A Guide to Mobile Network Architectures

Share This Article

The Main Components of a Mobile Network

The main components of a mobile network can be broadly categorised into three segments: the core network, the radio access network (RAN), and the user equipment.

1. User Equipment (UE):

This includes devices such as IoT devices, smartphones, tablets, and other mobile devices that can connect to the mobile network. They each must have the necessary hardware and software to access services provided by the local network. UE’s need a form of physical, embedded, or soft SIM to successfully authenticate the device on mobile networks. Without this element, the device cannot connect.

2. Radio Access Network (RAN):

Base Station (BS) or NodeB or eNodeB or gNodeB: Depending on the generation of the mobile network (2G, 3G, 4G, or 5G), these units might have different names but serve similar functions. They consist of radio transceivers, antennas, and associated electronics to facilitate communication between the user equipment and the core network.
Mobile Switching Centre (MSC)/Serving GPRS Support Node (SGSN): For 2G and 3G networks, these components handle the setup of calls on the network, the routing of calls and data, mobility management, and more.
Remote Radio Head (RRH): Often used in newer network deployments, RRHs are separated from the base station and placed closer to the antenna, reducing power loss over the cable and allowing for higher efficiency.

3. Core Network:

Home Location Register (HLR)/Home Subscriber Server (HSS): These are databases that contain details of the mobile network’s subscribers, including their profiles, authentication information, and location.
Mobile Switching Centre (MSC)/Serving Gateway (SGW): These components are responsible for call switching and routing, as well as mobility management in 2G/3G networks (MSC) and 4G networks (SGW), respectively.
Packet Gateway (PGW): In LTE networks, the PGW connects the mobile network to external networks like the internet, handling data routing and IP address allocation for the user equipment.
Policy and Charging Rules Function (PCRF): This component is responsible for policy enforcement, decision-making for flow-based charging, and ensuring quality of service (QoS) for data flows within the network.
Authentication Centre (AuC): A secure database storing secret keys for subscriber authentication and encryption to safeguard communication.

Each of these components work together to provide voice, data, and multimedia services to mobile users and IoT devices, with each playing a crucial role in the functioning and management of the mobile network.

The Role of SIM Cards

The purpose of a SIM card in an IoT device is to provide a unique identity to the device and enable it to connect to cellular networks. Here are a few specific functions of a SIM card in an IoT device:

1. Network Authentication: The SIM card contains unique identification numbers (such as the IMSI and ICCID) and security keys. These are used to authenticate the device on the cellular network, ensuring that the network knows the device is legitimate and authorised to connect.

2. Data Transmission: Once authenticated, the SIM card enables the IoT device to transmit data over the network. This is crucial for the device to send sensor readings, status updates, or other data to a remote server or cloud platform.

3. Global Connectivity: Most IoT SIM cards are not tied to a specific network or region as they are subject to approved IoT roaming agreements. They can, therefore, connect to multiple networks around the world, providing global coverage. This is especially crucial for IoT applications that involve mobile or geographically dispersed devices.

4. Secure Communication: The SIM card also plays a role in ensuring the secure transmission of data. It is used to help encrypt the data being sent from the device, helping to protect it from interception or tampering.

In short, a SIM card in an IoT device provides the necessary interface for the device to connect, communicate, and transmit data securely over cellular networks.

IMSI & ICCID Identifiers

The unique identification numbers stored in a SIM card serve several important functions:

1. The International Mobile Subscriber Identity (IMSI) is a distinct number linked to mobile networks, stored in the SIM card. It identifies the subscriber on the network and is crucial for routing calls and messages to the correct device.

2. Integrated Circuit Card Identifier (ICCID): This is a unique serial number for the SIM card itself. It is used by the cellular network to identify the SIM card and can be used for activating the card, among other things.

These numbers are essential for the operation of the SIM card and the services it enables. They allow the network and the device to recognise each other, enabling the device to connect to the network, use data services, make calls, and send messages. Without these unique identifiers, the network would not know which device was trying to connect or where to route incoming calls and messages. In an IoT setting, they will reflect the security credentials of the IoT connectivity or roaming network infrastructure provider.

