sign in sign up
<<
Home , Air interface

IEEE 802.16.1-00/01r4, September 2000

1 Information Technology- 2 3 4 Telecommunications and Information Exchange Between Systems – 5 6 LAN/MAN Specific Requirements – 7 8 9 10 11 Air Interface for Fixed Broadband 12 13 14 Access Systems 15 16 17 18 19 20 21 22 23 Sponsor 24 25 LAN MAN Standards Committee 26 27 of the IEEE Computer Society 28 29 30 31 32 Abstract: This document is FOR COMMENT as a potential DRAFT standard for medium-access and 33 34 components that meet the functional requirements of a point-to-multipoint Broadband Wireless Access 35 (BWA) system as defined by the IEEE 802.16 Working Group. Detailed logical, electrical, and signal pro- 36 cessing specifications are presented that enable the production of interoperable equipment. 37 38 39 40 41 TM 42 Keywords: wireless metropolitan area network (WirelessMAN ) standards, fixed broadband 43 wireless access networks, millimeter waves 44 45 1 46 47 48 49 50 51 52 53 54 55 56 57 1. The Institute of Electrical and Electronics Engineers, Inc. 58 3 Park Avenue, New York, NY 10016-5997, USA 59 All rights reserved. Published August 2000. Printed in the United States of America. 60 61 Print: ISBN 0-7381-xxxx-x SHxxxxx 62 PDF: ISBN 0-7381-xxxx-x SSxxxxx 63 No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, 64 65 without the prior written permission of the publisher.

This is an unapproved Task Group document being circulated for comment. i IEEE 802.16.1-00/01r4, September 2000

1 IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating Com- 2 mittees of the IEEE Standards Association (IEEE-SA) Standards Board. Members of the committees serve 3 4 voluntarily and without compensation. They are not necessarily members of the Institute. The standards 5 developed within IEEE represent a consensus of the broad expertise on the subject within the Institute as 6 well as those activities outside of IEEE that have expressed an interest in participating in the development of 7 8 the standard. 9 10 Use of an IEEE Standard is wholly voluntary. The existence of an IEEE Standard does not imply that there 11 are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to 12 the scope of the IEEE Standard. Furthermore, the viewpoint expressed at the time a standard is approved and 13 14 issued is subject to change brought about through developments in the state of the art and comments 15 received from users of the standard. Every IEEE Standard is subjected to review at least every five years for 16 revision or reaffirmation. When a document is more than five years old and has not been reaffirmed, it is rea- 17 sonable to conclude that its contents, although still of some value, do not wholly reflect the present state of 18 19 the art. Users are cautioned to check to determine that they have the latest edition of any IEEE Standard. 20 21 Comments for revision of IEEE Standards are welcome from any interested party, regardless of membership 22 affiliation with IEEE. Suggestions for changes in documents should be in the form of a proposed change of 23 text, together with appropriate supporting comments. 24 25 Interpretations: Occasionally questions may arise regarding the meaning of portions of standards as they 26 27 relate to specific applications. When the need for interpretations is brought to the attention of IEEE, the 28 Institute will initiate action to prepare appropriate responses. Since IEEE Standards represent a consensus of 29 all concerned interests, it is important to ensure that any interpretation has also received the concurrence of a 30 balance of interests. For this reason, IEEE and the members of its societies and Standards Coordinating 31 32 Committees are not able to provide an instant response to interpretation requests except in those cases where 33 the matter has previously received formal consideration. 34 35 Comments on standards and requests for interpretations should be addressed to: 36 37 38 Secretary, IEEE-SA Standards Board 39 445 Hoes Lane 40 41 P.O. Box 1331 42 Piscataway, NJ 08855-1331 43 USA 44 45 Note: Attention is called to the possibility that implementation of this standard may require use of subject 46 47 matter covered by patent rights. By publication of this standard, no position is taken with respect to the exist- 48 ence or validity of any patent rights in connection therewith. The IEEE shall not be responsible for identify- 49 ing patents for which a license may be required by an IEEE standard or for conducting inquiries into the 50 51 legal validity or scope of those patents that are brought to its attention 52 IEEE is the sole entity that may authorize the use of certification marks, trademarks, or other designations to 53 54 indicate compliance with the materials set forth herein. 55 56 Authorization to photocopy portions of any individual standard for internal or personal use is granted by the 57 Institute of Electrical and Electronics Engineers, Inc., provided that the appropriate fee is paid to Copyright 58 Clearance Center. To arrange for payment of licensing fee, please contact Copyright Clearance Center, Cus- 59 60 tomer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; (978) 750-8400. Permission to photocopy 61 portions of any individual standard for educational classroom use can also be obtained through the Copy- 62 right Clearance Center. 63 64 65

This is an unapproved Task Group document being circulated for comment. ii IEEE 802.16.1-00/01r4, September 2000

1 2 Introduction 3 4 (This introduction is not part of IEEE Std 802.16.1, IEEE Standard for Broadband Wireless Access.) 5 6 7 This document defines services and protocol elements that permit the exchange of management information 8 between stations attached to IEEE 802 local and metropolitan area networks. The standard includes the 9 specification of managed objects that permit the operation of the protocol elements to be remotely managed. 10 11 12 13 Participants 14 15 At the time the draft of this standard was sent to sponsor ballot, the IEEE 802.16 Working Group on Broad- 16 band Wireless Access had the following members: 17 18 Roger B. Marks, Chair 19 20 Louis Olsen, Vice Chair 21 J. Scott Marin, Secretary 22 James F. Mollenauer and Brian Petry, Chief Technical Editors, Standard 802.16.1 23 24 Glen E. Sater, 802.16.1 MAC Editor 25 Jeffrey R. Foerster, 802.16.1 PHY Editor 26 Carl Eklund, 802.16.1 MAC Task Group Chair 27 Jay Klein, 802.16.1 PHY Task Group Chair 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. iii IEEE 802.16.1-00/01r4, September 2000

1 When the IEEE-SA Standards Board approved this standard on xxxxx, it had the following membership 2 3 4 5 Donald N. Heirman, Chair 6 7 James T. Carlo, Vice Chair 8 9 Judith Gorman, Secretary 10 11 12 13 Satish K. Aggarwal 14 Mark D. Bowman 15 Gary R. Engmann 16 17 Harold E. Epstein 18 H. Landis Floyd 19 Jay Forster* 20 Howard M. Frazier 21 Ruben D. Garzon 22 23 James H. Gurney 24 Richard J. Holleman 25 Lowell G. Johnson 26 Robert J. Kennelly 27 Joseph L. Koepfinger* 28 29 Peter H. Lips 30 L. Bruce McClung 31 Daleep C. Mohla 32 James W. Moore 33 Robert F. Munzner 34 Ronald C. Petersen 35 36 Gerald H. Peterson 37 John B. Posey 38 Gary S. Robinson 39 Akio Tojo 40 Donald W. Zipse 41 42 43 44 45 *Member Emeritus 46 47 Also included is the following nonvoting IEEE-SA Standards Board liaison: 48 49 Alan Cookson, NIST Representative 50 Donald R. Volzka, TAB Representative 51 52 53 54 55 Gregory Kohn 56 IEEE Standards Project Editor 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. iv

IEEE 802.16.1-00/01r4, September 2000

Table of Contents

1 Overview...... 1

1.1 Normative references...... 1 1.2 Definitions...... 3 1.3 Terminology...... 4 1.4 Acronyms and abbreviations ...... 5 1.5 Scope...... 6 1.6 Supported Services ...... 7 1.7 Target Applications...... 8 1.7.1 Bearer Services ...... 9 1.8 System Model ...... 11 1.8.1 System reference points ...... 12 1.8.2 Topology ...... 12 1.9 Protocols ...... 13 1.10 Performance and Capacity ...... 13 1.10.1 Scalability ...... 13 1.10.2 Delivered Bandwidth ...... 13 1.10.3 Flexible Asymmetry ...... 13 1.10.4 Link Availability ...... 14 1.10.5 Error Performance...... 14 1.10.6 Delay...... 14 1.10.7 Capacity Issues ...... 15 1.11 Class of Service and Quality of Service ...... 15 1.11.1 Bearer Service QoS Mappings...... 16 1.12 Management...... 17 1.12.1 Service Level Agreements ...... 17 1.12.2 Accounting and Auditing...... 17 1.13 Security ...... 17 1.13.1 Authentication...... 17 1.13.2 Authorization ...... 17 1.13.3 Privacy ...... 18 1.14 IEEE 802 Architectural Conformance ...... 18 1.15 MAC Services to the convergence sublayers (CL)...... 18 1.15.1 Primitives ...... 19

2 ...... 27

2.1 Connections and Service Flows ...... 28 2.1.1 Definitions ...... 28 2.1.2 Addressing and Connection Identifiers...... 30 2.2 Parameters and Constants ...... 31 2.3 Encodings for Configuration and MAC-Layer Messaging...... 34 2.3.1 Configuration File and Registration Settings...... 34 2.3.2 Configuration-File-Specific Settings ...... 37 2.3.3 Registration-Request/Response-Specific Encodings ...... 39 2.3.4 Dynamic-Service-Message-Specific Encodings...... 41 2.3.5 Quality-of-Service-Related Encodings...... 42 2.3.8 Privacy Configuration Settings Option...... 52 2.3.9 Confirmation Code ...... 52 2.3.10 Convergence Sub-Layer Parameter Encodings ...... 53 2.4 Configuration File...... 53

v 2.4.1 SS IP Addressing ...... 53 2.4.2 SS Configuration...... 54 2.4.3 Configuration Verification...... 57 2.5 Message Formats ...... 58 2.5.1 Convergence Sub-layer PDU Formats...... 64 2.5.2 MAC Management Messages...... 64 2.5.3 Downlink MAP (DL-MAP) Message...... 77 2.5.4 Uplink MAP (UL-MAP) Message...... 80 2.5.5 Ranging Request (RNG-REQ) Message...... 82 2.5.6 Ranging Response (RNG-RSP) Message ...... 84 2.5.7 Registration Request (REG-REQ) Message...... 89 2.5.8 Registration Response (REG-RSP) Message ...... 90 2.5.9 Registration Acknowledge (REG-ACK) Message ...... 93 2.5.10 Privacy Key Management — Request (PKM-REQ) Message ...... 94 2.5.11 Privacy Key Management — Response (PKM-RSP) Message...... 95 2.5.12 Dynamic Service Addition — Request (DSA-REQ) Message...... 96 2.5.13 Dynamic Service Addition — Response (DSA-RSP) Message ...... 97 2.5.14 Dynamic Service Addition — Acknowledge (DSA-ACK) Message ...... 99 2.5.15 Dynamic Service Change — Request (DSC-REQ) Message ...... 101 2.5.16 Dynamic Service Change — Response (DSC-RSP) Message ...... 102 2.5.17 Dynamic Service Change — Acknowledge (DSC-ACK) Message ...... 103 2.5.18 Dynamic Service Deletion — Request (DSD-REQ) Message ...... 105 2.5.19 Dynamic Service Deletion — Request (DSD-RSP) Message...... 106 2.5.20 Multicast Polling Assignment Request (MCA-REQ) Message...... 106 2.5.21 Multicast Polling Assignment Response (MCA-RSP) Message...... 108 2.5.22 ARQ-ACK Message ...... 109 2.5.23 Downlink Burst Type Change Request (DBTC-REQ) Message...... 109 2.6 Duplexing Techniques, Framing, and Scheduling Intervals ...... 110 2.6.1 Duplexing Techniques ...... 110 2.6.2 PHY Burst Mode Support...... 112 2.6.3 PHY Continuous Mode Support ...... 113 2.6.4 PHY Burst Mode Support...... 113 2.6.5 Uplink Burst Subframe Structure ...... 116 2.6.6 Continuous Downstream and Upstream Structure...... 117 2.6.7 Upstream Map...... 117 2.6.8 MAP Relevance and Synchronization ...... 120 2.7 Contention Resolution ...... 122 2.7.1 Transmit Opportunities ...... 123 2.8 Fragmentation ...... 124 2.9 Upstream Service...... 124 2.9.1 Unsolicited Grant Service...... 125 2.9.2 Real-Time Polling Service...... 126 2.9.3 Unsolicited Grant Service with Activity Detection ...... 126 2.9.4 Non-Real-Time Polling Service...... 127 2.9.5 Best Effort Service...... 127 2.10 Bandwidth Allocation and Request Mechanisms ...... 127 2.10.1 Requests ...... 127 2.10.2 Polling...... 131 2.10.3 Poll-Me Bit ...... 135 2.11 Network Entry and Initialization ...... 135 2.11.1 Scanning and Synchronization to Downstream...... 137 2.11.2 Scanning and Synchronization to Downstream...... 138 2.11.3 Obtain Downlink Parameters...... 138 2.11.4 Obtain Upstream Parameters ...... 138

IEEE 802.16.1-00/01r4, September 2000

2.11.5 message Flows During Scanning and Upstream Parameter Acquisition...... 141 2.11.6 Initial Ranging and Automatic Adjustments ...... 142 2.11.7 Ranging Parameter Adjustment ...... 148 2.11.8 Initial Connection Establishment...... 148 2.11.9 Transfer Operational Parameters ...... 149 2.12 Ranging ...... 155 2.12.1 Burst Mode Downstream Modulation/FEC Management ...... 157 2.13 Quality of Service ...... 158 2.13.1 Theory of Operation...... 159 2.13.2 Service Flows...... 159 2.13.3 Object Model ...... 162 2.13.4 Service Classes ...... 163 2.13.5 Authorization ...... 164 2.13.6 Types of Service Flows...... 165 2.13.7 General Operation...... 166 2.13.8 Dynamic Service...... 170 2.14 Authentication and Privacy...... 206 2.14.1 Privacy Overview ...... 206 2.14.2 Architectural Overview...... 207 2.14.3 Operational Overview...... 209 2.15 MAC Frame Formats...... 210 2.15.1 Fragmentation and Encryption...... 211 2.16 Privacy Key Management (PKM) Protocol...... 211 2.16.1 State Models ...... 211 2.16.2 Key Management Message Formats...... 229 2.17 Dynamic SA Mapping ...... 258 2.17.1 Introduction...... 258 2.18 Key Usage...... 258 2.18.1 BS...... 258 2.18.2 SS ...... 260 2.19 Cryptographic Methods ...... 261 2.19.1 Packet Data Encryption ...... 261 2.19.2 Encryption of TEK...... 261 2.19.3 HMAC-Digest Algorithm ...... 262 2.19.4 Derivation of TEKs, KEKs and Message Authentication Keys ...... 262 2.19.5 Public-Key Encryption of Authorization Key ...... 263 2.19.6 Digital Signatures ...... 263 2.19.7 Supporting Alternative Algorithms ...... 263 2.20 TFTP Configuration File Extensions...... 263 2.20.1 Privacy Configuration Setting Encodings...... 263

3 Physical Layer...... 269

3.1 Overview...... 269 3.1.1 Multiplexing and Multiple Access Technique...... 269 3.1.2 Duplexing Technique...... 269 3.1.3 Physical Media Dependent (PMD) Sublayers ...... 269 3.2 Downstream Physical Layer ...... 270 3.2.1 Mode A: Continuous Downstream Transmission...... 271 3.2.2 Mode B: Burst Downstream Transmission...... 279 3.3 Upstream Physical Layer ...... 297 3.3.1 Upstream Channel and Burst Descriptions...... 297 3.3.2 Upstream Transmission Convergence (TC) Sublayer ...... 297 3.3.3 Upstream Physical Media Dependent (PMD) sublayer...... 298

vii 3.4 Baud Rates and Channel Bandwidths...... 311 3.5 Radio Sub-system Control ...... 313 3.5.1 Synchronization Technique (Frame and Slot) ...... 313 3.5.2 Frequency Control ...... 313 3.5.3 Power Control ...... 313 3.6 Minimum Performance ...... 314 3.6.1 Reference test planes ...... 317 3.6.2 Propagation Conditions...... 317 3.6.3 Transmitter characteristics...... 317 3.6.4 Receiver Characteristic ...... 319 3.6.5 Transmitter / Receiver Performance ...... 319

4 Bibliography ...... 321 IEEE 802.16.1-00/01r4, September 2000 List of Figures

1 Relationship between 802.16.1 and other Protocol Standards (the numbers in the figure re- 2 3 fer to IEEE standard numbers 7 4 A Multi-Tier Perspective of Wireless Transmission and Distribution Systems 9 5 Protocol layers 10 6 7 System Reference Points 12 8 802.16.1 protocol layering, showing service access point. 19 9 10 Use of primitives to request service of MAC layer and generate response. 20 11 Binary Configuration File Format 55 12 Create TLV Entries for Parameters Required by the SS 56 13 14 Add SS MIC 56 15 Add BS MIC 56 16 17 Add End of Data Marker 57 18 MAC PDU Formats 59 19 Generic MAC Header Format (Uplink) 60 20 21 Generic MAC Header Format (Downlink) 61 22 Bandwidth Request Header Format 61 23 24 MAC PDU Concatenation showing example CIDs 64 25 Convergence Sub-layer PDU Format 64 26 MAC Management Message Format 65 27 28 Uplink Channel Descriptor (UCD) Message Format 67 29 Top-Level Encoding for a Burst Descriptor 70 30 31 Downlink Channel Descriptor (DCD) Message Format 73 32 Top-Level Encoding for a Downlink Burst Descriptor 75 33 Downlink MAP Message Format 77 34 35 PHY Synchronization Field (PHY Type = {0,1,3}) 78 36 PHY Synchronization Field (PHY Type = 5) 78 37 38 Downlink TDM MAP Message Element Format 79 39 Downlink TDMA MAP Message Element Format 79 40 Uplink MAP Message Format 80 41 42 UL-MAP Information Element 82 43 RNG-REQ Message Format 82 44 45 RNG-RSP Message Format 85 46 Generalized Decision Feedback Equalization Coefficients 88 47 Generalized Equalizer Tap Location Definition 88 48 49 REG-REQ Message Format 89 50 REG-RSP Message Format 91 51 52 REG-ACK Message Format 93 53 PKM-REQ Message Format 94 54 PKM-RSP Message Format 96 55 56 DSA-REQ Message Format 96 57 DSA-RSP Message Format 98 58 59 DSA-ACK Message Format 100 60 DSC-REQ Message Format 101 61 DSC-RSP Message Format 102 62 63 DSC-ACK Message Format 104 64 DSD-REQ Message Format 105 65

This is an unapproved Task Group document being circulated for comment. xxi IEEE 802.16.1-00/01r4, September 2000

1 DSD-RSP Message Format 106 2 3 Multicast Polling Assignment Request (MCA-REQ) Message Format 107 4 Multicast Polling Assignment Response (MCA-RSP) Message Format 108 5 Downlink Burst Type Change Request (DMC-REQ) Message Format 109 6 7 Example of FSDD Bandwidth Allocation 111 8 TDD Frame Structure 111 9 10 Burst Downstream FDD/FSDD Mapping 112 11 TDD and Burst FDD/TDM Downstream Subframe Structure 114 12 Burst FDD/TDMA Downstream Subframe Structure 114 13 14 Uplink Subframe Structure 116 15 Continuous Downstream FDD Mapping 117 16 17 BS System and Mini-slot Clocks 119 18 Maximum Time Relevance of PHY and MAC Control Information (TDD) 121 19 Maximum Time Relevance of PHY and MAC Control Information (FDD) 121 20 21 Minimum Time Relevance of PHY and MAC Control Information (FDD) 121 22 Minimum Time Relevance of PHY and MAC Control Information (TDD) 122 23 24 Time Relevance of Upstream MAP Information (Continuous FDD) 122 25 SS GPC mode flowchart 129 26 SS GPT mode flowchart 130 27 28 Unicast Polling 132 29 Multicast and Broadcast Polling 134 30 31 Poll Me Bit Usage 135 32 SS Initialization Overview 137 33 Obtaining Upstream Parameters 140 34 35 Initial Ranging - SS (continued) 146 36 Initial Ranging - BS 147 37 38 Registration — SS 150 39 Wait for registration response — SS 151 40 Registration — BS 153 41 42 Registration Acknowledgment— BS 154 43 Periodic Ranging - BS 156 44 45 Periodic Ranging - SS 157 46 Modulation Threshold Usage 158 47 Provisioned Authorization Model “Envelopes” 161 48 49 Dynamic Authorization Model “Envelopes” 162 50 Theory of Operation Object Model 163 51 52 Registration Message Flow 167 53 Dynamic Service Addition Message Flow — SS Initiated 169 54 Dynamic Service Addition Message Flow — BS Initiated 169 55 56 Dynamic Service Flow Overview 170 57 Dynamic Service Flow State Transition Diagram 173 58 59 DSA - Locally Initiated Transaction State Transition Diagram 174 60 DSA - Remotely Initiated Transaction State Transition Diagram 175 61 DSC - Locally Initiated Transaction State Transition Diagram 176 62 63 DSC - Remotely Initiated Transaction State Transition Diagram 177 64 DSD - Locally Initiated Transaction State Transition Diagram 178 65

This is an unapproved Task Group document being circulated for comment. xxii IEEE 802.16.1-00/01r4, September 2000

1 Dynamic Deletion (DSD) - Remotely Initiated Transaction State Transition Diagram 179 2 3 DSA - Locally Initiated Transaction Begin State Flow Diagram 182 4 DSA - Locally Initiated Transaction DSA-RSP Pending State Flow Diagram 183 5 DSA - Locally Initiated Transaction Holding State Flow Diagram 184 6 7 DSA - Locally Initiated Transaction Retries Exhausted State Flow Diagram 185 8 DSA - Locally Initiated Transaction Deleting Service Flow State Flow Diagram 186 9 10 DSA - Remotely Initiated Transaction Begin State Flow Diagram 187 11 DSA - Remotely Initiated Transaction DSA-ACK Pending State Flow Diagram 188 12 DSA - Remotely Initiated Transaction Holding Down State Flow Diagram 189 13 14 DSA - Remotely Initiated Transaction Deleting Service State Flow Diagram 190 15 DSC - Locally Initiated Transaction Begin State Flow Diagram 193 16 17 DSC - Locally Initiated Transaction DSC-RSP Pending State Flow Diagram 194 18 DSC - Locally Initiated Transaction Holding Down State Flow Diagram 195 19 DSC - Locally Initiated Transaction Retries Exhausted State Flow Diagram 196 20 21 DSC - Locally Initiated Transaction Deleting Service Flow State Flow Diagram 197 22 DSC - Remotely Initiated Transaction Begin State Flow Diagram 198 23 24 DSC - Remotely Initiated Transaction DSC-ACK Pending State Flow Diagram 199 25 DSC - Remotely Initiated Transaction Holding Down State Flow Diagram 200 26 DSC - Remotely Initiated Transaction Deleting Service Flow State Flow Diagram 201 27 28 DSD - Locally Initiated Transaction Begin State Flow Diagram 203 29 DSD - Locally Initiated Transaction DSD-RSP Pending State Flow Diagram 204 30 31 DSD - Locally Initiated Transaction Holding Down State Flow Diagram 205 32 DSD - Remotely Initiated Transaction Begin State Flow Diagram 206 33 MAC PDU Encryption 210 34 35 Authorization State Machine Flow Diagram 215 36 TEK State Machine Flow Diagram 223 37 38 Format of the Convergence Layer Packet 271 39 Conceptual Block diagram of the Mode A Downstream Physical Layer 272 40 Randomizer logic diagram 273 41 42 Framing structure based on transmission convergence sublayer. 274 43 Conceptual diagram of the convolutional interleaver and de-interleaver. 275 44 45 QPSK symbol mapping 276 46 Example implementation of the byte to m-tuple conversion 47 and the differential encoding of the two MSBs. 277 48 49 16-QAM Constellation Diagram 278 50 64-QAM Constellation Diagram 279 51 52 Format of the Convergence Layer Packet 280 53 Conceptual Block diagram of the Mode B Downstream Physical Layer 281 54 Randomizer logic diagram. 282 55 56 Two-dimensional product code matrix. 284 57 Example Encoder for a (16,11) Extended Hamming Code 285 58 59 Structure of Shortened 2 D Block 287 60 QPSK Constellation 292 61 16-QAM Constellation 292 62 63 64-QAM Constellation 294 64 Format of the Convergence Layer Packet 298 65

This is an unapproved Task Group document being circulated for comment. xxiii IEEE 802.16.1-00/01r4, September 2000

1 Conceptual Block diagram of the 802.16 Burst Transmission Upstream Physical Layer 298 2 3 Two-dimensional product code matrix. 301 4 Example Encoder for a (16,11) Extended Hamming Code 302 5 Structure of Shortened 2 D Block 304 6 7 QPSK constellation mapping 306 8 16-QAM Constellation 307 9 10 64-QAM Constellation 308 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. xxiv IEEE 802.16.1-00/01r4, September 2000 List of Tables

1 Connection Identifiers 31 2 3 Parameters and Constants 32 4 Values Used in REG-REQ and REG-RSP Messages 45 5 Values Used In Dynamic Service Messages. 45 6 7 MAC Header Fields 62 8 MAC Management Messages 65 9 10 Uplink Physical Channel Attributes 68 11 Uplink Map Information Elements 69 12 Uplink Physical Layer Burst Profile Parameters 71 13 14 Downlink Physical Channel Attributes 74 15 Mapping of Burst Type to Downlink Interval Usage Code 74 16 17 Downlink Physical Layer Burst Profile Parameters 76 18 Uplink MAP Information Elements 83 19 Ranging Request Message Encodings 85 20 21 Ranging Response Message Encodings 87 22 Multicast Assigment Request Message Encodings 108 23 24 Allowable frame times 115 25 Downstream Physical Layer 116 26 Fragmentation Rules 124 27 28 Scheduling Services and Usage Rules 125 29 Sample Upstream MAP with Multicast and Broadcast IE 133 30 31 message Flows During Scanning and Upstream Parameter Acquisition 141 32 Ranging and Automatic Adjustments Procedure 143 33 Establishing IP Connectivity 148 34 35 Establishing Time of Day 149 36 Downlink Modulation/FEC Change Initiated from SS 158 37 38 TFTP File Contents 167 39 Registration Response Contents 168 40 Registration Request Contents 168 41 42 Dynamic Service Addition Initiated from SS 179 43 Dynamic Service Addition Initiated from BS 181 44 45 SS-Initiated DSC 191 46 BS-Initiated DSC 192 47 Dynamic Service Deletion Initiated from SS 202 48 49 Dynamic Service Deletion Initiated from BS 202 50 Authorization FSM State Transition Matrix 216 51 52 TEK FSM State Transition Matrix 224 53 Privacy Key Management MAC Messages 229 54 Privacy Key Management Message Codes 230 55 56 Authorization Request Attributes 232 57 Key Request Attributes 233 58 59 Authorization Reply Attributes 233 60 Auth Rej Attributes 233 61 Key Reply Attributes 234 62 63 Authorization Invalid Attributes 235 64 Key Reject Attributes 235 65

This is an unapproved Task Group document being circulated for comment. xxv IEEE 802.16.1-00/01r4, September 2000

1 TEK Invalid Attributes 236 2 3 Authentication Information Attributes 236 4 SA Map Request Attributes 237 5 SA Map Reply Attributes 237 6 7 SA MAP Reject Attributes 238 8 PKM Attribute Types 239 9 10 Attribute Value Data Types 240 11 TEK-Parameters Sub-Attributes 249 12 Error-Code Attribute Code Values 250 13 14 Security-Capabilities Sub-Attributes 253 15 Data Encryption Algorithm Identifiers 254 16 17 Data Authentication Algorithm Identifiers 254 18 Cryptographic-Suite Attribute Values 254 19 Version Attribute Values 255 20 21 SA-Descriptor Sub-Attributes 256 22 SA-Type Attribute Values 256 23 24 SA-Query-Type Attribute Values 258 25 Recommended Operational Ranges for Privacy Configuration Parameters 266 26 Shortened Privacy Parameter Values for Protocol Testing 267 27 28 Convolutional Code Puncture Patterns 276 29 Conversion of constellation of quadrant 1 to other quadrants of the 30 31 constellation diagrams given in the following diagrams. 277 32 FEC Code Types for Burst Downstream (Mode B) 282 33 The Parameters of the Inner Codes for the Block Convolutional Code 283 34 35 Hamming Code Generator Polynomials 284 36 Original Data for Encoding 286 37 38 Encoded Block 286 39 Required Block Codes for the BTC Option for the Downlink Channel 288 40 288 41 42 Burst Preamble Types 289 43 Burst Preamble 1 290 44 45 Burst Preamble 2 291 46 QPSK Bits to Symbol Mapping 292 47 16-QAM Bits to Symbol Mapping 293 48 49 64-QAM Bits to Symbol Mapping 294 50 Summary of Mode B Downstream Physical Layer Parameters 297 51 52 FEC Code Types for the Upstream Channel 299 53 The Parameters of the Inner Codes for the Block Convolutional Code 300 54 Hamming Code Generator Polynomials 301 55 56 Original Data for Encoding 302 57 Encoded Block 303 58 59 Required Block Codes for the BTC Option for the Uplink Channel 304 60 QPSK Bits to Symbol Mapping 306 61 16-QAM Bits to Symbol Mapping 307 62 63 64-QAM Bits to Symbol Mapping 308 64 Summary of Upstream Physical Layer Parameters 311 65

This is an unapproved Task Group document being circulated for comment. xxvi IEEE 802.16.1-00/01r4, September 2000

1 Recommended Baud rates for a roll-off factor of 0.15 312 2 3 Recommended Baud rates for a roll-off factor of 0.25 312 4 Recommended Baud rates for a roll-off factor of 0.35 313 5 PHY Layer Requirements 316 6 7 Propagation Models 317 8 Maximum BS Transmitter Power 318 9 10 CPE Power Control Levels 318 11 Emissions Spectrum 318 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. xxvii IEEE 802.16.1-00/01r4, September 2000

1 1 Overview 2 3 4 This standard includes specifications for the air interface, including the physical layer and medium access 5 control layer, of fixed point-to-multipoint broadband wireless access systems providing multiple services 6 operating in the vicinity of 30 GHz. It is broadly applicable to systems operating between 10 and 66 GHz. 7 8 9 1.1 Normative references 10 11 12 This standard shall be used in conjunction with the following publications. 13 14 [DOCSIS] Data-Over-Cable Service Interface Specifications, "Radio Frequency Interface Specification", 15 SP-RFIv1.1-I03-991103. 16 17 18 [EN 300 421] ETSI EN 300 421 V1.1.2 (1997-08), "Digital Video Broadcasting (DVB); Framing structure, 19 channel coding and modulation for 11/112 GHz satellite services". 20 21 [EN 301 199] ETSI EN 301 199 v1.2.1 (1999-06), "Digital Video Broadcasting (DVB); Interaction channel 22 23 for Local Multi-point Distribution Systems (LMDS)". 24 25 [EN 301 210] ETSI EN 301 210 V1.1.1 (1999-03), "Digital Video Broadcasting (DVB); Framing structure, 26 channel coding and modulation for Digital Satellite News Gathering (DSNG) and other contribution applica- 27 tions by satellite". 28 29 30 [F.BWA] ITU-R 9B/134-E, JRG 8A-9B, New Recommendation ITU-R F.BWA, "Radio Transmission Sys- 31 tems for Fixed Broadband Wireless Access (BWA) Based on Cable Modem Standards (Annex B of ITU-T 32 Rec. J.112)". 33 34 35 [FIPS-46-2]Federal Information Processing Standard Publications 46-2, “Data Encryption Standard (DES)”, 36 December 30, 1993. 37 38 [FIPS-74]Federal Information Processing Standards Publication (FIPS PUB) 74, “Guidelines for Imple- 39 menting and Using the Data Encryption Standard”, April 1981. 40 41 42 [FIPS-81]Federal Information Processing Standards Publication (FIPS PUB) 81, “DES Modes of Opera- 43 tion”, December 1980. 44 45 [FIPS-140-1]Federal Information Processing Standards Publication (FIPS PUB) 140-1, “Security Require- 46 47 ments for Cryptographic Modules”, April 1982. 48 49 [FIPS-180-1]Federal Information Processing Standards Publication (FIPS PUB) 180-1, “Secure Hash Stan- 50 dard”, April 1995. 51 52 53 [FIPS-186]Federal Information Processing Standards Publication (FIPS PUB) 186, “Digital Signature Stan- 54 dard”, 18 May 1994. 55 56 [G.114] ITU-T G.114 (05/00), Series G: “One-way transmission time.” 57 58 59 [I.210] ITU-T Recommendation I.210 (1993) - "ISDN Service Capabilities Principles of Telecommunica- 60 tions Services Supported by an ISDN and the Means to Describe Them". 61 62 [IEEE802]IEEE Std 802-1990, “IEEE Standards for Local and Metropolitan Area Networks: Overview and 63 Architecture, December 1990”. 64 65

This is an unapproved Task Group document being circulated for comment. 1 IEEE 802.16.1-00/01, August 2000

1 [IEEE802.3] IEEE Std 802.3-1996 (ISO 8802-3) -“IEEE Standards for Local and Metropolitan Area Net- 2 works: Part 3: Carrier ense multiple access with collision detection (CSMA/CD) access method and physical 3 sublayer specifications”. 4 5 6 [J.83] ITU-T Recommendation J.83 (04/97), Series J: Transmission of Television, Sound Programme and 7 Other Multimedia Signals: Digital transmission of television signals, "Digital multi-programme systems for 8 television, sound and data services for cable distribution". 9 10 11 [J.116] ITU-T Recommendation J.116, "Interaction channel for Local Multipoint Distribution services". 12 13 [ISO8025] ISO 8025 (December 1987), “Information processing systems - Open Systems Interconnection - 14 Specification of the Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)”. 15 16 17 [RFC-1123] Braden, R., “Requirements for Internet Hosts -- Application and Support”, IETF RFC-1123, 18 October 1989. 19 20 [RFC-1157] Schoffstall, M., Fedor, M., Davin, J. and Case, J., “A Simple Network Management Protocol 21 (SNMP)”, IETF RFC-1157, May, 1990. 22 23 24 [RFC-1633] R. Braden et al., "Integrated Services in the Internet Architecture: An Overview", IETF RFC- 25 1633, June 1994. 26 27 [RFC-1750]D. Eastlake, S. Crocker, J. Schiller, “Randomness Recommendations for Security”, IETF RFC- 28 29 1750, December 1994. 30 31 [RFC-2104]H. Krawczyk, M. Bellare, R. Canetti, “HMAC: Keyed-Hashing for Message Authentication”, 32 IETF RFC-2104, February 1997. 33 34 35 [RFC-2131] Droms, R., “Dynamic Host Configuration Protocol”, IETF RFC-2131, March, 1997. 36 37 [RFC-2132] Alexander, S., and Droms, R., “DHCP Options and BOOTP Vendor Extensions”, IETF RFC- 38 2132, March, 1997. 39 40 41 [RFC-2210] Wroclawski, J., “The Use of RSVP with the IETF Integrated Services”, IETF RFC-2210, Sep- 42 tember, 1997. 43 44 [RFC-2212] Shenker, S., Partridge, C., and Guerin, R., “Specification of Guaranteed Quality of Service”, 45 IETF RFC-2212, September, 1997. 46 47 48 [RFC-2349] Malkin, G. and Harkin, A., TFTP Timeout Interval and Transfer Size Options, IETF RFC-2349, 49 May 1998. 50 51 [RFC-2202]P. Cheng, R. Glenn, “Test cases for HMAC-MD5 and HMAC-SHA-1”, IETF RFC-2202, Sep- 52 53 tember 1997. 54 55 [RFC-2205] R. Braden, Ed., L. Zhang, S. Berson, S. Herzog, S. Jamin, “Resource ReSerVation Protocol 56 (RSVP) -- Version 1 Functional Specification.”, IETF RFC-2205. September 1997. 57 58 59 [RFC-2459]R. Housley, W. Ford, W. Polk, D. Solo, “Internet X.509 Public Key Infrastructure Certificate and 60 CRL Profile”, IETF RFC-2459, January 1999. 61 62 [RFC-2475] S. Blake et al, "An Architecture for Differentiated Services", IETF RFC-2475, December, 1998. 63 64 65

This is an unapproved Task Group document being circulated for comment. 2 IEEE 802.16.1-00/01r4, September 2000

1 [RSA] RSA Laboratories, “The Public-Key Cryptography Standards”, RSA Data Security, Inc., Redwood 2 City, CA. 3 4 5 [RSA1] RSA Laboratories, “PKCS #1: RSA Encryption Standard. Version 1.5”, November 1993. 6 7 [RSA2] RSA Laboratories, “Some Examples of the PKCS Standards,” RSA Data Security, Inc., Redwood 8 City, CA, November 1, 1993. 9 10 11 [RSA3] RSA Laboratories, “PKCS #1 v2.0: RSA Cryptography Standard”, October xxxxx 12 13 14 1.2 Definitions 15 16 (BS): A generalized equipment set providing connectivity, management, and control of the 17 18 subscriber station. 19 20 Burst Profile: Set of parameters that describe the upstream transmission properties that are associated with 21 an IUC. Each profile contains parameters such as modulation type, preamble length, guard times, etc. 22 23 24 Connection: A unidirectional mapping between equivalent BS and SS peers. Connections are identified by 25 a CID. All traffic is carried on a connection. 26 27 28 Connection Identifier (CID): A unidirectional, MAC-layer address that identifies a connection to equiva- 29 lent peers in the SS and BS MAC. A CID maps to a SFID, which defines the QoS parameters to the Service 30 Flow associated with that connection. Security associations also exist be keying material and CIDs. 31 32 33 Downlink: A flow of information that exists in the downstream. 34 35 Downstream: The direction from a BS to the SS. 36 37 38 Frame: A frame is a fixed duration of time, which contains both transmit and receive intervals. 39 40 Information Element (IE): A component of the UL-MAP that defines the length and address assignment 41 42 associated with an IUC. Taken as a whole, each IE represents a type of upstream transmission. Mulitple IEs 43 may exist in the UL-MAP. 44 45 Interval Usage Code (IUC): Defines the type of usage of an Information Element. IUCs are defined for 46 47 bandwidth requests, data grants, etc. 48 49 Grant Per Connection (GPC): A bandwidth allocation method in which grants are aggregated for all con- 50 51 nections and are allocated to the SS terminal as that aggregate. Note that bandwidth requests are always 52 made for a connection. 53 54 Grant Per Terminal (GPT): A bandwidth allocation method in which grants are allocated to a connections 55 56 within a SS. Note that bandwidth requests are always made for a connection. 57 58 MAC Service Access Point (MSAP): The point in the protocol stack where services of the MAC layer 59 60 (Medium Access Control) are requested by the layer above and delivered by the MAC layer. 61 62 Mini-slot: A unit of bandwidth allocation equivalent to N PS, where N = 2m (m = 0,...7). 63 64 65

This is an unapproved Task Group document being circulated for comment. 3 IEEE 802.16.1-00/01, August 2000

1 Multicast Group: Agroup of zero or more SSs or connections that are assigned a mulitcast address for the 2 purposes of polling. 3 4 5 Physical-Slot (PS): A unit of granularity equal to 4 modulation symbols. Each PS represents 8, 16, or 24 6 bits (using QAM-4, QAM-16, or QAM-64 modulation, respectively). 7 8 9 Privacy Key Management Protocol (PKM): A client/server model between the BS and SS that is used to 10 secure distribution of keying material. 11 12 13 Security Association (SA): The set of security information a BS and one or more of its client SS share in 14 order to support secure communications across the BWA network. 15 16 Service Flow: A Service Flow is a unidirectional flow of PDUs on a connection that is provided a particular 17 18 Quality of Service. 19 20 Service Flow Class: A grouping of Service Flow properties to allow higher layer entities and external appli- 21 22 cations to request Service Flows with desired QoS parameters in a globally consistent way. 23 24 Service Flow Name: An ASCII string that is used to reference a set of QoS parameters that (partially) 25 define a Service Flow. 26 27 28 Subscriber Station (SS): A generalized equipment set providing connectivity between subscriber equip- 29 ment and a BS. 30 31 32 SS Uplink: A flow of information that exists in the upstream. 33 34 Uplink: The direction from a SS to the BS. 35 36 37 Uplink MAP (UL-MAP): A set of information that defines the entire access for a scheduling interval. 38 39 Upstream: The direction from a SS to the BS. 40 41 42 1.3 Terminology 43 44 45 Throughout this document, the words that are used to define the significance of particular requirements are 46 capitalized. These words are: 47 48 "MUST" or “SHALL” These words or the adjective "REQUIRED" means that the item is an absolute 49 requirement for any implementation conforming to this standard. 50 51 "MUST NOT" This phrase means that the item is an absolute prohibition. 52 53 "SHOULD" This word or the adjective "RECOMMENDED" means that there may exist valid reasons in 54 particular circumstances to ignore this item, but the full implications should be understood and the case care- 55 56 fully weighed before choosing a different course. 57 58 "SHOULD NOT" This phrase means that there may exist valid reasons in particular circumstances when the 59 listed behavior is acceptable or even useful, but the full implications should be understood and the case care- 60 fully weighed before implementing any behavior described with this label. 61 62 "MAY" This word or the adjective "OPTIONAL" means that this item is optional. One vendor may choose 63 to include the item because a particular marketplace requires it or because it enhances the product, for exam- 64 65 ple; another vendor may omit the same item.

