Sunday, November 29, 2009


dynamic_cast can be used only with pointers and references to objects.

Therefore, dynamic_cast is always successful when we cast a class to one of its base classes

Its purpose is to ensure that the result of the type conversion is a valid complete object of the requested class.

dynamic_cast requires the Run-Time Type Information (RTTI) to keep track of dynamic types.

class CBase { };
class CDerived: public CBase { };

CBase b; CBase* pb;
CDerived d; CDerived* pd;

pb = dynamic_cast(&d); // ok: derived-to-base
pd = dynamic_cast(&b); // wrong: base-to-derived
The second conversion in this piece of code would produce a compilation error since base-to-derived conversions are not allowed with dynamic_cast unless the base class is polymorphic.

dynamic_cast can also cast null pointers even between pointers to unrelated classes, and can also cast pointers of any type to void pointers (void*).

Static Cast

static_cast can perform conversions between pointers to related classes
not only from the derived class to its base, but also from a base class to its derived.

ensures that at least the classes are compatible if the proper object is converted

no safety check is performed during runtime to check the overhead of the type-safety checks of dynamic_cast is avoided.
"class CBase {};
class CDerived: public CBase {};
CBase * a = new CBase;
CDerived * b = static_cast(a);
This would be valid, although b would point to an incomplete object of the class and could lead to runtime errors if dereferenced.

static_cast can also be used to perform any other non-pointer conversion that could also be performed implicitly, like for example standard conversion between fundamental types:
"double d=3.14159265;
int i = static_cast(d); "

Any conversion between classes with explicit constructors or operator functions as described in "implicit conversions" above.

Tuesday, November 24, 2009

Friend Functions in C++


==> adding a Friend function to a class template

Lesson1 :
void f (int);

template <> class A
friend void f (int);

A <> xi;
A<> xs;

In each instance of the Class A , f() functin is friend.

Lesson 2 :

When we are declaring a class as a friend of another class For ex:

class Brother


class Sister
friend Brother; // Incorrect - Compilation error

The above will give compilation error, because friend declarations should have elaborated type specifiers. So, Sister class should be

class Sister
friend class Brother; // Correct No compilation error

Lesson 3 :
Making a template as a friend to another template

template <>
class Brother


class Sister

template <> friend class Brother;

above, every specialization of Brother (eg: Brother, Brother) will be a friend every specialization of Sister.

Lesson 4 :

Restricting friendship for only particular specialization

template <>
class Sister
friend class Brother <>;
friend class Brother <>;

In above example, only the elderBrother and youngerBrother instances of Brother are friend classes to Sister class.(Not every instance of Brother)

Lesson 5 : Function Templates

Making friend function for Function Templates is little tricky and complex as it is not straightforward as above. For example:

class PhoneBook


template <>
int getCount(typename T, int maxRange)


To make the getCount() function as friend function for the class PhoneBook:

class PhoneBook ; //Forward Delcaration

template <>
int getCount(typenname T, int maxRange)
//Defination of functiont emplate

class PhoneBook

friend int getCount<> (typeName T, int maxRange);

If we would like to avoid forward declaration of class followed with Function template defination and then follwed by including in class or class template. we can do the same in single stretch as below

class PhoneBook

public :
friend int getCount(typeName T, int maxRange)
//Implement here

To make a specialized version of getCount function template as a friend to PhoneBook then we can do as below
class PhoneBook
friend int getCount<>(typeName T, int maxRange); //Where TELUGU may be another class or type

and implementation would be similar to function template with specialization as below:

template < >
int getCount<>(typeName T, int maxRange)
//Special implemenmtation for TELUGU

template <>
int getCount(typeName T, int maxRange)

//Generic implementation for other than TELUGU type.

Or as below (copy pasted from stl_hashtable.h)
template <>
class hashtable
template <>
friend bool operator== (const hashtable<>&, const hashtable<>&);
If we define the specialization of function template within the friend declaration it will give compilation error.

Friday, November 20, 2009

Using LibUMem to find memory leaks


Will not be supported in all versions of Solaris. Support starts from Solaris 10.

Usage: Finding memory leaks
UseCase: Let us suppose we have one executable process is causing memory leak which is observed through prstat or by any other means.

