lpwan S. Farrell, Ed.
Internet-Draft Trinity College Dublin
Intended status: Informational October 29, 2016
Expires: May 2, 2017
LPWAN Overview
draft-farrell-lpwan-overview-01
Abstract
Low Power Wide Area Networks (LPWAN) are wireless technologies with
characteristics such as large coverage areas, low bandwidth, possibly
very small packet and application layer data sizes and long battery
life operation. This memo is an informational overview of the set of
LPWAN technologies being considered in the IETF and of the gaps that
exist between the needs of those technologies and the goal of running
IP in LPWANs.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 2, 2017.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Farrell Expires May 2, 2017 [Page 1]
Internet-Draft Low Power Wide Area Networking Overview October 2016
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Common Concerns . . . . . . . . . . . . . . . . . . . . . . . 3
4. LPWAN Technologies . . . . . . . . . . . . . . . . . . . . . 3
4.1. LoRaWAN . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1.1. Provenance and Documents . . . . . . . . . . . . . . 4
4.1.2. Characteristics . . . . . . . . . . . . . . . . . . . 4
4.2. Narrowband IoT (NB-IoT) . . . . . . . . . . . . . . . . . 12
4.2.1. Provenance and Documents . . . . . . . . . . . . . . 12
4.2.2. Characteristics . . . . . . . . . . . . . . . . . . . 12
4.3. SIGFOX . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.3.1. Provenance and Documents . . . . . . . . . . . . . . 17
4.3.2. Characteristics . . . . . . . . . . . . . . . . . . . 17
4.4. WI-SUN . . . . . . . . . . . . . . . . . . . . . . . . . 21
5. Gap Analysis . . . . . . . . . . . . . . . . . . . . . . . . 21
6. Security Considerations . . . . . . . . . . . . . . . . . . . 21
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 21
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23
10. Informative References . . . . . . . . . . . . . . . . . . . 24
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction
[[Editor comments/queries are in double square brackets like this.]]
This document provides background material and an overview of the
technologies being considered in the IETF's Low Power Wide-Area
Networking (LPWAN) working group. We also provide a gap analysis
between the needs of these technologies and currently available IETF
specifications.
This document is largely the work of the people listed in Section 8.
Discussion of this document should take place on the lpwan@ietf.org
list.
[[Editor's note: the eventual fate of this draft is a topic for the
WG to consider - it might end up as a useful RFC, or it might be best
maintained as a draft only until its utility has dissapated. FWIW,
the editor doesn't mind what outcome the WG choose.]]
Farrell Expires May 2, 2017 [Page 2]
Internet-Draft Low Power Wide Area Networking Overview October 2016
2. Terminology
[[Not sure if 2119 terms will be needed. Leave it here for now.]]
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
[[Extract common terms here. Maybe define and relate technology
specific terms, e.g. lora g/w similar to sigfox bs etc. There is
text for this in the current "gaps" draft.]]
3. Common Concerns
[[Editors note: We may want a section like this that describes some
cross-cutting issues, e.g. duty-cycles, some of the ISM band
restrictions. This isn't intended to be a problem statement nor a
set of requirements but just to describe some issues that affect more
than one of the LPWAN technologies. Such a section might be better
before or after Section 4, will see when text's added there. There
is some text for this in the current "gaps" draft.]]
Most technologies in this space aim for similar goals of supporting
large numbers of low-cost, low-throughput devices at very low-cost
and with very-low power consumption, so that even battery-powered
devices can be deployed for years. And as the name implies, coverage
of large areas is also a common goal. There are some differences
however, e.g., the Narrowband IoT specifications Section 4.2 also aim
for increased indoor coverage. However, by and large, the different
technologies aim for deployment in very similar circumstances.
4. LPWAN Technologies
This section provides an overview of the set of LPWAN technologies
that are being considered in the LPWAN working group. The text for
each was mainly contributed by proponents of each technology.
Note that this text is not intended to be normative in any sesne, but
simply to help the reader in finding the relevant layer 2
specifications and in understanding how those integrate with IETF-
defined technologies. Similarly, there is no attempt here to set out
the pros and cons of the relevant technologies. [[Editor: I assume
that's the right target here. Please comment if you disagree.]]
[[Editor's note: the goal here is 2-3 pages per technology. If
there's much more needed then we could add appendices I guess
depending on what text the WG find useful to include.]]
Farrell Expires May 2, 2017 [Page 3]
Internet-Draft Low Power Wide Area Networking Overview October 2016
4.1. LoRaWAN
[[Text here is from [I-D.farrell-lpwan-lora-overview] And yes, this
section is too long right now. Will shorten.]]
4.1.1. Provenance and Documents
LoRaWAN is a wireless technology for long-range low-power low-data-
rate applications developed by the LoRa Alliance, a membership
consortium. <https://www.lora-alliance.org/> This draft is based on
version 1.0.2 [LoRaSpec] of the LoRa specification. (Note that
version 1.0.2 is expected to be published in a few weeks. We will
update this draft when that has happened. For now, version 1.0 is
available at [LoRaSpec1.0])
4.1.2. Characteristics
In LoRaWAN networks, end-device transmissions may be received at
multiple gateways, so during nominal operation a network server may
see multiple instances of the same uplink message from an end-device.
The LoRaWAN network infrastructure manages the data rate and RF
output power for each end-device individually by means of an adaptive
data rate (ADR) scheme. End-devices may transmit on any channel
allowed by local regulation at any time, using any of the currently
available data rates.
