC operations during handoff
Confirmation messages
2G Cellular Systems
Page 15
Wireless Communication
10EC81
originated in North America, has also proliferated in South America and later in the AsiaPacific region. TDMA remains to be widely deployed in North and South America regions,
but it is expected to decline mostly because of the decisions taken by few major North
American carriers to convert their TDMA networks to GSM.
This second-generation system, widely deployed in the United States, Canada, and South
America, goes by many names, including North American TDMA, IS-136, and D-AMPS
(Digital AMPS). For the sake of clarity, we will refer to it as North American TDMA, as
well as simply TDMA, when the context makes it clear. TDMA has been used in North
America since 1992 and was the first digital technology to be commercially deployed there.
As its name indicates, it is based on Time Division Multiple Access. In TDMA the
resources are shared in time, combined with frequency-division multiplexing (that is, when
multiple frequencies are used). As a result, TDMA offers multiple digital channels using
different time slots on a shared frequency carrier. Each mobile station is assigned both a
specific frequency and a time slot during which it can communicate with the base station.
The TDMA transmitter is active during the assigned time slot and inactive during other
time slots, which allows for power-saving terminal designs, among other advantages. North
American TDMA supports three time slots, at 30 kHz each, further divided into three or six
channels to maximize air interface utilization. A sequence of time-division multiplexed
time slots in TDMA makes up frames, which are 40 ms long. The TDMA traffic channel
total bit rate is 48.6 Kbps. Control overhead and number of users per channel, which is
greater than one, decrease the effective throughput of a channel available for user traffic to
13 Kbps. TDMA is a dual-band technology, which means it can be deployed in 800-MHz
and 1900-MHz frequency bands. In regions where both AMPS and TDMA are deployed,
TDMA phones are often designed to operate in dual mode, analog and digital, in order to
offer customers the ability to utilize coverage of the existing analog infrastructure.
Department of ECE,SJBIT
Page 16
Wireless Communication
10EC81
"2.5G" is an informal term, invented solely for marketing purposes, unlike "2G" or "3G"
which are officially defined standards based on those defined by the International
Telecommunication (ITU). The term "2.5G" usually describes a 2G cellular system
combined with General Packet Radio Services (GPRS), or other services not generally
found in 2G or 1G networks.Wireless telecommunication technology like CDMA200 1xRTT, Enhanced Data Rates for GSM Evolution (EDGE) or Enhanced General Packet
Radio Service (EGPRS), since they have data transmission rates of 144 kbps or higher,
may qualify as 3G technology. However, they are usually classified as 2.5G technology
because they have slower network speeds than most 3G services.
GPRS is a service commonly associated with 2.5G technology. It has data transmission
rates of 28 kbps or higher. GPRS came after the development of the Global System for
Mobile (GSM) service, which is classified as 2G technology, and it was succeeded by the
development of the Universal Mobile Telecommunication Service (UMTS), which is
classified as 3G technology.A 2.5G system may make use of 2G system infrastructure, but
it implements a packet-switched network domain in addition to a circuit-switched domain.
This does not necessarily give 2.5G an advantage over 2G in terms of network speed,
because bundling of timeslots is also used for circuit-switched data services (HSCSD).
The services and infrastructure of a 2.5G network may be used on a per-transaction basis
rather than a per-minute-of-use basis, thanks to its packet-switched domain. This makes its
infrastructure more efficient and improves the service delivery. This impetus is known as
the "always-on" capability.2.5G networks may support services such as WAP, MMS, SMS
mobile games, and search and directory.
3G Cellular Systems
Cell phones and systems are classified by the generation they belong to. Third generation
(3G) phones were developed in the late 1990s and 2000s. The goal was to improve the data
capability and speed. 3G phones were defined by the Third Generation Partnership Project
(3GPP) and later standardized by the ITU-T. Generally known as the Universal Mobile
Telecomunications System (UMTS), this 3G system is based on wideband CDMA that
operates in 5 MHz of bandwidth and can produce download data rates of typically 384 kb/s
under normal conditions and up to 2 Mb/s in some instances. Another 3G standard,
cdma2000, was developed by Qualcomm. It uses 1.25 MHz bands to produce data rates to
2 Mb/s. Another version of cdma2000 is an improved IS-95 version. It is a 3GPP2
standard. It can transmit data at a rate to 153 kb/s and up to 2 Mb/s in some cases.
Department of ECE,SJBIT
Page 17
Wireless Communication
10EC81
3G phone standards have been expanded and enhanced to further expand data speed and
capacity. The WCDMA phones have added high speed packet access (HSPA) that use
higher level QAM modulation to get speeds up to 21 or 42 Mb/s downlink (cell site to
phone) and up to 7 and/or 14 Mb/s uplink (phone to cell site). AT&T and T-Mobile use
HSPA technology. The cdma2000 phones added 1xRTT as well as Rev. A and Rev B
modifications that boost speed as well. Verizon and Sprint use cdma2000 3G standard
technology. Virtually all standard and smartphone models and most tablets still use some
form of 3G.
Department of ECE,SJBIT
Page 18
Wireless Communication
10EC81
The fourth generation has been defined but we are not in it, yet. Yes, many if not most of
the mobile carriers and the various phone and equipment manufacturers actually advertise
4G now. The formal definition of 4G as declared by the 3GPP and the ITU-T is something
called Long Term Evolution-Advanced (LTE-A). The standard has not been fully
completed but basically it is an improved and enhanced version of LTE that uses wider
bandwidth channels and a greater number of MIMO antennas. The theoretical upper data
rate is 1 Gb/s. That remains to be seen in practice.
As for what the various companies are calling 4G, Verizon says that their LTE network is
4G. AT&T promotes their LTE and HSPA networks as 4G. T-Mobile indicates that their
HSPA+ networks are 4G. Furthermore Sprint and Clearwire say that their WiMAX
network is 4G. As mentioned, WiMAX is actually defined as a 3G technology by ITU-T
like LTE.
Department of ECE,SJBIT
Page 19
Wireless Communication
10EC81
UNIT - 2
Common Cellular System components, Common cellular network components, Hardware
and software, views of cellular networks, 3G cellular systems components, Cellular
component identification Call establishment.
6 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
2.
3.
Department of ECE,SJBIT
Page 20
Wireless Communication
10EC81
UNIT-2
COMMON CELLULAR SYSTEM COMPONENTS
It is very much essential to implement increased system functionality to meet the demands
of the increasing number of subscribers with the more sophisticated wireless cellular
network. To achieve this the various hardware network elements used to create the wireless
cellular network plays an important role.
The network element scan be divided into three basic groups
1.The mobile or subscriber device (providers the user link to the wireless network.
2.Base station ( provides wireless system links to the subscriber over air interface)
3.Network switching system (provides interface to the PSTN and PDN )
2.1 COMMON CELLULAR NETWORK COMPONENTS
Page 21
Wireless Communication
10EC81
The various network elements that make up the wireless system are interconnected by
communication links that transport system messages between network elements to facilitate
network operations and deliver the actual voice call or data services information.