Breaking down the roles of IMSI and ICCID numbers and how they contribute to the connection process:

IMSI: (International Mobile Subscriber Identity)

1. Identification: The IMSI is a special code used to identify the mobile network subscriber. It is saved on the SIM card and sent to the network by the IoT device when trying to connect. This code is crucial for verifying the subscriber’s details during authentication and authorisation processes.

2. Roaming: When an IoT device roams from its home network to another network, the IMSI is used by the roaming network to lookup subscriber data in the Home Location Register (HLR) in the host core network. The HLR contains all the subscription details for that IMSI, including services available to the subscriber, and it is used to verify that the device is allowed to roam on the network.

3. Connection to Visitor Location Register (VLR): Once the IoT device is allowed to roam, the local radio network’s VLR is updated with the subscriber’s information from the HLR. The VLR maintains temporary information about subscribers that are currently within the jurisdiction of the VLR, including those that are roaming. This allows the network to manage calls and data sessions for the IoT device efficiently.

ICCID: (Integrated Circuit Card Identifier)

1. SIM Card Identification: The ICCID is a unique identifier for the SIM card itself. It is used by the network to identify the physical SIM card that the IMSI and subscriber data are associated with.

2. Provisioning and Activation: The ICCID is crucial during the initial provisioning and activation of the SIM card for the IoT device. It is used to ensure that the correct services are activated for the SIM and, by extension, the device.

3. Troubleshooting and Support: In case of connectivity issues or when changing or updating SIM cards in IoT devices, the ICCID is used to ascertain the specific SIM card in question, facilitating troubleshooting and customer support processes.

In summary, the IMSI and ICCID work together to ensure that IoT devices can securely and efficiently connect to mobile networks, including when roaming. The IMSI facilitates the device’s identification, authentication, and roaming capabilities, while the ICCID is used to identify and manage the SIM card within the device. Both are essential for the seamless operation of IoT devices in diverse network environments.

A detailed technical breakdown of how Multi-Network IoT SIM cards connect to a mobile network as a visitor:

1. Initial Connection: When a device with a Multi-Network IoT SIM card is switched on, the SIM card scans for available networks. It then tries to connect to a network that it has an agreement with.

2. Location Update Procedure: After connecting to the visited network, the Multi-Network IoT SIM card initiates a location update procedure with the visited network’s Base Station Controller (BSC) or Radio Network Controller (RNC). The BSC/RNC then communicates with the Mobile Switching Centre (MSC) or Serving GPRS Support Node (SGSN) of the visited network.

3. Authentication: The visited network’s MSC/SGSN sends an authentication request to the Home Location Register (HLR) or Home Subscriber Server (HSS) of the home network. This request includes the IMSI of the SIM card. The HLR/HSS then generates a random number and signs it with the authentication key (Ki) of the SIM card to produce an authentication triplet (random number, expected response, and cipher key) or quintet (in case of 3G and beyond). This is then sent back to the visited network’s MSC/SGSN.

4. Challenge Response Procedure: The visited network’s MSC/SGSN then sends the random number to the SIM card, which signs it with its own authentication key (Ki) to generate a response. If the response matches the expected response received from the HLR/HSS, the SIM is authenticated.

5. Update Location: Once authenticated, the visited network’s MSC/SGSN sends an update location message to the home network’s HLR/HSS. The HLR/HSS then cancels any previous registration of the SIM card and acknowledges the new location update.

6. Confirmation: The visited network’s MSC/SGSN then confirms the successful location update to the BSC/RNC, which in turn confirms it to the SIM card. The device is now registered on the visited network and can start sending and receiving data.

This is a complex process, and each step needs to occur without error for the device to successfully connect to the visited network. Importantly, all these steps happen within seconds without any intervention.