Steps to be followed to find the same:

Program: 1.C


bash-3.00$ cat 1.C

using namespace std;

char * functionName()

time_t current,c6;
struct tm *before6Days;
char result[11];

current = time(NULL);
c6 = current - (6 * 3600 *24);
before6Days = localtime(&c6);
sprintf(result,"%02d/%02d/%04d", before6Days->tm_mon+1, before6Days->tm_mday, before6Days->tm_year+1900);
printf("\n Result : [%s]", result);
return result;

int main()

char *dateRequired ;
dateRequired = (char *) malloc(11);
dateRequired = functionName();
printf("\n Result in main [%s]", dateRequired);
int test;
scanf("%d", &test);
return 0;

$ CC test.C -o Test.TASK &

bash-3.00$ ./a.out &
[1] 9988
Result : [11/02/2009]
Result in main [11/02/2009]

[1]+ Stopped ./Test.TASK

**************The program is stopped because it is waiting to accet the value for the scanf statement ****

1) Before executing the process . We should set the environment. for example we are setting up the environment through bash shell

bash$export UMEM_DEBUG=default
bash$export UMEM_LOGGING=transaction

2) We will execute the use case which is causing the memory leak. after that
bash$ gcore `pgrep Test.Task` // Dumping core for the task which is causing memory leak in the same shell

3) We will get core file for the Test.task . some times in the same directory from where we executed. or some times it is asper $coreadm command settings (where the core files path is configured)

4) lets us suppose the core file name is core.9988(generally core gets genertaed with core. )

bash-3.00$ mdb core.9988
Loading modules: [ ] ***Here we can obsver it loaded****
> $G
C++ symbol demangling enabled
> $C //to get back trace
ffbff7a8`_read+8(ff06c7bc, 82, ffffffff, ff3ee0f8, 1, 0)
ffbff808`__doscan_u+0x6dc(82, ff06c06a, ffbff990, 64, ff06c7bc, 0)
ffbffa18`vscanf+0x88(1115d, ffbffb20, ff06c7bc, 3faf0, ff069288, ff068284)
ffbffa78`scanf+0x1c(1115d, ffbffb3c, 0, ff06c7da, ff068284, 1d)
ffbffad8 main+0x30(1, ffbffbac, ffbffbb4, 21000, ff390740, ffbffabd)
ffbffb48 _start+0x108(0, 0, 0, 0, 0, 0)
> ::findleaks
0004e508 1 000cc4b0 main+4
Total 1 buffer, 24 bytes
/* Here it is showing a buffer at 000cc4b0 called by main function is giving leak */
> 000cc4b0$ ::umalog
T-0.000000000 addr=7d100 umem_alloc_12288`umem_cache_alloc+0x13c`umem_alloc+0x60`malloc+0x28`get_zone+0x78`getsystemTZ+0x10c`localtime_r+0x1c

T-0.000193583 addr=c7fc0 umem_alloc_24`umem_cache_alloc+0x13c`umem_alloc+0x60`malloc+0x28
> ::umem_log
1 00032b54 0007d100 bd1486f5f64da 00000001
1 00032af0 000c7fc0 bd1486f5c70ab 00000001
1 00032a8c 000c5f00 bd1486f4f4158 00000001
1 00032a28 0008dda8 bd1486f4d9790 00000001
1 000329c4 0008ddd8 bd1486f4d8e1f 00000001
1 00032960 0008de08 bd1486f4cfafc 00000001
1 000328fc 0008de38 bd1486f4cf18c 00000001
1 00032898 0008de68 bd1486f4b7409 00000001
1 00032834 0008de98 bd1486f4b694b 00000001
1 000327d0 00099fe0 bd1486f475077 00000001
1 0003276c 00099fe0 bd1486f45f7bd 00000001
1 00032708 0006bf18 bd1486f3d580e 00000001
1 000326a4 0006bf50 bd1486f3d4486 00000001
1 00032640 00095f88 bd1486f3d07fa 00000001
1 000325dc 0008dec8 bd1486f398c0d 00000001
1 00032578 0008def8 bd1486f39843d 00000001
1 00032514 00080140 bd1486f397bc6 00000001
1 000324b0 0008df28 bd1486f394182 00000001
1 0003244c 0008df58 bd1486f393a05 00000001
1 000323e8 00083180 bd1486f392fee 00000001
1 00032384 0008df88 bd1486f38f020 00000001
1 00032320 0008dfb8 bd1486f38e609 00000001
1 000322bc 000861c0 bd1486f34093e 00000001
1 00032258 0006bf88 bd1486f28bf98 00000001
1 000321f4 00065f80 bd1486f28b1ec 00000001
1 00032190 0005bf28 bd1486f28a346 00000001
1 0003212c 00071f88 bd1486f2842ec 00000001
1 000320c8 0006bfc0 bd1486f24c4b7 00000001
1 00032064 00065fc0 bd1486f1ffc1b 00000001
1 00032000 0005bf88 bd1486f1ba6bb 00000001
0002abb8 00000000 0 00000000
0002ac1c 00000000 0 00000000
0002ac80 00000000 0 00000000
0002ace4 00000000 0 00000000
0002ad48 00000000 0 00000000
0002adac 00000000 0 00000000
0002ae10 00000000 0 00000000
0002ae74 00000000 0 00000000
0002aed8 00000000 0 00000000
0002af3c 00000000 0 00000000
0002afa0 00000000 0 00000000
0002b004 00000000 0 00000000
0002b068 00000000 0 00000000
In above we can see the number of transactions in which CPU1 is executing around 30.
From : 1 00032b54 0007d100 bd1486f5f64da 00000001
To : 1 00032000 0005bf88 bd1486f1ba6bb 00000001---
> 000cc4b0$ c7fc0/10X
0xc7fc0: 13 3a10bfed baddcafe baddcafe baddcabb
baddcafe feedface 12a2 cc4b0 a11c0c5d