SUBSCRIBER DEVICES:
The subscriber device is the link between the customer and the wireless network. The SD
must be able to provide a means for the subscriber to control and input information to the
phone and display its operation status.
The subscriber device must be able to sample , digitize and process audio and other
multimedia signals, transmit and receive RF signals, process system control messages and
provide the power needed to operate the complex electronics subsystems .
A SD consists of man machine interface, an RF transceiver section a signal processing
section , a system control processor and a power supply/ management section.
BASE STATION SYSTEM COMPONENTS:
The Base station system handles all radio interface related functions for the wireless
network .The BSS consists of several to many radio base stations , a base station
contr5oller , Transcoder controller .The radio equipment required to serve one cell is
typically called a base transceiver system. A single radio base station might contain three
base transceiver systems which is used to serve a cell site that consists of three 120 degree
sectors or cells.
Department of ECE,SJBIT
Page 22
Wireless Communication
10EC81
Fig 2.3
It is a database that temporarily stores information about any mobile station that attaches to
a RBS in the area services by a particular MSC. This temporary subscriber information is
required by the MSC to provide service to a visiting subscriber .
HOME LOCATION REGISTER:
It is a data base that stores information about every user that has a cellular service contract
with specific wireless service provider . This database stores permanent data about the
networks subscribers, information about the subscribers present location. The HLR also
plays a major role in the process of handling calls terminating at the MS. The HLR
analyzes the information about the incoming call and controls the routing of the call.
AUC Interconnection:
The AUC provides authentication and encryption information for the MS being used in the
cellular network. Upon a request from a VLR the HLR will be delivered a triplet for a
particular mobile subscriber .the HLR receives the triplet information in response to a
Department of ECE,SJBIT
Page 23
Wireless Communication
10EC81
request to the AUC for verification of a subscriber. The HLR forwards the random
number and returns it to the MSC/VLR and from there to the HLR .The AUC contains a
processor, a database for the storage of key information for each subscriber maintenance
functions for subscriber and an interface fro communication with HLR.
EQUIPMENT IDENTITY REGISTER:
Then EIR database is used to validate then status of mobile equipment . This global
database is updated daily to reflect the current status of an MS. The MS can be black listed
indicating that it has been reported stolen or missing and does not approve for network
operation.
INTERWORKING UNITS:
IWUs are required to provide an interface to various data networks. These nodes are used
to connect the base station controller and hence the radio base stations to various data
services networks.
GATEWAYS and its types
1. Gateway MSC: (GMSC)gateway MSC is an MSC that interfaces the wireless
mobile network to other telecommunication networks. A cellular network will have
numerous MSCs to facilitate coverage of large area but all switching centers need to
be connected to other wireline network .to support its function as gateway the
GMSC will have ability to reroute a call to an MS using the information provided
by the HLR of a subscriber.
2. Billing gateway : (BGW) this collects billing information from various wireless
network elements which becomes a file use by customer administrative system to
generate billing information for the system subscribers like monthly access fees,
home usage , roaming , data and special services etc.,
3. Service order Gateway :(SOG) It is used to connect a customer administrative
system to the switching system. This system is used to input new subscriber data to
the HLR or to update current subscriber data already contained in the HLR. The
SOG allows access to the AUC and EIR for equipment administration. When a
customer signs a service contract with cellular service provider the information
about the contract is entered into the customer administrative system.
Serving areas
Cells
MSC boundaries
Department of ECE,SJBIT
Page 24
Wireless Communication
10EC81
Fig 2.4
Fig 2.5
Core network
Department of ECE,SJBIT
Page 25
Wireless Communication
10EC81
Fig 2.6
Department of ECE,SJBIT
Page 26
Wireless Communication
10EC81
Fig 2.6
Department of ECE,SJBIT
Page 27
Wireless Communication
10EC81
Location numbering
PSTN messages
GMSC operations
MSC/VLR operations
BSC operations
Mobile-originated call
Mobile operations
MSC operations
Department of ECE,SJBIT
Page 28
Wireless Communication
10EC81
Call release
Department of ECE,SJBIT
Page 29
Wireless Communication
10EC81
The above figure shows the operation during release of a mobile call through MSC . the
steps involved as shown in detail which is self explanatory.
Department of ECE,SJBIT
Page 30
Wireless Communication
10EC81
UNIT - 3
Wireless network architecture and operation, Cellular concept Cell fundamentals, Capacity
expansion techniques, Cellular backbone networks, Mobility management, Radio resources
and power management Wireless network security
6 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
2.
3.
Department of ECE,SJBIT
Page 31
Wireless Communication
10EC81
UNIT-3
WIRELESS NETWORK ARCHITECTURE AND OPERATION
3.1 The Cellular Concept
Solves the problem of spectral congestion and user capacity,Offer very high capacity in
a limited spectrum without major technological changes,Reuse of radio channel in
different cells.Enable a fix number of channels to serve an arbitrarily large number of
users by reusing the channel throughout the coverage region.Simplex and duplex
Each cellular base station is allocated a group of radio channels within a small
geographic area called a cell.Neighboring cells are assigned different channel groups.
By limiting the coverage area to within the boundary of the cell, the channel groups
may be reused to cover different cells.Keep interference levels within tolerable limits.
Frequency reuse or frequency planning seven groups of channel from A to G.footprint
of a cell - actual radio coverage ,omni-directional antenna v.s. directional antenna
The N cells which use the complete set of channels is called cluster.
The cluster can be repeated M times within the system. The total number of
channels, C, is used as a measure of capacity
Department of ECE,SJBIT
Page 32
Wireless Communication
10EC81
Picocells
Microcells
Macrocells
Megacells and femtocells
Department of ECE,SJBIT
Page 33
Wireless Communication
10EC81
minimize interference
Channel assignment strategy
fixed channel assignment
dynamic channel assignment
Fixed channel assignment
each cell is allocated a predetermined set of voice channel
any new call attempt can only be served by the unused channels
the call will be blocked if all channels in that cell are occupied
Dynamic channel assignment
channels are not allocated to cells permanently.
allocate channels based on request.
reduce the likelihood of blocking, increase capacity.
Cell Fundamentals
Reuse number
Frequency reuse distance
The reuse distance can be calculated by using the equation:
Cell Fundamentals
Cellular interference issues
Signal-to-interference ratio
Channel assignments
Page 34
Wireless Communication
10EC81
Decrease the co-channel interference and keep the cell radius R unchanged
Replacing single omni-directional antenna by several directional antennas
Radiating within a specified sector
Department of ECE,SJBIT
Page 35
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 36
Wireless Communication
10EC81
Fig 3.8
Fig 3.9
Department of ECE,SJBIT
Page 37
Wireless Communication
10EC81
Mobility Management
Paging messages
Different paging schemes
Transmission of the location information between network elements
Mobility Management
Handoff management
Handoff control
Handoff operation
Handoff algorithm
When a mobile moves into a different cell while a conversation is in progress, the
MSC automatically transfers the call to a new channel belonging to the new base
station.