The Role of Other Key Core Network Elements in Circuit & Packet Data Mobile Networks

Circuit Switched to Packet Switched Mobile Networks

The transition from 2G/3G to 4G/LTE network architectures reflects several key aspects of the evolution in mobile network design, focusing on improved efficiency, greater scalability, enhanced performance, and support for new services. Here is how this transition mirrors the broader evolution of network architectures:

1. From Circuit-Switched to Packet-Switched: Earlier mobile generations relied heavily on circuit-switched technology for voice and simple data services. GGSN was a crucial component in this context, especially for 2.5G and 3G networks, facilitating packet-switched data transmission. The evolution towards 4G emphasised a fully packet-switched network, with PGW serving as a cornerstone in the LTE/SAE (System Architecture Evolution) architecture, enabling high-speed, efficient data services.

2. Increased Data Rates and Capacity: The shift to PGW in 4G networks is part of the industry’s response to the explosive growth in mobile data demand. LTE networks, with their flat, all-IP architecture, are designed to support significantly higher data rates and network capacity. The PGW plays a central role in managing and optimising data traffic, ensuring that users can enjoy faster download and upload speeds.

3. Enhanced QoS (Quality of Service) Capabilities: The PGW supports more sophisticated QoS and policy control mechanisms compared to the GGSN. This evolution reflects the need for more granular control over the network resources and services, enabling operators to offer differentiated levels of service, manage network congestion more effectively, and improve the overall user experience.

4. Support for IMS and VoLTE: The transition to PGW is also aligned with the broader adoption of the IP Multimedia Subsystem (IMS) for delivering voice over LTE (VoLTE) and other multimedia services. The PGW interfaces with the IMS core, facilitating seamless, high-quality voice and video services over the IP-based LTE network, something that was not inherently designed into the architecture involving GGSN.

5. Flexibility and Scalability: The LTE architecture, including the role of PGW, is designed to be more scalable and flexible than previous generations. This adaptability is crucial for supporting the rapidly growing number of connected devices and the diverse requirements of various applications, from high-definition video streaming to IoT (Internet of Things) connectivity.

6. Integration with Future Technologies: The evolution towards PGW and the LTE architecture lays the groundwork for further advancements in mobile technology, including the transition to 5G. The design principles and technologies developed for 4G networks, including the use of PGW, are foundational elements that are further evolved and expanded upon in 5G networks.

In summary, the transition from GGSN to PGW reflects the mobile industry’s shift towards more advanced, efficient, and flexible network architectures designed to meet the demands of the modern, connected world.

The Role of GGSN in Circuit Based 2G & 3G Networks

The GGSN (Gateway GPRS Support Node) plays a crucial role in a GPRS (General Packet Radio Service) network of both host and local mobile networks. Its main functions include:

1. Packet Routing: The GGSN acts as a network gateway between the GPRS network and external packet data networks that they connect to. It routes IP packets between these networks and the GPRS network, allowing data to be transmitted to and from GPRS-enabled devices.

2. IP Address Allocation: The GGSN is responsible for assigning IP addresses to GPRS devices. When a device connects to the GPRS network, the GGSN allocates a unique IP address to it. This allows the device to communicate with other devices on the internet or other IP-based networks.

3. Security: The GGSN provides security features to protect the data transmitted over the GPRS network. It authenticates the GPRS devices, ensuring that only authorised devices can connect to the network. It also implements encryption and other security measures to safeguard the data transmitted between the GPRS network and external networks.

4. Charging and Billing: The GGSN keeps track of the data usage for each GPRS device. It collects information about the volume of data transmitted and forwards this information to the billing system. This data is used to calculate the charges for data usage and generate billing records for the subscribers.

Overall, the GGSN plays a crucial role in enabling data communication over a GPRS network by routing packets, managing IP addresses, ensuring security, and facilitating charging and billing processes.

The Role of PGW in 4G Packet Data Networks:

In a 4G network, the role of the GGSN (Gateway GPRS Support Node) is replaced by the PGW (Packet Gateway). The PGW is a key element in the Evolved Packet Core (EPC) architecture of a 4G network and performs similar functions to the GGSN.