/* The below shows there is no memory corruption as such in our program, but only memory leak)
> ::umem_verify
Cache Name Addr Cache Integrity
umem_magazine_1 4c008 clean
umem_magazine_3 4c288 clean
umem_magazine_7 4c508 clean
umem_magazine_15 4c788 clean
umem_magazine_31 4ca08 clean
umem_magazine_47 4cc88 clean
umem_magazine_63 4cf08 clean
umem_magazine_95 4d188 clean
umem_magazine_143 4d408 clean
umem_slab_cache 4d688 clean
umem_bufctl_cache 4d908 clean
umem_bufctl_audit_cache 4db88 clean
umem_alloc_8 4e008 clean
umem_alloc_16 4e288 clean
umem_alloc_24 4e508 clean
umem_alloc_32 4e788 clean
umem_alloc_40 4ea08 clean
umem_alloc_48 4ec88 clean
umem_alloc_56 4ef08 clean
umem_alloc_64 4f188 clean
umem_alloc_80 4f408 clean
umem_alloc_96 4f688 clean
umem_alloc_112 4f908 clean
umem_alloc_128 4fb88 clean
umem_alloc_160 54008 clean
umem_alloc_192 54288 clean
umem_alloc_224 54508 clean
umem_alloc_256 54788 clean
umem_alloc_320 54a08 clean
umem_alloc_384 54c88 clean
umem_alloc_448 54f08 clean
umem_alloc_512 55188 clean
umem_alloc_640 55408 clean
umem_alloc_768 55688 clean
umem_alloc_896 55908 clean
umem_alloc_1152 55b88 clean
umem_alloc_1344 58008 clean
umem_alloc_1600 58288 clean
umem_alloc_2048 58508 clean
umem_alloc_2688 58788 clean
umem_alloc_4096 58a08 clean
umem_alloc_8192 58c88 clean
umem_alloc_12288 58f08 clean
umem_alloc_16384 59188 clean

/* Prints the status of the umem indicating if the logging features have been turned on or off*/
> ::umem_status
Status: ready and active
Concurrency: 4
Logs: transaction=128k
Message buffer:

> ::findleaks
0004e508 1 000cc4b0 char*functionName+0x94
Total 1 buffer, 24 bytes

> 000cc4b0$ c7fc0/20X
0xc7fc0: 13 3a10bfed baddcafe baddcafe baddcabb
baddcafe feedface 12a2 cc4b0 a11c0c5d
baddcafe baddcafe baddcafe baddcafe baddcafe
baddcafe c8078 c6c10 5de00 4e508

/* Now Caliculate (gets after feedface 12a2 and divide by 251 and subtract 8 from the value, so 0x12a2 = 4770, 4770/251 = 19 , 19-8 = 11, So this tells we allocated some where 11 bytes and not released */


Thursday, November 19, 2009

Radio Bearers

RB-0 (zero) => Msgs for CCCH . Can work with TM & UM.
RB-1 => All messages sent on DCCH . Can work with TM.
RB-2 => Msg.sent on DCCH when using RLC-AM. All messages except for NAS
RB-3 => All NAS messages RLC-UM

RB4 - RB32 -> optional . On demand it can be configured.

Turbo Coding and Convolution Coding

In UMTS it uses Turbo Coding and Convolution Coding.

The reason being is : UMTS should support both voice and packet data. Turbo coding will not be efficient for Packet data.

So, for Voice UMTS uses Convolution coding and for packet data UMTS uses Turbo Coding.

Turbo Coding >= 19.2 Kbps
convolution Coding < 19.2 Kbps (for low data rates i.e for voice)

Concept of Radio Bearer Setups

Radio Bearer Setup is allways initiated by network s it involves radio resources.
If UE requires with particular conf. RB it should send through RRC.
There are 4 ways.

1) Radio Bearer setup with dedicated channel activation - A straight forward procedure
-> UTRAN RRC configures Physical Layers in Both RNC and NodeB
-> After the above RB Setup msg send to UE
-> Once UE receives the above message, it configures its RRC with receied parameters and try
to do L1 Synchronization (UL and DL)
-> UE sends Radio Bearer Setup Complete to UTRAN

2) Radio Bearer Setup with unsynchronized channel modification
-> This is like modify current physical channel to meet new bearer requirements.
-> Unsynchronized implies: Both old and new RBs can co-exists. Such that UTRAN can use one and UE can use another
-> But while modifying L1 similary through Comm.Phy.RL.Modify.Req, if any error occurs this will be acknowledged to RRC as error as Negative.