Handoff operation
identifying a new base station
re-allocating the voice and control channels with the new base station.
Handoff Threshold
Minimum usable signal for acceptable voice quality (-90dBm to -100dBm)
Handoff margin cannot be too large or too small.
If it is too large, unnecessary handoffs burden the MSC
If it is too small, there may be insufficient time to complete handoff before
a call is lost.
Department of ECE,SJBIT
Page 38
Wireless Communication
10EC81
Handoff must ensure that the drop in the measured signal is not due to momentary
fading and that the mobile is actually moving away from the serving base station.
Dwell time: the time over which a call may be maintained within a cell without
handoff.
Department of ECE,SJBIT
Page 39
Wireless Communication
10EC81
Handoff measurement
In first generation analog cellular systems, signal strength measurements
are made by the base station and supervised by the MSC.
In second generation systems (TDMA), handoff decisions are mobile
assisted, called mobile assisted handoff (MAHO)
Intersystem handoff: If a mobile moves from one cellular system to a different
cellular system controlled by a different MSC.
Handoff requests is much important than handling a new call.
Microcells to provide capacity, the MSC can become burdened if high speed users
are constantly being passed between very small cells.
Minimize handoff intervention
handle the simultaneous traffic of high speed and low speed users.
Large and small cells can be located at a single location (umbrella cell)
different antenna height
different power level
Cell dragging problem: pedestrian users provide a very strong signal to the base
station
The user may travel deep within a neighboring cell
Handoff for first generation analog cellular systems ,10 secs handoff time, is in the
order of 6 dB to 12 dB,Handoff for second generation cellular systems, e.g., GSM 1 to
2 seconds handoff time, mobile assists handoff , is in the order of 0 dB to 6 dB
Handoff decisions based on signal strength, co-channel interference, and adjacent
channel interference.
IS-95 CDMA spread spectrum cellular system ,Mobiles share the channel in every
cell.No physical change of channel during handoff ,MSC decides the base station with
the best receiving signal as the service station Handoff within a cell, No channel reassignment, Switch the channel to a different zone site, Reduce interference, Low
power transmitters are employed
Frequency reuse - there are several cells that use the same set of frequencies
co-channel cells
co-channel interference
Department of ECE,SJBIT
Page 40
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 41
Wireless Communication
10EC81
Power control
Power saving schemes
Discontinuous transmission
Sleep modes
Energy efficient designs
Radio resource management
Need
Schemes
Department of ECE,SJBIT
Page 42
Wireless Communication
10EC81
UNIT - 4
GSM and TDMA techniques, GSM system overview, GSM Network and system
Architecture, GSM channel concepts, GSM identifiers
6 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
Mobile Cellular Telecommunication, Lee W.C.Y, MGH, 2002.
2.
Wireless communication - D P Agrawal: 2nd Edition Thomson learning 2007.
3.
Fundamentals of Wireless Communication, David Tse, Pramod Viswanath,
Cambridge 2005.
Department of ECE,SJBIT
Page 43
Wireless Communication
10EC81
Unit-4
GSM AND TDMA TECHNOLOGIES
4.1 Introduction to GSM and TDMA
Global System for Mobile Communications (GSM) services are a standard collection of
applications and features available to mobile phone subscribers all over the world. The
GSM standards are defined by the 3GPP collaboration and implemented in hardware and
software by equipment manufacturers and mobile phone operators. The common standard
makes it possible to use the same phones with different companies' services, or even roam
into different countries. GSM is the world's most dominant mobile phone standard.
The design of the service is moderately complex because it must be able to locate a moving
phone anywhere in the world, and accommodate the relatively small battery capacity,
limited input/output capabilities, and weak radio transmitters on mobile devices.
In order to gain access to GSM services, a user needs three things:
A billing relationship with a mobile phone operator. This is usually either where
services are paid for in advance of them being consumed (prepaid), or where bills
are issued and settled after the service has been consumed (postpaid).
A mobile phone that is GSM compliant and operates at the same frequency as the
operator. Most phone companies sell phones from third-party manufacturers.
A Subscriber Identity Module (SIM) card, which is activated by the operator once
the billing relationship is established. After activation the card is then programmed
with the subscriber's Mobile Subscriber Integrated Services Digital Network
Number (MSISDN) (the telephone number). Personal information such as contact
numbers of friends and family can also be stored on the SIM by the subscriber.
After subscribers sign up, information about their identity (telephone number) and what
services they are allowed to access are stored in a "SIM record" in the Home Location
Register (HLR).
Once the SIM card is loaded into the phone and the phone is powered on, it will search for
the nearest mobile phone mast (also called a Base Transceiver Station/BTS) with the
strongest signal in the operator's frequency band. If a mast can be successfully contacted,
then there is said to be coverage in the area. The phone then identifies itself to the network
through the control channel. Once this is successfully completed, the phone is said to be
attached to the network.
The key feature of a mobile phone is the ability to receive and make calls in any area where
coverage is available. This is generally called roaming from a customer perspective, but
also called visiting when describing the underlying technical process. Each geographic area
has a database called the Visitor Location Register (VLR), which contains details of all the
mobiles currently in that area. Whenever a phone attaches, or visits, a new area, the Visitor
Location Register must contact the Home Location Register to obtain the details for that
phone. The current cellular location of the phone (i.e., which BTS it is at) is entered into
Department of ECE,SJBIT
Page 44
Wireless Communication
10EC81
the VLR record and will be used during a process called paging when the GSM network
wishes to locate the mobile phone.
Every SIM card contains a secret key, called the Ki, which is used to provide authentication
and encryption services. This is useful to prevent theft of service, and also to prevent "over
the air" snooping of a user's activity. The network does this by utilising the Authentication
Center and is accomplished without transmitting the key directly.
Every GSM phone contains a unique identifier (different from the phone number), called
the International Mobile Equipment Identity (IMEI). This can be found by dialing *#06#.
When a phone contacts the network, its IMEI may be checked against the Equipment
Identity Register to locate stolen phones and facilitate monitoring.
TDMA
It can be easily adapted to the transmission of data and voice communication.
TDMA offers the ability to carry data rates of 64 kbps to 120 Mbps (expandable in
multiples of 64 kbps). This enables operators to offer personal communication-like
services including fax, voiceband data, and short message services (SMSs) as well as
bandwidth-intensive applications such as multimedia and videoconferencing.
