*Power ON Procedure of LTE UE: -When we power on UE, UE starts scanning, there are two types of scanning (1)

system scanning
and (2) Band Scanning. In system scanning UE scan last latched cell information such as Band, Bandwidth, PCI etc. which is stored
in a NV memory if there is no acquisition data stored then UE moves to start band scanning whatever UE will supports after scan
all the bands UE got list of Cell with RSSI energy (RSSI energy - The average power of cell including noise and interference) and
filter out the highest energy cell. For cell search and down-link synchronization UE, decode PSS & SSS signals in the central 6
Resource block of last and second last OFDMA symbol of first slot respectively. This signal transmitted at fixed time interval at
every 5ms. Then UE calculate PCI by using SSS & PSS with the help of this formula 3*SSS + PSS where SSS belongs to 0-167 & PSS
belongs to 0-2 where PCI belongs in LTE 0-503 (504). Then UE decode MIB information this is a broadcast information which is
transmitted at fixed interval at every 40ms which contain very important information of the serving cell such as SFN which is 8-bit
information, PHICH configuration which is 3-bit information, Bandwidth information which is 3-bit information, the total size of
MIB is 24-bit, 10-bit information is reserved for future use and also contains antenna port information which is scrambled with 16-
bit CRC. It comes on PBCH of physical channel at first four symbol of second slot, BCH of transport channel, BCCH of logical
channel. It does not perform re-transmission. It is using QPSK modulation scheme its payload size is 480 bits. Then UE decode SIB
information this is very mandatory requirement for UE to access the network it comes in DCI 1A on PDCCH channel which
scramble with RNTI & 24-bit CRC. It is also using QPSK modulation and coding scheme. There are several types of SIBs such as SIB1,
SIB2, SIB3 & so on.
SIB1 contains cell access information and other sib scheduling which has PLMN, TAC, Other SIB’s Info,Pmax, qRxlevmin,
qRxlevminoffset, sibs scheduling, sib’s periodicity. It is also transmitted at every fixed interval at 80MS it comes in fifth subframe
of assigned SFN.
SIB2 contains radio resource common information such as RACH configuration, PRACH parameters, common and shared of
physical channel information. {Common and shared channel info (RACH, BCCH, PCCH, PRACH, PDSCH, PUSCH, PUCCH, SOUNDING
RS, UPLINK POWER CONTROL)}, UE Timers.
SIB3 contains cell re-selection information of INTRA frequency, INTER frequency and IRAT information.
SIB4 contains cell re-selection information of INTRA frequency.
SIB5 contains cell re-selection information of INTER frequency.
SIB6 contains cell re-selection information of serving UTRA and neighboring cell frequencies.
SIB7 contains cell re-selection information of GERAN frequencies.
SIB8 contains cell re-selection information of CDMA 2000 frequencies.
SIB9 contains HOME network information,
SIB10 & SIB11 contains ETWS information.
SIB12: - Commercial Mobile Alerting System (CMAS) Information.
SIB13: - MBSFN (eMBMS) Area Configuration & MCCH Configuration
After decoding SIB1 UE met S-criteria to camp on the cell then UE decode SIB2 information to initiate RACH procedure for uplink
synchronization and to achieve the resources of RRC connection by sending RACH request to eNodeB, which has RA-RNTI, consist
of preamble and cyclic shift and then UE receive RACH response with T-CRNTI, DCI0, and TA. On the basis of TA and uplink Grant
UE send RRC connection request to the eNodeB with s-TMSI or Random value, CRNTI and establishment cause then UE receive
RRC Connection setup msg and contention resolution on the basis of s-TMSI or random value which contain CRNTI, UL-SCH (BSR
re-transmission, Mx HARQ Tx, BSR periodic), PHR Configuration, Uplink power control dedicated information, SRB to add/mod list.
Then UE send RRC connection setup complete message to the MME via eNodeB which contain PLMN, NAS dedicated information.
On the receipt of this initial context message MME starts authentication procedure, MME send authentication request to the UE
which contains AUTN TOKEN & RANDOM value then UE generate AV's and send RES to the MME in authentication response. Once
the UE and MME have authenticated each other and the same keys Kasme is shared. Then security procedure begins, In NAS
security procedure MME generate Knasint & Knasenc by using Kasme with the help of NAS security Algorithm ID. Then MME send
NAS security mode command message to the UE with Algorithm ID & NAS Message Authentication Code, this message is integrity
protected only, then UE verifies the integrity by using NAS algorithm ID and also generate NAS Security Key (Knasint & Knasenc)
from Kasme. Then it ciphers the NAS security command complete message with Knasenc and generate a NAS message
authentication code with Knasint to the ciphered message, then forwards to the MME include NAS message authentication code
which is ciphered and integrity protected both. Once the NAS security is setup, NAS signaling message between the UE and MME
are ciphered and integrity protected by the NAS security keys and then securely delivered over the radio links.
After this AS security, procedure begins; this procedure is used for secure delivery of RRC signaling messages and IP packets. The
eNodeB selects AS security Algorithm ID and uses them to create an integrity key (Krrcint) and cipher key (Krrcenc) from Kenb to
be used for RRC signaling message and a ciphering key (Kupenc) to be used in the user plane. Then eNodeB send RRC: Security
Mode Command message including the selected AS security algorithms and message authentication code for integrity to the UE.
Then UE verifies the integrity by using AS security algorithm selected by the eNodeB and uses AS security keys (Krrcint, Krrcenc &
Kupenc) then it generates a message authentication code for integrity with the integrity key and then send to eNodeB in RRC:
Security Mode Command Complete Message. After AS security is setup RRC signaling message between UE & eNB are ciphered
and integrity protected by the AS security keys and user IP packets are encrypted and then securely delivers over radio links. After
this UE receives RRC connection Reconfiguration message from the network which contains information of SRB to add mod list,
DRB to add mod list, MAC main configuration etc. Then UE send RRC connection reconfiguration message to the network. Now the
default bearer is created and Attach procedure in completed successfully.
*What SIB1&2 contain: -
SIB 1 contains the following information: -
1. Tracking Area code
2. PLMN
3. Cell selection info
4. Frequency band indicator
5. Scheduling information of SIBs
SIB 2 is the most important SIB in LTE and it contains the following information: -
1. RACH
2. Bcch, Pcch, Pusch, Pdsch, Pucch Configuration
3. Sounding RS configuration
4. UE timers
*LTE Protocol Layers: -
Non-Access Stratum (NAS) Protocols: - The Non-access stratum (NAS) is highest stratum of the control plane between UE and
MME at the radio interface.
 NAS protocols (EMM (EPS Mobility Management) and ESM (EPS Session Management)
 UE states and state transitions (LTE-idle, LTE-active, LTE-detached)
 Subscriber identities and their relations (IMEI, IMSI, GUTI, STMSI, RNTIs)
 Security and keys’ derivation
 Integrity and Encryption
 EPS Authentication and Key Agreement; Key Hierarchy
 Key distribution and mobility management
Initial NAS Messages are:

1. ATTACH REQUEST.
2. EPS Mobility Management
3. DETACH REQUEST.
4. TRACKING AREA UPDATE REQUEST.
5. SERVICE REQUEST.

RRC Layer :( Radio Resource control)

 Types of radio bearers: SRB/DRB

 RRC States: IDLE & Connected –long DRX/Short DRX

Functions of RRC Layer:

1. Broadcast of System Information related to the non-access stratum (NAS) and access stratum (AS);
2. Signaling Radio Bearer;
3. Paging;
 4. Establishment, maintenance and release of an RRC connection between the UE and E-UTRAN
5. Security functions including key management;
6. Establishment, configuration, maintenance and release of point-to-point Radio Bearers;
7. Mobility functions
8. QOS management functions;
9. UE measurement reporting and control of the reporting;
10. NAS direct message transfer to/from NAS from/to UE.

PDCP Layer :( Packet data convergence) PDCP Is Located in the Radio Protocol Stack in the UMTS/LTE/5G Air Interface on top of
the RLC Layer. PDCP Provides Its Services to the RRC and User Plane Upper Layers.

Functions of PDCP Layer :( Robust Header Compression, ARQ at Handover, Status Reporting Ciphering and Integrity Protection)

1. Header compression using Robust Header Compression (ROHC) for DRB;

2. Security functions:
A. integrity protection for SRB;
B. ciphering for SRB and DRB;
3. Maintenance of PDCP Sequence Numbers for SRB and DRB;
4. Handover support functions:
5. Status reporting for AM DRB;
6. Duplicate elimination of lower layer SDUs for AM DRB;
7. in-order delivery of upper layer PDUs for AM DRB
8. Timer-based SDU discard for SRB and DRB.

RLC Layers: - (Radio Link Control) RLC is a layer2 Radio Link Protocol used in UMTS, LTE and 5G on the air Interface.

RLC layer is specified by 3GPP in TS 25.322 for UMTS, TS 36.322 for LTE and TS 38.322 for 5G/NR.
1. Transfer of Upper Layer PDUs in one of the Three Modes (AM, UM & TM)
2. RLC architecture (Transparent Mode, Unacknowledged Mode, Acknowledged Mode)
3. Functions (segmentation / concatenation, ARQ procedures)
4. Error correction through ARQ (Only for AM data transfer)
5. RLC PDU formats (RLC user plane and control PDUs)
6. Protocol error detection and recovery
7. Re-segmentation of RLC data PDUs (AM)
8. Reordering of RLC data PDUs (UM and AM)

MAC Layers: - (Medium access control) The MAC layer is composed of a Hybrid Automatic Repeat request (HARQ) entity, a
multiplexing/DE-multiplexing entity, a logical channel prioritization entity, and a control entity.

Functions of RRC Layer: the following functions are supported by the MAC layer:
1. Connecting the upper layer with the lower layer:
2. mapping between the logical channels and the transport channels;
3. multiplexing of the MAC SDUs from one or different logical channels onto the transport blocks (TBs) to be delivered to the
PHY layer on the transport channels;
4. DE-multiplexing of the MAC SDUs of one or different logical channels from the transport blocks (TBs) delivered from the
PHY layer on the transport channels.
5. Transferring data:
6. scheduling information reporting;
7. Error correction through HARQ.

Q: -Why Padding is Required in MAC Layer: - When you don't have enough data to send in one mac TB then MAC layer will do
padding and sends to UE.
Q: -What is MAC PDU in LTE: -LTE MAC PDU is a bit string but octet aligned (i.e., multiple of 8 bits). A MAC PDU header consists of
one or more sub headers. Each sub header corresponds to either a MAC SDU, MAC control element or padding. MAC PDU header
can have these six elements R/R/E/LCID/F/L.... MAC control elements always placed before MAC SDU.
Q:-Which Layer handles DRX in LTE:-The MAC layer handles the semi-persistent scheduling (SPS) procedure and the
discontinuous reception (DRX) procedure. The SPS procedure is used to increase the cell capacity for a voice service,and the DRX
procedure is used to reduce the power consumption of the UE.

*MBMS: -Multimedia Broadcast Multi-Cast Services (MBMS) provide supports for the transmission of multimedia content such
as text, pictures, audio and video. MBMS cannot be used for mobile television services

Physical Layers: - Physical layer is used to carry upper layer information. It is interface between MAC layer i.e., layer-2 and RF
(Radio Frequency) transceiver. It lies at layer-1 of OSI stack. It uses wired or wireless medium for transport of upper layer
information’s.

Functions of Physical Layer: -

1. It converts MAC layer format in the format suitable as per medium used.
2. It adds FEC (forward error correction) functionality to enable error correction at the receiver.
3. It performs modulation and demodulation functionalities at transmitter and receiver end respectively.

*There are different MAC layer frames in LTE in the downlink (PDSCH, PDCCH, and PBCH) and in the uplink (PRACH, PUSCH, and
PUCCH). Physical layer is used to process these channels.

*Explain RACH procedure: -

Random Access Procedure: In order to be synchronized with the network, RACH procedure is used. Suppose a UE wants to access
the network, so first it will try to attach or synchronize with the network. In LTE, a separate channel PRACH (Physical Random-
Access Channel) is provided for initial access to the network.
Functions of Rach: -

1. Achieve UP link synchronization between UE and eNB.

2. Obtain the resource for Message 3(RRC Connection Request).
When RACH Process occurs?

1. Initial access from RRC_IDLE

2. RRC Connection Re-establishment procedure

3. Handover (Contention Based or Non Contetion Based)

4. DL data arrival during RRC_CONNECTED requiring random access procedure

E.g., when UL synchronization status is “non-synchronized”

5. UL data arrival during RRC_CONNECTED requiring random access procedure

E.g., when UL synchronization status is "non-synchronized" or there are no PUCCH resources for SR available.

6. For positioning purpose during RRC_CONNECTED requiring random access procedure;

E.g., when timing advance is needed for UE positioning

Types of RACH: -Contention based and Contention Free

 Contention based: The same PRACH preamble from multiple UE reaches the NW at the same time. This kind of PRACH
collision is called "Contention" and the RACH process that allows this type of "Contention" is called "Contention based"
RACH Process.
 Contention free: In this case Network will allocate these preamble signatures so that it would not collide. This kind of RACH
process is called "Contention Free" RACH procedure. To initiate the "Contention Free" RACH process.

1. UE sends Rach Request in MSG1 to eNodeB with RA-RNTI, Indication for L2/L3 Msg Size
2. eNodeB sends Rach Response in MSG2 to UE with Temp C_RNTI, TA, UL for L2/L3 Msg
3. UE sends UE Identification Message in MSG3 to eNodeB.
4. eNodeB sends Contention Resolution Message in MSG4 to UE.
Contention Resolution: -In this kind of contention-based RACH process, Network would go through additional process at later step
to resolve this contention and this process is called "Contention Resolution" step.
Contention Resolution is based upon the reception of Contention Resolution Identity MAC CE (These special MAC structure
carrying the control information is called 'MAC CE', which means 'MAC Control Element'.). In this case a new CRNTI is allocated to
the UE.

Q: -How many times RACH procedure will happen in LTE: - The answer would be 14, because UE can send the RACH in any SFN and
any slots within the frame.

*LTE Release Causes: -

  Cause #2 – IMSI unknown in HSS.
 Cause #3 – Illegal UE.
 Cause #6 – Illegal ME.
 Cause #9 – UE identity cannot be derived by the network.
 Cause #10 – Implicitly detached.
 Cause #5 – IMEI not accepted.
 Cause #7 – EPS services not allowed.
 Cause #8 – EPS services and non-EPS services not allowed.
 Cause #11 – PLMN not allowed
 Cause #12 – Tracking area not allowed
 Cause #13 – Roaming not allowed in this tracking area
 Cause #14 – EPS services not allowed in this PLMN
 Cause #15 – No Suitable cells in tracking area
 Cause #22 – Congestion
 Cause #19 – ESM Failure
 Cause #42 – Severe network failure

*eNodeB’s behavior after receiving RACH from UE:

1. Allocation of temporary RNTI (Radio Network temporary Identifier): After receiving RACH Request, eNB allocates a
temporary identity to the UE, which is made permanent after successful RACH procedure. The permanent identity is called
as CRNTI (Cell RNTI). This TC-RNTI is transmitted to the UE as part of RACH Response, which will be used for further
communication between the UE and the network.
2. Timing Advance: - After receiving RACH Request, eNB PHY (Physical layer) calculates the timing advance, which is
transmitted to the UE as part of response message.
3. As part of Rach response, absolute Timing advance value is transmitted.
4. Allocate uplink Resources (UL GRANT): - eNB will provide the required information in Random Access Response (RAR)
message for UE to send the MSG3 (RRC Connection Request).

The 64 preambles are not implicitly communicated to the UEs by the eNodeB but rather, the UE is informed about the process of
how to generate them via parameters broadcast in SIB2. These parameters are:

*RootConfigurationIndex:-In LTE, there are 838 root Zadoff-Chu sequences available for preambles. The length of each root
sequence is 839. RootConfigurationIndex, informs the UE via SIB2 which sequence is to be used.