3) Radio Bearer Setup with Synchronized Channel Modification:
-> This is when physical channels can't be reconfigured as per the need
-> So the old and new RBs can't co-exists and only new RB only exists.
-> Before modifying RRC queries NodeB whether Node B Supports this configuration
-> While Modifying after if no error from Nodeb:
RRC includes activation time in RB Setup message and signal to UE. UE intern informs the same to lower layers. At activation time all entitles starts with new configuration. At end UE responds with RB Setup Complete to Network.

4) Radio Bearer Setup without dedicated channel
-> Here new bearer does not need a permanent DCH
-> So this does not involve any physical channel modifications. But just RLC and MAC configuration.


There are two states:
Idle State
Connected State

Idle Sate: There is no uplink connection. Utran don't have any information about this UE.
UE has to monitor regularly to perfom cell-reselection when necessary
-> For the above UE has to monitor the reception of Broadcast info
-> and also reception of Pagin message for this UE
UE will be allways identified by NAS identities (IMSI,IMEI,TMSI/P-TMSI)
Monitors downlink PCH/PICH but not DCH/DPCH

Connected Mode: There are 4 states CELL_DCH, CELL_PCH, URA_PCH, CELL_FACH
UE will be in Connected Mode when RRC Connection is established and gets RNTI which is used in Common Transport Channels

When dedicated connection exists in both directions.
Entered into this state when RRC Connection Established with Dedicated Channels.
and comes out when the connection is released.

Here there is no dedicated connection but stilldata can be transfered. This will be done through common channels. This will be helpful to transfer less amount data or bursy transfer using RACH and FACH for d/l and u/l.
Cell Fach state requires the mobile to monitor FACH which takes battery. So, if there is no data transmission UE can move to CELL_PCH state.
*In RRC Conn.setup message the file RRC StateIndicator tell to the n/w for which state UE wants to move i.e CELL DCH
--> The same filed will be present in Cell Update it can mention URA_PCH also
--> Radio Bearer Setup /release also has this RRCStateIndicator field.
In this tate, UE will monitor FACH continuosly and no soft or hard HO might be initiated.
At this state UE uses C-RNTI as UE Identity.
Initiates Cell Update on cell change of another URA

CELL_PCH: Much like idle Mode
But will be listening to PICH , but here no UPLINK activity
Broacast also received but no soft or hard Handovers
*The diff.between Idle mode and CeLL_PCH state is, RRC Connection still exists . A simple paging or any uplink access will move to CELL_FACH

To move to idle state, it should move to CELL_FACH state and then move to idle. This inturn triggers RRC release Message.

For cell change also UE should move to CELL_FACH. (Reason being is CELL_PCH state, there will not be any uplink information. To send cell_update uplink message UE will move to CELL_FACH and sends the message)

Similar to CELL_PCH but every cell change does not trigger CELL_UPDATE.
Here Update procedure hapens only when UEs UTRAN registered area changes.
UE will be moved into this state when n/w observes the UE Activity is very low.
*Cons: When UTRAN is paging for this UE, N/w should expand the paging area from single cell to several cells as UEs location is not acurately known

Actually NAS is not bothered about the internal states of RRC as this is internal info of RRC. For NAS what matters is whether UE is idle or connected state. If is in connected NAS always sends data and RRC will manaage these state accodingly.

Sunday, November 15, 2009

why Routing Area is a subset of Location Area in UMTS.

Both LA and RA are collection of cells.

RA and LA are identified by the below variables:

LAI = MCC+ MNC + LAC ==> LAC is configured by operator
Location Area Identifier = ( Mobile Country Code + Mobile Network Code + Location Area Code)
RAI = LAI + RAC ==> RAC is configured by operator
Routing Area Identifier = Location Area Identifier + Router Area Code

The reason for either LA or RA logical boundary is to ensure MS does updates only occasionally and not at every cell boundary.
In GPRS session, there is no “permanent connections” but bearers are dynamically created and destroyed.
In voice call, when there is silence in communication after call connect, the connection still exists, but in data, when you are browsing, a silence in data transfer will lead to idle mode, which means you will have to be paged.
So potentially there are more pages compared to voice calls.
Paging is also resource, the finer the granularity of knowledge to the network better. So having smaller RA may be beneficial by paging in less no. of cells compared to LA which will be larger no. of cells.
But anyway, there can be only one RA in a LA and nobody stops it

Tuesday, November 10, 2009

What are the Measurement Reports

This is done by RRC
Idle Mode: Reports used to construct to support cell-reselection process (UE Specific)

connected mode: Here UE also sends report to N/w .

Few times N/w may ask UE to send some reports.

Reports are of 7 types in general.
1) Intra frequency Reports
2) Inter Frequency Reports
3) InterRAT frequency Reports
4) UE Positioning requirements Reports
5) Traffic Volume measurements Reports
6) Quality measurements Reports
7) UE-Internal measurements Reports

Handovers in UMTS

There are 3 types of Handovers in UMTS
1) Soft Handover
2) Hard Handover
3) Softer Handover

Both Soft and Softer handover follows, make before Break uproach. So, data transfer will be seam less to the UE. But for Handover it follows Break before Make approach. So here call will be dropped.