It will not experience interference from other simultaneous transmissions
Unlike spread-spectrum techniques which can suffer from interference among the
users all of whom are on the same frequency band and transmitting at the same time,
TDMAs technology, which separates users in time, ensures that they will not
TDMA is
the
only technology that
offers an
efficient
utilization
of hierarchical cell structures (HCSs) offering pico, micro, and macrocells. HCSs
allow coverage for the system to be tailored to support specific traffic and service
Department of ECE,SJBIT
Page 45
Wireless Communication
10EC81
needs. By using this approach, system capacities of more than 40-times AMPS can
be achieved in a cost-efficient way. TDMA allows service compatibility with the use of
dual-mode handsets because of its inherent compatibility with FDMA analog systems.
SMS gateway
Abis interface
A interface
Department of ECE,SJBIT
Page 46
Wireless Communication
10EC81
Um interface
Um interface
Abis interface
A interface
Ater interface
The network structure is defined within the GSM standards. Additionally each interface
between the different elements of the GSM network is also defined. This facilitates the
information interchanges can take place. It also enables to a large degree that network
elements from different manufacturers can be used. However as many of these interfaces
were not fully defined until after many networks had been deployed, the level of
standardisation may not be quite as high as many people might like.
1. Um interface The "air" or radio interface standard that is used for exchanges
between a mobile (ME) and a base station (BTS / BSC). For signalling, a modified
version of the ISDN LAPD, known as LAPDm is used.
2. Abis interface This is a BSS internal interface linking the BSC and a BTS, and it
has not been totally standardised. The Abis interface allows control of the radio
equipment and radio frequency allocation in the BTS.
3. A interface The A interface is used to provide communication between the BSS
and the MSC. The interface carries information to enable the channels, timeslots
and the like to be allocated to the mobile equipments being serviced by the BSSs.
Department of ECE,SJBIT
Page 47
Wireless Communication
10EC81
The messaging required within the network to enable handover etc to be undertaken
is carried over the interface.
4. B interface The B interface exists between the MSC and the VLR . It uses a
protocol known as the MAP/B protocol. As most VLRs are collocated with an
MSC, this makes the interface purely an "internal" interface. The interface is used
whenever the MSC needs access to data regarding a MS located in its area.
5. C interface The C interface is located between the HLR and a GMSC or a SMS-G.
When a call originates from outside the network, i.e. from the PSTN or another
mobile network it ahs to pass through the gateway so that routing information
required to complete the call may be gained. The protocol used for communication
is MAP/C, the letter "C" indicating that the protocol is used for the "C" interface. In
addition to this, the MSC may optionally forward billing information to the HLR
after the call is completed and cleared down.
6. D interface The D interface is situated between the VLR and HLR. It uses the
MAP/D protocol to exchange the data related to the location of the ME and to the
management of the subscriber.
7. E interface The E interface provides communication between two MSCs. The E
interface exchanges data related to handover between the anchor and relay MSCs
using the MAP/E protocol.
8. F interface The F interface is used between an MSC and EIR. It uses the MAP/F
protocol. The communications along this interface are used to confirm the status of
the IMEI of the ME gaining access to the network.
9. G interface The G interface interconnects two VLRs of different MSCs and uses
the MAP/G protocol to transfer subscriber information, during e.g. a location
update procedure.
10. H interface The H interface exists between the MSC the SMS-G. It transfers short
messages and uses the MAP/H protocol.
11. I interface The I interface can be found between the MSC and the ME. Messages
exchanged over the I interface are relayed transparently through the BSS.
Although the interfaces for the GSM cellular system may not be as rigorously defined as
many might like, they do at least provide a large element of the definition required,
enabling the functionality of GSM network entities to be defined sufficiently.
Department of ECE,SJBIT
Page 48
Wireless Communication
10EC81
Frames
Multiframes
Department of ECE,SJBIT
Page 49
Wireless Communication
10EC81
Synchronization channel
Logical channels
Broadcast channels
Paging channel
Speech processing
Operations
Bit rate
Department of ECE,SJBIT
Page 50
Wireless Communication
10EC81
TDMA multiframes
Hyperframes
Superframes
Multiframes
26 frame
51 frame
Timeslot bursts
Normal burst
Synchronization burst
Access burst
Dummy burst
Department of ECE,SJBIT
Page 51
Wireless Communication
10EC81
GSM multiframe
Department of ECE,SJBIT
Page 52
Wireless Communication
10EC81
The GSM frames are grouped together to form multiframes and in this way it is possible to
establish a time schedule for their operation and the network can be synchronised.
There are several GSM multiframe structures:
Traffic multiframe: The Traffic Channel frames are organised into multiframes
consisting of 26 bursts and taking 120 ms. In a traffic multiframe, 24 bursts are used
for traffic. These are numbered 0 to 11 and 13 to 24. One of the remaining bursts is
then used to accommodate the SACCH, the remaining frame remaining free. The
actual position used alternates between position 12 and 25.
Control multiframe: the Control Channel multiframe that comprises 51 bursts and
occupies 235.4 ms. This always occurs on the beacon frequency in time slot zero
and it may also occur within slots 2, 4 and 6 of the beacon frequency as well. This
multiframe is subdivided into logical channels which are time-scheduled.
GSM Superframe
Multiframes are then constructed into superframes taking 6.12 seconds. These consist of 51
traffic multiframes or 26 control multiframes. As the traffic multiframes are 26 bursts long
and the control multiframes are 51 bursts long, the different number of traffic and control
multiframes within the superframe, brings them back into line again taking exactly the
same interval.
GSM Hyperframe
Above this 2048 superframes (i.e. 2 to the power 11) are grouped to form one hyperframe
which repeats every 3 hours 28 minutes 53.76 seconds. It is the largest time interval within
the GSM frame structure.
Within the GSM hyperframe there is a counter and every time slot has a unique sequential
number comprising the frame number and time slot number. This is used to maintain
synchronisation of the different scheduled operations with the GSM frame structure. These
include functions such as:
Department of ECE,SJBIT
Page 53
Wireless Communication
10EC81
UNIT - 5
GSM system operation, Traffic cases, Cal handoff, Roaming, GSM protocol architecture.
TDMA systems
6 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
Mobile Cellular Telecommunication, Lee W.C.Y, MGH, 2002.
Wireless communication - D P Agrawal: 2nd Edition Thomson learning 2007.
2.
3.
Fundamentals of Wireless Communication, David Tse, Pramod Viswanath,
Cambridge 2005.
Department of ECE,SJBIT
Page 54
Wireless Communication
10EC81
UNIT-5
GSM SYSTEM OPERATIONS
GSM Identities
5.1
Department of ECE,SJBIT
Page 55
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 56
Wireless Communication
10EC81
Interrogation phase
Service request
Authentication
Call setup
IMEI check
TMSI reallocation
Department of ECE,SJBIT
Page 57
Wireless Communication
10EC81
Location updating
Department of ECE,SJBIT
Page 58
Wireless Communication
10EC81
Page 59
Wireless Communication
10EC81
MS. BTS also inform the BSC to send a "message HO detection" so that point on
the new GS is connected.
G). MS send a "HO complete message."
H). Last time the BTS ordered not to activate the old TCH.
