GPRS Tunnelling Protocol (GTP) is a group of IP-based communications protocols used to carry general packet radio service (GPRS) within GSM, UMTS, LTE and 5G NR radio networks. In 3GPP architectures, GTP and Proxy Mobile IPv6 based interfaces are specified on various interface points.
GTP-U is used for carrying user data within the GPRS core network and between the radio access network and the core network. The user data transported can be packets in any of IPv4, IPv6, or PPP formats.
GTP' (GTP prime) uses the same message structure as GTP-C and GTP-U, but has an independent function. It can be used for carrying charging data from the charging data function (CDF) of the GSM or UMTS network to the charging gateway function (CGF). In most cases, this should mean from many individual network elements such as the GGSNs to a centralized computer that delivers the charging data more conveniently to the network operator's billing center.
Different GTP variants are implemented by RNCs, SGSNs, GGSNs and CGFs within 3GPP networks. GPRS mobile stations (MSs) are connected to a SGSN without being aware of GTP.
GTP can be used with UDP or TCP. UDP is either recommended or mandatory, except for tunnelling X.25 in version 0. GTP version 1 is used only on UDP.
General features
All variants of GTP have certain features in common. The structure of the messages is the same, with a GTP header following the UDP/TCP header.
It is a 3-bit field. For GTPv1, this has a value of 1.
Protocol Type (PT)
a 1-bit value that differentiates GTP (value 1) from GTP' (value 0).
Reserved
a 1-bit reserved field (must be 0).
Extension header flag (E)
a 1-bit value that states whether there is an extension header optional field.
Sequence number flag (S)
a 1-bit value that states whether there is a Sequence Number optional field.
N-PDU number flag (PN)
a 1-bit value that states whether there is a N-PDU number optional field.
Message Type
an 8-bit field that indicates the type of GTP message. Different types of messages are defined in 3GPP TS 29.060 section 7.1
Message Length
a 16-bit field that indicates the length of the payload in bytes (rest of the packet following the mandatory 8-byte GTP header). Includes the optional fields.
Tunnel endpoint identifier (TEID)
A 32-bit(4-octet) field used to multiplex different connections in the same GTP tunnel.
Sequence number
an (optional) 16-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the S bit is on.
N-PDU number
an (optional) 8-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the PN bit is on.
Next extension header type
an (optional) 8-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the E bit is on.
Next Extension Headers are as follows:
+
Bits 0-7
8-23
24-31
0
Extension length
Contents
...
...
...
Contents
Next extension header
Extension length
an 8-bit field. This field states the length of this extension header, including the length, the contents, and the next extension header field, in 4-octet units, so the length of the extension must always be a multiple of 4.
Contents
extension header contents.
Next extension header
an 8-bit field. It states the type of the next extension, or 0 if no next extension exists. This permits chaining several next extension headers.
GTP version 2
It is also known as evolved-GTP or eGTP. GTPv2-C headers contain the following fields:[2]
+
Bit 0-2
3
4
5-7
8-15
16-23
24-31
0
Version
Piggybacking flag (P)
TEID flag (T)
Spare
Message Type
Message length
32
TEID (only present if T=1)
64 (32 if TEID not present)
Sequence number
Spare
There is no GTPv2-U protocol, GTP-U in LTE also uses GTPv1-U.
Version
It is a 3-bit field. For GTPv2, this has a value of 2.
Piggybacking flag
If this bit is set to 1 then another GTP-C message with its own header shall be present at the end of the current message. There are restrictions as to what type of message can be piggybacked depending on what the toplevel GTP-C message is.
TEID flag
If this bit is set to 1 then the TEID field will be present between the message length and the sequence number. All messages except Echo and Echo reply require TEID to be present.
Message length
This field shall indicate the length of the message in octets excluding the mandatory of the GTP-C header (the first 4 octets). The TEID (if present) and the Sequence Number shall be included in the length count.
Connectivity mechanisms
Apart from the common message structure, there is also a common mechanism for verifying connectivity from one GSN to another GSN. This uses two messages.
echo request
echo response
As often as every 60 seconds, a GSN can send an echo request to every other GSN with which it has an active connection. If the other end does not respond it can be treated as down and the active connections to it will be deleted.