Soft Handover:
UE maintains Utran connectionw ith one/more nodeBs and all these BSs are using same frequency.
Both base stations will be in UE active set.
These are managed by Active_set_Update message sent by N/w
UE will update its active set with the contents of this message.
Here all participating NodeBs belongs to same RNC, so signal will be combined at RNC and send to MSC

Hard Handover:
This is break before Make approach
in general during handovers between UMTS to GSM/GPRS
This triggers all procedures: Physical channel reconfig, radio bearer est, RB Recof, RB Releae and Transport channel reconfiguration.

Softer Handover:
This HO occurs between sectors under same NodeB then the combining the data happens at NodeB. This intern saves IuB and RNC work load.
The combining technologies are different than RNC.

Radio Bearer Establishment

Initiated by UTRAN as it need n/w resources.

Utran RRC gets initiated this from NAS

UTRAN sends Radio Bearer Setup and UE responds with RadioBearerSetupComplete.

When QoS changes, RB Reconfiguration happens and Dl/Ul Synchronization is optional.

Radio Bearer release releases resources.

RRC Connection Re-establishment

This happens when UE lost the radi connection suddenly and attempting for re-establishment
This requires a quick cell reselection and send request to UTRAN

Once UE lost connection, it starts this procedureby starting timers T301,T314/315.
Failure of the timers(expires) , leads Ue state to Idle state
Here UE should go for new cell as the previous cell regarded as not-usable. Here UE sends RRCConncetionReestablishment and ends with _Complete to N/w.

RRC Connection Release

Release is allways initiated by Network
Call flow:
Utran to UE : RRC Conn Release (DCCH)
UE to Utran : RRC Conn Release Complete (DCCH)

If dedicated connection exists then both messages will be sent on Un-Acknowledged mode as DCCH is present. As this is un-acknowledged mode, UE may respond several times (based on timer v308 timer)


If there is no dedicated connection RRC Conn.Release sent on FACH and RRC Connection Rel.complete will be sent on RACH. This happens on Acknowledged mode so, there will not be repetetion here and only sent once.

*When UE receives RRC Conn.Release message when it is in CELL_FACH state, UE will not send RRC Conn.rel.Complete but UE releases all Radio resources and moved to Idle state

RRC Connection Establishment

Unline in GSM, in UMTS Radio Bearers can be reconfigured.

To have basic clairity between RRC and RB : RRC is like rail track and RBs are like goods carrier which takes load.

Raching procedure (acquiring preamble) should happen before RRC Conn.Req received by NodeB

As connection can be raised because of N/w or mobile, the IE establishment cause explains the reason for the RRC Connection request

UE sends Initial UE ID (imsi/imei/tmsi) and this will be stored to send the same in RRC Connection Setup. When n/w sends RRC Conneciton setup to UE, UE verifies the ue id to validate whether the message is for self. If this is refering to self, then UE responds with RRC Connection SEtup Complete which will be the first message sent on DCH.

UE also includes measurement report SIB11 in RRC Connection request.

( UE To Utran )RRC Connection Request ------------------CCCH,RACH------------------------->>

(Utran to UE ) RRC connection Setup <<-----------------FACH--------------------------------- (New URNTI will be received by UE)

(UE to Utran) RRC connection Setup Complete -------------------DCCH--------------------------------->>

Dedicated Paging in UMTS

This is nothing but Paging Type 2 message

This is sent in Connected mode state CeLL_DCH , CELL_FACH

As here there is already Signalling procedure existing : This can be initiated in which a CN other than serving CN wants to originate dialogue with UE.

Paging in UMTS (Connected Mode)

*In URA_PCH and CeLL_PCH states, paging request triggers state change

- When Paging Type1 message is received by UE in Connected mode, it does the below thing

If ( IE Paging Originator = CN ) in Paging Message
if (State is IDLE)
Compare "CN UE Identity" with its allocated. For each match forward Identity and Paging Cause to Upper Layers
if (state is Connected Mode)
Ifnore the Paging Message

If ( IE Paging Originator = UTRAN)
if (state = IDLE Mode)
if (State = Connected Mode)
UE Enters CeLL_Fach state and performs Cell Update procedure with cause as PagingResponse

Monday, November 9, 2009

Paging in UMTS (Idle Mode )

