Logo
Chapter 7: Part2 - Mobile Networks

Chapter 7: Part2 - Mobile Networks

Rachel Park Rachel Park
October 1, 2025
10 min read
computer networks notes

Cellular Networks: 4G & 5G

Cellular networks provide wide-area wireless communication by dividing a geographic area into smaller regions called cells, each served by its own base station (transmission rates upto 100 Mbps). This architecture allows for efficient frequency reuse, enabling many users to share the same spectrum without interference.

Wired Internet vs. Cellular Network

Similarities

  • Just like ISPs have “access networks” (edge) and “backbone networks” (core), cellular providers have base stations (edge) and a core network. Both are run by the same carrier.
  • The Global Cellular Network is a network of networks, just like the Internet.
  • Same protocols (IP, TCP, HTTP, NAT, SDN, etc.) are used in both cellular and wired networks. (i.e. once the traffic leaves the radio link, it looks like any other IP traffic)
  • Cellular network eventually connects to the internet backbone.

Differences

  • Instead of ethernet or WiFi links, cellular networks use a wireless link between the mobile and the base station.
  • Mobility as a first-class service: cellular networks are designed to support seamless mobility, allowing users to move between cells without dropping calls or data sessions.
  • Phones use a SIM (Subscriber Identity Module) to provide authentication and subscription information to the cellular network.
  • Business model: users pay a monthly fee for access to the cellular network, often with data caps and overage charges.

Global Cellular Network

Global Cellular Network

4G

Elements of 4G LTE Architecture

4G LTE Architecture

  1. Mobile Device
    • User Equipment (UE): Smartphone, tablet, or other cellular-enabled device with 4G LTE radio.
    • 64-bit IMSI (International Mobile Subscriber Identity) stored on SIM card for authentication.
  2. Base Station
    • At the “edge” of the cellular network.
    • Manages wireless radio resources, mobile devices in its coverage area (cell).
    • Coordinates device authentication with other elements.
    • Similar to WiFi access point but active role in user mobility, coordination of nearby base stations.
    • eNodeB (Evolved Node B): 4G LTE base station.
  3. Home Subscriber Server (HSS)
    • Central database with user profiles, authentication info, service subscriptions.
    • Works with Mobility Management Entity (MME) in device authentication.
  4. Serving Gateway (S-GW) & Packet Data Network Gateway (P-GW)
    • SGW:
      • Gateway to connect eNodeBs and forward a UE’s packets as a router.
      • Routes data packets between base stations and PGW.
    • PGW:
      • Gateway to mobile cellular network.
      • Connects cellular network to external IP networks (Internet).
      • Provides NAT (Network Address Translation) services.
      • (Basically, looks like any other internet gateway/router)
    • Together, they form the “core” of the cellular network.
  5. Mobility Management Entity (MME)
    • Provides device authentication (device to network, network to device) coordinate with the mobile home network (HSS).
    • Mobile device management:
      • Device handover between cells.
      • Tracking/paging device location.
    • Path (tunnel) setup from mobile device to P-GW.

LTE: data plane and control plane

LTE Control Plane and Data Plane

Control Plane

System responsible for making decisions and managing the network, such as determining routing paths, managing traffic, and orchestrating resources.

Data Plane

The component that handles the actual movement of data packets across the network by forwarding them to the correct destination, implementing routing logic and processing tasks based on instructions from the control plane

LTE data plane protocol stack

LTE Protocol Stack

LTE link layer protocol

There exists 3 sublayers in the LTE link layer protocol:

  1. Packet Data Convergence Protocol (PDCP)
    • Header compression/decompression for IP packets.
    • Encryption/decryption for security.
    • Transfer of user data and control plane data.
  2. Radio Link Control Protocol (RLCP)
    • Segmentation and reassembly of IP datagrams into smaller units for transmission.
    • Error correction through Automatic Repeat Request (ARQ) based on acknowledgments (ACKs) and negative acknowledgments (NACKs).
    • Flow control to manage data rate between sender and receiver.
  3. Medium Access Control (MAC) Protocol
    • Scheduling of data transmissions over the shared wireless medium.
    • Multiplexing data from different radio bearers.
    • Hybrid ARQ for error correction by combining retransmissions with original data.