LoRaWAN networks are typically organized in a star-of-stars topology
in which gateways relay messages between end-devices and a central
"network server" in the backend. Gateways are connected to the
network server via IP links while end-devices use single-hop LoRaWAN
communication that can be received at one or more gateways. All
communication is generally bi-directional, although uplink
communication from end-devices to the network server are favoured in
terms of overall bandwidth availability.
This section introduces some LoRaWAN terms. Figure 1 shows the
entities involved in a LoRaWAN network.
Farrell Expires May 2, 2017 [Page 4]
Internet-Draft Low Power Wide Area Networking Overview October 2016
+----------+
|End-device| * * *
+----------+ * +---------+
* | Gateway +---+
+----------+ * +---------+ | +---------+
|End-device| * * * +---+ Network +--- Application
+----------+ * | | Server |
* +---------+ | +---------+
+----------+ * | Gateway +---+
|End-device| * * * * +---------+
+----------+
Key: * LoRaWAN Radio
+---+ IP connectivity
Figure 1: LoRaWAN architecture
o End-device: a LoRa client device, sometimes called a mote.
Communicates with gateways.
o Gateway: a radio on the infrastructure-side, sometimes called a
concentrator or base-station. Communicates with end-devices and,
via IP, with a network server.
o Network Server: The Network Server (NS) terminates the LoRaWAN MAC
layer for the end-devices connected to the network. It is the
center of the star topology.
o Uplink message: refers to communications from end-device to
network server or appliction via one or more gateways.
o Downlink message: refers to communications from network server or
application via one gateway to a single end-device or a group of
end-devices (considering multicasting).
o Application: refers to application layer code both on the end-
device and running "behind" the network server. For LoRaWAN,
there will generally only be one application running on most end-
devices. Interfaces between the network server and application
are not further described here.
o Classes A, B and C define different device capabilities and modes
of operation for end-devices. End-devices can transmit uplink
messages at any time in any mode of operation (so long as e.g.,
ISM band restrictions are honoured). An end-device in Class A can
only receive downlink messages at predetermined timeslots after
each uplink message transmission. Class B allows the end-device
to receive downlink messages at periodically scheduled timeslots.
Class C allows receipt of downlink messages at anytime. Class
Farrell Expires May 2, 2017 [Page 5]
Internet-Draft Low Power Wide Area Networking Overview October 2016
selection is based on the end-devices' application use case and
its power supply. (While Classes B and C are not further
described here, readers may have seen those terms elsewhere so we
include them for clarity.)
LoRaWAN radios make use of ISM bands, for example, 433MHz and 868MHz
within the European Union and 915MHz in the Americas.
The end-device changes channel in a pseudo-random fashion for every
transmission to help make the system more robust to interference and/
or to conform to local regulations.
As with other LPWAN radio technologies, LoRaWAN end-devices respect
the frequency, power and maximum transmit duty cycle requirements for
the sub-band imposed by local regulators. In most cases, this means
an end-device is only transmitting for 1% of the time, as specified
by ISM band regulations. And in some cases the LoRaWAN specification
calls for end-devices to transmit less often than is called for by
the ISM band regulations in order to avoid congestion.
Figure 2 below shows that after a transmission slot a Class A device
turns on its receiver for two short receive windows that are offset
from the end of the transmission window. The frequencies and data
rate chosen for the first of these receive windows depends on those
used for the transmit window. The frequency and data-rate for the
second receive window are configurable. If a downlink message
preamble is detected during a receive window, then the end-device
keeps the radio on in order to receive the frame.
End-devices can only transmit a subsequent uplink frame after the end
of the associated receive windows. When a device joins a LoRaWAN
network, there are similar timeouts on parts of that process.
|----------------------------| |--------| |--------|
| Tx | | Rx | | Rx |
|----------------------------| |--------| |--------|
|---------|
Rx delay 1
|------------------------|
Rx delay 2
Figure 2: LoRaWAN Class A transmission and reception window
Given the different regional requirements the detailed specification
for the LoRaWAN physical layer (taking up more than 30 pages of the
specification) is not reproduced here. Instead and mainly to
illustrate the kinds of issue encountered, in Table 1 we present some
of the default settings for one ISM band (without fully explaining
Farrell Expires May 2, 2017 [Page 6]
Internet-Draft Low Power Wide Area Networking Overview October 2016
those here) and in Table 2 we describe maxima and minima for some
parameters of interest to those defining ways to use IETF protocols
over the LoRaWAN MAC layer.
+------------------------+------------------------------------------+
| Parameters | Default Value |
+------------------------+------------------------------------------+
| Rx delay 1 | 1 s |
| | |
| Rx delay 2 | 2 s (must be RECEIVE_DELAY1 + 1s) |
| | |
| join delay 1 | 5 s |
| | |
| join delay 2 | 6 s |
| | |
| 868MHz Default | 3 (868.1,868.2,868.3), date rate: 0.3-5 |
| channels | kbps |
+------------------------+------------------------------------------+
Table 1: Default settings for EU868MHz band
+-----------------------------------------------+--------+----------+
| Parameter/Notes | Min | Max |
+-----------------------------------------------+--------+----------+
| Duty Cycle: some but not all ISM bands impose | 1% | no-limit |
| a limit in terms of how often an end-device | | |
| can transmit. In some cases LoRaWAN is more | | |
| stringent in an attempt to avoid congestion. | | |
| | | |
| EU 868MHz band data rate/frame-size | 250 | 50000 |
| | bits/s | bits/s : |
| | : 59 | 250 |
| | octets | octets |
| | | |
| US 915MHz band data rate/frame-size | 980 | 21900 |
| | bits/s | bits/s : |
| | : 19 | 250 |
| | octets | octets |
+-----------------------------------------------+--------+----------+
Table 2: Minima and Maxima for various LoRaWAN Parameters
Note that in the case of the smallest frame size (19 octets), 8
octets are required for LoRa MAC layer headers leaving only 11 octets
for payload (including MAC layer options). However, those settings
do not apply for the join procedure - end-devices are required to use
a channel that can send the 23 byte Join-request message for the join
procedure.
