GPRS Tunnelling Protocol
Encyclopedia
GPRS Tunneling Protocol (GTP) is a group of IP
-based communications protocols
used to carry General Packet Radio Service
(GPRS) within GSM, UMTS and LTE
networks. In 3GPP architectures, GTP and Proxy Mobile IPv6 based interfaces are specified on various interface points.
GTP can be decomposed into separate protocols, GTP-C, GTP-U and GTP'
. GTP-C is used within the GPRS core network
for signaling between Gateway GPRS Support Nodes (GGSN) and Serving GPRS Support Nodes (SGSN). This allows the SGSN to activate a session on a user's behalf (PDP context activation), to deactivate the same session, to adjust quality of service
parameters, or to update a session for a subscriber who has just arrived from another SGSN.
GTP-U is used for carrying user data within the GPRS Core Network and between the Radio Access Network
and the core network. The user data transported can be packets in any of IPv4
, IPv6
, or PPP
formats.
GTP'
(GTP prime) uses the same message structure as GTP-C and GTP-U, but has an independent function. It can be used for carrying charging data from the Charging Data Function (CDF) of the GSM or UMTS network to the Charging Gateway Function (CGF). In most cases, this should mean from many individual network elements such as the GGSNs to a centralized computer that delivers the charging data more conveniently to the network operator's billing center.
Different GTP variants are implemented by RNCs, SGSNs, GGSNs and CGFs within 3GPP networks. GPRS mobile stations (MSs) are connected to a SGSN without being aware of GTP.
GTP can be used with UDP
or TCP
. UDP is either recommended or mandatory, except for tunnelling X.25
in version 0. GTP version one is used only on UDP.
Version : It is a 3-bit field. For GTPv1, this has a value of 1.
Protocol Type (PT) : a 1-bit value that differentiates GTP (value 1) from GTP' (value 0).
Reserved: a 1-bit reserved field (must be 0).
Extension header flag(E): a 1-bit value that states whether there is an extension header optional field.
Sequence number flag(S): a 1-bit value that states whether there is a Sequence Number optional field.
N-PDU number flag(PN): a 1-bit value that states whether there is a N-PDU number optional field.
Message Type: an 8-bit field that indicates the type of GTP message.
Length: a 16-bit field that indicates the length of the payload in bytes (rest of the packet following the mandatory 8-byte GTP header). Includes the optional fields.
Tunnel endpoint identifier (TEID): A 32-bit(4-octet) field used to multiplex different connections in the same GTP tunnel.
Sequence number: an (optional) 16-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the S bit is on.
N-PDU number: an (optional) 8-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the PN bit is on.
Next extension header type: an (optional) 8-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the E bit is on.
Next Extension Headers are as follows:
Length: an 8-bit field. This field states the length of this extension header, including the length, the contents, and the next extension header field, in 4-octet units. The length must be a multiple of 4.
Contents: extension header contents.
Next extension header: an 8-bit field. It states the type of the next extension, or 0 if no next extension exists. This permits chaining several next extension headers.
Piggybacking flag: If this bit is set to 1 then another GTP-C message with its own header shall be present at the end of the current message. There are restrictions as to what type of message can be piggybacked depending on what the toplevel GTP-C message is.
TEID flag: If this bit is set to 1 then the TEID field will be present between the message length and the sequence number. All messages except Echo and Echo reply require TEID to be present.
As often as every 60 seconds, a GSN can send an echo request to every other GSN with which it has an active connection. If the other end does not respond it can be treated as down and active connections to it deleted.
Apart from the two messages previously mentioned, there are no other messages common across all GTP variants meaning that, for the most part, they effectively form three completely separate protocols.
The eGTP-C protocol is responsible for creating, maintaining and deleting tunnels on multiple Sx interfaces. It is used for the control plane path management, tunnel management and mobility management. It also controls forwarding relocation messages; SRNS context and creating forward tunnels during inter LTE handovers.