*ZeroCorrelationZoneConfig:-One root sequence can generate several preambles by cyclic shift. One or more root sequences are
needed to generate all preambles in a cell. The UE starts with the broadcasted root index and apply cyclic shifts to generate
preambles. ZeroCorrelationZoneConfig points to a table where the cyclic shift is obtained from.

*Explain RRC states: -There are 2 RRC states defined for the UE. When a UE is Powered ON, it will be in the RRC IDLE state until the
RRC connection is established.

*A UE is in RRC_CONNECTED when an RRC connection is established.

*RRC_IDLE: The radio is inactive but IP address is assigned and tracked by the network. UE is known in EPC but not known to eNB
(LTE base station).
Major procedures defined in IDLE mode:
1. PLMN Selection: Detect PLMN of cells and identify the cell to clamp on.
2. Cell Selection and Re-selection: Performs neighboring cell measurement and do re-selection.
3. CSG cell selection and re-selection
4. Cell Reservations and Access Restrictions
5. Tracking Area Registration
6. Broadcast message reception: Acquire MIB and SIB
7. Paging: Monitors the paging channel
8. DRX reception.
*RRC CONNECTED: -The radio is active and UE is known to both EPC and eNB. Mobility is controlled by Network.
Major procedures defined in CONNECTED mode:
1. Control Plane
2. eNB context and RRC connection
3. Network can transmit and/or receive data to/from UE
4. Neighbor cell measurement
5. User Plane
6. UE can transmit and/or receive data to/from network
7. Monitors control signaling channel
8. Reports CQI and feedback information to eNB.
9. Connected Mode DRX
*Modulation Scheme Supported for Uplink and Down-link: -Orthogonal frequency division multiple-access (OFDMA) is used for
the down-link, and SC- FDMA is used for the up-link as multiple-access schemes in the LTE system. In LTE (4G) to avoid multi path
fading, we use OFDMA technique in down-link. The main drawback of OFDMA is high peek to average power ratio i.e., it drains the
battery performance so we use SCFDMA in Uplink.

*Explain ARQ & HARQ: - ARQ is used along with HARQ so that it improves the reliability of the data along with the speed of correction
of HARQ.
 ARQ stands for Automatic Repeat Request. This is the protocol used at data link layer. It uses CRC to determine
whether the packet received is correct or not.
 If the packet is received correctly receiver send ACK to the transmitter, but if the packet is received incorrectly
receiver send NACK to the transmitter.
 After receiving NACK transmitter re-transmits the same packet again.
HARQ: - The eNB will keep transmitting the same transport block using different RV values until the UE receives an error free
transport block or the total re-transmission limit occurs. In LTE the total number of HARQ processes which can be initiated at any
given time is 8. A HARQ entity and HARQ processes are maintained at both eNodeB and UE.

 The HARQ stand for Hybrid Automatic Repeat Request. HARQ=ARQ+FEC (Forward Error Correction)/Soft Combining.
 Works at PHY layer but controlled by MAC layer.
 If the received data has an error, then the Receiver buffers the data (at PHY Layer control by MAC) and requests a re-
transmission from the sender.
 When the receiver receives the re-transmitted data, it then combines it with buffered data prior to channel decoding and
error detection. This helps the performance of the re-transmissions.
 The sending entity buffers the transmitted data until an ACK is received, because if NACK is received then it has to re-
transmit the data.
 There are 8 uplink HARQ processes running on both UE and eNB with 4 processes delay. HARQ process length is same as a
sub frame (1 MS). When UE sends data to eNB, eNB decodes data and checks CRC.
 A HARQ entity and HARQ processes are maintained at both eNodeB and UE.

What is chase combining and its benefits: -Chase combining means that the physical layer applies the same puncturing pattern to
both the original transmission and each re-transmission. This results in re-transmissions which include the same set of physical
layer bits as the original transmission. The benefits of chase combining are its lower UE memory requirement and simplicity.

What is incremental redundancy: -It means that the physical layer applies different puncturing patterns to the original
transmission and re-transmissions. Thus, re-transmission includes a different set of physical layer bits to the original transmission.
The drawbacks here are increased UE memory requirement and complexity.
How LTE HARQ is different from NR HARQ: -In LTE HARQ, downlink uses asynchronous mechanism and uplink uses synchronous
mechanism. But in case of NR both downlink and uplink use Asynchronous mechanism.

What is synchronous and asynchronous HARQ: -In synchronous HARQ re-transmission for each process occur at predefined times
relative to the initial transmission, thus no need to signal HARQ process number but can be inferred from transmission timing. In
asynchronous HARQ, the re-transmissions can occur at any time and HARQ process number (HARQ ID) is sent to correctly
associate each re-transmission with the corresponding initial transmission. Synchronous HARQ reduces signaling overhead while
asynchronous HARQ increases flexibility in scheduling.

What is adaptive and non-adaptive HARQ: -The modulation, coding scheme, and frequency resource allocation may be changed at
each re-transmission in adaptive HARQ. While in non-adaptive HARQ, re-transmissions are performed either by the same previous
transmission attributes or by predefined rules. Adaptive HARQ brings more scheduling gain at the expense of signaling overhead.

*What is HARQ feedback: -The HARQ feedback channels are used to carry ACK/NACK information corresponding to downlink
transmissions. The HARQ feedback channels start at predetermined time offsets relative to the corresponding DL transmissions
and are frequency-division multiplexed with other control and data channels over an uplink subframe.

*HARQ for LTE Up-link and Down-link

 Synchronous HARQ – used in LTE Up-link transmission.

 Asynchronous HARQ – used in LTE Down-link transmission.

*CRC (Cyclic Redundancy Checksum): -CRC is a kind of Error Check technology and stands for Cyclic Redundancy Checksum.
*What is CRC failure in LTE: -Cyclic Redundancy Check (CRC) Error indicates when data is corrupted. Calculating from all data, CRC
validates packets of information sent by devices and verifies it against the data extracted, ensuring its accuracy. When sending
packets over, BACnet automatically calculates and stores a CRC value for the packet

*Explain different HANDOVER events like A1, A2, A3, A4, A5 & B1, and B2.
There are total 7events, which trigger measurement reports.
S intra –system events [A1-A5]
Z inter-system events [B1-B2]
A1:- This is triggered when serving cell becomes better than a threshold (Measserv-hyst > threshold)
A2:- This is triggered when serving cell becomes worse than a threshold (Measserv-hyst < threshold)
A3:- This is triggered when neighboring cell becomes better than the serving cell by an offset
. Offset can be +VE or –VE.
A4:- It is triggered when a neighboring cell becomes better than a threshold.
A5:- It is triggered when serving cell becomes worse than threshold-1, while a neighboring cell becomes better than threshold-2.
A6:- This is triggered when Neighbor becomes offset better than SCell. (This event is introduced in Release 10 for CA).
B1:- It is triggered when a neighboring inter-system cell becomes better than threshold.
B2:- It is triggered when serving cell becomes worse than threshold-1 while neighboring inter- system cell becomes better than
threshold-2.
*What is SRB and DRB? Explain their functions: - In LTE there are two main types of bearers, namely the SRB (Signaling Radio
Bearer) and the DRB (Dedicated Radio Bearer).
1. SRB: It is used to transfer RRC and NAS messages. In LTE there are 3 SRB. SRB0, SRB1, SRB2.
2. DRB: It is used to carry the data associated with an EPS bearer. In LTE there are 8 DRBs.
Types of SRBs: - There are 3 Types of SRBS in LTE.
 1. SRB 0: It is used to transfer RRC message which use CCCH channel. SRB0 uses transparent mode in RLC.
2. SRB 1: It is used to transfer RRC message which use DCCH channel. SRB1 uses acknowledgment mode in RLC.
3. SRB 2: It is used to transfer RRC message which use DCCH channel and encapsulates NAS message. SRB2 also uses
acknowledgment mode in RLC.

*LTE Security: -
NAS Security: The purpose of NAS security is to securely deliver NAS signaling messages between a UE and an MME in the control
plane using NAS security keys. The NAS
security keys are derived from KASME and new keys are generated every time EPS AKA is performed (every time a new K ASME is
generated). After the NAS security
setup is completed, the UE and the MME get to share a NAS encryption key (K NASenc) and a NAS integrity key (KNASint), which
are used in encryption and integrity protection, respectively, of NAS messages before transmitting.

*AS Security: The purpose of AS security is to securely deliver RRC messages between a UE and an eNB in the control plane and IP
packets in the user plane using AS security keys.
The AS security keys are derived from KeNB and new keys are generated every time a new radio link is established (that is, when
RRC state moves from idle to connected).
After the AS security setup is completed, the UE and the eNB get to share an RRC integrity key (K RRCint), RRC encryption key
(KRRCenc) and user plane encryption key (KUPenc).

Encryption and integrity protection using these keys are performed at the PDCP layer.
KRRCint and KRRCenc are used to securely deliver RRC messages in the control plane through an SRB (Signaling Radio Bearer) over
radio links.
The RRC messages are integrity protected using KRRCint and encrypted using KRRCenc at the PDCP layer before being sent.
KUPenc is used to securely deliver IP packets in the user plane through a DRB (Data Radio Bearer) over radio links.The IP packets
are encrypted using KUPenc at the PDCP layer before being sent.

*What is Integrity Key / Ciphering Key: -

Ciphering: -Ciphering, also known as encryption, ensures that intruders cannot read the data and signaling messages that the
mobile and network exchange. Ciphering can be applied to both U-Plane Data and C-Plane Data (RRC/NAS Message).
Integrity: -In cellular systems, each data (speech, user data or signaling) is numbered with a so-call sequence number, which is
regularly incremented. Integrity uses a similar process based on an integrity key that is calculated by means of a specific algorithm
and the random number RAND. The source of the message computes an authentication code with a specific algorithm, the integrity
key and a regularly incremented counter. It concatenates the authentication code to the transmitted message. The recipient
computes the authentication with the same method and the data it has in its memory and checks the received code and the
computed code are the same.
*Ciphering is needed when you want that only authorized people can ACCESS TO SEE the data. Integrity is when authorized people
can ACCESS TO MODIFY the data.

*What is LTE authentication: - LTE authentication is the process of determining whether a user is an authorized subscriber to the
network that he/she is trying to access.
*How is encryption done: - Encryption uses an algorithm to scramble, or encrypt, data and then uses a key for the receiving party
to unscramble, or decrypt, the information. The message contained in an encrypted message is referred to as plaintext. In its
encrypted, unreadable form, it is referred to as cipher text.

*RRC Connection Control: - This procedure includes the paging, establishment, modification and release of the Signaling Radio
Bearer (SRB) and the Data Radio Bearer (DRB). It also includes the activation of security mode over the LTE-Uu interface, the
procedure which consists of putting mechanisms in place to encrypt the traffic and RRC signaling flows and to control the integrity
of the RRC signaling flows.
*What is SRVCC [Single Radio Voice Call Continuity]: - The SRVCC is a handover process of a voice call previously started in the
LTE (VoLTE call) to the legacy network for call continuity.
 It is a call transfer method (handover), when an LTE user has an active voice session in IMS and is moving to areas without
LTE coverage, but with legacy 2G/3G coverage.
 The main advantage is that the call will not drop and will only be transferred to the CS domain of the legacy networks.
 If in the above case the UE moves out of LTE coverage area with an active call (but goes to a legacy 2G/3G coverage), the
continuity of this active voice call must be maintained. In this case, the SRVCC is used; the procedure where the context of
an active voice calls on the IMS is transferred to the CS legacy network.
 If the SRVCC is not supported, the call is dropped as soon as it leaves the LTE coverage area.
 If the SRVCC is supported, a set of messages are exchanged, and the voice call is transferred (handover) from LTE IMS to CS
domain.

There are two versions of SRVCC:

 SRVCC handover to GSM or UMTS, defined by 3GPP;
 SRVCC Handover to 1xRTT networks defined by the 3GPP2.
 To allow SRVCC both the UE and LTE networks, as also the legacy, must support SRVCC. For this, a new special SV interface is
introduced between the MME and the MSC, which runs on GTPv2 protocol.
 To support SRVCC, the IMS network should also include an application server, called SCC AS (Server Centralization and
Continuity Application Server).
 This application server manages the signaling required for the SRVCC process.
SRVCC Procedure: -
 Realizing that its LTE signal level begins to decrease, the UE with an active IMS voice session signals it to the eNodeB,
initiating the SRVCC handover.
 The eNodeB then identifies the best available network to receive the service, and sends the handover request (specifying
that it is the SRVCC type) to the MME.
 The new voice call request is then sent to the IMS, using a SR STN (Session Transfer Number for SRVCC) - a unique number
that is generated by each UE, and is stored in HSS.
 This unique number is sent by the MME to the HSS when the UE first comes into contact with the network.
 Upon receiving the STN SR number, the SCC AS believes that the corresponding call should be transferred to a different
network, and starts the redirecting process for the transfer point (handover) to the legacy network.
 After resource preparation is completed, the MME confirms the handover request, previously provided by the eNodeB.
 The eNodeB then transmits this acknowledgment to the UE, while still providing the required information about the target
network.
 In the final stages, the UE is detected in legacy networks, and the call is re-established in it.
 This is the completion of the SRVCC handover.
 Voice packets and packets that are not voice can be transferred using this method, but the data rates will be limited by the
capabilities of the legacy networks.
CSFB & SRVCC cannot be compared because CSFB is a service handover procedure while SRVCC is a coverage handover Procedure.
I am still trying to convey Benefits which VoLTE+SRVCC Option brings to us as compared to CSFB: -

1. Call setup time: When operators use CSFB, one of the biggest problems faced (and one of the major disadvantages of
CSFB) is the increase in call setup time due to retuning procedures in 2G/3G radios. On Other Hand VoLTE provider faster
call setup time
2. Call quality: call quality in VoLTE is better due to specific QoS allocated to the call IMS, which is not there in 3G serving
users with CSFB
3. Resource benefits for Volte: Codec used in VoLTE requires much less resources and data rate than CSFB working on 3G or
2G

*CSFB in LTE: -Circuit Switched Fallback (CSFB), with the help of a global system for mobile communication (GSM) or another circuit-
switched network, delivers voice and SMS services to LTE devices. The necessity for a Circuit Switch Fallback for the packet-based all-
IP network, LTE, which cannot support circuit-switched calls. For instance, when an LTE network is not available to make or receive
either a call or SMS message, the device "falls back" to a more accessible 3G or 2G network to finish the call or to send the SMS
message. CSFB is often viewed as a temporary solution.
To Make a Voice Call there are mainly two solutions :-( 1) CSFB (2) IMS BASED VOLTE CALL.
*There are Pre-Conditions for CSFB: -
 Where UE is in LTE RAT it should be registered with MSC
 UE is not directly connected to MSC.
 MME is connected to MSC via SGS Interface.
CSFB Procedure:-

*CSFB Call Flow: -

Overview of CSFB: -
1. The UE connects to the LTE network by performing a random-access Procedure
2. The UE registers with the network with an attach type of Combined EPS/IMSI attach. The UE gets registered in the 4G LTE
and the 3G networks.
3. The MME keeps the 3G network updated with the UE position. This information is needed for handling pagingfrom the 3G
to the LTE network.
4. When the mobile user wishes to initiate a voice call, the UE De-Register from the LTE network and registers with the 3G
Network
5. The UE sets up the voice call.
6. When the voice call ends, the UE DE-registers from the 3G network and registers with the 4G network.
IN TERMS OF ENODEB, MME AND EPS: -