Farrell Expires May 2, 2017 [Page 7]
Internet-Draft Low Power Wide Area Networking Overview October 2016
Uplink and downlink higher layer data is carried in a MACPayload.
There is a concept of "ports" (an optional 8 bit value) to handle
different applications on an end-device. Port zero is reserved for
LoRaWAN specific messaging, such as the join procedure.
The header also distinguishes the uplink/downlink directions and
whether or not an acknowledgement ("confirmation") is required from
the peer.
All payloads are encrypted and ciphertexts are protected with a
cryptographic Message Integrity Check (MIC) - see Section 6 for
details.
In addition to carrying higher layer PDUs there are Join-Request and
Join-Response (aka Join-Accept) messages for handling network access.
And so-called "MAC commands" (see below) up to 15 bytes long can be
piggybacked in an options field ("FOpts").
LoRaWAN end-devices can choose various different data rates from a
menu of available rates (dependent on the frequencies in use). It is
however, recommended that end-devices set the Adaptive Data Rate
("ADR") bit in the MAC layer which is a signal that the network
should control the data rate (via MAC commands to the end-device).
The network can also assert the ADR bit and control data rates at
it's discretion. The goal is to ensure minimal on-time for radios
whilst increasing throughput and reliability when possible. Other
things being equal, the effect should be that end-devices closer to a
gateway can successfully use higher data rates, whereas end-devices
further from all gateways still receive connectivity though at a
lower data rate.
Data rate changes can be validated via a scheme of acks from the
network with a fall-back to lower rates in the event that downlink
acks go missing.
There are 16 (or 32) bit frame counters maintained in each direction
that are incremented on each transmission (but not re-transmissions)
that are not re-used for a given key. When the device supports a 32
bit counter, then only the least significant 16 bits are sent in the
MAC header, but all 32 bits are used in cryptographic operations.
(If an end-device only supports a 16 bit counter internally, then the
topmost 16 bits are set to zero.)
There are a number of MAC commands for: Link and device status
checking, ADR and duty-cycle negotiation, managing the RX windows and
radio channel settings. For example, the link check response message
allows the network server (in response to a request from an end-
device) to inform an end-device about the signal attenuation seen
Farrell Expires May 2, 2017 [Page 8]
Internet-Draft Low Power Wide Area Networking Overview October 2016
most recently at a gateway, and to also tell the end-device how many
gateways received the corresponding link request MAC command.
Some MAC commands are initiated by the network server. For example,
one command allows the network server to ask an end-device to reduce
it's duty-cycle to only use a proportion of the maximum allowed in a
region. Another allows the network server to query the end-device's
power status with the response from the end-device specifying whether
it has an external power source or is battery powered (in which case
a relative battery level is also sent to the network server).
The network server can also inform an end-device about channel
assignments (mid-point frequencies and data rates). Of course, these
must also remain within the bands assigned by local regulation.
A LoRaWAN network has a short network identifier ("NwkID") which is a
seven bit value. A private network (common for LoRaWAN) can use the
value zero. If a network wishes to support "foreign" end-devices
then the NwkID needs to be registered with the LoRA Alliance, in
which case the NwkID is the seven least significant bits of a
registered 24-bit NetID. (Note however, that the methods for
"roaming" are currently being enhanced within the LoRA Alliance, so
the situation here is somewhat fluid.)
In order to operate nominally on a LoRaWAN network, a device needs a
32-bit device address, which is the catentation of the NwkID and a
25-bit device-specific network address that is assigned when the
device "joins" the network (see below for the join procedure) or that
is pre-provisioned into the device.
End-devices are assumed to work with one or a quite limited number of
applications, which matches most LoRaWAN use-cases. The applications
are identified by a 64-bit AppEUI, which is assumed to be a
registered IEEE EUI64 value.
In addition, a device needs to have two symmetric session keys, one
for protecting network artefacts (port=0), the NwkSKey, and another
for protecting appliction layer traffic, the AppSKey. Both keys are
used for 128 bit AES cryptpgraphic operations. (See Section 6 for
details.)
So, one option is for an end-device to have all of the above, plus
channel information, somehow (pre-)provisioned, in which case the
end-device can simply start transmitting. This is achievable in many
cases via out-of-band means given the nature of LoRaWAN networks.
Table 3 summarises these values.
Farrell Expires May 2, 2017 [Page 9]
Internet-Draft Low Power Wide Area Networking Overview October 2016
+---------+---------------------------------------------------------+
| Value | Description |
+---------+---------------------------------------------------------+
| DevAddr | DevAddr (32-bits) = NwkId (7-bits) + device-specific |
| | network address (25 bits) |
| | |
| AppEUI | IEEE EUI64 naming the application |
| | |
| NwkSKey | 128 bit network session key for use with AES |
| | |
| AppSKey | 128 bit application session key for use with AES |
+---------+---------------------------------------------------------+
Table 3: Values required for nominal operation
As an alternative, end-devices can use the LoRaWAN join procedure in
order to setup some of these values and dynamically gain access to
the network.
To use the join procedure, an end-device must still know the AppEUI.