This is an unapproved Task Group document being circulated for comment. 4 IEEE 802.16.1-00/01r4, September 2000

1 1.4 Acronyms and abbreviations 2 3 4 ARP Address Resolution Protocol 5 ATDD Adaptive Time Division Duplexing 6 ATM Asynchronous Transfer Mode 7 8 BR Bandwidth Request 9 BS Base Station 10 CG Continuous Grant 11 12 CID Connection Identifier 13 SS Customer Premises Equipment 14 CS Convergence Subprocess 15 CSI Convergence Subprocess Indicator 16 17 CTG SS Transition Gap 18 DAMA Demand Assign Multiple Access 19 DCD Downlink Channel Descriptor 20 21 DES Data Encryption Standard 22 DL Down Link 23 DIUC Downlink Interval Usage Code 24 25 DSA Dynamic Service Addition 26 DSC Dynamic Service Change 27 DSD Dynamic Service Deletion 28 EC Encryption Control 29 30 EKS Encryption Key Sequence 31 EUI Ethernet Unique Identifier 32 FC Fragment Control 33 34 FDD Frequency Division Duplex 35 FSN Fragment Sequence Number 36 GM Grant Management 37 38 GPC Grant Per Connection 39 GPT Grant Per Terminal 40 HCS Header Check Sequence 41 42 H-FDD Half-duplex FDD 43 HL-MAA High Level Mediaum Access Arbitration 44 HT Header Type 45 IE Information Element 46 47 IUC Interval Usage Code 48 IP Internet Protocol 49 LLC 50 51 LL-MAA Low Level Mediaum Access Arbitration 52 LOS Line of Sight 53 MAA Medium Access Arbitration 54 55 MAC Medium Access Control 56 MPEG Moving Pictures Experts Group 57 MPLS MultiProtocol Label Switching 58 59 MSAP MAC Service Access Point 60 MIC Message Integrity Check 61 MTG Modulation Transition Gap 62 PBR Piggy-Back Request 63 64 PDU Protocol Data Unit 65

This is an unapproved Task Group document being circulated for comment. 5 IEEE 802.16.1-00/01, August 2000

1 PHY Physical layer 2 PI PHY Information element 3 4 PKM Privacy Key Management 5 PM Poll Me bit 6 PS Physical Slot 7 8 QoS Quality of Service 9 RS Reed-Solomon 10 SAP Service Access Point 11 12 SI Slip Indicator 13 SDU Service Data Unit 14 TC Transmission Convergence 15 16 TDD Time Division Duplex 17 TDM Time Division Multiplex 18 TDMA Time Division Multiple Access 19 TFTP Trivial File Transfer Protocol 20 21 TDU TC Data Unit 22 TLV Type-Length-Value 23 TRGTTG Tx/Rx Transmission Gap 24 25 UIUC Uplink Interval Usage Code 26 DIUC Downlink Interval Usage Code 27 UCD Uplink Channel Descriptor 28 29 UGS Unsolicited Grant Service 30 UGS-AD Unsolicited Grant Service with Activity Detection 31 UL Uplink 32 33 34 1.5 Scope 35 36 37 For the purposes of this document, a “system” constitutes: an 802.16.1 MAC and PHY implementation, in 38 which at least one subscriber station communicates with a base station via a point-to-multipoint (P-MP) 39 radio air interface, the interfaces to external networks, and services transported by the MAC and PHY proto- 40 41 col layers. 42 The 802.16.1 air interface interoperability standard is part of a family of standards for local and metropolitan 43 44 area networks. The following diagram illustrates the relationship of 802.16.1 protocols to other 802 stan- 45 dards, and to the OSI reference model. (The numbers in the figure refer to IEEE standard numbers.) 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 6 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 < , 7 7  /2*,&$/ /,1. &21752/ 8

9 27+(5 ( 10 5  %5,'*,1* 833(5 /$<(56 11 '$7$  6(&85 12 ,7(&78 /,1. 13 /$<(5 14 15 >@  16 0(',80 0(',80 17 $&&(66  $&&(66

18 0$1$*(0(17  19  20 >@ 3+<6,&$/ 3+<6,&$/ 21 3+<6,&$/ /$<(5  29(59,(:  $5&+ 22 23 24 25 Figure 1—Relationship between 802.16.1 and other Protocol Standards (the numbers in the 26 figure refer to IEEE standard numbers 27 28 This family of standards deals with the Physical and Data Link layers as defined by the International Organi- 29 zation for Standardization (ISO) Open Systems Interconnection Basic Reference Model (ISO 7498: 1984). 30 31 The access standards define several types of medium access technologies and associated physical media, 32 each appropriate for particular applications or system objectives. Other types are under investigation. 33 34 The standards that define the technologies noted in the above diagram are as follows: 35 36 IEEE Std 802: Overview and Architecture. Provides an overview to the family of IEEE 802 Standards. This 37 document forms part of the 802 scope of work. 38 ANSI/IEEE Std 802.1B [ISO/IEC 15802-2]: LAN/MAN Management. Defines an Open Systems Intercon- 39 40 nection (OSI) management-compatible architecture, environment for performing remote management. 41 ANSI/IEEE Std 802.1D [ISO/IEC 10038]: MAC Bridging. Specifies an architecture and protocol for the 42 interconnection of IEEE 802 LANs below the MAC service boundary. 43 44 ANSI/IEEE Std 802.1E [ISO/IEC 15802-4]: System Load Protocol. Specifies a set of services and protocols 45 for those aspects of management concerned with the loading of systems on IEEE 802 LANs. 46 ANSI/IEEE Std 802.2 [ISO/IEC 8802-2]: Logical Link Control 47 48 ANSI/IEEE Std 802.3 [ISO/IEC 8802-3]: CSMA/CD Access Method and Physical Layer Specifications 49 ANSI/IEEE Std 802.4 [ISO/IEC 8802-4]: Token Bus Access Method and Physical Layer Specifications 50 IEEE Std 802.10: Interoperable LAN/MAN Security, Secure Data Exchange (SDE) 51 52 53 1.6 Supported Services 54 55 56 The 802.16.1 standard is intended to provide for a metropolitan wireless network that operates as a third- 57 party or public entity providing contractual services to its customers. As such, it differs from a local area 58 network, which is intended to serve users who are members of the same organization. 59 60 A public network must have mechanisms to verify that traffic originates with legitimate users and means to 61 prevent users from utilizing resources beyond their contractual limits. Also, any attempted violation of such 62 limits (intentional and inadvertent) must not adversely impact the service extended to other customers. It 63 must be possible to measure the resources used by a given customer in order to bill for services, and finally 64 65 privacy must be enforceable through the use of encryption.

This is an unapproved Task Group document being circulated for comment. 7 IEEE 802.16.1-00/01, August 2000

1 A LAN, in contrast, needs very few of these features beyond the actual movement of data. Authentication 2 and privacy are seldom issues in wired networks, and billing for services is likewise a rarity in the LAN 3 world. 4 5 As a substitute for a wireline network, a BWA network must be able to carry a variety of traffic types, many 6 of which are legacy applications of long standing with well-established expectations of service quality and 7 8 availability. 9 This standard is an attempt to provide interoperability in equipment that meets the general requirements 10 11 cited above, with specific details in the following sections. 12 13 14 1.7 Target Applications 15 16 A broadband wireless access (BWA) system based on 802.16.1 protocols is expected toaddress markets sim- 17 ilar to wire- or fiber-based broadband access technologies, such as copper digital subscriber line (DSL) tech- 18 nologies, digital cable TV hybrid fiber/coax (HFC) networks, Integrated Services Digital Network (ISDN) 19 20 andlegacy TDM digital transmission systems (e.g., full and fractional T1, E1, ISDN-PRI etc.), and the ser- 21 vices that such legacy systems carry: data, voice and audio/video. 22 23 The optimization of 802.16.1 is for businesses and multi-tenant dwellings. Future standards in the 802.16 24 family may address access for the single-family residential market. 25 26 A key word in BWA is “access:” access to some other network such as the Internet, a private network, a 27 telephony network, etc. An 802.16.1 system generally provides access to an external network and is not 28 intended to form an end-to-end communication system by itself. 802.16.1 systems are expected to be fixed 29 rather than mobile. 30 31 Sometimes, the word subscriber is associated with a single customer that is billed for a service. But a BWA 32 system may support more than one customer at a single access point to a subscriber BWA radio. In other 33 words, the subscriber access point provides “wholesale” connection of multiple “retail” subscribers [14]. 34 35 An office building may be well served by a single BWA radio, but house many tenants who contract for ser- 36 vices separately. 37 38 The 802.16.1 network is point-to-multipoint, with one base station serving a multiplicity of subscriber termi- 39 nals at millimeter-wave frequencies. As such, it shares its total capacity among users based on their service 40 contracts and immediate transmission needs. In its ability to provide bandwidth to customers, it falls 41 between dedicated point-to-point wireless links and lower-frequency systems (such as those in the micro- 42 wave region). 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 8 IEEE 802.16.1-00/01r4, September 2000

1 2 &KDUDFWHULVWLFV $SSOLFDWLRQV 3 2SWLRQV ,VVXHV :LUHOHVV 6ROXWLR Q  0ESV   0ESV 4 2ZDYH 7'0 7RGD\ &RUH ,3 LQ ; 9LUWXDO ILEHU ULJKJV ,1WHUFHOO OLQNV , 33 5DGLR 3ULFHG WR %HDW)LEH U 5 )LEHU ([WHQVLRQ5HSODFHPHQW 7UDQVSRUW 6 7 8 0ESV0ESV PPZDYH %%:/ 303 6\VWH PV  303 5DGLR 9 6PDOO0HGLXP %XVLQHVV ( 0'8 ,, /LQH2I6LJKW &RQWUDLQHG 10 %DQGZLGWKRQ'HPDQG $FFHV V +LJK&DS $FFHVV 0RGHUDWH &RVW 3UHVVXUHV 11 12 13 2ZDYH 303 6\VWHPV  0ESV ,,,  303 5DGLR 14 62+2:$+ 6HUYLFHV 0DVV 0DUNHW $FFHVV ([WUHPHO\ &RVW 6HQVLWLYH 15 +LJKO\6KDUHG $FFHVV 0XVW 2YHUFRPH /26 16 17 0XOWLSOH $SSFOLDWLRQV :LUHOHVV (WKHUQHW 345 ,9  :/$1 18 +LJK &RVW 6HQVLWLYLW\ 7KH ¦,3§ +RPH ,Q%XLOGLQJ :LUHOHVV 1HWZRUNV 19 1RLV\ (QYLURQPHQW 20 21 22 23 Figure 2—A Multi-Tier Perspective of Wireless Transmission and Distribution Systems 24 25 26 1.7.1 Bearer Services 27 28 This section describes typical services, transported by an 802.16.1 system. In this document, bearer service 29 30 refer to the services provided by the protocols that can appear in the layer sitting directly over the MAC 31 layer. The meaning of bearer services in this document also includes the types of networks that are able to 32 interface with 802.16.1-based BWA networks. [I.210] 33 34 35 1.7.1.1 Digital Audio/Video Multicast 36 37 802.16.1 protocols efficiently transport digital audio/video streams to subscribers. The streams flow in the 38 direction of the infrastructure network to subscriber(s) only, although use of acknowledgements is not pre- 39 40 cluded. Digital Audio/Video Multicast service is thus similar to digital video capabilities of digital cable TV 41 and digital satellite television service. 42 43 In addition, this standard supports non-multicast video in applications like video conferencing. In this case, 44 the video stream is two-way and the delay requirements are very stringent due to the level of interactivity 45 involved. 46 47 1.7.1.2 Digital Telephony 48 49 802.16.1 systems support telephone service to subscribers in a way that eases the migration of legacy equip- 50 ment and public switched telephone network (PSTN) access technologies to 802.16.1 systems. 802.16.1 51 52 protocols may transport any layer in the nationally- and internationally-defined digital telephony service 53 hierarchies: Synchronous Digital Hierarchy (SDH) or Plesiochronous Digital Hierarchy (PDH). (Please see 54 the glossary entries in section 1.2.) 55 56 It is expected that a significant application for 802.16.1 systems is connecting a business PBX to an 802.16.1 57 system. Most PBXs use channelized SDH/PDH circuits for their connection to the public switched tele- 58 phone network (PSTN), such as T1/E1, and multiples or fractions thereof. 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 9 IEEE 802.16.1-00/01, August 2000

1 1.7.1.3 ATM Cell Relay Service 2 3 ATM standards define a rich set of quality of service (QoS) guarantees for various service categories. ATM 4 5 transmits data using small, 53-byte, fixed-length cells which are “routed” by ATM switches along virtual 6 connections with an ATM network. ATM cell relay service is carried over a wide variety of links and bit 7 rates, whether copper, optical fiber or wireless. ATM standards define a rich set of quality of service (QoS) 8 guarantees for various service categories. 9 10 802.16.1 protocols are defined such that an 802.16.1 system can efficiently transport ATM cell relay service 11 and preserve its QoS features (see section 1.11, Class of Service and Quality of Service). Thus, 802.16.1 12 systems broadly address the target applications mentioned in section 1.7. Also note that, since ATM cell 13 14 relay service is connection-oriented, it employs message-based signaling protocols to establish, maintain 15 and tear down switched virtual circuits as well as signal QoS-based services and perform network manage- 16 ment. 802.16.1 protocols may need to be cognizant of such ATM signaling to enable an 802.16.1 system to 17 preserve QoS. 18 19 802.16.1 provides a means to utilize ATM addresses such as ITU-T E.164. The ATM convergence sublayer 20 provides a means to translate ATM addresses to MAC addresses. 21 22 23 24 25 Application 26 27 Presentation 28 29 Session Convergence sublayers 30 31 Transport 32 Medium Access Control 33 Network 34 Transmission 35 36 Data link 37 38 Physical Physical 39 40 OSI Reference 802.16.1 Layering 41 42 43 Figure 3—Protocol layers 44 45 46 47 1.7.1.4 Internet Protocol Service 48 49 The 802.16.1 systems directly transport variable length IP datagrams efficiently. Both IP version 4 and 6 are 50 supported. Especially for efficient transport of IPv6, TCP/IP header compression over the air interface is 51 supported. 52 53 The 802.16.1 IP service provides support for real-time and non-real-time services. It is possible to support 54 the emerging IP Quality of Service (QoS) efforts: Differentiated Services [RFC-2475] and Integrated Ser- 55 56 vices [RFC-1633]. 57 1.7.1.5 Bridged LAN Service 58 59 60 The 801.16.1 protocols support bridged LAN services, directly or indirectly. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 10 IEEE 802.16.1-00/01r4, September 2000

1 1.7.1.6 Other Services 2 3 Other services that for instance require QoS-based delivery of the MAC services similar to channelized 4 5 SDH/PDH telephony, cell relay service, IP service or bridging service (see above sections), are envisaged. 6 These services do not place any special requirements on 802.16.1 systems (MAC and PHY protocols) not 7 already covered in the above sections. Some services are: 8 9 Back-haul service for cellular or digital wireless telephone networks. An 802.16.1 system may be a conve- 10 nient means to provide wireless trunks for wireless telephony base stations. The channelized SDH/PDH ser- 11 vices or ATM cell relay service may be appropriate. 12 13 Virtual point-to-point connections for subscriber access to core network services. Here the Internet-ori- 14 ented point-to-point protocol (PPP) is employed to make virtual connections between subscribers and ser- 15 vice providers and PPP is encapsulated directly in the 802.16.1 MAC protocol. PPP has some benefits such 16 17 as simple authentication, privacy/encryption, data compression, and layer 3 network parameter assignment. 18 Frame Relay Service Frame Relay is a packet/frame-based protocol, circuit-based data service that uses a 19 20 simple variable-length frame format. Some basic QoS guarantees are defined for frame relay, but not as rich 21 as ATM. Frame relay networks typically use provisioned permanent virtual circuits (PVCs), although a sig- 22 naling protocol for switched virtual circuits (SVCs) is defined and in use (Q.933). Frame Relay also defines 23 a management protocol. 24 25 26 1.8 System Model 27 28 29 As mentioned in section Scope, an 802.16.1 “system” constitutes: an 802.16.1 MAC and PHY implementa- 30 tion, in which at least two stations communicate via a radio air interface (an 802.16.1 system), the interfaces 31 to external networks, and services transported by the MAC and PHY protocol layers. An 802.16.1.1 system 32 employs point-to-multipoint operating in the vicinity of 30 GHz, but more generally in the range from 33 11 GHz to 66 GHz, to connect a base transceiver station (BS) to one or more subscriber transceiver stations 34 35 (SS). Radio communications around 30 GHz require line-of-sight (LOS) between a BS and SS. LOS block- 36 age by foliage also contributes heavily to signal attenuation. 37 38 802.16.1 systems are generally multiple-cell systems with frequency reuse. In this respect they are similar 39 to cellular wireless telephone systems, but mobility of the subscriber station is not allowed. The range of the 40 radios varies with transmit power, LOS blockage, and rainfall. 41 42 An 802.16.1 system consists of one base station radio and one or more subscribers. Thus an 802.16.1 sys- 43 tem also defines 802.16.1 base station and subscriber station radios that communicate using the 802.16.1 44 MAC and PHY protocols. The BS radio is P-MP, radiating its downstream signal with a shaped sector 45 antenna providing a broad azimuthal beam covering a number of subscribers. Each SS employs a highly 46 47 directional antenna pointed at the BS. 48 With this arrangement, direct radio communication between subscriber stations is not possible. Further- 49 50 more, the 802.16.1 system does not define radio communications between base stations. Since the BS radios 51 are sector-oriented, multiple BS radios may, in practice, be co-located (subject to frequency re-use require- 52 ments), and even share physical hardware. 53 54 The frequency bands used by 802.16.1 systems vary between countries. To achieve international applicabil- 55 ity, 802.16.1 protocols are frequency-independent. Typical bands allocated for 802.16.1 use are very wide, 56 allowing them to be channelized. 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 11 IEEE 802.16.1-00/01, August 2000

1 1.8.1 System reference points 2 3 Figure 4 shows the 802.16.1 system reference points, depicting the relevant elements between a subscriber 4 5 network and the “core” network (the network to which 802.16.1 is providing access). A greater system 6 encompassing user terminals, base station interconnection networks, network management facilities, etc., 7 may be envisaged, but the 802.16.1 protocols focus on the simplified model shown in the figure. Also not 8 shown are the internal physical characteristics of the base station and subscriber station: the concepts of 9 “indoor” and “outdoor” units. The description of possible separation of base station and subscriber stations 10 11 into indoor and outdoor units is beyond the scope of this document. 12 One addition to this model to be considered is security systems (see section Security). Two key external 13 14 interfaces are shown in the figure: the Base Station Network Interface (BNI) and the Subscriber Station Net- 15 work Interface (SNI). A single SNI may support multiple subscriber networks: LANs, Voice PBXs, etc. 16 And recall that the SNI may support multiple paying subscribers, such as within a multi-tenant office build- 17 ing or dwelling. A BS interfaces to one or more core networks through one or more BNIs. 18 19 For the purposes of 802.16.1, the SNI and BNI are abstract concepts. The details of these inter-working 20 functions (IWFs), are beyond the scope of this document and are not specified by the forthcoming interoper- 21 ability standard. Since many subscriber and core network technologies are possible, many different IWFs 22 23 are conceivable. The simplified reference model serves to discuss the impact of core network technologies 24 and bearer services (see section 1.7.1) on the requirements of 802.16.1 protocols by drawing focus to the air 25 interface and the immediate requirements imposed by the surrounding networks. The standard describes a 26 common access protocol and several common modulation techniques. 27 28 29 Subscriber Air SNI SS BS BNI Core 30 Network Interface Network 31 32 Repeater 33 (OPTIONAL) 34 SNI: SS Network Interface 35 SS: Subscriber Station 36 BS: Base Station 37 BNI: BS Network Interface 38 Figure 4—System Reference Points 39 40 41 42 43 1.8.2 Topology 44 45 Since all data traffic in an 802.16.1 network goes through the base transceiver station (BS), it is convenient 46 47 for the BS to control the allocation of bandwidth on the radio channel. The SS stations request bandwidth to 48 achieve their QoS objectives (see section Class of Service and Quality of Service), but the BS performs the 49 bandwidth allocation and scheduling. 50 51 In the downstream direction, within a channel, the network topology is similar to a contention-less broadcast 52 bus (using LAN terminology), since all transmissions originate at the BS, and more than one SS share a 53 downstream channel. In the upstream direction, 802.16.1 protocols provide the means to resolve contention 54 and multiplex traffic from multiple SS. 55 56 The topology is similar to a Hybrid Fiber Coax (HFC) cable TV network, but with some differences. The 57 BS antenna is generally sectorized, dividing the circle into sectors that operate independently of each other. 58 59 Subscribers with high bandwidth requirements may reside in a narrower sector beam than subscribers with 60 low bandwidth requirements. Also, a single SS may serve multiple customers in the same building. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 12 IEEE 802.16.1-00/01r4, September 2000

1 1.9 Protocols 2 3 4 Standardized protocols provide for interoperability of multiple vendors’ equipment. Protocol interoperabil- 5 ity occurs at each level in the protocol “stack”. IEEE 802 protocols reside at layer 1 and 2 and consist pri- 6 marily of Logical Link Control (802.2) and the various MAC and PHY layers for each LAN or MAN 7 8 standard. The IEEE Std 802-1990 Overview and Architecture describes these layers. 9 10 The 802.16.1 protocol stack reference diagram is shown in Figure 3. In addition to the LLC, MAC and PHY 11 layers suggested by the generic 802 architectures, 802.16.1 protocols transport other categories of “upper 12 protocols” that correspond to the requirements of the bearer services described in section 1.7.1. 13 14 Each of the protocols above the MAC and PHY is given a convergence sub-layer. The convergence sub-lay- 15 ers (see section 1.15) do the following: 16 17 • 18 Encapsulate PDU framing of upper layers into the native 802.16.1 MAC/PHY PDUs. 19 • Map an upper layer’s addresses into 802.16.1 addresses 20 • 21 Translate upper layer CoS/QoS parameters into native 802.16.1 MAC format 22 • Adapt the time dependencies of the upper layer traffic into the equivalent MAC service 23 24 The central purpose of the Medium Access Control (MAC) protocol layer in 802.16.1 is sharing of radio 25 channel resources. The MAC protocol defines how and when a base or subscriber station may initiate trans- 26 mission on the channel. Since key layers above the MAC, such as ATM and STM, require service guaran- 27 28 tees, the MAC protocol defines interfaces and procedures to provide guaranteed service to the upper layers. 29 In the downstream direction, since only one base station is present, it controls its own transmission without 30 need of a protocol operating between stations. But in the upstream direction, if a radio channel is used by 31 32 more than one SS, the MAC protocol resolves contention and bandwidth allocation. 33 The PHY layer is similarly subdivided between the Transmission Convergence layer and the physical layer 34 35 proper. Like the MAC convergence layers, the Transmission Convergence layer adapts the needs of the 36 MAC and services to generic physical layer services. 37 38 39 1.10 Performance and Capacity 40 41 42 This section specifies the target performance levels and some of the issues for 802.16.1 capacity planning. 43 Providing system capacity at the target performance levels for all subscribers, given local LOS obstruction 44 and rapidly changing channel characteristics (due to rain) will be a challenging task. 45 46 47 1.10.1 Scalability 48 49 The 802.16.1 protocols allow for different levels of capacity and performance for 802.16.1 system instances. 50 51 1.10.2 Delivered Bandwidth 52 53 54 802.16.1 systems provide a peak capacity ranging from 2 to 155 Mbps to an SS sufficiently close to the BS. 55 Rates beyond 155 Mbps may be accommodated at some future time, dependent on PHY issues. 56 57 1.10.3 Flexible Asymmetry 58 59 60 The 802.16.1 protocol allows for flexibility between delivered upstream and downstream bandwidth and 61 CoS/QoS. Some applications utilize asymmetrical bandwidth, such as for Internet access---most of the 62 bandwidth is consumed in the downstream direction. Some applications use more bandwidth upstream, 63 such as a video multicast from a corporate or distance-learning source. Other applications require more- 64 65 symmetrical bandwidth; these include telephony and video conferencing.

This is an unapproved Task Group document being circulated for comment. 13 IEEE 802.16.1-00/01, August 2000

1 1.10.4 Radio Link Availability 2 3 4 An 802.16.1 system SHOULD be available to transport all services at better than their required maximum 5 error rates (see section 5.5) from about 99.9 to 99.999% of the time, assuming that the system and radios 6 receive adequate power 100% of the time and not counting equipment availability. Note that 99.999% avail- 7 ability amounts to approximately 5 minutes of outage a year. The 802.16.1 specifications SHALL NOT pre- 8 9 clude the ability of the radio link to be engineered for different link availabilities, based on the preference of 10 the system operator. A period of unavailable time begins at the onset of ten consecutive SES events based on 11 the following definitions: 12 13 Severely Errored Second (SES) is defined as a one-second period which contains (30% errored blocks. 14 15 Errored Block (EB): A block is defined as a set of consecutive bits associated with the path. Consecutive bits 16 may not be contiguous in time. A block is typically a data block containing an error detection code for in- 17 service performance monitoring. An errored block is a block in which one or more bits are received in error. 18 19 It is expected that the highest contributor to 802.16.1 system outage will be excessive attenuation due to 20 rainfall (rain rate and droplet size). 802.16.1 MAC and PHY protocols accommodate rainfall, perhaps con- 21 22 suming more radio bandwidth and/or requiring smaller radio propagation distance (radius) to meet the avail- 23 ability requirements. Since statistical rain rates vary widely in geography, the 802.16.1 protocols are 24 flexible with respect to consumed radio bandwidth ( based on modulation and coding), 25 modulation, FEC, and transmit power. These are critical components of system/cell capacity planning (also 26 see section 1.10.7). Such operating parameters may be changed quickly to accommodate changing weather 27 28 conditions. 29 30 1.10.5 Error Performance 31 32 The error rate, after application of the appropriate error correction mechanism (e.g., FEC), delivered by the 33 -9 34 PHY layer to the MAC layer meets the IEEE 802 functional requirements: a bit error rate (BER) of 10 or 35 better. The PHY meets the requirement for a Hamming Distance of at least 4 (detection of errors in a block 36 with up to 3 bit errors). 37 38 39 1.10.6 Delay 40 41 System delay requirements come in several categories: 42 43 • Medium Access Delay. The delay imposed by the MAC protocol layer between when a BS or SS 44 45 becomes ready to transmit and when it actually begins transmission on the channel. 46 • Transit Delay. The total 802.16.1 system delay from BNI to SNI and from SNI to BNI (see section 47 Topology). This includes the Medium Access Delay. 48 • 49 End-to-End Delay. The total delay between a terminal in the subscriber network, to the ultimate service 50 beyond the core network. For instance, the total delay between two telephony terminals (handsets). 51 This includes the 802.16.1 Transit Delay. 52 53 In addition to the above categories, variation of delay, or jitter, is important to consider. For example, a high 54 variation of delay can severely impact telephony services. But generic Internet access can tolerate a high 55 degree of delay variation. 56 57 The end-to-end delay is a subjective metric and depends on an entire application-specific network encom- 58 passing all 7 layers of the OSI model. In a telephony network, for example, the maximum acceptable end- 59 60 to-end delay for the longest path is recommended to be less than 300ms [G.114]. 61 µ 62 The radio propagation time is 3.3 sec/km 63 64 65

This is an unapproved Task Group document being circulated for comment. 14 IEEE 802.16.1-00/01r4, September 2000

1 see G.114]. If the distance between the SS and BS is 5 km, this propagation time is 16.7µsec. The MAC 2 3 layer may have different requirements for each direction, upstream and downstream. In the upstream direc- 4 tion, time is 5 6 7 8 9 10 budgeted for requesting bandwidth and contending among nodes. The budget for 802.16.1 transit delay is 11 should be 19.5 ms for “stringent QoS” services. 12 13 ITU I.356 recommends end-to-end variation (jitter) for “stringent QoS class” to be less than 3 ms. Multime- 14 dia videoconferencing requires delay variation to be less than 200 ms end-to-end to allow for reasonable 15 synchronization of audio and video streams. It is suggested that the budget for 802.16.1 systems be 1.5 ms 16 17 for “stringent QoS” services. 18 19 1.10.7 Capacity Issues 20 21 22 802.16.1 system capacity requirement is defined as the product of the number of subscribers, their peak 23 bandwidth requirements and quality of service guarantees. The delivered capacity can vary depending on 24 rain attenuation, LOS blockage, transmit power, etc. In a given 802.16.1 system instance, capacity must be 25 26 carefully planned to ensure that subscribers’ quality of service guarantees and maximum error rates are met. 27 Given the atmospheric condition statistics in a geographic area, a channel link budget can be developed 28 using the following parameters of an 802.16.1 system: 29 30 • Radio range (shaped sector radius) 31 32 • Width of the sector 33 • Downstream channels’ data rates 34 35 • Allocation of prospective subscriber data rate to channels 36 • Types of modulation 37 38 The time-variant impairments, rain fade and multipath interference, are expected to be the most significant 39 contributors to channel impairments and complexity in cell capacity planning. Common metrics, such as dis- 40 41 persive fade margin (DFM) for frequency-selective fading environments, may be employed to compare the 42 performance of 802.16.1 equipment (e.g., radios and modems). 43 44 45 1.11 Class of Service and Quality of Service 46 47 48 This section describes the classes of service and quality of service for 802.16.1 systems. Terminology is 49 borrowed from the ATM Forum and Internet Engineering Task Force (IETF). 50 51 802.16.1 protocols support classes of service with various quality of service (QoS) guarantees to support the 52 bearer services (see section 1.7.1) that an 802.16.1 system transports. Each bearer service defines guaran- 53 tees that it expects to be preserved by an 802.16.1 system. 54 55 For QoS-based, connectionless, but not circuit-based, bearer services, the 802.16.1 protocols support band- 56 57 width negotiation on demand. For instance, the MAC protocol may allocate bursts of time slots to bearer 58 services that require changes in bandwidth allocation. Such allocation is thus performed in a semi-stateless 59 manner. A connection-oriented bearer service may require state information to be maintained for the life of 60 61 a connection. But the 802.16.1 MAC layer interface may provide a connectionless service interface that 62 requires higher-layer adaptation to maintain the state of a connection and periodically allocate bandwidth. 63 For instance, the MAC may need to maintain state information about a QoS data flow only for the duration 64 of an allocation. 65

This is an unapproved Task Group document being circulated for comment. 15 IEEE 802.16.1-00/01, August 2000

1 Traffic may be roughly categorized as follows (ATM terminology): 2 3 • Constant Bit Rate (CBR). The bearer service requires a constant, periodic access to bandwidth. SDH/ 4 5 PDH falls into this category. 6 • Variable Bit Rate: Real-Time (VBR-rt). The bandwidth requirements vary over time, within a specified 7 range, but delay and delay variance limits are specified. Examples that fall into this category are voice- 8 over-IP (VoIP), videoconferencing, video on demandand other “multimedia” applications. 9 • 10 Variable Bit: Non-Real-Time Rate (VBR-nrt). The bandwidth varies, within a specified range, but has 11 loose delay and delay variance requirements. Applications, which are limited in their bandwidth usage, 12 may fall into this category. In one example, corporate database transactions could be relegated to this 13 category. 14 • Available Bit Rate (ABR). The bandwidth varies within a wide range, and is allowed to burst up to the 15 16 maximum link bandwidth when CBR and VBR traffic are not using bandwidth. Higher variations of 17 delay may be tolerable since applications that fall into this category allow for priority traffic to consume 18 bandwidth they do. 19 • Unspecified Bit Rate (UBR). The bandwidth and delay requirements are not specified. Bandwidth is 20 delivered on a “best effort” basis. 21 22 The Internet Engineering Task Force (IETF) “Integrated Services” model uses the following terminology to 23 classify network applications [RFC-1633]: 24 25 Elastic. Applications that are tolerant of various bandwidths and/or delay variations: 26 27 • 28 Interactive burst (Telnet, The X Window System, NFS, Microsoft or Novell File Sharing, etc.) 29 • Interactive bulk (FTP) 30 • Asynchronous bulk (Email, FAX, Remote Printing, Backup, etc.) 31 32 Real-Time. Applications that require some level of bandwidth and/or delay variation: 33 34 • Guaranteed Service. A fixed upper bound on the arrival of data is required. For instance, audio and video 35 36 conferencing may fall into this category. 37 • Predictive Service. Applications are tolerant of some late data, a higher variation of delay, or may adapt to 38 less available bandwidth. For example, a video playback service may be able to adapt its playback 39 buffer to accommodate variation of delay. 40 41 An IETF architecture for differentiated services [RFC-2475] defines how Internet Protocol-based service 42 classes may be given quality-of-service. Traffic flows are identified in terms of their profiles: rates and burst 43 44 sizes. 45 46 1.11.1 Bearer Service QoS Mappings 47 48 The classes of service and QoS parameters of bearer services are translated into a common set of parameters 49 defined by 802.16.1. A network node that serves as an inter-working function (IWF) between a QoS-capa- 50 51 ble LAN or WAN and an 802.16.1 system participates in signaling protocols to set up QoS parameters for 52 connection-oriented services. 53 54 For example, if an ATM network is to be transported over an 802.16.1 system, ATM switched virtual circuits 55 negotiate QoS parameters for the circuit. The ATM Convergence Layer participates in the signaling proto- 56 col that sets up the connection and request the proper QoS. 57 58 Similarly, a QoS-based IP network may employ the Resource Reservation Protocol (RSVP) [RFC-2205] to 59 signal the allocation of resources along a routed IP path. If 802.16.1 is to be a link in the IP network, the IP 60 Convergence Layer interfaces with the MAC to negotiate resource allocation. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 16 IEEE 802.16.1-00/01r4, September 2000