IDLE MODE CSFB: -

*Connected Mode CSFB: -

*Some possible reasons of CSFB 4G-3G failures as:
 eNB setting did not enable CSFB service correctly
 eNB not configure neighboring UMTS frequency for voice
 Lack of license RRC connected users at eNB
 3G cell coverage is week, UE cannot search for UMTS network
 Neighboring 3G cells configured highest priority not have strongest signal quality.
 CSFB service request while UE is doing PS handover in LTE
 MME configure mapping TAC (4G) - LAC (3G) incorrectly
 Some terminal incompatibility issues
 RAN issues, transmission issues.
*Parameters for Throughput Checking (Throughput Analysis): -
1. Bandwidth.
2. RF Condition: -RSRP, RSRQ
3. Channel Quality: -SNR, CQI, MCS, RI, BLER.
4. Duplexing Mod: - FDD OR TDD
5. MIMO-2*2, 4*4
6. Modulation: -QPSK, 16QAM, 64QAM, 256QAM.
7. Transmission Mode: -TM2, TM3, TM4
*MCS: -MCS (Modulation and Coding Scheme) defines how many useful bits can be transmitted per Resource Element (RE). MCS
depends on radio link quality. The better quality the higher MCS and the more useful data can be transmitted.
*Throughput Issue Debugging: -
1. It depends on which MCS is allocated and number of RBs assigned based on MCS:
 At High MCS index value (Range: 0 to 31), Modulation order will increase (Range: 2, 4, 6, 8), size of Transport block also will
increase.
2. What is allocated MCS against to the CQI
  CQI: 1 to 6 (QPSK)
 CQI: 7 to 9 (16 QPSK)
 CQI: 10-15 (64 QPSK) for before Rel12.
If CQI value in between 10-15, the allocated MCS is 64 QPSK. Obviously will get good Throughput.
3. Padding in the MAC PDU.
 Padding indicates that network doesn’t have any data to send.
4. Check RLC and PDCP Layer Re-transmission.
 Check for BSR (BUFFER STATUS REPORT), Index and allocated Transport Block size.
 BSR Range: 0 to 63
 BSR: 0 -> No data
 BSR: 63 -> Have high Buffer Data.
 BSR is a kind of MAC CE from UE to Network carrying the information on how much data is in UE buffer to be sent out.
5. Check RLF, RACH, Out of Sync Indications.
6. Check PHR is insufficient.
7. Check Re-transmissions are discarded or not.
-> Initial BLER: When the eNB sends data to the UE and UE is unable to decode it, and then it will send a HARQ NACK to the eNB.
A NACK means that the eNB will have to re-transmit the data and this NACK is considered IBLER or Initial Block Error.
-> Residual BLER: If the UE is unable to decode the data even after re-transmission, the UE will send another NACK and the eNB
will have to re-transmit again. However, there is a limit to these re-transmissions and usually they are configurable. Commonly,
these re-transmissions are set to 4 and after 4 re-transmissions, the eNB will not re-transmit at HARQ level and consider this as a
Residual Block Error.
-> High BLER will effect on MCS and as well as low Throughput's.
8. Check DL BLER and UL BLER (It should be <10%).
9. Check Continuously DL Grants are coming or not from PHY Layer.
10. Check Link Balance: UE is sending RLC ACK, but because of poor RF conditions not allowing ENB to receive.
*SR (Scheduling request) is use to notify the eNB that there is data to transmit at the UE RLC/PDCP. So eNB grant some
minimum resources to UE. With these resources UE start transmitting UL data, where MAC header consists of MAC CE, indicating
BSR. By reading BSR then eNB keep giving grant to UE as long as there is BSR.
*PHR (Power Headroom report): PHR is a type of MAC CE (MAC Control Element) that report the headroom between the current
UE TX power (estimated power) and the nominal power. eNodeB (Network) use this report value to estimate how much uplink
bandwidth a UE can use for a specific sub-frame. Since the more resource block the UE is using, the higher UE Tx power gets, but
the UE TX power should not exceed the max power defined in the specification. So, UE cannot use much resource block
(bandwidth) if it does not have enough power headroom.
*The cyclic prefix acts as a buffer region or guard interval to protect the OFDM signals from inter symbol interference.
*UCI stands for Uplink Control Information. It is carried by PUCCH or PUSCH. (PUCCH-when there is no user data to be
transmitted, PUSCH-When carrying user data).
The Information Carried by UCI is
1. SR (Scheduling request)
2. HARQ ACK/NACK
3. CQI (Channel Quality Indicator)
4. PMI (Precoding Matrix Indicator): - The precoding matrix determines how the individual data streams are mapped to the
antennas. They are applicable to closed loop transmission modes
5. RI (Rank Indicator)
*TTI Bundling in LTE: - TTI (Transmission time interval) Bundling is an LTE feature, which improves cell edge uplink coverage, and it
is used for services like VoLTE. In TTI Bundling mechanism, UE sends same data with different redundancy versions (PUSCH) in
multiple consecutive sub-frames and gets only one ACK/NACK for the entire bundle.
TTI bundling: The Transmission Time Interval (TTI) is the time unit for the eNodeB to schedule UL and DL data transmissions.

*Back-off Indicator: - Back-off Indicator is a special MAC sub header that carries the parameter indicating the time delay between
a PRACH and the next PRACH.
*What is redundancy version: -The redundancy version tells the UE, about amount of redundancy added into the code word
while turbo encoding. There can be 4 different redundancy versions in LTE corresponding to new transmission, 1st, 2nd or 3rd re-
transmission. Number of bits = 2.
*LCID: -LCID is one of the most important components of a MAC header. It tells the characteristics or the destination of the MAC
data. For example, it tells whether the MAC data is for control signal or user data or signaling message etc. For the details, refer to
MAC PDU Structure for SCH.

*CFI: -In LTE, the Control Format Indicator (CFI) value defines the time span, in OFDM symbols, of the Physical Downlink Control
Channel (PDCCH) transmission for a particular downlink sub frame. The CFI is transmitted using the Physical Control Format
Indicator Channel (PCFICH).

CFI is an indicator telling how many OFDM symbols are used for carrying control channel (e.g., PDCCH and PHICH) at each sub
frame.

If CFI is set to be 1 for a sub frame, it means one symbol (the first symbol) at the subframe is used for PDCCH allocation. If CFI is 2, it
means two symbols (the first and the second symbol) are used for PDCCH. If CFI is 3, it means three symbols (the first, second and
third symbol) are used for PDCCH.

*ECI

 E-UTRAN Cell Identifier (ECI). Used to identify a cell uniquely within a Public Land. Mobile Network (PLMN). The ECI has a
length of 28 bits and contains the eNodeB-Identifier (eNB-ID). ...
 In short, it is used to identify a cell within a PLMN.
 ECI = eNodeB-ID + Cell-ID.

*What is use of NV Browser in QXDM: -

 NV browser is mainly used to change the device parameter values in 2G, 3G, 4G,
 It also shows the technology which currently used by UE,
 It also shows the preferred network type of UE.
*What MIB Contains: - MASTER INFORMATION BLOCK (MIB) is the broadcast information transmitted by eNodeB at periodically.
(MIB DIRECTION: - BCCH->BCH->PBCH CHANNELS)
 MIB is transmitted at fixed interval at every 40ms and periodicity time is 10ms.
 Total size of MIB is 24 bits; 10-bit information is reserved for future use.
 MIB Released in 3GPP Release 8.
MIB contains the following information: -
1. Bandwidth-3 Bits
2. System frame number-8 Bits
3. PHICH-3 Bits (PHICH is a control channel on LTE down-link, that is used to indicate the reception of PUSCH transmission
from a mobile/UE. The PHICH indicates either an ACK or a NACK, which the UE will decode to find out if it has to do a re-
transmission or not.)
*Handover in LTE: -When a UE moves from one cell to other cell or signal strength of serving cell is less than the neighboring cell
LTE performs handover; similarly, there are few more conditions for handover. LTE does not support soft handover; it supports
only hard handover.
There are few more types of handovers:
1. Inter-frequency handover
2. Intra-frequency handover
3. IRAT Handover
4. X2 handover (The X2 procedure is used to handover a UE from a source (H)eNB to a target (H)eNB for which the
MME and SGW is unchanged)
*Difference between handover, cell selection, cell re-selection & redirection.
Handover occurs when UE is in RRC connected mode & remains in connected mode after handover.
*Cell selection: It happens during initial acquisition process using SSS & PSS.
*Cell re-selection: It happens when an UE is in RRC idle mode & moves in a coverage area of poor signal strength. The RRC after cell
re-selection is in idle state. (2) If the UE Finds a better cell UE re-selects it and camp on it.
Cell Re-selection is a kind of mechanism to change cell after UE is camped on a cell and stay in IDLE mode.
*Barred cell: -Barred cell is a cell on which a UE is not allowed to camp on. A cell is barred if it is so indicated in the system
information.
*Attach request: - Attach request is a NAS message, which triggers RRC connection request. It has GUTI, attach type, tracking area
ID & PDN connectivity request.
*Authentication request: - It has authentication parameters like AUTN & RAND.
*Authentication response- Authentication response is an NAS EMM level message which response from UE.
*UE capability inquiry: - Through this message network inquires about UE capability, supported bands of different RAT, feature
group indicator (FGI) and Supported DRB.
UECapabilityEnquiry:

 Signaling radio bearer: SRB1

 RLC-SAP: AM
 Logical channel: DCCH
 Direction: E-UTRAN to UE

*UE capability Information: - It responds to capability enquiry message with information about different RAT (Radio Access
Technology) & related information.
UECapabilityInformation

 Signaling radio bearer: SRB1

 RLC-SAP: AM
 Logical channel: DCCH
 Direction: UE to E-UTRAN

*Security mode command (RRC): - This message contains RRC level security mode command.
*Security mode complete (RRC): - This message has response to the security mode command message.
*What is the purpose in RRC connection request? The purpose of RRC connection request in LTE a UE want to attach to network or
required radio resources so UE send RRC connection request message to eNB.

*What is RRC connection setup: - The RRC CONNECTION SETUP message is used to establish SRB1. It contains configuration
information for SRB1. This allows subsequent signaling to use the DCCH logical channel. The configuration for SRB1 can be a specific
configuration or the default configuration.
The RRC CONNECTION SETUP message may also contain configuration for PUSCH, PUCCH, PDSCH channels and information
regarding uplink power control, CQI reporting, the SRS, antenna configuration and scheduling requests.

*RRC CONNECTION SETUP COMPLETE: The RRC CONNECTION SETUP COMPLETE message is used to confirm the successful
completion of an RRC connection establishment

*RRC connection reconfiguration: - RRC CONNECTION RECONFIGURATION message is the command to modify an RRC
connection. The purpose of this procedure is
 To perform Handover.
  To Setup/modify/release Measurements
 To establish/modify/release Radio Bearers.
 To add/modify/release Scells.
 Dedicated NAS Information might also be transferred from eNodeB to UE.
*RRC connection reconfiguration complete: - The RRC CONNECTION RECONFIGURATION COMPLETE message is used to confirm
the successful completion of an RRC CONNECTION RECONFIGURATION.

*Attach complete: - It contains “activate default EPS bearer accept” message.

*What is RRC connection reestablishment: - The purpose of RRC CONNECTION RE-ESTABLISHMENT procedure is to re-establish
the RRC connection, which involves the resumption of SRB1 operation and the re-activation of security (without changing
algorithms).
*What is difference between RRC Connection Reconfiguration and RRC re-establishment: - RRC CONNECTION
RECONFIGURATION message is the command to modify an RRC connection. While the purpose of RRC CONNECTION RE-
ESTABLISHMENT procedure is to re-establish the RRC connection, which involves the resumption of SRB1 operation and the re-
activation of security (without changing algorithms).
*Cell redirection: When UE changes its RAT, cell redirection happens. In redirection, UE goes from connected state to idle state.
*Reserved Cell:-Reserved cell is a cell on which camping is not allowed for all UEs, except for particular UEs, if so, indicated in the
system information.

1. If the cell is, barred UE cannot camp on that cell.

2. If the cell is not barred & not reserved for operator use then UE can camp on that cell easily.
3. If the cell is not barred & reserved for operator use then, only those UE belonging to access class identifier 11 & 15 can
camp on that cell.

*What is Cell Re-selection: -

 UE in IDLE mode wakes up at the end of every DRX cycle to measure the signal of its Serving cell (Qrxlevmeas) and
calculate received signal strength (SrxLev) and received signal Quality (Squal) to decide whether it should stay or move to
another cell.
 If SrxLev is greater than specified threshold value, the UE stays in current serving cell, and if not, it triggers a "CELL RE
SELECTION “procedure. (The threshold value is specified through SIB 3).
*There are 2 methods for selection of a cell:
1. Cell Ranking. (For Intra-Freq cell re-selection & Inter- Freq cell re-selection with same cell priorities)
2. Priority based
*Following are the scenarios of "CELL RE-SELECTION":
1. LTE to LTE Intra Frequency Cell Re-selection: - If SrxLev > S-IntraSearchP [SIB 3] or Squal > S-IntraSearchQ [SIB 3]. {Received
signal quality}
Then UE may not perform Intra-frequency measurements.If the serving cell's evaluation result does NOT meet above criteria, UE
perform intra frequency measurement.
If neither of s-IntraSearchP nor s-IntraSearchQ is specified, UE applies the default value (s-IntraSearchP = Infinity, s-IntraSearchQ =
0). It implies that if neither of s-IntraSearchP and s-IntraSearchQ are specified, UE always perform intra frequency measurement.
In IntraFrequency cell re-selection, among the neighboring cells with SrxLev greater than threshold, the cell with the Highest
SrxLev is selected by means of "Cell Ranking" method.
2. LTE to LTE Non-Intra Frequency Cell Reselection: -If SrxLev > S-NonIntraSearchP [SIB 3] or Squal > S-NonIntraSearchQ [SIB 3].
Then UE may not perform non-Intra-frequency measurements.

If the serving cell's evaluation result does not meet above criteria, UE perform non-intra frequency measurement.
If neither of s-NonIntraSearchP nor s-NonIntraSearchQ is specified, UE applies the default value (s-NonIntraSearchP = Infinity, s-
NonIntraSearchQ = 0). It implies that if neither of s-NonIntraSearchP and s-NonIntraSearchQ are specified, UE always perform non-
intra frequency measurement.

In NonIntraFrequency cell reselection, among the neighboring cells with SrxLev greater than threshold, the cell with the Highest
SrxLev is selected by means of "Cell Ranking" method only when priorities of both serving and target cell is same.and if incase of
different priorities then Priority based method is used for Reselection.

3. WCDMA to LTE Cell Re-selection: -UE must measure the LTE frequencies and detect the available LTE cell in order to perform
cell re-selection to LTE.
UE measures two physical properties called for WCDMA signal. One is CPICH RSCP and CPICH EcNo. RSCP determines SrxLev and
EcNo determines Squal.
Srxlev = Qrxlevemeas - qRxLevMin. Qrxlevemeas is RSCP level measured by UE and qRxLevMin is the value specified in SIB.
Squal = Qqualmeas - qQualMin. Qqualmeas is EcNo level measured by UE and qQualMin is the value specified in SIB.
In following condition, detection measurements of lower priority LTE frequency is not required.
Srxlev > s-PrioritySearch1 (SIB 19 of WCDMA) Squal > s-PrioritySearch2 (SIB 19 of WCDMA).
In following condition, UE should detect for both lower and higher priority LTE frequencies.
Srxlev <= s-PrioritySearch1 (SIB 19 of WCDMA) Squal <= s-PrioritySearch2 (SIB 19 of WCDMA
High Priority WCDMA cell to Low priority LTE cell: If SrxLev< s-PrioritySearch1 and Squal <s-PrioritySearch2 then measurements of
Low Priority LTE freqs are done.
And the re-selection is performed when: SrxLev (serving cell) < threshServingLow{threshServingLow is serving cell threshold when
performing high priority to low priority cell re-selection} and SrxLev (Target cell) > threshXLow P{threshXLowP is target cell
threshold when performing high priority to low priority cell re-selection}
Low Priority WCDMA cell to High Priority LTE cell:If LTE frequency is of higher priority, measurements are always performed and
at a time 4 LTE frequencies can be measured.
And the reselection is performed when:SrxLev(serving cell) < threshServingHigh{threshServingHigh is serving cell threshold when
performing low priority to high priority cell re-selection}and SrxLev (Target cell) > threshXHighP {threshXHighP is target cell
threshold when performing low priority to high priority cell reselection}
4. LTE to WCDMA Cell Re-selection: -
High Priority LTE to Low Priority WCDMA Cell: When LTE cell has higher priority than WCDMA, it would stay in LTE cell but it
performs measurement for the low priority WCDMA if UE is under the following condition:
Srxlev of the serving cell < sNonIntraSearchP (SIB3) where Srxlev = Qrxlevmeas - qRxLevMin (SIB1) where Qrxlevemeas =
measured RSRP level, qRxLevMin = minimum RSRP level for camping.If UE in LTE cell is under the following condition with the
duration longer than tReselectionUtra (SIB6) it should reselect to WCDMA cell.
Srxlev ofLTE cell (serving cell) < threshServingLow (SIB3) where Srxlev = Qrxlevmeas - qRxLevMin (SIB1) where Qrxlevemeas =
measured RSCP level, qRxLevMin =Minimum RSCP level for camping
Low Priority LTE to High Priority WCDMA Cell: When LTE cell has lower priority than WCDMA. The UE always have to perform
measurements on WCDMA cell. How often UE has to measure for WCDMA depends on condition: Srxlev of the serving cell <
sNonIntraSearchP (SIB3)
If no parameter is set (meaning in default condition), detection of WCDMA cell should be performed at least every 60 seconds. If
UE in LTE cell is under the following condition with the duration longer than tReselectionUtra (SIB6), it should reselect to WCDMA
cell. Srxlev of WCDMA cell > threshXHighP (SIB6), where Srxlev = Qrxlevmeas - qRxLevMin (SIB1), Where Qrxlevemeas = measured
RSCP level, qRxLevMin =Minimum RSCP level for camping

*Difference between X2 and S1 Handover: -

*X2 Handover: HO occurs when source and target eNBs are served within the same MME pool. The procedures relies on the
presence of X2 interface between Source and Target eNB, which is summarized as follows,
1. Source eNB makes HO decision and setup a direct tunnel i.e X2 transport bearer between Source and target eNB.
2. Detach UE from Source eNB and Forward traffic from source eNB to Target.
3. Path switch procedure between Target eNB and MME
4. Releases S1 bearer of source eNB
5. Release X2 transport bearer for direct packet forwarding.

