CBRS Alliance Release 3 Specification Webinar 15 April, 2020 Welcome

• By joining this webinar you agree to the terms of the CBRS Alliance Privacy Policy and Webinar Disclosure located in the event description

• This session is being recorded for the CBRS Alliance’s use and distribution

Dr. Gary Boudreau, System Architect at Ericsson, CBRS Alliance Coexistence Workgroup Chair

Dr. Gary Boudreau is an LTE/NR System Architect at Ericsson and CBRS Alliance Technical Workgroup Chair. Dr. Boudreau is a professional engineer with over 25 years of communications system engineering experience spanning cellular wireless communications, satellite communications and military systems.

Dr. Masoud Olfat, Sr. Director of Technology Development at Federated Wireless, CBRS Alliance Network Services Workgroup Chair

Dr. Masoud Olfat is the Sr. Director of Technology Development at Federated Wireless and CBRS Alliance Network Services Workgroup Chair. Dr. Olfat is a senior technologist and researcher with over 20 years of experience driving innovative technology strategies and solutions for telecom corporations such as Nextel, Sprint Nextel, Clearwire, LightSquared, Federated Wireless, and University of Maryland.

Iwajlo Angelow, Senior Standardization Specialist at Nokia, CBRS Alliance Radio Workgroup Chair

Iwajlo Angelow is the Senior Standardization Specialist at Nokia and CBRS Alliance Radio Workgroup Chair. He has over 15 years of experience in mobile communications R&D and has been a 3GPP RAN4 attendee since 2005. He has been Rapporteur of various spectrum related Work Items in 3GPP including Band 48 and n48.

Dr. Yi Hsuan, Google Access Wireless System Engineer at Google, CBRS Alliance Coexistence Workgroup Chair

Dr. Yi Hsuan is a wireless specialist in Google with more than 20 years of experience in the industry of wireless communications. He is currently working on system requirements and protocol standardization in the Wireless Innovation Forum and the CBRS Alliance to enable spectrum sharing.

• Welcome and Introduction – Alan Ewing, CBRS Alliance Executive Director • Specification Overview: Gary Boudreau (Ericsson), Chair of CBRS Alliance Technical Work Group – 5 min • Release 3 Radio Requirements: Iwajlo Angelow (Nokia), Chair of the Radio Task Group – 5 minutes • Release 3 Coexistence: Yi Hsuan (Google), Chair of Coexistence Task Group – 20 min • Release 3 Network Architectures: Masoud Olfat (Federated Wireless), Chair of Network Services Task Group – 20 min • Q&A – 10 min

• Best to leave Q&A to the end to ensure we have time to cover all material. Use the question function in the webinar platform to submit questions during the session. Will try to address clarification questions in real-time, but general questions will be handled after presentations.

• CBRS Alliance is an industry forum created to champion LTE and NR in the CBRS Band (3550-3700 MHz) in accordance with FCC Part 96 Rules • Information on FCC Part 96 can be found at: – The Part 96 rules can be found at: https://www.ecfr.gov/cgi-bin/ECFR, select Title 47, Chapter 1, Volume 5, Part 96 – WInnForum webinar: Understanding the New US 3.5 GHz Band at: https://www.youtube.com/watch?v=lQ2a4ZRjGgE&t=304s Note: This Webinar is from June 2015 and a couple of the FCC rules have since been revised, but webinar remains an excellent overview. WInnForum has additional Webinars on CBRS available on youtube.

WInnForum CBRS Alliance • Focus on LTE and NR technology in the CBRS • Official SDO with multiple committees Band. Builds upon and compliant with • Spectrum Sharing Committee (SSC) handles WInnForum Standards FCC Part 96 rules (CBRS) & working closely • Developing technical specs to support LTE and with US Government NR deployments of Private Networks, Neutral Host Networks, Multi-Service Operator • Technology Neutral (many members support Networks, etc. LTE, but other members including WISPA • Focus on LTE and NR coexistence support proprietary technology use in the band) • Addressing LTE and NR (5G) commercialization, • Developing SAS, CBSD & ESC requirements; business and marketing issues Security methods; SAS-CBSD & SAS-SAS • Broad range of members: manufacturers, operators, verticals and more protocols; Certification tests for: CBSD & SAS • NR functionality standardized in Release 3 • Specific tools and messages enabling coexistence across multiple technologies in WInnForum Release 2

• Outputs: – Specifications, best practices, recommendations, guidelines, etc • Published Technical Specifications can be found from web site: https://www.cbrsalliance.org/ – Contribute into other fora as appropriate (working with WInnForum, ATIS, MulteFire, Small Cell Forum, HTNG and 3GPP) Technical • Task Groups WG – Coexistence TG Network Coexistence Radio TG HNI TG – Network Services TG Svcs TG TG – Radio TG – Home Network Identifier TG