1 1.12 Management 2 3 As outlined in IEEE Std 802-1990 [IEEE802], The LLC Sublayer, MAC Sublayer and Physical Layer stan- 4 5 dards also include a management component that specifies managed objects and aspects of the protocol 6 machine that provide the management view of managed resources. The aspect of management considered 7 are: 8 9 • Fault management 10 11 • Configuration management 12 • Accounting management 13 14 • Performance management (see also section 1.10) 15 • Security management (see also section 1.13) 16 17 The 802 standards define a framework for LAN/MAN management in ISO/IEC 15802-2: 1995(E). The 18 19 framework contains guidelines for managed objects, management protocol, and the relationship to ITU man- 20 agement protocols (CMIP/CMIS). 21 22 1.12.1 Service Level Agreements 23 24 25 The 802.16.1 protocol permits network operators to enforce service level agreements (SLAs) with subscrib- 26 ers by restricting access to the air link, discarding data, or dynamically controlling bandwidth available to a 27 user. Subscribers are also able to measure performance provided at the delivery point. 28 29 1.12.2 Accounting and Auditing 30 31 32 The 802.16.1 system management framework, architecture, protocols and managed objects allow for opera- 33 tors to effectively administer accounting and auditing. An operator is able to account for time- and band- 34 width-utilization and the various QoS parameters for each subscriber. 35 36 37 1.13 Security 38 39 40 The 802.16.1 system enforces security procedures described in this section. 41 42 1.13.1 Authentication 43 44 45 There are two levels of authentication for an 802.16.1 system. The first level of authentication is when the 46 SS authenticates itself with the BS at the SS's network entry. This initial authentication prevents an SS from 47 entering the network or an unauthorized BS from emulating a real BS. Once the initial authentication at this 48 level is complete, further authentication at this level is less stringent. This level of authentication is sup- 49 ported by the 802.16.1 MAC layer. 50 51 A second level of authentication is between a specific subscriber and the BWA system, allowing access to 52 the system by one of several subscribers served by the same SS. An additional level of authentication may 53 54 exist to authenticate the subscriber with the SS. 55 56 1.13.2 Authorization 57 58 59 Authorization determines what services an authenticated subscriber is permitted to use. Each subscriber has 60 a set of credentials that describe what the subscriber is contractually permitted to do. The 802.16.1 standard 61 identifies a standard set of credentials and allows for vendors to extend the defined credentials with addi- 62 tional ones. 63 64 65

This is an unapproved Task Group document being circulated for comment. 17 IEEE 802.16.1-00/01, August 2000

1 1.13.3 Privacy 2 3 4 Privacy protects transmitted data from being intercepted and understood by third parties (e.g., an unautho- 5 rized SS, BS or a passively listening radio). The 802.16.1 standard allows a strong cryptographic algorithm 6 to be employed that is internationally applicable. Facilities are also defined in the protocol for the use of 7 alternate cryptographic algorithms that can be used in certain localities and that can replace algorithms as 8 9 they are obsoleted or “legalized” for international use. 10 11 12 1.14 IEEE 802 Architectural Conformance 13 14 As mentioned earlier in this document, 802.16.1 conforms to the 802 system model. Some specifics (see 15 IEEE Standards for Local and Metropolitan Area Networks: Overview and Architecture (IEEE Std 802- 16 17 1990) [IEEE802]) are: 18 The 802.16.1 MAC supports the 48-bit IEEE address format. An 802.16.1 system supports MAC multicast 19 20 in the downstream direction only, not upstream. 21 The protocols support 802.1 bridging services and protocols, including support of virtual LAN tag and prior- 22 23 ity ID. 24 The protocols support encapsulation of 802.2 (LLC) by the MAC protocol . 25 26 Conform to the 802 conventions and structures for “interface primitives:” logical structures that are passed 27 between protocol layers to invoke processes and transact data. 28 29 Address the 802 system management guidelines (see section Management). 30 31 Provide a MAC service interface that complies to 802 conventions. 32 33 34 1.15 MAC Services to the convergence sublayers (CL) 35 36 37 In a layered protocol system, the information flow across the boundaries between the layers can be defined 38 in terms of primitives that represent different items of information and cause actions to take place. These 39 primitives do not appear as such on the medium (the air interface) but serve to define more clearly the rela- 40 41 tions of the different layers. The semantics are expressed in the parameters that are conveyed with the prim- 42 itives. 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 18 IEEE 802.16.1-00/01r4, September 2000

1 Since there are several sublayers, we can divide the primitives into those providing MAC services to the 2 convergence sublayer above and a set of services provided to the external (non-802.16) layers above. The 3 4 service access point (SAP) is shown in Figure 5. 5 6 7 IP ATM Ethernet Other 8 9 Conv. Conv. Conv. Conv. 10 11 SAP 12 13 14 15 16 MAC 17 18 PRIVACY 19 20 21 TC 22 23 24 PHY 25 26 27 28 Figure 5—802.16.1 protocol layering, showing service access point. 29 30 31 1.15.1 Primitives 32 33 The IEEE 802.16 Medium Access Control layer supports the following primitives at the Service Access 34 Point: 35 36 37 38 MAC-CREATE-CONNECTION.request 39 MAC-CREATE-CONNECTION.indication 40 MAC-CREATE-CONNECTION.response 41 42 MAC-CREATE-CONNECTION.confirmation 43 44 MAC-CHANGE-CONNECTION.request 45 46 MAC-CHANGE-CONNECTION.indication 47 MAC-CHANGE-CONNECTION.response 48 MAC-CHANGE-CONNECTION.confirmation 49 50 51 MAC-TERMINATE-CONNECTION.request 52 MAC-TERMINATE-CONNECTION.indication 53 MAC-TERMINATE-CONNECTION.response 54 55 MAC-TERMINATE-CONNECTION.confirmation 56 57 MAC-DATA.request 58 59 MAC-DATA.indication 60 61 62 The use of these primitives to provide peer communication is shown in Figure 6. The initial request for 63 service from a lower layer is provided by the “request” primitive. When this request is sent across the air 64 link to the peer MAC layer, it generates an “indicate” primitive to inform the peer convergence layer of the 65

This is an unapproved Task Group document being circulated for comment. 19 IEEE 802.16.1-00/01, August 2000

1 request; the convergence entity responds with a “response” to the MAC. Again this is sent across the the air 2 link to the MAC on the originating side, which sends a “confirm” primitive to the original requesting entity. 3 4 In some cases, it is not necessary to send information to the peer station and the “confirm” primitive is 5 6 issued directly by the MAC on the originating side. Such cases may occur, for example, when the request is 7 rejected by the MAC on the requesting side. In cases where it is necessary to.to keep the other side of the 8 9 10

11 Conf

Req CL Rsp CL 12 Ind 13 14 MAC MAC 15 1 4 23 16 17 18 Figure 6—Use of primitives to request service of MAC layer and generate response. 19 20 21 link informed, an unsolicited “response” may be sent, in turn leading to the generation of an unsolicited 22 “confirmation” for benefit of the convergence layer. 23 24 For actions other than DATA.request and DATA.indication, the initiating CL sends a REQUEST primitive to 25 26 its MAC layer. The initiating side MAC layer sends the appropriate Dynamic Service Request message 27 (Addition, Change, or Deletion; see section 2.13.8) to the receiving MAC. The non-initiating side MAC 28 sends an INDICATION primitive to its CL. The non-initiating CL responds with a RESPONSE primitive, 29 stimulating its MAC to respond to the initiating side MAC with the appropriate Dynamic Service Response 30 31 message. The initiating side MAC responds to its CL with a CONFIRMATION primitive and, if 32 appropriate, with the appropriate Dynamic Service Acknowledge message. At any point along the way, the 33 request may be rejected (for lack of resources, etc), terminating the protocol. 34 35 1.15.1.1 MAC-CREATE-CONNECTION.request 36 37 1.15.1.1.1 Function 38 39 40 This primitive is issued by a convergence layer entity in a BS or CPE unit to request the dynamic addition of 41 a connection. 42 43 44 1.15.1.1.2 Semantics of the service primitive 45 46 The parameters of the primitive are as follows: 47 48 MAC-CREATE-CONNECTION.request 49 ( 50 51 service type, 52 convergence sublayer, 53 traffic parameters, 54 55 encryption indicator, 56 CRC request, 57 sequence number 58 59 ) 60 61 The service type is one of continuing grant, continuing grant with activity detection, real-time variable rate, 62 non-real-time variable rate, and best efforts. 63 64 65

This is an unapproved Task Group document being circulated for comment. 20 IEEE 802.16.1-00/01r4, September 2000

1 The convergence sublayer parameter indicates which convergence sublayer layer handles data received on 2 this connection. If the value is 0, then no convergence layer is used; other values for specific convergence 3 4 layers are given in the relevant annex for that convergence layer. 5 6 The traffic parameters include details on such issues as peak and average rate; or reference to a service flow. 7 These parameters are the same as those in the Dynamic Service Change Request MAC management 8 message. 9 10 The encryption indicator specifies that the data sent over this connection should be encrypted, if ON. If 11 12 OFF, then no encryption is used. 13 CRC Request, if ON, requests that a CRC be added to MSDUs sent over this connection. If this parameter is 14 15 OFF, then no CRC is added. 16 17 The sequence number is used to correlate this primitive with its response from the base station via the MAC. 18 19 1.15.1.1.3 When generated 20 21 22 This primitive is generated by a convergence layer of a BS or CPE unit to request the base station to set up a 23 new connection. 24 25 1.15.1.1.4 Effect of receipt 26 27 28 If the primitive is generated on the CPE side, the receipt of this primitive causes the MAC to pass the request 29 (in the form of a Dynamic Service Addition – Request message) to the MAC entity in the base station. The 30 CPE MAC remembers the correlation between sequence number and the requesting convergence entity. 31 32 If the primitive is generated on the base station side, the base station checks the validity of the request, and if 33 34 valid, it chooses a connection ID (CID)and includes it in the Dynamic Service Addition – Request message (See 35 section xxx) sent to the CPE. This CID will be returned to the requesting convergence layer via the 36 CONFIRM primitive. If the primitive originated at the CPE, the actions of generating a CID and 37 38 authenticating the request are deferred to the INDICATION/RESPONSE potion of the protocol. 39 1.15.1.2 MAC-CREATE-CONNECTION.indication 40 41 42 1.15.1.2.1 Function 43 44 This primitive is sent by the non-initiating MAC entity to the CL, to request the dynamic addition of a 45 46 connection in response to the MAC layer receiving a Dynamic Service Addition - Request message. If the 47 non-initiating MAC entity is at the base station, a CID is generated and the request is authenticated. 48 49 1.15.1.2.2 Semantics of the service primitive 50 51 52 The parameters of the primitive are as follows: 53 54 MAC-CREATE-CONNECTION.indication 55 ( 56 service type, 57 58 convergence sublayer, 59 traffic parameters, 60 sequence number 61 ) 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 21 IEEE 802.16.1-00/01, August 2000

1 Parameters: see MAC-CREATE-CONNECTION.request. The encryption and CRC flags are not delivered 2 with the .indication primitive since they will have already been acted on by lower layers, to decrypt the data 3 4 or to check a CRC, before the PDU is passed up to the convergence sublayer. 5 6 1.15.1.2.3 When generated 7 8 9 This primitive is generated by the MAC layer of the non-initiating side of the protocol when it receives a 10 Dynamic Service Addition – Request message from the initiating side of the connection. 11 12 1.15.1.2.4 Effect of receipt 13 14 15 When the CL this primitive from , it checks the validity of the request from the point of view of its own 16 resources. It accepts or rejects the request via the MAC-CREATE-CONNECTION.RESPONSE primitive, 17 18 and enters the CID into appropriate algorithms. 19 If the connection request originated on the CPE side, the BS sends the CID to the CPE side in this 20 21 RESPONSE primitive. Otherwise, if the origin was the base station, the RESPONSE contains the CID 22 contained in the INDICATION. 23 24 1.15.1.3 MAC-CREATE-CONNECTION.response 25 26 1.15.1.3.1 Function 27 28 29 This primitive is issued by a non-initiating MAC entity in response to a MAC-CREATE- 30 CONNECTION.INDICATION requesting the creation of a new connection. 31 32 1.15.1.3.2 Semantics of the service primitive 33 34 35 The parameters of the primitive are as follows: 36 37 MAC-CREATE-CONNECTION.response 38 ( 39 connection ID, 40 41 response code, 42 response message, 43 sequence number, 44 45 ARQ parameters 46 ) 47 48 The connection ID is returned to the requester for use with the traffic specified in the request. If the request 49 is rejected, then this value shall be NULL. 50 51 The response code indicates success or the reason for rejecting the request. 52 53 The response message provides additional information to the requester, in TLV format. 54 55 The sequence number is returned to the requesting entity to correlate this response with the original request. 56 57 The ARQ parameters are: whether ARQ is used or not for the connection, maximum re-transmission limit 58 and acknowledgment window size. 59 60 1.15.1.3.3 When generated 61 62 63 This primitive is generated by the non-initiating CL entity when it has received a MAC-CREATE- 64 CONNECTION.indication. 65

This is an unapproved Task Group document being circulated for comment. 22 IEEE 802.16.1-00/01r4, September 2000

1 1.15.1.3.4 Effect of receipt 2 3 4 The receipt of this primitive causes the CPE MAC layer to send the Dynamic Service Addition-Response 5 message to the requesting MAC entity. Once the Dynamic Service Addition – Acknowledgement is 6 received, the MAC is prepared to pass data for this connection on to the air link. 7 8 1.15.1.4 MAC-CREATE-CONNECTION.confirmation 9 10 1.15.1.4.1 Function 11 12 13 This primitive confirms to a convergence entity that a requested connection has been provided. It informs 14 the CL of the status of its request and provides a CID fro the success case. 15 16 1.15.1.4.2 Semantics of the service primitive 17 18 19 The parameters of the primitive are as follows: 20 21 MAC-CREATE-CONNECTION.confirmation 22 ( 23 24 connection ID, 25 response code, 26 response message, 27 28 sequence number 29 ) 30 31 Parameters: see MAC-CREATE-CONNECTION.response 32 33 1.15.1.4.3 When generated 34 35 36 This primitive is generated by the initiating side MAC entity when it has received a Dynamic Service 37 Addition – response message. 38 39 1.15.1.4.4 Effect of receipt 40 41 42 The receipt of this primitive informs the convergence entity that the requested connection is available, and it 43 may initiate requests for transmission over it. 44 45 1.15.1.5 Changing an existing connection 46 47 48 Existing connections may be changed in their characteristics on a dynamic basis, for example to reflect 49 changing bandwidth requirements. The following primitives are used: 50 51 MAC-CHANGE-CONNECTION.request 52 MAC-CHANGE-CONNECTION.indication 53 MAC-CHANGE-CONNECTION.response 54 55 AC-CHANGE-CONNECTION.confirmation 56 57 The semantics and effect of receipt of these primitives are the same as for the corresponding CREATE 58 primitives, except that a new connection ID is not generated. 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 23 IEEE 802.16.1-00/01, August 2000

1 1.15.1.6 MAC-TERMINATE-CONNECTION.request 2 3 1.15.1.6.1 Function 4 5 6 This primitive is issued by a convergence layer entity in a BS or CPE unit to request the termination of a 7 connection. 8 9 10 1.15.1.6.2 Semantics of the service primitive 11 12 The parameters of the primitive are as follows: 13 14 MAC-TERMINATE-CONNECTION.request 15 ( 16 17 connection ID 18 ) 19 20 The connection ID parameter specifies which connection is to be terminated. 21 22 1.15.1.6.3 When generated 23 24 25 This primitive is generated by a convergence layer of a BS or CPE unit to request the termination of an 26 existing connection. 27 28 1.15.1.6.4 Effect of receipt 29 30 31 If the primitive is generated on the CPE side, the receipt of this primitive causes the MAC to pass the request 32 to the MAC entity in the base station via the Dynamic Service Deletion – Request message. The base station 33 34 checks the validity of the request, and if it is valid it terminates the connection. 35 36 If the primitive is generated on the base station side, it has already been validated and the base station MAC 37 informs the CPE by issuing a Dynamic Service Deletion – Request message. 38 39 1.15.1.7 MAC-TERMINATE-CONNECTION.indication 40 41 1.15.1.7.1 Function 42 43 44 This primitive is issued by a the MAC entity on the non-initiating side to request the termination of a 45 connection in response to the receipt of a Dynamic Service Deletion – Request message. 46 47 1.15.1.7.2 Semantics of the service primitive 48 49 50 The parameters of the primitive are as follows: 51 52 MAC-TERMINATE-CONNECTION.indication 53 ( 54 connection ID 55 56 ) 57 58 The connection ID parameter specifies which connection is to be terminated. 59 60 1.15.1.7.3 When generated 61 62 This primitive is generated by the MAC layer when it receives a Dynamic Service Deletion - request 63 64 message to terminate a connection, or when it finds it necessary for any reason to terminate a connection. 65

This is an unapproved Task Group document being circulated for comment. 24 IEEE 802.16.1-00/01r4, September 2000

1 1.15.1.7.4 Effect of receipt 2 3 4 If the protocol was initiated by the CPE, when it receives this primitive, the base station checks the validity 5 of the request. In any case, the receiving CL returns the MAC-TERMINATE-CONNECTION.response 6 primitive, and deletes the connection ID from the appropriate polling and scheduling lists. 7 8 1.15.1.8 MAC-TERMINATE-CONNECTION.response 9 10 1.15.1.8.1 Function 11 12 13 This primitive is issued by a CL entity in response to a request for the termination of a connection. 14 15 1.15.1.8.2 Semantics of the service primitive 16 17 18 The parameters of the primitive are as follows: 19 20 MAC-TERMINATE-CONNECTION.response 21 ( 22 connection ID, 23 24 response code, 25 response message 26 ) 27 28 The connection ID is returned to the requesting entity. 29 30 The response code indicates success or the reason for rejecting the request. 31 32 The response message provides additional information to the requester, in TLV format. 33 34 1.15.1.8.3 When generated 35 36 37 This primitive is generated by the CL entity when it has received a MAC-TERMINATE- 38 CONNECTION.INDICATION from its MAC layer. 39 40 1.15.1.8.4 Effect of receipt 41 42 43 The receipt of this primitive causes the MAC layer to pass the message to the initiating side via the Dynamic 44 Service Deletion – Response message. The initiating MAC in turn passes the CONFIRM primitive to the 45 46 requesting convergence entity. The convergence entity may no longer use this connection ID for data 47 transmission 48 49 1.15.1.9 MAC-TERMINATE-CONNECTION.confirmation 50 51 1.15.1.9.1 Function 52 53 54 This primitive confirms to a convergence entity that a requested connection has been terminated. 55 56 1.15.1.9.2 Semantics of the service primitive 57 58 59 The parameters of the primitive are as follows: 60 61 MAC-TERMINATE-CONNECTION.confirmation 62 ( 63 connection ID, 64 response code, 65

This is an unapproved Task Group document being circulated for comment. 25 IEEE 802.16.1-00/01, August 2000

1 response message 2 ) 3 4 Parameters: see MAC-TERMINATE-CONNECTION.response. 5 6 7 1.15.1.9.3 When generated 8 9 This primitive is generated by the MAC entity when it has received a Dynamic Service Deletion – response 10 11 message. 12 13 1.15.1.9.4 Effect of receipt 14 15 16 The receipt of this primitive informs the convergence entity that a connection has been terminated. The 17 convergence entity may no longer use this connection ID for data transmission. 18 1.15.1.10 MAC-DATA.request 19 20 21 1.15.1.10.1 Function 22 23 24 This primitive defines the transfer of data to the MAC entity from a convergence layer service access point. 25 26 1.15.1.10.2 Semantics of the service primitive 27 28 The parameters of the primitive are as follows: 29 30 MAC-DATA.request 31 32 ( 33 connection ID, 34 length, 35 36 data, 37 discard-eligible flag, 38 encryption flag 39 ) 40 41 The connection ID parameter specifies the connection over which the data is to be sent; the service class is 42 43 implicit in the connection ID. 44 45 The length parameter specifies the length of the MSDU in bytes. 46 47 The data parameter specifies the MSDU as received by the local MAC entity. The length of the MSDU shall 48 be less than 2048 bytes. 49 50 The discard-eligible flag specifies whether the PDU should be preferentially discarded in the event of link 51 congestion and consequent buffer overflow. 52 53 The encryption flag specifies that the data sent over this connection should be encryption, if ON. If OFF, 54 then no encryption is used. 55 56 57 1.15.1.10.3 When generated 58 59 This primitive is generated by a convergence layer whenever an MSDU is to be transferred to a peer entity 60 or entities. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 26 IEEE 802.16.1-00/01r4, September 2000

1 1.15.1.10.4 Effect of receipt 2 3 4 The receipt of this primitive causes the MAC entity to process the MSDU through the MAA sublayer and 5 pass the appropriately formatted PDUs to the PHY/TC for transfer to peer MAC layer entities, using the 6 connection ID specified. 7 8 1.15.1.11 MAC-DATA.indication 9 10 1.15.1.11.1 Function 11 12 13 This primitive defines the transfer of data from the MAC to the convergence layer. The specific 14 convergence layer which will receive the indicate message is implicit in the connection ID. 15 16 1.15.1.11.2 Semantics of the service primitive 17 18 19 The parameters of the primitive are as follows: 20 21 MAC-DATA.indication 22 ( 23 24 connection ID, 25 length, 26 data, 27 28 reception status, 29 encryption flag 30 ) 31 32 The connection ID parameter specifies the connection over which the data was sent. 33 34 The length parameter specifies the length of the data unit in bytes. 35 36 The data parameter specifies the MSDU as received by the local MAC entity. 37 38 The reception status parameter indicates transmission success or failure for those frames received via the 39 MAC-DATA.indication. ERROR is reported if DISCARD_FAILURES is OFF; otherwise errored or 40 uncorrectable data units are discarded without generating the MAC-DATA.indication. 41 42 The encryption flag specifies that the data sent over this connection should be encryption, if ON. If OFF, 43 44 then no encryption is used. 45 46 1.15.1.11.3 When generated 47 48 49 This primitive is generated whenever an MSDU is to be transferred to a peer convergence entity or entities. 50 51 1.15.1.11.4 Effect of receipt 52 53 The effect of receipt of this primitive by a convergence entity is dependent on the validity and content of the 54 MSDU. The choice of convergence layer is determined by the connection ID over which the MSDU was 55 56 sent. 57 58 59 2 Medium Access Control 60 61 62 In a network that utilizes a shared medium, there must be a mechanism to provide an efficient way to share 63 the medium. A two-way point-to-multipoint wireless network is a good example of a shared medium: here 64 the medium is the space through which the radio waves propagate. 65

This is an unapproved Task Group document being circulated for comment. 27 IEEE 802.16.1-00/01, August 2000

1 The downlink, from the base station to the user operates on a point-to-multipoint basis. The 802.16.1 wire- 2 less link operates with a central base station and a sectorized antenna which is capable of handling multiple 3 independent sectors simultaneously. Within a given frequency channel and antenna sector, all stations 4 5 receive the same transmission. The base station is the only transmitter operating in this direction, hence it 6 can transmit without having to coordinate with other stations, except for the overall time-division duplexing 7 that divides time into upstream and downstream transmission periods. It broadcasts to all stations in the sec- 8 tor (and frequency); stations check the address in the received messages and retain only those addressed to 9 them. 10 11 12 However, the user stations share the upstream period on a demand basis. Depending on the class of service 13 utilized, the SS may be issued continuing rights to transmit, or the right to transmit may be granted by the 14 base station after receipt of a request from the user. 15 16 17 In addition to individually-addressed messages, messages may also be sent to multicast groups (control 18 messages and video distribution are examples of multicast applications) as well as broadcast to all stations. 19 20 Within each sector, users must adhere to a transmission protocol which minimizes contention between users 21 and enables the service to be tailored to the delay and bandwidth requirements of each user application. 22 23 24 This is accomplished through five different types of upstream scheduling mechanism, which are imple- 25 mented using unsolicitied bandwidth grants, polling, and contention procedures. Mechanisms are defined in 26 the protocol to allow vendors to optimize system performance using different combinations of these band- 27 width allocation techniques while maintaining consistent inter-operability definitions. For example, conten- 28 29 tion can be cidused to avoid the individual polling of SSs which have been inactive for a long period of time. 30 31 The use of polling simplifies the access operation and guarantees that applications receive service on a deter- 32 ministic basis if it is required. In general, data applications are delay tolerant, but real-time applications like 33 voice and video require service on a more uniform basis, and sometimes on a very tightly-controlled sched- 34 35 ule. 36 37 38 2.1 Connections and Service Flows 39 40 2.1.1 Definitions 41 42 2.1.1.1 Service Flows 43 44 45 The concept of Service Flows is central to the operation of the MAC protocol. Service Flows provide a 46 mechanism for upstream and downstream Qconnection iduality of Service management. In particular, they 47 are integral to bandwidth allocation. 48 49 50 A Service Flow ID defines a particular unidirectional mapping between a SS and the BS. Active Upstream 51 Service Flow IDs also have associated Connection IDs or CIDs. Upstream bandwidth is allocated to CIDs, 52 and hence to SSs, by the BS. Connection IDs provide the mechanism by which upstream Quality of Service 53 is implemented. 54 55 56 The BS MAY assign one or more Service Flow IDs (SFIDs) to each SS, corresponding to the Service Flows 57 required by the SS. This mapping can be negotiated between the BS and the SS during SS registration or via- 58 dynamic service establishment (refer to Section 5.5.1). 59 60 In a basic SS implementation, two Service Flows (one upstream, one downstream) could be used, for exam- 61 62 ple, to offer best-effort IP service. However, the Service Flow concept allows for more complex SSs to be 63 developed with support for multiple service classes while supporting interoperability with more basic 64 modems. With these more complex modems, it is possible that certain Service Flows will be configured in 65

This is an unapproved Task Group document being circulated for comment. 28 IEEE 802.16.1-00/01r4, September 2000

1 such a way that they cannot carry all types of traffic. That is, they may have a maximum packet size limita- 2 tion or be restricted to small fixed size unsolicited grants. Furthermore it might not be appropriate to send 3 other kinds of data on Service Flows that are being used for Constant Bit Rate (CBR)-type applications. 4 5 6 Even in these complex modems, it is necessary to be able to send certain upstream packets needed for MAC 7 management, SNMP management, key management, etc. For the network to function properly, all SSs 8 MUST support at least one upstream and one downstream Service Flow. These Service Flows MUST always 9 be provisioned to allow the SS to request and to send the largest possible unconcatenated MAC frame (refer 10 11 to Section 5.3.4.3.5). These Service Flows are referred to as the upstream and downstream Primary Service 12 Flows. The CID assigned to the upstream Primary Service Flow is referred to as the Primary CID. 13 14 The Primary CID MUST always be assigned to the first provisioned upstream Service Flow during the regis- 15 tration process (which may or may not be the same temporary CID used for the registration process). The 16 17 Primary Service Flows MUST be immediately activated at registration time. The Primary CID MUST 18 always be used for station maintenance after registration. The Primary Service Flows MAY be used for traf- 19 fic. All unicast Service Flows MUST use the security association defined for the Primary Service Flow. 20 21 All Service Flow IDs are unique within a single MAC-sublayer domain. The length of the Service Flow ID is 22 23 32 bits. The length of the Connection ID is 14 bits (although the Connection ID is sometimes carried in the 24 low-order bits of a 16-bit field). 25 26 2.1.1.2 Upstream Intervals, Mini-Slots and System Time 27 28 29 The upstream transmission time-line is divided into intervals by the upstream bandwidth allocation mecha- 30 nism. Each interval is an integral number of mini-slots. A “mini-slot” is the unit of granularity for upstream 31 32 transmission opportunities. There is no implication that any PDU can actually be transmitted in a single 33 mini-slot. Each interval is labeled with a usage code which defines both the type of traffic that can be trans- 34 35 mitted during that interval and the physical-layer modulation encoding. A single mini-slot’s duration in time 36 is the upstream clock tick x 64. The size of a mini-slot is set at a power-of-two multiple ranging from 1 to 8, 37 i.e., 2,..,256. 1 The relationship between mini-slots, bytes, and time ticks is described further in Section 38 5.4.1.3. The usage code values are defined in Table 5-23 and allowed use is defined in Section 5.3.3. The 39 binding of these values to physical-layer parameters is defined in Table 5-21..2000-04-14 IEEE 802.16.1mc-00/14r0 40 41 42 2.1.1.3 Frame 43 44 A frame is a unit of data exchanged between two (or more) entities at the . A MAC frame- 45 consists of a MAC Header (beginning with a Frame Control byte; see Figure 5-3), and may incorporate 46 47 either a variable-length data PDU, a mutliple ATM cell PDU, or a generic user data PDU. The variable- 48 length PDU includes a pair of 48-bit addresses, data, and a CRC. The multiple ATM cell PDU carries one or 49 more ATM cells. 50 51 The generic user data PDU may beused to exchange data using a protocol defined in a convergence sublayer 52 53 above the MAC proper. In special cases, the MAC Header may encapsulate multiple MAC frames (see Sec- 54 tion 5.3.4.3.5) into a single MAC frame. 55 56 5.3.1.2.4 Ordering of Bits and Bytes 57 58 59 Within a byte, the least-significant bit is the first transmitted on the wire. This follows the convention used 60 by Ethernet and [IEEE802.3]. This is often called bit-little-endian order. This applies to the upstream chan- 61 nel only. 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 29 IEEE 802.16.1-00/01, August 2000

1 For the downstream channel, the transmission convergence sublayer presents an byte-wide interface to the 2 MAC, so the MAC sublayer does not define the bit order. 3 4 5 Within the MAC layer, when numeric quantities are represented by more than one byte (i.e., 16-bit and 32- 6 bit values), the byte containing the most-significant bits is the first transmitted on the wire. This is some- 7 times called byte-big-endian order. 8 9 This section follows the textual convention that when bit-fields are presented in tables, the most-significant 10 11 bits are topmost in the table. For example, in Table 5-2, FC_TYPE occupies the two most-significant bits 12 and EHDR_ON occupies the least-significant bit. quantities are The MAC is connection-oriented. For the 13 purposes of mapping to services on SSs and associating varying levels of QoS, all data communications are 14 in the context of a connection. These connections are provisioned when a SS is installed in the system, and 15 set up over the air at SS registration to provide a reference against which to request bandwidth. Additionally, 16 17 new connections may be established when customer's service needs change. A connection defines both the 18 mapping between peer convergence processes that utilize the MAC and a Service Flow. The Service Flow 19 defines the QoS parameters for the PDUs that are exchanged on the connection. 20 21 The concept of a Service Flow on a Connection is central to the operation of the MAC protocol. Service 22 23 Flows provide a mechanism for upstream and downstream Quality of Service management. In particular, 24 they are integral to the bandwidth allocation process. A SS requests upstream bandwidth on a per-connection 25 basis (implicitly identifying the Service Flow). Bandwidth is granted by the BS either as an aggregate of all 26 grants for a SS (within a scheduling interval) or on a connection basis. 27 28 29 Once connections are established they must be maintained. The maintenance requirements vary depending 30 upon the type of service connected. For example, unchannelized T1 services require virtually no connection 31 maintenance since they have a constant bandwidth allocated every frame. Channelized T1 services require 32 some maintenance due to the dynamic (but relatively slowly changing) bandwidth requirements if com- 33 pressed, coupled with the requirement that full bandwidth be available on demand. IP services may require 34 35 a substantial amount of ongoing maintenance due to their bursty nature and due to the high possibility of 36 fragmentation across frames. As with connection establishment, modifiable connections may require main- 37 tenance due to stimulus from either the SS or the network side of the connection. 38 39 Finally, connections may be terminated. This generally occurs only when a customer's service contract 40 41 changes. The termination of a connection is stimulated by the BS or SS. 42 43 All three of these connection management functions are supported throught the use of static configuration 44 and dynamic addition, modification, and deletion of connections. 45 46 47 2.1.2 Addressing and Connection Identifiers 48 49 Each SS shall maintain a 48-bit MAC address for globally-unique addressing purposes. This address 50 uniquely defines the SS from within the set of all possible vendors and equipment types. This address is used 51 during the registration process to establish the appropriate connections for a SS. It is also used as part of the 52 53 authentication process by which the BS and SS each verify the identity of each other. 54 55 Connections are identified by a 16-bit Connection Identifier. Every SS must establish at least two connec- 56 tions in each direction (upstream and downstream) to enable communication with the BS. The Basic Con- 57 nection IDs assigned to a SS at registration are used by the BS MAC and the SS MAC to exchange MAC 58 59 control messages. The secondary management connection ID, also assigned to a SS at registration, is used 60 by the BS MAC and the SS MAC to exchange provisioning and higher level management information. 61 62 For bearer services, the higher layers of the BS set up connections based upon the provisioning information 63 distributed to the base station. The registration of a SS, or the modification of the services contracted at a 64 65 SS, stimulates the higher layers of the BS to initiate the setup of the connections.