Inter-BSC handover
In this case BSC1, (old BSC) does not control the better cell which is the target for
the handover. This means that the MSC will be part of the link procedure between
BSC1 and BSC2 (new BSC).
Handover request - BSC1 will use the MSC to send a handover request to
BSC2. The MSC will know which BSC controls that cell.
Activation of new channel - BSC2 will allocate a TCH in the targetcell and then
order the BTS to activate it. The chosen HO ref. no. will be part of the activation
message. The BTS will acknowledge that the activation has been made.
Handover command - After the activation the new BSC commands the MS to
change to the new channel. The message is sent on FACCH via the old channel and
will contain a full description of the new channel and the HO ref. no.
Department of ECE,SJBIT
Page 60
Wireless Communication
10EC81
3. Handover bursts - When the MS has changed to the new channel, it will send
handover bursts on the new channel. The information content is the HO ref. no.
The bursts are as short as the access bursts. This is because the MS does not know
the new Timing Advance (TA) value yet. On the detection of the handover bursts,
and check of HO ref. no., the new BTS will send the new TA.
4. Handover complete - Now the MS is ready to continue the traffic and will
send a handover complete message, which will be addressed to the old BSC as
a
clear
command.
5. Release of old channel - When the old BSC receives the clear command
from the MSC, the BSC knows that the handover was successful. The BSC
orders the BTS to release the TCH and the BTS will acknowledge.
Inter-MSC handover
Handing over a GSM call is a complicated procedure. It is even more so when the
source and target GSM cells are controlled by different MSCs. The following call flows
analyze the different steps involved in a inter-MSC handover:
The source BSC analyzes the signal quality measurement reports and initiates a
handover.
The source MSC finds that the call needs to be handed over to a cell controlled by a
different MSC.
Department of ECE,SJBIT
Page 61
Wireless Communication
10EC81
The source MSC and target MSC interact and then command the UT to move to the
new cell.
The target MSC informs the source MSC when the call has been successfully
handed over.
The source MSC releases the radio resources for the call. Note that the call is still
routed via the source MSC
Page 62
Wireless Communication
10EC81
channels). As the control channels often have spare capacities, also user data, the
packet oriented SMS data, is transported over these channels (see Figure gsm8). All
logical channels, however, will be finally multiplexed onto the physical channel.
Department of ECE,SJBIT
Page 63
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 64
Wireless Communication
10EC81
Connection management
Mobility management
Department of ECE,SJBIT
Page 65
Wireless Communication
10EC81
LAPD operations
TIA/EIA-136 basics
Department of ECE,SJBIT
Page 66
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 67
Wireless Communication
10EC81
UNIT - 6
CDMA technology, CDMA overview, CDMA channel concept CDMA operations.
8 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
Mobile Cellular Telecommunication, Lee W.C.Y, MGH, 2002.
2.
Wireless communication - D P Agrawal: 2nd Edition Thomson learning 2007.
Fundamentals of Wireless Communication, David Tse, Pramod Viswanath,
3.
Cambridge 2005.
Department of ECE,SJBIT
Page 68
Wireless Communication
10EC81
UNIT- 6
CDMA TECHNOLOGY
Department of ECE,SJBIT
Page 69
Wireless Communication
10EC81
There is increasing demand for data traffic over mobile radio. The mobile radio industry has to
evolve the current radio infrastructures to accommodate the expected data traffic with the efficient
provision of high-speed voice traffic. The General Packet Radio Service (GPRS) is being introduced
to efficiently support high-rate data over GSM. GPRS signalling and data do not travel through
GSM network. The GPRS operation is supported by new protocols and new network nodes:
Serving GPRS support node (SGSN) and Gateway GPRS support node (GGSN). One prominent
protocol used to tunnel data through IP backbone network is the GPRS tunnel protocol (GTP).
GPRS obtains user profile data using location register database of GSM network. GPRS supports
quality of service and peak data rate of up to 171.2 kbps with GPRS using all 8 timeslots at the
same time. GPRS uses the same modulation as that used in GSM, that is Gaussian Minimum Shift
Keying (GMSK) with 4 coding schemes. GPRS packetises the user data and transports it over 1 to
8 radio channel timeslots using IP backbone network.
The Enhanced Data Rates for GSM Evolution (EDGE) employs an Enhanced GPRS (EGPRS) to
support data rate up to 384 kbps through optimised modulation. EGPRS support 2 modulation
schemes, namely GMSK with 4 coding schemes and 8-PSK with 5 coding schemes. Unlike GPRS
where header and data are encoded together, headers are encoded separately in EGPRS.
Page 70
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 71
Wireless Communication
10EC81
Page 72
Wireless Communication
10EC81
The IS-95 CDMA system is a narrow band radio system. Bandwidth is limited to 1.25 MHz
and a chip rate of 1.2288 Mcps. The system is intended to provide voice and low bit rate
data service using circuit-switching techniques. Data rate varies from 1.2 kbps to 9.6 kbps.
Forward (base station to mobile) and reverse (mobile to base station) link structures are
different and each is capable of distinctive capacity. Forward transmission is coherent and
synchronous while the reverse link is asynchronous. The 'chanellisation' in each link is
achieved by using 64- chip orthogonal codes, including provision for pilot,
synchronisation, paging, and network access. Consequently, the number of active users
able to simultaneously access the network is limited by the level of interference, service
provisions and the number of 'channels' available. In IS-95B, an active mobile always has a
fundamental code channel at 9.6 kbps and when high data rate is required, the base station
assign the mobile up to 7 supplementary code channels.
The Wideband CDMA (W-CDMA) system is the major standard in the next-generation
Global Mobile Telecommunications standard suite IMT-2000. The W-CDMA supports
Department of ECE,SJBIT
Page 73
Wireless Communication
10EC81
high data rate transmission, typically 384 kbps for wide area coverage and 2 Mbps for local
coverage for multimedia services. Thus W-CDMA is capable of offering the transmission
of voice, text, data, picture (still image) and video over a single platform. However, in
addition to the drawbacks arising from the mobile environment and multiple access
interference, high bit rate transmission causes Inter-symbol interference (ISI) to occur. The
ISI therefore has to be taken into account during transmission. The W-CDMA has 2
versions: frequency division duplex (FDD) and time division duplex (TDD).
The FDD version of W-CDMA will operate in either of the following paired bands:
Uplink: 1920 - 1980 MHz Downlink: 2110 - 2170 MHz
Uplink: 1850 - 1010 MHz Downlink: 1930 - 1990 MHz
The 3GPP architecture of the Universal Mobile Telecommunications System (UMTS) is
composed of IP-based core network (CN) connected to the user equipment through UMTS
Terrestrial Radio Access Network (UTRAN). The UTRAN consists of a set of radio
network subsystem comprising a radio controller and one or more node base station. The
network controller is responsible for the handover decisions that require signalling to the
user equipment. Each subsystem is responsible for the resources of its set of cells and each
node B has one or more cells.