• 3GPP developed the 3GPP E-UTRA LTE as well as NR (Radio Access Network) requirements and the corresponding network Global Standards – 3GPP developed hundreds of standard features for LTE and EPS and leverages and/or references many other industry standards (IETF, ITU, OMA, NIST, ETSI, Smart Cards, GPS, and many more) • US Telecom systems must also comply with relevant FCC Rules and various ATIS Standards (Mobile Alerting, E911, etc) • CBRS networks must also comply with WInnForum requirements (which include FCC Rules) and we layer on CBRS Alliance specifications • We are exploiting the strengths of multiple standards bodies to develop a commercial LTE and NR solution in the CBRS Band. • Release 3 is an instantiation of 5G using NR functionality.

• LTE and NR are designed for mobile network operators deploying in exclusive use spectrum. • CBRS is lightly licensed shared spectrum, and opens opportunities for new use cases not addressed by 3GPP (e.g. Neutral Host Networks) – Also defining use of a shared CBRS HNI – Device Based Authentication – Multi-services operator deployments – And more

• Visit the CBRS Alliance website to see all Release 1, Release 2 , Release 3 and Independent Specifications – https://www.cbrsalliance.org/specifications/

• Previous Webinar Recordings: – CBRS Shared HNI Webinar (Link) – CBRS Alliance Release 1 Specifications (Link) – CBRS Alliance Release 2 Specifications (Link)

• 3GPP has introduced new NR band n48 (RP-190908) – Channel bandwidth up to 100MHz (see more details below) – 15 & 30kHz channel raster – 30kHz sync raster • 3GPP Rel’16 work on Band 48 and n48 combinations – LTE inter-band CA, EN-DC, NR intra-band and inter-band CA

NR SCS 100 5 MHz 10 MHz 15 MHz 20 MHz 40 MHz 50 MHz 60 MHz 80 MHz 90 MHz Band kHz MHz

15 Yes Yes Yes Yes Yes Yes1 1 n48 30 Yes Yes Yes Yes Yes1 Yes1 Yes1 Yes Yes1 1 60 Yes Yes Yes Yes Yes1 Yes1 Yes1 Yes Yes1 Note 1: This UE channel bandwidth is applicable only to DL

• Support of 5G NR – Includes CBSDs using NR in the coexistence framework – How LTE and NR CBSDs coexist in the CBRS band – GAA channel assignment for NR CBSDs – CxM-CBSD protocol extension to support NR CBSDs • More flexible use of TDD configurations – Indoor CBSDs have more flexibility to choose TDD configurations

• All NR-TDD CBSDs shall derive the same frame timing as LTE-TDD CBSDs – Time reference: A time reference traceable to a common synchronization source. Temps Atomique International (TAI) shall be used. – SFN init time: The use of a common SFN initialization time serves to align the frame boundaries, and indeed the subframe boundaries, within the required timing accuracy.

• NR subcarrier spacing of 30 kHz is supported (15 kHz to be added in Release 3.1 Coexistence TS) • All NR-TDD CBSDs in a CBRSA CxG shall support two uplink-downlink configurations that corresponds to two mandatory LTE-TDD configurations • All CBSDs (LTE-TDD or NR-TDD) in a “TDD configuration connected set” need to use the same or equivalent TDD configurations

Mandatory NR-TDD UL/DL Configurations for the CBRSA CxG

UL:DL ratio Slot Number 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 4:5 D D D F U U U U D D D D D F U U U U D D 2:7 D D D F U U D D D D D D D F U U D D D D Equivalent to LTE TDD configuration 2 Equivalent to LTE TDD configuration 1

NR-TDD Subframe ‘F’ Symbol Pattern for the CBRSA CxG (equivalent to LTE-TDD special subframe configuration 7)

• Creation of TDD Configuration Connected Set. An “edge”, denoted by a line in the graph, is created between two CBSDs, each represented as a vertex in the graph, if their coverage contours (- 96dBm/10 MHz) overlap with each other. • All LTE-TDD CBSDs and NR-TDD CBSDs that are part of the same TDD Configuration Connected Set shall use the same or NR Equivalent TDD configuration.

• Some indoor use cases require higher bandwidth in the uplink, e.g., security camera, internet of things, etc. • Traditional internet service provides more bandwidth in the downlink. • Mandating the same TDD configuration in a connected set may exclude some important use cases of CBRS. • Indoor deployment guidelines are to be published and indoor CBSDs are allowed to opt out of TDD configuration connected sets. • The CxM will request Indoor CBSDs to employ the mandatory TDD Configurations if harmful interference originated by the Indoor CBSDs is reported.