In addition to the AppEUI, end-devices using the join procedure need
to also know a different (long-term) symmetric key that is bound to
the AppEUI - this is the application key (AppKey), and is distinct
from the application session key (AppSKey). The AppKey is required
to be specific to the device, that is, each end-device should have a
different AppKey value. And finally the end-device also needs a
long-term identifier for itself, syntactically also an EUI-64, and
known as the device EUI or DevEUI. Table 4 summarises these values.
+---------+----------------------------------------------------+
| Value | Description |
+---------+----------------------------------------------------+
| DevEUI | IEEE EUI64 naming the device |
| | |
| AppEUI | IEEE EUI64 naming the application |
| | |
| AppKey | 128 bit long term application key for use with AES |
+---------+----------------------------------------------------+
Table 4: Values required for join procedure
The join procedure involves a special exchange where the end-device
asserts the AppEUI and DevEUI (integrity protected with the long-term
AppKey, but not encrypted) in a Join-request uplink message. This is
then routed to the network server which interacts with an entity that
knows that AppKey to verify the Join-request. All going well, a
Join-accept downlink message is returned from the network server to
the end-device that specifies the 24-bit NetID, 32-bit DevAddr and
Farrell Expires May 2, 2017 [Page 10]
Internet-Draft Low Power Wide Area Networking Overview October 2016
channel information and from which the AppSKey and NwkSKey can be
derived based on knowledge of the AppKey. This provides the end-
device with all the values listed in Table 3.
There is some special handling related to which channels to use and
for multiple transmissions for the join-request which is intended to
ensure a successful join in as many cases as possible. Join-request
and Join-accept messages also include some random values (nonces) to
both provide some replay protection and to help ensure the session
keys are unique per run of the join procedure. If a Join-request
fails validation, then no Join-accept message (indeed no message at
all) is returned to the end-device. For example, if an end-device is
factory-reset then it should end up in a state in which it can re-do
the join procedure.
In this section we describe the use of cryptography in LoRaWAN. This
section is not intended as a full specification but to be sufficient
so that future IETF specifications can encompass the required
security considerations. The emphasis is on describing the
externally visible characteristics of LoRaWAN.
All payloads are encrypted and have data integrity. Frame options
(used for MAC commands) when sent as a payload (port zero) are
therefore protected. MAC commands piggy-backed as frame options
("FOpts") are however sent in clear. Since MAC commands may be sent
as options and not only as payload, any values sent in that manner
are visible to a passive attacker but are not malleable for an active
attacker due to the use of the MIC.
For LoRaWAN version 1.0.x, the NWkSkey session key is used to provide
data integrity between the end-device and the network server. The
AppSKey is used to provide data confidentiality between the end-
device and network server, or to the application "behind" the network
server, depending on the implementation of the network.
All MAC layer messages have an outer 32-bit Message Integrity Code
(MIC) calculated using AES-CMAC calculated over the ciphertext
payload and other headers and using the NwkSkey.
Payloads are encrypted using AES-128, with a counter-mode derived
from IEEE 802.15.4 using the AppSKey.
Gateways are not expected to be provided with the AppSKey or NwkSKey,
all of the infrastructure-side cryptography happens in (or "behind")
the network server.
When session keys are derived from the AppKey as a result of the join
procedure the Join-accept message payload is specially handled.
Farrell Expires May 2, 2017 [Page 11]
Internet-Draft Low Power Wide Area Networking Overview October 2016
The long-term AppKey is directly used to protect the Join-accept
message content, but the function used is not an aes-encrypt
operation, but rather an aes-decrypt operation. The justification is
that this means that the end-device only needs to implement the aes-
encrypt operation. (The counter mode variant used for payload
decryption means the end-device doesn't need an aes-decrypt
primitive.)
The Join-accept plaintext is always less than 16 bytes long, so
electronic code book (ECB) mode is used for protecting Join-accept
messages.
The Join-accept contains an AppNonce (a 24 bit value) that is
recovered on the end-device along with the other Join-accept content
(e.g. DevAddr) using the aes-encrypt operation.
Once the Join-accept payload is available to the end-device the
session keys are derived from the AppKey, AppNonce and other values,
again using an ECB mode aes-encrypt operation, with the plaintext
input being a maximum of 16 octets.
4.2. Narrowband IoT (NB-IoT)
[[Text here is from [I-D.ratilainen-lpwan-nb-iot].]]
4.2.1. Provenance and Documents
Narrowband Internet of Things (NB-IoT) is developed and standardized
by 3GPP. The standardization of NB-IoT was finalized with 3GPP
Release-13 in June 2016, but further enhancements for NB-IoT are
worked on in the following releases, for example in the form of
multicast support. For more information of what has been specified
for NB-IoT, 3GPP specification 36.300 [TGPP36300] provides an
overview and overall description of the E-UTRAN radio interface
protocol architecture, while specifications 36.321 [TGPP36321],
36.322 [TGPP36322], 36.323 [TGPP36323] and 36.331 [TGPP36331] give
more detailed description of MAC, RLC, PDCP and RRC protocol layers
respectively.
4.2.2. Characteristics
[[Editor notes: Not clear if all the radio info here is needed. Not
clear what minimum MTU might be. Many 3GPP acronyms/terms to
eliminate or explain.]]
Specific targets for NB-IoT include: Less than 5$ module cost,
extended coverage of 164 dB maximum coupling loss, battery life of
Farrell Expires May 2, 2017 [Page 12]
Internet-Draft Low Power Wide Area Networking Overview October 2016
over 10 years, ~55000 devices per cell and uplink reporting latency
of less than 10 seconds.