*S1 Hand Over: S1 handover is when if two eNodeBs are not connected with same MME or the X2 interfaces are not defined
between eNB or when X2 procedure fails (due to unreachability/Error response etc). Summary of S1-HO is as follows,
1. Source eNB makes HO decision and setup an indirect tunnel i.e., S1 bearer between Source eNB and SGW, and target eNB
and SGW.
2. S1 bearer for UL setup between target and source eNB
3. Detach UE from Source eNB and indirect packet forwarding
4. No need for the Path switch procedure between Target eNB and MME, as MME is aware of HO
5. Releases S1 bearer of source eNB
6. Release S1 transport bearer for indirect packet forwarding.
If the two eNodeBs are connected with same MME, it is preferred to perform X2 based handover but there is no restriction in
using S1 based handover even in this case. If two eNodeBs are not connected with same MME, you have to perform S1 based
handover even in this case.
X2 handover is faster as compared to S1. X2 handover is defined only for intra LTE handover while S1 handover can be used for
intra LTE inter RAT."

X2 interface:
Interconnecting eNBs with each other to support the exchange of signaling information of users

X2 interface support some functions as follows:

✔️System mobility support which allows the eNB to handover the control of particular UE to another eNB based on various factors
such as (signal strength, measurement events)
✔️Load balancing, error indication, inter cell interference coordination

S1 interface:
This interface is a logical interface between eNdB and EPC
▪️Connecting eNdB with MME by S1-C/MM to facilitate signaling messages
▪️Connecting eNbB with S-GW by S1-U to transfer user data

There are some functions of S1 interface:

✔️Establishment, maintenance and release E-UTRAN radio access bearer
✔️Perform Intra-LTE and Inter-RAT handover
Transfer of NAS signaling messages between UE and eNB
✔️Security functions such as data confidentiality and integrity
✔️Paging and roaming functions, UE tracking, location reporting functions, delivery of warning messages to UE
*LTE handover fails: There are parts in LTE handover:

1- Handover Preparation
2- Handover Execution

1. Handover Preparation fails: -If HO preparation fails 100%, MME pool different in source and target
Target cell is overload
Target cell unavailable
TAC not defined on site
License/software issue

2-Handover execution fails

PCI conflict
Target exceeds cell range
Target is sleeping cell
Target having high uplink interference
Poor RF condition
Alarms on Target cell
*Draw resource block in frequency and time domain and explain.
FDD Frame Structure: -
 1. Time duration for one frame is 10 MS.
2. Number of sub-frames in one frame is 10.
3. Number of time slots in one frame is 2 and each time slot is called as resource block.
4. Each resource block consists of 12 sub-carrier with 180 kHz and 7 resource elements so total 12*7=84
5. The duration of each sub-frame is 1 ms.
6. Each sub-frame is further divided into two equally sized time slots, that is, each slot is 0.5 ms.

*How LTE UE determines whether LTE Network supports TDD\FDD LTE configuration: - Typically the LTE UE will either support
FDD or TDD mode only. The position, where PSS & SSS signals are transmitted, is different for FDD and TDD mode. During cell
search, the LTE UE has to locate & receive these signals. This is how the LTE UE knows whether the LTE cell is TDD or FDD cell.

After detection of location of SSS with respect to PSS, UE distinguish about FDD and TDD.
In FDD mode, the PSS is transmitted in the last symbol of slots 0 and 10, while the SSS is sent one symbol earlier.
In TDD mode, the PSS is transmitted in the third symbol of slots 2 and 12, while the SSS is sent three symbols earlier. Thus, if SSS
and PSS are adjacent to each other then it is FDD and if there are two more symbols between SSS and PSS then it is TDD.
*What does GUTI Consist of: -GUTI comprised of two main components, Globally Unique Mobility Management Entity Identifier
(GUMMEI) and Mobile Temporary Mobile Subscriber Identity (M-TMSI). The first part uniquely identifies an MME and the second
part identifies a user. The GUTI is assigned to the device by the MME.

*LTE Architecture-An LTE network consists of LTE entities (UE and eNB) and EPC entities (S-GW, P-GW, MME, HSS, PCRF, SPR, OCS and
OFCS). A PDN is an internal or external IP domain of the operator that a UE wants to communicate with, and provides the UE with
services such as the Internet or IP Multimedia Subsystem (IMS).

*LTE Entities

* UE:- A User Equipment connects to an eNB over the LTE-Uu interface.

*eNodeB:- An eNB provides users with the radio interfaces and Performs Radio Resource Management (RRM) functions such as
dynamic resource allocation (scheduler), eNB measurement configuration and provision, radio admission control, connection
mobility and Radio Bearer (RB) control and inter-cell interference Coordination (ICIC).
It performs many functions including radio resource management, admission control, scheduling, enforcement of negotiated UL
QOS, cell information broadcast, ciphering/deciphering of user and control plane data, and compression/decompression of DL/UL
user plane packet headers.
*The eNodeB performs the following functions in LTE:
 Radio Resource Management, Radio Bearer Control, Radio Admission Control,
 Connection Mobility Control, Dynamic allocation of resources to LTE UEs in both Uplink and Down-link (scheduling)
 IP header compression and encryption of user data stream
 Selection of MME at LTE UE attachment
 Routing User Plane data to LTE SAE Gateway
 Scheduling and transmission of paging messages (originated from the MME)
 Scheduling and transmission of broadcast information (originated from the MME or Operations, Administration and
Maintenance (OAM)
 Measurement and measurement reporting configuration for mobility and scheduling in LTE
* EPC Entities: -
*MME (Mobility Management Entity): An MME is the main Control Entity for the E-UTRAN. It communicates with an
HSS for user authentica tion and user Profile Download, and provides UEs with EPS Mobility Management {EMM) and
EPS Session Management {ESM) functions using NAS Signaling. The Main Function supported by a MME are as follows:
  NAS Signaling {EMM, ESM and NAS Security)
 User Authentication and Roaming with HSS over the S6a Interface.
 Mobility management (Paging, Tracking Area List {TAI} management and Handover management)
 EPS bearer management
 It is responsible for idle mode UE tracking and paging procedures including re-transmissions.
*S-GW:-Serving Gateway an S-GW terminates the interface towards an E-UTRAN. It serves as the local mobility anchor point of
data connections for inter-eNB handover and inter-3GPP handover. Following are the functions of SGW (Serving Gateway):
 One or more SGWs will serve given group of eNBs for user plane data.
 Single UE is served by one S-GW at any time.
 It receives instructions from MME to set up and tear down sessions for particular UE.
 It acts as interface module for signaling between PGW and MME.
 It takes care of user IP packets between P-GW and eNB.
 SGW functions as IP router with GTP support and charging functionality.
* PGW (Packet Data Network Gateway): A P-GW Provides a UE access to a PDN by Assigning an IP address from the
address space of the PDN. The P-GW serves as the mobility anchor point for handover between 3GPP and non- 3GPP.It also
Performs policy enforcement, packet filtering and charging based on the PCC rules provided by a PCRF. The Main Functions
Supported by a P-GW are as follows:

 IP Routing and Forwarding

 Per-SDF/Per-User based packet filtering
 UE IP address allocation
 Mobility Anchoring between 3GPP and non-3GPP
 PCEF (PCEF stands for Policy and Charging Enforcement Function.) Functions
 Charging per-SDF/per-User

*HSS: -Home Subscriber Server an HSS is the central Data Base where user Profiles are stored. It provides user authentication
information and user profiles to the MME.
 The HSS provides user profile information to the MME and IMS core during UE attach and IMS registration.
*PCRF: - A Policy and Charging Rules Function is the policy and charging control entity. It makes policy decisions for SDFs and
provides the PCC rules (QoS and charging rules) to the PCEF {P-GW).
*SPR: - A Subscriber Profile Repository provides subscription information (access profile per subscriber) to the PCRF. Receiving
the information, the PCRF performs subscriber-based policy and creates PCC rules.
* OCS: -An Online charging System provides (1) real-time credit control and (2) charging functions based on volume, time and
event.

The OCF decides about usage of resources based on Rating Function (RF) and Account Balance Management Function (ABMF).

*OFCS: -an Offline Charging System Provides CDR(Charging Data Function) based charging information.

*LTE Interfaces: -

LTE-Uu E-UTRA(control plane An interface for the control and user planes between a UE and an E-UTRAN (eNB). The
and user plane) signaling connection over the LTE-Uu is the RRC connections represented by Signaling
Radio Bearers (SRBs), and the user plane connection is the logical channels
represented by Data Radio Bearers (DRBs).

X2 X2-AP (control plane) An interface for the control and user planes between two eNBs. It is used during X2
GTP-U (user plane) handover and/or for Self Organizing Network (SON)-related function. X2-AP Protocol is
used in the control plane and a GTP-U tunnel per bearer is provided for data forwarding
in the user plane.
 S1-U GTP-U An interface for the user plane between an E-UTRAN (eNB) and an S-GW. It provides a
GTP tunnel per bearer.

S1-MME S1-AP An interface for the control Plane between an E-UTRAN (eNB) and an MME.

S5/S8 This is the interface between the S-GW and P-GW. In principle S5 and S8 is the same
interface, the difference being that S8 is used when roaming between different
operators while S5 is network internal. The S5/S8 interface is used within the Evolved
Packet Core (EPC) for LTE.

S8 The S8 interface is the roaming variant of S5 and is used in roaming scenarios with
the S-GW in the visited network and the P-GW in the home Network.

S9 It provides transfer of (QoS) policy and charging control information between the
Home PCRF and the Visited PCRF

S4 Interface between SGSN and serving gateway. It provides user plane support for
mobility support between GPRS core and the serving gateway.

S11 GTP-C An Interface for the control p lane between an MME and an S-GW. It provides a GTP
tunnel per user.

S5 GTP-C (control plane) An interface defined between an S-G W and a P-G W for the control plane and user
GTP-U (user plane) plane. The S5 interface Provides a GTP tunnel per bearer for the user p lane and GTP
tunnel management (creation, modification and deletion) per user for the control
Plane

S6a Diameter An interface for the control Plane between an HSS and an MME. It. Exchanges user
subscription and authentication information.

Sp Diameter An interface for the control plane between an SPR and a PCRF.

An interface for the control p lane between a PCRF and a P-G W. It transfers policy
control and Charging rules and the PCRF to the P-GW to support QoS policy and
Gx Diameter
charging control.

Gy Diameter An interface for the control plane between an OCS and a P-GW.

Gz GTP' An interface for the control plane between an OFCS and a P-GW.

SGi IP An Interface for the control and user Planes between a P-GW and a PDN.

SV Sv interface is between the MME and MSC or between SGSN and MSC. The network
can support SRVCC, only if there is a Sv interface.

SGs The SGs interface is an optional interface between a 2G (GERAN) / 3G (UTRAN) MSC
and an LTE/EPC MME. Its purpose is to facilitate both CSFB (Circuit-Switched Fall
Back) and SMS (SMS over SGs).

*QOS (Quality of services): LTE QOS allows both LTE compliant subscribers and services to be differentiated. Premium subscribers
can be prioritized over basic subscribers. Real time services can be prioritized over non real time services. As the network load will
increase, prioritization determines which subscribers and performing well and which are not performing.
Like other systems, LTE QOS also affects admission control decisions. Connections with guaranteed QOS require larger resources.
These connections will be blocked in case of insufficient resources.
QOS is applied between UE and PDN gateway within LTE network.
*QOS Parameters:-

 QCI
 ARP
 GBR
 NON-GBR
 MBR
 APN-AMBR
 UE-AMR

QCI (QoS Class Identifier): QCI is an integer from 1 to 9 which indicates nine different QoS performance characteristics of each IP
packet. QCI values are standardized to reference specific QoS characteristics, and each QCI contains standardized performance
characteristics (values), such as resource type (GBR or non-GBR), priority (1~9)

*ARP (Allocation and Retention Priority):When a new EPS bearer is needed in an LTE network with insufficient resources, an LTE
entity (e.g. P-GW, S-GW or eNB) decides, based on ARP (an integer ranging from 1 to 15, with 1 being the highest level of priority),
whether to: Remove the existing EPS bearer and create a new one (e.g. removing an EPS bearer with low priority ARP to create
one with high priority ARP); or refuse to create a new one.
So, the ARP is considered only when deciding whether to create a new EPS bearer or not.
*GBR (guaranteed bit rate): -This parameter is used for a GBR type bearer, and indicates the bandwidth (bit rate) to be
guaranteed by the LTE network.
*NON-GBR: It is applied to a non-GBR bearer with no guaranteed bandwidth.
*MBR (UL/DL): MBR is used for a GBR type bearer, and indicates the maximum bit rate allowed in the LTE network. Any packets
arriving at the bearer after the specified MBR is exceeded will be discarded.
*TAU (Tracking area update): When UE detects that it has entered a new TA (Tracking Area) that is not in the reported TAI list or
the periodic TA update timer has expired.
TAU is of two types:
Periodic TAU: This TAU happens when the periodic TA update timer has expired.
Aperiodic TAU: This kind of TAU occurs when certain conditions are met, such as:
 When UE detects that it has entered a new TA (Tracking Area) that is not in the reported list.
 When the RRC layer in the UE informs the UE's NAS layer that an RRC connection failure (in either E-UTRAN or UTRAN) has
occurred.
 The RRC connection was released with release cause "load re-balancing TAU required".
 For a UE supporting CS fallback, or configured to support IMS voice, or both, a change of the UE's usage setting or voice
domain preference for E-UTRAN.
 After completing CS fall back, instead of sending attach request UE send TAU request.
 When UE changes one of RAT (Radio access Technology).
*Bearer: -
Bearer is just a virtual concept. It defines how the UE data is treated when it travels across the network. Network might treat some
data in a special way and treat others normally.
Some flow of data might be provided guaranteed bit rate while other may face low transfer. E.g. Person A will always get at least
256 Kbps download speed on his LTE phone while for person B there is no guaranteed bit rate and might face extremely bad
download speed at times
Default Bearer
When LTE UE attaches to the network for the first time, it will be assigned default bearer which remains as long as UE is attached.
Default bearer is best effort service.
Each default bearer comes with an IP address. UE can have additional default bearers as well. Each default bearer will have a
separate IP address.
QCI 5 to 9 (non- GBR) can be assigned to default bearer.
Default bearer is one of the main bearers which is created at the time of initial attach procedure or at the time of new PDN
connection. Default bearer is a non-GBR bearer and provide always on IP connectivity.
Dedicated Bearer: -Dedicated bearers provides dedicated tunnel to one or more specific traffic (i.e., VoIP, video etc.) Dedicated
bearer acts as an additional bearer on top of default bearer.
It does not require separate IP address because only additional default bearer needs an IP address and therefore dedicated bearer
is always linked to one of the default bearers established previously.
GBR provides guaranteed bit rate and is associated with parameters like GBR and MBR
GBR: The minimum guaranteed bit rate per EPS bearer. Specified independently for uplink and downlink MBR: The maximum
guaranteed bit rate per EPS bearer. Specified independently for uplink and downlink non-GBR bearer does not provide guaranteed
bit rate and has parameter like A- AMBR and UE- AMBR
A-AMBR: APN Aggregate maximum bit rate is the maximum allowed total non-GBR throughput to specific APN. It is specified
interdependently for uplink and downlink
UE -AMBR: UE Aggregate maximum bit rate is the maximum allowed total non-GBR throughput among all APN to a specific UE.
Dedicated bearer can be GBR or non-GBR. For services like volte, we need to provide better user experience and this is where
dedicated bearer would come handy.
Dedicated bearer uses “Traffic flow templates (TFT)” to give special treatment to specific services dedicated bearer is created
when the requested service cannot be fulfilled through default bearer. Some services required a high level of QOS like voice call.
So, network create a dedicated bearer with required QOS. Dedicated bearer may be Non-GBR or GBR depend of QCI (QOS class
identifier) value.
Dedicated bearer can be created/release based on requirement but default bearer is created only all on IP connectivity and
released only at the time of detach/PDN disconnection.