The separate tunnels are identified by a TEID (Tunnel Endpoint Identifier) in the GTP-U messages, which should be a dynamically allocated random number. If this random number is of cryptographic
quality, then it will provide a measure of security against certain attacks. Even so, the requirement of the 3GPP standard is that all GTP traffic, including user data should be sent within secure private networks, not directly connected to the Internet. This happens on UDP port 2152.
The eGTP-U protocol is used to exchange user data over GTP tunnels across the Sx interfaces. An IP packet for a UE is encapsulated in an EPC-specific protocol eGTPU and tunneled between the P-GW and the eNodeB for transmission with respect to a UE over S1-U and S5/S8 interfaces.
protocol is used to transfer charging data to the Charging Gateway Function. GTP' uses TCP/UDP port 3386.
GGSNs and SGSNs (collectively known as GSNs) listen for GTP-C messages on UDP port 2123 and for GTP-U messages on port 2152. This communication happens within a single network or may, in the case of international roaming, happen internationally, probably across a GPRS roaming exchange
(GRX).
The Charging Gateway Function (CGF) listens to GTP'
messages sent from the GSNs on TCP/UDP port 3386. The core network sends charging information to the CGF, typically including PDP context activation times and the quantity of data which the end user has transferred. However, this communication which occurs within one network is less standardized and may, depending on the vendor and configuration options, use proprietary encoding or even an entirely proprietary system.
is used as a control protocol and establishes GTP-U tunnels between the SGSN and the radio network controller
(RNC).
GTP can be used with UDP
or TCP
. GTP version one is used only on UDP.
there are two versions defined, version 0 and version 1. Version 0 and version 1 differ considerably in structure. In version 0, the signalling protocol (the protocol which sets up the tunnels by activating the PDP context) is combined with the tunneling protocol on one port. Version 1 is actually effectively two protocols, one for control (called GTP-C) and one for user data tunneling (called GTP-U).
GTP-U is also used to transport user data from the RNC to the SGSN in UMTS networks. However, in this case signalling is done using RANAP instead of GTP-C.
The non-random TEID in version 0 represented a security problem if an attacker had access to any roaming partner's network, or could find some other way to remotely send packets to the GPRS backbone. Version 0 is going out of use and being replaced by version 1 in almost all networks. Even so, the standard for the newer version states that the older version must be supported by the GSN. Fortunately, however the use of different port numbers allows easy blocking of version 0 through simple IP access lists.
which, maintains it as 3GPP standard 29.060. GTP' uses the same message format, but its special uses are covered in standard 32.295 along with the standardized formats for the charging data it transfers.
Later versions of TS 29.060 deprecate GTPv1/v0 interworking such that there is no fallback in the event that the GSN does not support the higher version.
GTPv2 (for evolved packet services) went into draft in early 2008 and was released in December of that year. GTPv2 offers fallback to GTPv1 via the earlier "Version Not Supported" mechanism but explicitly offers no support for fallback to GTPv0.
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
-based communications protocols
Tunneling protocol
Computer networks use a tunneling protocol when one network protocol encapsulates a different payload protocol...
used to carry General Packet Radio Service
General Packet Radio Service
General packet radio service is a packet oriented mobile data service on the 2G and 3G cellular communication system's global system for mobile communications . GPRS was originally standardized by European Telecommunications Standards Institute in response to the earlier CDPD and i-mode...
(GPRS) within GSM, UMTS and LTE
3GPP Long Term Evolution
3GPP Long Term Evolution, usually referred to as LTE, is a standard for wireless communication of high-speed data for mobile phones and data terminals. It is based on the GSM/EDGE and UMTS/HSPA network technologies, increasing the capacity and speed using new modulation techniques...
networks. In 3GPP architectures, GTP and Proxy Mobile IPv6 based interfaces are specified on various interface points.
GTP can be decomposed into separate protocols, GTP-C, GTP-U and GTP'
GTP'
GTP is an IP based protocol used within GSM and UMTS networks. It can be used with UDP or TCP. GTP' uses the same message structure as GTP , but it is largely a separate protocol...