NB-IoT supports Half Duplex FDD operation mode with 60 kbps peak rate
in uplink and 30 kbps peak rate in downlink, and a maximum size MTU
of 1600 bytes. As the name suggests, NB-IoT uses narrowbands with
the bandwidth of 180 kHz in both, downlink and uplink. The multiple
access scheme used in the downlink is OFDMA with 15 kHz sub-carrier
spacing. On uplink multi-tone SC-FDMA is used with 15 kHz tone
spacing or as a special case of SC-FDMA single tone with either 15kHz
or 3.75 kHz tone spacing may be used.
NB-IoT can be deployed in three ways. In-band deployment means that
the narrowband is multiplexed within normal LTE carrier. In Guard-
band deployment the narrowband uses the unused resource blocks
between two adjacent LTE carriers. Also standalone deployment is
supported, where the narrowband can be located alone in dedicated
spectrum, which makes it possible for example to refarm the GSM
carrier at 850/900 MHz for NB-IoT. All three deployment modes are
meant to be used in licensed bands. The maximum transmission power
is either 20 or 23 dBm for uplink transmissions, while for downlink
transmission the eNodeB may use higher transmission power, up to 46
dBm depending on the deployment.
For signaling optimization, two options are introduced in addition to
legacy RRC connection setup, mandatory Data-over-NAS (Control Plane
optimization, solution 2 in [TGPP23720]) and optional RRC Suspend/
Resume (User Plane optimization, solution 18 in [TGPP23720]). In the
control plane optimization the data is sent over Non Access Stratum,
directly from Mobility Management Entity (MME) in core network to the
UE without interaction from base station. This means there are no
Access Stratum security or header compression, as the Access Stratum
is bypassed, and only limited RRC procedures.
The RRC Suspend/Resume procedures reduce the signaling overhead
required for UE state transition from Idle to Connected mode in order
to have a user plane transaction with the network and back to Idle
state by reducing the signaling messages required compared to legacy
operation
With extended DRX the RRC Connected mode DRX cycle is up to 10.24
seconds and in RRC Idle the DRX cycle can be up to 3 hours.
NB-IoT has no channel access restrictions allowing up to a 100% duty-
cycle.
3GPP access security is specified in [TGPP33203].
Farrell Expires May 2, 2017 [Page 13]
Internet-Draft Low Power Wide Area Networking Overview October 2016
+--+
|UE| \ +------+ +------+
+--+ \ | MME |------| HSS |
\ / +------+ +------+
+--+ \+-----+ / |
|UE| ----| eNB |- |
+--+ /+-----+ \ |
/ \ +--------+
/ \| | +------+ Service PDN
+--+ / | S-GW |----| P-GW |---- e.g. Internet
|UE| | | +------+
+--+ +--------+
Figure 3: 3GPP network architecture
Mobility Management Entity (MME) is responsible for handling the
mobility of the UE. MME tasks include tracking and paging UEs,
session management, choosing the Serving gateway for the UE during
initial attachment and authenticating the user. At MME, the Non
Access Stratum (NAS) signaling from the UE is terminated.
Serving Gateway (S-GW) routes and forwards the user data packets
through the access network and acts as a mobility anchor for UEs
during handover between base stations known as eNodeBs and also
during handovers between other 3GPP technologies.
Packet Data Node Gateway (P-GW) works as an interface between 3GPP
network and external networks.
Home Subscriber Server (HSS) contains user-related and subscription-
related information. It is a database, which performs mobility
management, session establishment support, user authentication and
access authorization.
E-UTRAN consists of components of a single type, eNodeB. eNodeB is a
base station, which controls the UEs in one or several cells.
The illustration of 3GPP radio protocol architecture can be seen from
Figure 4.
Farrell Expires May 2, 2017 [Page 14]
Internet-Draft Low Power Wide Area Networking Overview October 2016
+---------+ +---------+
| NAS |----|-----------------------------|----| NAS |
+---------+ | +---------+---------+ | +---------+
| RRC |----|----| RRC | S1-AP |----|----| S1-AP |
+---------+ | +---------+---------+ | +---------+
| PDCP |----|----| PDCP | SCTP |----|----| SCTP |
+---------+ | +---------+---------+ | +---------+
| RLC |----|----| RLC | IP |----|----| IP |
+---------+ | +---------+---------+ | +---------+
| MAC |----|----| MAC | L2 |----|----| L2 |
+---------+ | +---------+---------+ | +---------+
| PHY |----|----| PHY | PHY |----|----| PHY |
+---------+ +---------+---------+ +---------+
LTE-Uu S1-MME
UE eNodeB MME
Figure 4: 3GPP radio protocol architecture
The radio protocol architecture of NB-IoT (and LTE) is separated into
control plane and user plane. Control plane consists of protocols
which control the radio access bearers and the connection between the
UE and the network. The highest layer of control plane is called
Non-Access Stratum (NAS), which conveys the radio signaling between
the UE and the EPC, passing transparently through radio network. It
is responsible for authentication, security control, mobility
management and bearer management.
Access Stratum (AS) is the functional layer below NAS, and in control
plane it consists of Radio Resource Control protocol (RRC)
[TGPP36331], which handles connection establishment and release
functions, broadcast of system information, radio bearer
establishment, reconfiguration and release. RRC configures the user
and control planes according to the network status. There exists two
RRC states, RRC_Idle or RRC_Connected, and RRC entity controls the
switching between these states. In RRC_Idle, the network knows that
the UE is present in the network and the UE can be reached in case of
incoming call. In this state the UE monitors paging, performs cell
measurements and cell selection and acquires system information.