*Block Error Ratio: - 3GPP TS 34.121, F.6.1.1 defines block error ratio (BLER) as follows: "A Block Error Ratio is defined as the ratio
of the number of erroneous blocks received to the total number of blocks transmitted. An erroneous block is defined as a
Transport Block, the cyclic redundancy check (CRC) of which is wrong.
BLER stands for Block Error Rate measurement
BLER = (Received data blocks in error/Total number of transmitted blocks)

*MIMO: -Multiple Input Multiple Output is used within LTE to provide improved signal performance and / or improved data rates
using the multiple path propagation. ... Using multiple antennas, LTE MIMO is able to utilize the multiple path propagation that
exists to provide improvements in signal performance.
MIMO achieves signal and bit rate enhancements through spatial multiplexing, antenna diversity and beam-forming.
*Types of MIMO: -
1. Spatial Multiplexing: - Spatial Multiplexing improves data rates by transmitting the data payload in separate streams
through spatially separated antennas carrying bits and pieces of the overall data. At the receiver end, another set of
spatially separated antennas combines the separate streams into a single data stream.
Spatial Multiplexing is also referred to as Space Division Multiplexing, and it allows spatially separated antennas to
transmit various data streams of the signal, which are transmitted through a radio channel. At the receiver end, the data
streams are received by another set of spatially separated antennas to put the various data streams back together as a
single stream. This allows the available frequency and time resources to transmit multiple signal streams in parallel to
improve the overall efficiency and hence the resulting bit rates for the user.

2. Spatial Diversity: -Spatial diversity is about improving the quality of the radio signal by using multiple transmissions to
address the negative impact of multi-path fading. In MIMO, multiple copies of the same signal are communicated between
the transmitter and the receiver.
3. Beam-forming: - In beam-forming, multiple antennas transmit the same signal towards specific directions to extend the
range of the signal and improve bit rates. Beam-forming allows the receivers in those locations to receive a more robust
signal because the transmission power is targeted in a particular direction.

*What is open loop? Why it uses in MIMO?

 Open loop MIMO sender requires feedback from the receiver in terms of Rank Indication (RI) and Channel Quality Indicator
(CQI).
 It is called 'open loop' because of sender does not requiring feedback from transmitter in terms of a Precoding Matrix
Indicator (PMI).
 Open loop MIMO can be beneficial for high mobility scenarios which would cause a reported PMI to become invalid after
only a short period of time
*What is Closed Loop in MIMO?

 In Closed loop MIMO sender, require feedback from the receiver in terms of RI, CQI and PMI.
 The receiver selects a PMI to help improve the properties of the composite channel coefficient matrix.
 Closed loop MIMO allows senders to transmit with increased information’s.
 But it also increased the signaling overhead.

Q:-which is better to use - Open loop or closed loop MIMO: - Closed loop MIMO provides the transmitter with extra information to
improve the performance of MIMO, but it generates more signaling overhead. While, open loop MIMO can be beneficial for high
mobility scenarios which would cause a reported PMI to become invalid after only a short period of time and hence it is better to
use open loop MIMO in case of high mobility.
Q: - What Advantage of MIMO: - The main advantages of MIMO systems are higher data rate and higher reliability without the
need of extra power and bandwidth. The MIMO system provides higher data rate by using spatial multiplexing technique and
higher reliability by using diversity technique.
Q: - What is 8*8 MIMO: - 8x8 MIMO, often referred to as 8T8R, uses eight antennas to establish up to eight streams of data with
the receiving device. ... With eight spatial streams established, the data payload is divided across all eight antennas and
transmitted over the same frequency band.
Q:-According to 3GPP, release 15 is MIMO support in uplink direction if yes what’s combination support of MIMO have?

 The 3GPP release 15 version of the specifications for New Radio (NR) supports MIMO in both the uplink and downlink
directions.
 The uplink supports 2x2 MIMO and 4x4 MIMO, whereas the downlink supports 2x2 MIMO. 4x4 MIMO and 8x8 MIMO.
 The release 15 version of the specifications also supports Multi-User MIMO in both the uplink and downlink directions.

*LTE CQI vs PMI vs RI-Difference between LTE CQI, PMI, RI: -

LTE CQI: -The LTE CQI stands for Channel Quality Information. It includes CQI, PMI, RI components. The requirement for each of
these components depend on transmission mode. All transmission modes need UE to provide CQI feedback.

As mentioned in the figure, LTE CQI reports can be aperiodic or periodic. Aperiodic reports are transmitted using PUSCH. Periodic
reports are transmitted using PUCCH unless any reports coincide with the PUSCH channel transmission.

Aperiodic CQI reporting is triggered when CQI request field is set to value 1 within PDCCH DCI-0 or Random-Access Response
Grant on PDSCH. In contrast to aperiodic reporting, the 'type of reporting' is signaled I instead of 'reporting mode’. The LTE UE
uses combination of 'type of reporting' and 'transmission mode' to derive the reporting mode. LTE PMI
*LTE PMI: - stands for Precoding Matrix Indicators. They are applicable to closed loop transmission modes:

 Transmission Mode-4: Closed Loop Spatial Multiplexing.

 Transmission Mode-5: Multi-User MIMO.
 Transmission Mode-6: Closed Loop Spatial Multiplexing using a single layer

The LTE UE use PMI information to signal preferred set of weights to be applied during the precoding process. UE does this in
order to maximize the down-link S/N ratio.

Table-1 mentions complex weights. Based on following configurations one out of 4 is used by LTE UE.
Antenna ports-2, RI =1, PMI = {0, 1, 2, 3}

Code-book Index 0 1 2 3

Weight for antenna-1 0.7071 0.7071 0.7071 0.7071

Weight for antenna-2 0.7071 -0.7071 j*0.7071 -j*0.7071

Table-1: Closed Loop Spatial Multiplexing Weights (single layer & 2 Antenna Ports)
Table-2 mentions complex weights for following configurations. This configured is used by UE to select 1 of 2 sets of complex
weights.
Antenna ports=2, RI=2, PMI= {0, 1}.

Antenna-1 Antenna-2

Code-book Index Codeword-1 Codeword-2 Codeword-1 Codeword-2

1 0.5 0.5 0.5 -0.5

2 0.5 0.5 j*0.5 -j*0.5www

Table-2 Closed Loop Spatial Multiplexing weights (2 layers & 2 antenna ports)
For antenna ports of 4, PMI of value {0, 1,....14,15} can be used to indicate 1 of 16 sets of complex weights.
LTE PMI can be transmitted using PUSCH or PUCCH channel.
*LTE RI:-LTE RI stands for Rank Indicator.
RIs are applicable for open loop transmission and closed loop transmission modes. These modes use more than a single layer
between layer mapping and precoding modules.
•Transmission mode-3 indicates open loop spatial multiplexing
•Transmission mode-4 indicates closed loop spatial multiplexing
In LTE system, UE uses RI to inform about number of layers required during layer mapping.
LTE RI can be transmitted using PUSCH or PUCCH.
Number of layers = Number of code words (for Antenna elements=2),
Here UE can signal RI equal to 0/1 to indicate 1 or 2 layers as preferred one
Number of layers >= Number of code words (for Antenna elements=4),
Here UE can signal RI equal to {0,1,2 or 3} to indicate 1,2,3 or 4 layers as preferred one.
Scheduling Request: -Scheduling request is a single bit flag, which is used to request PUSCH resources from eNodeB.

In LTE, SR is transmitted using PUCCH channel.

*HARQ ACK and NACK: -HARQ stands for Hybrid Automatic Repeat Request. Uplink HARQ ACK/NACK are used to acknowledge
downlink data transmitted on PDSCH. Either one or two ACKs can be reported based on no. of code words transmitted during
corresponding PDSCH subframe.
 Downlink data is received during subframe "N" is ACKed during Subframe "N+4". HARQ ACK /NACK can be transmitted using
PUSCH or PUCCH.
*Carrier Aggregation: - Carrier Aggregation is feature, which came in to 3GPP release 10. CA is one of the key techniques used to
enable the very high data rates of 4G to be achieved. By combining more than one carrier together, either in the same or different
bands it is possible to increase the bandwidth available and, in this way increase the capacity of the link.
Carrier Aggregation is a feature in LTE for providing very high data volumes and data rates by the process of combining contiguous
and non- contiguous spectrum bands. This can be explained in a simple way. For Ex: A Mobile operator can have 10MHZ in L1800
Band and 10 MHZ in L900 band. Therefore, by using the functionality of CA we can combine these two bands to provide 20MHZ of
Carrier Channel BW.
These channels or carriers may be in the same band, or they may be in different bands.
Carrier aggregation is supported by both formats of LTE, namely the FDD and TDD variants.
*Few Pointers about CA:
1. CA is a key feature which allows operators to create virtual carrier bandwidth
2. It can help operators to increase individual carrier bandwidths for different layers by combining them by implementing the
CA functionality
3. CA enables combinations of up to 5 Carrier components. Multiple LTE carriers each with Bandwidth of 20MHZ can be
transmitted in parallel to and from the same UE.
4. As of now CA can provides bandwidth up to 100 MHZ (20 MHZ * 5 Component carrier)
5. Cross Component Carrier scheduling is supported by CA, where we can use the control channel of one carrier (PCC) to
allocate resources (scheduling functionality) of another carrier (SCC)
In CA, cross-carrier scheduling enables the UE connected to different nodes to receive the PDCCH on different carriers to eliminate
inter-cell interference on the PDCCH.

Cross-carrier scheduling may also be used to balance the loads from traffic and scheduling across different component carriers.

Types of CA-There are two types of carrier aggregation.

A. Intra Band
B. Inter Band
Intra-band: This form of carrier aggregation uses a single band. There are two main formats for this type of carrier aggregation:
Contiguous: The Intra-band contiguous carrier aggregation is the easiest form of LTE carrier aggregation to implement. Here the
carriers are adjacent to each other. Contiguous CA requires only one transceiver as it treats multi-carrier signal as single signal.
Non-contiguous: Here Carriers from same band is used, but they are not continuous. So, the multi carrier signal cannot be
considered as a single signal reason, the design and implementation are a bit complex especially from the UE perspective.
Inter-band non-contiguous: This form of carrier aggregation uses different bands. UE needs multiple transceivers in order to
perform support such aggregations.
Carrier Aggregation SCell Configuration: In CA, the RRC layer is responsible for CA configuration and DE configuration. CA can only
be applied to UEs, which are in RRC connected mode, and it happens only with the PCell. In CA, there is only one RRC connection
for an UE. MAC layer is responsible for the split in data transmission over different CC.
Q:-From which 3GPP release CA has come for implementation?
Ans: From Release 10
Q:-From which Category of UE CA is Supported?
Ans: Category 6
Q:-How Network identifies that CA is supported by UE?
Ans: During initial registration UE send UE capability information to the eNB, from those messages the Network can know if the UE
supports CA
Q:-In Release 10 how many CC can we have?
Ans: 1PCC and 4 SCC can be supported in release 10.
Q:-In Release 13 how many CC can we have?
Ans: Up to 32 CC
Q:-What is the role of the MAC Layer in CA?
Ans: 1. Activate and Deactivate Secondary cell.
2. Aggregates data from multiple cells.
Q:-Why MIMO when we have Carrier Aggregation?
Ans: CA is like decreasing the congestion in a highway by increasing the lanes. For example, here parallel data streams are
transmitted on separate EARFCN. But consider the case when there is no possibility of extra BW or EARFCN, in that case MIMO
comes in picture. MIMO is basically sending parallel data stream on the same frequency exploiting Antenna architecture.
Q:-What are the limitation for Carrier Aggregation with respect to Carrier Frequency?
Ans: Carrier aggregation cannot be implemented for the same frequency band. Even if they are in contiguous band, there should
be a separation of 300KHZ between the EARFCNs.
Q:-When the CA Scell will be activated. Conditions Pls share?

Ans: once UE get MAC control element activation command from eNB, it will activate CA Scell

Q: - How UE identified that network is support C.A?

Ans: When UE sent UECapabilityInformation information to primary cell, PCell aware the ue capabilities, behalf of that PCell add
the secondary cell as per UE radio conditions or ue-CapabilityRAT-ContainerList.

What is difference between CA and MIMO: -MIMO (Multiple Input Multiple Output) combines signals and data streams from
multiple antennas to improve signal quality and data rates, whereas Carrier Aggregation (CA) combines multiple frequency
carriers (channels) to enhance the bandwidth and data rates.
Carrier Aggregation support in MAC Layer
MAC Layer is responsible for multiplexing/DE multiplexing data across multiple component carriers when carrier aggregation is
used. In case of CA, it is responsible for distributing data from each flow across the different component carriers, or cells.
The basic principle for carrier aggregation is independent processing of the component carriers in the physical layer, including
control signaling, scheduling and HARQ re-transmissions, while carrier aggregation is invisible above the MAC layer. Carrier
aggregation is therefore mainly seen in the MAC layer, where logical channels, including any MAC control elements, are
multiplexed to form transport blocks per component carrier with each component carrier having its own HARQ entity.

Since LTE Release 10 up to 5 component carriers may be aggregated, allowing for transmission bandwidths of up to 100
MHz Using five aggregated component carriers, MIMO and 256QAM allows theoretical data rates of up to 2 gigabits per
second.
If you aggregate two component carriers then it will be called 2CA; if there are three components' carriers then 3CA, and
so on. The more the component carriers, the better will be the data speed
*Dual connectivity: - (DC) is a LTE Rel-12 feature for small cell enhancement. Similar to carrier aggregation (CA). Dual connectivity
(DC) allows a UE to simultaneously transmit and receive data on multiple component carriers from two serving nodes or cell
groups (a master node, MN, and a secondary node, SN).
The difference between DC and CA is in their application scenarios and their implementation.
The differences between CA and DC are as follows:
1. In CA all component carriers belong to the same eNodeB, but in DC, the aggregated carriers belong to different cells
(where usually one cell is macro and the other is small). That’s why it is sometimes also referred to as inter-site carrier
aggregation. The two eNodeBs are referred to as Master Cell Group (MCG) and Secondary Cell Group (SCG). Commonly it’s
clear in case of EN DC option 3x
2. In CA, only one UE identity is used in all component carriers. But in DC, UE is identified by different C-RNTIs in MCG and
SCG.
3. Only one PUCCH is used for uplink signaling messages across all component carriers in CA, and it is present in the Primary
Component Carrier. In DC, however, separate PUCCHs are used in MCG and SCG.
So, based on the differences we’ve seen so far between CA and DC, we can figure out in which scenario, which
aggregation technology would be used.
If the backhaul of the network is ideal between the nodes, then CA can be implemented. But if the backhaul is not ideal,
for example, if there are large delays between the nodes, then the choice should be DC.
*DCI: - stands for downlink control information and there are various DCI formats used in LTE in PDCCH. The DCI format is nothing
but a predefined format in which the downlink control information is packed/formed and transmitted in PDCCH.
Information Carried by DCI Format in LTE: -
1. Resource Block assignment (No. of Resource block group that are assigned to UE)
2. New Data Indicator (NDI) value
3. TCP Command
4. Redundancy Version (Value=0 to 3 0,2,3,1)
5. Modulation and Coding Scheme.