. GTP-C is used within the GPRS core network
GPRS Core Network
The GPRS core network is the central part of the General Packet Radio Service which allows 2G, 3G and WCDMA mobile networks to transmit IP packets to external networks such as the Internet...
for signaling between Gateway GPRS Support Nodes (GGSN) and Serving GPRS Support Nodes (SGSN). This allows the SGSN to activate a session on a user's behalf (PDP context activation), to deactivate the same session, to adjust quality of service
Quality of service
The quality of service refers to several related aspects of telephony and computer networks that allow the transport of traffic with special requirements...
parameters, or to update a session for a subscriber who has just arrived from another SGSN.
GTP-U is used for carrying user data within the GPRS Core Network and between the Radio Access Network
Radio access network
A radio access network is part of a mobile Telecommunication system. It implements a radio access technology. Conceptually, it resides between a device such as a Mobile phone, a computer, or any remotely controlled machine and provides connection with its core network...
and the core network. The user data transported can be packets in any of IPv4
IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
, IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
, or PPP
Point-to-Point Protocol
In networking, the Point-to-Point Protocol is a data link protocol commonly used in establishing a direct connection between two networking nodes...
formats.
GTP'
GTP'
GTP is an IP based protocol used within GSM and UMTS networks. It can be used with UDP or TCP. GTP' uses the same message structure as GTP , but it is largely a separate protocol...
(GTP prime) uses the same message structure as GTP-C and GTP-U, but has an independent function. It can be used for carrying charging data from the Charging Data Function (CDF) of the GSM or UMTS network to the Charging Gateway Function (CGF). In most cases, this should mean from many individual network elements such as the GGSNs to a centralized computer that delivers the charging data more conveniently to the network operator's billing center.
Different GTP variants are implemented by RNCs, SGSNs, GGSNs and CGFs within 3GPP networks. GPRS mobile stations (MSs) are connected to a SGSN without being aware of GTP.
GTP can be used with UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
or TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
. UDP is either recommended or mandatory, except for tunnelling X.25
X.25
X.25 is an ITU-T standard protocol suite for packet switched wide area network communication. An X.25 WAN consists of packet-switching exchange nodes as the networking hardware, and leased lines, Plain old telephone service connections or ISDN connections as physical links...
in version 0. GTP version one is used only on UDP.
General features
All variants of GTP have certain features in common. The structure of the messages is the same, with a GTP header following the UDP/TCP header.GTP version 1
GTPv1 headers contain the following fields:+ | Bit 0-2 | 3 | 4 | 5 | 6 | 7 | 8-15 | 16-23 | 24-31 | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | Version | Protocol type | Reserved | Extension Header Flag | Sequence Number Flag | N-PDU Number Flag | Message Type | Total length | ||||||||||||||||||||||||
32 | TEID | |||||||||||||||||||||||||||||||
64 | Sequence number | N-PDU number | Next extension header type |
Version : It is a 3-bit field. For GTPv1, this has a value of 1.
Protocol Type (PT) : a 1-bit value that differentiates GTP (value 1) from GTP' (value 0).
Reserved: a 1-bit reserved field (must be 0).
Extension header flag(E): a 1-bit value that states whether there is an extension header optional field.
Sequence number flag(S): a 1-bit value that states whether there is a Sequence Number optional field.
N-PDU number flag(PN): a 1-bit value that states whether there is a N-PDU number optional field.
Message Type: an 8-bit field that indicates the type of GTP message.
Length: a 16-bit field that indicates the length of the payload in bytes (rest of the packet following the mandatory 8-byte GTP header). Includes the optional fields.
Tunnel endpoint identifier (TEID): A 32-bit(4-octet) field used to multiplex different connections in the same GTP tunnel.
Sequence number: an (optional) 16-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the S bit is on.
N-PDU number: an (optional) 8-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the PN bit is on.
Next extension header type: an (optional) 8-bit field. This field exists if any of the E, S, or PN bits are on. The field must be interpreted only if the E bit is on.
Next Extension Headers are as follows:
+ | Bits 1-7 | 8-23 | 24-31 | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | Total length | Contents | ||||||||||||||||||||||||||||||
... | ... | |||||||||||||||||||||||||||||||
... | Contents | Next extension header |
Length: an 8-bit field. This field states the length of this extension header, including the length, the contents, and the next extension header field, in 4-octet units. The length must be a multiple of 4.