Department of ECE,SJBIT
Page 74
Wireless Communication
10EC81
Fig 6.9
Fig 6.10
Page 75
Wireless Communication
10EC81
PN code derivation
Access channels
Traffic/power control channels
Department of ECE,SJBIT
Page 76
Wireless Communication
10EC81
Page 77
Wireless Communication
10EC81
an index policy. We further show that the opti- mal CDT strategy can only take on one of
three structural forms. Using these results we present a two-step lookahead CDT (CAT)
strategy. This strategy is shown to be optimal for a number of cases of practical interest.
Department of ECE,SJBIT
Page 78
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 79
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 80
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 81
Wireless Communication
10EC81
UNIT - 7
Wireless Modulation techniques and Hardware, Characteristics of air interface, Path loss
models, wireless coding techniques, Digital modulation techniques, OFDM, UWB radio
techniques, Diversity techniques, Typical GSM Hardware.
6 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
Mobile Cellular Telecommunication, Lee W.C.Y, MGH, 2002.
2.
Wireless communication - D P Agrawal: 2nd Edition Thomson learning 2007.
3.
Fundamentals of Wireless Communication, David Tse, Pramod Viswanath,
Cambridge 2005.
Department of ECE,SJBIT
Page 82
Wireless Communication
10EC81
Unit-7
Wireless Modulation Techniques and Hardware
7.1 Transmission Characteristics of Wireline and Fiber Systems
Early usage
Radio wave propagation and propagation models
Wave propagation below 2 MHz
Wave propagation between 2 and 30 MHz
Wave propagation above 30 MHz
Wave propagation effects at UHF and above
Reflection
Scattering
Diffraction
Other
Multipath propagation
Indoor and outdoor propagation examples
Path loss models for various coverage areas
Free space
Other path loss models
Two-ray model
Okumura model
Okumura-Hata model
Multipath and Doppler effects
Rayleigh fading
Multipath delay spread
Department of ECE,SJBIT
Page 83
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 84
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 85
Wireless Communication
10EC81
Fig 7.4
Speech coding
Rates and subrates
Block interleaving
Examples of coding and interleaving
Department of ECE,SJBIT
Page 86
Wireless Communication
10EC81
Fig 7.6
Department of ECE,SJBIT
Page 87
Wireless Communication
10EC81
Orthogonality principle
Multiple carriers and multirate modems
Present uses - wireless LANs
Future uses
Fig 7.6
Page 88
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 89
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 90
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 91
Wireless Communication
10EC81
Fig 7.12
Department of ECE,SJBIT
Page 92
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 93
Wireless Communication
10EC81
Department of ECE,SJBIT
Page 94
Wireless Communication
10EC81
UNIT - 8
Introduction to wireless LAN 802.11X technologies, Evolution of Wireless LAN
Introduction to 802.15X technologies in PAN Application and architecture Bluetooth
Introduction to Broadband wireless MAN, 802.16X technologies.
8 Hours
TEXT BOOK:
1.
REFERENCE BOOKS:
1.
Mobile Cellular Telecommunication, Lee W.C.Y, MGH, 2002.
Wireless communication - D P Agrawal: 2nd Edition Thomson learning 2007.
2.
3.
Fundamentals of Wireless Communication, David Tse, Pramod Viswanath,
Cambridge 2005.
Department of ECE,SJBIT
Page 95
Wireless Communication
10EC81
Unit- 8
Wireless LANs/IEEE 802.11x
8.1 Introduction to IEEE 802.11x Technologies
802.11X authentication involves three parties: a supplicant, an authenticator, and an
authentication server. The supplicant is a client device (such as a laptop) that wishes to
attach to the LAN/WLAN - though the term 'supplicant' is also used interchangeably to
refer to the software running on the client that provides credentials to the authenticator. The
authenticator is a network device, such as an Ethernet switch or wireless access point; and
the authentication server is typically a host running software supporting the RADIUS and
EAP protocols.
The authenticator acts like a security guard to a protected network. The supplicant (i.e.,
client device) is not allowed access through the authenticator to the protected side of the
network until the supplicants identity has been validated and authorized. An analogy to
this is providing a valid visa at the airport's arrival immigration before being allowed to
enter the country. With 802.1X port-based authentication, the supplicant provides
credentials, such as user name / password or digital certificate, to the authenticator, and the
authenticator forwards the credentials to the authentication server for verification. If the
authentication server determines the credentials are valid, the supplicant (client device) is
allowed to access resources located on the protected side of the network.
Wireless LANs have gone through rapid changes with respect to their security architecture
in recent years. One view has been to incorporate WLANs under already existing VPN
umbrellas and to view them merely as an alternative access method --- thus preserving
existing VPN infrastructure. Another view has been to address the security of the airwaves
which has been demonstrated to be extremely vulnerable. The evolution of security
standardisation based upon the work of the IEEE has evolved from WEP to WPA which
introduced new key management and integrity mechanisms through to WAP2 (IEEE
802.11i) which maintains the management and integrity mechanisms of WPA but
introduces AES encryption as well as moving much of the security functionality to the
hardware. This paper traces the evolution and development of this new WLAN security
architecture.
Department of ECE,SJBIT
Page 96
Wireless Communication
10EC81
Initiation To initiate authentication the authenticator will periodically transmit EAPRequest Identity frames to a special Layer 2 address on the local network segment. The
supplicant listens on this address, and on receipt of the EAP-Request Identity frame it
responds with an EAP-Response Identity frame containing an identifier for the supplicant
such as a User ID. The authenticator then encapsulates this Identity response in a RADIUS
Access-Request packet and forwards it on to the authentication server. The supplicant may
also initiate or restart authentication by sending an EAPOL-Start frame to the authenticator,
which will then reply with an EAP-Request Identity frame.
Negotiation (Technically EAP negotiation) The authentication server sends a reply
(encapsulated in a RADIUS Access-Challenge packet) to the authenticator, containing an
EAP Request specifying the EAP Method (The type of EAP based authentication it wishes
the supplicant to perform). The authenticator encapsulates the EAP Request in an EAPOL
frame and transmits it to the supplicant. At this point the supplicant can start using the
requested EAP Method, or do an NAK ("Negative Acknowledgement") and respond with
the EAP Methods it is willing to perform.
Authentication If the authentication server and supplicant agree on an EAP Method, EAP
Requests and Responses are sent between the supplicant and the authentication server
(translated by the authenticator) until the authentication server responds with either an
EAP-Success message (encapsulated in a RADIUS Access-Accept packet), or an EAPFailure message (encapsulated in a RADIUS Access-Reject packet). If authentication is
successful, the authenticator sets the port to the "authorized" state and normal traffic is
allowed, if it is unsuccessful the port remains in the "unauthorized" state. When the
supplicant logs off, it sends an EAPOL-logoff message to the authenticator, the
authenticator then sets the port to the "unauthorized" state, once again blocking all nonEAP traffic.