Apart from the two messages previously mentioned, there are no other messages common across all GTP variants[3] meaning that, for the most part, they effectively form three completely separate protocols.
GTP-C - GTP control
The GTP-C protocol is the control section of the GTP standard. When a subscriber requests a PDP context, the SGSN will send a create PDP context request GTP-C message to the GGSN giving details of the subscriber's request. The GGSN will then respond with a create PDP context response GTP-C message which will either give details of the PDP context actually activated or will indicate a failure and give a reason for that failure. This is a UDP message on port 2123.
The eGTP-C (or, GTPv2-C) protocol is responsible for creating, maintaining and deleting tunnels on multiple Sx interfaces. It is used for the control plane path management, tunnel management and mobility management. It also controls forwarding relocation messages; SRNS context and creating forward tunnels during inter LTE handovers.
GTP-U - GTP user data tunneling
GTP-U is, in effect a relatively simple IP based tunnelling protocol which permits many tunnels between each set of end points. When used in the UMTS, each subscriber will have one or more tunnel, one for each PDP context that they have active, as well as possibly having separate tunnels for specific connections with different quality of service requirements.
The separate tunnels are identified by a TEID (Tunnel Endpoint Identifier) in the GTP-U messages, which should be a dynamically allocated random number. If this random number is of cryptographic quality, then it will provide a measure of security against certain attacks. Even so, the requirement of the 3GPP standard is that all GTP traffic, including user data should be sent within secure private networks, not directly connected to the Internet. This happens on UDP port 2152.
The GTPv1-U protocol is used to exchange user data over GTP tunnels across the Sx interfaces. An IP packet for a UE (user endpoint) is encapsulated in an GTPv1-U packet and tunnelled between the P-GW and the eNodeB for transmission with respect to a UE over S1-U and S5/S8 interfaces.
GTP' - charging transfer
The GTP' protocol is used to transfer charging data to the Charging Gateway Function. GTP' uses TCP/UDP port 3386.
GTP is the primary protocol used in the GPRS core network. It is the protocol which allows end users of a GSM or UMTS network to move from place to place whilst continuing to connect to the Internet as if from one location at the GGSN. It does this by carrying the subscriber's data from the subscriber's current SGSN to the GGSN which is handling the subscriber's session. Three forms of GTP are used by the GPRS core network.
GTP-U for transfer of user data in separated tunnels for each PDP context
GTP-C for control reasons including:
setup and deletion of PDP contexts
verification of GSN reachability
updates; e.g., as subscribers move from one SGSN to another.
GTP' for transfer of charging data from GSNs to the charging function.
GGSNs and SGSNs (collectively known as GSNs) listen for GTP-C messages on UDP port 2123 and for GTP-U messages on port 2152. This communication happens within a single network or may, in the case of international roaming, happen internationally, probably across a GPRS roaming exchange (GRX).
The Charging Gateway Function (CGF) listens to GTP' messages sent from the GSNs on TCP/UDP port 3386. The core network sends charging information to the CGF, typically including PDP context activation times and the quantity of data which the end user has transferred. However, this communication which occurs within one network is less standardized and may, depending on the vendor and configuration options, use proprietary encoding or even an entirely proprietary system.
Use on the IuPS interface
GTP-U is used on the IuPS between the GPRS core network and the RAN, however the GTP-C protocol is not used. In this case, RANAP is used as a control protocol and establishes GTP-U tunnels between the SGSN and the radio network controller (RNC).
Protocol Stack
Application Protocols
IP (user)
GTP
UDP
IP
Layer 2 (e.g., WAN or Ethernet)
GTP-U protocol stack
GTP can be used with UDP or TCP. GTP version 1 is used only on UDP.
As of 2018[update] there are three versions defined, versions 0, 1 and 2. Version 0 and version 1 differ considerably in structure. In version 0, the signalling protocol (the protocol which sets up the tunnels by activating the PDP context) is combined with the tunnelling protocol on one port. Versions 1 and 2 are each effectively two protocols, one for control (called GTP-C) and one for user data tunneling (called GTP-U). GTP version 2 is different to version 1 only in GTP-C. This is due to 3GPP defining enhancements to GTP-C for EPS in version 2 to improve bearer handling.