Contents: extension header contents.
Next extension header: an 8-bit field. It states the type of the next extension, or 0 if no next extension exists. This permits chaining several next extension headers.
GTP version 2
GTPv2 headers contain the following fields:+ | Bit 0-2 | 3 | 4 | 5-7 | 8-15 | 16-23 | 24-31 | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | Version | Piggybacking flag (P) | TEID flag (T) | Spare | Message Type | Total length | ||||||||||||||||||||||||||
32 | TEID (only present if T=1) | |||||||||||||||||||||||||||||||
64 (32 if TEID not present) | Sequence number | Spare |
Piggybacking flag: If this bit is set to 1 then another GTP-C message with its own header shall be present at the end of the current message. There are restrictions as to what type of message can be piggybacked depending on what the toplevel GTP-C message is.
TEID flag: If this bit is set to 1 then the TEID field will be present between the message length and the sequence number. All messages except Echo and Echo reply require TEID to be present.
Connectivity mechanisms
Apart from the common message structure, there is also a common mechanism for verifying connectivity from one GSN to another GSN. This uses two messages.- echo request
- echo response
As often as every 60 seconds, a GSN can send an echo request to every other GSN with which it has an active connection. If the other end does not respond it can be treated as down and active connections to it deleted.
Apart from the two messages previously mentioned, there are no other messages common across all GTP variants meaning that, for the most part, they effectively form three completely separate protocols.
GTP-C - GTP control
The GTP-C protocol is the control section of the GTP standard. When a subscriber requests a PDP context, the SGSN will send a create PDP context request GTP-C message to the GGSN giving details of the subscriber's request. The GGSN will then respond with a create PDP context response GTP-C message which will either give details of the PDP context actually activated or will indicate a failure and give a reason for that failure. This is a UDP message on port 2123.The eGTP-C protocol is responsible for creating, maintaining and deleting tunnels on multiple Sx interfaces. It is used for the control plane path management, tunnel management and mobility management. It also controls forwarding relocation messages; SRNS context and creating forward tunnels during inter LTE handovers.
GTP-U - GTP user data tunneling
GTP-U is, in effect a relatively simple IP based tunneling protocol which permits many tunnels between each set of end points. When used in the UMTS, each subscriber will have one or more tunnel, one for each PDP context they have active plus, possibly separate tunnels for specific connections with different quality of service requirements.The separate tunnels are identified by a TEID (Tunnel Endpoint Identifier) in the GTP-U messages, which should be a dynamically allocated random number. If this random number is of cryptographic
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
quality, then it will provide a measure of security against certain attacks. Even so, the requirement of the 3GPP standard is that all GTP traffic, including user data should be sent within secure private networks, not directly connected to the Internet. This happens on UDP port 2152.
The eGTP-U protocol is used to exchange user data over GTP tunnels across the Sx interfaces. An IP packet for a UE is encapsulated in an EPC-specific protocol eGTPU and tunneled between the P-GW and the eNodeB for transmission with respect to a UE over S1-U and S5/S8 interfaces.
GTP' - charging transfer
The GTP'GTP'
GTP is an IP based protocol used within GSM and UMTS networks. It can be used with UDP or TCP. GTP' uses the same message structure as GTP , but it is largely a separate protocol...
protocol is used to transfer charging data to the Charging Gateway Function. GTP' uses TCP/UDP port 3386.
Within the GPRS core network
GTP is the primary protocol used in the GPRS core network. It is the protocol which allows end users of a GSM or UMTS network to move from place to place whilst continuing to connect to the Internet as if from one location at the GGSN. It does this by carrying the subscriber's data from the subscriber's current SGSN to the GGSN which is handling the subscriber's session. Three forms of GTP are used by the GPRS core network.- GTP-U for transfer of user data in separated tunnels for each PDP context
- GTP-C for control reasons including:
- setup and deletion of PDP contexts
- verification of GSN reachability
- updates; e.g., as subscribers move from one SGSN to another.
- GTP' for transfer of charging data from GSNs to the charging function.