The PGW has several important roles in a 4G network:

1. Packet Routing: Similar to the GGSN, the PGW serves as a link between the 4G network and external packet data networks, like the internet. It routes IP packets between these networks and the 4G network, allowing data to be transmitted to and from 4G-enabled devices.

2. IP Address Allocation: The PGW assigns IP addresses to 4G devices when they connect to the network. It manages the allocation and reclamation of IP addresses to ensure efficient utilisation of available addresses.

3. Quality of Service (QoS) Management: The PGW manages the QoS for data traffic in the 4G network. It applies policies to prioritise and manage network resources based on the specific requirements of different applications and services.

4. Security: The PGW provides security features to protect the data transmitted over the 4G network. It authenticates the devices and implements encryption and other security measures to ensure the integrity and confidentiality of the data.

5. Charging and Billing: Similar to the GGSN, the PGW collects information about data usage and forwards it to the billing system. It is responsible for tracking and calculating the charges for data usage in the 4G network.

Overall, the PGW replaces the GGSN in a 4G network and performs similar functions while also providing enhancements to support the higher data speeds and advanced capabilities of 4G technology. It also helps mange billing session records between networks.

Packet Data Gateway (PGW) and Security

The Packet Gateway (PGW) plays a crucial role in ensuring the security of data transmitted over a 4G network. Here are some ways in which the PGW contributes to data security:

1. Authentication and Authorisation: The PGW verifies the identity of 4G devices and subscribers when they connect to the network. It ensures that only authorised devices and users are granted access to the network, preventing unauthorised access and potential security breaches.

2. Encryption: The PGW facilitates the encryption of data transmitted over the 4G network. It ensures that the data is encrypted using secure protocols, such as IPsec (Internet Protocol Security), to protect it from eavesdropping and unauthorised interception.

3. Firewall Protection: The PGW incorporates firewall functionality to safeguard the 4G network from malicious activities. It applies security policies to monitor and control the incoming and outgoing network traffic, blocking any suspicious or harmful data packets.

4. Intrusion Detection and Prevention: The PGW includes intrusion detection and prevention systems (IDPS) to identify and mitigate potential security threats. It analyses network traffic patterns in real-time to detect any abnormal behaviour that may indicate an intrusion attempt and takes appropriate actions to prevent the threat.

5. Traffic Segmentation: The PGW separates different types of network traffic and applies appropriate security measures to each segment. This helps in isolating sensitive data from other types of traffic and provides an additional layer of protection.

6. Security Policy Enforcement: The PGW enforces security policies defined by the network operator. It ensures that all data traffic adheres to the specified security requirements and protocols, minimising the risk of data breaches or unauthorised access.

By implementing these security measures, the PGW enhances the overall security of data transmitted over a 4G network, safeguarding it from potential threats and ensuring the privacy and integrity of the communication.

PGW, HLR & VLR Interactions in Packet Networks

The interaction between a PGW (Packet Gateway), VLR (Visitor Location Register), and HLR (Home Location Register) is key to establishing and managing the connectivity of an IoT (Internet of Things) device to a mobile network, especially in the context of LTE (Long Term Evolution) and cellular networks. Here is a simplified overview of how these components interact:

Initial Connection and Registration

1. IoT Device Activation: When an IoT device is powered on and attempts to connect to the network, it first communicates with the nearest cell tower. It sends its IMSI (International Mobile Subscriber Identity), stored on its SIM card, to the network.

2. Authentication with HLR: The IMSI is forwarded to the HLR, which is a central database that contains details of each mobile phone subscriber that is authorised to use the cellular network. The HLR authenticates the device using the IMSI and retrieves the subscriber’s profile, which includes information such as the subscriber’s service plan and features.

3. Information Sent to VLR: Once the authentication and authorisation are successful, the HLR sends the necessary information to the VLR associated with the area where the IoT device is currently located. The VLR temporarily stores information about the device, enabling it to manage calls and data sessions.

Data Session Establishment

1. Data Session Request: When the IoT device initiates a data session (for example, sending data to a cloud server), the request is handled by the serving cell tower and forwarded to the Serving Gateway (SGW).