GTP-U is also used to transport user data from the RNC to the SGSN in UMTS networks. However, in this case signalling is done using RANAP instead of GTP-C.
Historical GTP versions
The original version of GTP (version 0) had considerable differences from the current versions (versions 1,2):
the fixed port number 3386 was used for all functions (not just charging as in GTPv1);
TCP was allowed as a transport option instead of UDP, but support for this was optional;
subscription-related fields such as quality of service were more limited.
The non-random TEID in version 0 represented a security problem if an attacker had access to any roaming partner's network, or could find some other way to remotely send packets to the GPRS backbone. Version 0 is going out of use and being replaced by version 1 in almost all networks. Fortunately, however the use of different port numbers allows easy blocking of version 0 through simple IP access lists.
GTP standardization
GTP was originally standardized within ETSI (GSM standard 09.60 [4]). With the creation of the UMTS standards this was moved over to the 3GPP which, as of 2005[update] maintains it as 3GPP standard 29.060.[5] GTP' uses the same message format, but its special uses are covered in standard 32.295 along with the standardized formats for the charging data it transfers.
Later versions of TS 29.060 deprecate GTPv1/v0 interworking [6] such that there is no fallback in the event that the GSN does not support the higher version.
GTPv2 (for evolved packet services) went into draft in early 2008 and was released in December of that year. GTPv2 offers fallback to GTPv1 via the earlier "Version Not Supported" mechanism but explicitly offers no support for fallback to GTPv0.
Enhanced Data rates for GSM Evolution (EDGE) also known as Enhanced GPRS (EGPRS), IMT Single Carrier (IMT-SC), or Enhanced Data rates for Global Evolution) is a digital mobile phone technology that allows improved data transmission rates as a backward-compatible extension of GSM. EDGE is considered a pre-3G radio technology and is part of ITU's 3G definition. EDGE was deployed on GSM networks beginning in 2003 – initially by Cingular in the United States.
General Packet Radio Service (GPRS) is a packet oriented mobile data standard on the 2G and 3G cellular communication network's global system for mobile communications (GSM). GPRS was established by European Telecommunications Standards Institute (ETSI) in response to the earlier CDPD and i-mode packet-switched cellular technologies. It is now maintained by the 3rd Generation Partnership Project (3GPP).
In computer networking, the User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network. Prior communications are not required in order to set up communication channels or data paths.
In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.
The GPRS core network is the central part of the general packet radio service (GPRS) which allows 2G, 3G and WCDMA mobile networks to transmit IP packets to external networks such as the Internet. The GPRS system is an integrated part of the GSM network switching subsystem.
Mobility management is one of the major functions of a GSM or a UMTS network that allows mobile phones to work. The aim of mobility management is to track where the subscribers are, allowing calls, SMS and other mobile phone services to be delivered to them.
In computer networking, the Datagram Congestion Control Protocol (DCCP) is a message-oriented transport layer protocol. DCCP implements reliable connection setup, teardown, Explicit Congestion Notification (ECN), congestion control, and feature negotiation. The IETF published DCCP as RFC 4340, a proposed standard, in March 2006. RFC 4336 provides an introduction.
Customized Applications for Mobile networks Enhanced Logic (CAMEL) is a set of standards designed to work on either a GSM core network or the Universal Mobile Telecommunications System (UMTS) network. The framework provides tools for operators to define additional features for standard GSM services/UMTS services. The CAMEL architecture is based on the Intelligent Network (IN) standards, and uses the CAP protocol. The protocols are codified in a series of ETSI Technical Specifications.
SNDCP, Sub Network Dependent Convergence Protocol, is part of layer 3 of a GPRS protocol specification. SNDCP interfaces to the Internet Protocol at the top, and to the GPRS-specific Logical Link Control (LLC) protocol at the bottom.
In telecommunications networks, RANAP is a protocol specified by 3GPP in TS 25.413 and used in UMTS for signaling between the Core Network, which can be a MSC or SGSN, and the UTRAN. RANAP is carried over Iu-interface.