*Establishing radio connection in UTRAN always initial by UE

Idle Mode Paging:
Paging info in Idle Mode is carried by Paging Type 1
-> Each message can have several Paging Recordes
-----> Each Record has Paging Request for different mobile
-> Some times it may not have Paging records but it may be representing change in broadcast info
------> BCCH modification info element containe value tag in MIB
------> When mobile reads the above PagingType, UE reads BCCH to get MIB.
-> For incoming call, once UE reads PagingType1 and understands that Paging Records is for self, it informs MM Layer to initiate call establishment procedure
-> To save Battery draining which caused by continuously listening to Paging channel PCH
-----> The mechnaism of DRx is introduced.
-----> Caliculated using IMSI, The DRX (CN domain specific cycle length co-efficient) will be present in SIB1
-----> The calicuated result mentions the Paging occasion, the same value is known to N/w and UE which is known as Paging occasion. These are frame numbers. As both are holding same value n/w makes sure that paging messages will be delivered these frame numbers and UE also monitors at that time only.
-----> To save the power, which is caused by reading Paging channel for each occasion, PICH (indicator channel) is introduced
-----> N/W making the DRX cycle length bigger makes UE to listen PICH : But this results longer call setup time for mobile terminated call. The reason being, UE listens to Paging Channel in bigger timer intervals.

Friday, November 6, 2009

Describe SIBs and their details

MIB : Carries PLMN identity and reference to other SIBs and SB

SB : Scheduling infor of SIBs

SIB1 : NAS Information. UE Timers and counters to be used in RRC Idle & Connected State

SIB2: List of URA Identities

SIB3: Parameters for Cell Selection and Reselection

SIB4: Same as SIB3 but used in Connected State

SIB5: Configuration parameters of common physical channels in a cell. PCH and PICH Info (CPCH)

SIB6: Configuration of Common and Shared physical channel

SIB7: Contains fast changing UL interface params and dynamic. As this is changs often so controlled by timer

SIB8: Used in FDD . Static CPCH info of cell. Used in Connected mode only

SIB9: CPCH info. As it changed often, controlled by timers connected mode only.

SIB10 : DRAC Procedure, used when CELL_DCH controlled by timer

SIB11 : Measurement control information to be used in CELL

SIB12: Same as SIB11 but used in connected mode only

SIB13: For ANSI-41 . It also has 4 associated sibs 13.1 to 13.4. Reference to subblocks. Used when System is ANSI-41.

SIB14: Parameters for common and dedicated physicall DPCH UL outer loop power control info for TDD

SIB15: Assistance info for UE positioning. Used to reduce signalling by position. 15.1 to 15.5 sub sibs.

SIB16: Predefined channel conf. used while hand over. Radio Bearer transport channel, physical channel params to be stored by UE in idle/connected mode. Several occurances but UE doesnot bother.

SIB17: Shared channel info fo rTDD only

SIB18: PLMN Identities of neighbouring cells. Used in Shared Access N/w with the cell reselection process

System Information Broadcast

1) Information sent in a point to multi-point manner

2) 18 SIBs (1 to 18 SIBs) + 1 MIB + Max 2 Scheduling Blocks

3) BCCH will be read in CELL_PCH, CeLl-FACH and URA_PCH and Idle Mode

But, In CELL_FACH state UE can receive SIB10 via FACH. Because it changes so often and controlled by timer

4) SIBs are sent more often if they are important

5) Mobile should be known about the above scheduling so that it can listen to the blocks which UE is interested. For this
5a) Blocks are arranged as tree
5b) Tree starts with MIB which should be read and decoded first
5c) MIB is easy to find repetetion rate = 8 and Position = 0 menas
1) Mobile knows current frame number which is sent in each block
2) With the above information UE can compute SFN
3) and it will compute SFN mod 8 = 0 and read the SIBs

6) SIBs scheduling information may be included in MIB or SB

7) To avoid UE to do above continuously it takes lots of battery power. So, when MIB changes, PagingType1 will be sent on BCCH (as mobile will be monitoring Paging channel for incoming calls based on Rx rate and SFN number allocated by Network, theese both information will be used to caliculate the monitor interval when it should look into Paging channel. Even network will send the paging blocks in the same time. Like this Mobile battery power will be saved

Cell Reselection

S1) UE will be on idle mode to camp on best cell
S2) In Normal mode : 1) UE has to listen paging information 2) UE has to listen System information. These two steps will help to make measurement. 3) Cell resletion will be triggered if UE finds better cell or Current cell is barred as per SIB read from that cell

UMTS Power Control

Two types : Open Loop power control and Outer loop power control

Open Loop Power Control : Transmitting entity estimates the required power level by itself from the received signal. UE will have open loop power control feature. Means : UE adjusts the power level based on the received power and the further estimation
This is not feedback mechanism and it is done by self.

Closed Loop Power Control : It has inner loop : Adjusts SIR-target
It also has Outer loop : Sets the SIR-Target (Signal to Interference)

RNC sets value for NodeB , which is called Outer loop. The NodeB sends the SIR target to UE and it adjusts by itself.

The power adjustment happens with TPC commands. (Transmit power command). When TPC bit is 1 menas UE should increase the power. when TPC bit is 0 means decrease the power.

This works on feedback mechanism through TPC command.

*UE will have both inner loop and outer loop implemented.
*InNodeB, innerloop is between UE and NodeB and Outerloop is between NodeB and RNC.