Duplex Channel
Duplex ƒ Common Subset Uplink[A 2] Downlink[A 3]
Band spacing bandwidths Notes
mode[A 1] (MHz) name of band (MHz) (MHz)
(MHz) (MHz)
1 FDD 2100 IMT 65 1920-1980 2110-2170 190 5,10,15,20
3 FDD 1800 DCS 1710 – 1785 1805 – 1880 95 1.4, 3, 5, 10, 15, 20
40 TDD 2300 S-Band 2300 – 2400 N/A 5, 10, 15, 20
41 TDD 2500 BRS/EBS 2496-2690 N/A 5,10,15,20

*LTE-Identifier. Note: Following table is based on the document from MNC Group (LTE-Identifier):-

ID Meaning Description Structure

IMSI International Mobile Unique identification of mobile (LTE) subscriber IMSI (not more than 15
Subscriber Identity Network (MME) gets the PLMN of the subscriber digits) = PLMN ID + MSIN =
MCC + MNC + MSIN
PLMN ID Public Land Mobile Unique identification of PLMN PLMN ID (not more than 6
Network Identifier digits) = MCC + MNC
MCC Mobile Country Code assigned by ITU 3 digits
MNC Mobile Network Code assigned by National Authority 2 or 3 digits

MSIN Mobile Subscriber assigned by operator 9 or 10 digits

Identification Number
Globally Unique Temporary To identify a UE between the UE and the MME on behalf GUTI (not more than 80
GUTI UE Identity of IMSI for security reason bits) = GUMMEI + M-TMSI
 TIN Temporary Identity used in GUTI is stored in TIN parameter of UE’s MM context.
Next Update TIN indicates which Temporary ID will be used in the TIN = GUTI
next update.
S-TMSI SAE Temporary Mobile To locally identify a UE in short within a MME group S-TMSI (40 bits) =
Subscriber Identity (Unique within a MME Pool) MMEC+M-TMSI
M-TMSI MME Mobile Subscriber Unique within a MME 32 bits
Identity
Globally Unique MME To identify a MME uniquely in global GUTI contains GUMMEI (not more than 48
GUMMEI Identity GUMMEI bits)= PLMN ID +MMEI

MMEI MME Identifier To identify an MME uniquely within a PLMN Operator MMEI (24 bits) = MMEGI+
commissions at eNBMMEI MMEC
TAI Tracking Area Identity The tracking Identity is the identity used to identify TAI (not more than 32 bits)
tracking areas. =MCC+MNC+ TAC
To indicate eNB to which Tracking Area the eNB
TAC Tracking Area Code belongs (per Cell) Unique within a PLMN16 16 bits
UE can move into the cells included in TAL list without
TAI List Tracking Area Identity List location update (TA update) Globally unique Variable length
EPS Bearer Evolved Packet System To identify an EPS bearer (Default or Dedicated) per 4 bits
ID Bearer Identifier an UE4

*Entities of IMS Architecture: - The different entities in IMS architecture are

1. P-CSCF: Proxy- Call Session Control Function.
* The P-CSCF is the user to network proxy. In this respect all SIP signaling to and from the user runs via the P-CSCF whether
in the home or a visited network.
* When any user registers with the IMS network, the registration signaling will pass through the P-CSCF.
* The P-CSCF supports several important functions:
* Validates the correctness of SIP messages with IMS UEs according to SIP standard rules.
* Ensures the security of the messages between UEs and the IMS network using IPsec or TLS security associations.
* Authenticates and asserts the identity of the UE.
* Compresses the messages ensuring the efficient transmission of SIP messages over narrow-band channel
* The P-CSCF may support Policy Enforcement capabilities for authorizing media plane resources, bandwidth, and QoS
management.
* In addition, the P-CSCF can also generate charging information to be collected by charging network nodes.
2. I-CSCF: *Interrogating Call Session Control Function.
* The I-CSCF is a SIP proxy located in the edge of an administrative IMS domain. Its IP address is published in the Domain Name
System (DNS) of the domain so that remote servers can find and use it as a forwarding point (e.g., registering) for SIP packets
to this IMS domain.
* The I-CSCF implements a Diameter interface to the HSS (Home Subscriber Server), and queries the HSS to retrieve the address
of the S-CSCF for a UE to perform SIP registration.
* Being a SIP proxy, the I-CSCF forwards SIP message requests and responses to the S- CSCF. Additionally, the I-CSCF may
encrypt parts of the SIP messages securing any sensitive information.
* Typically, the IMS network includes a number of I-CSCF nodes for the purpose of scalability and redundancy. The I-CSCF is
usually located in the IMS home network.
3. S-CSCF: Serving Call Session Control Function.
* The S-CSCF is a central function of the signaling plane in the IMS core network.
* An S-CSCF node acts as a SIP registrar, and in some cases as a SIP redirect server. It is responsible for processing the location
registration of each UE, user authentication and call routing and processing.
* Similar to the I-CSCF, the S-CSCF supports Diameter Cx and Dx interfaces to the HSS to download the authentication
information and user profile of the registering UEs from the HSS for authentication purpose.
* All of the SIP signaling from/to the IMS UEs traverses their serving S-CSCF allocated during the registration process.
* The S-CSCF also provides SIP message routing and services triggering. It also enforces the policy of the network operator and
keep users from performing unauthorized operations.
* The S-CSCF is always located in the home network.
4. SLF: Subscriber Location Function: The subscriber location function, or SLF is an entity within an IP multimedia subsystem
that provides information about the home subscriber server (HSS) that is associated with a particular user profile. It is
generally implemented using a database. If the home domain contains more than one HSS, I-CSCF and S-CSCF will
communicate with SLF and find the appropriate HSS based on user profile.
5. Home Subscriber Server: - (HSS) is the main subscriber database used within the IP Multimedia Subsystem (IMS) which
provides details of the subscribers to other entities within the network. The IMS enables users to be granted or refused access
to other services dependent on their status. The role of the HSS is to communicate with the network and provide subscriber
profile and authentication information. ... Combined with an Authentication, Authorization, Accounting (AAA) server, the HSS
ensures that an LTE network works with legacy or concurrent services.

* The IMS HSS or home subscriber server is the main subscriber database used within IMS.
* The IMS HSS provides details of the subscribers to the other entities within the IMS network, enabling users to be granted
access or not dependent upon their status.
* When a subscriber registers onto an IMS network, the subscription data is retrieved from the HSS by the Serving-CSCF, S-CSCF
that has been assigned to the subscriber.
* Subscription data is transferred from the HSS to the S-CSCF
* Charging subscription data is sent from the HSS to the P-CSCF via the S-CSCF.
* IMS public user identity data which is also kept in the S-CSCF is forwarded to the user equipment
* Service subscription data is forwarded from the HSS to the SIP-AS via the S- CSCF. This enables charging for the services to be
managed.
6. Breakout gateway control function, BGCF: This entity within the IMS architecture selects the network in which a PSTN
breakout is to occur. If this is to occur in the same network as the BGCF, then the BGCF selects a media gateway control
function, MGCF
7. Media gateway control function, MGCF: This entity inter-works the SIP signaling. It manages the distribution of sessions
across multiple media gateways.
8. Media server function control, MSCF: This manages the use of resources on media servers.
9. SIP applications server, SIP-AS: The SIP-AS is a service execution platform on which one or more services are deployed
10. SGW (Serving Gateway): The main function of the Serving Gateway is routing and forwarding of user data packets. It is also
responsible for inter-eNB handovers in the U-plane and provides mobility between LTE and other types of networks, such as
between 2G/3G and P-GW.
11. What is the function of PGW: -In a mobile network, a major function of the Packet Data Network Gateway (P-GW) is to
allocate IP addresses to the user equipment during default bearer setup. The user equipment can still connect to multiple
packet networks through multiple P-GWs, and also to older, non-3GPP-compliant IP networks
*PCIs, or Physical Cell Identifiers: - in LTE, networks provide a pseudo- unique value for identifying eNodeBs. The PCI value is
created from two components – PSS and SSS.
*What is SIP: -Session Initiation Protocol (SIP) is a chief Protocol used for carrying Voice Calls, Voice calls over IP without any
limitations.

 The SIP is a simple, flexible protocol for creating, modifying, and terminating sessions. It works independently of
underlying transport protocols.
 The main functions of the SIP are to set up, control, and tear down sessions. Protocols used in conjunction with the SIP,
such as SDP, RTP/RTCP, and RTSP can be summarized as follows.
The SIP can be based on the User Datagram Protocol (UDP), the Transmission Control Protocol (TCP), or the Stream Control
Transmission Protocol (SCTP). However, most cases now use the UDP.

SIP network communication.

 Message content of SIP basic request and SIP extended request.
 The basic SIP messages, described in RFC 3261
 Basic SIP messages

Extended SIP messages

SIP MESSAGES
Message content of a SIP response message
Provisional: Request received, continuing to process the request.
Success: The action was successfully received, understood, and accepted. Redirection Further action needs to be taken in order to
complete the request.
Client error: The request contains bad syntax or cannot be fulfilled at this server.
Server error: The server failed to fulfill an apparently valid request.
Global failure: The request cannot

SIP messages code

SIP messages code

Registration Call Flow 3GPP
 Call Flow message SIP
The registration server on the IMS network is called the Serving Call Session Control Function (S-CSCF), while proxy servers on the
IMS network are the Proxy-CSCF (P-CSCF), Interrogating-CSCF (I-CSCF), and Serving-CSCF (S-CSCF). Initial Session request flow sent
by the UE.
*What is Diameter Protocol: -Diameter is a next-generation industry-standard protocol used to Exchange Authentication,
Authorization and Accounting (AAA) information in Long-Term Evolution (LTE) and IP Multimedia Systems (IMS) networks. It was
derived from and improves upon the widely deployed RADIUS (Remote Authentication Dial-In User Service) and LDAP (Lightweight
Directory Access Protocol) AAA protocols, providing more reliable, secure and flexible transport mechanisms for mobile data
networks. A variety of LTE and IMS network functions make use of Diameter, including the Policy and Charging Rules Function
(PCRF), Home Subscriber Server (HSS) and Online Charging System (OCS) elements. The protocol provides a general framework for
exchanging AAA messages, and specifies a standard set of AAA request and response commands and attributes.

*Relationship to SIP:-
Diameter and SIP (Session Initiation Protocol) are the core signaling protocols used in IMS networks. SIP is used to establish and
control real-time IP communications sessions. Diameter is used to authenticate, authorize and provide accurate billing information
for those sessions.

Improvements over RADIUS: -RADIUS was conceived to provide basic authentication functions for dial-up networks. In a typical
RADIUS implementation, a subscriber provides credentials (i.e., a user ID and password) to an access server upon login. The access
server authenticates the credentials against a centralized LDAP policy store. The RADIUS model is not well suited for IMS networks
where mobile users access a variety of dynamic applications and services across autonomous service provider networks.
Diameter supports the enhanced policy control, dynamic rules, quality of service, bandwidth allocation and charging mechanisms
needed for contemporary communications service provider networks. It also provides a more reliable, secure and flexible
framework for exchanging AAA messages.
Diameter Protocol Advantages:

 A peer-to-peer architecture for greater flexibility

 Reliable transmission of AAA messages over TCP or SCTP
 Built-in fail-over mechanisms to guarantee message delivery
 Secure transmission of AAA messages using TLS or IPsec

Peer-to-Peer Architecture: -Diameter is based on a peer-to-peer architecture. The protocol defines three distinct types of nodes:
client, server and agent. The diameter node that receives the user connection request (i.e. a network access server) is referred to
as the client. The diameter node that processes the request is referred to as the server. Intermediary nodes are referred to as
agents. The protocol defines four distinct agent types: proxy, redirect, relay, and translation.

Diameter Protocol Agents Functionality:

 Provide load balancing for scalability and reliability

 Perform value-added request or response processing
 Aggregate, concentrate, sort and forward requests
 Enable inter-working with legacy AAA protocols
 Mitigate multi-vendor interoperability issues

Diameter Signaling Controllers: -Peer-to-peer communications flow result in a mesh topology (often referred to as an “N-
squared” connected mesh) which is inherently difficult to scale and manage. (See figure below.)
A Diameter Signaling Controller (DSC) provides intermediary routing and protocol mediation functions allowing service providers
to collapse complex Diameter mesh topologies into simpler, hierarchical hub-and-spoke topologies that are more scalable and
more easily managed. (See figure below).

*GPRS Tunneling Protocol (GTP) in LTE: - GPRS Tunneling protocol is an important IP/UDP based protocol used in GSM, UMTS and
LTE core networks. It is used to encapsulate user data when passing through core network and also carries bearer specific signaling
traffic between various core network entities.

GTP is used to establish a GTP tunnel, for user equipment, between a Serving Gateway (S-GW) and Packet Data Network Gateway
(P-GW), and an S-GW and Mobility Management Entity (MME). A GTP tunnel is a channel between two GPRS support nodes
through which two hosts exchange data. The S-GW receives packets from the user equipment and encapsulates them within a GTP
header before forwarding them to the P-GW through the GTP tunnel. When the P-GW receives the packets, it encapsulates them
and forwards them to the external host.

GTP comprises the following separate protocols:

 GTP-C— Performs signaling between the S-GW and P-GW in the core GPRS network to activate and deactivate subscriber
sessions, adjust the quality-of-service parameters, or update sessions for roaming subscribers who have arrived from
another S-GW. GTP-C supports transport of control packets in IPv4 format.
 GTP-U— Transports user data within the core GPRS network and between the Radio Access Network (RAN) and the core
network. GTP-U supports IPv4 and IPv6 user data, but transport is IPv4.
*What is GTP protocol used for: -GPRS Tunneling Protocol (GTP) is a group of IP-based communications Protocols used to carry
general packet radio service (GPRS) within GSM, UMTS and LTE networks.

*GPRS Tunneling Protocol Types: -

*Does 5G use GTP: -GPRS Tunneling Protocol (GTP) has been at the heart of providing seamless interconnection and is responsible
for carrying traffic between roaming or home subscribers and key network interfaces in 4G, 5G non-standalone (NSA), 5G
standalone (SA), and mobile edge compute architectures.
*GTPV2: - GPRS Tunneling Protocol version 2. In LTE, GTP (GPRS Tunneling Protocol) tunnels are used between two nodes
communicating over a GTP based interface, to separate traffic into different communication flows.

*UDP: -User Datagram Protocol (UDP) is a communications protocol that is primarily used to establish low-latency and loss-
tolerating connections between applications on the internet. UDP speeds up transmissions by enabling the transfer of data before
an agreement is provided by the receiving party.

*What is the difference between TCP and UDP protocols?

TCP is a connection-oriented protocol, whereas UDP is a connection-less protocol. A key difference between TCP and UDP is
speed, as TCP is comparatively slower than UDP. Overall, UDP is a much faster, simpler, and efficient protocol, however, re-
transmission of lost data packets is only possible with TCP

*What is SCTP in LTE: -Stream Control Transmission Protocol (SCTP) is the key protocol utilized as transport for all signaling
between the RAN and EPC. SCTP is also utilized as transport for the Diameter protocol in LTE.

