The front is all about the scene of computer surfing the Internet. Today, let’s get to know the scene of using the most mobile network to surf the Internet.

Development of mobile network

You must know that there are 2G, 3G and 4G on mobile Internet. What does this mean? There is a popular saying: use 2G to see TXT, 3G to see JPG, and 4G to see avi.

2G network

Mobile phones were originally used to make phone calls, not to surf the Internet. Therefore, in the 2G era, the Internet used not the IP network, but the telephone network. They used analog signals, and the professional name was the public switched telephone network (PSTN).

The mobile phone is not connected to the Internet or telephone line. How does it access the Internet?

Mobile phone is throughTransmitting and receiving wireless signals to communicate, the professional name is mobilestation, referred to as MS, which needs to be embedded in sim. The mobile phone is the client, and the service end of the wireless signal is the base station subsystem (BSS). As for what is a base station, you can recall that when you were climbing a mountain, did you see a signal tower? The base stations in our cities are usually hidden and difficult to see, so we only notice them in the mountains. It is this signal tower that allows your mobile phone to communicate through wireless signals.

But you know one thing,No matter how wireless the wireless communication is, it is still necessary to connect to the wired network

Therefore, the base station subsystem is divided into two parts. One part provides wireless communication externally, which is called base transceiver station (BTS), and the other part internally connects wired network, which is called base station controller (BSC). After receiving the data wirelessly, the base station transceiver station forwards it to the base station controller.

This part belongs to the wireless part, which is collectively referred to as the radio access network (RAN).

The base station controller is connected to the data center of the operator providing mobile phone services through a wired network, which is called the core network (CN). The core network has not really entered the Internet. This part mainly provides mobile phone business, which is the wired part of mobile phone business.

First, the mobile service switching center (MSc) receives the data from the base station. It is the entrance to the core network, but it won’t let you directly connect to the Internet.

Because before allowing your mobile phone to really enter the Internet, operators providing mobile phone business need to verify whether it is legal mobile phone access. Don’t make your own mobile phone card, just connect it. Authentication center (AUC) and equipment identification register (EIR) are mainly responsible for security.

In addition, it depends on whether you are a local number or a foreign number. This involves billing. Remote charges are still very expensive. The access location register (VLR) is to see where you are currently, and the home location register (HLR) is to see where your number belongs.

Only when your mobile phone card is legal and rich can you access the Internet. At this time, you need a gateway to connect the core network and the real Internet. The gateway mobile switching center (GMSC) does this, and then the real Internet. In the 2G era, it is still the telephone network PSTN.

These modules in the data center are collectively referred to as the network subsystem (NSS).

Therefore, the Internet access in 2G era is shown in the figure. Let’s summarize the following core points:

The mobile phone is connected to the base station through wireless signal;

The base station is connected to the wireless network on one side and the core network on the other side;

The core network receives the request from the base station, one is to judge whether you are legal, the other is to judge whether you are a local number and whether you have money. On the other hand, it connects to the telephone network through the gateway.

2.5G network

Later, from 2G to 2.5G, that is, on the basis of the original circuit switching, packet switching service was added to support packet forwarding, so as to support IP network.

On the basis of the above network, the base station is connected to the wireless on one side and the core network on the other side. In the backward component, a packet control unit (PCU) is added to provide a packet switching channel.

In the core network, there are a front facing Receptionist (SGSN, servicegprs supportednode) and a gateway GPRS support node (GGSN, gateway GPRS supportednode) connecting the IP network back.

3G network

In the 3G era, wireless communication technology has been improved, which has greatly increased the wireless bandwidth.

Taking W-CDMA as an example, the theoretical maximum downlink speed is 2m, so the base station has changed. NodeB faces outward and RNC (radio network controller) connects the core network inward. There is no change in the core network and the connected IP network.

4G network

Then it comes to today’s 4G network. The base station is eNodeB, which includes the functions of the original NodeB and RNC. The downlink speed is moving towards the 100 megabit level. In addition, the core network realizes the separation of control surface and data surface. How to understand this?

In the front core network, there is a receptionist MSC or SGSN. You will find that it is responsible for checking whether it is legal, and it is also responsible for forwarding data, that is, the control surface and data surface are combined into one, so the flexibility is relatively poor, because the control surface is mainly instructions, mostly small packets, which often requires high timeliness; The data plane is mainly traffic, mostly large packets, which often requires throughput.

So we have the following architecture:

The database used by HSS to store user signing information is actually where your number belongs and some authentication information.