*If NodeB is serving 20 UEs, in NodeB there will be 20 closed-loop control entities.

Up Link Physical Channels

PRACH : Physical Random Access Channel -> Carries RACH. One or more instances per cell

PUSCH: Physical Uplink Shared Channel -> Caries USCH

HS-SICH : Shared information channel for HS-DSCH -> Carries HSDPA feedback information to NodeB

Downlink Physical Channels

SCH -> Synchronization Channels : 1) Used for Cell search 2) Two Subchannels : Primary and secondary SCH 3) Transmitted only during first 256 chips in each timeslot

CPICH -> Common Pilot Channels : 1) Fixed rate 30 kbps 2) Carried a predefined sequence 3) P-CPICH : SCH, Primary CCPCH, AICH and PICH 3) S-CPICH : Optional

P-CCPCH -> Primary Common control physical channel : 1) Fixed Rate 30 kbps 2) Carries BCH But not transmitted in First 256 chps of each slot

S-CCPCH-> Secondary Common Control Physical Channel : 1) Variable Rate 2) FACH and PCH, can be mapped to same/separate channels 3) Transmitted only when data is available

P-DSCH -> Physical Downlink Shared Channel : 1) Carries DSCH 2) This channel used in CELL-FACH state to transfer data 3) Allways associated with downlink DPCH, carries control info.

PICH -> Paging Indicator channel : Carries paging indicators, which indicates the present of paging message on PCH

AICH -> Acquisition Indicator Channel : Carries acquisition indicators. This carries signatures for random access procedures

HS-PDSCH -> High Speed- Physical Downlink Shared Channel : 1) QPSK or 16 QAM Modulation 2) Carreis HS-DSCH 3) Each frame is 2 ms with 3 slots 4) Spreading Factor is 16

HS-SCCH -> High Speed - Shared Control Channel for HS-DSCH : 1) Carries downlink signalling related to HS-DSCH transmission 2) Indicates when there is data on DSCH for UE 3) Fixed rate channel SF=128 i.e 60 kbps 4) UE monitors 4 HS-SCCH

IF PCPCH (If CPCH is not supported the below will not be present)

CPCH : Access preamble acquisition Indicator channel (AP-AICH). Carries AP acquisition indicator of associated CPCH

CSICH : CPCH Sttatus Indicator channel. This carries CPCH status information

CD/CA-ICH : Collision Detection/Channel Assignment Indicator channel

Initial Cell Selection Procedure

S1) Search for Primary SCH : Here UE knows the SCH primary synch.code as this is common for all cells

S2) Timeslot Synchronization : P-SCH is sent in first 256 chips of each slot, From Here UE will achieve Time Slot synchronization

S3) Frame Synchronization : There are 64 combination group of S-SCH codes, getting the matching set which UE read with the standard 64 combinations UE achieves Frame Synchrnization

S4) Primary Scrambliing Code acquisition: Each code group has 8 possible scrambling codes , UE will find out the one by matching each one from the set which it achieved from Frame Synchronization. This gives Scrambling code. getts form CPICH of the cell.

CPICH carries predefined bit-sequence is primary scrambling code, this will be used to detech CCPCH

S5) Decoding SIB and get PLMN identity: Once primary scrambling code is found, it uses this code decode BCH , from BCH SIBs UE reads PLMN identity and validate the home n/w PLMN for camping

*In Roaming, when home PLMN is not found,, RRC has to report all available PLMNs.
*From Neighbouring cell list : UE gets frequency and primary scrambling codes. So that it can do fast descrambling CPICH. From descrambled CPICH, UE caliculates chipEnergy-to-Noise ratio(Rx Ec/No)

Functionalities of RRC (Radio Resource Control) 25.331

-> Initial Cell Selection or Cell Relselection
-> System Information Broadcast
-> Paging
-> RRC - Connection, Establishment and Maintainence and Release
-> Radio Bearer Establishment, Configuration and Reconfiguration
-> Hand Over -> Preparation, Execution of HO and Intersystem Handover
-> Measurement Control
-> Outer loop Power Control
-> Security Mode control (ciphering, integrity)
-> Routing of Higher Layer PDU
-> Fast allocation of Uplick DCH (DRAC)

Contention Resolution
Timing Advance

Thursday, November 5, 2009

RLC (Radio Link Control - 25.322)

- This offers Radio Bearer service to higher layers
*-Support Segmentation
- Transport of users and signalling information
- works in TM, UM and AM (Transparent mode, un-acknowledged mode and acknowledged mode)
AM -> Error free, unique and in-order

Segmenation and Assembly
Transfer of user data
error correction
in-sequence delivery
duplicate detection
suspend and resume
transparent mode

About MAC - 25.321

- Coordinates te acess of physical layer
- The logical channels of higher layers are mapped to Transport channels of lower layers
- MAC selects appropriate TFS depends on Transmission Rate
- If UE uses Common Transport Channels, MAC provides unique RNTI for each UE
- When RLC in Transparent Mode MAC does encryption on user-plane data
- MAC has three SAPS - MAC-C/Sh -> Mac- Common and Shared
MAC-D -> Mac-Dedicated
MAC - B -> Mac- Broadcast