*What is the difference between TCP and SCTP?

SCTP is a link-oriented protocol in computer networks that allows for full-duplex transmission of multiple streams of data between
two endpoints, creating a network connection. TCP is a connection-oriented protocol that ensures data transmission. TCP ensures
secure data transfer right from the start of the connection.

*Here’s the LTE Attach Procedure Call Flow, broken down into steps, derived by 3GPP: -
Step 1. The UE initiates the attach procedure by transmitting an attach request to the eNodeB.
Step 2. The eNodeB derives the MME from the RRC parameters carrying the old GUMMEI and the indicated Selected Network.
Step 3. If the UE identifies itself with GUTI and the MME has changed since detach, the new MME uses the GUTI received from the
UE to derive the old MME/SGSN address, and send an Identification Request to the old MME/SGSN to request the IMSI.
Step 4. If the UE is unknown in both the old MME/SGSN and new MME, the new MME sends an Identity Request to the UE to
request the IMSI. The UE responds with Identity Response (IMSI).
Step 5a. If no UE context for the UE exists anywhere in the network, if the Attach Request (sent in step 1) was not integrity
protected, or if the check of the integrity failed, then authentication and NAS security setup to activate integrity protection and
NAS ciphering are mandatory.
Step 5b. The ME Identity shall be retrieved from the UE.
Step 6. If the UE has set the Ciphered Options Transfer Flag in the Attach Request message, the Ciphered Options i.e., PCO or APN
or both, shall now be retrieved from the UE.
Step 7. If there are active bearer contexts in the new MME for this particular UE (i.e., the UE re-attaches to the same MME
without having properly detached before), the new MME deletes these bearer contexts by sending Delete Session Request (LBI)
messages to the GWs involved.
Step 8. If the MME has changed since the last detach, or if there is no valid subscription context for the UE in the MME, the MME
sends an Update Location Request message to the HSS.
Step 9. The HSS sends Cancel Location (IMSI, Cancellation Type) to the old MME.
Step 10. If there are active bearer contexts in the old MME/SGSN for this particular UE, the old MME/SGSN deletes these bearer
contexts by sending Delete Session Request (LBI) messages to the GWs involved.
Step 11. The HSS acknowledges the Update Location message by sending an Update Location Ack message to the new MME.
Step 12. For an Emergency Attach situation, the MME applies the parameters from MME Emergency Configuration Data for the
emergency bearer establishment performed in this step and any potentially stored IMSI related subscription data are ignored by
the MME.
Step 13. The Serving GW creates a new entry in its EPS Bearer table and sends a Create Session Request message to the PDN GW
indicated by the PDN GW address received in the previous step.
Step 14. If dynamic PCC is deployed and the Handover Indication is not present, the PDN GW performs an IP-CAN Session
Establishment procedure.
Step 15. The PGW creates a new entry in its EPS bearer context table and generates a Charging Id.
Step 16. If the MS Info Change Reporting Action (Start) or the CSG Information Reporting Action (Start) are received for this bearer
context, then the SGW stores this for the bearer context and the SGW reports to that PGW whenever a UE’s location and/or User
CSG information change occurs that meets the PGW request.
Step 17. If an APN Restriction is received, then the MME shall store this value for the Bearer Context and the MME shall check this
received value with the stored value for the Maximum APN Restriction to ensure there are no conflicts between values.
Step 18. The eNodeB sends the RRC Connection Reconfiguration message including the EPS Radio Bearer Identity to the UE, and
the Attach Accept message will be sent along to the UE.
Step 19. The UE sends the RRC Connection Reconfiguration Complete message to the eNodeB.
Step 20. The eNodeB sends the Initial Context Response message to the new MME.
Step 21. The UE sends a Direct Transfer message to the eNodeB, which includes the Attach Complete message.
Step 22. The eNodeB forwards the Attach Complete message to the new MME in an Uplink NAS Transport message.
Step 23. Upon reception of both, the Initial Context Response message in step 20 and the Attach Complete message in step 22,
the new MME sends a Modify Bearer Request message to the Serving GW.
Step 23a.If the Handover Indication is included in step 23, the Serving GW sends a Modify Bearer Request (Handover Indication)
message to the PDN GW to prompt the PDN GW to tunnel packets from non 3GPP IP access to 3GPP access system and
immediately start routing packets to the Serving GW for the default and any dedicated EPS bearers established.
Step 23b.The PDN GW acknowledges by sending Modify Bearer Response to the Serving GW.
Step 24. The Serving GW acknowledges by sending Update Bearer Response (EPS Bearer Identity) message to the new MME.
Step 25.After the MME receives Modify Bearer Response (EPS Bearer Identity) message, if Request Type does not indicate
handover and an EPS bearer was established and the subscription data indicates that the user is allowed to perform handover to
non-3GPP accesses, and if the MME selected a PDN GW that is different from the PDN GW identity which was indicated by the HSS
in the PDN subscription context, the MME shall send a Notify Request including the APN and PDN GW identity to the HSS for
mobility with non-3GPP accesses. The message shall include information that identifies the PLMN in which the PDN GW is located.
Step 26. The HSS stores the APN and PDN GW identity pair and sends a Notify Response to the MME
*What is measurement Gap in LTE: -The UE needs measurement gaps in order to perform inter-frequency and inter-RAT
measurements. Typical LTE gap length is 6 MS which accommodates 5 MS measurement time (PSS and SSS are transmitted once
every 5 MS) and RF re-tuning time of 0.5 MS before and after the measurement gap.
*TCP: -Transmission Control Protocol (TCP) plays a key role in ensuring network stability and increased Quality of Service (QOS).

Timer Start Stop At expiry

T300 Transmission of RRCConnectionRequest Reception of RRCConnectionSetup or Perform the actions as specified

RRCConnectionReject message, cell re- in 5.3.3.6
selection and upon abortion of connection
establishment by upper layers

T301 Transmission of Reception of RRCConnectionReestablishment Go to RRC_IDLE

RRCConnectionReestabilshmentRequest or RRCConnectionReestablishmentReject
message as well as when the selected cell
becomes unsuitable
 T302 Reception of RRCConnectionReject while Upon entering RRC_CONNECTED and upon Inform upper layers about
performing RRC connection establishment cell re-selection barring alleviation as specified
in 5.3.3.7

T303 Access barred while performing RRC Upon entering RRC_CONNECTED and upon Inform upper layers about
connection establishment for mobile cell re-selection barring alleviation as specified
originating calls in 5.3.3.7

T304 Reception of Criterion for successful completion of In case of cell change order
RRCConnectionReconfiguration message handover to EUTRA or cell change order is from E-UTRA or intra E-UTRA
including the MobilityControl Info or met (the criterion is specified in the target handover, initiate the RRC
reception of MobilityFromEUTRACommand RAT in case of inter-RAT) connection re-establishment
message including CellChangeOrder procedure; In case of handover
to E-UTRA, perform the actions
defined in the specifications
applicable for the source RAT.

T305 Access barred while performing Upon entering RRC_CONNECTED and upon Inform upper layers about
RRCconnection establishment for mobile cell re-selection barring alleviation as specified
originating signalling in 5.3.3.7

T310 Upon detecting physical layer problems i.e. Upon receiving N311 consecutive in-sync If security is not activated: go to
upon receiving N310 consecutive out-of- indications from lower layers, upon triggering RRC_IDLE
sync indications from lower layers the handover procedure, and upon initiating
the connection re-establishment procedure else: initiate the connection re-
establishment procedure

T311 Upon initiating the RRCconnection Selection of a suitable E-UTRA cell or a cell Enter RRC_IDLE
reestablishmentmprocedure using another RAT.

T320 Upon receiving t320 or upon cell Upon entering RRC_CONNECTED, when Discard the cell reselection
(re)selection to E-UTRA from another RAT PLMN selection is performed on request by priority information provided
with validity time configured for dedicated NAS, or upon cell (re)selection to another by dedicated signaling.
priorities (in which case the remaining RAT (in which case the timer is carried on to
validity time is applied). the other RAT).

T321 Upon receiving measConfig including a Upon acquiring the information needed to Initiate the measurement
reportConfig with the purpose set to set all fields of cellGlobalId for the requested reporting procedure, stop
reportCGI cell, upon receiving measConfig that includes performing the related
removal of the reportConfig with the purpose measurements and remove the
set to reportCGI corresponding measId

3GPP SPECIFICATIONS TO F OLLOW IF YOU ARE A UETESTI NG ENGINEER:

Layer 1:Physical Layer:
 TS 36.201 :General descri ption of physical layer
 TS 3 6.211 : Physical Channels
 TS 36.213:Physical layer procedures
 TS 36.214: Physical layer measurements
Layer 2:
 MAC:TS 3 6.321
 RLC :TS 3 6.322
 PDCP: TS 36.323
Layer 3:

 RRC: TS 36 .331
NAS Layer:
 TS 24.301:For EMM,ESM procedures
 TS 24 .007 :General a spects of Layer 3 signaling
 TS 24.008:Core Network Protocols (Additional)
Additional Specs to follow:
 36:413: S1AP Protocol
 36.423: X2AP Protocol
Test Specification Test Case Type
3GPP TS 36.521-1 Lte RF Conformance Test Cases
3GPP TS 36.523-1 Lte & Lte-A Protocol Test Cases
3GPP TS 34.229-1 Ims Test Cases (Including Volte Ir92, Sms Over Ims,Emergency Call,Video Ir94)
3GPP TS 34.123-1 UMTS Protocol Test Cases
3GPP TS 51.010-1 GERAN Protocol Test Cases and SIM Test Cases
3GPP TS 51.010-4 SIM Application Toolkit Test Cases
3GPP TS 31.121 USIM TEST CASES
3GPP TS 31.124 USAT CONFORMANCE TEST CASES
3GPP TS 37.901 LTE Data Throughput Performance Test Cases
3GPP TS 27.007 AT command set for User Equipment (UE)
3GPP TS 11.11 Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME)
3GPP TS 23.272 CSFB (CIRCUIT SWITCH FALLBACK)
*FGI: - Feature Group Indicators (FGI bits) is a special Information Element (IE) within UE Capability Information message. The
parameters other than FGI in UE Capability Information message provides information about physical layer capability e.g., UE-
Category, supported Bands, Carrier Aggregation band combination etc. Feature Group Indicator provides information about radio
protocol aspects.
FGI information is used by eNodeB or MME before they set up any procedure for a specific UE. This helps the eNodeB and MME to
avoid to direct UE to do something that is not supported.
Q) What is Radio link f ailure all about: -We wi ll see RLF's in our daily scenari os but we don't know ex act cause of R LF. It can be
either from UE side or Network side.
RLF is defined as Physica l layer break.
*Below Reasons f or RLF from UE side,
1. The Measured RSRP Value is too low (under a Certain Limit)
2. 1t f ailed to decode PDCCH due to pow er Signal Quality(e.g,lowRSRP,RSRQ)
3. It Failed decode PDSCH due to power signal Quality(e.g,lowRSRP,RSRQ).
*Below reasons f or RLF from Network side,
1) SINR from UE is much lower than what eNB Configured for the UE.
2) eNB Could not detect any NACK nor ACK from UE f or PDSCH.
*What is network stress testing: - Stress testing of a network is the practice of deliberately and intensely testing it by overloading it with
all – or as many as possible protocols (TCP, IP, UDP, and ICMP, etc.) and data types (audio, video, image, etc.).

*eNB
*What is Dual SIM and Dual Connect?
Dual Sim Dual Standby (DSDS), uses a physical SIM card and eSIM to connect to two networks at once. Only one network is used at
a time, but Dual Connect makes the switch between networks much faster and more seamless. Users can be watching a video and
the network can switch without causing the video to buffer or stop. Both networks are constantly ready for action.
with Dual SIM Dual Standby network switching is possible but the only problem is it can sometimes hang on a poor connection for
too long before switching, with Dual Connect it is possible to make the network switching experience much better.
How it works: -Connecting to two networks at once is possible with Dual Sim Dual Standby (DSDS) hardware. While one network is
used at a time for sending data or making phone calls, dual connect technology improves your connection by keeping both
networks ready for use at a moment’s notice, and allows for more frequent network switching. To use DSDS to connect to two
networks simultaneously, it uses a SIM card and the eSIM at the same time.
Dual connect is offered by Google Fi service from Pixel 4 on-wards. Mobile phones have Fi intelligence, which switches between
multiple networks to put users on the best signal available. With Fi dual connect technology on Pixel phones, users can connect to
two networks at once including a 5G network which means one can switch to the best signal even more quickly and frequently.

5G NR deployment

Deployment modes of 5G NR are of two types: NSA (Non-Standalone) and SA (standalone). Initial 5G NR launches depend on the
existing 4G infrastructure and this mode is called NSA where the new network has to depend upon the existing infrastructure. SA
is a fully deployed mode with no dependence on the previous generation; it has its core network as 5GC. In the Non-Standalone
mode of 5G NR that refers to an option of 5G NR deployment that depends on the control, plane of an existing LTE, network for all
the control plane functions, while the 5G NR is completely focused on the data plane. The deployment’s standalone mode refers
to using 5G cells for both the signaling and the data transfer. It includes the new 5G core instead of relying on the LTE
infrastructure. DSS (Dynamic spectrum sharing) is a technique where carriers may dynamically share between 4G LTE and 5G NR.
The terminals need to be compatible with DSS.
*What is 5G NSA and how it is working: -

In EPC-based NSA networking, if a UE supports both LTE and New Radio (NR) non-Standalone (NSA), it can connect that to Dual
connectivity (DC) to both an LTE eNB and NR gNB, and use resources provided by these base stations for data transmission.
Data can be split between the two base stations. Dual connectivity can be implemented using the aggregation of up to five
component carriers (CCs) on the eNodeB side and the aggregation of up to two CCs on the gNodeb side.