Mme is the core control network element and the core of the control surface. When the mobile phone is connected through eNodeB, Mme will judge whether you are legal according to the information of HSS. If you are allowed to connect, Mme is not responsible for the specific data traffic. Instead, Mme will select SGW and PGW on the data plane, and then tell eNodeB that I allow you to connect. You can connect them.

Therefore, the mobile phone is directly connected to the SGW through eNodeB and connected to the core network. The SGW is equivalent to the receptionist of the data plane and connected to the IP network through PGW. PGW is the exit gateway. In the exit gateway, there is a component PCRF, called policy and billing control unit, which is used to control the billing of Internet policy and traffic.

4G network protocol analysis

Let’s take a closer look at the protocol of 4G network. It’s really complex. Let’s zoom in on several key components.

Control surface protocol

The dotted line part is the protocol of the control surface. When a mobile phone wants to access the Internet, first connect eNodeB and request Mme to authenticate and authenticate the mobile phone through s1-mme interface. S1-mme protocol stack is shown in the figure below.

UE is your mobile phone. ENodeB is also a two faced person. It connects the wireless network forward and the core network backward. Mme is connected to the control surface.

The connection between eNodeB and Mme is a normal IP network, but it is neither TCP nor UDP, but SCTP on the IP layer. This is also a transport layer protocol and connection oriented, but it is more suitable for mobile networks. It inherits TCP’s perfect congestion control and improves some shortcomings of TCP.

The first feature of SCTP isMulti host。 A machine can have multiple network cards. For TCP connection, although the server can listen to, that is, the connection from which network card can be accepted, once the connection is established, a quad is established and a network card is selected.

SCTP introduces the concept of association, which puts multiple interfaces and paths into a union. When a path failure is detected, the protocol will send communication data through another path. Applications do not even have to know that a failure has occurred and recover, providing higher availability and reliability.

The second feature of SCTP isDivide a union into multiple streams。 All flows in a federation are independent, but are related to the Federation. Each stream is given a stream number, which is encoded into SCTP message and transmitted on the network through association. In the TCP mechanism, due to the forced order, the former does not arrive, and the latter has to wait. Multiple streams of SCTP will not block each other.

The third feature of SCTP isFour handshakes to prevent syn attacks。 In TCP, there are three handshakes. When the server receives the syn from the client and returns a syn-ack, it establishes the data structure, records the status, and waits for the client to send the ACK. When a malicious client uses a false source address to forge a large number of syn messages, the server needs to allocate a large number of resources, and finally runs out of resources and can not process new requests.

SCTP can effectively prevent this attack by introducing the concept of cookie through four handshakes. In SCTP, the client initiates a connection using an init message. The server responds with an init-ack message, including cookies. Then the client responds with a cookie-echo message, which contains the cookie sent by the server. At this time, the server allocates resources for the connection and responds by sending a cookie-ack message to the client.

The fourth feature of SCTP isFraming messages。 TCP is stream oriented, that is, the data sent has no end and no obvious boundary. This is no problem for sending data, but it is not convenient for sending message type data. It is possible for the client to write 10 bytes and then write another 20 bytes. Instead of reading a message of 10 bytes and another message of 20 bytes, the server may read 25 bytes and another 5 bytes. The business layer needs to combine them into messages.

SCTP draws lessons from UDP mechanism and provides message framing function in data transmission. When one end performs a write operation on a socket, it can ensure that the data read by the peer is the same size.

The fifth feature of SCTP isDisconnecting is three waves。 In TCP, disconnection is four waves, allowing the other end to be semi closed. SCTP chooses to abandon this state. When one end closes its socket, both ends of the peer need to be closed, and no data movement is allowed at any end in the future.

When Mme approves the mobile phone to access the Internet through authentication, it needs to establish a data path on the data plane. The process of establishing a path is still a matter of the control surface, so the control surface protocol GTP-C is used.

The data path constructed is divided into two sections, which are actually two tunnels. One section is from eNodeB to SGW. The data route Mme tells eNodeB that it is one end of the tunnel through s1-mme protocol, and tells SGW that it is the other end of the tunnel through S11. The second end is from SGW to PGW. SGW knows that it is one end through S11 protocol and actively tells PGW that it is the other end of the tunnel through S5 protocol.

GTP-C protocol is based on UDP, which is an example of “city play” of UDP. If we look at the GTP header, we can see that there are tunnel ID and serial number.

Through the serial number, GTP-C can achieve reliability without TCP. Each output signaling message is assigned a sequential increasing serial number to ensure the sequential transmission of signaling messages and facilitate the detection of duplicate packets. Start the timer for each output signaling message, and resend if no response message is received before the timer expires.

