GSM Call Setup and Mobility

Registration, location update, handover procedures, and call establishment in GSM.

The Orchestrated Dance: How a GSM Network Handles Calls

From the user's perspective, making a mobile phone call seems incredibly simple. You dial a number, press the call button, and moments later, you are connected. Yet, behind this seamless experience lies a highly complex and rapid series of procedures orchestrated by the GSM network. It is a sophisticated dance of signaling messages, database lookups, and resource allocation that happens in a matter of seconds.

A mobile network is not static. Users are constantly moving, turning their phones on and off, and initiating or receiving calls. To manage this dynamic environment, the GSM network employs several key procedures. These procedures ensure that the network always knows who you are, where you are, and how to connect you securely and efficiently. We will explore the four most critical procedures that form the foundation of GSM operation:

  1. Registration and Location Update: The process a phone undertakes to announce its presence to the network.
  2. Authentication and Ciphering: The security handshake that verifies your identity and protects your conversation.
  3. Call Setup (Mobile Originated and Terminated): The step-by-step process of making and receiving a call.
  4. Handover (Handoff): The critical procedure that keeps your call connected as you move between different cell coverage areas.

Procedure 1: Joining the Network - Registration and Location Update

The moment you switch on your mobile phone, it immediately begins a conversation with the network. This initial dialogue is known as registration or network attachment. Its goal is twofold: to let the network know that you are active and available, and to tell the network where you are so that it can route incoming calls to you. This entire process is often called a .

Let us break down this essential procedure into its detailed, step-by-step sequence:

  1. Step 1: Cell Selection (Camping)

    As soon as it powers on, your Mobile Station (MS) starts scanning the airwaves for the broadcast signals of nearby Base Transceiver Stations (BTSs). It measures the signal strength of several and locks onto the one with the strongest signal. This process is known as "camping" on a cell. By listening to the BCCH, the phone learns the identity of the network (PLMN) and the specific cell it is in.

  2. Step 2: Requesting a Signaling Channel

    The phone compares the Location Area Identity (LAI) broadcasted by the cell with the last one stored on its SIM card. If they are different, or if the phone was just switched on, it knows it must perform a location update. To do this, it needs a private communication line to the network. It sends a "Channel Request" message using a short Access Burst on the shared .

  3. Step 3: Channel Assignment

    The network receives the request and allocates a temporary, dedicated channel for signaling. It responds to the phone with an "Immediate Assignment" message on the . This message tells the phone exactly which frequency and time slot to use for its dedicated signaling channel, the . From this point on, the conversation becomes private between the phone and the network.

  4. Step 4: The Location Update Request

    Now on its private SDCCH, the MS sends a formal "Location Update Request" message to the network. This message contains the phone's unique temporary identity, the , and the identity of its previous location area. Using the TMSI instead of the permanent IMSI is a key privacy feature of GSM.

  5. Step 5: Identity Verification and Security Procedures

    This is the critical security phase. The local Mobile Switching Center (MSC) and its associated receive the request.

    • Authentication: The VLR and HLR, in conjunction with the Authentication Center (AUC), perform a cryptographic handshake to verify the SIM card's authenticity. This process confirms you are a legitimate subscriber and not a cloner.
    • Ciphering: If authentication is successful, the network and the phone negotiate and activate encryption for all subsequent communication over the radio link, protecting the user's privacy.
  6. Step 6: Updating the Location Databases

    Once security is established, the location update is performed. The new VLR where the user is now located sends a "Location Update" message to the subscriber's permanent database, the . The HLR acknowledges this update, records the new location of the user (by noting the address of the new VLR), and then sends a "Cancel Location" message to the old VLR from which the user has moved, instructing it to delete the user's temporary record. This ensures that the network's master database always knows where to find the user.

  7. Step 7: Acknowledgment and New Identity Assignment

    The new VLR confirms to the MS that the location update was successful by sending a "Location Update Accept" message. Crucially, this message often contains a new, freshly allocated TMSI. By regularly changing the TMSI, the network makes it even harder to track a user's activity over the airwaves. The phone acknowledges receipt of the new TMSI.