GGSNs and SGSNs (collectively known as GSNs) listen for GTP-C messages on UDP port 2123 and for GTP-U messages on port 2152. This communication happens within a single network or may, in the case of international roaming, happen internationally, probably across a GPRS roaming exchange
GPRS Roaming Exchange
A GPRS Roaming Exchange acts as a hub for GPRS connections from roaming users, removing the need for a dedicated link between each GPRS service provider...
(GRX).
The Charging Gateway Function (CGF) listens to GTP'
GTP'
GTP is an IP based protocol used within GSM and UMTS networks. It can be used with UDP or TCP. GTP' uses the same message structure as GTP , but it is largely a separate protocol...
messages sent from the GSNs on TCP/UDP port 3386. The core network sends charging information to the CGF, typically including PDP context activation times and the quantity of data which the end user has transferred. However, this communication which occurs within one network is less standardized and may, depending on the vendor and configuration options, use proprietary encoding or even an entirely proprietary system.
Use on the IuPS interface
GTP-U is used on the IuPS between the GPRS core network and the RAN, however the GTP-C protocol is not used. In this case, RANAPRANAP
RANAP protocol is used in UMTS signaling between the Core Network, which can be a MSC or SGSN, and the UTRAN. RANAP is carried over Iu-interface....
is used as a control protocol and establishes GTP-U tunnels between the SGSN and the radio network controller
Radio Network Controller
The Radio Network Controller is a governing element in the UMTS radio access network and is responsible for controlling the Node Bs that are connected to it. The RNC carries out radio resource management, some of the mobility management functions and is the point where encryption is done before...
(RNC).
Protocol stack
???? |
IP (user) |
GTP |
UDP |
IP |
Layer 2 (e.g., WAN or Ethernet) |
GTP-U protocol stack |
GTP can be used with UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
or TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
. GTP version one is used only on UDP.
there are two versions defined, version 0 and version 1. Version 0 and version 1 differ considerably in structure. In version 0, the signalling protocol (the protocol which sets up the tunnels by activating the PDP context) is combined with the tunneling protocol on one port. Version 1 is actually effectively two protocols, one for control (called GTP-C) and one for user data tunneling (called GTP-U).
GTP-U is also used to transport user data from the RNC to the SGSN in UMTS networks. However, in this case signalling is done using RANAP instead of GTP-C.
Historical GTP versions
The original version of GTP (version 0) had considerable differences from the current version (version 1):- the tunnel identification was non-random;
- options were provided for transporting X.25X.25X.25 is an ITU-T standard protocol suite for packet switched wide area network communication. An X.25 WAN consists of packet-switching exchange nodes as the networking hardware, and leased lines, Plain old telephone service connections or ISDN connections as physical links...
; - the fixed port number 3386 was used for all functions (not just charging as in GTPv1);
- TCP was allowed as a transport option instead of UDP, but support for this was optional;
- subscription-related fields such as quality of service were more limited.
The non-random TEID in version 0 represented a security problem if an attacker had access to any roaming partner's network, or could find some other way to remotely send packets to the GPRS backbone. Version 0 is going out of use and being replaced by version 1 in almost all networks. Even so, the standard for the newer version states that the older version must be supported by the GSN. Fortunately, however the use of different port numbers allows easy blocking of version 0 through simple IP access lists.
GTP standardization
GTP was originally standardized within ETSI (GSM standard 09.60). With the creation of the UMTS standards this was moved over to the 3GPP3GPP
The 3rd Generation Partnership Project is a collaboration between groups of telecommunications associations, known as the Organizational Partners...
which, maintains it as 3GPP standard 29.060. GTP' uses the same message format, but its special uses are covered in standard 32.295 along with the standardized formats for the charging data it transfers.
Later versions of TS 29.060 deprecate GTPv1/v0 interworking such that there is no fallback in the event that the GSN does not support the higher version.
GTPv2 (for evolved packet services) went into draft in early 2008 and was released in December of that year. GTPv2 offers fallback to GTPv1 via the earlier "Version Not Supported" mechanism but explicitly offers no support for fallback to GTPv0.