22 CBRS Alliance Copyright © 2020 Deployment Recommendations for Indoor-Indoor and Indoor- Outdoor Coexistence • To minimize interference between CBSDs of different networks, the minimum recommended distance between CBSDs of different operators is 20 m. • For scenarios where the distance criteria cannot be met, isolation between CBSDs of different networks should be larger than 81 dB. • Isolation measurements between CBSDs not meeting the distance criteria should be performed to demonstrate the isolation requirement can be met for any pair of inter-operator CBSDs. • Operators are encouraged to coordinate deployment prior installation with assistance from the coexistence manager.

• New information from CBSD to CxM includes – NrTddConfig: NR TDD configuration information that the CBSD uses or prefers using – EutraTddConfig: redefinition of E-UTRA signal information to include NR equivalent TDD configuration information – EutraInfo: redefinition of E-UTRA signal information to include NR signal information – indoorCbsdOptOut: indication by indoor CBSDs intending to opt out of TDD configuration connected sets • New grouping objectives and parameters defined in WInnForum Release 2 specifications will be incorporated in Release 3.1 Coexistence TS

• NR CBSDs and LTE CBSDs are treated the same by the CxM in terms of GAA channel assignment for coexistence. • CxM shall assign NR CBSDs at least 10 MHz of contiguous spectrum. • Specification of PAL coexistence is currently in development as a Release 4 work item.

• Recap from Release 2 – CBRS systems using LTE need IMSI blocks to identify UIM cards, cells/eNodeB etc. – USA has only 700 unique IMSI blocks. – CBRSA arranged to share one block (HNI 315-010) among all CBRS operators that don’t have their own full-sized blocks. – 10,000 sub-IMSI-blocks with 100,000 unique IMSI each created.

• Network Architecture – 5G NR NSA: Based on 3GPP R15 EN-DC (Option 3) o LTE and NR in CBRS band o LTE in non-CBRS band and NR in CBRS band. – Roaming (Between LTE networks with either or both PLMN using CBRS PLMN ID) • Data Roaming • IMS Roaming – LBO (Local Break-Out) • Extended Authentication – 5G NR NSA deployment • Review 3GPP R15 EAP-TLS, as a primary authentication method other than EAP-AKA’, and define EAP-TTLS – Credentials Management (EACM) capabilities for CBRS-A • Dynamic management of Subscriber Credentials (i.e., provisioning, renewal, replacement, and revocation) is a complex task that has not been tackled in 3GPP/Cellular network. • CBRS-A Release 3 implements the use of the Extended authentication channel (EAP) to enable and simplify subscriber credentials management. 28 CBRS Alliance Copyright © 2020 5G NR NSA CBRS Network Architecture (Rapporteur: Orlett Pearson, Nokia)

• UE employing EUTRA-NR Dual Connectivity (EN-DC). • 5G NR NSA deployment – U-Plane connection from eNB to EPC, – U-Plane connection from gNB to EPC. • Example here: – the Secondary Cell Group (SCG) bearer has a U-Plane connection between 5G NR gNB and the core network, – another U-Plane connection between the LTE eNB and 5G NR gNB to enable SCG split bearer. • Other Salient Points from 3GPP R15 – No support for CSG (Closed Subscriber Group) – No support for EN-DC with MeNB as a CSG cell – 3GPP will support Private, and Neutral Host Networks beyond Release- 15 for NR SA deployment. • The EMM cause used for ATTACH REJECT, TRACKING AREA UPDATE REJECT and SERVICE REJECT by a CBRS network’s EPC is changed to Cause #15

30 CBRS Alliance Copyright © 2020 Roaming in Shared HNI based CBRS Networks • Data (Rapporteur: Rajesh Kaliaperumal, Ruckus) • IMS (Rapporteur: Amarendar Sirikonda, Comcast) • LBO (Rapporteur: Dr. Fabio Giust, Athonet)

• SHNI CBRS based Private and Hybrid networks may enter into Roaming business agreements with other Service Providers • Scenarios Covered – Subscribers belonging to one CBRS network roams to another CBRS network and both networks deployed using shared HNI – Subscribers belonging to CBRS Network operator using Shared HNI roams into another LTE network that does not use Shared HNI. • Scope of Work – At VPLMN, • Authentication Procedure: Locating HPLMN HSS when HPLM is based on Shared HNI. • PDN Service Resolution: Resolving APN when HPLMN is based on Shared HNI – At HPLMN, • Resolving VPLMN when VPLMN ID is based on Shared HNI • Services Covered – Data Roaming – IMS Roaming

