Hubbry Logo
search
logo
System Architecture Evolution avatar
System Architecture Evolution
System Architecture Evolution
current hub
S

System Architecture Evolution

logo
Community Hub0 Subscribers
Read side by side
System Architecture Evolution
View on Wikipedia
from Wikipedia

System Architecture Evolution (SAE) is the core network architecture of mobile communications protocol group 3GPP's LTE wireless communication standard.

SAE is the evolution of the GPRS Core Network, but with a simplified architecture; an all-IP Network (AIPN); support for higher throughput and lower latency radio access networks (RANs); and support for, and mobility between, multiple heterogeneous access networks, including E-UTRA (LTE and LTE Advanced air interface), and 3GPP legacy systems (for example GERAN or UTRAN, air interfaces of GPRS and UMTS respectively), but also non-3GPP systems (for example Wi-Fi, WiMAX or CDMA2000).

SAE Architecture

[edit]

The SAE has a flat, all-IP architecture with separation of control plane and user plane traffic.

The main component of the SAE architecture is the Evolved Packet Core (EPC), also known as SAE Core. The EPC will serve as the equivalent of GPRS networks (via the Mobility Management Entity, Serving Gateway and PDN Gateway subcomponents).

Evolved Packet Core (EPC)

[edit]
EPC nodes and interfaces

The subcomponents of the EPC are:[1][2]

MME (Mobility Management Entity)

[edit]

The MME is the key control-node for the LTE access-network. It is responsible for idle mode User Equipment (UE) paging and tagging procedure including retransmissions. It is involved in the bearer activation/deactivation process and is also responsible for choosing the Serving Gateway for a UE at the initial attach and at time of intra-LTE handover involving Core Network (CN) node relocation. It is responsible for authenticating the user (by interacting with the Home Subscriber Server). The Non Access Stratum (NAS) signaling terminates at the MME and it is also responsible for generation and allocation of temporary identities to UEs. It checks the authorization of the UE to camp on the service provider's Public Land Mobile Network (PLMN) and enforces UE roaming restrictions. The MME is the termination point in the network for ciphering/integrity protection for NAS signaling and handles the security key management. Lawful interception of signaling is also supported by the MME. The MME also provides the control plane function for mobility between LTE and 2G/3G access networks with the S3 interface terminating at the MME from the SGSN. The MME also terminates the S6a interface towards the HSS for roaming UEs.

SGW (Serving Gateway)

[edit]

The Serving Gateway routes and forwards user data packets, while also acting as the mobility anchor for the user plane during inter-eNodeB handovers and as the anchor for mobility between LTE and other 3GPP technologies (terminating S4 interface and relaying the traffic between 2G/3G systems and Packet Data Network Gateway). For idle state User Equipment, the Serving Gateway terminates the downlink data path and triggers paging when downlink data arrives for the User Equipment. It manages and stores UE contexts, e.g. parameters of the IP bearer service, network internal routing information. It also performs replication of the user traffic in case of lawful interception.

PGW (Packet Data Network Gateway)

[edit]

The Packet Data Network Gateway (PDN Gateway, also PGW) provides connectivity from the User Equipment (UE) to external packet data networks (PDNs) by being its point of exit and entry of traffic. A piece of User Equipment may have simultaneous connectivity with more than one Packet Data Network Gateway for accessing multiple packet data networks. The PDN Gateway performs policy enforcement, packet filtering for each user, charging support, lawful interception and packet screening. Another key role of the Packet Data Network Gateway is to act as the anchor for mobility between 3GPP and non-3GPP technologies such as WiMAX and 3GPP2 (CDMA 1X and EvDO).

HSS (Home Subscriber Server)

[edit]

The Home Subscriber Server is a central database that contains user-related and subscription-related information. The functions of the HSS include mobility management, call and session establishment support, user authentication and access authorization. The HSS is based on pre-Rel-4 Home Location Register (HLR) and Authentication Center (AuC).

ANDSF (Access Network Discovery and Selection Function)

[edit]

The ANDSF provides information to the UE about connectivity to 3GPP and non-3GPP access networks (such as Wi-Fi). The purpose of the ANDSF is to assist the UE to discover the access networks in their vicinity and to provide rules (policies) to prioritize and manage connections to these networks.

ePDG (Evolved Packet Data Gateway)

[edit]

The main function of the ePDG is to secure the data transmission with a UE connected to the EPC over untrusted non-3GPP access, e.g. Wi-Fi calling (VoWiFi). For this purpose, the ePDG acts as a termination node of IPsec tunnels established with the UE.

Non Access Stratum (NAS) protocols

[edit]

The Non-Access Stratum (NAS) protocols form the highest stratum of the control plane between the user equipment (UE) and MME.[3] NAS protocols support the mobility of the UE and the session management procedures to establish and maintain IP connectivity between the UE and a PDN GW. They define the rules for a mapping between parameters during inter-system mobility with 3G networks or non-3GPP access networks. They also provide the NAS security by integrity protection and ciphering of NAS signaling messages. EPS (Evolved Packet System) provides the subscriber with a "ready-to-use" IP connectivity and an "always-on" experience by linking between mobility management and session management procedures during the UE attach procedure.

Complete NAS transactions consist of specific sequences of elementary procedures with EPS Mobility Management (EMM) and EPS Session Management (ESM) protocols.

EMM (EPS Mobility Management)

[edit]

The EPS (Evolved Packet System) Mobility Management (EMM) protocol provides procedures for the control of mobility when the User Equipment (UE) uses the Evolved UMTS Terrestrial Radio Access Network (E-UTRAN). It also provides control of security for the NAS protocols.

EMM involves different types of procedures such as:

  • EMM common procedures — can always be initiated while a NAS signalling connection exists. The procedures belonging to this type are initiated by the network. They include GUTI reallocation, authentication, security mode control, identification and EMM information.
  • EMM specific procedures — specific to the UE only. At any time only one UE-initiated EMM specific procedure can run. The procedures belonging to this type are attach and combined attach, detach or combined detach, normal tracking area update and combined tracking area update (S1 mode only) and periodic tracking area update (S1 mode only).
  • EMM connection management procedures — manage the connection of the UE with the network:
    • Service request: Initiated by the UE and used to establish a secure connection to the network or to request the resource reservation for sending data, or both.
    • Paging procedure: Initiated by the network and used to request the establishment of a NAS signalling connection or to prompt the UE to re-attach if necessary as a result of a network failure.
    • Transport of NAS messages: Initiated by the UE or the network and used to transport SMS messages.
    • Generic transport of NAS messages: Initiated by the UE or the network and used to transport protocol messages from other applications.

The UE and the network execute the attach procedure, the default EPS bearer context activation procedure in parallel. During the EPS attach procedure the network activates a default EPS bearer context. The EPS session management messages for the default EPS bearer context activation are transmitted in an information element in the EPS mobility management messages. The UE and network complete the combined default EPS bearer context activation procedure and the attach procedure before the dedicated EPS bearer context activation procedure is completed. The success of the attach procedure is dependent on the success of the default EPS bearer context activation procedure. If the attach procedure fails, then the ESM session management procedures also fails.

ESM (EPS Session Management)

[edit]

The EPS Session Management (ESM) protocol provides procedures for the handling of EPS bearer contexts. Together with the bearer control provided by the Access Stratum, it provides the control of user plane bearers. The transmission of ESM messages is suspended during EMM procedures except for the attach procedure.

EPS Bearer: Each EPS bearer context represents an EPS bearer between the UE and a PDN. EPS bearer contexts can remain activated even if the radio and S1 bearers constituting the corresponding EPS bearers between UE and MME are temporarily released. An EPS bearer context can be either a default option bearer context or a dedicated bearer context. A default EPS bearer context is activated when the UE requests a connection to a PDN. The first default EPS bearer context, is activated during the EPS attach procedure. Additionally, the network can activate one or several dedicated EPS bearer contexts in parallel.

Generally, ESM procedures can be performed only if an EMM context has been established between the UE and the MME, and the secure exchange of NAS messages has been initiated by the MME by use of the EMM procedures. Once the UE is successfully attached, the UE can request the MME to set up connections to additional PDNs. For each additional connection, the MME activates a separate default EPS bearer context. A default EPS bearer context remains activated throughout the lifetime of the connection to the PDN.