Mappings : BCCH -> Mac-B -> BCH

CTCH -> Mac-C/Sh -> Output as PCH, FACH, RACH, CDCH and DSCH

Mac-D -> Mapping between {DCCH, DTCH } to DCH

*in RNC there will be one mac-d entitiy for each UE
There will be one mac-b, mac-Sh/c per each cell

-> MacPDU :
Header Payload
| TCTF | UE-IdType | UE-ID | C/T | MAC -SDU |

TCTF : Target Channel Type , which tells whether channel carries BCH, CC , CTCH

Ue-Id Type : 00 - U-RNTI
01 - S-RNTI

UE-ID : U-RNTI (32 bits)
S-RNTI (16 bits)

C/T : Chanel Type. This helps when multiple logical channels are mapped to one same transport channel. The values would be as below
0000 Logical Chanel 1
0001 Logical Chanel 2
1110 Logical Chanel 15
1111 Logical Chanel Reserved

Some thing about FP (Framing Protocol) Spec 25.427

Transports Transport Block Sets across IuB and IuR interface
-Responsible for outer loop power control -> To transfer info between NodeB and RNC
- Node Synchronization
- FP also provides transport services for DSCH TFI from SRNC to NodeB
- Makes same configuration for Transport Channels when UE is getting services from SRNC through DRNC

- Frame : Header + Payload
Header : FrameType = 1 for Control, 0 for Data
CFN : Refernce Radio Frame ( The data frame the first data received on UL
or Transmission DL)
TFI : Info about Data Block (Described the length and TransportBlock Size)

When FrameType = 1 i.e Control Type Frame
It will also have field mentions the purpose like Outer loop, DL Synch, Timing adjustment, DL Node Sync, UL Node Sync, timing Advance

Payload: CFN, Time of Arrival, SIR Target, ETc.,

Payload: TransportBlock: Block of DCH data

Wednesday, November 4, 2009

Primary and Secondary Scrambling Code

Primary Scrambling Code:
Divided into 64 Groups and 8 in each group
Used in Synchronization procedure

Secondary Scrambling Code:
Each Primary Scrambling code deivided into 16 secondary scrambling codes. These are used in Sectors.

Physical , Transport and Logical Channels

Physical Channels:

Each Channel is ideentified by Frequency, Spreading Code, Scrambling Code and phase of Signal

Dedicated Physical channels identifies UE by SF and Scrambling Code

Transport Channels:
Unidirectional virtual channels mapped to physical channels
Not interested in content (user traffic or control info) , but only cares about Radio Resource

Logical Channels:
Uni and Bi-Directional
Provides bearer for information exchange between MAC and RLC
Focus on type of information means is traffic types is of Dedicated or Common

What are RNTIs

Radio network Terminal Identity
C-RNTI -> Unique at cell level
Assign by SRNC
Size is 16 bit
*This is used by FACH

S-RNTI -> Uniquely identifies a UE in SRNS
Assigned by SRNC while RRC-Connection Establisment
This is discarded if RRC Connection is released or when SRNC changes
This is 19 bits where 0 to 9 bits is S-RNTI

U-RNTI -> Uniquely identified in UTRAN because S-RNC id is included
Assigned when RRCConnection Establishment

About Spreading codes

This is a technique in which user original signal transformed to another form which occupies more bandwidth

Transformed bits are called chips

each user has its own spreading code, which is used to spread and de-spread

*Spreading codes are unique to the cell (for Downlink)

Two types of spreading codes: Orthogonal and Psuedo-Noise codes

Spreading Factor is 4 to 256 in Uplink and 4 to 512 in downlink

about UMTS FDD

works in 5Mhz frequency
separate band for UL and DL
each radio frame is of 10 ms with 15 time slots
each slot can take 2560 chips
which makes 3.84 Mchps

1 sec = 1000 milli secs
= 100 radio frames
= 100 * 15 slots
= 100 * 15 * 2560 (each slot can carry 2560 chips)
= 3.84 Mchps

Why ATM is used as Transport

Because UMTS has different media voice, data, packet . For this heterozenious media ATM is the best one for transport

About WCDMA Standards

-Frequency Band is 5Mhz
- Spectrum 1920-1980 for Uplink and 2110 - 2170 Mhz for downlink
- Can proivde 144 and 384 kbps and 2Mbps in good conditions
- Uses OFDM : Makes Data Stream to several data streams each is modulated with orthogonal codes to each other (This makes the subcarries close to each other)
- Users are separated by frequency and codes

What is Transmission gain

Ratio of Transmission Bandwidth and Original Bandwidth

What is UTRAN

UMTS Terrestrial Radio Access Network

Can work in two modes FDD and TDD

What is UMTS

Universal Mobile Telecommunications System