The Mobile Application Part (MAP) is an SS7 protocol that provides an application layer for the various nodes in GSM and UMTS mobile core networks and GPRS core networks to communicate with each other in order to provide services to users. The Mobile Application Part is the application-layer protocol used to access the Home Location Register, Visitor Location Register, Mobile Switching Center, Equipment Identity Register, Authentication Centre, Short message service center and Serving GPRS Support Node (SGSN).
Packet Data Convergence Protocol (PDCP) is specified by 3GPP in TS 25.323 for UMTS, TS 36.323 for LTE and TS 38.323 for 5G. PDCP is located in the Radio Protocol Stack in the UMTS/LTE/5G air interface on top of the RLC layer.
In telecommunications and computer networking, Concrete Syntax Notation One (CSN.1) is a standard and flexible notation that describes data structures for representing, encoding, transmitting, and decoding data, specifically GPRS used for cell phones. Many examples of CSN.1 encoded data structures can be found in 3GPP TS44.060 and an informative description of the CSN.1 syntax is found in 3GPP TS 24.007.
A Network (Layer) Service Access Point Identifier (NSAPI), is an identifier used in GPRS networks.
The Short Message Service is realised by the use of the Mobile Application Part (MAP) of the SS7 protocol, with Short Message protocol elements being transported across the network as fields within the MAP messages. These MAP messages may be transported using "traditional" TDM based signalling, or over IP using SIGTRAN and an appropriate adaptation layer.
System Architecture Evolution (SAE) is the core network architecture of mobile communications protocol group 3GPP's LTE wireless communication standard.
GTP' is an IP based protocol used within GSM and UMTS networks. It can be used with UDP or TCP. GTP' uses the same message structure as GTP, but it is largely a separate protocol. GTP' uses registered UDP/TCP port 3386.
For mobile telecommunications, the Charging Data Record (CDR) is, in 3GPP parlance, a formatted collection of information about a chargeable telecommunication event.
GSM 03.40 or 3GPP TS 23.040 is a mobile telephony standard describing the format of the Transfer Protocol Data Units (TPDU) of the Short Message Transfer Protocol (SM-TP) used in the GSM networks to carry Short Messages. This format is used throughout the whole transfer of the message in the GSM mobile network. In contrast, application servers use different protocols, like Short Message Peer-to-Peer or Universal Computer Protocol, to exchange messages between them and the Short Message Service Center (SMSC).
Packet Forwarding Control Protocol (PFCP) is a 3GPP protocol used on the Sx/N4 interface between the control plane and the user plane function, specified in TS 29.244. It is one of the main protocols introduced in the 5G Next Generation Mobile Core Network, but also used in the 4G/LTE EPC to implement the Control and User Plane Separation (CUPS). PFCP and the associated interfaces seek to formalize the interactions between different types of functional elements used in the Mobile Core Networks as deployed by most operators providing 4G, as well as 5G, services to mobile subscribers. These 2 types of components are:
The Control Plane (CP) functional elements, handling mostly signaling procedures
The User-data Plane (UP) functional elements, handling mostly packet forwarding, based on rules set by the CP elements.
References
GSM standard 09.60, ETSI, 1996–98, this standard covers the original version 0 of GTP.
3GPP TS 29.060 V6.9.0 (2005-06), 3rd Generation Partnership Project, 650 Route des Lucioles - Sophia Antipolis, Valbonne - FRANCE, 2005–06. This is the primary standard defining all of the GTP variants for GTP version 1.
3GPP TS 32.295 V6.1.0 (2005-06), 3rd Generation Partnership Project, 650 Route des Lucioles - Sophia Antipolis, Valbonne - FRANCE, 2005–06. This standard covers using GTP for charging.
3GPP TS 29.274 V8.1.0 (2009-03), 3rd Generation Partnership Project, 650 Route des Lucioles - Sophia Antipolis, Valbonne - FRANCE, 2009–03. GTPv2 for evolved GPRS.
This page is based on this Wikipedia article Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio are available under their respective licenses.