Types of ESM procedures: ESM involves different types of procedures such as:

  • EPS bearer contexts procedures — initiated by the network and are used for the manipulation of EPS bearer contexts, including Default EPS bearer context activation, Dedicated EPS bearer context activation, EPS bearer context modification, EPS bearer context deactivation.
  • Transaction related procedures — initiated by the UE to request for resources, i.e. a new PDN connection or dedicated bearer resources, or to release these resources. They include PDN connectivity procedure, PDN disconnect procedure, Bearer resource allocation procedure, Bearer resource modification procedure.

The MME maintains EMM context and EPS bearer context information for UEs in the ECM-IDLE, ECM CONNECTED and EMM-DEREGISTERED states.

EPC protocol stack

[edit]

MME (Mobility Management Entity) protocols

[edit]

The MME protocol stack consists of:

  1. S1-MME stack to support S1-MME interface with eNodeB
  2. S11 stack to support S11 interface with Serving Gateway

MME supports the S1 interface with eNodeB. The integrated S1 MME interface stack consists of IP, SCTP, S1AP.

  • SCTP (Stream Control Transmission Protocol) is a common transport protocol that uses the services of Internet Protocol (IP) to provide a reliable datagram delivery service to the adaptation modules, such as the S1AP. SCTP provides reliable and sequenced delivery on top of the existing IP framework. The main features provided by SCTP are:
    • Association setup: An association is a connection that is set up between two endpoints for data transfer, much like a TCP connection. A SCTP association can have multiple addresses at each end.
    • Reliable Data Delivery: Delivers sequenced data in a stream (Elimination of head-of-line blocking): SCTP ensures the sequenced delivery of data with multiple unidirectional streams, without blocking the chunks of data in other direction.
  • S1AP (S1 Application Part) is the signaling service between E-UTRAN and the Evolved Packet Core (EPC) that fulfills the S1 Interface functions such as SAE Bearer management functions, Initial context transfer function, Mobility functions for UE, Paging, Reset functionality, NAS signaling transport function, Error reporting, UE context release function, Status transfer.

MME supports S11 interface with Serving Gateway. The integrated S11 interface stack consists of IP, UDP, eGTP-C.

SGW (Serving Gateway) protocols

[edit]

The SGW consists of

  1. S11 control plane stack to support S11 interface with MME
  2. S5/S8 control and data plane stacks to support S5/S8 interface with PGW
  3. S1 data plane stack to support S1 user plane interface with eNodeB
  4. S4 data plane stack to support S4 user plane interface between RNC of UMTS and SGW of eNodeB
  5. Sxa: since 3GPP Rel.14, the Sx interface and the associated PFCP protocol was added to the SGW, allowing for the Control User Plane Separation between SGW-C and SGW-U.

SGW supports S11 interface with MME and S5/S8 interface with PGW. The integrated control plane stack for these interfaces consists of IP, UDP, eGTP-C.

SGW supports the S1-U interface with eNodeB and S5/S8 data plane interface with PGW. The integrated data plane stack for these interfaces consists of IP, UDP, eGTP-U.

Main interfaces that P-GW shares with other EPC nodes

PGW (Packet Data Network Gateway) protocols

[edit]

Main interfaces supported by the P-GW are:

  1. S5/S8: this interface is defined between S-GW and P-GW. It is named S5 when the S-GW and the P-GW are located in the same network (non-roaming scenario) and S8 when the S-GW is located in the visited network and the P-GW in the home network (roaming scenario). eGTP-C and GTP-U protocols are used in the S5/S8 interface.
  2. Gz: this interface is used by the P-GW to communicate with the Offline Charging System (OFCS), mainly to send the Charging Data Records (CDRs) of the post-paid users via FTP.
  3. Gy: this interface is used by the P-GW to communicate with the Online Charging System (OCS). The P-GW informs the charging system about pre-paid users payload in real time. Diameter protocol is used in the Gy interface.
  4. Gx: this interface is used by the P-GW to communicate with the Policy and Charging Rules Function (PCRF) in order to handle Policy and Charging Rules (PCC) rules. These rules contain charging related information as well as quality of service (QoS) parameters that will be used in the bearer establishment. Diameter protocol is used in the Gx interface.
  5. SGi: this interface is defined between the P-GW and external networks, for example, Internet access, corporate access, etc.
  6. Sxb: since 3GPP Rel.14, the Sx interface and the associated PFCP protocol was added to the PGW, allowing for the Control User Plane Separation between PGW-C and PGW-U.

Support of voice services and SMS

[edit]

The EPC is a packet-only core network. It does not have a circuit-switched domain, which is traditionally used for phone calls and SMS.

Support for Voice services in EPC

[edit]

3GPP specified two solutions for voice:

  • IMS: A solution for IMS Voice over IP was specified in Rel-7.
  • Circuit-Switched fallback (CSFB): in order to make or receive calls, the UE changes its radio access technology from LTE to a 2G/3G technology that supports circuit-switched services. This feature requires 2G/3G coverage. A new interface (called SGs) between the MME and the MSC is required. This feature was developed in Rel-8.

Support for SMS services in EPC

[edit]

3GPP specified three solutions for SMS:

  • IMS: A solution for SMS over IP was specified in Rel-7.
  • SMS over SGs: this solution requires the SGs interface introduced during the work on CSFB. SMS are delivered in the Non Access Stratum over LTE. There is no inter-system change for sending or receiving SMS. This feature was specified in Rel-8.
  • SMS over SGd: this solution requires the SGd Diameter interface at the MME and delivers SMS in the Non Access Stratum over LTE, without requiring the fully signaling neither the legacy MSC doing CSFB, nor the overhead associated with the IMS signaling and the associated EPC bearer management.

CSFB and SMS over SGs are seen as interim solutions, the long term being IMS.[4]

Multiple access networks

[edit]

The UE can connect to the EPC using several access technologies. These access technologies are composed of:

  • 3GPP accesses: these access technologies are specified by the 3GPP. They include GPRS, UMTS, EDGE, HSPA, LTE and LTE Advanced.
  • non-3GPP accesses: these access technologies are not specified by the 3GPP. They include technologies such as cdma2000, WiFi or fixed networks. 3GPP specifies two classes of non-3GPP access technologies with different security mechanisms:
    • trusted accesses, that the network operator consider trustable from a security stand point (for example: a cdma2000 network). Trusted non-3GPP accesses interface directly with the network.
    • untrusted accesses, that the network operator doesn't consider trustable from a security stand point (for example, a connection over a public WiFi hotspot). Untrusted non-3GPP accesses are connected to the network via an ePDG, which provide additional security mechanisms (IPsec tunneling).

It is up to the network operator to decide whether a non-3GPP access technology is trusted or untrusted.

It is worth noting that these trusted/untrusted categories do not apply to 3GPP accesses.

3GPP releases

[edit]

The 3GPP delivers standards in parallel releases, which compose consistent sets of specifications and features.

Version[5] Released[6] Info[7]
Release 7 2007 Q4 Feasibility study on All-IP Network (AIPN)
Release 8 2008 Q4 First release of EPC. SAE specification: high level functions, support of LTE and other 3GPP accesses, support of non-3GPP accesses, inter-system mobility, Single Radio Voice Call Continuity (SRVCC), CS fallback. Earthquake and Tsunami Warning System (ETWS). Support of Home Node B / Home eNode B.
Release 9 2009 Q4 LCS control plane for EPS. Support of IMS emergency calls over GPRS and EPS. Enhancements to Home Node B / Home eNode B. Public Warning System (PWS).
Release 10 2011 Q1 Network improvements for machine-type communications. Various offload mechanisms (LIPA, SIPTO, IFOM).
Release 11 2012 Q3 Further improvements for machine-type communications. Simulation of USSD in IMS. QoS control based on subscriber spending limits. Further improvements to LIPA and SIPTO. Single Radio Video Call Continuity (vSRVCC). Single Radio Voice Call Continuity from UTRAN/GERAN to HSPA/E-UTRAN (rSRVCC). Support of interworking with Broadband Forum accesses.
Release 12 2015 Q1 Enhanced Small Cells operation, Carrier Aggregation (2 uplink carriers, 3 downlink carriers, FDD/TDD carrier aggregation), MIMO (3D channel modelling, elevation beamforming, massive MIMO), MTC - UE Cat 0 introduced, D2D communication, eMBMS enhancements.
Release 13 2016 Q1 Introduced LTE-U / LTE-LAA, LTE-M, Elevation beamforming / Full Dimension MIMO, Indoor positioning, LTE-M Cat 1.4 MHz & Cat 200 kHz
...
Release 18 https://www.3gpp.org/release18