• Authentication Procedure – DSC (DIAMETER Signaling Controller) function can be used (on the S6a interface) – DSC maintaining the mappings of known IBNs (IMSI Number Block) to the corresponding Diameter destination realms or hosts of the destination network – DSC determine the HPLMN based on IBN (IMSI Number Block) • Access Point Name Resolution for Home Routed PDN Connections – home PGW based on Access Point Name FQDN (APN-FQDN) resolution process by DNS, derived from an APN consisting APN NI and an APN OI. – APN OI for SHNI CBRS Network is the same for many different networks using the SHNI, so the default APN-FQDN construction will not be able to provide uniquely identifiable home PGW. – Proposed Solution: • The default APN construction format is “APN= .mnc.mcc.gprs” where the APN OI uses the SHNI in the domain mnc.mcc.gprs. • HSS to use APN-OI Replacement field to add additional unique identifier of the home network: . mnc.mcc.gprs

• Support for IMS-based services (VoLTE, SMS over IMS), in SHNI CBRS Network – roam out of home CBRSA network, into Visited Network provided by an MNO that does not use the SHNI or a CBRS Network Operator that uses the SHNI. – Limitation from the use of SHNI to route IMS-based services for visiting subscribers. – IMS-based services roaming is described in the scenario of a Visited Network that operates as a NHN.

• Roaming for IMS Services – Same roaming procedures as for data for SHNI device roaming on visited network while using IMS services. – limited to S8-Home Routing option. – all the IMS functions are in the home network. • Other IMS service roaming options (LBO-HR and LBO-VR) where some of IMS functions are in the visited network are FFS.

• VPLMN Identity Resolution by HPLMN, when VPLMN is SHNI based CBRS Network, – During the initial Attach, VPLMN MME sends User Location Information (ULI) attribute in the “Create Session Request”, extracting TAI and TAC – HPLMN derives the identity of the VPLMN Operator using the IBN portion of the TAC.

• Summary – Roaming and NHN: Roaming architecture can be applied in CBRS NHN when a roaming agreement exists between PSP and another SP. – Data and IMS roaming adopts 3GPP defined S8-HR architecture. IMS-Roaming is FFS

• With LBO, UE traffic associated to a single PDN or multiple PDN connections can be offloaded to Visited networks, using Local Gateway function, including – SGW-LBO for partial offload of the data traffic associated to the same APN, as well as the UE traffic associated to a single PDN connection. – S/PGW enables traffic offload for a whole APN, that is, for all traffic flows associated to such APN.

• LBO is available to UEs accessing the network using any of the access modes allowed by the CBRSA specifications.

• It is the SP’s responsibility to authorize and select the traffic to be broken out, regardless if the local network and applications belong to the SP or not.

(Rapporteur: Dr. Tao Wan, CableLabs)

• In 5G NR NSA EN-DC deployment UE eNodeB MME AAA (option 3), the extended authentication is handles in LTE 1. RRC Connection Establishment

2. Initial NAS message (Attach/TAU) EPC, 3. Start EAP

• no change is envisioned in CBRSA EAP over NAS EAP over Diameter/Radius Rel 3 KASME Delivered via EAP/Success

• Key Derivation – for EN-DC, the MeNB generates

and sends S-KgNB to the SgNB from which KSgNB-UP-enc, KSgNB-RRC-int and KSgNB-RRC-enc are then derived. The same derivation of S-KgNB and the subsequent keys also occurs at the UE side.

• CBRS-A provides the possibility to authenticate users and devices by using different types of credentials (SIM and/or Certificates)

• CBRS-A provides the possibility to register and automatically renew device credentials by leveraging the EAP-CREDS protocol even before providing IP connectivity

• CBRS-A uses the Simple Provisioning Protocol from EAP-CREDS to provide an EAP-based identity management point of integration – Management does not require additional connectivity – The Operator’s credentials management system can be implemented directly at the AAA server or proxied to be interfaced with internal or external provisioning systems • Most of the credential’s management is accomplished with only 2 or 4 messages

• The credentials management system can work with different types of credentials (i.e., X.509 certificates, username & passwords, SIM-based credentials) and, if supported by the UE, allows for switching between different types

• CBRS-A uniquely provides flexible credential management without compromising security and usability

• CBRS-A also enables new clients with the possibility to provide authorization information if and when registration (or an initial authorization) information is required to gain access to the network (e.g., often referred to as device onboarding) – Allows for easy bootstrapping mechanism(s)

• When compared to other environment, CBRS-A implementation provides a series of powerful advantages – Does not require service discovery – Does not require device certificates on devices – Does not require IP connectivity – Provides a full life-cycle credentials management

Any Questions? Thank You! Questions can be sent to [email protected]