LTE Radio Access Network (RAN)

Definition

Orthogonal in computer networks means minimal interference between signals.

  • Downstream Channel
    • OFDM (Orthogonal Frequency Division Multiplexing): divides the channel into many narrowband subchannels (subcarriers) that are orthogonal to each other.
      • Each subcarrier can be modulated independently.
      • A combination of FDM (Frequency Division Multiplexing) and TDM (Time Division Multiplexing).
  • Upstream Channel
    • A variation of OFDM called SC-FDMA (Single Carrier Frequency Division Multiple Access).
  • Each active mobile device is allocated two or more 0.5ms time slots over 12 frequencies.
    • No standardized scheduling algorithm; each base station can implement its own.
    • Max 100 Mbps/device.

LTE Data Plane

The blue section is the data plane.

Tunneling

  • Mobile datagrams are encapsulated using GPRS Tunneling Protocol (GTP), sent inside UDP datagrams to the SGW.
    • GPRS = General Packet Radio Service
  • SGW decapsulates GTP, forwards original IP datagram to PGW.
  • By only changing the tunnel endpoint (SGW, PGW), mobile can move without changing its IP address.

Associating with a Base Station

Base Station Association

  1. BS broadcasts primary synch signal every 5 ms on all frequencies.
    1. BSs from multiple carriers may be broadcasting synch signals
  2. mobile finds a primary synch signal, then locates 2rd synch signal on this freq.
    1. mobile then finds info broadcast by BS: channel bandwidth, configurations; BS’s cellular carrier info
    2. mobile may get info from multiple base stations, multiple cellular networks
  3. mobile selects which BS to associate with (e.g., preference for home carrier)
  4. more steps still needed to authenticate, establish state, set up data plane

Sleep modes

LTE mobile may put radio to sleep to save power.

  1. Light sleep: After 100 msec of inactivity. Wakes up periodically (e.g., every 100 ms) to check for downstream transmissions.
  2. Deep sleep: After 5-10 secs of inactivity. Mobile may change cells while deep sleeping. Requires re-association with new base station upon waking up.

5G

5G is the fifth generation of cellular network technology, designed to provide significantly faster data speeds, lower latency, and greater capacity compared to previous generations like 4G LTE. It aims to support a wide range of applications, from enhanced mobile broadband to massive machine-type communications and ultra-reliable low-latency communications. They are built on top of NFV (Network Function Virtualization) and SDN (Software Defined Networking) principles, allowing for more flexible and efficient network management.

Goals of 5G:

  • 10x increase in peak bitrate, 10x decrease in latency, 100x increase in traffic capacity over 4G.
  • 5G NR (new radio)
    • Two frequency bands: FR1 (sub-6 GHz) and FR2 (mmWave, 24 GHz and above)
    • Not backward compatible with 4G LTE, meaning 5G devices cannot fall back to 4G networks.
    • MIMO (Multiple Input Multiple Output) with beamforming for improved signal quality and capacity.
  • Millimeter Wave Frequencies
    • Much higher data rates, but over shorter distances and more susceptible to obstacles.

Mobility

Mobility in the network perspective

Mobility Approaches

Mobility approaches

Let network (routers) handle it

Not scalable to billions of mobile devices.

  • Routers advertise well-known name, address (e.g., permanent 32 bit IP address), or number of visiting mobile node via usual routing table exchange.
  • Internet routers can do this without any changes! Routing tables indicate where each mobile located via longest prefix match.

Let end-systems handle it

Functionality at the edge!

  • Indirect routing: Communication from correspondent to mobile goes through home network, then forwarded to remote mobile.
  • Direct routing: Correspondent learns mobile’s care-of address, sends packets directly to mobile.