Further reading

[edit]

See also

[edit]

03056876920

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

System Architecture Evolution

View on Grokipedia
from Grokipedia
System Architecture Evolution (SAE) is the core network architecture defined by the 3rd Generation Partnership Project (3GPP) for its Long-Term Evolution (LTE) wireless communication standard, representing the evolution of the General Packet Radio Service (GPRS) core network used in 2G and 3G systems. Introduced to support the growing demand for mobile broadband, SAE features a simplified, all-IP based flat architecture that enables higher data rates, reduced latency, and efficient mobility management across multiple access technologies, including Evolved Universal Terrestrial Radio Access (E-UTRA), GERAN, UTRAN, and non-3GPP networks like Wi-Fi and WiMAX.[1] The development of SAE began with feasibility studies in 3GPP Release 7 (completed in 2007), focusing on an All-IP Packet Switched (AIPN) domain, and was fully specified in Release 8, with the first Evolved Packet Core (EPC) architecture approved in December 2008.[2] The EPC, the primary component of SAE, separates control and user planes and includes key logical elements such as the Mobility Management Entity (MME) for signaling, Serving Gateway (SGW) and Packet Data Network Gateway (PGW) for user data routing, and supporting functions like the Home Subscriber Server (HSS).[3] SAE has continued to evolve through subsequent 3GPP releases, incorporating enhancements for quality of service (QoS), voice over IP (VoLTE), and interworking with emerging technologies, paving the way for integration with 5G New Radio (NR) in Release 15 and beyond as of 2025.[4]

Introduction and Historical Context

Overview of SAE

System Architecture Evolution (SAE) represents the 3GPP's strategic framework for advancing the 3G Universal Mobile Telecommunications System (UMTS) architecture toward a streamlined, all-IP packet-switched core network designed to accommodate high-speed data transmission and multimedia applications. This evolution emphasizes a flat network topology that eliminates legacy circuit-switched elements, enabling efficient packet handling across diverse services. The primary objectives of SAE include achieving a simplified architecture to reduce operational complexity, minimizing latency for enhanced user experience in real-time applications, bolstering mobility management for efficient device transitions, and facilitating seamless handovers between heterogeneous access networks such as LTE and non-3GPP systems. These goals address the limitations of prior generations by prioritizing an IP-centric design that supports scalable bandwidth and unified bearer management for both voice and data traffic. At its core, SAE introduces the Evolved Packet System (EPS), an integrated framework that merges the Evolved Packet Core (EPC)—serving as the central control and data plane for packet routing—with the Evolved Universal Terrestrial Radio Access Network (E-UTRAN) to form a cohesive all-IP ecosystem. This combination ensures optimized end-to-end connectivity while maintaining backward compatibility with existing 3GPP infrastructures. SAE development commenced within 3GPP Release 8, with initial studies starting around 2005 and normative specifications developed and finalized in Release 8 from 2006 to 2008, culminating in the release freeze in December 2008.[5] The first commercial deployments of SAE-enabled LTE networks occurred in late 2009, marking the practical realization of these advancements in operator environments.[6]

Evolution from Previous Generations

The second generation (2G) mobile networks, exemplified by the Global System for Mobile Communications (GSM), primarily utilized a circuit-switched core network for voice services, dedicating fixed channels for the duration of calls, which ensured reliable but inefficient resource allocation for data. The introduction of General Packet Radio Service (GPRS) added packet-switched capabilities for data transmission, but this required separate core network domains: the circuit-switched domain managed by the Mobile Switching Center (MSC) for voice, and the packet-switched domain handled by the Serving GPRS Support Node (SGSN) and Gateway GPRS Support Node (GGSN) for IP data. This bifurcation led to key limitations, including the inability to efficiently support simultaneous voice and data sessions without complex workarounds, low data throughput typically under 100 kbps, and suboptimal handling of bursty IP traffic due to the legacy circuit-switched overhead. The third generation (3G) Universal Mobile Telecommunications System (UMTS) marked significant progress with the UMTS Terrestrial Radio Access Network (UTRAN), supporting higher data rates up to 384 kbps in Release 99 and beyond through enhancements like High-Speed Packet Access (HSPA). However, UMTS retained the dual-domain core architecture, with the circuit-switched (CS) domain optimized for real-time voice via the MSC Server and Media Gateway, and the packet-switched (PS) domain for data via the SGSN and GGSN. This separation increased system complexity, as services had to navigate distinct paths, leading to inefficiencies for IP-centric applications; for instance, voice over IP (VoIP) suffered from suboptimal integration with the CS domain, while PS domain latency for control plane transitions from idle to active states typically around 500–2000 ms, hindering responsive multimedia and web services.[7] The evolution toward System Architecture Evolution (SAE) was driven by the explosive growth of IP-based services in the mid-2000s, including mobile internet, video streaming, and multimedia messaging, which exposed the limitations of hybrid CS/PS architectures in supporting seamless convergence of voice and data. Traditional systems struggled with scalability for all-IP traffic, high operational costs from maintaining dual domains, and poor efficiency for packet-optimized services, prompting 3GPP to pursue a unified, flat all-IP core network. A pivotal event was the 2005 feasibility study outlined in 3GPP Technical Report 23.882, which evaluated architectural options to achieve lower latency, simplified signaling, and enhanced support for IP multimedia subsystem (IMS)-based services, ultimately recommending an evolved packet core to replace the fragmented 2G/3G designs.[1] To quantify these motivations, SAE set ambitious performance targets compared to UMTS, aiming for control plane latency under 100 ms (from camped to active state) versus UMTS/HSPA's typical 500–2000 ms, and user plane one-way latency below 5 ms to enable real-time applications, thereby addressing the inefficiencies of prior generations' higher delays and domain-specific bottlenecks.[7]

SAE Core Network Architecture

Evolved Packet Core (EPC) Design Principles

The Evolved Packet Core (EPC) embodies core design principles centered on a fully packet-switched, all-IP network architecture that supports IP connectivity without reliance on circuit-switched domains, enabling efficient delivery of data and voice services over LTE and compatible technologies. This packet-switched foundation, as defined in 3GPP specifications, eliminates legacy hierarchies from prior generations like UMTS, focusing instead on streamlined IP-based transport for both user data and signaling. A key principle is the adoption of a flat architecture, which reduces the number of network nodes and hierarchies to minimize latency and operational complexity while enhancing overall system efficiency.[8][8][8] Complementing this is the logical separation of the control plane and user plane, allowing independent scaling and optimization of signaling functions from data forwarding paths. The control plane handles mobility management, session control, and authentication, while the user plane focuses on bearer-level data transport using protocols like GTP-U over UDP/IP. This separation promotes flexibility, as control elements can be centralized or distributed without impacting data throughput.[8][8][8] At a high level, the EPC structure routes user plane traffic directly from the eNodeB in the E-UTRAN through the Serving Gateway (SGW) to the Packet Data Network Gateway (PGW), and onward to external Packet Data Networks (PDNs), supporting IP, non-IP, and Ethernet PDN types with minimal intermediaries. In contrast, the control plane operates via the Mobility Management Entity (MME), which interfaces with radio access elements to orchestrate attachment, handover, and bearer establishment. High-level architectural diagrams typically illustrate this as two parallel paths: a direct, low-hop user data flow and a signaling overlay for control, emphasizing the flat topology without deep node nesting.[8][8][8] Central to this structure are standardized interfaces that ensure interoperability and simplicity, including the S1 interface to the RAN (split into S1-MME for control signaling via S1-AP and S1-U for user data via GTP-U), S5/S8 between gateways for interworking and roaming (using GTP or PMIP), and S11 between the MME and SGW for control coordination. These interfaces form a modular framework that avoids proprietary dependencies and supports seamless integration.[8] The resulting benefits include exceptional scalability, capable of handling billions of devices through mechanisms like load balancing across multiple instances of core elements and efficient resource pooling, as well as robust support for heterogeneous access networks such as E-UTRAN, GERAN, WLAN, and non-3GPP technologies. This design facilitates global roaming, optimized mobility, and adaptability to diverse traffic patterns, laying the groundwork for high-performance mobile broadband services.[8][8]