Also the UE can receive broadcast and multicast data, but it is not
expected to transmit or receive singlecast data. In RRC_Connected
the UE has a connection to the eNodeB, the network knows the UE
location on cell level and the UE may receive and transmit singlecast
data. RRC_Connected mode is established, when the UE is expected to
be active in the network, to transmit or receive data. Connection is
released, switching to RRC_Idle, when there is no traffic to save the
UE battery and radio resources. However, a new feature was
introduced for NB-IoT, as mentioned earlier, which allows data to be
Farrell Expires May 2, 2017 [Page 15]
Internet-Draft Low Power Wide Area Networking Overview October 2016
transmitted from the MME directly to the UE, while the UE is in
RRC_Idle transparently to the eNodeB.
Packet Data Convergence Protocol's (PDCP) [TGPP36323] main services
in control plane are transfer of control plane data, ciphering and
integrity protection.
Radio Link Control protocol (RLC) [TGPP36322] performs transfer of
upper layer PDUs and optionally error correction with Automatic
Repeat reQuest (ARQ), concatenation, segmentation and reassembly of
RLC SDUs, in-sequence delivery of upper layer PDUs, duplicate
detection, RLC SDU discard, RLC-re-establishment and protocol error
detection and recovery.
Medium Access Control protocol (MAC) [TGPP36321] provides mapping
between logical channels and transport channels, multiplexing of MAC
SDUs, scheduling information reporting, error correction with HARQ,
priority handling and transport format selection.
Physical layer [TGPP36201] provides data transport services to higher
layers. These include error detection and indication to higher
layers, FEC encoding, HARQ soft-combining. Rate matching and mapping
of the transport channels onto physical channels, power weighting and
modulation of physical channels, frequency and time synchronization
and radio characteristics measurements.
User plane is responsible for transferring the user data through the
Access Stratum. It interfaces with IP and consists of PDCP, which in
user plane performs header compression using Robust Header
Compression (RoHC), transfer of user plane data between eNodeB and
UE, ciphering and integrity protection. Lower layers in user plane
are similarly RLC, MAC and physical layer performing tasks mentioned
above.
Under worst-case conditions, NB-IoT may achieve data rate of roughly
200 bps. For downlink with 164 dB coupling loss, NB-IoT may achieve
higher data rates, depending on the deployment mode. Stand-alone
operation may achieve the highest data rates, up to few kbps, while
in-band and guard-band operations may reach several hundreds of bps.
NB-IoT may even operate with higher maximum coupling loss than 170 dB
with very low bit rates.
4.3. SIGFOX
[[Text here is from [I-D.zuniga-lpwan-sigfox-system-description].]]
Farrell Expires May 2, 2017 [Page 16]
Internet-Draft Low Power Wide Area Networking Overview October 2016
4.3.1. Provenance and Documents
The SIGFOX LPWAN is in line with the terminology and specifications
being defined by the ETSI ERM TG28 Low Throughput Networks (LTN)
group [etsi_ltn]. As of today, the SIGFOX LPWAN/LTN has been fully
deployed in 6 countries, with ongoing deployments on 14 other
countries, which in total will reach 316M people.
4.3.2. Characteristics
SIGFOX LPWAN autonomous battery-operated devices send only a few
bytes per day, week or month, allowing them to remain on a single
battery for up to 10-15 years.
The radio interface is compliant with the following regulations:
Spectrum allocation in the USA [fcc_ref]
Spectrum allocation in Europe [etsi_ref]
Spectrum allocation in Japan [arib_ref]
The SIGFOX LTN radio interface is also compliant with the local
regulations of the following countries: Australia, Brazil, Canada,
Kenya, Lebanon, Mauritius, Mexico, New Zealand, Oman, Peru,
Singapore, South Africa, South Korea, and Thailand.
The radio interface is based on Ultra Narrow Band (UNB)
communications, which allow an increased transmission range by
spending a limited amount of energy at the device. Moreover, UNB
allows a large number of devices to coexist in a given cell without
significantly increasing the spectrum interference.
Both uplink and downlink communications are possible with the UNB
solution. Due to spectrum optimizations, different uplink and
downlink frames and time synchronization methods are needed.
The main radio characteristics of the UNB uplink transmission are:
o Channelization mask: 100 Hz (600 Hz in the USA)
o Uplink baud rate: 100 baud (600 baud in the USA)
o Modulation scheme: DBPSK
o Uplink transmission power: compliant with local regulation
o Link budget: 155 dB (or better)
Farrell Expires May 2, 2017 [Page 17]
Internet-Draft Low Power Wide Area Networking Overview October 2016
o Central frequency accuracy: not relevant, provided there is no
significant frequency drift within an uplink packet
In Europe, the UNB uplink frequency band is limited to 868,00 to
868,60 MHz, with a maximum output power of 25 mW and a maximum mean
transmission time of 1%.
The format of the uplink frame is the following:
+--------+--------+--------+------------------+-------------+-----+
|Preamble| Frame | Dev ID | Payload |Msg Auth Code| FCS |
| | Sync | | | | |
+--------+--------+--------+------------------+-------------+-----+
Figure 5: Uplink Frame Format
The uplink frame is composed of the following fields:
o Preamble: 19 bits
o Frame sync and header: 29 bits
o Device ID: 32 bits
o Payload: 0-96 bits
o Authentication: 16-40 bits
o Frame check sequence: 16 bits (CRC)
The main radio characteristics of the UNB downlink transmission are:
o Channelization mask: 1.5 kHz
o Downlink baud rate: 600 baud
o Modulation scheme: GFSK
o Downlink transmission power: 500 mW (4W in the USA)
o Link budget: 153 dB (or better)
o Central frequency accuracy: Centre frequency of downlink
transmission are set by the network according to the corresponding
uplink transmission.