This is an unapproved Task Group document being circulated for comment. 30 IEEE 802.16.1-00/01r4, September 2000

1 The CID can be considered a connection identifier even for nominally connectionless traffic like IP, since it 2 serves as a pointer to destination and context information. The use of a 16-bit CIDpermits a total of 64K 3 connections within the downstream channel. 4 5 6 Requests for transmission are based on these CIDs, since the allowable bandwidth may differ for different 7 connections, even within the same service type. For example, a SS unit serving multiple tenants in an office 8 building would make requests on behalf of all of them, though the contractual service limits and other con- 9 nection parameters may be different for each of them. 10 11 12 Many higher-layer sessions may operate over the same wireless CID. For example, many users within a 13 company may be communicating with TCP/IP to different destinations, but since they all operate within the 14 same overall service parameters, all of their traffic is pooled for request/grant purposes. Since the original 15 LAN source and destination addresses are encapsulated in the payload portion of the transmission, there is 16 17 no problem in identifying different user sessions. 18 19 The type of service is implicit in the CID; it is accessed by a lookup indexed by the CID. 20 21 There are several CIDs defined in Table 1 that having specific meaning. These identifiers shall not be used 22 23 for any other purposes. 24 25 26 Table 1—Connection Identifiers 27 28 29 Connection Identifier Value Description 30 31 Initial Ranging 0x0000 Used by a SS during initial ranging as part of network 32 entry process. 33 34 Temporary Registra- 0x0001..m 35 tion and Basic CID 36 37 Transport CIDs and m+1..0xFDFF 38 39 Secondary Mgt CIDs 40 Priority Request CIDs 0xFEXX Request Information Element Usage 41 42 If 0x01 bit is set, priority zero can request 43 If 0x02 bit is set, priority one can request 44 If 0x04 bit is set, priority two can request 45 46 If 0x08 bit is set, priority three can request 47 If 0x10 bit is set, priority four can request 48 If 0x20 bit is set, priority five can request 49 50 If 0x40 bit is set, priority six can request 51 If 0x80 bit is set, priority seven can request 52 53 Multicast Polling CIDs 0xFF00..0xFFFE A SS may be included in one or more multicast groups 54 for the purposes of obtaining bandwidth via polling. 55 These connections have no associated Service Flow. 56 57 Broadcast CID 0xFFFF Used for broadcast information that is transmitted on a 58 downlink to all SS. 59 60 61 62 2.2 Parameters and Constants 63 64 The BS and SS shall meet the timing requirements contained in Table 2. 65

This is an unapproved Task Group document being circulated for comment. 31 IEEE 802.16.1-00/01, August 2000

1 Table 2—Parameters and Constants 2 3 4 System Name Time Reference Minimum Default Maximum 5 Value Value Value 6 7 BS Sync Interval Nominal time between 200 msec 8 transmission of SYNC 9 messages 10 11 BS UCD Interval Time between transmis- 2 sec 12 sion of UCD messages 13 14 BS Max MAP Pending The number of mini-slots 4096 mini- 15 16 that a BS is allowed to slot times 17 map into the future ) 18 19 BS Ranging Interval Time between transmis- 2 sec 20 sion of broadcast Rang- 21 ing requests 22 23 SS Lost DL-MAP Time since last received 600 msec 24 Interval Sync message before 25 synchronization is con- 26 sidered lost 27 28 SS Contention Ranging Number of Retries on 16 29 30 Retries contention Ranging 31 Requests 32 33 SS, BS Invited Ranging Number of Retries on 16 34 Retries inviting Ranging 35 Requests 36 37 SS Request Retries Number of retries on 16 38 bandwidth allocation 39 requests 40 41 SS Registration Request Number of retries on reg- 3 42 Retries istration requests 43 44 SS Data Retries Number of retries on 16 45 46 immediate data transmis- 47 sion 48 49 BS SS UL-MAP pro- Time provided between 200 us 50 cessing time arrival of the last bit of a 51 UL-MAP at a SS and 52 effectiveness of that 53 MAP 54 55 BS SS Ranging Minimum time allowed 1 msec 56 Response process- for a SS following receipt 57 58 ing time of a ranging response 59 before it is expected to 60 reply to an invited rang- 61 ing request 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 32 IEEE 802.16.1-00/01r4, September 2000

1 Table 2—Parameters and Constants 2 3 4 System Name Time Reference Minimum Default Maximum 5 Value Value Value 6 7 BS SS Configuration The maximum time 30 sec 8 allowed for a SS, follow- 9 ing receipt of a configu- 10 11 ration file, to send a 12 Registration Request to a 13 BS. 14 15 SS T1 Wait for Physical Change 5 *DCD 16 Descriptor DCD timeout interval 17 maximum 18 value 19 20 SS T2 Wait for broadcast rang- 5 * ranging 21 22 ing timeout interval 23 SS T3 Wait for ranging response 50 msec 200 msec 200 msec 24 25 SS T4 Wait for unicast ranging 30 sec 35 sec 26 opportunity. If the pend- 27 28 ing-till-complete field 29 was used earlier by this 30 SS, then the value of that 31 field must be added to 32 this interval. 33 34 BS T5 Wait for Upstream Chan- 2 sec 35 36 nel Change response 37 SS T6 Wait for registration 3 sec 38 39 response 40 41 SS, BS Mini-slot size Size of mini-slot for 32 symbol 42 upstream transmission. times 43 Must be a power of 2 (in 44 units of the Timebase 45 Tick) 46 47 SS, BS Timebase Tick System timing unit ¼ Symbol 48 49 SS, BS DSx Request Retries Number of Timeout 3 50 Retries on DSA/DSC/ 51 52 DSD Requests 53 SS, BS DSx Response Number of Timeout 3 54 55 Retries Retries on DSA/DSC/ 56 DSD Responses 57 58 SS, BS T7 Wait for DSA/DSC/DSD 1 sec 59 Response timeout 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 33 IEEE 802.16.1-00/01, August 2000

1 Table 2—Parameters and Constants 2 3 4 System Name Time Reference Minimum Default Maximum 5 Value Value Value 6 7 SS, BS T8 Wait for DSA/DSC 300 msec 8 Acknowledge timeout 9 10 SS TFTP Backoff Start Initial value for TFTP 1sec 11 backoff 12 13 SS TFTP Backoff End Last value for TFTP 16 sec 14 backoff 15 16 SS TFTP Request Number of retries on 16 17 Retries TFTP request 18 19 SS TFTP Download Number of retries on 3 20 21 Retries entire TFTP downloads 22 SS TFTP Wait The wait between TFTP 10 min 23 24 retry sequences 25 SS ToD Retries Number of Retries per 3 26 27 ToD Retry Period 28 29 SS ToD Retry Period Time period for ToD 5 min 30 retries 31 32 BS T9 Registration Timeout, the 15 min 15 min 33 time allowed between the 34 BS sending a RNG-RSP 35 (success) to a SS, and 36 receiving a REG-REQ 37 38 from that same SS. 39 40 SS, BS T10 Wait for Transaction End 3 sec 41 timeout 42 43 44 2.3 Encodings for Configuration and MAC-Layer Messaging 45 46 47 The following type/length/value encodings shall be used in both the configuration file (see Section 2.4), in 48 SS registration requests and in Dynamic Service Messages. All multi- quantities are in network-byte order, 49 i.e., the containing the most-significant bits is the first transmitted on the wire. 50 51 52 The following configuration settings shall be supported by all SSs which are compliant with this specifica- 53 tion. 54 55 2.3.1 Configuration File and Registration Settings 56 57 58 Registration settings are found in the configuration file and shall be forwarded by the SS to the BS in its 59 Registration Request. 60 61 In the following sections , length is in bytes. 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 34 IEEE 802.16.1-00/01r4, September 2000

1 2.3.1.1 Downstream Frequency Configuration Setting 2 3 The receive frequency to be used by the SS. It is an override for the channel selected during scanning. This is 4 5 the center radio frequency of the downstream channel in kHz stored as a 32-bit binary number. 6 7 Type Length Value 8 1 4 Rx Frequency 9 10 11 Valid Range: 12 The receive frequency shall be a multiple of 1000 Hz. 13 14 2.3.1.2 Upstream Channel ID Configuration Setting 15 16 17 The upstream channel ID which the SS shall use. The SS shall listen on the defined downstream channel 18 until an upstream channel description message with this ID is found. This channel is an override for the 19 channel selected during initialization. 20 21 22 Type Length Value 23 21Channel ID 24 25 2.3.1.3 Network Access Control Object (NACO) 26 27 28 If the value field is a 1, Subscriber Network Equipment attached to this SS are allowed access to the network, 29 based on SS provisioning. If the value of this field is a 0, the SS shall not forward traffic from attached Sub- 30 scriber Equipment to the MAC network, but shall continue to accept and generate traffic from the SS itself. 31 The value of this field does not affect BS service flow operation and does not affect BS data forwarding 32 operation. 33 34 35 Type Length Value 36 3 1 1 or 0 37 38 39 Note: The intent of “NACO = 0” is that the SS does not forward traffic from any attached Subscriber Net- 40 work Equipment onto the BWA network. (A Subscriber is any client device attached to that SS, regardless of 41 how that attachment is implemented.) However, with “NACO = 0”, management traffic to the SS is not 42 restricted. Specifically, with NACO= 0, the SS remains manageable, including sending/receiving manage- 43 ment traffic such as (but not limited to): 44 45 46 • ARP: allow the SS to resolve IP addresses, so it can respond to queries or send traps. 47 • DHCP: allow the SS to renew its IP address lease. 48 49 • ISSP: enable network troubleshooting for tools such as “ping” and “traceroute.” 50 • ToD: allow the SS to continue to synchronize its clock after boot. 51 52 • TFTP: allow the SS to download either a new configuration file or a new software image. 53 • SYSLOG: allow the SS to report network events. 54 55 • SNMP: allow management activity 56 57 With NACO = 0, the primary upstream and primary downstream service flows of the SS remain operational 58 only for management traffic to and from the SS. With respect to BWA provisioning, a BS should ignore the 59 60 NACO value and allocate any service flows that have been authorized by the provisioning server. 61 62 2.3.1.4 Downstream Modulation Configuration Setting 63 64 The allowed downstream modulation types. 65

This is an unapproved Task Group document being circulated for comment. 35 IEEE 802.16.1-00/01, August 2000

1 Type Length Value 2 41bit #0: QPSK 3 4 bit #1: 16-QAM 5 bit #2: 64-QAM 6 bit #3-7: reserved must be set to zero 7 8 9 2.3.1.5 SS Message Integrity Check (MIC) Configuration Setting 10 11 The value field contains the SS message integrity check code. This is used to detect unauthorized modifica- 12 tion or corruption of the configuration file. 13 14 15 Type Length Value 16 6 16 d1 d2...... d16 17 18 2.3.1.6 BS Message Integrity Check (MIC) Configuration Setting 19 20 21 The value field contains the BS message integrity check code. This is used to detect unauthorized modifica- 22 tion or corruption of the configuration file. 23 24 Type Length Value 25 26 7 16 d1 d2...... d16 27 28 2.3.1.7 Trivial File Transfer Protocol (TFTP) Server Timestamp 29 30 The sending time of the configuration file in seconds. The definition of time is as in [RFC-868] 31 32 33 Type Length Value 34 19 4 Number of seconds since 00:00 1 Jan 1900 35 36 Note: The purpose of this parameter is to prevent replay attacks with old configuration files. 37 38 39 2.3.1.8 TFTP Server Provisioned SS Address 40 41 The IP Address of the SS requesting the configuration file. 42 43 44 Type Length Value 45 20 4 or 16 IP Address 46 47 Note: The purpose of this parameter is to prevent IP spoofing during registration. 48 49 2.3.1.9 Upstream Service Flow Encodings 50 51 52 This field defines the parameters associated with upstream scheduling for one Service Flow. Refer to Section 53 2.3.5.1. 54 55 56 Type Length Value 57 24 n 58 59 2.3.1.10 Downstream Service Flow Encodings 60 61 62 This field defines the parameters associated with downstream scheduling for one Service Flow. Refer to Sec- 63 tion 2.3.5.2. 64 65

This is an unapproved Task Group document being circulated for comment. 36 IEEE 802.16.1-00/01r4, September 2000

1 2.3.1.11 Privacy Enable 2 3 This configuration setting enables/disables Privacy on the Primary Service Flow and all other Service Flows 4 5 for this SS. 6 7 Type Length Value 8 29 1 0 — Disable 9 10 1 — Enable 11 12 The default value of this parameter is 1 — privacy enabled. 13 14 2.3.1.12 Vendor-Specific Information 15 16 17 Vendor-specific information for SSs, if present, shall be encoded in the vendor specific information field 18 (VSIF) (code 43) using the Vendor ID field (2.3.3.2) to specify which 19 20 tuples apply to which vendors products. The Vendor ID shall be the first TLV embedded inside VSIF. If the 21 22 first TLV inside VSIF is not a Vendor ID, then the TLV must be discarded. 23 24 This configuration setting may appear multiple times. The same Vendor ID may appear multiple times. This 25 configuration setting may be nested inside a Packet Classification Configuration Setting, a Service Flow 26 Configuration Setting, or a Service Flow Response. However, there shall not be more than one Vendor ID 27 28 TLV inside a single VSIF. 29 30 Type Length Value 31 43 n per vendor definition 32 33 34 Example: 35 36 Configuration with vendor A specific fields and vendor B specific fields: 37 38 39 VSIF (43) + n (number of bytes inside this VSIF) 40 8 (Vendor ID Type) + 3 (length field) + Vendor ID of Vendor A 41 Vendor A Specific Type #1 + length of the field + Value #1 42 Vendor A Specific Type #2 + length of the field + Value #2 43 44 45 VSIF (43) + m (number of bytes inside this VSIF) 46 8 (Vendor ID Type) + 3 (length field) + Vendor ID of Vendor B 47 Vendor B Specific Type + length of the field + Value 48 49 2.3.2 Configuration-File-Specific Settings 50 51 52 These settings are found in only the configuration file. They shall not be forwarded to the BS in the Registra- 53 tion Request. 54 55 2.3.2.1 End-of-Data Marker 56 57 58 This is a special marker for end of data. It has no length or value fields. 59 60 Type 61 255 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 37 IEEE 802.16.1-00/01, August 2000

1 2.3.2.2 Pad Configuration Setting 2 3 This has no length or value fields and is only used following the end of data marker to pad the file to an inte- 4 5 gral number of 32-bit words. 6 7 Type 8 0 9 10 11 2.3.2.3 Software Upgrade Filename 12 13 The filename of the software upgrade file for the SS. The filename is a fully qualified directory-path name. 14 The file is expected to reside on a TFTP server identified in a configuration setting option defined in Section 15 2.3.1.8. 16 17 18 Type Length Value 19 9nfilename 20 21 22 2.3.2.4 SNMP Write-Access Control 23 24 This object makes it possible to disable SNMP “Set” access to individual MIB objects. Each instance of this 25 object controls access to all of the writeable MIB objects whose Object ID (OID) prefix matches. This object 26 may be repeated to disable access to any number of MIB objects. 27 28 29 Type Length Value 30 10 n OID prefix plus control flag 31 32 Where n is the size of the ASN.1 Basic Encoding Rules [ISO8025] encoding of the OID prefix plus one byte 33 34 for the control flag. 35 36 The control flag may take values: 37 38 39 0 - allow write-access 40 1 - disallow write-access 41 42 Any OID prefix may be used. The Null OID 0.0 may be used to control access to all MIB objects. (The OID 43 44 1.3.6.1 will have the same effect.) 45 46 When multiple instances of this object are present and overlap, the longest (most specific) prefix has prece- 47 dence. Thus, one example might be 48 49 50 someTabledisallow write-access 51 someTable.1.3allow write-access 52 53 54 This example disallows access to all objects in someTable except for someTable.1.3. 55 56 2.3.2.5 SNMP MIB Object 57 58 This object allows arbitrary SNMP MIB objects to be Set via the TFTP-Registration process. 59 60 61 Type Length Value 62 11 n variable binding 63 64 65

This is an unapproved Task Group document being circulated for comment. 38 IEEE 802.16.1-00/01r4, September 2000

1 where the value is an SNMP VarBind as defined in [RFC-1157]. The VarBind is encoded in ASN.1 Basic 2 Encoding Rules, just as it would be if part of an SNMP Set request. 3 4 5 The SS shall treat this object as if it were part of an SNMP Set Request with the following caveats: 6 7 It shall treat the request as fully authorized (it cannot refuse the request for lack of privilege). 8 SNMP Write-Control provisions (see previous section) do not apply. 9 10 No SNMP response is generated by the SS. 11 12 This object may be repeated with different VarBinds to “Set” a number of MIB objects. All such Sets shall 13 be treated as if simultaneous. 14 15 16 Each VarBind shall be limited to 255 bytes. 17 18 2.3.2.6 Software Upgrade TFTP Server 19 20 The IP address of the TFTP server, on which the software upgrade file for the SS resides. See Section 2.3.2.3 21 22 23 Type Length Value 24 21 4 or16 ip1,ip2,ip3,ip4 25 26 27 2.3.3 Registration-Request/Response-Specific Encodings 28 29 These encodings are not found in the configuration file, but are included in the Registration Request. Some 30 encodings are also used in the Registration Response. 31 32 33 The SS shall include SS Capabilities Encodings in its Registration Request. If present in the corresponding 34 Registration Request, the BS shall include SS Capabilities in the Registration Response. 35 36 2.3.3.1 SS Capabilities Encoding 37 38 39 The value field describes the capabilities of a particular SS, i.e., implementation dependent limits on the par- 40 ticular features or number of features which the SS can support. It is composed from a number of encapsu- 41 lated type/length/value fields. The encapsulated sub-types define the specific capabilities for the SS in 42 question. Note that the sub-type fields defined are only valid within the encapsulated capabilities configura- 43 tion setting string. 44 45 46 Type Length Value 47 5n 48 49 The set of possible encapsulated fields is described below. 50 51 52 2.3.3.1.1 Privacy Support 53 54 The value is the BPI support of the SS. 55 56 57 Type Length Value 58 5.6 1 0 Privacy Supported 59 1 - 255 Reserved 60 61 62 2.3.3.1.2 Upstream CID Support 63 64 The field shows the number of Upstream CIDs the SS can support. 65

This is an unapproved Task Group document being circulated for comment. 39 IEEE 802.16.1-00/01, August 2000

1 Type Length Value 2 5.8 2 Number of Upstream CIDs the SS can support. 3 4 5 The minimum value is 2; a SS must support a basic CID, a secondary management CID, and 0 or more trans- 6 port CIDs. 7 8 2.3.3.1.3 SS Demodulator Types 9 10 11 This field indicates the different modulation types supported by the SS for downstream reception. 12 13 Type Length Value 14 15 5.12 1 bit #0: QPSK 16 bit #1: 16-QAM 17 bit #2: 64-QAM 18 19 bit #3-7: reserved must be set to zero 20 21 2.3.3.1.4 SS Modulator Types 22 23 This field indicates the different modulation types supported by the SS for upstream transmission. 24 25 26 Type Length Value 27 5.13 1 bit #0: QPSK 28 bit #1: 16-QAM 29 30 bit #2: 64-QAM 31 bit #3-7: reserved must be set to zero 32 33 2.3.3.1.5 Duplexing Support 34 35 36 This field indicates the different duplexing modes the SS is able to support. 37 38 Type Length Value 39 40 5.14 1 bit #0: FDD (continuous downstream) 41 bit #1: FDD (burst downstream) 42 bit #2: Half-Duplex FDD 43 44 bit #3: TDD 45 bit #4-7: reserved must be set to zero 46 47 2.3.3.1.6 Bandwidth Allocation Support 48 49 50 This field indicates the different bandwidth allocation modes the SS is able to support. 51 52 Type Length Value 53 54 5.15 1 bit #0: Grant per Connection 55 bit #1: Grant per Terminal (SS) 56 bit #2-7: reserved must be set to zero 57 2.3.3.2 Vendor ID Encoding 58 59 60 The value field contains the vendor identification specified by the three-byte vendor-specific Organization 61 Unique Identifier of the SS MAC address. 62 63 The Vendor ID shall be used in a Registration Request, but shall not be used as a stand-alone configuration 64 file element. It may be used as a sub-field of the Vendor Specific Information Field in a configuration file. 65

This is an unapproved Task Group document being circulated for comment. 40 IEEE 802.16.1-00/01r4, September 2000

1 When used as a sub-field of the Vendor Specific Information field, this identifies the Vendor ID of the SSs 2 which are intended to use this information. When the vendor ID is used in a Registration Request, then it is 3 the Vendor ID of the SS sending the request. 4 5 6 Type Length Value 7 8 3 v1, v2, v3 8 9 2.3.3.3 Service(s) Not Available Response 10 11 12 This configuration setting shall be included in the Registration Response message if the BS is unable or 13 unwilling to grant any of the requested classes of service that appeared in the Registration Request. 14 Although the value applies only to the failed service class, the entire Registration Request shall be consid- 15 ered to have failed (none of the class-of-service configuration settings are granted). 16 17 18 Type Length Value 19 13 3 Class ID, Type, Confirmation Code 20 21 22 Where 23 24 Class ID is the class-of-service class from the request which is not available 25 26 Type is the specific class-of-service object within the class which caused the request to 27 28 be rejected 29 30 Confirmation CodeRefer to 2.3.7. 31 32 2.3.4 Dynamic-Service-Message-Specific Encodings 33 34 35 These encodings are not found in the configuration file, nor in the Registration Request/Response signaling. 36 They are only found in Dynamic Service Addition, Dynamic Service Change and Dynamic Service Deletion 37 Request/Response messages: 38 39 40 2.3.4.1 HMAC-Digest 41 42 The HMAC-Digest setting is a keyed message digest. If privacy is enabled, the HMAC-Digest Attribute shall 43 be the final Attribute in the Dynamic Service message’s Attribute list. The message digest is performed over 44 the all of the Dynamic Service parameters (starting immediately after the MAC Management Message 45 46 Header and up to, but not including the HMAC Digest setting), other than the HMAC-Digest, in the order in 47 which they appear within the packet. 48 49 Inclusion of the keyed digest allows the receiver to authenticate the message. The HMAC-Digest algorithm, 50 and the upstream and downstream key generation requirements are documented in Section 7. 51 52 53 This parameter contains a keyed hash used for message authentication. The HMAC algorithm is defined in 54 [RFC-2104]. The HMAC algorithm is specified using a generic cryptographic hash algorithm. Baseline Pri- 55 vacy uses a particular version of HMAC that employs the Secure Hash Algorithm (SHA-1), defined in 56 [SHA]. 57 58 59 A summary of the HMAC-Digest Attribute format is shown below. The fields are transmitted from left to 60 right. 61 62 63 Type Length Value 64 27 20 A 160-bit (20 ) keyed SHA hash 65

This is an unapproved Task Group document being circulated for comment. 41 IEEE 802.16.1-00/01, August 2000

1 2.3.4.2 Authorization Block 2 3 The Authorization Block contains an authorization “hint” from the SS to the BS. The specifics of the con- 4 5 tents of this “hint” are beyond the scope of this specification. 6 7 The Authorization Block may be present in SS-initiated DSA-REQ and DSC-REQ messages. This parame- 8 ter shall not be present in DSA-RSP and DSC-RSP message, nor in BS-initiated DSA-REQ nor DSC-REQ 9 messages. 10 11 12 The Authorization Block information applies to the entire contents of the DSC message. Thus, only a single 13 Authorization Block may be present per DSA-REQ or DSC-REQ message. The Authorization Block, if 14 present, shall be passed to the Authorization Module in the BS. The Authorization Block information is only 15 processed by the Authorization Module. 16 17 18 Type Length Value 19 30 n Sequence of n s 20 21 2.3.5 Quality-of-Service-Related Encodings 22 23 24 The following type/length/value encodings shall be used in the configuration file, registration messages, and 25 Dynamic Service messages to encode parameters for Service Flows. All multi- quantities are in network- 26 byte order, i.e., the containing the most-significant bits is the first transmitted on the wire. 27 28 29 The following configuration settings shall be supported by all SSs which are compliant with this specifica- 30 tion. 31 32 2.3.5.1 Upstream Service Flow Encodings 33 34 35 This field defines the parameters associated with upstream scheduling for a Service Flow. It is somewhat 36 complex in that is composed from a number of encapsulated type/length/value fields. 37 38 Note that the encapsulated upstream and downstream Service Flow configuration setting strings share the 39 same subtype field numbering plan, because many of the subtype fields defined are valid for both types of 40 41 configuration settings. These type fields are not valid in other encoding contexts. 42 43 Type Length Value 44 24 n 45 46 47 2.3.5.2 Downstream Service Flow Encodings 48 49 This field defines the parameters associated with downstream scheduling for a Service Flow. It is somewhat 50 complex in that is composed from a number of encapsulated type/length/value fields. 51 52 53 Note that the encapsulated upstream and downstream flow classification configuration setting strings share 54 the same subtype field numbering plan, because many of the subtype fields defined are valid for both types 55 of configuration settings except Service Flow encodings. 56 57 58 Type Length Value 59 25 n 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 42 IEEE 802.16.1-00/01r4, September 2000

1 2.3.5.3 General Service Flow Encodings 2 3 2.3.5.3.1 Service Flow Reference 4 5 6 The Service Flow Reference is used to associate a packet classifier encoding with a Service Flow encoding. 7 A Service Flow Reference is only used to establish a Service Flow ID. Once the Service Flow exists and has 8 an assigned Service Flow ID, the Service Flow Reference shall no longer be used by the MAC. 9 10 11 Type Length Value 12 [24/25].1 2 1 - 65535 13 14 2.3.5.3.2 Service Flow Identifier 15 16 17 The Service Flow Identifier is used by the BS as the primary reference of a Service Flow. Only the BS can 18 issue a Service Flow Identifier. It uses this parameterization to issue Service Flow Identifiers in BS-initiated 19 DSA/DSC-Requests and in its REG/DSA/DSC-Response to SS-initiated REG/DSA/DSC-Requests. The SS 20 specifies the SFID of a service flow using this parameter in a DSC-REQ message. 21 22 23 The configuration file shall not contain this parameter. 24 25 Type Length Value 26 [24/25].2 4 1 - 4,294,967,295 27 28 29 2.3.5.3.3 Connection Identifier 30 31 The value of this field specifies the Connection Identifier (CID) assigned by the BS to a Service Flow with a 32 non-null AdmittedQosParameterSet or ActiveQosParameterSet. This is used in the bandwidth allocation 33 34 MAP to assign upstream bandwidth. This field shall be present in BS-initiated DSA-REQ or DSC-REQ 35 message related to establishing an admitted or active upstream Service Flow. This field shall also be present 36 in REG-RSP, DSA-RSP and DSC-RSP messages related to the successful establishment of an admitted or 37 active upstream Service Flow. 38 39 40 Even though a Service Flow has been successfully admitted or activated (i.e. has an assigned Connection ID) 41 the Service Flow ID shall be used for subsequent DSx message signalling as it is the primary handle for a 42 service flow. If a Service Flow is no longer admitted or active (via DSC-REQ) its Connection ID may be 43 reassigned by the BS. 44 45 46 SubType Length Value 47 [24/25].3 2 CID 48 49 2.3.5.3.4 Service Class Name 50 51 52 The value of the field refers to a predefined BS service configuration to be used for this Service Flow. 53 54 Type Length Value 55 [24/25].4 2 to 16 Zero-terminated string of ASCII characters. 56 57 58 Note: The length includes the terminating zero. 59 60 When the Service Class Name is used in a Service Flow encoding, it indicates that all the unspecified QoS 61 Parameters of the Service Flow need to be provided by the BS. It is up to the operator to synchronize the 62 definition of Service Class Names in the BS and in the configuration file. 63 64 65

This is an unapproved Task Group document being circulated for comment. 43 IEEE 802.16.1-00/01, August 2000

1 2.3.5.4 Service Flow Error Encodings 2 3 This field defines the parameters associated with Service Flow Errors. 4 5 6 Type Length Value 7 [24/25].5 n 8 9 A Service Flow Error Parameter Set is defined by the following individual parameters: Confirmation Code, 10 11 Errored Parameter and Error Message. 12 13 The Service Flow Error Parameter Set is returned in REG-RSP, DSA-RSP and DSC-RSP messages to indi- 14 cate the recipient’s response to a Service Flow establishment request in a REG-REQ, DSA-REQ or DSC- 15 REQ message. The Service Flow Error Parameter Set is returned in REG-ACK, DSA-ACK and DSC-ACK 16 17 messages to indicate the recipient’s response to the expansion of a Service Class Name in a corresponding 18 REG-RSP, DSA-RSP or DSC-RSP. 19 20 On failure, the sender shall include one Service Flow Error Parameter Set for each failed Service Flow 21 requested in the REG-REQ, DSA-REQ or DSC-REQ message. On failure, the sender shall include one Ser- 22 23 vice Flow Error Parameter Set for each failed Service Class Name expansion in the REG-RSP, DSA-RSP or 24 DSC-RSP message. Service Flow Error Parameter Set for the failed Service Flow shall include the Confir- 25 mation Code and Errored Parameter and may include an Error Message. If some Service Flow Parameter 26 Sets are rejected but other Service Flow Parameter Sets are accepted, then Service Flow Error Parameters 27 Sets shall be included for only the rejected Service Flow. 28 29 30 On success of the entire transaction, the RSP or ACK message shall not include a Service Flow Error Param- 31 eter Set. 32 33 Multiple Service Flow Error Parameter Sets may appear in a REG-RSP, DSA-RSP, DSC-RSP, REG-ACK, 34 35 DSA-ACK or DSC-ACK message, since multiple Service Flow parameters may be in error. A message with 36 even a single Service Flow Error Parameter Set shall not contain any QoS Parameters. 37 38 A Service Flow Error Parameter Set shall not appear in any REG-REQ, DSA-REQ or DSC-REQ messages. 39 40 41 2.3.5.4.1 Errored Parameter 42 43 The value of this parameter identifies the subtype of a requested Service Flow parameter in error in a 44 rejected Service Flow request or Service Class Name expansion response. A Service Flow Error Parameter 45 Set shall have exactly one Errored Parameter TLV within a given Service Flow Encoding. 46 47 48 Subtype Length Value 49 [24/25].5.1 1 Service Flow Encoding Subtype in Error 50 51 52 2.3.5.4.2 Error Code 53 54 This parameter indicates the status of the request. A non-zero value corresponds to the Confirmation Code as 55 described in 2.3.7. A Service Flow Error Parameter Set shall have exactly one Error Code within a given Ser- 56 vice Flow Encoding. 57 58 59 Subtype Length Value 60 [24/25].5.2 1 Confirmation code 61 62 A value of okay(0) indicates that the Service Flow request was successful. Since a Service Flow Error 63 64 Parameter Set only applies to errored parameters, this value shall not be used. 65

This is an unapproved Task Group document being circulated for comment. 44 IEEE 802.16.1-00/01r4, September 2000

1 2.3.5.4.3 Error Message 2 3 This subtype is optional in a Service Flow Error Parameter Set. If present, it indicates a text string to be dis- 4 5 played on the SS console and/or log that further describes a rejected Service Flow request. A Service Flow 6 Error Parameter Set may have zero or one Error Message subtypes within a given Service Flow Encoding. 7 8 SubType Length Value 9 [24/25].5.3 n Zero-terminated string of ASCII characters. 10 11 12 Note: The length N includes the terminating zero. 13 14 Note: The entire Service Flow Encoding message must have a total length of less than 256 characters. 15 16 2.3.5.5 Common Upstream and Downstream Quality-of-Service Parameter Encodings 17 18 19 The remaining Type 24 & 25 parameters are QoS Parameters. Any given QoS Parameter type shall appear 20 zero or one times per Service Flow Encoding. 21 22 2.3.5.5.1 Quality of Service Parameter Set Type 23 24 25 This parameter shall appear within every Service flow Encoding. It specifies the proper application of the 26 QoS Parameter Set: to the Provisioned set, the Admitted set, and/or the Active set. When two QoS Parameter 27 Sets are the same, a multi-bit value of this parameter may be used to apply the QoS parameters to more than 28 one set. A single message may contain multiple QoS parameter sets in separate type 24/25 Service Flow 29 Encodings for the same Service Flow. This allows specification of the QoS Parameter Sets when their 30 31 parameters are diferent. Bit 0 is the LSB of the Value field. 32 33 For every Service Flow that appears in a Registration-Request or Registration-Response message, there shall 34 be a Service Flow Encoding that specifies a ProvisionedQoSParameterSet. This Service Flow Encoding, or 35 other Service Flow Encoding(s), may also specify an Admitted and/or Active set. 36 37 38 Type Length Value 39 [24/25].6 1 Bit # 0 Provisioned Set 40 41 Bit # 1 Admitted Set 42 Bit # 2 Active Set 43 44 45 Table 3—Values Used in REG-REQ and REG-RSP Messages 46 47 48 Value Messages 49 50 001 Apply to Provisioned set only 51 52 011 Apply to Provisioned and Admitted set, and perform admission control 53 54 101 Apply to Provisioned and Active sets, perform admission control, and acti- 55 vate this Service flow 56 57 111 Apply to Provisioned, Admitted, and Active sets; perform admission con- 58 trol and activate this Service Flow 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 45 IEEE 802.16.1-00/01, August 2000

1 Table 4—Values Used In Dynamic Service Messages 2 3 4 Value Messages 5 6 000 Sect Active and Admitted sets to Null 7 8 010 Perform admission control and apply to Admitted set 9 10 100 Check against Admitted set in separate Service flow Encoding, perform 11 admission control if needed, activate this Service Flow, and apply to Active 12 set 13 14 110 Perform admission control and activate this Service Flow, apply parameters 15 to both Admitted and Active sets 16 17 18 19 A BS shall handle a single update to each of the Active and Admitted QoS parameter sets. The ability to pro- 20 cess multiple Service Flow Encodings that specify the same QoS parameter set is not required, and is left as 21 a vendor-specific function. If a DSA/DSC contains multiple updates to a single QoS parameter set and the 22 vendor does not support such updates, then the BS shall reply with error code 2, reject-unrecognized-config- 23 uration-setting. 24 25 26 2.3.5.5.2 Traffic Priority 27 28 The value of this parameter specifies the priority assigned to a Service Flow. Given two Service Flows - 29 tical in all QoS parameters besides priority, the higher priority Service Flow SHOULD be given lower delay 30 31 and higher buffering preference. For otherwise non-identical Service Flows, the priority parameter 32 SHOULD not take precedence over any conflicting Service Flow QoS parameter. The specific algorithm for 33 enforcing this parameter is not mandated here. 34 35 For upstream service flows, the BS SHOULD use this parameter when determining precedence in request 36 37 service and grant generation, and the SS shall preferentially select contention Request opportunities for Pri- 38 ority Request Connection IDs (refer to A.2.3) based on this priority and its Request/Transmission Policy 39 (refer to Section 2.3.5.6.3). 40 41 42 Type Length Value 43 [24/25].7 1 0 to 7 — Higher numbers indicate higher priority 44 45 Note: The default priority is 0. 46 47 2.3.5.5.3 Maximum Sustained Traffic Rate 48 49 50 This parameter is the rate parameter R of a token-bucket-based rate limit for packets. R is expressed in bits 51 per second, and must take into account all MAC frame data PDU of the Service Flow from the byte follow- 52 ing the MAC header HCS to the end of the MAC PDU payload. The number of bytes forwarded (in bytes) is 53 limited during any time interval T by Max(T), as described in the expression 54 55 56 Max(T) = T * (R / 8) + B, (1) 57 58 where the parameter B (in bytes) is the Maximum Traffic Burst Configuration Setting (refer to 2.3.5.5.6). 59 60 Note: This parameter does not limit the instantaneous rate of the Service Flow. 61 62 Note: The specific algorithm for enforcing this parameter is not mandated here. Any implementation which satisfies the 63 above equation is conformant. 64 65

This is an unapproved Task Group document being circulated for comment. 46 IEEE 802.16.1-00/01r4, September 2000

1 Note: If this parameter is omitted or set to zero, then there is no explicitly-enforced traffic rate maximum. This field 2 specifies only a bound, not a guarantee that this rate is available. 3 4 2.3.5.5.4 Upstream Maximum Sustained Traffic Rate 5 6 7 For an upstream Service Flow, the SS shall not request bandwidth exceeding the Max(T) requirement in (1) 8 during any interval T because this could force the BS to fill MAPs with deferred grants. 9 10 The SS shall defer upstream packets that violate (1) and “rate shape” them to meet the expression, up to a 11 limit as implemented by vendor buffering restrictions. 12 13 14 The BS shall enforce expression (1) on all upstream data transmissions, including data sent in contention. 15 The BS may concer unused grants in calculations involving this parameter. The BS may enforce this limit by 16 any of the following methods: (a) discarding over-limit requests, (b) deferring (through zero-length grants) 17 the grant until it is conforming to the allowed limit, or (c) discarding over-limit data packets. A BS shall 18 19 report this condition to a policy module. If the BS is policing by discarding either packets or requests, the BS 20 shall allow a margin of error between the SS and BS algorithms. 21 22 Type Length Value 23 24.8 4 R (in bits per second) 24 25 26 2.3.5.5.5 Downstream Maximum Sustained Traffic Rate 27 28 For a downstream Service Flow, this parameter is only applicable at the BS. The BS shall enforce expression 29 (1) on all downstream data transmissions. The BS shall not forward downstream packets that violates (1) in 30 31 any interval T. The BS SHOULD “rate shape” the downstream traffic by enqueuing packets arriving in 32 excess of (1), and delay them until the expression can be met. 33 34 This parameter is not intended for enforcement on the SS. 35 36 37 Type Length Value 38 25.8 4 R (in bits per second) 39 40 2.3.5.5.6 Maximum Traffic Burst 41 42 43 The value of this parameter specifies the token bucket size B (in bytes) for this Service Flow as described in 44 expression (1). This value is calculated from the byte following the MAC header HCS to the end of the MAC 45 PDU payload. 46 47 48 Type Length Value 49 [24/25].9 4 B (bytes) 50 51 Note: The specific algorithm for enforcing this parameter is not mandated here. Any implementation which satisfies the 52 above equation is conformant. 53 54 55 2.3.5.5.7 Minimum Reserved Traffic Rate 56 57 This parameter specifies the minimum rate, in bits/sec, reserved for this Service Flow. The BS SHOULD be 58 able to satisfy bandwidth requests for a Service Flow up to its Minimum Reserved Traffic Rate. If less band- 59 width than its Minimum Reserved Traffic Rate is requested for a Service Flow, the BS may reallocate the 60 61 excess reserved bandwidth for other purposes. The aggregate Minimum Reserved Traffic Rate of all Service 62 Flows may exceed the amount of available bandwidth. This value of this parameter is calculated from the 63 byte following the MAC header HCS to the end of the MAC PDU payload. If this parameter is omitted, then 64 it defaults to a value of 0 bits/sec (i.e., no bandwidth is reserved for the flow by default). 65

This is an unapproved Task Group document being circulated for comment. 47 IEEE 802.16.1-00/01, August 2000