EPC Logical Components and Interfaces

The Evolved Packet Core (EPC) architecture is structured around logical components that separate control plane functions, user plane handling, and subscriber data management to ensure efficient packet-switched operations in LTE networks. The control plane comprises the Mobility Management Entity (MME) and the Policy and Charging Rules Function (PCRF), which facilitate signaling for mobility management and policy enforcement across the network. The user plane includes the Serving Gateway (SGW) and the Packet Data Network Gateway (PGW), which manage the forwarding and routing of user data packets. Subscriber data management is handled by the Home Subscriber Server (HSS), a centralized repository for user profiles and authentication keys. These logical components interconnect through defined reference points that standardize communication pathways within the EPC and with external entities. The S1-MME reference point connects the eNodeB to the MME for control plane signaling, enabling session establishment and mobility coordination. The S1-U reference point links the eNodeB to the SGW for user plane data transfer, supporting direct tunneling of IP packets. The S6a reference point interfaces the MME with the HSS for authentication, authorization, and location updates. The SGi reference point provides the PGW's connection to external Packet Data Networks (PDNs), allowing access to services like the Internet or IMS. Specific protocols underpin these reference points to ensure reliable data and signaling exchange. The GPRS Tunneling Protocol (GTP) is employed for user plane tunneling on interfaces like S1-U, encapsulating user traffic to maintain end-to-end connectivity during mobility. Diameter protocol supports authentication and signaling on the S6a interface, facilitating secure subscriber data retrieval and updates. The Non-Access Stratum (NAS) protocol operates between the User Equipment (UE) and MME via the S1-MME reference point, handling higher-layer control messages for procedures such as attach and detach. The EPC's reference points and protocols collectively enable key architectural features like roaming and handover, as illustrated in the non-roaming architecture (3GPP TS 23.401, Figure 4.2.1-1) and roaming architecture (Figure 4.2.2-1). In roaming scenarios, interfaces such as S6a and SGi support home-routed traffic, where user data traverses the home network's PGW for policy application, while S1-MME and S1-U facilitate seamless handovers between eNodeBs by maintaining session continuity without service interruption. This design promotes scalability and interoperability across operator networks.

Key EPC Network Elements

Mobility Management Entity (MME)

The Mobility Management Entity (MME) serves as the central control plane node in the Evolved Packet Core (EPC), responsible for managing user equipment (UE) access, mobility, and session control within the LTE/E-UTRAN environment. It handles non-access stratum (NAS) signaling termination and security, ensuring secure communication between the UE and the core network while coordinating with base stations (eNodeBs) via the S1-MME interface. As a non-user-plane entity, the MME focuses exclusively on signaling to minimize latency and optimize resource use, interacting with gateways like the Serving Gateway (SGW) over the S11 interface for bearer coordination. This design enables efficient support for high-mobility scenarios in LTE networks.[8] Key functions of the MME encompass NAS signaling termination, which involves processing messages for connection establishment and maintenance; mobility management, including tracking area updates and handover signaling to maintain UE location and seamless transitions; authentication through the Evolved Packet System Authentication and Key Agreement (EPS-AKA) procedure using vectors from the Home Subscriber Server (HSS); and bearer activation for default and dedicated EPS bearers to enable data sessions with appropriate Quality of Service (QoS) parameters. The MME also manages UE contexts in ECM-IDLE and ECM-CONNECTED states, storing essential information such as location on a tracking area list granularity and supporting roaming between 3GPP accesses via inter-CN node signaling. These functions position the MME as the primary orchestrator of control plane operations, ensuring network efficiency and security without involvement in user data routing.[8] The MME executes core procedures such as UE attach and detach to initiate or terminate network access, with the attach process involving an Attach Request message from the UE followed by an Attach Accept from the MME after authentication and bearer setup. Idle mode tracking relies on tracking area lists assigned to the UE, allowing the MME to monitor location without constant signaling, while paging procedures notify UEs in ECM-IDLE state across registered tracking areas to re-establish connectivity for incoming sessions. Handover signaling supports intra-LTE and inter-RAT mobility by transferring contexts between MMEs or to legacy nodes, ensuring minimal disruption. Authentication via EPS-AKA occurs during attach or tracking area updates, verifying UE identity against HSS data and deriving session keys for NAS security. Bearer activation integrates with these procedures, establishing EPS bearers during attach or service requests to support PDN connectivity.[8] For scalability, the MME employs pooling mechanisms where multiple MME instances serve a common MME Pool Area, enabling load balancing across cells through weight factors and UE rebalancing to distribute traffic and enhance redundancy. This architecture allows dynamic selection of MMEs during handovers or attaches, reducing single-point failures and supporting dense deployments. In deployment, the MME acts as a centralized control node, interfacing with eNodeBs for signaling and HSS for subscriber data, with its control-plane-only role contributing to low-latency operations by offloading user plane handling to gateways.[8]

Serving Gateway (SGW) and Packet Data Network Gateway (PGW)

The Serving Gateway (SGW) and Packet Data Network Gateway (PGW) form the primary user plane elements in the Evolved Packet Core (EPC) of System Architecture Evolution (SAE), handling the transport, routing, and external connectivity of user data packets while supporting mobility and charging requirements.[8] The SGW serves as a local anchor point within the radio access network, interfacing with eNodeBs to manage intra-LTE mobility, whereas the PGW acts as the network's edge toward external Packet Data Networks (PDNs), ensuring IP-level connectivity and policy application.[8] Together, they enable seamless data session establishment and handover, utilizing GPRS Tunneling Protocol (GTP) for efficient user plane encapsulation.[8] The SGW anchors the user plane locally for intra-LTE handovers by switching data paths between eNodeBs without interrupting service, forwarding packets via the S1-U interface and buffering downlink data during UE idle states to prevent loss.[8] It routes user plane traffic toward the PGW over the S5/S8 interface and supports lawful interception by duplicating intercepted traffic streams for authorized entities, as required by national regulations.[9] Additionally, the SGW collects basic charging-related data, such as radio access technology type and UE location, forwarding it to the PGW or charging functions to enable accurate billing.[8] The PGW provides external PDN connectivity by routing IP packets between the EPC and external networks via the SGi interface, allocating IPv4 or IPv6 addresses (or prefixes) to the UE upon session initiation.[8] It enforces subscriber-specific policies for data handling and generates Charging Data Records (CDRs) to track usage volumes, service types, and durations for offline and online charging systems.[8] As the mobility anchor for inter-system handovers, the PGW maintains session continuity across 3GPP and non-3GPP accesses, updating routes dynamically during mobility events.[8] Key procedures involving the SGW and PGW include default and dedicated bearer setup, initiated during UE attach or PDN connectivity requests under MME control.[8] In default bearer establishment, the SGW creates GTP tunnels to the eNodeB and PGW, relaying Create Session Request messages to allocate resources and assign Tunnel Endpoint Identifiers (TEIDs) for user plane encapsulation.[8] Dedicated bearers for enhanced Quality of Service (QoS) follow a similar process via Modify Bearer Request/Response exchanges, allowing the PGW to apply traffic flow templates (TFTs) for differentiated handling of application-specific data streams.[8] GTP tunneling, primarily via GTP-U over UDP/IP, ensures reliable user plane transport between the SGW and PGW, with the SGW managing path switches during handovers by sending end marker packets to delineate old and new paths.[8] In combined operation, the S5/S8 interface between the SGW and PGW supports inter-operator roaming by enabling GTP-based tunneling across home and visited networks, with the PGW serving as the central edge gateway for all external PDN interactions.[8] This setup allows the SGW to remain in the visited network for local anchoring while the PGW in the home network handles subscription-based routing and charging, ensuring minimal latency for roaming users.[8]