Page 97
Wireless Communication
10EC81
802.11k
802.11ma
802.11n
Extensions to 802.11
802.11p
802.11r
802.11s
802.11u
802.11v
Layer 1: Overview
WLAN radio cards
WLAN access points
Ad hoc or peer-to-peer connection
WLAN radio link
Page 98
Wireless Communication
10EC81
Page 99
Wireless Communication
10EC81
have to be in visual line of sight of each other, however a quasi optical wireless path must
be viable
Bluetooth profiles
To use Bluetooth wireless technology, a device has to be able to interpret certain Bluetooth
profiles, which are definitions of possible applications and specify general behaviors that
Bluetooth enabled devices use to communicate with other Bluetooth devices. These
profiles include settings to parametrize and to control the communication from start.
Adherence to profiles saves the time for transmitting the parameters anew before the bidirectional link becomes effective. There are a wide range of Bluetooth profiles that
describe many different types of applications or use cases for devices.
A typical Bluetooth mobile phone headset.
Department of ECE,SJBIT
Page 100
Wireless Communication
10EC81
Page 101
Wireless Communication
10EC81
per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s.
Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR) and reach
2.1 Mbit/s. Technically, version 2.0 devices have a higher power consumption, but the
three times faster rate reduces the transmission times, effectively reducing power
consumption to half that of 1.x devices
ZigBee is a specification for a suite of high level communication protocols using small,
low-power digital radios based on an IEEE 802 standard for personal area networks.
ZigBee devices are often used in mesh network form to transmit data over longer distances,
passing data through intermediate devices to reach more distant ones. This allows ZigBee
networks to be formed ad-hoc, with no centralized control or high-power
transmitter/receiver able to reach all of the devices. Any ZigBee device can be tasked with
running the network.
ZigBee is targeted at applications that require a low data rate, long battery life, and secure
networking. ZigBee has a defined rate of 250 kbit/s, best suited for periodic or intermittent
data or a single signal transmission from a sensor or input device. Applications include
wireless light switches, electrical meters with in-home-displays, traffic management
systems, and other consumer and industrial equipment that requires short-range wireless
transfer of data at relatively low rates. The technology defined by the ZigBee specification
is intended to be simpler and less expensive than other WPANs,
ZigBee is a low-cost, low-power, wireless mesh network standard. The low cost allows the
technology to be widely deployed in wireless control and monitoring applications. Low
power-usage allows longer life with smaller batteries. Mesh networking provides high
reliability and more extensive range. ZigBee chip vendors typically sell integrated radios
and microcontrollers with between 60 KB and 256 KB flash memory.
ZigBee operates in the industrial, scientific and medical (ISM) radio bands; 868 MHz in
Europe, 915 MHz in the USA and Australia and 2.4 GHz in most jurisdictions worldwide.
Data transmission rates vary from 20 to 250 kilobits/second.The ZigBee network layer
natively supports both star and tree typical networks, and generic mesh networks. Every
network must have one coordinator device, tasked with its creation, the control of its
parameters and basic maintenance. Within star networks, the coordinator must be the
central node. Both trees and meshes allows the use of ZigBee routers to extend
communication at the network level.ZigBee builds upon the physical layer and medium
access control defined in IEEE standard 802.15.4 (2003 version) for low-rate WPANs. The
specification goes on to complete the standard by adding four main components: network
layer, application layer, ZigBee device objects (ZDOs) and manufacturer-defined
application objects which allow for customization and favor total integration.
Besides adding two high-level network layers to the underlying structure, the most
significant improvement is the introduction of ZDOs. These are responsible for a number
of tasks, which include keeping of device roles, management of requests to join a network,
Department of ECE,SJBIT
Page 102
Wireless Communication
10EC81
device discovery and security.ZigBee is not intended to support powerline networking but
to interface with it at least for smart metering and smart appliance purposes.
Because ZigBee nodes can go from sleep to active mode in 30 ms or less, the latency can
be low and devices can be responsive, particularly compared to Bluetooth wake-up delays,
which are typically around three seconds.[2] Because ZigBee nodes can sleep most of the
time, average power consumption can be low, resulting in long battery life.
Application profiles
The current list of application profiles either published, or in the works are:
Released specifications
o ZigBee Home Automation
o ZigBee Smart Energy 1.0
o ZigBee Telecommunication Services
o ZigBee Health Care
o ZigBee RF4CE Remote Control
o ZigBee RF4CE Input Device
o ZigBee Light Link
The ZigBee Smart Energy V2.0 specifications define an IP-based protocol to monitor,
control, inform and automate the delivery and use of energy and water. It is an
enhancement of the ZigBee Smart Energy version 1 specifications,[8] adding services for
plug-in electric vehicle (PEV) charging, installation, configuration and firmware download,
prepay services, user information and messaging, load control, demand response and
common information and application profile interfaces for wired and wireless networks. It
is being developed by partners including:
HomeGrid Forum responsible for marketing and certifying ITU-T G.hn technology
and products
HomePlug Powerline Alliance
International Society of Automotive Engineers SAE International
IPSO Alliance
SunSpec Alliance
Wi-Fi Alliance.
In 2009 the RF4CE (Radio Frequency for Consumer Electronics) Consortium and ZigBee
Alliance agreed to jointly deliver a standard for radio frequency remote controls. ZigBee
RF4CE is designed for a wide range of consumer electronics products, such as TVs and
set-top boxes. It promises many advantages over existing remote control solutions,
including richer communication and increased reliability, enhanced features and flexibility,
Department of ECE,SJBIT
Page 103
Wireless Communication
10EC81
interoperability, and no line-of-sight barrier. The ZigBee RF4CE specification lifts off
some networking weight and does not support all the mesh features, which is traded for
smaller memory configurations for lower cost devices, such as remote control of consumer
electronics.
With the introduction of second Zigbee RF4CE application profile in 2012, and increased
momentum in MSO market, Zigbee RF4CE team provided an overview on current status of
standard, applications, and future of the technology.
Configurable functionality
A number of network properties can be pre-configured. The network is initialised by the
Co-ordinator, at which time these configuration values are taken into account. These
properties determine the maximum size (in terms of the maximum number of nodes) and
shape of the network, and are as follows:
Network Depth: The depth of a device in a network is the number of nodes from the root of
the network tree (the Co-ordinator) to the device. The maximum network depth is then the
maximum number of hops from the Co-ordinator to the most distant device in the network.
This determines the overall diameter for the network. Note that a Star network has a
network depth of 1.
Number of Children: Each Router in the network can have a number of child devices
attached to it. These may be either Routers or End Devices. The Co-ordinator specifies the
maximum number of child devices allowed per Router.
Number of Child Routers: In addition to the number of children per Router, a limit is put
on how many of these children may be Routers themselves. The Co-ordinator uses the
above information during initialisation to allocate blocks of network addresses to the
branches of the network tree. In turn, the Routers use it to allocate subsets of these address
blocks to their children.
