Back to index
Overview of the GSM System and Protocol Architecture
An overview of the GSM architecture is presented; system issues, architectural issues,
protocol issues, and security issues are presented in a terse yet overly specific manner.
- Coarse structure: The GSM system uses the standard hexagonal grid N cell
reuse pattern. Elements of the architecture are the mobile station (MS) subscribers,
base-station subsystems (BSSs) that provide physical radio connectivity for a number of
cells, and mobile switching centers (MSCs) that link BSSs together and provide handoff,
call signaling and processing, and other such centralized control. MSCs are connected
by either PSTNs or other such packet-switched networks.
- HLRs and VLRs: Home location registers (HLR) are databases that keep
information specific to a subscriber, such as that subscriber's current location,
service profile, and equipment identity register (EIR). VLRs, usually collocated with a
MSC, are used to support roaming subscribers of remote HLRs. Finally, authentication
information is kept in an authentication center (AC).
- Cell phone numbering: Cell-phone numbers are split into country codes
(CCs), "national destination codes" (NDCs), and subscriber numbers (SNs).
The aggregation of these numbers is called the mobile station ISDN (MSISDN). CCs
and NDCs are used to locate the HLR for the given cell-phone, which in turn routes the
call to the cell-phones current location. Since a cell-phone may have moved, broadcast
is performed over some number of cells around the phone's last known location.
- Radio channel: FDMA is used to define two 25 MHz bands, each of which
is split into 124 200 kHz carriers. Within a carrier, 8 way TDMA is used to define 8 slots
within a frame; each slot lasts 0.577 ms.
On top of this TDMA structure is defined a multiframe structure; a multiframe consists
of 26 time frames spanning a total of 120 ms. The multiframe is used to define a
ridiculously complex array of control channels and traffic channels. SACCHs and
FACCHs (slow and fast associated control channels) are associated with a traffic
channel (TCH) and carry link control information between the mobile and the BSSs.
A number of different bit rate TCHs are defined in the standard. A second multiframe
structure (51 frames long) is also defined to derive dedicated control setup, broadcast,
synchronization, frequency control, paging, random access, and access granting control
- Handoffs: Handoffs are controlled by the MSC (if between BSSs)
or by the BSS (if within a BSS). Signal strength measurements and cell congestion
information are used by the MSC/BSS to determine when a handoff should occur.
Handoff notifications are sent to VLRs, which in turn forward them to HLRs.
- Call routing and setup: Calls to a MS are routed first to the HLR
by using the information in the MSISDN (optimizations for direct routing to VLRs
for local calls exist). The HLR then identifies the correct MSC by identifying a
temporary ID given to the mobile by the VLR; this temporary ID is used for anonymity.
The call is then forwarded to the VLR, which initiates the paging procedure, and
the MSC broadcast pages the MS via BSSs. The MS, on receiving the set-up page,
returns a confirmation to the network, which then sets up a TCH (or defers setup
to a later stage). The connection message is propagated back to the initiator, and the
connection is active.
- Protocol layers: The GSM protocol stack has a physical layer on the
bottom, on top of which is layered a LAPDm link layer. LAPDm uses no flags or
bit stuffing, and takes advantage of the frame delimitation done by the physical
layer. On the MS, a message layer consisting of three sublayers completes the GSM
stack. The three sublayers provide connectivity to BSSs, MSCs, and across MSCs;
the radio resource management sublayer (RR) terminates at the BSS and is used
to establish physical connections over the radio for call-related signaling and
traffic channels between the MS and BSS. The mobility management sublayer (MM),
on top of the RR, is terminated at the MSC and is used to establish, maintain, and
release connections between the MS and the network MSC. On top of MM lies
the connection management sublayer (CM); each CM connection instantiates its own
MM connection, although the paper does not fully describe the purpose of the CM
layer. The BSSs have a LAPDm and RR layer to talk to the MS, but use a
separate stack to communicate with MSCs. This stack consists of an MTP
layer (presumably physical and link layers between BSSs and MSCs), and
BSSAP and SCCP sublayers, which replace the RR layer on the MS. The
BSSAP and SCCP sublayers implement call, resource, and signaling management
and messaging between the BSS and MSC.
The GSM architecture is widely deployed in Europe, and is about to be deployed in
North America, in particular by Pac Bell in the bay area. The architecture is successful,
and remedies many of the deficiencies of the AMPS North American cell system,
including efficiency, quality of voice service, and security.
- Given the needless complexity of the GSM architecture and protocol stack, I
would venture a guess that the system was designed by committee. Hidden behind
a mountain of acronyms and protocol stack sublayers, however, is the familiar
HLR/VLR/BS/MSC model used in most cellular architectures; only details of
control and authentication seem to differ radically.
- This paper attempted to condense critical information about the GSM system
into 9 pages, but didn't entirely succeed. Isolated pockets of needless detail were
provided, rather than a 20-mile overview, meaning that a conceptual understanding
of the GSM architecture was difficult to glean from the paper. If extreme detail is
presented, it should be accompanied by a far-reaching implication, otherwise
it should be left out (IMHO).
- I don't think the GSM design committee exhausted the entire space of all possible 3-5
letter acronyms; they should definitely try harder next time.
Back to index