Farrell Expires May 2, 2017 [Page 18]
Internet-Draft Low Power Wide Area Networking Overview October 2016
In Europe, the UNB downlink frequency band is limited to 869,40 to
869,65 MHz, with a maximum output power of 500 mW with 10% duty
cycle.
The format of the downlink frame is the following:
+------------+-----+---------+------------------+-------------+-----+
| Preamble |Frame| ECC | Payload |Msg Auth Code| FCS |
| |Sync | | | | |
+------------+-----+---------+------------------+-------------+-----+
Figure 6: Downlink Frame Format
The downlink frame is composed of the following fields:
o Preamble: 91 bits
o Frame sync and header: 13 bits
o Error Correcting Code (ECC): 32 bits
o Payload: 0-64 bits
o Authentication: 16 bits
o Frame check sequence: 8 bits (CRC)
The radio interface is optimized for uplink transmissions, which are
asynchronous. Downlink communications are achieved by querying the
network for existing data from the device.
A device willing to receive downlink messages opens a fixed window
for reception after sending an uplink transmission. The delay and
duration of this window have fixed values. The LTN network transmits
the downlink message for a given device during the reception window.
The LTN network selects the BS for transmitting the corresponding
downlink message.
Uplink and downlink transmissions are unbalanced due to the
regulatory constraints on the ISM bands. Under the strictest
regulations, the system can allow a maximum of 140 uplink messages
and 4 downlink messages per device. These restrictions can be
slightly relaxed depending on system conditions and the specific
regulatory domain of operation.
Farrell Expires May 2, 2017 [Page 19]
Internet-Draft Low Power Wide Area Networking Overview October 2016
+--+
|EP| * +------+
+--+ * | RA |
* +------+
+--+ * |
|EP| * * * * |
+--+ * +----+ |
* | BS | \ +--------+
+--+ * +----+ \ | |
DA -----|EP| * * * | SC |----- NA
+--+ * / | |
* +----+ / +--------+
+--+ * | BS |/
|EP| * * * * +----+
+--+ *
*
+--+ *
|EP| * *
+--+
Figure 7: ETSI LTN architecture
Figure 7 depicts the different elements of the SIGFOX architecture.
The architecture consists of a single core network, which allows
global connectivity with minimal impact on the end device and radio
access network. The core network elements are the Service Center
(SC) and the Registration Authority (RA). The SC is in charge of the
data connectivity between the Base Station (BS) and the Internet, as
well as the control and management of the BSs and End Points. The RA
is in charge of the End Point network access authorization.
The radio access network is comprised of several BSs connected
directly to the SC. Each BS performs complex L1/L2 functions,
leaving some L2 and L3 functionalities to the SC.
The devices or End Points (EPs) are the objects that communicate
application data between local device applications (DAs) and network
applications (NAs).
EPs (or devices) can be static or nomadic, as they associate with the
SC and they do not attach to a specific BS. Hence, they can
communicate with the SC through one or many BSs.
Due to constraints in the complexity of the EP, it is assumed that
EPs host only one or very few device applications, which communicate
to one single network application at a time.
Farrell Expires May 2, 2017 [Page 20]
Internet-Draft Low Power Wide Area Networking Overview October 2016
The radio protocol provides mechanisms to authenticate and ensure
integrity of the message. This is achieved by using a unique device
ID and a message authentication code, which allow ensuring that the
message has been generated and sent by the device with the ID claimed
in the message.
Security keys are independent for each device. These keys are
associated with the device ID and they are pre-provisioned.
Application data can be encrypted by the application provider.
4.4. WI-SUN
[[Add text here when available. Source = bheile@ieee.org]]
5. Gap Analysis
[[Add text here from [I-D.minaburo-lpwan-gap-analysis].]]
6. Security Considerations
7. IANA Considerations
There are no IANA considerations related to this memo.
8. Contributors
As stated above this document is mainly a collection of content
developed by the full set of contributors listed below. The main
input documents and their authors were:
o The text on LoRaWAN was based on [I-D.farrell-lpwan-lora-overview]
co-authored by Alper Yegin and Stephen Farrell.
o Text for Section 4.2 was provided by Antti Ratilainen in
[I-D.ratilainen-lpwan-nb-iot].
o Text for Section 4.3 was provided by Juan Carlos Zuniga and Benoit
Ponsard in [I-D.zuniga-lpwan-sigfox-system-description].
o Text for Section 5 was provided by Ana Minabiru, Carles Gomez,
Laurent Toutain, Josep Paradells and Jon Crowcroft in
[I-D.minaburo-lpwan-gap-analysis]. Additional text from that
draft is also used elsewhere above.
The full list of contributors are:
Farrell Expires May 2, 2017 [Page 21]
Internet-Draft Low Power Wide Area Networking Overview October 2016
Jon Crowcroft
University of Cambridge
JJ Thomson Avenue
Cambridge, CB3 0FD
United Kingdom
Email: jon.crowcroft@cl.cam.ac.uk
Carles Gomez
UPC/i2CAT
C/Esteve Terradas, 7
Castelldefels 08860
Spain
Email: carlesgo@entel.upc.edu
Ana Minaburo
Acklio
2bis rue de la Chataigneraie
35510 Cesson-Sevigne Cedex
France
Email: ana@ackl.io
Josep PAradells
UPC/i2CAT
C/Jordi Girona, 1-3
Barcelona 08034
Spain
Email: josep.paradells@entel.upc.edu
Benoit Ponsard
SIGFOX
425 rue Jean Rostand
Labege 31670
France
Email: Benoit.Ponsard@sigfox.com
URI: http://www.sigfox.com/
Antti Ratilainen
Ericsson
Farrell Expires May 2, 2017 [Page 22]
Internet-Draft Low Power Wide Area Networking Overview October 2016
Hirsalantie 11
Jorvas 02420
Finland
Email: antti.ratilainen@ericsson.com
Laurent Toutain
Institut MINES TELECOM ; TELECOM Bretagne
2 rue de la Chataigneraie
CS 17607
35576 Cesson-Sevigne Cedex
France
Email: Laurent.Toutain@telecom-bretagne.eu
Alper Yegin
Actility
Paris, Paris
FR
Email: alper.yegin@actility.com
Juan Carlos Zuniga
SIGFOX
425 rue Jean Rostand
Labege 31670
France
Email: JuanCarlos.Zuniga@sigfox.com
URI: http://www.sigfox.com/
9. Acknowledgements
Thanks to all those listed in Section 8 for the excellent text.