Supporting Elements: HSS, ANDSF, and ePDG

The Home Subscriber Server (HSS) functions as the central subscriber database in the System Architecture Evolution (SAE) Evolved Packet Core (EPC), storing essential user data such as International Mobile Subscriber Identity (IMSI), Mobile Station International Subscriber Directory Number (MSISDN), International Mobile Equipment Identity (IMEI), authentication vectors, location information, and subscription profiles including Packet Data Network (PDN) contexts, Quality of Service (QoS) parameters like QoS Class Identifier (QCI) and Allocation and Retention Priority (ARP), and Access Point Name (APN) configurations.[8] It provides authentication vectors, including Random (RAND), expected response (XRES), Authentication Token (AUTN), and key derivation parameters, to support EPS Authentication and Key Agreement (AKA) procedures during initial attachment and mobility events.[8] The HSS maintains UE location data, such as Tracking Area Identity (TAI) and E-UTRAN Cell Global Identifier (ECGI), updating it via procedures like Update Location and Cancel Location to facilitate paging and mobility management.[8] Access to the HSS is enabled through the S6a interface using the Diameter protocol, allowing the Mobility Management Entity (MME) to retrieve and update subscriber information for authorization and service provisioning.[8] The Access Network Discovery and Selection Function (ANDSF) operates as a policy server in the SAE architecture, assisting User Equipment (UE) in selecting between 3GPP and non-3GPP accesses like Wi-Fi and LTE by delivering discovery rules and offload policies.[10] It provides Inter-System Mobility Policy (ISMP) to prioritize networks based on criteria such as access technology, location (e.g., PLMN, TAC, or geolocation), and time validity, enabling efficient handover decisions.[10] For traffic management, the ANDSF supplies Inter-System Routing Policy (ISRP), which defines rules for distributing IP flows across accesses using mechanisms like IP Flow Mobility (IFOM), Multi-Access PDN Connectivity (MAPCON), or non-seamless WLAN offload, including flow-based or service-based routing with priority assignments.[10] Policies are provisioned to the UE via the Open Mobile Alliance (OMA) Device Management (DM) protocol, supporting client-initiated sessions with Management Object (MO) identifiers like urn:oma:mo:ext-3gpp-andsf:1.0 for dynamic updates based on UE context.[10] The evolved Packet Data Gateway (ePDG) serves as the entry point for untrusted non-3GPP accesses, such as public Wi-Fi, into the EPC, ensuring secure interworking by establishing IPSec tunnels to the PDN Gateway (PGW).[11] It handles IKEv2-based IPSec Security Associations (SAs), either as a single SA for all bearers or separate SAs per dedicated bearer, routing uplink and downlink packets using Traffic Flow Templates (TFTs) and enforcing QoS via QCI or Differentiated Services Code Point (DSCP) mapping.[11] The ePDG connects to the PGW over the S2b interface using Proxy Mobile IPv6 (PMIPv6) or GTP for mobility anchoring and bearer management, while the SWu interface manages the IPSec tunnel with the UE, and SWm supports AAA signaling for authentication.[11] It allocates IP addresses, resolves APNs, and supports PDN connectivity establishment, including emergency sessions, by interacting with policy elements for authorization.[11] These elements integrate to enable seamless multi-access in SAE, where the HSS supplies subscriber profiles and authentication data to the ePDG via the 3GPP AAA Server during non-3GPP attachment, ensuring consistent authorization across accesses.[11] The ANDSF complements this by providing discovery and routing policies that guide UE selection of Wi-Fi or LTE, facilitating handovers where the ePDG maintains IPSec tunnels and the HSS updates location information (e.g., via Update Location over S6a) to preserve session continuity without service interruption.[11] This coordination supports IP address preservation and bearer recreation during transitions between 3GPP and untrusted non-3GPP networks, enhancing mobility for multi-access scenarios.[11]

Protocols and Signaling in SAE

Non-Access Stratum (NAS) Protocols

The Non-Access Stratum (NAS) protocols in the Evolved Packet System (EPS) facilitate control plane signaling between the User Equipment (UE) and the core network, specifically the Mobility Management Entity (MME), independent of the radio access technology. These protocols are layered above the Radio Resource Control (RRC) sublayer and comprise two main sublayers: the EPS Mobility Management (EMM) sublayer for handling UE-network attachment and mobility, and the EPS Session Management (ESM) sublayer for managing data sessions and bearer contexts.[12] The EMM sublayer oversees the UE's registration and mobility within the EPS, transitioning the UE between states such as EMM-REGISTERED and EMM-DEREGISTERED. Key procedures include EPS attach, which allows the UE to register with the network, establish an EMM context, and often initiate a default bearer for packet data network (PDN) connectivity; this is triggered by the UE sending an ATTACH REQUEST message, followed by an ATTACH ACCEPT or REJECT from the MME. Detach procedures enable the UE or network to terminate connectivity, releasing the EMM context and associated bearers via DETACH REQUEST and ACCEPT messages, with options indicating whether re-attachment is required. Tracking area update (TAU) procedures update the UE's location when it moves outside its assigned tracking area identity (TAI) list or upon expiry of periodic timers, using TRACKING AREA UPDATE REQUEST and ACCEPT messages to maintain efficient paging and handover support. Authentication verifies the UE's identity through the EPS Authentication and Key Agreement (AKA) process, involving AUTHENTICATION REQUEST and RESPONSE messages with parameters like RAND and AUTN for mutual authentication between UE and network. Security context establishment follows authentication, activating encryption and integrity protection for NAS signaling via SECURITY MODE COMMAND and COMPLETE messages, selecting appropriate NAS security algorithms to protect subsequent communications.[12] The ESM sublayer manages the activation, modification, and deactivation of EPS bearers to support IP-based connectivity and quality of service (QoS) requirements. PDN connectivity procedures establish a connection to an external PDN, activating a default EPS bearer through the PDN CONNECTIVITY REQUEST message from the UE and an ACTIVATE DEFAULT EPS BEARER CONTEXT REQUEST from the MME, enabling initial data transfer. Bearer resource allocation procedures create dedicated bearers for specific services, using BEARER RESOURCE ALLOCATION REQUEST and ACTIVATE DEDICATED EPS BEARER CONTEXT REQUEST messages to assign resources beyond the default bearer. Bearer resource modification adjusts parameters of existing bearers, such as QoS profiles, via BEARER RESOURCE MODIFICATION REQUEST and MODIFY EPS BEARER CONTEXT REQUEST messages, allowing dynamic adaptation to traffic needs without full re-establishment. These procedures are transported via the MME, as detailed in the Mobility Management Entity (MME) section.[12] Error handling in NAS protocols ensures robust operation amid failures, using cause values in messages to indicate reasons for rejection or termination, such as congestion (#22 in EMM) or insufficient resources (#26 in ESM), prompting the UE to store forbidden PLMNs or TAIs and adjust behavior accordingly. Timers supervise procedures to manage retries and prevent overload; for instance, T3410 (default 15 seconds) governs EPS attach retransmissions, while T3412 (default 54 minutes) controls periodic TAU and attach retry intervals after rejection, with extended values supported for network flexibility. Other timers include T3482 (8 seconds, up to 4 retries) for PDN connectivity requests and T3346 for back-off during congestion, ensuring orderly recovery without excessive signaling.[12]

EPC Internal Protocol Stack

The Evolved Packet Core (EPC) employs distinct protocol stacks for control plane signaling and user plane data transport between its internal network elements, enabling efficient mobility management, session control, and packet forwarding in an all-IP architecture. The control plane stack facilitates signaling exchanges, such as bearer establishment and location updates, while the user plane stack handles the encapsulation and tunneling of user data packets. These stacks are optimized for low latency and scalability, building on IP transport layers to minimize complexity compared to prior generations.

Control Plane Protocol Stack

In the EPC, control plane communications rely on application-specific protocols layered over reliable transport mechanisms. For the S1-MME interface between the Mobility Management Entity (MME) and the eNodeB, the stack consists of the S1 Application Protocol (S1AP) atop Stream Control Transmission Protocol (SCTP), which runs over Internet Protocol (IP) and a data link layer such as Ethernet; S1AP handles procedures like initial UE context setup and handover signaling.[13] The SCTP layer ensures reliable, ordered delivery of S1AP messages with multi-homing support for enhanced availability.[14] For the S11 interface connecting the MME to the Serving Gateway (SGW), the control plane uses GTP-Control (GTP-C, version 2) over User Datagram Protocol (UDP) and IP, with Ethernet as the underlying layer; this stack supports bearer activation, modification, and deletion through messages like Create Session Request.[15] GTP-C messages carry information elements for tunnel endpoint identification and sequence numbering to maintain session integrity during mobility events.[16] The S6a interface between the MME and Home Subscriber Server (HSS) employs the Diameter protocol over SCTP (or TCP) and IP, layered on Ethernet; Diameter facilitates authentication and authorization via commands such as Authentication-Information-Request, which include Attribute-Value Pairs (AVPs) like RAND (random challenge), AUTN (authentication token), and Authentication-Info for EPS-AKA procedures.[17] These AVPs encode subscriber-specific data, ensuring secure vector generation and verification without exposing permanent keys.[18] The Non-Access Stratum (NAS) protocol serves as the uppermost layer in these control plane stacks for mobility and session management signaling between the MME and UE, though its details are covered separately.