  8. Step 8: Releasing the Channel

    With the registration complete, the private signaling channel (SDCCH) is no longer needed. The network sends a "Channel Release" command, and the phone goes back into idle mode ("camping"), periodically listening to the BCCH and PCH while conserving its battery.

Procedure 2: Handover - The Art of the Seamless Transfer

The handover (or handoff) is arguably the most impressive feat of a cellular network. It is the procedure that allows your active call to continue uninterrupted as you move from the coverage area of one cell into another. Without handover, every time you crossed an invisible cell boundary, your call would drop.

A. The Trigger: Measurement Reports

During an active call, your phone is not just communicating voice data. On the , it is constantly performing tasks in the background. One of these is measuring the signal strength and quality of its current connection, as well as the signal strength of the BCCH channels of up to six neighboring cells (whose frequencies it learned from the serving cell's BCCH). The phone regularly compiles this information into a "Measurement Report" and sends it to the serving Base Station Controller (BSC).

B. The Decision: Handover Initiation

The BSC continuously analyzes the measurement reports from your phone. When it notices that the signal quality from the current serving cell is deteriorating while the signal strength from a neighboring cell is becoming strong, it decides that a handover is necessary. The BSC makes this decision based on complex algorithms that consider signal strength, quality, and network load.

C. The Process: Reserving and Commanding the Switch

Once the decision is made, the BSC contacts the target BSC (if the new cell is under a different BSC) and the target MSC to reserve a new traffic channel (a new frequency and time slot) in the target cell for the ongoing call. After securing the new resource, the original BSC sends a "Handover Command" message to your phone. This command is sent on the urgent . The command tells the phone the exact frequency and time slot it needs to switch to in the new cell.

D. The Switch: Seamless Transition

Your phone immediately tunes its radio to the new channel and sends a "Handover Access" burst. The target BTS detects this burst and signals back to its BSC/MSC. The core network then reroutes the call path to the new BSC and BTS. The entire process is designed to happen so quickly (typically in less than 100 milliseconds) that there is no audible interruption in your conversation. After the successful switch, the resources in the old cell are released and made available for other users.

Procedure 3: Setting Up a Call (Mobile Terminated)

Receiving a call involves another sophisticated process, this time initiated from outside the mobile network. The key challenge is for the network to find a mobile phone that could be anywhere in the world.

  1. Call Arrival: A call for a GSM subscriber arrives from an external network (e.g., a landline) at a Gateway MSC (GMSC). The GMSC's job is to act as the entry point into the mobile network.
  2. Finding the User (HLR Query): The GMSC only knows the user's phone number (MSISDN). It needs to find out where the user is currently located. To do this, it sends an "Interrogation" or "Send Routing Information" query to the user's Home Location Register (HLR).
  3. Requesting a Roaming Number: The HLR knows which VLR the user is currently registered in. The HLR then sends a "Provide Roaming Number" request to that specific VLR.
  4. Allocating the Roaming Number: The VLR temporarily assigns a Mobile Station Roaming Number (MSRN) to the user for this specific call and sends it back to the HLR. The MSRN is a temporary number that maps to the user's current location within the visited network.
  5. Routing the Call: The HLR forwards the MSRN to the GMSC. The GMSC now has a concrete number it can use to route the call through the telecommunication network to the specific MSC where the user is currently located.
  6. Paging the Mobile: The destination MSC/VLR initiates a "Paging" procedure. It broadcasts a paging message, containing the user's TMSI, across all cells in the Location Area where the user is registered. This is done via the Paging Channel (PCH).
  7. Mobile Response and Final Setup: The user's phone, which is listening to the PCH, recognizes its identity in the paging message. It then responds by initiating its own call setup procedure on the RACH. From this point, the process continues with channel assignment (SDCCH), authentication, and finally the allocation of a Traffic Channel (TCH). The MSC sends an alerting signal, causing the phone to ring. When the user answers, the connection is established.
    GSM Call Setup and Mobility | Teleinf Edu