Home Network vs. Visited Network

4G/5G

Home vs Visited Network

Home Network

  • (Paid) service plan with cellular provider (e.g. Verizon, AT&T).
  • Home network HSS stores identity & services information.

Visited Network

  • Any network other than your home network.
  • Service agreement with other networks to allow roaming.

ISP/WiFi

There is no notion of global “home network” in ISP/WiFi networks. Credentials from ISP stored on device or with user. ISPs may have national or international presence. Different networks require different credentials.

Registration with Home Network

Registration with Home Network

Mobility with indirect routing

Mobility with Indirect Routing

  • Triangle Routing
    • Inefficient when correspondent and mobile are in the same network.
  • Mobile moves among visited networks, which is transparent to correspondent. Registration with home network is needed each time mobile moves. Datagrams continue to be forwarded from home network to mobile’s current visited network.

Mobility with direct routing

Mobility with Direct Routing

  • Overcomes triangle routing inefficiency.
  • Non-transparent to correspondent: Correspondent must get care-of address from mobile.
  • If mobile changes visited network, it must inform correspondent of new care-of address.

Mobility in 4G Networks

Major mobility tasks

Major Mobility Tasks

  1. Base station association
    1. Mobile must associate with a base station when it enters a new cell.
    2. Needs to identify itself through IMSI and home network is notified.
  2. Control-Plane Configuration
    1. Control plane manages signaling, authentication, and session state.
    2. MME in the visited network talks to the HSS in the home network to authenticate the mobile and set up control plane state.
  3. Data-Plane Configuration
    1. Network sets up data plane state to forward packets to the mobile’s new location.
    2. MME configures forwarding tunnels for the device:
      1. S-GW to BS-tunnel - when mobile moves, S-GW updates tunnel endpoint to new BS.
      2. S-GW to P-GW tunnel - remains unchanged as mobile moves; implements indirect routing.
      3. Tunneling via GTP - mobile’s datagram to streaming server is encapsulated using GTP inside UDP datagram.
  4. Mobile Handover
    1. When the mobile moves from one cell to another, it must perform a handover to maintain connectivity.

Mobile Handover

In cellular systems, each base station covers only a limited geographic area. As users move around, they may leave the coverage area of their current serving base station. If nothing is done, the ongoing call or data session will be dropped as the signal fades. The handover mechanism is motivated by providing mobility support, maintaining connection quality, load balancing, and network capacity optimization.

Handover Types

  1. Hard Handover: The connection to the current base station is broken before a connection to the new base station is established.
  2. Soft Handover: The connection to the new base station is established before the connection to the old base station is broken.

How handover works

Handover Process

  1. Current base station selects target BS and sends over a handover request message to target BS.
  2. Target BS pre-allocated radio time slots, and sends back a handover request ack message with information for mobile to access target BS.
  3. Source BS informs mobile of the new target BS via a handover command message. (Now the mobile can send via new BS; handover is complete from mobile’s perspective).
  4. Source BS stops sending datagrams to mobile, instead forwards them to target BS.
  5. Target BS informs the MME that it is the new BS for the mobile.
    1. MME instructs S-GW to change tunnel endpoint to new BS.
  6. Target BS ACKs back to the source BS. Handover is complete. Source BS can release resources for mobile.
  7. Mobile datagrams now flow through the new tunnel from target BS to S-GW.

Mobile IP

Standardized around 20 years ago, mobile IP is a protocol that allows mobile devices to maintain a consistent IP address while moving across different networks.

Mobile IP Architecture

Indirect Routing

Indirect Routing

TLDR; home address = identity, care-of address = location

The mobile IP lets the device keep the same permanent IP address (home address) while moving across different networks. It achieves this by using a home agent in the home network to forward packets to the mobile’s current location (care-of address) in the visited network.

Agent Discovery

Agent discovery is the process that helps the device figure out where it is and how to communicate with the network. Foreign and home agents advertise service through ICMP (Internet Control Message Protocol) messages. If no agent advertisements are heard, the mobile can send an agent solicitation message to request advertisements.

Registration Example

Registration with Home Network