User Plane Protocol Stack

The user plane in the EPC focuses on efficient packet tunneling between gateways and the radio access network (RAN). For interfaces such as S1-U (between SGW and eNodeB) and S5/S8 (between SGW and PDN Gateway, PGW), the stack utilizes GTP-User (GTP-U) over UDP and IP, with Ethernet at the physical layer; GTP-U encapsulates IP packets from the user equipment, enabling seamless forwarding across the core.[19] In the RAN side, packets are processed below the EPC stack through Packet Data Convergence Protocol (PDCP) for header compression and ciphering, and Radio Link Control (RLC) for segmentation, but the core elements handle GTP-U termination. GTP-U headers include a 32-bit Tunnel Endpoint Identifier (TEID) to uniquely identify tunnels per bearer, and an optional 32-bit sequence number for in-order delivery and duplication detection, particularly useful in handover scenarios.[20] The header structure is compact, typically adding 8 octets when sequence numbering is enabled, supporting high-throughput data paths without mandatory acknowledgments.

Performance Aspects

The EPC protocol stacks achieve header overhead reduction compared to previous systems like the 3G Packet Switched Core, where multi-layered protocols (e.g., GTPv1 over Frame Relay) added significant encapsulation; SAE's all-IP design and streamlined GTP headers limit user plane overhead to approximately 40 octets (including IP/UDP/GTP-U), enhanced further by Robust Header Compression (ROHC) in the RAN for IP/UDP/RTP flows. This optimization supports peak data rates exceeding 100 Mbps while minimizing signaling load, as GTP-C and Diameter leverage efficient AVP encoding to avoid redundant fields present in legacy SS7-based protocols.[15][17]

Service Support in SAE

Voice and SMS over EPC

The Evolved Packet Core (EPC) architecture, being entirely packet-switched, lacks a traditional circuit-switched (CS) domain for voice and short message service (SMS), necessitating adaptations to deliver these services over the packet-switched (PS) domain. This is achieved primarily through integration with the IP Multimedia Subsystem (IMS), which enables Voice over LTE (VoLTE) and SMS over IP, while fallback mechanisms ensure compatibility with legacy CS networks.[8][21] VoLTE relies on IMS for call control and media transport, using Session Initiation Protocol (SIP) signaling to establish and manage sessions. The UE registers with the IMS core via the Proxy-Call Session Control Function (P-CSCF), which routes SIP messages to the Serving-CSCF (S-CSCF) for authentication and service authorization against the Home Subscriber Server (HSS). Media streams, carried via Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP), are transported over dedicated EPS bearers established by the EPC, ensuring low-latency and guaranteed bitrate for voice traffic.[22][21][8] For VoLTE call setup, the originating UE sends a SIP INVITE message to the P-CSCF, which forwards it through the IMS core to the terminating UE, including Session Description Protocol (SDP) offers for codec negotiation and media parameters. Upon acceptance, the EPC establishes a dedicated bearer for the voice media path, while IMS handles signaling continuity. Emergency VoLTE calls are prioritized with dedicated emergency bearers and dynamic policy control, bypassing standard registration if needed, to ensure rapid connection to public safety answering points.[21][8][22] SMS in EPC supports multiple delivery paths to accommodate IMS-capable and legacy devices. SMS over IP leverages IMS with an IP Short Message Gateway (IP-SM-GW) for interworking between SIP-based messaging and legacy SMS centers (SMS-SC). For mobile-originated (MO) SMS, the UE encapsulates the SMS payload in a SIP MESSAGE request to the IP-SM-GW, which converts it to the legacy Mobile Application Part (MAP) protocol and routes it to the SMS-GMSC. Mobile-terminated (MT) SMS follows the reverse path, with the IP-SM-GW delivering the message via SIP to the IMS-registered UE.[23][24] For non-IMS devices or legacy support, SMS over SGs allows the Mobility Management Entity (MME) to interface with the CS domain's MSC/VLR using the SGs Application Part (SGsAP) protocol, emulating SGSN behavior to deliver SMS without full CS fallback. Additionally, SMS payloads can be transported over the Non-Access Stratum (NAS) directly to the MME, which then forwards them to the SMS function for routing, providing an efficient PS-only option especially for control-plane optimized devices. Bearer management for these SMS procedures occurs via the Evolved Session Management (ESM) sublayer of NAS.[8][25][8] To address coverage gaps where IMS or PS voice is unavailable, Single Radio Voice Call Continuity (SRVCC) provides seamless handover of VoLTE sessions from EPC to legacy 2G/3G CS networks. During handover, the MME coordinates with the MSC Server enhanced for SRVCC via the Sv interface, transferring the IMS session using a Session Transfer Number for SRVCC (STN-SR) and splitting the PS bearer into CS voice and residual PS data paths. The UE retunes to the target UTRAN/GERAN cell, completes the CS handover, and the IMS core updates the session to route media via the CS domain.[26][8] These adaptations overcome the absence of a CS domain in EPC by fully leveraging PS infrastructure for voice and SMS, with IMS providing the unified service framework and SRVCC ensuring service continuity during mobility events.[21][22]

Quality of Service (QoS) Mechanisms

The Quality of Service (QoS) mechanisms in the System Architecture Evolution (SAE), also known as the Evolved Packet Core (EPC), enable differentiated treatment of IP flows to support diverse service requirements such as low latency for voice and high throughput for data. SAE employs a bearer-based QoS model where Evolved Packet System (EPS) bearers serve as the fundamental units for applying QoS policies across the network, from the User Equipment (UE) through the eNodeB to the Packet Data Network Gateway (PGW). In this model, each UE establishes a default EPS bearer upon initial attachment, which is typically non-Guaranteed Bit Rate (non-GBR) and associated with QoS Class Identifier (QCI) 9 for best-effort traffic and IMS signaling, ensuring basic connectivity without resource reservations. Dedicated EPS bearers can then be activated as needed for specific services, allowing granular QoS application; for instance, QCI 1 is used for conversational voice traffic, providing low packet delay budget (100 ms) and low packet error loss rate (10^-2), while QCI 5 supports non-conversational video with a 150 ms delay budget. The QCI is a scalar value from 1 to 9 (with extensions in later releases), standardizing bearer treatment by defining resource type (GBR or non-GBR), priority level, packet delay budget, and packet error loss rate, which guide scheduling and queueing in network elements like the eNodeB and PGW. Policy and Charging Control (PCC) forms the core of dynamic QoS management in SAE, with the Policy and Charging Rules Function (PCRF) acting as the central decision point for authorizing and provisioning QoS rules based on subscriber profiles, service data flows, and application requirements. The PCRF communicates with the PGW, functioning as the Policy and Charging Enforcement Function (PCEF), over the Gx reference point to install, modify, or remove PCC rules that map IP flows to bearers and enforce QoS parameters. Additionally, the Rx reference point allows Application Functions (AFs), such as those in the IP Multimedia Subsystem (IMS), to provide session and media information to the PCRF, enabling dynamic adjustment of QoS for ongoing sessions, such as reserving resources for high-priority flows. QoS enforcement occurs at bearer level through parameters like Allocation and Retention Priority (ARP), which determines admission control and pre-emption during resource contention—higher ARP values allow pre-emption of lower-priority bearers to free resources. For GBR bearers, the Guaranteed Bit Rate (GBR) parameter ensures a minimum reserved bandwidth, with Maximum Bit Rate (MBR) capping the upper limit to prevent over-utilization, applied end-to-end from radio access to core network. These mechanisms are implemented via signaling procedures, such as those in the EPS Session Management (ESM) part of the Non-Access Stratum (NAS), for bearer setup and modification. Compared to earlier 3GPP packet-switched systems like GPRS/UMTS, which relied on aggregate QoS profiles per Packet Data Protocol (PDP) context with limited differentiation, SAE's per-bearer QoS model introduces standardized QCIs and dynamic PCC for more precise, service-aware resource allocation, enhancing support for multimedia applications.