1 This field is only applicable at the BS and shall be enforced by the BS. 2 3 4 Type Length Value 5 [24/25].10 4 6 7 Note: The specific algorithm for enforcing the value specified in this field is not mandated here. 8 9 2.3.5.5.8 Assumed Minimum Reserved Rate Packet Size 10 11 12 The value of this field specifies an assumed minimum packet size (in bytes) for which the Minimum 13 Reserved Traffic Rate will be provided. This parameter is defined in bytes and is specified as the bytes fol- 14 lowing the MAC header HCS to the end of the CRC2. If the Service Flow sends packets of a size smaller 15 than this specified value, such packets will be treated as being of the size specified in this parameter for cal- 16 culating the minimum Reserved Traffic Rate and for calculating bytes counts (e.g. bytes transmitted) which 17 18 may ultimately be used for billing. 19 20 The BS shall apply this parameter to its Minimum Reserved Traffic Rate algorithm. This parameter is used 21 by the BS to estimate the per packet overhead of each packet in the service flow. 22 23 24 If this parameter is omitted, then the default value is BS implementation dependent. 25 26 Type Length Value 27 [24/25].11 2 28 29 30 2.3.5.5.9 Timeout for Active QoS Parameters 31 32 The value of this parameter specifies the maximum duration resources remain unused on an active Service 33 Flow. If there is no activity on the Service Flow within this time interval, the BS shall change the active QoS 34 35 Parameter Sets to null. The BS shall signal this resource change with a DSC-REQ to the SS. 36 37 If defined, this parameter shall be enforced at the BS and SHOULD not be enforced at the SS. 38 39 40 Type Length Value 41 [24/25].12 2 seconds 42 43 The value of 0 means that the flow is of infinite duration and shall not be timed out due to inactivity. The 44 default value is 0. 45 46 47 2.3.5.5.10 Timeout for Admitted QoS Parameters 48 49 The value of this parameter specifies the duration that the BS shall hold resources for a Service Flow’s 50 Admitted QoS Parameter Set while they are in excess of its Active QoS Parameter Set. If there is no DSC- 51 REQ to activate the Admitted QoS Parameter Set within this time interval, the resources that are admitted 52 53 but not activated shall be released, and only the active resources retained. The BS shall set the Admitted QoS 54 Parameter Set equal to the Active QoS Parameter Set for the Service Flow and initiate a DSC-REQ exchange 55 with the SS to inform it of the change. 56 57 If this parameter is omitted, then the default value is 200 seconds. The value of 0 means that the Service 58 59 Flow can remain in the admitted state for an infinite amount of time and shall not be timed out due to 60 inactivity. However, this is subject to policy control by the BS. 61 62 63 64 2The payload size includes every PDU in a Concatenated MAC Frame. 65

This is an unapproved Task Group document being circulated for comment. 48 IEEE 802.16.1-00/01r4, September 2000

1 This parameter shall be enforced by the BS. The BS may set the response value less than the requested value. 2 3 4 Type Length Value 5 [24/25].13 2 seconds 6 7 2.3.5.5.11 Vendor Specific QoS Parameters 8 9 This allows vendors to encode vendor-specific QoS parameters. The Vendor ID shall be the first TLV 10 11 embedded inside Vendor Specific QoS Parameters. If the first TLV inside Vendor Specific QoS Parameters is 12 not a Vendor ID, then the TLV must be discarded. (Refer to 2.3.1.12) 13 14 Type Length Value 15 16 [24/25].43 n 17 18 2.3.5.6 Upstream-Specific QoS Parameter Encodings 19 20 2.3.5.6.1 Service Flow Scheduling Type 21 22 23 The value of this parameter specifies which upstream scheduling service is used for upstream transmission 24 requests and packet transmissions. If this parameter is omitted, then the Best Effort service shall be assumed. 25 26 This parameter is only applicable at the BS. If defined, this parameter shall be enforced by the BS. 27 28 29 Type Length Value 30 24.15 1 0 Reserved 31 3 32 1 for Undefined (BS implementation-dependent ) 33 2 for Best Effort 34 3 for Non-Real-Time Polling Service 35 36 4 for Real-Time Polling Service 37 5 for Unsolicited Grant Service with Activity Detection 38 6 for Unsolicited Grant Service 39 40 7 through 255 are reserved for future use 41 Bit #2 Reserved 42 Bit #3 Reserved 43 44 45 2.3.5.6.2 Nominal Polling Interval 46 47 The value of this parameter specifies the nominal interval (in units of microseconds) between successive uni- 48 cast request opportunities for this Service Flow on the upstream channel. This parameter is typically suited 49 for Real-Time and Non-Real-Time Polling Service. 50 51 52 The ideal schedule for enforcing this parameter is defined by a reference time t0, with the desired transmis- 53 sion times ti = t0 + i*interval. The actual poll times, t'i shall be in the range ti <= t'i <= ti + jitter, where inter- 54 val is the value specified with this TLV, and jitter is Tolerated Poll Jitter. The accuracy of the ideal poll times, 55 t , are measured relative to the BS Master Clock used to generate timestamps (refer to Section 2.5.3). 56 i 57 58 This field is only applicable at the BS. If defined, this parameter shall be enforced by the BS. 59 60 61 62 63 3The specific implementation dependent scheduling service type could be defined in the message type 64 24.43, Vendor Specific Information Field. 65

This is an unapproved Task Group document being circulated for comment. 49 IEEE 802.16.1-00/01, August 2000

1 Type Length Value 2 24.17 4 µsec 3 4 5 2.3.5.6.3 Request/Transmission Policy 6 7 The value of this parameter specifies a variety of uplink request and transmission restrictions, including the 8 9 capability to further restrict the scheduling service rules outlined in Table 20. Each restriction is enabled by 10 setting its associated bit to 1. If a bit is set to 0, the service flow uses the normal rules for the type of service 11 flow (UGS, UGS/AD, etc.) Bit #0 is the LSB of the value field. 12 13 14 Type Length Value 15 24.16 4 Bit #0 – Service flow shall not use broadcast bandwidth request opportunities. 16 Bit #1 – The service flow shall not use Priority Request multicast opportunities. 17 18 Bit #2 – The service flow shall not piggyback requests with data. 19 Bit #3 – The service flow shall not fragment data. 20 Bit #4 – The service flow shall not suppress payload headers (convergence 21 22 sublayer parameter) 23 All other bit positions are reserved. 24 25 2.3.5.6.4 Tolerated Poll Jitter 26 27 28 The values in this parameter specifies the maximum amount of time that the unicast request interval may be 29 delayed from the nominal periodic schedule (measured in microseconds) for this Service Flow. 30 31 The ideal schedule for enforcing this parameter is defined by a reference time t0, with the desired poll times 32 t = t + i*interval. The actual poll, t' shall be in the range t <= t' <= t + jitter, where jitter is the value spec- 33 i 0 i i i i 34 ified with this TLV and interval is the Nominal Poll Interval. The accuracy of the ideal poll times, ti, are mea- 35 sured relative to the BS Master Clock used to generate timestamps (refer to Section 2.5.3). 36 37 This parameter is only applicable at the BS. If defined, this parameter represents a service commitment (or 38 admission criteria) at the BS. 39 40 41 Type Length Value 42 24.18 4 µsec 43 44 2.3.5.6.5 Unsolicited Grant Size 45 46 47 The value of this parameter specifies the unsolicited grant size in bytes. The grant size includes the entire 48 MAC PDU. 49 50 This parameter is applicable at the BS and shall be enforced at the BS. 51 52 53 Type Length Value 54 24.19 2 55 56 Note: For UGS, this parameter should be used by the BS to compute the size of the unsolicited grant in minislots. 57 58 59 2.3.5.6.6 Nominal Grant Interval 60 61 The value of this parameter specifies the nominal interval (in units of microseconds) between successive 62 data grant opportunities for this Service Flow. This parameter is required for Unsolicited Grant and Unsolic- 63 64 ited Grant with Activity Detection Service Flows. 65

This is an unapproved Task Group document being circulated for comment. 50 IEEE 802.16.1-00/01r4, September 2000

1 The ideal schedule for enforcing this parameter is defined by a reference time t0, with the desired transmis- 2 sion times ti = t0 + i*interval. The actual grant times, t'i shall be in the range ti <= t'i <= ti + jitter, where inter- 3 val is the value specified with this TLV, and jitter is the Tolerated Grant Jitter. When an upstream Service 4 5 Flow with either Unsolicited Grant or Unsolicited Grant with Activity Detection scheduling becomes active, 6 the first grant shall define the start of this interval, i.e. the first grant shall be for an ideal transmission time, 7 ti. When multiple grants per interval are requested, all grants shall be within this interval, thus the Nominal 8 Grant Interval and Tolerated Grant Jitter shall be maintained by the BS for all grants in this Service Flow. 9 The accuracy of the ideal grant times, t , are measured relative to the BS Master Clock used to generate 10 i 11 timestamps (refer to Section 2.5.3). 12 13 This field is mandatory for Unsolicited Grant and Unsolicited Grant with Activity Detection Scheduling 14 Types. This field is only applicable at the BS, and shall be enforced by the BS. 15 16 17 Type Length Value 18 24.20 4 µsec 19 20 2.3.5.6.7 Tolerated Grant Jitter 21 22 23 The values in this parameter specifies the maximum amount of time that the transmission opportunities may 24 be delayed from the nominal periodic schedule (measured in microseconds) for this Service Flow. 25 26 The ideal schedule for enforcing this parameter is defined by a reference time t0, with the desired transmis- 27 sion times t = t + i*interval. The actual transmission opportunities, t' shall be in the range t <= t' <= t + 28 i 0 i i i i 29 jitter, where jitter is the value specified with this TLV and interval is the Nominal Grant Interval. The accu- 30 racy of the ideal grant times, ti, are measured relative to the BS Master Clock used to generate timestamps 31 (refer to Section 2.5.3). 32 33 This field is mandatory for Unsolicited Grant and Unsolicited Grant with Activity Detection Scheduling 34 35 Types. This field is only applicable at the BS, and shall be enforced by the BS. 36 37 Type Length Value 38 24.21 4 µsec 39 40 41 2.3.5.6.8 Grants per Interval 42 43 For Unsolicited Grant Service, the value of this parameter indicates the actual number of data grants per 44 Nominal Grant Interval. For Unsolicited Grant Service with Activity Detection, the value of this parameter 45 46 indicates the maximum number of Active Grants per Nominal Grant Interval. This is intended to enable the 47 addition of sessions to an existing Unsolicited Grant Service Flow via the Dynamic Service Change mecha- 48 nism, without negatively impacting existing sessions. 49 50 The ideal schedule for enforcing this parameter is defined by a reference time t , with the desired transmis- 51 0 52 sion times ti = t0 + i*interval. The actual grant times, t'i shall be in the range ti <= t'i <= ti + jitter, where inter- 53 val is the Nominal Grant Interval, and jitter is the Tolerated Grant Jitter. When multiple grants per interval 54 are requested, all grants shall be within this interval, thus the Nominal Grant Interval and Tolerated Grant Jit- 55 ter shall be maintained by the BS for all grants in this Service Flow. 56 57 58 This field is mandatory for Unsolicited Grant and Unsolicited Grant with Activity Detection Scheduling 59 Types. This field is only applicable at the BS, and shall be enforced by the BS. 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 51 IEEE 802.16.1-00/01, August 2000

1 Type Length Value Valid Range 2 24.22 1 # of grants 0-127 3 4 5 6 7 2.3.5.7 Downstream-Specific QoS Parameter Encodings 8 9 2.3.5.7.1 Maximum Downstream Latency 10 11 12 The value of this parameter specifies the maximum latency between the reception of a packet by the BS on 13 its NSI and the forwarding of the packet to its RF Interface. 14 15 If defined, this parameter represents a service commitment (or admission criteria) at the BS and shall be 16 17 guaranteed by the BS. A BS does not have to meet this service commitment for Service Flows that exceed 18 their minimum downstream reserved rate. 19 20 Type Length Value 21 µ 22 25.14 4 sec 23 24 2.3.6 Privacy Configuration Settings Option 25 26 This configuration setting describes parameters which are specific to Privacy. It is composed from a number 27 28 of encapsulated type/length/value fields. 29 30 Type Length Value 31 17 (= P_CFG) n 32 33 34 2.3.7 Confirmation Code 35 36 The Confirmation Code (CC) provides a common way to indicate failures for Registration Response, Regis- 37 tration Ack, Dynamic Service Addition-Response, Dynamic Service Addition-Ack, Dynamic Service 38 Delete-Response, Dynamic Service Change-Response and Dynamic Service Change-Ack MAC Manage- 39 40 ment Messages. 41 42 Confirmation Code is one of the following: 43 44 45 okay / success(0) 46 reject-other(1) 47 reject-unrecognized-configuration-setting(2) 48 49 reject-temporary / reject-resource(3) 50 reject-permanent / reject-admin(4) 51 reject-not-owner(5) 52 53 reject-service-flow-not-found(6) 54 reject-service-flow-exists(7) 55 reject-required-parameter-not-present(8) 56 reject-header-suppression(9) 57 58 reject-unknown-transaction-id(10) 59 reject-authentication-failure(11) 60 reject-add-aborted(12) 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 52 IEEE 802.16.1-00/01r4, September 2000

1 2.3.8 Convergence Sub-Layer Parameter Encodings 2 3 Configuration files will contain parameter information used by the convergence sub-layers. Each conver- 4 5 gence sub-layer defines a set of TLV parameters that are encoded as a set of TLVs within a subindex under 6 the type value 99. For example, convergence sub-layer “a” would define a set of TLVs using the subtype 7 index of 99.1. Convergence sub-layer “b” would define a set of TLVs using a subtype index of 99.2, etc. 8 9 10 Type Length Value 11 99 n TLV Subindex 12 13 14 2.4 Configuration File 15 16 2.4.1 SS IP Addressing 17 18 19 2.4.1.1 DHCP Fields Used by the SS 20 21 The following fields shall be present in the DHCP request from the SS and shall be set as described below: 22 23 24 The hardware type (htype) shall be set to 1 (Ethernet). 25 The hardware length (hlen) shall be set to 6. 26 The client hardware address (chaddr) shall be set to the 48-bit MAC address associated with the RF inter- 27 28 face of the SS. 29 The “client identifier” option shall be included, with the hardware type set to 1, and the value set to the 30 same MAC address as the chaddr field. 31 The “parameter request list” option shall be included. The option codes that shall be included in the list 32 33 are: 34 Option code 1 (Subnet Mask) 35 Option code 2 (Time Offset) 36 37 Option code 3 (Router Option) 38 Option code 4 (Time Server Option) 39 Option code 7 (Log Server Option) 40 41 Option code 60 (Vendor Specific Option) — A compliant SS shall send the following ASCII coded 42 string in Option code 60, “802.16.1:xxxxxxx”. Where xxxxx shall be the hexidecimal encoding 43 of the SS Capabilities, refer to Section 2.3.3.1. 44 45 The following fields are expected in the DHCP response returned to the SS. The SS shall configure itself 46 47 based on the DHCP response. 48 49 The IP address to be used by the SS (yiaddr). 50 51 The IP address of the TFTP server for use in the next phase of the bootstrap process (siaddr). 52 If the DHCP server is on a different network (requiring a relay agent), then the IP address of the relay 53 agent (giaddr). Note: this may differ from the IP address of the first hop router. 54 55 The name of the SS configuration file to be read from the TFTP server by the SS (file). 56 The subnet mask to be used by the SS (Subnet Mask, option 1). 57 The time offset of the SS from Universal Coordinated Time (UTC) (Time Offset, option 2). This is used 58 by the SS to calculate the local time for use in time-stamping error logs. 59 60 A list of addresses of one or more routers to be used for forwarding SS-originated IP traffic (Router 61 Option, option 3). The SS is not required to use more than one router IP address for forwarding. 62 A list of time servers [RFC-868] from which the current time may be obtained (Time Server Option, 63 64 option4). 65

This is an unapproved Task Group document being circulated for comment. 53 IEEE 802.16.1-00/01r4, September 2000

1 A list of SYSLOG servers to which logging information may be sent (Log Server Option, option 7). 2 3 2.4.2 SS Configuration 4 5 6 2.4.2.1 SS Binary Configuration File Format 7 8 The SS-specific configuration data shall be contained in a file which is downloaded to the SS via TFTP. This 9 is a binary file in the same format defined for DHCP vendor extension data [RFC-2132]. 10 11 12 It shall consist of a number of configuration settings (1 per parameter) each of the form 13 14 Type Length Value 15 16 17 Where 18 Type is a single- identifier which defines the parameter 19 20 Length is a single containing the length of the value field in s (not including type and length fields) 21 Value is from one to 254 s containing the specific value for the parameter 22 23 The configuration settings shall follow each other directly in the file, which is a stream of s (no record mark- 24 25 ers). 26 27 Configuration settings are divided into three types: 28 29 30 Standard configuration settings which shall be present 31 Standard configuration settings which may be present 32 Vendor-specific configuration settings. 33 34 SSs shall be capable of processing all standard configuration settings. SSs shall ignore any configuration set- 35 36 ting present in the configuration file which it cannot interpret. To allow uniform management of SS’s confor- 37 mant to this specification, conformant SS’s shall support a 8192-byte configuration file at a minimum. 38 39 Authentication of the provisioning information is provided by two message integrity check (MIC) configura- 40 tion settings, SS MIC and BS MIC. 41 42 43 SS MIC is a digest which ensures that the data sent from the provisioning server were not modified en 44 route. This is not an authenticated digest (it does not include any shared secret). 45 46 BS MIC is a digest used to authenticate the provisioning server to the BS during registration. It is taken 47 over a number of fields one of which is a shared secret between the BS and the provisioning server. 48 49 Use of the SS MIC allows the BS to authenticate the provisioning data without needing to receive the entire 50 file. 51 52 53 Thus the file structure is of the form shown in Figure 12: 54 55 56 57 Configuration Configuration Configuration SS MIC BS MIC 58 Setting 1 Setting 2 Setting n 59 60 Figure 7—Binary Configuration File Format 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 54 IEEE 802.16.1-00/01r4, September 2000

1 2.4.2.2 Configuration File Settings 2 3 The following configuration settings shall be included in the configuration file and shall be supported by all 4 5 SSs. 6 7 Network Access Configuration Setting 8 SS MIC Configuration Setting 9 10 BS MIC Configuration Setting 11 End Configuration Setting 12 Upstream Service Flow Configuration Setting 13 14 Downstream Service Flow Configuration Setting 15 16 The following configuration settings shall be included in the configuration file and shall be supported by all 17 SSs that support the specific Convergence Sub-layer: 18 19 20 Convergence Sub-layer Configuration Setting(s) 21 22 The following configuration settings may be included in the configuration file and if present shall be sup- 23 ported by all SSs. 24 25 26 Downstream Frequency Configuration Setting 27 Upstream Channel ID Configuration Setting 28 29 Privacy Configuration Setting 30 Software Upgrade Filename Configuration Setting 31 SNMP Write-Access Control 32 SNMP MIB Object 33 34 Software Server IP Address 35 SS Ethernet MAC Address 36 Maximum Number of SSs 37 38 Privacy Enable Configuration Setting 39 Payload Header Suppression 40 TFTP Server Timestamp 41 42 TFTP Server Provisioned SS Address 43 Pad Configuration Setting 44 45 The following configuration settings may be included in the configuration file and if present may be sup- 46 ported by a SS. 47 48 49 • Vendor-Specific Configuration Settings 50 2.4.2.3 Configuration File Creation 51 52 The sequence of operations required to create the configuration file is as shown in Figure 8 through Figure 53 54 11. 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 55 IEEE 802.16.1-00/01r4, September 2000

1 Create the type/length/value entries for all the parameters required by the SS. 2 3 4 type, length, value for parameter 1 5 type, length, value for parameter 2 6 7 8 9 type, length, value for parameter n 10 11 12 Figure 8—Create TLV Entries for Parameters Required by the SS 13 14 15 Calculate the SS message integrity check (MIC) configuration setting as defined in Section 2.4.2.3.1 16 17 and add to the file following the last parameter using code and length values defined for this 18 field. 19 20 21 type, length, value for parameter 1 22 type, length, value for parameter 2 23 24 25 26 27 type, length, value for parameter n 28 type,type, length, length, value value for forSSSS CM MIC MIC 29 30 31 Figure 9—Add SS MIC 32 33 34 Calculate the BS message integrity check (MIC) configuration setting as defined in Section 2.4.3.1 35 and add to the file following the SS MIC using code and length values defined for this field. 36 37 38 39 type, length, value for parameter 1 40 type, length, value for parameter 2 41 42 43 44 45 type, length, value for parameter n 46 type,type, length, length, value value for forSSSS CMMIC MIC 47 SS 48 type,type, length,length, value forfor BS CMTS MIC MIC 49 50 Figure 10—Add BS MIC 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 56 IEEE 802.16.1-00/01r4, September 2000

1 Add the end of data marker. 2 3 4 type, length, value for parameter 1 5 type, length, value for parameter 2 6 7 8 9 type, length, value for parameter n 10 11 type,type, length, length, value value for SSforSS MICCM MIC 12 type,type, length,length, value value for for BS SSCMTS MIC MIC 13 14 end of data marker 15 16 Figure 11—Add End of Data Marker 17 18 19 20 2.4.2.3.1 SS MIC Calculation 21 22 23 The SS message integrity check configuration setting shall be calculated by performing an MD5 digest over 24 the bytes of the configuration setting fields. It is calculated over the bytes of these settings as they appear in 25 the TFTPed image, without regard to TLV ordering or contents. There are two exceptions to this disregard of 26 the contents of the TFTPed image: 27 28 29 The bytes of the SS MIC TLV itself are omitted from the calculation. This includes the type, length, 30 and value fields. 31 32 The bytes of the BS MIC TLV are omitted from the calculation. This includes the type, length, and 33 value fields. 34 35 On receipt of a configuration file, the SS shall recompute the digest and compare it to the SS MIC configura- 36 tion setting in the file. If the digests do not match then the configuration file shall be discarded 37 38 39 2.4.3 Configuration Verification 40 41 It is necessary to verify that the SS’s configuration file has come from a trusted source. Thus, the BS and the 42 configuration server share an Authentication String that they use to verify portions of the SS’s configuration 43 44 in the Registration Request. 45 46 2.4.3.1 BS MIC Calculation 47 48 The BS message integrity check configuration setting shall be calculated by performing an MD5 digest over 49 50 the following configuration setting fields, when present in the configuration file, in the order shown: 51 52 Downstream Frequency Configuration Setting 53 54 Upstream Channel ID Configuration Setting 55 Network Access Configuration Setting 56 Privacy Configuration Setting 57 Vendor-Specific Configuration Settings 58 59 SS MIC Configuration Setting 60 Maximum Number of SSs 61 TFTP Server Timestamp 62 63 TFTP Server Provisioned SS Address 64 Upstream Service Flow Configuration Setting 65

This is an unapproved Task Group document being circulated for comment. 57 IEEE 802.16.1-00/01r4, September 2000

1 Downstream Service Flow Configuration Setting 2 Privacy Enable Configuration Setting 3 4 5 The above list specifies the order of operations when calculating the BS MIC over configuration setting Type 6 fields. The BS shall calculate the BS MIC over TLVs of the same Type in the order they were received. 7 Within Type fields, the BS shall calculate the BS MIC over the Subtypes in the order they were received. To 8 allow for correct BS MIC calculation by the BS, the SS shall not reorder configuration file TLVs of the same 9 10 Type or Subtypes within any given Type in its Registration-Request message. 11 12 All configuration setting fields shall be treated as if they were contiguous data when calculating the SS MIC. 13 14 The digest shall be added to the configuration file as its own configuration setting field using the BS MIC 15 16 Configuration Setting encoding. 17 18 The authentication string is a shared secret between the provisioning server (which creates the configuration 19 files) and the BS. It allows the BS to authenticate the SS provisioning. The authentication string is to be used 20 as the key for calculating the keyed BS MIC digest as stated in D.3.1.1. 21 22 23 The mechanism by which the shared secret is managed is up to the system operator. 24 25 On receipt of a configuration file, the SS shall forward the BS MIC as part of the registration request (REG- 26 REQ). 27 28 29 On receipt of a REG-REQ, the BS shall recompute the digest over the included fields and the authentication 30 string and compare it to the BS MIC configuration setting in the file. If the digests do not match, the registra- 31 tion request shall be rejected by setting the authentication failure result in the registration response status 32 field. 33 34 35 2.4.3.1.1 Digest Calculation 36 37 The BS MIC digest field shall be calculated using HMAC-MD5 as defined in [RFC-2104]. 38 39 40 2.5 Message Formats 41 42 43 MAC Protocol Data Units (PDU) shall be of the form illustrated in Figure 12. Each PDU is preceeded by a 44 fixed-length generic MAC header. The PDU may contain optional payload information from a convergence 45 sub-layer. The payload information can vary in length, so that a MAC PDU will represent a variable number 46 of bytes. The payload information is divided into a convergence sub-layer header and data portions. The def- 47 inition and use of these message components is defined outside of the scope of the core MAC protocol. This 48 49 allows the MAC to tunnel various higher layer traffic types without knowledge of the formats or bit patterns 50 of those messages. 51 52 A 32-bit CRC is appended to the MAC PDU. 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 58 IEEE 802.16.1-00/01r4, September 2000

1 Messages are always transmitted in the order: Most-Significant-Byte first with the Most-Significant-Bit first 2 in each byte. 3 4 5 6 7 8 9 Generic MAC Header Payload (optional) CRC(optional) 10 11 12 13 14 15 16 Convergence 17 18 Sub-layer Convergence Sub-layer Data 19 Header 20 21 22 Figure 12—MAC PDU Formats 23 24 25 26 When a connection is designated as requiring CRC, every MAC PDU shall have an appended checksum 27 28 field four bytes long using the CRC-32 as defined in ISO8802-3. 29 30 Three MAC header formats are defined. The first two are generic headers that precede each MAC Message, 31 including both management and convergence sub-layer data. The third format is used to request additional 32 bandwidth. The single bit Header Type (HT) field distinguishes the generic and bandwidth request header 33 34 formats. The HT field shall be set to 0 for generic headers. The HT field shall be set to 1 for a bandwidth 35 request header. 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 59 IEEE 802.16.1-00/01r4, September 2000

1 The format shown in Figure 13 shall be used for all PDUs transmitted by the SS to the BS in the uplink 2 direction. For downlink transmissions, the format shown in Figure 14 shall be used. 3 4 5 6 7 Bit 0 8 15 8 9 10 EC EKS Length 11 12 13 Connection Identifier 14 15 16 HT CSI FC FSN CI Reserved 17 =0 18 19 20 GM HCS 21 22 23 24 25 Grant Management 26 27 28 29 30 Unsolicited Grant Service SI PM 31 32 33 Unsolicited Grant Service 34 SI Grants Per Interval 35 with Activity Detection 36 37 38 All others 39 Piggy-Back Request 40 41 42 Figure 13—Generic MAC Header Format (Uplink) 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 60 IEEE 802.16.1-00/01r4, September 2000

1 These two generic header formats are equivalent with the exception of the Grant Mangament field, which is 2 only present in uplink transmissions. 3 4 5 Bit 0 8 15 6 7 8 EC EKS Length 9 10 11 12 Connection Identifier 13 14 15 HT CSI FC FSN CI Reserved 16 =0 17 18 19 HCS 20 21 22 23 24 25 Figure 14—Generic MAC Header Format (Downlink) 26 27 28 29 The Grant Management (GM) field is one byte in length and is used by the SS to convey bandwidth manage- 30 ment needs to the BS. This field is encoded differently based upon the type of connection (as given by the 31 Connection ID). The use of this field is defined in Section 2.10. 32 33 34 The third header is a special format used by a SS to request additional bandwidth. This header shall always 35 be transmitted without a PDU. The format of the Bandwidth Request Header is given in Figure 15. 36 37 Bit 0 8 15 38 39 40 41 1 0000 Length (=7) 42 43 44 CID 45 46 47 HT BR 48 =1 49 50 51 HCS 52 53 54 Figure 15—Bandwidth Request Header Format 55 56 57 58 The Bandwidth Request (BR) Header is used by a SS to request uplink bandwidth. A Bandwidth Request 59 Header shall not have an associated payload: 60 61 62 The length of the header shall always be 7 bytes. 63 The EC field shall be set to 1, indicating no encryption. 64 The CID shall indicate the Service Flow for which uplink bandwidth is requested. 65

This is an unapproved Task Group document being circulated for comment. 61 IEEE 802.16.1-00/01r4, September 2000

1 The Bandwidth Request (BR) field shall indicate the number of bytes requested. 2 3 A SS receiving a Bandwidth Request Header on the downlink shall discard the PDU. 4 5 6 The various fields of the header formats are defined in Table 5. Every header is encoded starting with the EC 7 and EKS fields. The coding of these fields is such that the first byte of a MAC header shall never have the 8 value of 0xFX. This prevents false detection on the stuff byte used in the Transmission Convergence Sub- 9 layer. 10 11 12 13 Table 5—MAC Header Fields 14 15 Length 16 Name Description 17 (bits) 18 19 BR 15 Bandwidth Request 20 The number of bytes of uplink bandwidth requested by the CPE. The bandwidth request is 21 for the CID. The request shall not include any PHY layer overhead 22 23 CID 16 Connection Identifier 24 CSI 1 Convergence Sub-layer Indication 25 This bit is allocated to a convergence layer process for signaling between equivalent peers. 26 27 EC 1 Encryption Control 28 1 = Payload is not encrypted 29 0 = Payload is encrypted 30 31 EKS 4 Encryption Key Sequence 32 The index of the Traffic Encryption Key and Initialization Vector used to encrypt the pay- 33 load. This field is only meaningful if the Encryption Control field is set to zero. This field 34 must be set to all zeros when the EC is 1. 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 62 IEEE 802.16.1-00/01r4, September 2000

1 Table 5—MAC Header Fields 2 3 Length 4 Name Description 5 (bits) 6 7 FC 2 Fragmentation Control 8 Indicates the fragmentation state of the payload: 9 00 = no fragmentation 10 01 = last fragment 11 10 = first fragment 12 11 = continuing (middle) fragment 13 14 FSN 4 Fragmentation Sequence Number 15 Defines the sequence number of the current fragment. The initial fragment (FC=10) sets this 16 field to 0. This field increments by one (modulo 16) for each fragment. 17 18 When fragmentation is not used (FC= 00), this field shall be set to 0. 19 GPI 7 Grants Per Interval 20 The number of grants required by a connection using UGS with Activity Detection 21 22 HCS 8 Header Check Sequence 23 An 8-bit field used to detect errors in the header. The generator polynomial is g(D)=D8 + D2 24 + D + 1. 25 26 HT 1 Header Type 27 0 = Generic Header 28 1 = Bandwidth Request Header 29 30 LEN 11 Length 31 The length in bytes of the entire MAC header and any MAC PDU information that follows 32 this specific header. 33 34 PBR 8 Piggy-Back Request 35 The number of bytes of uplink bandwidth requested by the CPE. The bandwidth request is 36 for the CID. The request shall not include any PHY layer overhead. 37 PM 1 Poll-Me 38 0 = No action. 39 1 = Used by the CPE to request a bandwidth poll. 40 41 SI 1 Slip Indicator 42 0 = No action 43 1 = Used by the CPE to indicate a slip of uplink grants relative to the uplink queue depth. 44 45 CI 1 CRC Indicator 46 1 = CRC is appended to the PDU 47 0 = No CRC is appended 48 49 50 51 Multiple MAC PDUs may be concatenated into a single transmission in either the uplink or downlink direc- 52 tions. Figure 16 illustrates this concept for an uplink burst transmission. Since each PDU is identifiied by a 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 63 IEEE 802.16.1-00/01r4, September 2000

1 unique Connection Identifier, the receiving MAC entity is able to present the PDU to the correct SAP . Grant 2 Management, user data, and bandwidth request PDUs may be concatenated into the same tranmission. 3 4 5 Uplink Burst #n Uplink Burst #n+1 6 7 8 User Bandwidth Management User User 9 PDU Rquest PDU PDU PDU PDU 10 11 CID = 0x2301 CID = 0x0399 CID = 0x0EF1 CID = 0x5F3E CID = 0x2555 12 13 Figure 16—MAC PDU Concatenation showing example CIDs 14 15 16 17 ARQ is optional for both the SS and the BS. 18 19 When ARQ is in use, the ARQ mechanism requires adding control and checksum fields to each ARQ- 20 enabled packet. The checksum field is four bytes long, standard IEEE CRC-32, and it is appended at the end 21 22 of the packet. The control field is two bytes long and is prepended at the beginning of the packet. The control 23 bit structure contains a 4-bit retry number and a 12 -bit sequence number. The retry number field is reset 24 when a packet is first sent, and is incremented whenever it is retransmitted (up to the terminal value of 15). 25 The sequence number field is assigned to each packet on its first transmission and then incremented. The 26 sequence number does not change when a packet is retransmitted. These ARQ-related fields are added only 27 28 to packets for which ARQ is in use. 29 30 2.5.1 Convergence Sub-layer PDU Formats 31 32 The format of the convergence sub-layer PDU shall be as shown in Figure 17. A Convergence Sub-layer 33 34 PDU may have a zero length payload. Convergence sublayer messages must not be transported on the Basic 35 36 37 38 39 Generic MAC Header 40 41 42 43 44 45 46 Convergence Sub-layer Payload 47 48 49 50 51 Figure 17—Convergence Sub-layer PDU Format 52 53 54 55 Connection ID nor on the Secondary Managment CID. 56 57 58 2.5.2 MAC Management Messages 59 60 A set of management Messages are defined within the core MAC. These Messages shall use the standard 61 Message format as given in Section 2.5.1. All management Messages shall begin the payload content with a 62 single byte field indicating the management Message type. The format of the management Message is given 63 64 65

This is an unapproved Task Group document being circulated for comment. 64 IEEE 802.16.1-00/01r4, September 2000

1 in Figure 18. The encoding of the Message type field is given in Table 6. MAC management messages must 2 3 4 Bit 0 8 15 5 6 7 8 Generic Header 9 10 11 12 13 14 Management Message Type 15 16 17 18 19 Management Message Payload 20 21 22 23 24 25 Figure 18—MAC Management Message Format 26 27 28 29 not be carried on Transport connections. 30 31 32 33 34 Table 6—MAC Management Messages 35 36 37 Type Message Name Message Description 38 39 0 UCD Uplink Channel Descriptor 40 41 1 DCD Downlink Channel Descriptor 42 43 2 DL-MAP Downlink Access Definition 44 45 3 UL-MAP Uplink Access Definition 46 47 4 RNG-REQ Ranging Request 48 49 5 RNG-RSP Ranging Response 50 51 6 REG-REQ Registration Request 52 7 REG-RSP Registration Response 53 54 8 REG-ACK Registration Acknowledge 55 56 9 PKM-REQ Privacy Key Management Request 57 58 10 PKM-RSP Privacy Key Management Response 59 60 11 DSA-REQ Dynamic Service Addition Request 61 62 12 DSA-RSP Dynamic Service Addition Response 63 64 13 DSA-ACK Dynamic Service Addition Acknowledge 65

This is an unapproved Task Group document being circulated for comment. 65 IEEE 802.16.1-00/01r4, September 2000

1 Table 6—MAC Management Messages 2 3 4 Type Message Name Message Description 5 6 14 DSC-REQ Dynamic Service Change Request 7 8 15 DSC-RSP Dynamic Service Change Response 9 10 16 DSC-ACK Dynamic Service Change Acknowledge 11 17 DSD-REQ Dynamic Service Deletion Request 12 13 18 DSD-RSP Dynamic Service Deletion Response 14 15 19 DCC-REQ Dynamic Channel Change Request 16 17 20 DCC-RSP Dynamic Channel Change Response 18 19 21 MCA-REQ Multicast Assignment Request 20 21 22 MCA-RSP Multicast Assignment Response 22 23 23 DMC-REQ Downlink Burst Type Change Request 24 25 24 ARQ-ACK ARQ Acknowledgement 26 27 245-255 Reserved for future use 28 29 30 2.5.2.1 Uplink Channel Descriptor (UCD) Message 31 32 33 An Uplink Channel Descriptor shall be transmitted by the BS at a periodic interval to define the characteris- 34 tics of an upstream physical channel. A separate UCD Message shall be transmitted for each active uplink. 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 66 IEEE 802.16.1-00/01r4, September 2000