The main option used in 5G NSA is the option 3x where the LTE eNodeB is the master eNodeB (MeNB) and the NR gNodeb is the
secondary gNodeb (SgNB).
The user plane data can be split by the eNodeB or gNodeb
In Option 3x, the gNodeb is the data split anchor.
The gNodeb distributes the user-plane data to the enNodeb and itself, and the bearer is called the secondary cell group (SCG) split
bearer.
The Data is split at the PDCP layer of the SgNB to the RLC layer of the MeNB and the RLC layer of the SgNB, and then aggregated at
the PDCP layer of the UE Side
What are MeNB, SgNB,MCG and SCG?
MeNb:-The Master eNodeB (MeNb) of an NSA DC UE is the LTE eNodeB that serves the cell on which the UE is currently camping.
In this version, only an LTE eNodeB can be configured as a Menb
SgNB:-The secondary gNodeb (SgNB) of and NSA DC UE is the NR gNodeb configured for the UE through an RRC message sent by
MeNB. In this version, only an NR gNodeb can be configured as a SgNB.
MCG:-The master cell group (MCG) of an NSA DC UE is an LTE cell group configured on the LTE ide
SCG:-The secondary cell group (SCG) of an NSA DC UE is the NR Cell group configured on the NR Side
*Split Bearer: -Split bearer is a function to allow the split of data going to gNB from the core side into two paths, the 1st path
through the 5G air interface toward the UE and the 2nd one is toward X2 interface with the anchored eNB and then eNB will
transfer this data through the 4G air interface to the UE.
*ENDC:- ENDC is an NSA 5G architecture that allows smartphones to access both 5G and 4G LTE networks at the same time. A
key benefit of ENDC is that it combines the bandwidth of 5G and 4G LTE, effectively allowing carriers to take advantage of the
benefits of both network technologies simultaneously.
*5G NR Channels: -

At 5G similar to LTE there are three types of channels:

1- Logical Channels
2- Transport Channels
3- Physical Channels
At below we see more details about different channels and their responsibilities
- Logical Channels and their responsibilities:
The Broadcast Control Channel (BCCH): used for transmission of system information from the network to all devices in a cell. Prior
to accessing the system, a device needs to acquire the system information to find out how the system is configured and, in
general, how to behave properly within a cell. Note that, in the case of non-standalone operation, system information is provided
by the LTE system and no BCCH is used.
The Paging Control Channel (PCCH): used for paging of devices whose location on a cell level is not known to the network? The
paging message therefore needs to be transmitted in multiple cells. Note that, in the case of non-standalone operation, paging is
provided by the LTE system and there is no PCCH.
The Common Control Channel (CCCH): used for transmission of control information in conjunction with random access.
The Dedicated Control Channel (DCCH): used for transmission of control information to/from a device. This channel is used for
individual configuration of devices such as setting various parameters in devices.
The Dedicated Traffic Channel (DTCH): used for transmission of user data to/from a device. This is the logical-channel type used
for transmission of all unicast uplink and downlink user data.
Transport Channels and their responsibilities:
The Broadcast Channel (BCH) has a fixed transport format, provided by the specifications. It is used for transmission of parts of
the BCCH system information, more specifically the so-called Master Information Block (MIB)
The Paging Channel (PCH) is used for transmission of paging information from the PCCH logical channel. The PCH supports
discontinuous reception (DRX) to allow the device to save battery power by waking up to receive the PCH only at predefined time
instants
The Downlink Shared Channel (DL-SCH) is the main transport channel used for transmission of downlink data in NR. It supports
key NR features such as dynamic rate adaptation and channel-dependent scheduling in the time and frequency domains, hybrid
ARQ with soft combining, and spatial multiplexing. It also supports DRX to reduce device power consumption while still providing
an always-on experience. The DL-SCH is also used for transmission of the parts of the BCCH system information not mapped to the
BCH. Each device has a DL-SCH per cell it is connected to. In slots where system information is received there is one additional DL-
SCH from the device perspective.
The Uplink Shared Channel (UL-SCH) is the uplink counterpart to the DL-SCH— that is, the uplink transport channel used for
transmission of uplink data.
Physical Channels and their responsibilities: A physical channel correspond to the set of time-frequency resources used for
transmission of a particular transport channel and each transport channel is mapped to a corresponding physical channel, as
shown in figure in addition to the physical channels with a corresponding transport channel, there are also physical channels
without a corresponding transport channel. These channels, known as L1/L2 control channels, are used for downlink control
information (DCI), providing the device with the necessary information for proper reception and decoding of the downlink data
transmission, and uplink control information (UCI) used for providing the scheduler and the hybrid-ARQ protocol with information
about the situation at the device.
The Physical Downlink Shared Channel (PDSCH) is the main physical channel used for unicast data transmission, but also for
transmission of, for example, paging information, random-access response messages, and delivery of parts of the system
information.
The Physical Broadcast Channel (PBCH) carries part of the system information, required by the device to access the network.
The Physical Downlink Control Channel (PDCCH) is used for downlink control information, mainly scheduling decisions, required
for reception of PDSCH, and for scheduling grants enabling transmission on the PUSCH.
The Physical Uplink Shared Channel (PUSCH) is the uplink counterpart to the PDSCH. There is at most one PUSCH per uplink
component carrier per device.
The Physical Uplink Control Channel (PUCCH) is used by the device to send HARQ acknowledgments, indicating to the gNB
whether the downlink transport block(s) was successfully received or not, to send channel-state reports aiding downlink channel-
dependent scheduling, and for requesting resources to transmit uplink data upon.
The Physical Random-Access Channel (PRACH) is used for random access.
*5G when is a random-access procedure used: -

In 5G, a random-access procedure is performed in the following situations:

 During initial access from RRC idle or for an RRC connection set up During RRC connection reestablishment.
 Transition from inactive state.
 Request for other Sl. There are two types of System Information (SI): Minimum Sl and Other Sl. Minimum SI is periodically
broadcast and is information required for initial access. Other information is basic or important not broadcasted and is
requested by the UE.
 During handover to allocate the scheduling grant from the target eNB.
 If uplink synchronization is lost during RRC_CONNECTED and/or DL or UL data.
Arrives 5G supports two types of random-access procedures:
1. Contention-Free Random-Access Procedure: This procedure is initiated by the gNB with the transmission of a random-access
preamble assignment. The UE uses the preamble from this information to initiate a random-access procedure. Hence, the random-
access procedure is always successful. However, this procedure can be used only by the UE that is already in communication with
an eNB (during handovers), thereby reducing the latency.
2. Contention-Based Random-Access Procedure: This procedure is initiated by the UE by transmitting a random preamble.
*NSSF: - The Network Slice Selection function (NSSF) supports the selection the set of network slice instances serving the UE, by
determining the AMF (Access and Mobility Management function) set to be used to serve the UE, or, based on configuration a list
of candidate AMFs, possibly by querying the NRF (Network repository Function).

*5G Lab Architecture

*Modules
AMF:-It is a control plane function in 5G core network. The main functions and responsibilities of AMF are: Registration
Management, Reach-ability Management, Connection Management, Mobility Management, UE mobility event notifications, Access
authentication and authorization, NAS integrity protection and ciphering.

SMF:-Session Management Function (SMF) is a fundamental element of the 5G Service-Based Architecture (SBA). The SMF is
primarily responsible for interacting with the decoupled data plane, creating updating and removing Protocol Data Unit (PDU)
sessions and managing session context with the User Plane Function (UPF).

UPF:-The User Plane Function (UPF) represents the data plane evolution of a Control and User Plane Separation (CUPS) strategy,
which is a fundamental component of the 3GPP 5G core network (5GC). The UPF plays the most critical role in the process of data
transfer. It provides the interconnect point between the mobile infrastructure and the Data Network (DN), i.e., encapsulation and
Decapsulation of GTP-U.
UDR:-Unified Data Repository (UDR) is a converged database that stores and manages subscriber data, SIM identities, and network
service configurations. The UDR is used by multiple network functions such as PCF, UDM, and NEF to store service-specific
parameters to be provisioned in the network for devices to use the service.

PCF:-The Policy Control Function (5G PCF) uses the policy subscription information stored in the User Data Repository (UDR) to
provide policy rules to network functions (SMF/AMF). It uses a standard REST-based interface to integrate with AMF for access and
mobility policy and with SMF for session management policy.

NSSF:-The NSSF (Network Slicing Selection Function) system is a solution to select the optimal network slice available for the
service requested by the user in the 5G environment where various services are provided.

NRF:-Network Repository Function (NRF) supports the service discovery feature, which receives NF discovery requests from NF
instances and provides information about the discovered NF instance (discovered) to another NF instance. Registration information
includes NF type, address, service list, etc.

AUSF:-As a major part of 5GC to facilitate security processes, AUSF performs the authentication function of identifying UEs and
storing authentication keys.

UDM:-UDM is a centralized way to process network user data in 5G through Nudm interfaces to provide services for AMF, SMF,
SMSF and AUSF. It also provides services such as authorization of accessing, registration, uninterrupted services.

SBI:-The most outstanding change in the 5G Core Control plane is induction of Service based Interface (SBI) or Service based
Architecture (SBA) from traditional Point-to-Point network architecture. With this new change, except for a few interfaces such as
N2 and N4, almost every interface is now defined to use unified interface, using HTTP/2 protocol.

NGAP: -The NG Application Protocol (NGAP) provides the control plane signaling between NG-RAN node and the Access and
Mobility Management Function (AMF). The services provided by the NGAP are divided to UE associated and non-UE associated.
Different categories of NGAP signaling procedures include PDU Session Management, UE Context Management, UE Mobility
Management, Paging Procedures, Transport of NAS messages, Interface Management, Configuration Transfer, and Warning
Message Transmission
AF: -Application Function (AF) supports application influence on traffic routing, accessing NEF, interaction with policy framework
for policy control.

*Interface

N1: -The N1 interface is a transparent interface from User Equipment (UE) to the AMF. It is used to transfer UE information
(related to connection, mobility and sessions) to the AMF.

N2: -N2 interface supports control plane signaling between RAN and 5G core-covering scenarios related to UE context
management, PDU session/resource management procedures.

N3: -N3 interface performs the role of conveying user data from the RAN to the User Plane Function, making it possible to create
both low- and high-latency services.

N4: -N4 Interface is the bridge between the control plane and the user plane. As such, it is the conduit for PDU session
management and traffic steering towards the UPF and PDU usage and event reporting towards the SMF.

N6: -The N6 interface plays the same role in the 5G network, providing connectivity between the User Plane Function (UPF) and any
other external (or internal) networks or service platforms, such as the Internet, the public cloud or private clouds.

N7: -N7 interface to trigger session management policies towards Session Management Function (SMF). SMF controls the User
plane Function (UPF). It translates policies received from the PCF to a set of directives/information understood to the UPF and then
forwards it to the UPF.

N10: -N10 can emulate UDM within the 5G Core offering services to the SMF via the Nudm service-based N10 interface
respectively. The 5G network represents the service-based interface, with focus on N10 between UDM and SMF. Following services
via the Nudm service-based N10 interface respectively: Nudm_SubscriberDataManagement Services,
Nudm_UEContextManagement Services

N11: -N11 interface represent a trigger to add, modify or delete a PDU session across the user plane. The SMF sends messages to
the UPF over the N4 reference interface using the Packet Forwarding Control Protocol (PFCP).

N12: -N12 emulates Authentication Server Function (AUSF) within the 5G Core offering services to the Access and Mobility
Management Function (AMF) via the ausf service-based N12 interfaces. The 5G network represents the service-based interface,
with focus on the AUSF and AMF.

N13: -N13 interface within the 5G Core offering services to the User Data Management (UDM) via the Nausf and Nudm service-
based N13 interface respectively. The 5G network represents the service-based interface, with focus on N13 between AUSF and
UDM.

Xn: - the Xn interface supports the exchange of signaling information between two NG-RAN nodes, and the forwarding of PDUs
to the respective tunnel endpoints; - from a logical standpoint, the Xn is a point-to-point interface between two NG-RAN nodes.

RU:
This is the radio unit that handles the digital front end (DFE) and the parts of the PHY layer, as well as the digital beam forming
functionality. 5G RU designs are supposed to be “inherently” intelligent, but the key considerations of RU design are size, weight,
and power consumption.
DU:
This is the distributed unit that sits close to the RU and runs the RLC, MAC, and parts of the PHY layer. This logical node includes a
subset of the eNB/gNB functions, depending on the functional split option, and its operation is controlled by the CU.
CU:
This is the centralized unit that runs the RRC and PDCP layers. The gNB consists of a CU and one DU connected to the CU via Fs-C
and Fs-U interfaces for CP and UP respectively. A CU with multiple DUs will support multiple gNBs. The split architecture enables a
5G network to utilize different distribution of protocol stacks between CU and DUs depending on midhaul availability and network
design. It is a logical node that includes the gNB functions like transfer of user data, mobility control, RAN sharing (MORAN),
positioning, session management etc., with the exception of functions that are allocated exclusively to the DU. The CU controls the
operation of several DUs over the midhaul interface.

*CSI-RS (Channel State Information Reference Signal): - is a mechanism that a UE measure various radio channel quality and report
the result to Network(gNB).

Channel state information (CSI) is the way of indicating certain reports by the UE to the network. These are well defined reporting
parameters and comprises of:

 Channel Quality Indicator (CQI)

 Precoding Type Indicator (PTI)
 Precoding Matrix Indicator (PMI)
 Rank Indicator (RI)
 Layer Indicator (LI)

5G Base Stations can configure the UEs to use CSI-RS for:

 Beam Management (CQI, RI, PMI Measurements): Measurements should be sent by UE to Base Stations in order to
understand and estimate the correct direction of beams.
 Connected Mode mobility: For calculating RSRP, RSRQ, SINR
 Radio link failure detection: To check if channel is out of sync or in sync
 Beam failure detection and Recovery: Based on estimation of such signals, UE can be forced to perform contention free
random-access attempt (when Base Station assigns dedicated preamble)
 Time and Frequency Synchronization (Tracking Reference Signals)
 Coordination and Multi Point transmission
▪️Frame Structure in LTE
✔️LTE Radio Frame duration= 10ms
✔️Sub-frame duration= 1ms
✔️Time Slot duration= 0.5ms
✔️Symbol duration= 0.5ms/7
✔️Symbol count= 7 in Normal CP, 6 Extended CP
✔️Sub-carrier Bandwidth= 15 KHz
✔️Sub-carrier count in 1 PRB= 12
✔️Transmission Time Interval= 1ms

"

✔️✔️✔️✔️✔️✔️✔️✔️✔️✔️✔️ ✔️✔️✔️✔️✔️✔️✔️✔️ "

✔️✔️✔️✔️✔️✔️✔️✔️✔️✔️✔️✔️ ✔️✔️✔️✔️✔️✔️✔️✔️ (✔️✔️✔️) is a new solution that aims to improve the mobility robustness & reducing the number of HO
failure.

✔️ In ✔️✔️✔️, instead of preparing one target cell, Multiple candidate target cells are prepared.

✔️ Then HO command is sent to the UE earlier than Normal HO, where the radio conditions are still good.

✔️✔️✔️✔️✔️✔️✔️✔️✔️✔️ ✔️✔️✔️ ✔️✔️✔️✔️✔️✔️✔️✔️✔️✔️✔️ ✔️✔️✔️✔️✔️✔️✔️✔️ :

✔️ Conditional handover (✔️✔️✔️) is introduced for 5G NR as part of 3GPP Release 16
✔️ Conditional handover can improve Handover Success rate
✔️ ✔️✔️✔️ is possible for both 5G NR as well as 4G LTE
✔️ In ✔️✔️✔️, Candidate gNB as well as the potential Target gNBs will provide the configuration
✔️ Source gNB provides an Execution condition(s) for the UE regarding the time to trigger the ✔️✔️✔️.

✔️✔️✔️✔️:
✔️ If the UE is configured using ✔️✔️✔️ Configuration and, before the ✔️✔️✔️ execution condition has been satisfied, a different HO
Command delivered by the gNB then UE will initiate Handover in response to the HO Command that was received and does not
have to have to wait to see if any of the conditions to be satisfied.
✔️ The Legacy HO Configuration is taken priority over ✔️✔️✔️ Configuration (if set).

*What is GUTI in LTE?

GUTI stands for Global Unique Temporary Identifier GUTI: - GUMME (48bit)+M-TMSI(32bit)
where GUMME:-PLMN ID(24bit)+MME(24bit)
And PLMN:- MCC(12bit)+MNC(12bit)
MME: - MMEGi(16bit) +MMEC(8bit)

▪️GUTI I'd assigned by the MME to UE during attached accept

▪️when UE initially attached to the network than it sends authentication message to MME to authenticate its self.
▪️UE remember this as ID, GUTI can change to new value even when it's attached to network. GUTI is allocated during
☆ATTACHED
☆TAU
RNTI: -RNTI stands for Radio Network Temporary Identifier.
RNTI is used to identify one specific radio channel from other radio channel and one UE from another UE.
Q: -What are the types of RNTI's we used in LTE?
Answer: P-RNTI: It stands for Paging RNTI. Used for Paging Message.
SI-RNTI: It stands for System Information RNTI. Used for transmission of SIB messages
RA-RNTI: It stands for Random Access RNTI. Used for PRACH Response.
T-CRNTI: It stands for Temporary C-RNTI. Mainly used during RACH.
C-RNTI: It stands for Cell RNTI. Used for the transmission to a specific UE after RACH.
SPS-C-RNTI: It stands for Semi persistence Scheduling C-RNTI
NOTE: We have other RNTI's as well but I am not explaining here.
ANSWER: At the time of initial UE registration with the network, Network will assign the sequences of the RNTI's for each and every
User, that are first will assign P-RNTI, SI-RNTI, RA-RNTI, T-CRNTI, C-RNTI.
C-RNTI: It is a unique Identification used for identifying RRC Connection and scheduling which is dedicated to a particular UE. The
gNB assigns different C-RNTI values to different UEs. The gNB uses C-RNTI to allocate a UE with uplink grants, downlink
assignments, etc. C-RNTI is used by gNB to differentiate uplink transmissions (e.g., PUSCH, PUCCH) of a UE from others.