Data plane protocol

When the two tunnels are connected together, PGW will assign an IP address to the mobile phone. This IP address is the IP address inside the tunnel, which can be compared to the IP address in IPSec protocol. This IP address is managed by the mobile phone operator. Then, the mobile phone can use this IP address to connect to eNodeB, from eNodeB through s1-u protocol to SGW through the first tunnel, from SGW through S8 protocol to PGW through the second tunnel, and then connect to the Internet through PGW.

All protocols on the data plane are through gtp-u, as shown in the figure:

Each packet sent by the mobile phone is encapsulated by gtp-u tunneling protocol. The format is as follows:

Similar to IPSec protocol, it is divided into passenger protocol, tunnel protocol and bearer protocol. Among them, the passenger protocol is the packet sent by the mobile phone, and the IP is the IP of the mobile phone. The tunnel protocol contains the tunnel ID. different mobile phones will establish different tunnels online, so the tunnel ID is required to identify them. The IP address of the bearer protocol is the IP address of SGW and PGW.

Mobile Internet access process

Next, let’s take a look at the process of surfing the Internet after the mobile phone is turned on. This process is calledAttach。 It can be seen that the mobile network is still very complex. Because this process needs to establish many tunnels and allocate many tunnel IDS, I drew a diagram to illustrate this process in detail.

After the mobile phone is turned on, look for the base station eNodeB nearby. After finding it, send an attachrequest to eNodeB and say, “I’m coming, I want to surf the Internet”.

ENodeB sends the request to Mme and says “there is a mobile phone to surf the Internet”.

Mme requests the mobile phone for authentication and authentication. It also requests HSS to see if there is money and where to surf the Internet.

After the MME has passed the authentication of the mobile phone, it starts to allocate the tunnel. First, it tells SGW to create a session. In this, SGW will be assigned a tunnel ID T1, and SGW will be requested to assign a tunnel ID to itself.

SGW turns around and requests PGW to establish a session, assign a tunnel idt2 to the control surface of PGW and a tunnel idt3 to the data surface of PGW, and requests PGW to assign a tunnel ID to its own control surface and data surface.

PGW replied to SGW that “the session was created successfully”, used its own control surface tunnel idt2, and replied that it carried the tunnel idt4 and control surface tunnel idt5 allocated to SGW control surface. So far, the direct tunnel construction of SGW and PGW has been completed. When requesting the other party, both parties should bring the tunnel ID assigned to them by the other party, so as to mark the request of the mobile phone.

Next, SGW replied to Mme that “the session was created successfully” and used its own tunnel idt1 to access Mme. In the reply, there were tunnel idt6 assigned to Mme and tunnel idt7 assigned by SGW to eNodeB.

When Mme finds that the back tunnels have been built successfully, it tells eNodeB, “the back tunnels have been built. The tunnel ID assigned to you by SGW is T7. You can start connecting, but you also need to assign a tunnel ID to SGW”.

ENodeB tells Mme to assign a tunnel to SGW with ID T8.

Mme informs SGW of the tunnel idt8 allocated by eNodeB to SGW, so that the previous tunnel is also completed.

In this way, the mobile phone can successfully surf the Internet through the established tunnel.

Remote internet access

Next, let’s consider surfing the Internet in different places.

Why divide SGW and PGW? Can’t one GW? SGW is the equipment of your local operator, and PGW is the equipment of your operator.

If you are in Barcelona, get off the plane and turn on your mobile phone, you must find the eNodeB in Barcelona. Check the HSS of domestic operators through Mme to see if you are legal and have money. If Internet access is allowed, your mobile phone and SGW in Barcelona will build a tunnel, then SGW in Barcelona and PGW of domestic operators will build a tunnel, and then access the Internet through PGW of domestic operators.

In order to judge whether you can access the Internet, the HSS of the domestic operator controls your access strategy. The PCRF of the domestic operator is also responsible for the IP address assigned to the mobile phone, and the IP address assigned to the mobile phone is also counted by the domestic operator. Since the operators are counted in PGW, all your online traffic can pass through the domestic operators, but the Barcelona operators also have to settle the traffic with the domestic operators.

Because your Internet strategy is controlled by domestic operators in PCRF, you still can’t get on Facebook.


The development of mobile network has changed from 2G to 3G, and then to 4G, gradually from the function of making phone calls to the function of surfing the Internet;

Please remember the structure of 4G network, including eNodeB, Mme, SGW, PGW, etc. it is divided into control plane protocol and data plane protocol. You can compare the structure and try to tell the process of mobile Internet access;

Even if you surf the Internet under foreign operators, it should be controlled by domestic operators, so you can’t get on Facebook.

Editing: hfy

Leave a Reply

Your email address will not be published. Required fields are marked *