Integration with Access Networks

Support for Multiple Access Technologies

The System Architecture Evolution (SAE), through the Evolved Packet Core (EPC), facilitates seamless integration of multi-mode User Equipment (UE) across 3GPP Radio Access Technologies (RATs), including E-UTRAN (LTE), UTRAN (3G), and GERAN (2G/GSM/EDGE). This support enables handovers in connected mode, ensuring continuity of packet-switched services during mobility between these RATs. Multi-mode UEs, capable of operating on multiple RATs, interact with the EPC via the S1 interface for inter-RAT handovers, while intra-E-UTRAN handovers utilize the X2 interface for efficiency.[27] Handover procedures from E-UTRAN to UTRAN or GERAN are network-initiated and coordinated by the Mobility Management Entity (MME), which forwards relocation requests to the target Serving GPRS Support Node (SGSN) or Mobile Switching Center/Visitor Location Register (MSC/VLR). For E-UTRAN to UTRAN handover, the source eNodeB sends a Handover Required message to the MME, which issues a Forward Relocation Request to the SGSN; the target Radio Network Controller (RNC) then allocates resources and acknowledges, enabling data forwarding and handover execution. Similarly, E-UTRAN to GERAN handovers involve PS Handover Request/Acknowledge signaling over S1, supporting packet-switched continuity with direct or indirect tunneling for user plane data. Reverse handovers from UTRAN or GERAN to E-UTRAN follow analogous steps, with the source SGSN initiating relocation to the MME, ensuring bearer modification and context transfer for seamless reattachment to EPC bearers. These procedures, defined in Release 8 and enhanced in subsequent releases, prioritize minimal service interruption through preparation and execution phases.[27] In idle mode, SAE supports mobility via cell reselection policies that allow the UE to autonomously transition between RATs based on signal quality and network priorities, without frequent signaling to the core network. The UE evaluates cell suitability using criteria such as reference signal received power (RSRP) or quality (RSRQ) for E-UTRAN, and equivalent metrics for UTRAN (e.g., CPICH RSCP/Ec/No) and GERAN (e.g., received signal strength). Inter-RAT reselection to a higher-priority RAT occurs if the serving cell's signal level (Srxlev) falls below a threshold (e.g., ThreshServing,LowP) and the target RAT's exceeds ThreshX,LowP, after a timer TreselectionRAT expires. For equal or lower priorities, ranking based on measured quality minus offsets determines the best cell, with reselection to the highest-ranked suitable cell after camping for at least one second. Idle Mode Signalling Reduction (ISR) further optimizes this by allowing reselection between E-UTRAN and GERAN/UTRAN without immediate Tracking Area Update (TAU) or Routing Area Update (RAU), using a Temporary Identity (TIN) flag in accept messages to indicate ISR activation. The MME handles any necessary context synchronization during subsequent updates, as detailed in the Mobility Management Entity section.[28][27] Combined attach procedures in SAE enable simultaneous registration for Evolved Packet System (EPS) services (e.g., IP connectivity) and non-EPS services (e.g., IMSI-based circuit-switched fallback or SMS), streamlining initial network access for multi-mode UEs. The UE initiates this with an ATTACH REQUEST message indicating "combined EPS/IMSI attach," including identifiers like GUTI or IMSI and UE network capabilities; the MME authenticates the UE, performs security setup, and activates a default EPS bearer within the ATTACH ACCEPT response, while signaling the MSC/VLR for non-EPS registration if supported. Upon success, the UE enters EMM-REGISTERED state, supporting both service types; failure for non-EPS (e.g., due to network congestion) results in EPS-only attach with an appropriate EMM cause. This single-procedure approach, applicable in S1 mode, reduces signaling overhead compared to separate GPRS/IMSI attaches in legacy systems.[29][27] UE-assisted RAT selection relies on measurements and reporting to inform handover and reselection decisions across RATs. In connected mode, the eNodeB configures measurements via RRC signaling, prompting the UE to report inter-RAT events like B1 (better cell in target RAT) or B2 (serving becomes worse and target better), based on thresholds for UTRAN CPICH or GERAN BCCH quality relative to E-UTRAN RSRP/RSRQ. For idle mode, the UE autonomously measures neighboring RATs when criteria like SnonIntraSearchP/Q are met, reporting indirectly through reselection outcomes or TAU updates that include RAT type and bearer status to the MME. These reports enable the network to optimize RAT/frequency selection using RFSP indices from the MME, ensuring efficient mobility without excessive battery drain on the UE.[28][27]

Interworking with Non-3GPP Networks

The System Architecture Evolution (SAE), also known as the Evolved Packet Core (EPC), enables integration with non-3GPP access networks such as Wi-Fi and CDMA2000 through defined reference points that facilitate IP connectivity while maintaining security and mobility. This interworking supports both trusted and untrusted non-3GPP accesses, allowing user equipment (UE) to connect to the EPC via gateways that anchor sessions at the Packet Data Network Gateway (PGW). The primary mechanisms involve the S2a, S2b, and S2c interfaces, which employ protocols like Proxy Mobile IP (PMIP) version 6, GPRS Tunneling Protocol (GTP) version 2, or Dual Stack Mobile IPv6 (DSMIPv6) to handle mobility and bearer management between non-3GPP accesses and the PDN GW.[30] For trusted non-3GPP accesses, the S2a interface connects the non-3GPP gateway (e.g., a trusted WLAN access gateway) directly to the PDN GW, using PMIP or GTP to establish IP-CAN sessions and manage bearers without intermediate tunneling for security. In contrast, the S2b interface addresses untrusted non-3GPP accesses, such as public Wi-Fi, by routing traffic through an Evolved Packet Data Gateway (ePDG) to the PDN GW; this setup employs PMIP or GTP over IPSec tunnels established via the SWu reference point using Internet Key Exchange version 2 (IKEv2) for encryption and integrity. The S2c interface supports host-based mobility protocols like DSMIPv6, enabling direct UE-to-PDN GW communication for dynamic address allocation and binding updates, typically in scenarios requiring minimal network involvement. These interfaces ensure session continuity, with the PDN GW serving as the mobility anchor for IP address preservation during transitions.[30] The ePDG plays a critical role in securing untrusted Wi-Fi connections by encapsulating user plane traffic in IPSec Security Associations (SAs), with a single SA per PDN connection to optimize overhead; it handles IKEv2 signaling for tunnel establishment and maps packet filters to S2b bearers for QoS enforcement. Complementing this, the Access Network Discovery and Selection Function (ANDSF) assists UEs in identifying available non-3GPP networks and selecting appropriate ones (trusted or untrusted) through policies delivered over the S14 interface, including inter-system mobility policies (ISMP) and WLAN selection policies (WLANSP) to guide ePDG discovery via fully qualified domain names (FQDNs). For seamless mobility, SAE supports make-before-break handovers from LTE to Wi-Fi, where the UE initiates a handover attach procedure (using "Handover" attach type) while maintaining the existing 3GPP connection; this involves creating parallel sessions on S2a or S2b, followed by bearer modification requests to switch traffic without service interruption, preserving IP addresses and PDN connections.[30] Authentication for non-3GPP accesses leverages the Home Subscriber Server (HSS) via the SWx interface to the 3GPP AAA Proxy/Server, enabling Extensible Authentication Protocol (EAP)-based procedures during initial attachment; the HSS provides subscription data, PDN GW identities, and static IP allocations if needed, ensuring unified authentication across accesses while integrating with the non-3GPP AAA server over SWa or STa interfaces. This framework supports roaming scenarios, including PMIP-based chaining over S8/S2b for home-routed traffic, and allows for local breakout in trusted cases to reduce latency. Overall, these mechanisms enhance SAE's extensibility by integrating diverse accesses without compromising EPC's core principles of all-IP connectivity and flat architecture.[30]

Evolution Across 3GPP Releases

Key Enhancements in Early Releases (Rel-8 to Rel-11)