Errors in the handling of that are solely the editor's fault.
Thanks to [your name here] for comments.
Stephen Farrell's work on this memo was supported by the Science
Foundation Ireland funded CONNECT centre <https://connectcentre.ie/>.
Farrell Expires May 2, 2017 [Page 23]
Internet-Draft Low Power Wide Area Networking Overview October 2016
10. Informative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[I-D.farrell-lpwan-lora-overview]
Farrell, S. and A. Yegin, "LoRaWAN Overview", draft-
farrell-lpwan-lora-overview-01 (work in progress), October
2016.
[I-D.minaburo-lpwan-gap-analysis]
Minaburo, A., Gomez, C., Toutain, L., Paradells, J., and
J. Crowcroft, "LPWAN Survey and GAP Analysis", draft-
minaburo-lpwan-gap-analysis-02 (work in progress), October
2016.
[I-D.zuniga-lpwan-sigfox-system-description]
Zuniga, J. and B. PONSARD, "SIGFOX System Description",
draft-zuniga-lpwan-sigfox-system-description-00 (work in
progress), July 2016.
[I-D.ratilainen-lpwan-nb-iot]
Ratilainen, A., "NB-IoT characteristics", draft-
ratilainen-lpwan-nb-iot-00 (work in progress), July 2016.
[TGPP36300]
3GPP, "TS 36.300 v13.4.0 Evolved Universal Terrestrial
Radio Access (E-UTRA) and Evolved Universal Terrestrial
Radio Access Network (E-UTRAN); Overall description; Stage
2", 2016,
<http://www.3gpp.org/ftp/Specs/2016-09/Rel-14/36_series/>.
[TGPP36321]
3GPP, "TS 36.321 v13.2.0 Evolved Universal Terrestrial
Radio Access (E-UTRA); Medium Access Control (MAC)
protocol specification", 2016.
[TGPP36322]
3GPP, "TS 36.322 v13.2.0 Evolved Universal Terrestrial
Radio Access (E-UTRA); Radio Link Control (RLC) protocol
specification", 2016.
[TGPP36323]
3GPP, "TS 36.323 v13.2.0 Evolved Universal Terrestrial
Radio Access (E-UTRA); Packet Data Convergence Protocol
(PDCP) specification (Not yet available)", 2016.
Farrell Expires May 2, 2017 [Page 24]
Internet-Draft Low Power Wide Area Networking Overview October 2016
[TGPP36331]
3GPP, "TS 36.331 v13.2.0 Evolved Universal Terrestrial
Radio Access (E-UTRA); Radio Resource Control (RRC);
Protocol specification", 2016.
[TGPP36201]
3GPP, "TS 36.201 v13.2.0 - Evolved Universal Terrestrial
Radio Access (E-UTRA); LTE physical layer; General
description", 2016.
[TGPP23720]
3GPP, "TR 23.720 v13.0.0 - Study on architecture
enhancements for Cellular Internet of Things", 2016.
[TGPP33203]
3GPP, "TS 33.203 v13.1.0 - 3G security; Access security
for IP-based services", 2016.
[etsi_ltn]
"ETSI Technical Committee on EMC and Radio Spectrum
Matters (ERM) TG28 Low Throughput Networks (LTN)",
February 2015.
[fcc_ref] "FCC CFR 47 Part 15.247 Telecommunication Radio Frequency
Devices - Operation within the bands 902-928 MHz,
2400-2483.5 MHz, and 5725-5850 MHz.", June 2016.
[etsi_ref]
"ETSI EN 300-220 (Parts 1 and 2): Electromagnetic
compatibility and Radio spectrum Matters (ERM); Short
Range Devices (SRD); Radio equipment to be used in the 25
MHz to 1 000 MHz frequency range with power levels ranging
up to 500 mW", May 2016.
[arib_ref]
"ARIB STD-T108 (Version 1.0): 920MHz-Band Telemeter,
Telecontrol and data transmission radio equipment.",
February 2012.
[LoRaSpec]
LoRa Alliance, "LoRaWAN Specification Version V1.0.2", Nov
2016, <URL TBD>.
[LoRaSpec1.0]
LoRa Alliance, "LoRaWAN Specification Version V1.0", Jan
2015, <https://www.lora-alliance.org/portals/0/specs/
LoRaWAN%20Specification%201R0.pdf>.
Farrell Expires May 2, 2017 [Page 25]
Internet-Draft Low Power Wide Area Networking Overview October 2016
Author's Address
Stephen Farrell (editor)
Trinity College Dublin
Dublin 2
Ireland
Phone: +353-1-896-2354
Email: stephen.farrell@cs.tcd.ie
Farrell Expires May 2, 2017 [Page 26]