1 To provide for flexibility the message parameters following the channel ID shall be encoded in a type/length/ 2 value (TLV) form in which the type and length fields are each 1 long. 3 4 5 0 8 16 24 31 6 7 8 9 MAC Management Header 10 11 12 13 14 Uplink Configuration Mini-slot Downlink 15 16 Channel ID Change Count Size Channel ID 17 18 19 TLV Encoded information for the overall channel 20 21 22 23 24 TLV-encoded Burst Description (#1) 25 26 27 28 29 30 31 32 TLV-encoded Burst Description (#n) 33 34 35 36 Figure 19—Uplink Channel Descriptor (UCD) Message Format 37 38 39 40 41 A BS shall generate UCDs in the format shown in Figure 19, including all of the following parameters: 42 43 Configuration Change Count 44 45 46 Incremented by one (modulo the field size) by the BS whenever any of the values of this channel 47 descriptor change. If the value of this count in a subsequent UCD remains the same, the SS can 48 49 quickly decide that the remaining fields have not changed, and may be able to disregard the remain- 50 der of the message. This value is also referenced from the UL-MAP messages. 51 52 Mini-Slot Size 53 54 55 The size T of the Mini-Slot for this uplink channel in units of Physical Slots. Allowable values are T 56 = 2m, where m = 0,...7. 57 58 59 Uplink Channel ID 60 61 The identifier of the uplink channel to which this Message refers. This identifier is arbitrarily chosen 62 by the BS and is only unique within the MAC-Sublayer domain. 63 64 65

This is an unapproved Task Group document being circulated for comment. 67 IEEE 802.16.1-00/01r4, September 2000

1 Downlink Channel ID 2 3 4 The identifier of the downlink channel on which this Message has been transmitted. This identifier is 5 arbitrarily chosen by the BS and is only unique within the MAC-Sublayer domain. 6 7 All other parameters are coded as TLV tuples. The type values used shall be those defined in Table 7, for 8 channel parameters, and Table 9, for uplink physical layer burst attributes. Channel-wide parameters (from 9 10 Table 7) shall preceed burst descriptors (type 1 below). 11 12 13 Table 7—Uplink Physical Channel Attributes 14 15 16 Name Type Length Value 17 (1 byte) (1 byte) (Variable Length) 18 19 Burst Descriptor 1 May appear more than once; described below. The length is the 20 number of bytes in the overall object, including embedded TLV 21 items. 22 23 Symbol Rate 2 2 5 - 40 MBaud. The incremental rates are not yet defined for the 24 25 PHY layer. The use of a TLV allows future clarification of this 26 field without modification to the MAC. 27 28 Frequency 3 4 Uplink center frequency (kHz) 29 30 Preamble Pattern 4 1-128 Preamble superstring. 31 All burst-specific preamble values are chosen as bit-substrings of 32 this string. The first byte of the Value field contains the first 8 bits 33 of the superstring, with the first bit of the preamble superstring in 34 the MSB position of the first Value field byte, the eighth bit of the 35 36 preamble superstring in the LSB position of the first Value field 37 byte; the second byte in the Value field contains the second eight 38 bits of the superstring, with the ninth bit of the superstring in the 39 MSB of the second byte and sixteenth bit of the preamble super- 40 string in the LSB of the second byte, and so forth. 41 42 Tx/Rx Gap 5 1 The number of PS between the end of the downlink and uplink 43 transmissions. This TLV is only used if the PHY Type field of the 44 45 DL-MAP message is {0, 1} (TDD). 46 47 Rx/Tx Gap 6 1 The number of PS between the end of the uplink and downlink 48 transmissions. This TLV is only used if the PHY Type field of the 49 DL-MAP message is {0, 1} (TDD). 50 51 Roll-off factor 7 1 0=0.15, 1=0.25, 2=0.35 52 53 Spectrum inversion 8 1 0=inverted, 1=non-inverted 54 55 56 57 58 Burst Descriptors are compound TLV encodings that define, for each type of uplink usage interval, the phys- 59 ical-layer characteristics that are to be used during that interval. The uplink interval usage codes are defined 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 68 IEEE 802.16.1-00/01r4, September 2000

1 Table 8—Uplink Map Information Elements 2 3 4 IE Name Uplink Connection Mini-slot Offset 5 Interval ID 6 Usage 7 8 Code 9 (UIUC) 10 11 Request 1 any Starting offset of REQ region 12 13 Initial 2 broadcast Starting offset of MAINT region (used in Initial Ranging) 14 Maintenance 15 16 Station 3 unicast Starting offset of MAINT region (used in Periodic Ranging) 17 Maintenance 18 19 Data Grant 1 4 unicast Starting offset of Data Grant assignment 20 If inferred length = 0, then it is a Data Grant pending. 21 22 Data Grant 2 5 unicast Starting offset of Data Grant assignment 23 24 If inferred length = 0, then it is a Data Grant Pending 25 Data Grant 3 6 unicast Starting offset of Data Grant 2 assignment 26 27 If inferred length = 0, then it is a Data Grant pending. 28 29 Data Grant 4 7 unicast Starting offset of Data Grant 2 assignment 30 If inferred length = 0, then it is a Data Grant pending. 31 32 Data Grant 5 8 unicast Starting offset of Data Grant 3 assignment 33 If inferred length = 0, then it is a Data Grant pending. 34 35 Data Grant 6 9 unicast Starting offset of Data Grant 3 assignment 36 If inferred length = 0, then it is a Data Grant pending. 37 38 Null IE 10 zero Ending offset of the previous grant. 39 40 Used to bound the length of the last actual interval allocation. 41 Empty 11 zero Used to schedule gaps in transmission 42 43 Reserved 11-14 any Reserved 44 45 Expansion 15 expanded # of additional 32-bit words in this IE 46 47 UIUC 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 69 IEEE 802.16.1-00/01r4, September 2000

1 in the UL-MAP Message. illustrates the format of each Burst Descruption TLV. Each TLV is encoded with a 2 Type of 1, an eight bit length, and a four bit UIUC. 3 4 5 6 7 8 9 10 11 12 13 Type = 1 Length 14 UIUC 15 (Burst Descriptor) 1..n 16 17 18 19 TLV codes for PHY parameters 20 21 22 23 24 25 Figure 20—Top-Level Encoding for a Burst Descriptor 26 27 28 29 30 31 A Burst Descriptor shall be included for each Interval Usage Code that is to be used in the UL-MAP. The 32 Interval Usage Code shall be one of the values from Table 13. 33 34 Within each Burst Descriptor is an unordered list of Physical-layer attributes, encoded as TLV values. These 35 attributes are shown in Table 9. 36 37 38 2.5.2.2 Downlink Channel Descriptor (DCD) Message 39 40 A Downlink Channel Descriptor shall be transmitted by the BS at a periodic interval to define the character- 41 istics of a downstram physical channel. A separate DCD message shall be transmitted for each active down- 42 43 link. 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 70 IEEE 802.16.1-00/01r4, September 2000

1 Table 9—Uplink Physical Layer Burst Profile Parameters 2 3 4 Name Type Length Value 5 (1 byte) (1 byte) (Variable Length) 6 7 Modulation Type 1 1 1 = QPSK, 2 = 16QAM, 3 = 64-QAM 8 9 Differential 2 1 1 = on, 2 = off 10 Encoding 11 12 Preamble Length 3 2 Up to 1024 bits. The preamble must be an integer number of PSs 13 (a multiple of 2 for QPSK and 4 for 16QAM and 6 for 64QAM) 14 15 Preamble Value 4 2 Identifies the bits to be used for the preamble value. This is speci- 16 fied as a starting offset into the Preamble Pattern (see Table 7). 17 Offset 18 That is, a value of zero means that the first bit of the preamble for 19 this burst type is the value of the first bit of the Preamble Pattern. 20 A value of 100 means that the preamble is to use the 101st and 21 succeeding bits from the Preamble Pattern. This value must be a 22 multiple of the symbol size. 23 24 The first bit of the Preamble Pattern is the firstbit transmitted in 25 the uplink burst. 26 27 FEC code type 5 1 1 = Reed-Solomon only 28 2 = Reed-Solomon + Inner (9,8) Parity Check Code 29 3 = Reed-Solomon + Inner (24,16) Block Convolutional Code 30 31 4 = Block Turbo Code (Optional) 32 5-255 = Reserved 33 34 RS information 6 1 K=6-255 35 bytes (K) 36 37 RS error correction 7 1 T=0-16 38 capability (T) 39 40 BCC code type 8 1 1 = (24,16) 41 2-255 = Reserved 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 71 IEEE 802.16.1-00/01r4, September 2000

1 Table 9—Uplink Physical Layer Burst Profile Parameters 2 3 4 Name Type Length Value 5 (1 byte) (1 byte) (Variable Length) 6 7 BTC Row code type 9 1 1 = (64,57) Extended Hamming 8 2 = (32,26) Extended Hamming 9 10 3-255 = Reserved 11 12 BTC Column code 10 1 1 = (64,57) Extended Hamming 13 type 2 = (32,26) Extended Hamming 14 3-255 = Reserved 15 16 BTC Row code 11 1 0-255 columns 17 shortening 18 19 BTC Column code 12 1 0-255 rows 20 shortening 21 22 BTC Product code 13 1 0-255 bits 23 shortening bits 24 25 Scrambler Seed 14 2 The 15-bit seed value left justified in the 2 byte field. Bit 15 is the 26 27 MSB of the first byte and the LSB of the second byte is not used. 28 (Not used if scrambler is off) 29 30 Guard Time Size 15 1 Number of PSs which must follow the end of this burst. (Although 31 this value may be derivable from other network and architectural 32 parameters, it is included here to ensure that the SSs and BS all 33 use the same value.) 34 35 Last Codeword 16 1 1 = fixed; 2 = shortened 36 Length 37 38 Scrambler on/off 17 1 1 = on; 2 = off 39 40 Convergence layer 18 1 0=enabled, 1=disabled 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 72 IEEE 802.16.1-00/01r4, September 2000

1 To provide for flexibility the message parameters following the channel ID shall be encoded in a type/length/ 2 value (TLV) form in which the type and length fields are each 1 long. 3 4 5 0 8 16 24 31 6 7 8 9 MAC Management Header 10 11 12 13 14 Downlink Configuration 15 16 Channel ID Change Count 17 18 19 TLV-encoded Burst Description (#1) 20 21 22 23 24 25 26 27 28 TLV-encoded Burst Description (#n) 29 30 31 Figure 21—Downlink Channel Descriptor (DCD) Message Format 32 33 34 35 A BS shall generate DCDs in the format shown in Figure 21, including all of the following parameters: 36 37 38 Configuration Change Count 39 40 Incremented by one (modulo the field size) by the BS whenever any of the values of this channel 41 42 descriptor change. If the value of this count in a subsequent UCD remains the same, the SS can 43 quickly decide that the remaining fields have not changed, and may be able to disregard the remain- 44 der of the message. This value is also referenced from the UL-MAP messages. 45 46 Downlink Channel ID 47 48 49 The identifier of the downlink channel to which this Message refers. This identifier is arbitrarily 50 chosen by the BS and is only unique within the MAC-Sublayer domain. 51 52 53 54 All other parameters are coded as TLV tuples. The type values used shall be those defined in Table 10, for 55 channel parameters, and Table 12, for downlink physical layer burst attributes. Channel-wide parameters 56 (from Table 12) shall preceed burst descriptors (type 1 below). 57 58 59 Burst Descriptors are compound TLV encodings that define, for each type of downlink usage interval, the 60 physical-layer characteristics that are to be used during that interval. The downlink interval usage codes are 61 defined in the DL-MAP Message. The mapping between Burst Type and Downlink Interval Usage Code is 62 given in Table 11. 63 64 65

This is an unapproved Task Group document being circulated for comment. 73 IEEE 802.16.1-00/01r4, September 2000

1 Table 10—Downlink Physical Channel Attributes 2 3 4 Name Type Length Value 5 (1 byte) (1 byte) (Variable Length) 6 7 Burst Descriptor 1 May appear more than once; described below. The length is the 8 number of bytes in the overall object, including embedded TLV 9 items. 10 11 BS Transmit Power 2 1 Signed in units of 1dB 12 13 Roll-off factor 3 1 0=0.15, 1=0.25, 2=0.35 14 15 FSDD/TDD frame 8 4 The number of PS contained in a FSDD or TDD frame. This TLV 16 time is used only if the PHY Type field of the DL-MAP message is {0, 17 18 1, 3} (TDD, FSDD). 19 20 21 Table 11: Mapping of Burst Type to Downlink Interval Usage Code 22 23 24 Burst Type Downlink Interval Comments 25 Usage Code (DIUC) 26 27 reserved 0 TDM Burst Type 1 is well known 28 29 TDM Burst type 2 1 30 31 TDM Burst type 3 2 32 33 TDM Burst type 4 3 34 35 TDM Burst type 5 4 36 37 TDM Burst type 6 5 38 39 reserved 6-7 40 41 42 TDMA Burst type 1 8 TDM Burst Type 1 with re-sync preamble 43 TDMA Burst type 2 9 TDM Burst Type 2 with re-sync preamble 44 45 46 TDMA Burst type 3 10 TDM Burst Type 3 with re-sync preamble 47 48 TDMA Burst type 4 11 TDM Burst Type 4 with re-sync preamble 49 50 TDMA Burst type 5 12 TDM Burst Type 5 with re-sync preamble 51 52 TDMA Burst type 6 13 TDM Burst Type 6 with re-sync preamble 53 54 Gap 14 TDMA DL only 55 56 End of DL MAP 15 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 74 IEEE 802.16.1-00/01r4, September 2000

1 Figure 22 illustrates the format of each Burst Description TLV. Each TLV is encoded with a Type of 1, an 2 eight bit length, and a four bit DIUC. The IUC field is associated with the Downlink Burst Profile and 3 4 5 6 7 8 9 10 11 12 13 Type = 1 Length 14 (Burst Descriptor) DIUC 15 1..n 16 17 18 19 TLV codes for PHY parameters 20 21 22 23 24 25 Figure 22—Top-Level Encoding for a Downlink Burst Descriptor 26 27 28 29 Thresholds. The IUC value is used in the DL-MAP message to specify the Burst Profile to be used for a spe- 30 cific downlink burst. 31 32 Burst Type Thresholds 33 34 35 An optional parameter. The thresholds for transition between the various DIUC types on a downlink 36 channel are specified by the BS for use by the SS. 37 38 Threshold Delta 39 40 41 An optional parameter. The delta about which a hysteresis is defined for transition of the SS between 42 modulation types. Used by the SS in conjuction with the 16-QAM and 64-QAM Thresholds to deter- 43 44 mine when to request a modulation change for the downlink channel. 45 46 A Burst Descriptor shall be included for each Interval Usage Code that is to be used in the DL-MAP. 47 48 Within each Burst Descriptor is an unordered list of Physical-layer attributes, encoded as TLV values. These 49 attributes are shown in Table 12. 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 75 IEEE 802.16.1-00/01r4, September 2000

1 Table 12—Downlink Physical Layer Burst Profile Parameters 2 3 Type Length Value 4 Name 5 (1 byte) (1 byte) (Variable Length) 6 7 Modulation Type 1 1 1 = QPSK 8 2 = 16QAM 9 3 = 64-QAM 10 11 FEC code type 2 1 1 = Reed-Solomon only 12 2 = Reed-Solomon + Inner (9,8) Parity Check Code 13 3 = Reed-Solomon + Inner Block Convolutional Code 14 4 = Block Turbo Code (Optional) 15 5-255 = Reserved 16 RS information bytes (K) 3 1 K=6-255 17 18 RS error correction capability (T) 4 1 T=0-16 19 20 BCC code type 5 1 1 = (24,16) 21 2-255 = Reserved 22 23 BTC Row code type 6 1 1 = (64,57) Extended Hamming 24 2 = (32,26) Extended Hamming 25 3-255 = Reserved 26 27 BTC Column code type 7 1 1 = (64,57) Extended Hamming 28 2 = (32,26) Extended Hamming 29 3-255 = Reserved 30 BTC Row code shortening 8 1 0-255 columns 31 32 BTC Column code shortening 9 1 0-255 rows 33 34 BTC Product code shortening 10 1 0-255 bits 35 bits 36 37 Last codeword length 11 1 1=fixed; 2=shortened (optional) 38 39 This allows for the transmitter to shorten the last code- 40 word, based upon the allowable shortened codewords for 41 the particular code type. 42 43 IUC low threshold 13 1 C/I+N required for starting to use this IUC when a chang- 44 ing to a more robust IUC is required, in ¼ dB units. 45 IUC high threshold 14 1 C/I+N required for starting to use this IUC when a chang- 46 ing to a more less IUC is required, in ¼ dB units. 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 76 IEEE 802.16.1-00/01r4, September 2000

1 2.5.3 Downlink MAP (DL-MAP) Message 2 3 The Downlink MAP (DL-MAP) message defines the access to the downlink information relative to the PHY 4 5 mode. The DL-MAP message takes on different formats depending upon the value of the PHY Type field. 6 7 8 9 10 11 12 MAC Management Header 13 14 15 16 17 PHY Synchronization 18 19 20 21 Base Station ID[0:31] 22 23 24 Base Station ID[32:63] 25 26 27 28 29 30 MAP Elements (PHY Type = {0,1}) 31 32 33 34 35 36 Figure 23—Downlink MAP Message Format 37 38 39 40 A BS shall generate DL-MAP messages in the format shown in Figure 23, including all of the following 41 parameters: 42 43 44 PHY Synchronization 45 46 A four byte field. The first three bits define the PHY type, as given by the following value: 47 48 0 = TDD 49 1 = FDD/TDM (Burst Downlink PHY) 50 5 = FDD/TDM (Continuous Downlink PHY) 51 52 53 The remaining 29 bits are encoded as shown in Figure 24 for PHY Type = {0,1} or Figure 25 for 54 PHY Type = 5. For burst downlink PHY operations, the bits are encoded as the frame number. For 55 56 continuous downlink PHY operations, the bits are encoded as a timestamp that synchronizes the 57 uplink transmissions. For PHY type = 5, the time stamp represents the count state of the base station 58 counter at the instant that the first byte of the Downlink MAP Message is transferred from the 59 Downstream Transmission Convergence Sublayer to the Downstream Physical Media Dependent 60 61 Sublayer. Figure 24 shows the 5 bits that encode the Frame Length types. They are defined by the 62 following values, which map to the frame times defined in section 3.2.2. 63 64 65 0 = 0.5 millisecond

This is an unapproved Task Group document being circulated for comment. 77 IEEE 802.16.1-00/01r4, September 2000

1 1 = 1 millisecond 2 2 = 2 milliseconds 3 4 All other values are reserved. 5 6 The encoding of remaining portions of the DL-MAP message are also based upon the PHY field. 7 8 For PHY Type = 5, no additional information follows the Base Station ID field. For PHY Type = {0, 9 1}, a set of mapping information, as defined by the DL Burst Descriptors, is defined as in Figure 26. 10 MAP information elements must be in time order, which is not neccessarily IUC order or connection 11 12 ID order. For more information, refer to section 3.2. 13 14 15 16 PHY Type Frame Length Frame Number 17 Code 18 19 20 Frame Number 21 22 23 Figure 24—PHY Synchronization Field (PHY Type = {0,1}) 24 25 26 27 28 29 30 31 PHY Type Uplink Timestamp[29:16] 32 33 34 Uplink Timestamp[15:0] 35 36 37 38 Figure 25—PHY Synchronization Field (PHY Type = 5) 39 40 41 42 The BS timestamp jitter must be less than 500 ns peak-to-peak at the output of the Downstream Transmis- 43 sion Convergence Sublayer. This jitter is relative to an ideal Downstream Transmission Convergence Sub- 44 layer that transfers the TC packet data to the Downstream Physical Media Dependent Sublayer with a 45 perfectly continuous and smooth clock at symbol rate. Downstream Physical Media Dependent Sublayer 46 47 processing shall not be considered in timestamp generation and transfer to the Downstream Physical Media 48 Dependent Sublayer. 49 50 Thus, any two timestamps N1 and N2 (N2 > N1) which were transferred to the Downstream Physical Media 51 Dependent Sublayer at times T1 and T2 respectively must satisfy the following relationship: 52 53 54 (N2 - N1)/(4 x Symbol Rate) - (T2 - T1) < 500 nsec 55 56 The jitter includes inaccuracy in timestamp value and the jitter in all clocks. The 500ns allocated for jitter at 57 the Downstream Transmission Convergence Sublayer output must be reduced by any jitter that is introduced 58 59 by the Downstream Physical Media Dependent Sublayer. 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 78 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 Downlink MAP Message 7 8 9 10 11 Physical Slot Start #1 12 DIUC 13 14 15 16 17 18 19 DIUC Physical Slot Start #n 20 21 22 23 Figure 26—Downlink TDM MAP Message Element Format 24 25 26 27 The CID entry in the TDMA version of the DL-MAP message defines the allocation of bandwidth for that 28 connection. For a SS operating in GPC mode, the CID shall be the Transport CID. For a SS operating in 29 GPT mode, the CID shall be the Basic CID. 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 79 IEEE 802.16.1-00/01r4, September 2000

1 2.5.4 Uplink MAP (UL-MAP) Message 2 3 The Uplink MAP (UL-MAP) message allocates access to the upstream channel. The UL-MAP message 4 5 shall be as shown in Figure 27. 6 7 0 8 16 24 31 8 9 10 11 12 MAC Management Header 13 14 15 16 17 UL Channel ID UCD Count Number of Elements 18 19 20 21 Allocation Start Time 22 23 24 Acknowledgement Time 25 26 27 28 Ranging Backoff Ranging Backoff Request Backoff RequestBackoff 29 Start End Start End 30 31 32 Connection ID UIUC Offset = 0 33 34 35 Connection ID UIUC Offset 36 37 38 39 40 41 42 43 44 Connection ID = 0 UIUC Offset = map length 45 =10 46 47 48 Connection ID UIUC Offset = map length 49 (data grant pending) 50 51 52 53 54 55 56 57 Connection ID UIUC Offset = map length 58 (data grant pending) 59 60 Figure 27—Uplink MAP Message Format 61 62 63 Uplink Channel ID 64 65

This is an unapproved Task Group document being circulated for comment. 80 IEEE 802.16.1-00/01r4, September 2000

1 The identifier of the uplink channel to which this Message refers. 2 UCD Count 3 4 Matches the value of the Configuration Change Count of theUCD which describes the burst parame- 5 ters which apply to this map. 6 7 Number of Elements 8 9 10 Number of information elements in the map. 11 12 Alloc Start Time 13 14 15 Effective start time of the uplink allocation defined by the UL-MAP in units of mini-slots. The start 16 time is relative to the start of a frame in which UL-MAP message is transmitted (PHY Type = 17 {0.,1,3}) or from BS initialization (PHY Type = 5). 18 19 20 Ack Time 21 22 Latest time processed in uplink in units of mini-slots. This time is used by the SS for collision detec- 23 24 tion purposes. The ack time is relative to the start of a frame in which UL-MAP message is transmit- 25 ted (PHY Type = {0,1,3}) or from BS initialization (PHY Type = 5). 26 27 Ranging Backoff Start 28 29 30 Initial back-off window size for initial ranging contention, expressed as a power of 2. Values of n 31 range 0-15 (the highest order bits must be unused and set to 0). 32 33 Ranging Backoff End 34 35 36 Final back-off window size for initial ranging contention, expressed as a power of 2. Values of n 37 range 0-15 (the highest order bits must be unused and set to 0). 38 39 40 Request Backoff Start 41 42 Initial back-off window size for contention data and requests, expressed as a power of 2. Values of n 43 44 range 0-15 (the highest order bits must be unused and set to 0). 45 46 Request Backoff End 47 48 Final back-off window size for contention requests, expressed as a power of 2. Values of n range 0- 49 50 15 (the highest order bits must be unused and set to 0). 51 52 MAP Information Elements 53 54 55 Information elements define uplink bandwidth allocations. Each UL-MAP message shall contain at 56 least one Information Element. The format of the IE shall be as shown in Figure 28. Each IE consists 57 of three fields: a Connection Identifer, an Interval Usage Code, and an offset. 58 59 60 The Connection Identifier represent the assignment of the IE to either a unicast, multicast, or broad- 61 cast address. When specifically addressed to allocate a bandwidth grant, the CID may be either the 62 63 Basic CID of the SS or a Traffic CID for one of the connections of the SS. A four-bit Downlink 64 Interval Usage Code (DIUC) shall be used to define the type of uplink access and the burst type 65

This is an unapproved Task Group document being circulated for comment. 81 IEEE 802.16.1-00/01r4, September 2000

1 associated with that access. Table 13 defines the use of the IUCs. The offset shall be the length from 2 the start of the previous IE to the start of this IE in units of mini-slots. The first IE shall have an off- 3 4 set of 0. 5 6 7 8 9 10 Bit 0 8 15 11 12 13 Connection Identifier 14 15 16 Interval Offset 17 Usage Code 18 19 20 Figure 28—UL-MAP Information Element 21 22 23 24 Three pairs of data grant Information Elements are defined. This allows each pair to be assigned to a differ- 25 ent burst profile pair, typically based upon modulation type. For example, the first pair would be assigned to 26 use QPSK, the second pair would use 16-QAM, and the third would use 64-QAM. Within each pair, the 27 short and long grant usage is distinguished by the maximum burst size. This allows short PDU transmissions 28 29 for services that are tolerant of packet loss to use less FEC coding (relative to longer grants). 30 31 2.5.5 Ranging Request (RNG-REQ) Message 32 33 A Ranging Request shall be transmitted by a SS at initialization and periodically on request from BS to 34 35 determine network delay and request power and/or modulation adjustment. This shall be followed by a 36 Packet PDU in the format shown in Figure 29. 37 38 39 40 41 42 43 44 45 46 MAC Management Header 47 48 49 50 Downlink Pending Til 51 52 Channel ID Complete 53 54 55 56 TLV Encoded Information 57 58 59 60 61 62 63 Figure 29—RNG-REQ Message Format 64 65

This is an unapproved Task Group document being circulated for comment. 82 IEEE 802.16.1-00/01r4, September 2000

1 Table 13—Uplink MAP Information Elements 2 3 4 IE Name Uplink Connection Mini-slot Offset 5 Interval ID 6 Usage 7 8 Code 9 (UIUC) 10 11 Request 1 any Starting offset of REQ region 12 13 Initial 2 broadcast Starting offset of MAINT region (used in Initial Ranging) 14 Maintenance 15 16 Station 3 unicast Starting offset of MAINT region (used in Periodic Ranging) 17 Maintenance 18 19 Data Grant 1 4 unicast Starting offset of Data Grant assignment 20 If inferred length = 0, then it is a Data Grant pending. 21 22 Data Grant 2 5 unicast Starting offset of Data Grant assignment 23 24 If inferred length = 0, then it is a Data Grant Pending 25 Data Grant 3 6 unicast Starting offset of Data Grant 2 assignment 26 27 If inferred length = 0, then it is a Data Grant pending. 28 29 Data Grant 4 7 unicast Starting offset of Data Grant 2 assignment 30 If inferred length = 0, then it is a Data Grant pending. 31 32 Data Grant 5 8 unicast Starting offset of Data Grant 3 assignment 33 If inferred length = 0, then it is a Data Grant pending. 34 35 Data Grant 6 9 unicast Starting offset of Data Grant 3 assignment 36 If inferred length = 0, then it is a Data Grant pending. 37 38 Null IE 10 zero Ending offset of the previous grant. 39 40 Used to bound the length of the last actual interval allocation. 41 Empty 11 zero Used to schedule gaps in transmission 42 43 Reserved 11-14 any Reserved 44 45 Expansion 15 expanded # of additional 32-bit words in this IE 46 UIUC 47 48 49 50 The RNG-REQ Message shall be transmitted using QPSK modulation. 51 52 Parameters shall be as follows: 53 54 55 CID (from the MAC Management Header) 56 57 For RNG-REQ Messages transmitted in Initial Maintenance intervals: 58 59 Initialization CID if SS is attempting to join the network 60 Initialization CID if SS has not yet registered and is changing downlink (or both downlink and 61 uplink) channels as directed by a downloaded parameter file 62 63 Temporary CID if SS has not yet registered and is changing uplink (not downlink) channels as 64 directed by a downloaded parameter file 65

This is an unapproved Task Group document being circulated for comment. 83 IEEE 802.16.1-00/01r4, September 2000

1 Registration CID (previously assigned in REG-RSP) if SS is registered and is changing uplink chan- 2 nels 3 4 5 For RNG-REQ Messages transmitted in Station Maintenance intervals: 6 Basic CID 7 8 9 Downlink Channel ID 10 11 The identifier of the downlink channel on which the SS received the DCD which described this 12 13 uplink. This is an 8-bit field. 14 15 Pending Till Complete 16 17 18 If zero, then all previous Ranging Response attributes have been applied prior to transmittting this 19 request. If nonzero then this is time estimated to be needed to complete assimilation of ranging 20 parameters. Note that only equalization can be deferred. Units are in unsigned centiseconds (10 21 msec). 22 23 24 All other parameters are coded as TLV tuples. 25 26 Requested downlink burst type 27 28 29 An optional parameter. Downlink burst types requested by the CPE for downlink traffic based on the 30 IUC definitions coneyed by the DCD message, the CPE capabilities (i.e. which of the combinations 31 it supports), and on measurements of the downlink RF channel relative to the IUC transition thresh- 32 33 olds (also defined in the DCD message). 34 35 SS MAC Address 36 37 38 A required parameter. The link-layer address of the SS. 39 40 Ranging Anomalies 41 42 An optional parameter indicating a potential error condition detected by the SS. Setting the bit asso- 43 44 ciated with a specific condition indicates that the condition exists at the SS. 45 46 2.5.5.1 RNG-REQ TLV Encodings 47 48 49 The type values used shall be those defined in Table 14. These are unique within the ranging request Mes- 50 sage but not across the entire MAC Message set. The type and length fields shall each be 1 in length. 51 52 2.5.6 Ranging Response (RNG-RSP) Message 53 54 55 A Ranging Response shall be transmitted by a BS in response to received RNG-REQ. It may be noted that, 56 from the point of view of the SS, reception of a Ranging Response is stateless. In particular, the SS shall be 57 prepared to receive a Ranging Response at any time, not just following a Ranging Request. 58 59 The RNG-RSP Message shall be transmitted using QPSK modulation. 60 61 62 To provide for flexibility, the Message parameters following the Uplink Channel ID shall be encoded in a 63 type/length/value (TLV) form. 64 65

This is an unapproved Task Group document being circulated for comment. 84 IEEE 802.16.1-00/01r4, September 2000

1 Table 14—Ranging Request Message Encodings 2 3 4 Name Type Length Value 5 (1 byte) (1 byte) (Variable Length) 6 7 Requested Down- 1 1 Downlink IUC for requested burst type 8 link Burst Type 9 10 SS MAC Address 2 6 SS MAC Address 11 12 Ranging Anomalies 3 1 Bit #0 - SS already at maximum power. 13 14 Bit #1 - SS already at minimum power. 15 Bit #2 - Sum of commanded timing adjustments is too 16 large. 17 18 Reserved 4-255 n Reserved for future use 19 20 21 22 23 24 25 26 27 28 29 MAC Management Header 30 31 32 33 34 Uplink 35 Channel ID 36 37 38 39 40 TLV Encoded Information 41 42 43 44 45 46 47 Figure 30—RNG-RSP Message Format 48 49 50 51 A BS shall generate Ranging Responses in the form shown in Figure 30, including all of the following 52 parameters: 53 54 Uplink Channel ID 55 56 57 The identifier of the uplink channel on which the BS received the RNG-REQ to which this response 58 refers. 59 60 All other parameters are coded as TLV tuples. 61 62 63 Timing Adjust Information 64 65

This is an unapproved Task Group document being circulated for comment. 85 IEEE 802.16.1-00/01r4, September 2000

1 The time by which to offset frame transmission so that frames arrive at the expected mini-slot time 2 at the BS. 3 4 5 Power Adjust Information 6 7 Specifies the relative change in transmission power level that the SS is to make in order that trans- 8 9 missions arrive at the BS at the desired power. 10 11 Frequency Adjust Information 12 13 14 Specifies the relative change in transmission frequency that the SS is to make in order to better 15 match the BS. (This is fine-frequency adjustment within a channel, not re-assignment to a different 16 channel) 17 18 Ranging Status 19 20 21 Used to indicate whether uplink Messages are received within acceptable limits by BS. 22 23 Downlink Frequency Override 24 25 26 An optional parameter. The downlink frequency with which the SS should redo initial ranging. 27 28 Uplink Channel ID Override 29 30 31 An optional parameter. The identifier of the uplink channel with which the SS should redo initial 32 ranging. 33 34 35 Requested DL Modulation Maximum Modulation Type Supported 36 37 An optional parameter. The maximum allowed set of Modulation types allowed for the SS for down- 38 link traffic. This parameter is sent in response to the RNG-REQ Modulation Type from the SS. The 39 40 SS responds with the maximum allowed set of modulation types based upon the combination of the 41 requested modulation type and the maximum allowable modulation type determined at registration 42 or from a dynamic service operation. 43 44 45 CID 46 47 .A required parameter until the Temporary CID has been received in the Ranging Response mes- 48 49 sage. Note that in all other cases, the CID is encoded in the MAC Management Header and is not 50 sent as a TLV. 51 52 SS MAC Address (48- Bit) 53 54 55 The MAC address of the SS. A required parameter when the CID in the MAC header is the initial- 56 ization CID. 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 86 IEEE 802.16.1-00/01r4, September 2000

1 2.5.6.1 RNG-RSP TLV Encodings 2 3 The type values used shall be those defined in Table 15 and Figure 33. These are unique within the ranging 4 5 response Message but not across the entire MAC Message set. The type and length fields shall each be 1 in 6 length. 7 8 9 10 11 12 Table 15—Ranging Response Message Encodings 13 14 Name Type Length Value 15 16 (1 byte) (1 byte) (Variable Length) 17 18 Timing Adjust 1 4 Tx timing offset adjustment (signed 32-bit, units of ¼ symbols) 19 20 Power Level Adjust 2 1 Tx Power offset adjustment (signed 8-bit, ¼-dB units) 21 Offset Frequency 3 4 Tx frequency offset adjustment (signed 32-bit, Hz units) 22 23 Adjust 24 25 Transmit Equaliza- 4 n Tx equalization data - see details below 26 tion Adjust 27 28 Ranging Status 5 1 1 = continue, 2 = abort, 3 = success 29 30 Downlink frequency 6 4 Center frequency of new downlink channel in kHz 31 override If this TLV is used, the Ranging Status value must be set to 1 32 33 Uplink channel ID 7 1 Identifier of the new uplink channel. 34 override 35 36 Data Grant 1-6 81TBD 37 Thresholds 38 39 Threshold Delta 10 1 Hysteresis delta for modulation threholds in ¼ dB. 40 41 Maximum Modu- 11 1 1 = QPSK, 2 = QPSK or 16-QAM, 3 = QPSK or 16/64-QAM 42 43 lation Type 44 Supported 45 46 SS MAC 12 8 SS MAC Address in EUI-48 format 47 Address 48 49 Reserved 13-255 n Reserved for future use 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 87 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 type length main tap number of forward 6 4 location taps per symbol 7 number of number of 8 forward taps (N) reverse taps (M) 9 10 first coefficient F1 (real) first coefficient F1 (imag) 11 12 13 14 15 last coefficient F (real) last coefficient F (imag) 16 N N 17 first reverse coefficient D1 first reverse coefficient D1 18 (real) (imag) 19 20 21 22 last reverse coefficient D last reverse coefficient D 23 M M (real) 24 (imag) 25 26 27 28 29 30 Figure 31—Generalized Decision Feedback Equalization Coefficients 31 32 33 The number of forward taps per symbol shall be in the range of 1 to 4. The main tap location refers to the 34 35 position of the zero delay tap, between 1 and N. For a symbol-spaced equalizer, the number of forward taps 36 per symbol field shall be set to “1”. The number of reverse taps (M) field shall be set to “0” for a linear 37 equalizer. The total number of taps may range up to 64. Each tap consists of a real and imaginary coefficient 38 entry in the table. 39 40 41 If more than 255 bytes are needed to represent equalization information, then several type-4 elements may 42 be used. Data shall be treated as if byte-concatenated, that is, the first byte after the length field of the second 43 type-4 element is treated as if it immediately followed the last byte of the first type-4 element. 44 45 46 47 48 Equalizer 49 Input -R -R Z -R -R -R Z -R 50 Z Z Z Z 51 Equalizer F F F F F F F Output 52 1 2 3 4 5 6 N 53 54 55 D D D D D D D 56 M 6 5 4 3 2 1 57 58 Z -T Z -T Z -T Z -T Z -T Z -T Z-T 59 60 R = T, T/2, T/4 61 62 63 Figure 32—Generalized Equalizer Tap Location Definition 64 65

This is an unapproved Task Group document being circulated for comment. 88 IEEE 802.16.1-00/01r4, September 2000

1 2.5.7 Registration Request (REG-REQ) Message 2 3 A Registration Request shall be transmitted by a SS at initialization allowing the CID shall be encoded in a 4 5 type/length/value form. A SS shall generate Registration Requests in the form shown in Figure 33 6 7 8 9 10 11 12 MAC Management Header 13 14 15 16 17 18 19 TLV Encoded Information 20 21 22 23 24 Figure 33—REG-REQ Message Format 25 26 27 28 CID (from the MAC Management Header) 29 30 Temporary CID for this SS. 31 32 All other parameters are coded as TLV tuples as defined in 2.3. 33 34 35 Registration Requests can contain many different TLV parameters, some of which are set by the SS accord- 36 ing to its configuration file and some of which are generated by the SS itself. If found in the Configuration 37 File, the following Configuration Settings shall be included in the Registration Request. 38 39 40 Configuration File Settings: 41 42 Downlink Frequency Configuration Setting 43 44 Uplink Channel ID Configuration Setting 45 Network access Control Object 46 Uplink Service Flow Configuration Setting 47 48 Downlink Service Flow Configuration Setting 49 Privacy Configuration Setting 50 Maximum Number of Subscribers 51 Privacy Enable Configuration Setting 52 53 TFTP Server Timestamp 54 TFTP Server Provisioned SS address 55 Downlink Modulation Configuration Setting 56 57 Vendor-Specific Information Configuration Setting 58 SS MIC Configuration Setting 59 BS MIC Configuration Setting 60 61 62 The SS shall forward the vendor specific configuration settings to the BS in the same order in which they were 63 received in the configuration file to allow the Message integrity check to be performed. 64 65

This is an unapproved Task Group document being circulated for comment. 89 IEEE 802.16.1-00/01r4, September 2000

1 The following registration parameter shall be included in the Registration Request. 2 3 Vendor Specific Parameter: 4 5 6 Vendor ID Configuration Setting (Vendor ID of SS) 7 8 The following registration parameter shall also be included in the Registration Request. 9 10 11 Upstream and Downstream SS Capabilities Encodings 12 These include the highest modulation order supported by the SS (QPSK, 13 16-QAM, or 64-QAM), the optional FEC types supported by the SS(BTC1 based 14 15 on (32,26) Extended Hamming Code or BTC2 based on (64,57) Extended Hamming 16 Code), and the minimum shortened last codeword size supported by the SS 17 18 The following registration parameter may also be included in the Registration Request. 19 20 21 SS IP address 22 23 The following Configuration Settings shall not be forwarded to the BS in the Registration Request. 24 25 26 Software Upgrade Filename 27 Software Upgrade TFTP Server IP address 28 29 SNMP Write-access Control 30 SNMP MIB Object 31 SS 48-bit MAC address 32 HMAC Digest 33 34 End Configuration Setting 35 Pad Configuration Setting 36 37 2.5.8 Registration Response (REG-RSP) Message 38 39 40 A Registration Response shall be transmitted by BS in response to received REG-REQ. 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 90 IEEE 802.16.1-00/01r4, September 2000

1 To provide for flexibility, the Message parameters following the Response field shall be encoded in a TLV 2 format. 3 4 5 6 7 8 9 10 MAC Management Header 11 12 13 14 15 Response 16 17 18 19 TLV Encoded Information 20 21 22 23 24 25 26 Figure 34—REG-RSP Message Format 27 28 29 30 A BS shall generate Registration Responses in the form shown in Figure 34, including both of the following 31 parameters: 32 33 CID (in the MAC Management Header) from Corresponding REG-REQ 34 35 36 CID from corresponding REG-REQ to which this response refers. (This acts as a transaction identi- 37 fier) 38 39 40 Response 41 42 0 = Okay 43 44 1 = Authentication Failure 45 2 = Class of Service Failure 46 47 Note: Failures apply to the entire Registration Request. Even if only a single requested Service Flow is invalid or 48 undeliverable the entire registration is failed. 49 50 51 If the REG-REQ was successful and contained Service Flow Parameters, the REG-RSP shall contain: 52 53 Service Flow Parameters 54 55 56 All the Service Flow Parameters from the REG-REQ, plus the Connection ID assigned by the BS. 57 Every Service Flow that contained a Service Class Name that was admitted/activated shall be 58 expanded into the full set of TLVs defining the Service Flow. Every uplink Service Flow that was 59 60 admitted/activated4 shall have a Connection Identifier assigned by the BS. A Service Flow that was 61 62 63 64 4 65 The ActiveQoSParamSet or AdmittedQoSParamSet is non-null.