The early releases of the 3GPP specifications, from Release 8 to Release 11, established the foundational architecture for System Architecture Evolution (SAE) by introducing the Evolved Packet Core (EPC) and integrating it with Long-Term Evolution (LTE) radio access, enabling an all-IP network for enhanced mobility and data services. These releases focused on baseline capabilities, incremental optimizations, and preparations for advanced features, achieving key performance targets such as a downlink peak data rate of 100 Mbps in Release 8 while supporting flexible spectrum usage and seamless handovers.[31] Release 8, frozen in December 2008, defined the baseline SAE architecture with the EPC comprising core elements like the Mobility Management Entity (MME) for control plane functions and the Serving Gateway (S-GW) and Packet Data Network Gateway (P-GW) for user plane handling, facilitating basic mobility management including idle mode mobility and handover procedures between LTE and legacy 3G networks.[5] It laid groundwork for voice services through integration with IP Multimedia Subsystem (IMS), enabling Circuit-Switched Fallback (CSFB) as an initial voice solution.[32] The release emphasized low latency (targeting 5 ms user plane) and efficient packet switching, with peak data rates of 100 Mbps downlink and 50 Mbps uplink for a 20 MHz bandwidth deployment.[31] Release 9, completed in December 2009, built on the SAE foundation with refinements to support dual-layer beamforming for improved downlink performance at cell edges, enhancing signal quality through multiple antenna streams without increasing complexity significantly.[33] It introduced Voice over LTE (VoLTE) for IMS-based voice services, comprehensive Location Services (LCS) for LTE, including methods like Assisted Global Positioning System (A-GPS), Observed Time Difference of Arrival (OTDOA), and Enhanced Cell ID (E-CID), enabling precise positioning for emergency services and location-based applications within the EPC.[34][21] It also introduced Home eNodeB (HeNB) support for femtocell deployments, enabling secure broadband-connected indoor access points integrated with the EPC. Additionally, enhancements to Multimedia Broadcast Multicast Service (MBMS) via evolved MBMS (eMBMS) optimized single-cell and multi-cell transmission modes for efficient delivery of broadcast content over SAE bearers.[34] These additions improved network efficiency and user experience while maintaining backward compatibility with Release 8 EPC elements. Release 10, frozen in March 2011, marked the transition to LTE-Advanced, introducing carrier aggregation to combine multiple component carriers (up to 100 MHz bandwidth) for higher throughput, achieving peak data rates of 1 Gbps downlink and 500 Mbps uplink, directly leveraging SAE's bearer management for aggregated flows.[35] It further enhanced femtocell support through improved Home eNodeB (HeNB) integration, with better interference management and closed subscriber group (CSG) handling for indoor coverage.[36] SAE-specific advancements included refined Self-Organizing Network (SON) features for automated configuration and self-healing, reducing operational costs in heterogeneous deployments.[37] Release 11, completed in December 2012, further refined LTE-Advanced capabilities with Coordinated Multi-Point (CoMP) transmission and reception to mitigate inter-cell interference, improving spectral efficiency in dense deployments through joint scheduling across eNodeBs coordinated via the EPC.[38] It expanded carrier aggregation to support up to five component carriers, including non-contiguous intra-band configurations and multiple timing advances for better flexibility in SAE bearer establishment.[39] SAE impacts included enhanced bearer handling for CoMP and aggregation scenarios, such as prioritized QoS bearers for multimedia services and improved mobility robustness during inter-eNodeB handovers. These developments solidified SAE's role in supporting advanced radio features without core network overhauls.

Advancements Toward 5G Integration (Rel-12 Onward)

Starting with Release 12 in 2013, the SAE architecture incorporated enhancements to support heterogeneous network deployments, including improved small cell integration for better urban coverage and capacity, advanced Wi-Fi offload procedures via the IP Flow Mobility in Evolved Packet System (IFOM) and Access Network Discovery and Selection Function (ANDSF), and Coordinated Multi-Point (CoMP) operations to reduce inter-cell interference. These features optimized EPC handling of multi-RAT traffic and prepared the ground for denser, more efficient networks.[40] Releases 13 and 14, spanning 2014 to 2016, extended SAE capabilities with Licensed Assisted Access (LAA), allowing LTE to opportunistically use unlicensed spectrum while maintaining EPC anchoring for control and mobility management.[41] Release 13 also introduced initial Vehicle-to-Everything (V2X) support, enabling direct device-to-device communications for safety applications with EPC integration for network-assisted coordination.[41] Enhanced Coverage (EC) modes were added for IoT, providing up to 20 dB gain in link budget to serve devices in basements or rural areas, with EPC optimizations for low-power, low-data-rate traffic.[41] Building on this, Release 14 advanced V2X with enhanced sidelink communications and further IoT refinements, including multi-carrier support in EC for broader deployment flexibility.[42] From Release 15 onward, beginning in 2018, SAE evolved to directly support 5G integration through the Non-Standalone (NSA) architecture, where 5G New Radio (NR) air interface leverages the existing EPC core for initial deployments, enabling enhanced Mobile Broadband (eMBB) with peak data rates exceeding 10 Gbps, massive Machine-Type Communications (mMTC) for up to 1 million devices per square kilometer, and Ultra-Reliable Low-Latency Communications (URLLC) with latencies under 1 ms.[43] This option utilized EPC's MME and SGW/PGW for control and user plane functions, allowing operators to boost capacity without immediate core replacement.[43] The parallel introduction of the 5G Core (5GC) in Standalone (SA) mode facilitated a gradual transition, with EPC serving as a bridge until full 5GC adoption. SAE received key extensions in these releases, such as virtualized EPC (vEPC) implementations compliant with ETSI NFV standards, deploying core functions like PGW and SGW on commercial off-the-shelf hardware for scalable, cloud-native operations. Precursors to 5G network slicing emerged via enhanced Policy and Charging Control (PCC) in TS 23.203, enabling dynamic bearer-level QoS differentiation and service-based policies that anticipated slicing isolation. As of November 2025, widespread 5G SA deployments utilizing 5GC have diminished EPC's role, with many operators migrating legacy LTE traffic to unified 5G cores for efficiency. Release 18, with specifications frozen in 2025 (Stage 3 in September 2025), further advanced IoT integration within the evolved architecture by enhancing non-terrestrial network (NTN) support for satellite-IoT connectivity, introducing RedCap positioning for low-complexity devices with sub-meter accuracy, and improving coverage for personal IoT networks through extended discontinuous reception and power-saving features.[44] These updates, building on prior EC modes, ensure SAE-derived elements remain viable for hybrid 4G-5G IoT ecosystems.[44]

References

  1. From Von Neumann to Modern Parallel Systems - ResearchGate
  2. A New Golden Age for Computer Architecture
  3. Trends in computing-system architecture | IEEE Journals & Magazine
  4. Evolution, Challenges, and Optimization in Computer Architecture
  5. Release 8 - 3GPP
  6. First Commercial LTE Networks Deployed in Sweden, Norway ...
  7. [PDF] Latency in HSPA Data Networks | Qualcomm
  8. Specification # 23.882 - 3GPP
  9. [PDF] ETSI TS 123 401 V18.8.0 (2025-01)
  10. https://www.etsi.org/deliver/etsi_ts/133100_133199/133127/17.08.00_60/ts_133127v170800p.pdf
  11. [PDF] ETSI TS 124 312 V11.4.0 (2012-10)
  12. [PDF] ETSI TS 123 402 V18.3.0 (2024-05)
  13. [PDF] ETSI TS 124 301 V17.7.0 (2022-07)
  14. [PDF] ETSI TS 136 413 V15.3.0 (2018-09)
  15. Specification # 36.413 - 3GPP
  16. [PDF] ETSI TS 129 274 V16.11.0 (2022-03)
  17. Specification # 29.274 - 3GPP
  18. [PDF] ETSI TS 129 272 V17.3.0 (2022-07)
  19. Specification # 29.272 - 3GPP
  20. [PDF] ETSI TS 129 281 V15.3.0 (2018-07)
  21. [PDF] ETSI TS 129 281 V16.0.0 (2020-11)
  22. Communication services (VoLTE/VoNR) - 3GPP
  23. [PDF] ETSI TS 123 228 V18.7.0 (2024-10)
  24. [PDF] ETSI TS 123 204 V17.0.0 (2022-04)
  25. Specification # 23.204 - 3GPP
  26. [PDF] ETSI TS 129 061 V16.2.0 (2021-01)
  27. [PDF] ETSI TS 123 216 V16.4.0 (2020-11)
  28. [PDF] ETSI TS 123 401 V15.4.0 (2018-07)
  29. [PDF] ETSI TS 136 304 V15.3.0 (2019-05)
  30. [PDF] ETSI TS 124 301 V15.4.0 (2018-10)
  31. [PDF] ETSI TS 123 402 V15.3.0 (2018-07)
  32. [PDF] 3GPP TR 25.913 V8.0.0 (2008-12)
  33. VoLTE - Voice Over LTE | 3GLTEInfo
  34. [PDF] LTE Rel-9 and LTE-Advanced in 3GPP
  35. Release 9 - 3GPP
  36. [PDF] White Paper - 3GPP
  37. Worlds first femtocell standard published by 3GPP
  38. LTE 3GPP Releases Overview - CableFree
  39. 3GPP Release 11 - Techplayon - 3GPP Specification
  40. [PDF] 3GPP Release 11 - 5G Americas
  41. https://ieeexplore.ieee.org/document/7432169
  42. Release 13 - 3GPP
  43. Release 14 - 3GPP
  44. Release 15 - 3GPP
  45. Release 18 - 3GPP
User Avatar
No comments yet.