Forming a ZigBee Network: The Co-ordinator is responsible for starting a ZigBee network.
Network initialisation involves the following steps:
The Co-ordinator first searches for a suitable radio channel (usually the one which has least
activity). This search can be limited to those channels that are known to be usable - for
example, by avoiding frequencies in which it is known that a wireless LAN is operating.
Assign PAN ID
The Co-ordinator starts the network, assigning a PAN ID (Personal Area Network
identifier) to the network. The PAN ID can be pre-determined, or can be obtained
dynamically by detecting other networks operating in the same frequency channel and
Department of ECE,SJBIT
Page 104
Wireless Communication
10EC81
choosing a PAN ID that does not conflict with theirs. At this stage, the Co-ordinator also
assigns a network (short) address to itself. Usually, this is the address 0x0000.
The Co-ordinator then finishes configuring itself and starts itself in Co-ordinator mode. It is
then ready to respond to queries from other devices that wish to join the network.
Joining a ZigBee Network: Once the network has been created by the Co-ordinator, other
devices (Routers and End Devices) can join the network. Both Routers and the Coordinator have the capability to allow other nodes to join the network. The join process is
as follows:
The new node first scans the available channels to find operating networks and identifies
which one it should join. Multiple networks may operate in the same channel and are
differentiated by their PAN IDs.
Select Parent
The node may be able to see multiple Routers and a Co-ordinator from the same network,
in which case it selects which one it should connect to. Usually, this is the one with the best
signal.
The node then sends a message to the relevant Router or Co-ordinator asking to join the
network.
The Router or Co-ordinator decides whether the node is a permitted device, whether the
Router/Co-ordinator is currently allowing devices to join and whether it has address space
available. If all these criteria are satisfied, the Router/Co-ordinator will then allow the
device to join and allocate it an address. Typically, a Router or Co-ordinator can be
configured to have a time-period during which joins are allowed. The join period may be
initiated by a user action, such as pressing a button. An infinite join period can be set, so
that child nodes can join the parent node at any time.
Message Propagation: The way that a message propagates through a ZigBee network
depends on the network topology. However, in all topologies, the message usually needs to
pass through one or more intermediate nodes before reaching its final destination. The
message therefore contains two destination addresses:
Department of ECE,SJBIT
Page 105
Wireless Communication
10EC81
The way these addresses are used in message propagation depends on the network
topology, as follows:
Star Topology: All messages are routed via the Co-ordinator. Both addresses are
needed and the next hop address is that of the Co-ordinator.
Tree Topology: A message is routed up the tree until it reaches a node that can
route it back down the tree to the destination node. Both addresses are needed and
the initial next hop address is that of the parent of the sending node. The parent
node then resends the message to the next relevant node - if this is the target node
itself, the final destination address is used. The last step is then repeated and
message propagation continues in this way until the target node is reached.
Mesh Topology: In this case, the propagation path depends on whether the target
node is in range:
o If the target node is in range, only the final destination address is used.
o If the target node is not in range, the initial next hop address is that of the
first node in the route to the final destination. The message propagation
continues in this way until the target node is reached.
Route Discovery: The ZigBee stack network layer supports a route discovery facility in
which a mesh network can be requested to find the best available route to the destination,
when sending a message. Route discovery is initiated when requested by a data
transmission request.
Route Discovery Options There are three options related to route discovery for a mesh
network (the required option being indicated in the message):
Route Discovery Mechanism: The mechanism for route discovery between two End
Devices involves the following steps:
A route discovery broadcast is sent by the parent Router of the source End Device.
This broadcast contains the network address of the destination End Device.
All Routers eventually receive the broadcast, one of which is the parent of the
destination End Device.
The parent Router of the destination node sends back a reply addressed to the parent
Router of the source.
Department of ECE,SJBIT
Page 106
Wireless Communication
10EC81
As the reply travels back through the network, the hop count and a signal quality
measure for each hop are recorded. Each Router in the path can build a routing table
entry containing the best path to the destination End Device.
Eventually, each Router in the path will have a routing table entry and the route
from source to destination End Device is established. Note that the corresponding
route from destination to source is not known the route discovered is
unidirectional.
The choice of best path is usually the one with the least number of hops, although if a hop
on the most direct route has a poor signal quality (and hence a greater chance that retries
will be needed), a route with more hops may be chosen.
Device and Service Discovery: The ZigBee specification provides the facility for devices to
find out information about other nodes in a network, such as their addresses, which types of
applications are running on them, their power source and sleep behaviour. This information
is stored in descriptors on each node, and is used by the enquiring node to tailor its
behaviour to the requirements of the network. Discovery is typically used when a node is
being introduced into a user-configured network, such as a domestic security or lighting
control system. Once the device has joined the network, its integration into the network
may require the user to start the integration process by pressing a button or similar. The
first task is to find out if there are any other devices that it can talk to. For example, a
device implementing the switch conforming to the HCL profile tries to find devices
containing HCL load controllers to which it could potentially send its switch state
information (the process of associating the switch with a particular load controller is
handled by the binding process).
There are two types of discovery, Device and Service Discovery:
Device Discovery: Device Discovery involves interrogating a remote node for address
information. The retrieved information can be either:
the MAC (IEEE) address of the node with a given network address
the network address of the node with a given MAC address.
If the node being interrogated is a Router or Co-ordinator, it may optionally supply the
addresses of all the devices that are associated with it, as well as its own address. In this
way, it is possible to discover all the devices in a network by requesting this information
from the Co-ordinator and then using the list of addresses corresponding to the children of
the Co-ordinator to launch queries about their child nodes.
Service Discovery: Service discovery involves interrogating a remote node for information
about its capabilities. This information is stored in a number of descriptors on the remote
node, and includes:
Department of ECE,SJBIT
Page 107
Wireless Communication
10EC81
Requests for these descriptors are made by a device during its configuration and integration
into a ZigBee network.
Uses
ZigBee protocols are intended for embedded applications requiring low data rates and low
power consumption. The resulting network will use very small amounts of power
individual devices must have a battery life of at least two years to pass ZigBee
certification.[12]
Typical application areas include:[13]
Device types
Zigbee devices are of three types:
ZigBee Co-ordinator (ZC): The most capable device, the Co-ordinator forms the
root of the network tree and might bridge to other networks. There is exactly one
ZigBee Co-ordinator in each network since it is the device that started the network
originally (the ZigBee LightLink specification also allows operation without a
ZigBee Co-ordinator, making it more usable for over-the-shelf home products). It
stores information about the network, including acting as the Trust Center &
repository for security keys.[14][15]
ZigBee Router (ZR): As well as running an application function, a Router can act as
an intermediate router, passing on data from other devices.
ZigBee End Device (ZED): Contains just enough functionality to talk to the parent
node (either the Co-ordinator or a Router); it cannot relay data from other devices.
This relationship allows the node to be asleep a significant amount of the time
thereby giving long battery life.
Department of ECE,SJBIT
Page 108