This is an unapproved Task Group document being circulated for comment. 91 IEEE 802.16.1-00/01r4, September 2000

1 only provisioned will include only those QoS parameters that appeared in the REG-REQ, plus the 2 assigned Service Flow ID. 3 4 5 If the REG-REQ failed and contained Service Flow Parameters, the REG-RSP shall contain the following: 6 7 Service Flow Error Set 8 9 10 A Service Flow Error Set and identifying Service Flow Reference shall be included for every failed 11 Service Flow in the corresponding REG-REQ. Every Service Flow Error Set shall include every 12 specific failed QoS Parameter of the corresponding Service Flow. 13 14 15 Service Class Name expansion always occurs at admission time. Thus, if a Registration-Request contains a 16 Service Flow Reference and a Service Class Name for deferred admission/activation, the Registration- 17 Response shall not include any additional QoS Parameters except the Service Flow Identifier. 18 19 All other parameters are coded as TLV tuples: 20 21 22 Basic CID 23 24 The Basic CID for this SS. 25 26 27 Secondary Management CID 28 29 CID for secondary management purposes 30 31 SS Capabilities 32 33 34 The BS response to the capabilities of the SS (if present in the Registration Request) 35 36 Vendor-Specific Data 37 38 39 As defined in 2.3 40 Vendor ID Configuration Setting (vendor ID of BS) 41 42 Vendor-specific extensions 43 44 Note: The temporary CID shall no longer be used once the REG-RSP is received. 45 46 2.5.8.1 Encodings 47 48 49 The type values used shall be those shown below. These are unique within the Registration Response Mes- 50 sage but not across the entire MAC Message set. The type and length fields shall each be 1 . 51 52 SS Capabilities 53 54 55 This field defines the BS response to the SScapability field in the Registration Request. The BS 56 responds to the SS capabilities to indicate whether they may be used. If the BS does not recognize a 57 58 SS capability, it must return this as “off” in the Registration Response. 59 60 Only capabilities set to “on” in the REG-REQ may be set “on” in the REG-RSP as this is the hand- 61 shake indicating that they have been successfully negotiated. 62 63 64 Encodings are as defined for the Registration Request, including MAC version. 65

This is an unapproved Task Group document being circulated for comment. 92 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 7 MAC Version 9 1 Version number of the MAC supported on this channel. 8 9 10 2.5.9 Registration Acknowledge (REG-ACK) Message 11 12 13 A Registration Acknowledge message shall be transmitted by the SS in response to a REG-RSP from the 14 BS. It confirms acceptance by the SS of the QoS parameters of the flow as reported by the BS in it REG- 15 RSP. The format of a REG-ACK shall be as shown in Figure 35. 16 17 18 19 20 21 22 23 MAC Management Header 24 25 26 27 Confirmation 28 29 Code 30 31 32 TLV Encoded Information 33 34 35 36 37 38 Figure 35—REG-ACK Message Format 39 40 41 42 The parameter shall be as follows: 43 44 45 CID (in the MAC Management Header) from Corresponding REG-RSP 46 47 CID from corresponding REG-RSP to which this acknowledgment refers. (This acts as a transaction 48 49 identifier) 50 51 Confirmation Code 52 53 The appropriate Confirmation Code (refer to section 2.3) for the entire corresponding Registration 54 55 Response. 56 57 The SS shall forward all provisioned Service Flows to the BS. Since any of these provisioned items can fail, 58 the REG-ACK shall include Error Sets for all failures related to these provisioned items. 59 60 61 Service Flow Error Set 62 63 The Service Flow Error Set of the REG-ACK Message encodes specifics of any failed Service 64 65 Flows in the REG-RSP Message. A Service Flow Error Set and identifying Service Flow Reference

This is an unapproved Task Group document being circulated for comment. 93 IEEE 802.16.1-00/01r4, September 2000

1 shall be included for every failed QoS Parameter of every failed Service Flow in the corresponding 2 REG-RSP Message. This parameter shall be omitted if the entire REG-REQ/RSP is successful. 3 4 5 Note: Per Service Flow acknowledgment is necessary not just for synchronization between the SS and BS, but also to 6 support use of the Service Class Name. Since the SS may not know all of the Service Flow parameters associated with a 7 Service Class Name when making the Registration Request, it may be necessary for the SS to NAK a Registration 8 Response if it has insufficient resources to actually support this Service Flow. 9 10 11 2.5.10 Privacy Key Management — Request (PKM-REQ) Message 12 13 Privacy Key Management protocol Messages transmitted from the SS to the BS shall use the form shown in 14 Figure 36. 15 16 17 18 19 20 21 22 23 24 MAC Management Header 25 26 27 28 29 Length 30 PKM Code PKM Identifier 31 32 33 34 35 TLV Encoded Information 36 37 38 39 40 41 Figure 36—PKM-REQ Message Format 42 43 44 45 Parameters shall be as follows: 46 47 PKM Code 48 49 50 The Code field is one octect and identifies the type of PKM packet. When a packet is recieved with 51 an invalid Code field, it shall be silently discarded. The Code values are defined in 2.16.2.1. 52 53 PKM Identifier 54 55 56 The Identifier field is one octect. A SS uses the identifier to match a BS response to the SS’s 57 requests. 58 59 60 The SS shall change (e.g., increment, wrapping around to 0 after reaching 255) the Identifier field 61 whenever it issues a new PKM Message. A "new" Message is an Authorization Request, Key 62 Request or SA Map Request that is not a retransmission being sent in response to a Timeout event. 63 64 For retransmissions, the Identifier field shall remain unchanged. 65

This is an unapproved Task Group document being circulated for comment. 94 IEEE 802.16.1-00/01r4, September 2000

1 2 The Identifier field in Authentication Information Messages, which are informative and do not effect 3 4 any response messaging, may be set to zero. The Identifier field in a BS’s PKM response Message 5 shall match the Identifier field of the PKM Request Message the BS is responding to. The Identifier 6 field in Traffic Encryption Key (TEK) Invalid Messages, which are not sent in response to BPKM 7 8 requests, shall be set to zero. The Identifier field in unsolicited Authorization Invalid Messages shall 9 be set to zero. 10 11 12 On reception of a BPKM response Message, the SS associates the Message with a particular state 13 machine (the Authorization state machine in the case of Authorization Replies, Authorization 14 Rejects, and Authorization Invalids; a particular TEK state machine in the case of Key Replies, Key 15 16 Rejects and TEK Invalids; a particular Security Association (SA) Mapping state machine in the case 17 of SA Map Replies and SA Map Rejects). 18 19 A SS may keep track of the Identifier of its latest, pending Authorization Request. The SS may 20 21 silently discard Authorization Replies and Authorization Rejects whose Identifier fields do not 22 match those of the pending requests. 23 24 25 A SS may keep track of the Identifier of its latest, pending Key Request. The SS may silently discard 26 Key Replies and Key Rejects whose Identifier fields do not match those of the pending requests. 27 28 29 A SS may keep track of the Identifier of its latest, pending SA Map Request. The SS may silently 30 discard SA Map Replies and SA Map Rejects whose Identifier fields do not match those of the pend- 31 ing requests. 32 33 Length 34 35 36 The Length field is two s. It indicates the length of the Attribute fields in s. The length field does not 37 include the Code, Identifier and Length fields. s outside the range of the Length field shall be treated 38 39 as padding and ignored on reception. If the packet is shorter than the Length field indicates, it should 40 be silently discarded. The minimum length is 0 and maximum length is . 41 42 All other parameters are encoded as TLV tuples as defined in 2.3. 43 44 45 2.5.11 Privacy Key Management — Response (PKM-RSP) Message 46 47 Privacy Key Management protocol Messages transmitted from the BS to the SS shall use the form shown in 48 Figure 37. 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 95 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 7 8 MAC Management Header 9 10 11 12 13 14 PKM Code PKM Identifier Length 15 16 17 18 19 TLV Encoded Information 20 21 22 23 24 25 Figure 37—PKM-RSP Message Format 26 27 28 29 2.5.12 Dynamic Service Addition — Request (DSA-REQ) Message 30 31 A Dynamic Service Addition Request may be sent by a SS or BS to create a new Service Flow. 32 33 34 35 36 37 38 39 40 41 MAC Management Header 42 43 44 45 46 Transaction ID 47 48 49 50 51 52 TLV Encoded Information 53 54 55 56 57 58 59 60 61 Figure 38—DSA-REQ Message Format 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 96 IEEE 802.16.1-00/01r4, September 2000

1 A SS or BS shall generate DSA-REQ Messages in the form shown in Figure 38 including the following 2 parameter: 3 4 5 Transaction ID 6 7 Unique identifier for this transaction assigned by the sender. 8 9 All other parameters are coded as TLV tuples as defined in 2.3. A DSA-REQ Message shall not contain 10 11 parameters for more than one Service Flow in each direction, i.e., a DSA-REQ Message shall contain 12 parameters for either a single uplink Service Flow, or for a single downlink Service Flow, or for one uplink 13 and one downlink Service Flow. 14 15 The DSA-REQ Message shall contain: 16 17 18 Service Flow Parameters 19 20 21 Specification of the Service Flow’s traffic characteristics and scheduling requirements. 22 23 If Privacy is enabled, the DSA-REQ Message shall contain: 24 25 HMAC-Digest 26 27 28 The HMAC-Digest Attribute is a keyed Message digest (to authenticate the sender). The HMAC- 29 Digest Attribute shall be the final Attribute in the Dynamic Service Message’s Attribute list. (Refer 30 to 2.3.4.1) 31 32 33 2.5.12.1 SS-Initiated Dynamic Service Addition 34 35 Values of the Service Flow Reference are local to the DSA Message; each Service Flow within the DSA- 36 Request shall be assigned a unique Service Flow Reference. This value need not be unique with respect to 37 38 the other service flows known by the sender. 39 40 SS-initiated DSA-Requests may use the Service Class Name (refer to 2.3.5.3.4) in place of some, or all, of 41 the QoS Parameters. 42 43 44 2.5.12.2 BS-Initiated Dynamic Service Addition 45 46 BS-initiated DSA-Requests for Uplink Service Flows shall also include a Connection ID. Connection Identi- 47 fiers are unique within the MAC domain. 48 49 50 BS-initiated DSA-Requests for named Service Classes shall include the QoS Parameter Set associated with 51 that Service Class. 52 53 2.5.13 Dynamic Service Addition — Response (DSA-RSP) Message 54 55 56 A Dynamic Service Addition Response shall be generated in response to a received DSA-Request. The for- 57 mat of a DSA-RSP shall be as shown in Figure 39. 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 97 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 7 8 MAC Management Header 9 10 11 12 13 Transaction ID Confirmation 14 Code 15 16 17 18 19 TLV Encoded Information 20 21 22 23 24 25 26 27 28 Figure 39—DSA-RSP Message Format 29 30 31 32 Parameters shall be as follows: 33 34 Transaction ID 35 36 37 Transaction ID from corresponding DSA-REQ. 38 39 Confirmation Code 40 41 42 The appropriate Confirmation Code for the entire corresponding DSA-Request. 43 44 All other parameters are coded as TLV tuples as defined in 2.3. 45 46 47 If the transaction is successful, the DSA-RSP may contain the following: 48 49 Service Flow Parameters 50 51 52 The complete specification of the Service Flow shall be included in the DSA-RSP only if it includes 53 a newly assigned Connection Identifier or an expanded Service Class Name. 54 55 If the transaction is unsuccessful, the DSA-RSP shall include: 56 57 58 Service Flow Error Set 59 60 A Service Flow Error Set and identifying Service Flow Reference/Identifier shall be included for 61 62 every failed Service Flow in the corresponding DSA-REQ Message. Every Service Flow Error Set 63 shall include every specific failed QoS Parameter of the corresponding Service Flow. This parameter 64 shall be omitted if the entire DSA-REQ is successful. 65

This is an unapproved Task Group document being circulated for comment. 98 IEEE 802.16.1-00/01r4, September 2000

1 If Privacy is enabled, the DSA-RSP Message shall contain: 2 3 HMAC-Digest 4 5 6 The HMAC-Digest Attribute is a keyed Message digest (to authenticate the sender). The HMAC- 7 Digest Attribute shall be the final Attribute in the Dynamic Service Message’s Attribute list. (Refer 8 9 to 2.3.4.1) 10 11 2.5.13.1 SS-Initiated Dynamic Service Addition 12 13 The BS’s DSA-Response for Service Flows that are successfully added shall contain a Connection ID. The 14 15 DSA-Response for successfully Admitted or Active uplink QoS Parameter Sets shall also contain a Connec- 16 tion ID. 17 18 If the corresponding DSA-Request uses the Service Class Name (refer to 2.3.5.3.4) to request service addi- 19 tion, a DSA-Response shall contain the QoS Parameter Set associated with the named Service Class. If the 20 21 Service Class Name is used in conjunction with other QoS Parameters in the DSA-Request, the BS shall 22 accept or reject the DSA-Request using the explicit QoS Parameters in the DSA-Request. If these Service 23 Flow Encodings conflict with the Service Class attributes, the BS shall use the DSA-Request values as over- 24 rides for those of the Service Class. 25 26 27 If the transaction is unsuccessful, the BS shall use the original Service Flow Reference to identify the failed 28 parameters in the DSA-RSP. 29 30 2.5.13.2 BS-Initiated Dynamic Service Addition 31 32 33 If the transaction is unsuccessful, the SS shall use the Connection Identifier to identify the failed parameters 34 in the DSA-RSP. 35 36 2.5.14 Dynamic Service Addition — Acknowledge (DSA-ACK) Message 37 38 39 A Dynamic Service Addition Acknowledge shall be generated in response to a received DSA-RSP. The for- 40 mat of a DSA-ACK shall be as shown in Figure 40. 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 99 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 7 8 MAC Management Header 9 10 11 12 13 Transaction ID Confirmation 14 Code 15 16 17 18 19 TLV Encoded Information 20 21 22 23 24 25 26 27 28 Figure 40—DSA-ACK Message Format 29 30 31 32 Parameters shall be as follows: 33 34 Transaction ID 35 36 37 Transaction ID from corresponding DSA-Response. 38 39 Confirmation Code 40 41 5 42 The appropriate Confirmation Code (refer to 2.3.7) for the entire corresponding DSA-Response. 43 44 All other parameters are coded TLV tuples. 45 46 47 Service Flow Error Set 48 49 The Service Flow Error Set of the DSA-ACK Message encodes specifics of any failed Service 50 51 Flows in the DSA-RSP Message. A Service Flow Error Set and identifying Service Flow Reference 52 shall be included for every failed QoS Parameter of every failed Service Flow in the corresponding 53 DSA-REQ Message. This parameter shall be omitted if the entire DSA-REQ is successful. 54 55 If Privacy is enabled, the DSA-ACK Message shall contain: 56 57 58 HMAC-Digest 59 60 61 62 63 5The confirmation code is necessary particularly when a Service Class Name (refer to 2.3.5.3.4) is used in the DSA-Request. In this 64 65 case, the DSA-Response could contain Service Flow parameters that the SS is unable to support (either temporarily or as configured).

This is an unapproved Task Group document being circulated for comment. 100 IEEE 802.16.1-00/01r4, September 2000

1 The HMAC-Digest Attribute is a keyed Message digest (to authenticate the sender). The HMAC- 2 Digest Attribute shall be the final Attribute in the Dynamic Service Message’s Attribute list. (Refer 3 4 to 2.3.4.1) 5 6 2.5.15 Dynamic Service Change — Request (DSC-REQ) Message 7 8 A Dynamic Service Change Request may be sent by a SS or BS to dynamically change the parameters of an 9 10 existing Service Flow. 11 12 13 14 15 16 17 18 19 20 MAC Management Header 21 22 23 24 25 Transaction ID 26 27 28 29 30 TLV Encoded Information 31 32 33 34 35 36 37 38 39 Figure 41—DSC-REQ Message Format 40 41 42 43 A SS or BS shall generate DSC-REQ Messages in the form shown in Figure 41 including the following 44 parameters: 45 46 47 Transaction ID 48 49 Unique identifier for this transaction assigned by the sender. 50 51 52 All other parameters are coded as TLV tuples as defined in 2.3. A DSC-REQ Message shall not carry param- 53 eters for more than one Service Flow in each direction, i.e., a DSC-REQ Message shall contain parameters 54 for either a single uplink Service Flow, or for a single downlink Service Flow, or for one uplink and one 55 downlink Service Flow. A DSC-REQ shall contain the following: 56 57 58 Service Flow Parameters 59 60 Specification of the Service Flow’s new traffic characteristics and scheduling requirements. The 61 62 Admitted and Active Quality of Service Parameter Sets currently in use by the Service Flow. If the 63 DSC Message is successful and it contains Service Flow parameters, but does not contain replace- 64 65

This is an unapproved Task Group document being circulated for comment. 101 IEEE 802.16.1-00/01r4, September 2000

1 ment sets for both Admitted and Active Quality of Service Parameter Sets, the omitted set(s) shall be 2 set to null. If included, the Service Flow Parameters shall contain a Service Flow Identifier. 3 4 5 If Privacy is enabled, a DSC-REQ shall also contain: 6 7 HMAC-Digest 8 9 10 The HMAC-Digest Attribute is a keyed Message digest (to authenticate the sender). The HMAC- 11 Digest Attribute shall be the final Attribute in the Dynamic Service Message’s Attribute list. (Refer 12 to 2.3.4.1) 13 14 15 2.5.16 Dynamic Service Change — Response (DSC-RSP) Message 16 17 A Dynamic Service Change Response shall be generated in response to a received DSC-REQ. The format of 18 a DSC-RSP shall be as shown in Figure 42. 19 20 21 22 23 24 25 26 27 28 MAC Management Header 29 30 31 32 33 Transaction ID Confirmation 34 Code 35 36 37 38 39 TLV Encoded Information 40 41 42 43 44 45 46 47 48 Figure 42—DSC-RSP Message Format 49 50 51 52 Parameters shall be as follows: 53 54 Transaction ID 55 56 57 Transaction ID from corresponding DSC-REQ 58 59 Confirmation Code 60 61 62 The appropriate Confirmation Code (refer to 2.3.7) for the corresponding DSC-Request. 63 64 All other parameters are coded as TLV tuples as defined in 2.3. 65

This is an unapproved Task Group document being circulated for comment. 102 IEEE 802.16.1-00/01r4, September 2000

1 If the transaction is successful, the DSC-RSP may contain the following: 2 3 Service Flow Parameters 4 5 6 The complete specification of the Service Flow shall be included in the DSC-RSP only if it includes 7 a newly assigned Connection Identifier or an expanded Service Class Name. If a Service Flow 8 9 Parameter set contained an uplink Admitted QoS Parameter Set and this Service Flow does not have 10 an associated CID, the DSC-RSP shall include a CID. If a Service Flow Parameter set contained a 11 Service Class Name and an Admitted QoS Parameter Set, the DSC-RSP shall include the QoS 12 13 Parameter Set corresponding to the named Service Class. If specific QoS Parameters were also 14 included in the Classed Service Flow request, these QoS Parameters shall be included in the DSC- 15 RSP instead of any QoS Parameters of the same type of the named Service Class. 16 17 If the transaction is unsuccessful, the DSC-RSP shall contain the following: 18 19 20 Service Flow Error Set 21 22 A Service Flow Error Set and identifying Connection ID shall be included for every failed Service 23 24 Flow in the corresponding DSC-REQ Message. Every Service Flow Error Set shall include every 25 specific failed QoS Parameter of the corresponding Service Flow. This parameter shall be omitted if 26 the entire DSC-REQ is successful. 27 28 29 Regardless of success or failure, if Privacy is enabled for the SS the DSC-RSP shall contain: 30 31 HMAC-Digest 32 33 34 The HMAC-Digest Attribute is a keyed Message digest (to authenticate the sender). The HMAC- 35 Digest Attribute shall be the final Attribute in the Dynamic Service Message’s Attribute list. (Refer 36 to 2.3.4.1) 37 38 39 2.5.17 Dynamic Service Change — Acknowledge (DSC-ACK) Message 40 41 A Dynamic Service Change Acknowledge shall be generated in response to a received DSC-RSP. The for- 42 mat of a DSC-ACK shall be as shown in Figure 43. 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 103 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 7 8 MAC Management Header 9 10 11 12 13 Transaction ID Confirmation 14 Code 15 16 17 18 19 TLV Encoded Information 20 21 22 23 24 25 26 27 28 Figure 43—DSC-ACK Message Format 29 30 31 32 Parameters shall be as follows: 33 34 Transaction ID 35 36 37 Transaction ID from the corresponding DSC-REQ 38 39 Confirmation Code 40 41 42 The appropriate Confirmation Code (refer to 2.3.7) for the entire corresponding DSC-Response. 43 44 All other parameters are coded TLV tuples. 45 46 47 Service Flow Error Set 48 49 The Service Flow Error Set of the DSC-ACK Message encodes specifics of any failed Service Flows 50 51 in the DSC-RSP Message. A Service Flow Error Set and identifying Service Flow Identifier shall be 52 included for every failed QohS Parameter of each failed Service Flow in the corresponding DSC- 53 RSP Message. This parameter shall be omitted if the entire DSC-RSP is successful. 54 55 If Privacy is enabled, the DSC-ACK Message shall contain: 56 57 58 HMAC-Digest 59 60 61 The HMAC-Digest Attribute is a keyed Message digest (to authenticate the sender). The HMAC- 62 Digest Attribute shall be the final Attribute in the Dynamic Service Message’s Attribute list. (Refer 63 to 2.3.4.1) 64 65

This is an unapproved Task Group document being circulated for comment. 104 IEEE 802.16.1-00/01r4, September 2000

1 2.5.18 Dynamic Service Deletion — Request (DSD-REQ) Message 2 3 A DSD-Request may be sent by a SS or BS to delete an existing Service Flow. The format of a DSD-Request 4 5 shall be as shown in Figure 44. 6 7 8 9 10 11 12 13 14 MAC Management Header 15 16 17 18 19 20 Transaction ID 21 22 23 Service Flow ID 24 25 26 27 28 29 TLV Encoded Information 30 31 32 33 34 Figure 44—DSD-REQ Message Format 35 36 37 38 Parameters shall be as follows: 39 40 41 Service Flow Identifier 42 43 The SFID to be deleted. 44 45 46 Transaction ID 47 48 Unique identifier for this transaction assigned by the sender. 49 50 51 All other parameters are coded as TLV tuples as defined in 2.3. 52 53 If Privacy is enabled, the DSD-REQ shall include: 54 55 HMAC-Digest 56 57 58 The HMAC-Digest Attribute is a keyed Message digest (to authenticate the sender). The HMAC- 59 Digest Attribute shall be the final Attribute in the Dynamic Service Message’s Attribute list. (Refer 60 61 to 2.3.4.1) 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 105 IEEE 802.16.1-00/01r4, September 2000

1 2.5.19 Dynamic Service Deletion — Request (DSD-RSP) Message 2 3 A DSD-RSP shall be generated in response to a received DSD-REQ. The format of a DSD-RSP shall be as 4 5 shown in Figure 45. 6 7 8 9 10 11 12 13 14 MAC Management Header 15 16 17 18 19 Transaction ID Confirmation 20 Code 21 22 23 Service Flow ID 24 25 26 27 28 29 TLV Encoded Information 30 31 32 33 34 Figure 45—DSD-RSP Message Format 35 36 37 38 Parameters shall be as follows: 39 40 41 Service Flow Identifier 42 43 SFID from the DSD-REQ to which this acknowledgement refers. 44 45 46 Transaction ID 47 48 Transaction ID from the corresponding DSD-REQ. 49 50 51 Confirmation Code 52 53 The appropriate Confirmation Code (refer to 2.3.7) for the corresponding DSD-REQ. 54 55 2.5.20 Multicast Polling Assignment Request (MCA-REQ) Message 56 57 58 The Multicast Polling Assignment message is sent to a SS to include it in a multicast polling group. This 59 message is normally sent on a SS's basic CID. It may also be sent to a group of SS's on a previously set up 60 multicast CID. This shall be followed by a Packet PDU in the format shown in Figure 46. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 106 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 MAC Management Header 7 8 9 10 11 12 Transaction ID 13 14 15 16 17 TLV Encoded Information 18 19 20 21 22 23 Figure 46—Multicast Polling Assignment Request (MCA-REQ) Message Format 24 25 26 Parameters shall be as follows: 27 28 29 Transaction ID 30 31 Unique identifier for this transaction assigned by the sender. 32 33 34 All other parameters are coded as TLV tuples. 35 36 Multicast Connection Identifier 37 38 39 The CID to which the SS is either added or removed. 40 41 Assignment 42 43 0x00 = Leave multicast group 44 45 0x01 = Join multicast group 46 47 48 49 2.5.20.1 MCA-REQ TLV Encodings 50 51 52 The type values used shall be those defined in Table 16. The type and length fields shall each be 1 in length. 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 107 IEEE 802.16.1-00/01r4, September 2000

1 Table 16—Multicast Assigment Request Message Encodings 2 3 4 Name Type Length Value 5 (1 byte) (1 byte) (Variable Length) 6 7 Multicast CID 1 2 8 9 Assignment 2 1 0x00 = Leave multicast group 10 0x01 = Join multicast group 11 12 Reserved 2-255 n Reserved for future use 13 14 15 16 2.5.21 Multicast Polling Assignment Response (MCA-RSP) Message 17 18 The Multicast Polling Assigment Response is sent by the SS in response to a MCA-REQ. The message for- 19 mat shall be as shown in Figure 47. 20 21 22 23 24 25 MAC Management Header 26 27 28 29 30 Transaction ID 31 32 33 34 35 36 TLV Encoded Information 37 38 39 40 41 Figure 47—Multicast Polling Assignment Response (MCA-RSP) Message Format 42 43 44 45 Parameters shall be as follows: 46 47 Transaction ID 48 49 50 Unique identifier for this transaction assigned by the sender. 51 52 All other parameters are coded as TLV tuples. 53 54 Confirmation Code 55 56 57 0 (okay) 58 1 (request failed) 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 108 IEEE 802.16.1-00/01r4, September 2000

1 2.5.22 ARQ-ACK Message 2 3 The message ise an acknowledgment message sent to a sender for packets received correctly. The acknowl- 4 5 edgment message may group together more than one packet, and shall carry the sequence number(s) for 6 packets that have been correctly received. 7 8 Message format TBD. 9 10 11 2.5.23 Downlink Burst Type Change Request (DBTC-REQ) Message 12 13 The Downlink Burst Type Change Request (DBTC-REQ) Message is sent by the SS to the BS on the SS’s 14 basic CID to request a change of the downlink burst type used by the BS to transport data to the SS. Note 15 that a change of downlink burst type can also be requested by means of a Ranging Request message as 16 17 defined in section 2.5.5. 18 19 Normally, it is sent at the current operational data grant type for the SS. If the SS has been inactive on its 20 uplink for some period of time and detects fading on the downlink, the SS uses this message to request to go 21 to a more robust (lower bits per symbol) data grant type. In this case, the message is sent using the most 22 23 robust data grant type to increase the likelihood of reception by the SS. Since the SS may not have been 24 allocated any uplink bandwidth, the SS uses contention slots. The message formant shall be as shown in Fig- 25 ure 48. 26 27 28 29 30 MAC Management Header 31 32 33 34 35 36 Modulation 37 38 39 40 Figure 48—Downlink Burst Type Change Request (DMC-REQ) Message Format 41 42 43 44 Parameters shall be as follows: 45 46 47 0x02 = 64-QAM 48 Data Grant Types 49 50 0x00 = Data Grant Type 1 51 52 0x01 = Data Grant Type 2 53 0x02 = Data Grant Type 3 54 0x03 = Data Grant Type 4 55 56 0x04 = Data Grant Type 5 57 0x05 = Data Grant Type 6 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 109 IEEE 802.16.1-00/01r4, September 2000

1 2.6 Duplexing Techniques, Framing, and Scheduling Intervals 2 3 The MAC is able to support both a framed and non-framed physical layer. For a framed PHY layer, the MAC 4 5 aligns its scheduling intervals with the underlying PHY layer framing. For an unframed PHY layer, the 6 scheduling intervals are chosen by the MAC to optimize system performance. 7 8 A frame is a fixed duration of time, which contains both transmit and receive intervals. The relationship 9 between upstream and downstream transmission intervals is fixed within the frame, and are both defined rel- 10 11 ative to the BS internal timing. The TDD and Burst FDD modes of operation use a framed PHY layer. The 12 Continuous FDD mode of operation has no explicit PHY layer framing. Instead, the upstream and down- 13 stream transmission timings are linked via the Uplink TimeStamp within the DL-MAP message and the 14 Allocation Start Time in the UL-MAP message. 15 16 17 2.6.1 Duplexing Techniques 18 19 Several duplexing techniques are supported in this standard in order to allow for greater flexibility in spec- 20 trum usage. The choice of duplexing technique may effect certain physical layer parameters, as will be dis- 21 cussed later. 22 23 24 2.6.1.1 Continuous Frequency Division Duplexing (FDD) 25 26 In a system employing FDD, the upstream and downstream channels are located on separate frequencies and 27 all subscriber stations can transmit and receive simultaneously. The frequency separation between carriers is 28 29 set either according to the target spectrum regulations or to some value sufficient for complying with radio 30 channel transmit/receive isolation and desensitization requirements. In this type of system, the downstream 31 channel is “always on” and all subscriber stations are always listening to it. Therefore, traffic is sent in a 32 broadcast manner using time division multiplexing (TDM) in the downstream channel, while the upstream 33 channel is shared using time division multiple access (TDMA), where the allocation of upstream bandwidth 34 35 is controlled by a centralized scheduler. 36 37 2.6.1.2 Burst FDD 38 39 A burst FDD system refers to a system in which the upstream and downstream channels are located on sepa- 40 41 rate frequencies, but some or all subscriber stations cannot transmit and receive simultaneously (for simplic- 42 ity, these subscriber stations are referred to as half duplex capable). This mode of operation imposes a 43 restriction on the bandwidth controller not to allocate upstream bandwidth for a subscriber at the same time 44 it is expected to receiver data on the downstream channel. Note that this type of system may also have some 45 subscriber stations that can transmit and receive simultaneously (i.e., these subscriber stations are referred to 46 47 as full duplex capable). 48 49 The following figure describes the basics of the burst FDD mode of operation. In order to simplify the band- 50 width allocation algorithms, the upstream and downstream channels are divided into fixed sized frames. 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 110 IEEE 802.16.1-00/01r4, September 2000

1 During the time a subscriber station is not transmitting in the upstream channel, it must always attempt to lis- 2 ten to the downstream channel. 3 4 5 6 7 DOWNSTREAM 8 9 10 11 UPSTREAM 12 13 14 Tf sec frame 15 16 17 18 Broadcast Half Duplex user 19 20 21 Full Duplex capable user Half Duplex user 22 23 24 Figure 49—Example of Burst FDD Bandwidth Allocation 25 26 27 28 29 2.6.1.3 Time Division Duplexing (TDD) 30 31 In the case of TDD, the upstream and downstream transmissions share the same frequency, but are separated 32 in time. A TDD frame also has a fixed duration and contains one downstream and one upstream subframe. 33 34 The frame is divided into an integer number of physical slots (PS), which help to partition the bandwidth 35 easily. The TDD framing is adaptive in that the bandwidth allocated to the downstream versus the upstream 36 can vary. The split between upstream and downstream is a system parameter and is controlled at higher lay- 37 ers within the system. 38 39 40 41 N PS = (Symbol Rate*Frame Length)/4 42 43 Downlink Subframe Uplink Subframe 44 45 46 47 48 49 50 51 52 Adaptive 53 PS 0 54 PS #N-1 55 56 57 Frame j-2 Frame j-1 Frame j Frame j+1 Frame j+2 58 59 60 61 Figure 50— TDD Frame Structure 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 111 IEEE 802.16.1-00/01r4, September 2000