2. SGW to PGW Connection: The SGW then routes the data to the PGW, which acts as the point of exit and entry of traffic from the LTE network to other networks, such as the public internet or specific enterprise networks.

3. IP Address Allocation: The PGW allocates an IP address to the IoT device for the duration of the data session and manages the data routing to and from the IoT device. This includes applying any policies or charging rules associated with the subscriber’s profile (retrieved from the HLR).

Ongoing Management and Mobility

Handover and Roaming: As the IoT device moves, it may need to connect through different cell towers or even different mobile networks (roaming). The VLR updates are continuously performed to ensure the device’s location is known, and the HLR can be queried again if the device roams to a different network’s area. The PGW ensures continuous data session connectivity, adapting the routing as necessary based on the device’s current location and network.

Session and Subscriber Management: Throughout the IoT device’s connectivity lifecycle, the PGW, VLR, and HLR interact as needed to manage the session and subscriber information. This includes updating location information, managing data sessions as the IoT device moves across different network areas, and applying the appropriate billing or charging policies based on the subscriber’s data usage.

In summary, the PGW, VLR, and HLR play crucial roles in establishing, managing, and maintaining the connectivity of an IoT device to a mobile network, ensuring seamless data communication and mobility management.

How do VPN Interact with these Core Network Systems in Packet Networks?

A VPN ensures secure transfer of sensitive data by creating an encrypted connection between a device and a network over the internet. It creates a secure “tunnel” from the device to the VPN server, and from there, to the destination network or internet. When an IoT device uses a VPN in conjunction with a mobile network that involves PGW (Packet Gateway), VLR (Visitor Location Register), and HLR (Home Location Register), the interaction changes slightly to incorporate the security and privacy aspects provided by the VPN. Here is how this interaction unfolds:

Initial Network Connection

IoT Device Connectivity: The IoT device connects to the mobile network in the usual manner. It communicates with the cell tower, and through the standard process, gets authenticated and authorised with the help of the HLR, and gets its location registered in the VLR.
Data Session Establishment: The IoT device establishes a data session through the network, facilitated by the SGW (Serving Gateway) and ultimately connected to the PGW, which routes the data traffic to and from the internet or other networks.

VPN Establishment

Initiating VPN Connection: Once the IoT device has established a basic internet connection through the PGW, it initiates a VPN connection. This involves the IoT device sending a request to connect to a VPN server, which could be located on the public internet or within a private network.
VPN Tunnel Creation: The VPN server authenticates the IoT device (using credentials, certificates, or another authentication method) and establishes a secure tunnel between the IoT device and the VPN server. This tunnel encrypts all data passing through it, ensuring that the information is secure from eavesdropping or interception.

Data Transmission via VPN

Encrypted Data Routing: All data sent from the IoT device is encrypted and routed through the VPN tunnel to the VPN server. From the perspective of the mobile network and the PGW, this data appears as normal internet traffic; however, the content is encrypted and unreadable.
PGW’s Role with VPN Traffic: The PGW continues to route the encrypted data packets between the IoT device and the VPN server without being able to decipher them. The PGW also applies any data session policies and charging as configured for the subscriber, but it does so based on the encrypted traffic.
Data Exit from VPN Server: Upon reaching the VPN server, encrypted data is decoded and sent to its final destination on the internet or a private network. Responses follow the reverse path, getting encrypted at the VPN server before being sent back to the IoT device through the mobile network and decrypted by the IoT device.

Mobility and Session Management

Mobility Handling: As the IoT device moves, it might switch cell towers or networks. The VLR and HLR updates ensure that the device’s location is known for call and data session management. However, the VPN session typically remains intact, as the VPN server maintains a consistent point of connection regardless of the IoT device’s network path.

In summary, when an IoT device uses a VPN over a mobile network, the PGW, VLR, and HLR handle the initial connectivity and mobility aspects as usual. However, the data transmitted between the IoT device and the VPN server is encrypted, creating a secure and private communication channel. The VPN adds a layer of security on top of the existing network infrastructure, ensuring that the IoT device’s data is protected throughout its journey across the network.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.