1 2.6.1.3.1 Tx / Rx Transition Gap (TTG) 2 3 The TTG is a gap between the Downstream burst and the Upstream burst. This gap allows time for the BS to 4 5 switch from transmit mode to receive mode and SSs to switch from receive mode to transmit mode. During 6 this gap, the BS and SS are not transmitting modulated data, but it simply allows the BS transmitter carrier to 7 ramp down, the Tx / Rx antenna switch to actuate, and the BS receiver section to activate. After the TTG, the 8 BS receiver will look for the first symbols of upstream burst. The TTG has a variable duration, which is an 9 integer number of PSs. The TTG starts on a PS boundary. 10 11 12 2.6.1.3.2 Rx / Tx Transition Gap (RTG) 13 14 The RTG is a gap between the Upstream burst and the Downstream burst. This gap allows time for the BS to 15 switch from receive mode to transmit mode and SSs to switch from transmit mode to receive mode. During 16 17 this gap, BS and SS are not transmitting modulated data but simply allowing the BS transmitter carrier to 18 ramp up, the Tx / Rx antenna switch to actuate, and the SS receiver sections to activate. After the RTG, the 19 SS receivers will look for the first symbols of QPSK modulated data in the downstream burst. The RTG is an 20 integer number of PSs. The RTG starts on a PS boundary. 21 22 23 2.6.2 PHY Burst Mode Support 24 25 In the burst mode, the uplink and downlink can be multiplexed in a TDD fashion as described in 2.6.1.3 or in 26 an FDD fashion as described in 2.6.1.2. Each uses a frame with a duration as specified in section 3.3.1. 27 Within this frame are a downlink subframe and an uplink subframe. In the TDD case, the downlink subframe 28 29 comes first, followed by the uplink subframe. In the burst FDD case, the downlink and uplink subframes 30 occur simultaneously on their respective frequencies, and occupy the whole frame. In both cases, the down- 31 link subframe is prefixed with information necessary for frame synchronization. 32 33 The available bandwidth in both directions is defined with a granularity of one PHY slot (PS), which is a 34 35 multiple of 4 modulation symbols each. The number of PHY slots with each frame is a function of the mod- 36 ulation rate. The modulation rate is selected in order to obtain an integral number of PS within each frame. 37 For example, with a 20 Mbaud modulation rate, there are 5000 PS within a 1-ms frame. 38 39 2.6.3 PHY Continuous Mode Support 40 41 42 2.6.3.1 Continuous FDD Operation 43 44 In continuous FDD operation, the upstream and downstream signals have no defined framing, and they oper- 45 ate on separate frequencies, which allows all subscribers to transmit on the upstream independently of what 46 47 is being transmitted on the downstream signal. 48 49 The BS periodically transmits downstream and upstream MAP messages, which are used to syncronize the 50 upstream burst transmissions with the downstream. The usage of the mini-slots is defined by the UL-MAP 51 message, and can change according to the needs of the system. 52 53 54 2.6.4 PHY Burst Mode Support 55 56 This standard provides the capability to efficiently support either a fixed modulation level per downstream 57 carrier or an adaptively changing modulation level and FEC coding set on a per subscriber station basis. 58 59 Depending on the deployment scenario, one may be preferred over the other. When a fixed modulation level 60 is used with the downstream Mode A physical layer, there is no explicit framing mechanism needed. 61 62 The adaptive modulation/FEC capability is supported on a frame-by-frame basis when the downstream 63 Mode B physical layer is implemented. In this case, the downstream channel is divided into frames, where 64 65

This is an unapproved Task Group document being circulated for comment. 112 IEEE 802.16.1-00/01r4, September 2000

1 each frame is subdivided into an integer number of physical slots (PSs). The length of each frame, denoted 2 by Tf msec, may vary, depending on the different channel sizes. Each PS represents a multiple of 4 symbols. 3 4 The structure of the downlink subframe used by the BS to transmit to the SSs, using time division multiplex- 5 ing (TDM), is shown in Figure 51. The structure of the downlink subframe used by the BS to transmit to the 6 SSs, using Burst FDD, is shown in Figure 52. These burst structurse define the downlink physical channel. It 7 8 starts with a Frame Control Header that is always transmitted in QPSK. This frame header contains a pre- 9 amble used by the PHY for synchronization and equalization. It also contains control sections for both the 10 PHY and the MAC that is encoded with a fixed FEC scheme defined in this standard in order to ensure 11 interoperability. The Frame Control Header also may periodically contain PHY Parameters as defined in the 12 DCD. 13 14 Within the TDD downlink subframe, transmissions are organized into different modulation and FEC groups, 15 where the modulation type and FEC parameters are defined through MAC layer messaging. The PHY Con- 16 17 trol portion of the Frame Control Header contains a downlink map stating the PSs at which the different 18 modulation/FEC groups begin. Data should be transmitted in modulation order QPSK, followed by 16- 19 QAM, followed by 64-QAM. There is a Tx/Rx Transmission Gap (TTG) separating the downstream sub- 20 frame from the upstream subframe in the case of TDD. 21 22 Each SS continuously receives the entire downstream burst, decodes the data in the DS burst, and looks for 23 MAC headers indicating data for that SS. 24 25 26 27 28 29 30 31 Frame 32 33 Control Data Data Data 34 Header (QAM-4) (QAM-16) (QAM-64) 35 (QAM-4) 36 37 38 Modulation Tx/Rx 39 40 Transitions Transition 41 Gap (TDD) 42 DL Map 43 MAC 44 Preamble PHY Control 45 Control 46 47 48 Figure 51—TDD Downlink Subframe Structure 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 113 IEEE 802.16.1-00/01r4, September 2000

1 2 TDM Portion Tx/Rx 3 Transition Gap 4 (TDD Only) 5 6 7 BCCh TDM TDM TDM TDMA 8

SCh (QAM-4) QAM-4 QAM-16 QAM-64 Portion 9 10 11 12 13 CPE 1 CPE 3 CPE n CPE 2 Data 14 Data Data data (QAM- 15 (QAM- (QAM- (QAM- CPE 2) 16 Preamble CPE1) Preamble Preamble CPE 3) Preamble CPE n) 17 18 19 Burst 20 Startpoints DL Map UL Map 21 22 Preamble PHY MAC 23 Control Control 24 25 Figure 52—Burst FDD Downlink Subframe Structure 26 27 28 29 Like the TDD downlink subframe, the burst FDD subframe starts with a TDM section that is organized into 30 different modulation and FEC groups. This portion of the downlink subframe contains data transmitted to 31 SSs that are either full-duplex, are scheduled to transmit later in the frame than they receive, or are not 32 33 scheduled to transmit this frame. The downlink subframe continues with a TDMA section. This portion of 34 the downlink subframe contains data transmitted to half-duplex SSs that are scheduled to transmit earlier in 35 the frame than they receive, if any. This allows an individual SS to decode a specific portion of the down- 36 stream without the need to decode the whole DS burst. In this particular case, each transmission associated 37 with different SSs is required to start with a short preamble for phase re-synchronization. This data is 38 39 always FEC coded and is transmitted at the current operating modulation of the individual SS. The PHY 40 control portion contains a downlink map stating the PSs at which the different modulation/FEC groups begin 41 in the TDM section and stating the PS (and modulation/FEC) of each of the TDMA sub-bursts 42 43 Note that the TDD downlink subframe, which inherently contains data transmitted to SSs that can only 44 transmit later in the frame than they receive, is identical in structure to the Burst FDD downlink subframe 45 for a frame in which no half-duplex SSs are scheduled to transmit before they receive. 46 47 2.6.4.1 PHY/MAC Control 48 49 The PHY Control portion of the downlink subframe is used for physical information destined for all CPEs. 50 51 The PHY Control information is FEC encoded, but is not encrypted. The information transmitted in this sec- 52 tion is always transmitted using a well known DL Burst Type. This burst type is specified separately in each 53 PHY specification. 54 55 The PHY/MAC control section must contain a DL-MAP message for the channel followed by one UL-MAP 56 57 message for each associated uplink channel. In addition the PHY/MAC control section may contain DCD 58 and UCD messages following the last UL-MAP message. No other messages may be sent in the PHY/MAC 59 Control portion of the frame. 60 61 The MAC Control portion of the downlink subframe is used for MAC messages destined for multiple SSs. 62 63 For information directed at an individual SS, MAC messages are transmitted in the established control con- 64 nection at the operating modulation of the SS to minimize bandwidth usage. The MAC Control messages 65

This is an unapproved Task Group document being circulated for comment. 114 IEEE 802.16.1-00/01r4, September 2000

1 are FEC encoded, but are not encrypted. The information transmitted in this section is always transmitted in 2 QAM-4 and includes: 3 4 5 MAC Version Identifier 6 Uplink Map (SS/mini-slot/start symbol triplets) 7 Whether any bandwidth request contention periods (see Section TBD) are included in the frame (in UL- 8 9 MAP) 10 Starting point and length of bandwidth request contention period, if any (in UL-MAP) 11 Whether registration is allowed on this physical channel 12 13 Whether a registration contention period is included the frame (in UL-MAP) 14 Starting point and length of registration contention period, if any (in UL-MAP) 15 16 2.6.4.2 Downlink Data 17 18 19 The downlink data sections are used for transmitting data and control messages to the specific SSs. This 20 data is always FEC coded and is transmitted at the current operating modulation of the individual SS. Mes- 21 sage headers are sent unencrypted. Payloads of user data connections are encrypted. Payloads of MAC con- 22 trol connections are not encrypted. In the burst mode cases, data is transmitted in modulation order QAM-4, 23 24 followed by QAM-16, followed by QAM-64. The PHY Control portion of the Frame Control Header con- 25 tains a map stating the PS and symbol at which modulation will change. In the TDMA case, the data is 26 grouped into SS specific bursts, which do not need to be in modulation order. 27 28 If the downlink data does not fill the entire downlink subframe and the PHY mode is burst downstream, the 29 30 transmitter is shut-down. 31 32 2.6.4.3 Allowable frame times 33 34 The following table indicates the various frame times that are allowed for the current downstream Mode B 35 36 physical layer. The actual frame time used by the downstream channel can be determined by the periodicity 37 of the frame start preambles. 38 39 Table 17— Allowable frame times 40 41 42 Frame time (T ) Units 43 F 44 45 0.5 msec 46 47 1 msec 48 49 2 msec 50 51 52 Table 18—Downstream Physical Layer 53 54 2.6.5 Uplink Burst Subframe Structure 55 56 57 The structure of the uplink subframe used by the SSs to transmit to the BS is shown in Figure 53. There are 58 three main classes of MAC/TC messages transmitted by the SSs during the uplink frame: 59 60 Those that are transmitted in contention slots reserved for station registration. 61 62 Those that are transmitted in contention slots reserved for response to multicast and broadcast polls for 63 bandwidth needs. 64 Those that are transmitted in bandwidth specifically allocated to individual SSs. 65

This is an unapproved Task Group document being circulated for comment. 115 IEEE 802.16.1-00/01r4, September 2000

1 2 3 CPE Tx/Rx 4 Transition Transition 5 6 Gap Gap (TDD) 7 8 9 Registration BW Req. CPE 1 CPE N 10 11 Contention Contention Scheduled Scheduled 12 Slots Slots Data Data 13 (QAM-4) (QAM-4) (QAM-CPE 1) (QAM-CPE N) 14 15 16 17 18 19 20 21 22 23 24 25 26 27 Bandwidth Bandwidth Access BurstCollision Access Burst Collision 28 Request Request 29 30 31 Figure 53—Uplink Subframe Structure 32 33 34 2.6.5.1 Upstream Burst Mode Modulation 35 36 37 Adaptive modulation is used in the upstream, in which different users are assigned different modulation 38 types by the base station. 39 40 In the adaptive case, the bandwidth allocated for registration and request contention slots is grouped together 41 42 and is always used with QAM-4 modulation. The remaining transmission slots are grouped by SS. During 43 its scheduled bandwidth, a SS transmits with the modulation specified by the base station, as determined by 44 the effects of distance and environmental factors on transmission to and from that SS. SS Transition Gaps 45 (CTG) separate the transmissions of the various SSs during the uplink subframe. The CTGs contain a gap to 46 allow for ramping down of the previous burst, followed by a preamble allowing the BS to synchronize to the 47 48 new SS. The preamble and gap lengths are broadcast periodically in the UCD message by the base station in 49 the Frame Control Header. 50 51 2.6.6 Continuous Downstream and Upstream Structure 52 53 54 In the continuous PHY mode, the BS periodically broadcasts the Upstream MAP message (UL-MAP) on the 55 downstream, which defined the permitted usage of each upstream mini-slot within the time interval covered 56 by that MAP message (see Figure 54). The timing of the upstream bursts are based upon a downstream syn- 57 cronization message (DS-SYNC). The UL-MAP messages are transmitted approximately 250 times a sec- 58 ond, but this can vary to optimise the system’s operation. 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 116 IEEE 802.16.1-00/01r4, September 2000

1 2 3 MapUL-MAP PDU transmittedtransmitted on ondownstream downstream channel channel by the byCMTS BS 4 5 6 7 8 9 permitted use of the upstream channel 10 11 12 13 14 mini-slots 15 16 17 CM tx opportunity request contention area CM tx opportunity maintenance 18 19 20 as-yet 21 unmapped 22 previous map current map time 23 24 25 Figure 54—Continuous Downstream FDD Mapping 26 27 28 29 2.6.7 Upstream Map 30 31 32 Whether in the Burst or Continuous PHY modes, the upstream MAP message (UL-MAP) defines the usage 33 for the upstream mini-slots using a series of Information Elements (IE), which define the useage of each 34 upstream interval. The UL-MAP defines the upstream usage in terms of the offset from the prevoius IE start 35 (the lenfth) in numbers of mini-slots. 36 37 38 Each IE consists of a 16-bit Connection ID, a 4-bit type code, and a 12-bit starting mini-slot offset as defined 39 in 2.5.4. Since all SS must scan all IE within each MAP, it is critical that IEs be short and relatively fixed for- 40 mat. IEs within the MAP are strictly ordered by starting offset. For most purposes, the duration described by 41 the IE is inferred by the difference between the IE’s starting offset and that of the following IE. For this rea- 42 43 son, a Null IE shall terminate the list. 44 45 2.6.7.1 Upstream Timing 46 47 The upstream timing is based on the Upstream Time Stamp reference, which is a 29-bit counter that incre- 48 th 49 ments at a rate that is 4 times the modulation rate. It therefore has a resolution that equals ¼ of the modula- 50 tion symbol period. This allows the SS to track the BS clock with a small time offset. 51 52 The BS maintains a separate Upstream Time Stamp for each upstream at the base station. The value of the 53 BS Upstream Time Stamp is broadcast to all the SS using the Physical Channel Descriptor (UCD) message. 54 55 Each SS maintains its own Upstream Time Stamp so that it is syncronous with the BS Time stamp for the 56 upstream channel that it is using. The SS Time Stamp must change at the same rate as its BS counterpart, but 57 will be offset so that the upstream bursts arrive at the BS at the correct time. This offset is set by the BS using 58 the RNG-RSP message. 59 60 61 2.6.7.1.1 Continuous Mode Upstream Timing 62 63 The downstream MAP message (DL-MAP) in the continuous PHY mode broadcasts the Upstream Time 64 Stamp value to all SS. The Upstream Time Stamp from the BS is then used to adjust the SS internal Time 65

This is an unapproved Task Group document being circulated for comment. 117 IEEE 802.16.1-00/01r4, September 2000

1 Stamp so that it tracks the BS timing. The SS Time Stamp is offset from the BS Time Stamp by the Timing 2 Adjustment amount sent to each SS in the RNG-RSP message. The offset causes the upstream bursts arrive 3 at the BS at the proper time. After either the BS or SS Time Stamps reach the maximum value of 229-1, they 4 5 roll over to zero and continue to count. 6 7 2.6.7.1.2 Burst Mode Upstream Timing 8 9 In the burst PHY modes, at the start of each frame the Upstream Time Stamp counter in the BS is reset to 10 11 zero, while in the SS it is reset using the current Timing Adjustment value as sent from the BS using the 12 RNG-RSP message. Thus, the SS Time Stamp will be offset from the BS Time Stamp so that the upstream 13 bursts arrive at the BS at the proper time. 14 15 2.6.7.2 Upstream Mini-Slot Definition 16 17 18 The upstream bandwidth allocation MAP (UL-MAP) uses time units of “mini-slots.” The size of the mini- 19 slot (N) is specified as a number of PHY slots (PS) and is carried in the Physical Channel Descriptor for each 20 upstream channel. One mini-slot contains N PHY slots (PS), where N = 2m (where m = 0..7). Since each PS 21 contains 4 modulation symbols, the number of modulation symbols contained in one mini-slot equals 4N. 22 23 24 Practical mini-slots are expected to represent relatively few PS to allow efficient bandwidth utilization with 25 respect to the mini-slot size. Larger mini-slot sizes allow the BS to define large contention intervals (up to 26 212-1 or 4095 mini-slots) using the current UL-MAP. Note that the modulation level and hence the symbols/ 27 byte is a characteristic of an individual burst transmission, not of the channel. 28 29 30 A “mini-slot” is the unit of granularity for upstream transmission allocations. There is no implication that 31 any PDU can actually be transmitted in a single mini-slot. 32 33 In a framed mode of operation, the mini-slot represents the granularity of upstream allocation units. In the 34 35 non-frame mode, the mini-slot definition is related to a timestamp generated by the BS. Figure 55 illustrates 36 the mapping of the Upstream Time Stamp maintained in the BS to the BS Mini-slot Counter. 37 38 39 40 41 42 BS Upstream Time Stamp e x 4 4 lTim ime/ 43 (PS Tick = SymbolTime x 4) mbo bolT Sy Sym 44 45 Mini-Slot Additional BS 46 Size (2M) Resolution 47 48 28 3+M 3 0 49 50 51 52 Mini-slot Counter 53 54 0 55 28-3-M 56 Figure 55—BS System and Mini-slot Clocks 57 58 59 60 The BS and SS base the upstream allocations on a 29-bit counter that normally counts to (229 - 1) and then 61 wraps back to zero. The bits (i.e., bit 0 to bit 28-3-M) of the mini-slot counter shall match the most-signifi- 62 63 cant bits (i.e., bit 3+M to bit 28) of the DL-MAP timestamp counter. That is, mini-slot N begins at timestamp 64 65

This is an unapproved Task Group document being circulated for comment. 118 IEEE 802.16.1-00/01r4, September 2000

1 value (N*T*16), where T = 2M is theUCD multiplier that defines the mini-slot size (i.e., the number of PS 2 per mini-slot). 3 4 5 The constraint that the UCD multiplier be a power of two has the consequence that the number of PS per 6 mini-slot must also be a power of two. 7 8 2.6.7.3 Upstream Interval Definition 9 10 11 All of the Information Elements defined below shall be supported by conformant SSs. Conformant BS may 12 use any of these Information Elements when creating a U L-MAP message. 13 14 2.6.7.3.1 The Request IE 15 16 17 Via the Request IE, the Base Station specifies an upstream interval in which requests may be made for band- 18 width for upstream data transmission. The character of this IE changes depending on the type of Connection 19 ID used in the IE. If broadcast, this is an invitation for SSs to contend for requests. If unicast, this is an invi- 20 tation for a particular SS to request bandwidth. Unicasts may be used as part of a Quality of Service schedul- 21 ing scheme that is vendor dependent. PDUs transmitted in this interval shall use the Bandwidth Request 22 23 Header Format (refer to 2.5). 24 25 A small number of Priority Request CIDs are defined in 2.1. These allow contention for Request IEs to be 26 limited to service flows of a given Traffic Priority (2.3.5.5.2). 27 28 29 2.6.7.3.2 The Initial Maintenance IE 30 31 Via the Initial Maintenance IE, the Base Station specifies an interval in which new stations may join the net- 32 work. A long interval, equivalent to the maximum round-trip propagation delay plus the transmission time of 33 the Ranging Request (RNG-REQ) message, shall be provided in some UL-MAPs to allow new stations to 34 35 perform initial ranging. Packets transmitted in this interval shall use the RNG-REQ MAC Management mes- 36 sage format (refer to 2.5.5). 37 38 2.6.7.3.3 The Station Maintenance IE 39 40 41 Via the Station Maintenance IE, the Base Station specifies an interval in which stations are expected to per- 42 form some aspect of routine network maintenance, such as ranging or power adjustment. The BS may 43 request that a particular SS perform some task related to network maintenance, such as periodic transmit 44 power adjustment. In this case, the Station Maintenance IE is unicast to provide upstream bandwidth in 45 which to perform this task. Packets transmitted in this interval shall use the RNG-REQ MAC Management 46 47 message format (see 2.5.5). 48 49 2.6.7.3.4 Data Grant IEs 50 51 The Data Grant IEs provide an opportunity for a CPE to transmit one or more upstream PDUs. These IEs are 52 53 issued either in response to a request from a station, or because of an administrative policy providing some 54 amount of bandwidth to a particular station (see class-of-service discussion in Section TBD). These IEs may 55 also be used with an inferred length of zero mini slots (a zero length grant), to indicate that a request has 56 been received and is pending (a Data Grant Pending). 57 58 59 There are six different Data Grants that may be defined: Data Grants 1 through 6 are associated with IUCs 4 60 through 9 respectively. Each Data Grant description is defined in the UCD message. 61 62 If this IE is a Data Grant Pending (a zero length grant), it shall follow the NULL IE. This allows CPE 63 modems to process all actual allocations first, before scanning the Map for data grants pending and data 64 65 acknowledgments.

This is an unapproved Task Group document being circulated for comment. 119 IEEE 802.16.1-00/01r4, September 2000

1 2.6.7.3.5 Expansion IE 2 3 The Expansion IE provides for extensibility, if more than 16 code points or 32 bits are needed for future IEs. 4 5 6 2.6.7.3.6 Null IE 7 8 A Null IE terminates all actual allocations in the IE list. It is used to infer a length for the last interval. All 9 Data Acknowledge IEs and All Data Grant Pending IEs (Data Grants with an inferred length of 0) must fol- 10 11 low the Null IE. 12 13 2.6.8 MAP Relevance and Synchronization 14 15 2.6.8.1 MAP Relevance for Burst PHY Systems 16 17 18 The information in the PHY Control portion of the Frame Control Header pertains to the current frame (i.e., 19 the frame in which it was received). The information in the Uplink Subframe Map in the MAC Control por- 20 tion of the Frame Control Header pertains to the current or following frame. This timing holds for both the 21 TDD and FDD variants of the burst system. The TDD variant is shown in Figure 56 and Figure 59. The 22 23 FDD variant is shown in Figure 57 and Figure 58. 24 25 Frame n-1 Frame n Frame n+1 Frame n+2 26 27 PHY Ctrl n-1 PHY Ctrl n PHY Ctrl n+1 PHY Ctrl n+2 28 MAC Ctrl n MAC Ctrl n+1 MAC Ctrl n+2 MAC Ctrl n+3 29 ATDD Split ATDD Split ATDD Split ATDD Split 30 Frame 31 Control 32 Downlink 33 Subframe 34 35 QAM16 QAM64 QAM16 QAM64 QAM16 QAM64 36 Uplink 37 Subframe 38 39 40 Figure 56—Maximum Time Relevance of PHY and MAC Control Information (TDD) 41 42 43 44 45 46 Frame n-1 Frame n Frame n+1 Frame n+2 47 48 PHY Ctrl n-1 PHY Ctrl n PHY Ctrl n+1 PHY Ctrl n+2 49 MAC Ctrl n MAC Ctrl n+1 MAC Ctrl n+2 MAC Ctrl n+3 50 51 Frame 52 Control 53 54 Downlink 55 Subframe

56 QAM16 QAM64 QAM16 QAM64 QAM16 QAM64 57 58 Uplink 59 Subframe 60 61 Figure 57—Maximum Time Relevance of PHY and MAC Control Information (FDD) 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 120 IEEE 802.16.1-00/01r4, September 2000

1 2 Frame n-1 Frame n Frame n+1 Frame n+2

3 PHY Ctrl n-1 PHY Ctrl n PHY Ctrl n+1 PHY Ctrl n+2 4 MAC Ctrl n MAC Ctrl n+1 MAC Ctrl n+2 MAC Ctrl n+3 5 6 Frame 7 Control 8 Downlink 9 Subframe 10 11 Uplink 12 Subframe 13 14 15 16 round trip delay + T proc 17 18 Figure 58—Minimum Time Relevance of PHY and MAC Control Information (FDD) 19 20 21 22 23 24 Frame n-1 Frame n Frame n+1 Frame n+2 25 26 PHY Ctrl n-1 PHY Ctrl n PHY Ctrl n+1 PHY Ctrl n+2 MAC Ctrl MAC Ctrl MAC Ctrl MAC Ctrl n 27 n+1 n+2 n+3 ATDD Split ATDD Split ATDD Split ATDD Split 28 Frame 29 Control 30 31 Downlink 32 Subframe 33 QAM16 QAM64 QAM16 QAM64 QAM16 QAM64 34 35 Uplink 36 Subframe 37 38 39 40 Figure 59—Minimum Time Relevance of PHY and MAC Control Information (TDD) 41 42 43 44 45 46 47 2.6.8.2 MAP Relevance for Continuous PHY Systems 48 49 In the Continuous PHY system, the downstream MAP (DL-MAP) only contains the Upstream Time Stamp, 50 51 and does not define what information is being transmitted. All SS continuously search the downstream sig- 52 nal for any downstream message that is addressed to them. The Upstream MAP (UL-MAP) message in the 53 downstream contains the Time Stamp that indicates the first mini-slot that the MAP defines. 54 55 The delay from the end of the UL-MAP to the beginning of the first Upstream interval defined by the MAP 56 57 shall be greater than maximum round trip delay plus the processing time required by the SS.(see Figure 60) 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 121 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 US-MAP US-MAP US-MAP 5 6 7 Downlink 8 9 10 11 12 Uplink 13 14 15 > round trip delay + T 16 proc 17 18 Figure 60—Time Relevance of Upstream MAP Information (Continuous FDD) 19 20 21 22 23 2.7 Contention Resolution 24 25 The BS controls assignments on the upstream channel through the UL-MAP and determines which mini- 26 slots are subject to collisions. The BS may allow collisions on either requests or maintenance PDUs. This 27 section provides an overview of upstream transmission and contention resolution. For simplicity, it refers to 28 29 the decisions a SS makes, however, this is just a instructional tool. Since a SS can have multiple upstream 30 Service Flows (each with its own CID) it makes these decisions on a per service queue or per CID basis. 31 32 The mandatory method of contention resolution which shall be supported is based on a truncated binary 33 exponential back-off, with the initial back-off window and the maximum back-off window controlled by the 34 35 BS. The values are specified as part of the Upstream Bandwidth Allocation Map (UL-MAP) MAC message 36 and represent a power-of-two value. For example, a value of 4 indicates a window between 0 and 15; a value 37 of 10 indicates a window between 0 and 1023. 38 39 When a SS has information to send and wants to enter the contention resolution process, it sets its internal 40 6 41 back-off window equal to the Data Backoff Start defined in the UL-MAP currently in effect. 42 43 The SS shall randomly select a number within its back-off window. This random value indicates the number 44 of contention transmit opportunities which the SS shall defer before transmitting. A SS shall only consider 45 contention transmit opportunities for which this transmission would have been eligible. These are defined by 46 47 either Request IEs in the UL-MAP. Note: Each IE can represent multiple transmission opportunities. 48 49 As an example, consider a SS whose initial back-off window is 0 to 15 and it randomly selects the number 50 11. The SS must defer a total of 11 contention transmission opportunities. If the first available Request IE is 51 for 6 requests, the SS does not use this and has 5 more opportunities to defer. If the next Request IE is for 2 52 53 requests, the SS has 3 more to defer. If the third Request IE is for 8 requests, the SS transmits on the fourth 54 request, after deferring for 3 more opportunities. 55 56 After a contention transmission, the SS waits for a Data Grant (Data Grant Pending) in a subsequent MAP. 57 Once received, the contention resolution is complete. The SS determines that the contention transmission 58 59 was lost when it finds a MAP without a Data Grant (Data Grant Pending) for it and with an Ack time more 60 recent than the time of transmission. The SS shall now increase its back-off window by a factor of two, as 61 62 63 64 6 65 The MAP currently in effect is the MAP whose allocation start time has occurred but which includes IEs that have not occurred.

This is an unapproved Task Group document being circulated for comment. 122 IEEE 802.16.1-00/01r4, September 2000

1 long as it is less than the maximum back-off window. The SS shall randomly select a number within its new 2 back-off window and repeat the deferring process described above. 3 4 5 This re-try process continues until the maximum number of retries (16) has been reached, at which time the 6 PDU shall be discarded. Note: The maximum number of retries is independent of the initial and maximum 7 back-off windows that are defined by the BS. 8 9 If the SS receives a unicast Request or Data Grant at any time while deferring for this CID, it shall stop the 10 11 contention resolution process and use the explicit transmit opportunity. 12 13 The BS has much flexibility in controlling the contention resolution. At one extreme, the BS may choose to 14 set up the Data Backoff Start and End to emulate an Ethernet-style back-off with its associated simplicity 15 and distributed nature, but also its fairness and efficiency issues. This would be done by setting Data Backoff 16 17 Start = 0 and End = 10 in the UL-MAP. At the other end, the BS may make the Data Backoff Start and End 18 identical and frequently update these values in the UL-MAP so all SS are using the same, and hopefully opti- 19 mal, back-off window. 20 21 2.7.1 Transmit Opportunities 22 23 24 A Transmit Opportunity is defined as any mini-slot in which a SS may be allowed to start a transmission. 25 Transmit Opportunities typically apply to contention opportunities and are used to calculate the proper 26 amount to defer in the contention resolution process. 27 28 29 The number of Transmit Opportunities associated with a particular IE in a MAP is dependent on the total 30 size of the region as well as the allowable size of an individual transmission. As an example, assume a REQ 31 IE defines a region of 12 mini-slots. If the UCD defines a REQ Burst Size that fits into a single mini-slot 32 then there are 12 Transmit Opportunities associated with this REQ IE, i.e., one for each mini-slot. If theCD 33 defines a REQ that fits in two mini-slots, then there are six Transmit Opportunities and a REQ can start on 34 35 every other mini-slot. 36 37 Transmit opportunities shall not overlap and the start time of the transmit opportunity shall align with either 38 the start of the IE interval or at the end of the previous transmit opportunity. 39 40 41 2.8 Fragmentation 42 43 44 Fragmentation is the process by which a portion of a convergence sub-layer payload is divided into two or 45 more MAC PDUs. This process is undertaken to allow efficient use of available bandwidth relative to the 46 QoS requirements of a connections Service Flow. 47 48 Fragmentation may be initiated by a BS for a downlink connection. Fragmentation may be initiated by a SS 49 50 for an uplink connection. A connection may be in only one fragmentation state at any given time. A connec- 51 tion that is not in the fragmentation state shall set the FC and FSN fields of a Connection’s Service Flow to 0 52 and 0000, respectively. 53 54 The authority to fragment a traffic on a connection is defined when the connecion is created by a MSAP. 55 56 57 The fragments are set in accordance with Table 19. 58 59 The sequence number allows the receiving terminal to re-create the original payload and to detect the loss of 60 any intermediate packets. Upon loss, the receiving station shall discard all PDUs on the connection until a 61 62 new fragment is detected or a non-fragmented PDU is detected. 63 64 65

This is an unapproved Task Group document being circulated for comment. 123 IEEE 802.16.1-00/01r4, September 2000

1 Table 19—Fragmentation Rules 2 3 4 Fragment FC FSN 5 6 First Fragment 10 0000 7 8 Continuing Fragment 11 incremented modulo 16 9 10 Last Fragment 01 incremented modulo 16 11 Unfragmented 00 0000 12 13 14 15 2.9 Upstream Service 16 17 18 The following sections define the basic upstream Service Flow scheduling services and list the QoS parame- 19 ters associated with each service. A detailed description of each QoS parameter is provided in 2.3.5. 20 21 22 Table 20—Scheduling Services and Usage Rules 23 24 25 Schedul- Piggy-Back Bandwidth Pollng 26 ing Request Stealing 27 28 Type 29 UGS Not Not allowed PM bit is used to request a unicast poll for bandwidth 30 31 Alloweda needs of non-UGS connections 32 33 UGS-AD Not Allowed Not allowed Unicast polling is allowed when the flow is inactive 34 35 rtPS Allowed Allowed for GPT Scheduling only allows unicast polling 36 37 nrtPS Allowed Allowed for GPT Scheduling may restrict a service flow to unicast poll- 38 ing via the transmission/request policy; otherwise all 39 forms of polling are allowed 40 41 BE Allowed Allowed for GPT All forms of polling allowed 42 43 aAlso a function of the MAC Header 44 45 46 47 Scheduling services are designed to improve the efficiency of the poll/grant process. By specifying a sched- 48 uling service and its associated QoS parameters, the BS can anticipate the throughput and latency needs of 49 the upstream traffic and provide polls and/or grants at the appropriate times. 50 51 Each service is tailored to a specific type of data flow as described below. The basic services comprise: 52 53 Unsolicited Grant Service (UGS), Real-Time Polling Service (rtPS), Unsolicited Grant Service with Activity 54 Detection (UGS-AD), Non-Real-Time Polling Service (nrtPS) and Best Effort (BE) service. 55 56 2.9.1 Unsolicited Grant Service 57 58 59 The Unsolicited Grant Service (UGS) is designed to support real-time service flows that generate fixed size 60 data packets on a periodic basis, such as T1/E1 and Voice over IP. The service offers fixed size grants on a 61 real-time periodic basis, which eliminate the overhead and latency of SS requests and assure that grants will 62 be available to meet the flow’s real-time needs. The BS shall provide fixed size data grants at periodic inter- 63 vals to the Service Flow. In order for this service to work correctly, the Request/Transmission Policy (refer to 64 65 2.3.5.6.3) setting shall be such that the SS is prohibited from using any contention request opportunities and

This is an unapproved Task Group document being circulated for comment. 124 IEEE 802.16.1-00/01r4, September 2000

1 the BS SHOULD not provide any unicast request opportunities for that connection. Piggy-back requests 2 may be used in the GPT mode to request additional bandwidth for a different connection using the Band- 3 width Request Header. This will result in the SS only using unsolicited data grants for upstream transmission 4 5 on that connection. All other bits of the Request/Transmission Policy are not relevant to the fundamental 6 operation of this scheduling service and should be set according to network policy. The key service informa- 7 tion elements are the Unsolicited Grant Size, the Nominal Grant interval, the Tolerated Grant Jitter and the 8 Request/Transmission Policy. (Refer to TBD) 9 10 11 The Grant Management fields in the Generic MAC Header (refer to Figure 13) is used to pass status infor- 12 mation from the SS to the BS regarding the state of the UGS Service Flow. The most significant bit of the 13 Bandwidth Management field is the Slip Indicator (SI) bit. The SS shall set this flag once it detects that this 14 Service Flow has exceeded its transmit queue depth. Once the SS detects that the Service Flow's transmit 15 queue is back within limits, it shall clear the SI flag. The flag allows the BS to provide for long term com- 16 17 pensation for conditions such as lost maps or clock rate mismatch’s by issuing additional grants. 18 19 The BS shall not allocate more grants per Nominal Grant Interval than the Grants Per Interval parameter of 20 the Active QoS Parameter Set, excluding the case when the SI bit of the Bandwidth Management field is set. 21 In this case, the BS may grant up to 1% additional bandwidth for clock rate mismatch compensation. The 22 23 active grants field of the Bandwidth Management field is ignored with UGS service. 24 25 2.9.2 Real-Time Polling Service 26 27 The Real-Time Polling Service (rtPS) is designed to support real-time service flows that generate variable 28 29 size data packets on a periodic basis, such as MPEG video. The service offers real-time, periodic, unicast 30 request opportunities, which meet the flow's real-time needs and allow the SS to specify the size of the 31 desired grant. This service requires more request overhead than UGS, but supports variable grant sizes for 32 optimum data transport efficiency. 33 34 35 The BS shall provide periodic unicast request opportunities. In order for this service to work correctly, the 36 Request/Transmission Policy setting (refer to 2.3.5.6.3) shall be such that the SS is prohibited from using 37 any contention request opportunities for that connection. The BS may issue unicast request opportunities as 38 prescribed by this service even if a grant is pending. This will result in the SS using only unicast request 39 opportunities in order to obtain upstream transmission opportunites (the SS could still use unsolicited data 40 41 grants for upstream transmission as well). All other bits of the Request/Transmission Policy are not relevant 42 to the fundamental operation of this scheduling service and should be set according to network policy. The 43 key service information elements are the Nominal Polling Interval, the Tolerated Poll Jitter and the Request/ 44 Transmission Policy. 45 46 47 2.9.3 Unsolicited Grant Service with Activity Detection 48 49 The Unsolicited Grant Service with Activity Detection (UGS/AD) is designed to support UGS flows that 50 may become inactive for substantial portions of time (i.e. tens of milliseconds or more), such as Voice over 51 IP with silence suppression. The service provides Unsolicited Grants when the flow is active and unicast 52 53 polls when the flow is inactive. This combines the low overhead and low latency of UGS with the efficiency 54 of rtPS. Though USG/AD combines UGS and rtPS, only one scheduling service is active at a time. 55 56 The BS shall provide periodic unicast grants, when the flow is active, but shall revert to providing periodic 57 unicast request opportunities when the flow is inactive. (The BS can detect flow inactivity by detecting 58 59 unused grants. However, the algorithm for detecting a flow changing from an active to an inactive state is 60 dependent on the BS implementation). In order for this service to work correctly, the Request/Transmission 61 Policy setting (refer to 2.3.5.6.3) shall be such that the SS is prohibited from using any contention request a 62 opportunities. This results in the SS using only unicast request opportunities in order to obtain upstream 63 transmission opportunities. However, the SS will use unsolicited data grants for upstream transmission as 64 65 well. All other bits of the Request/Transmission Policy are not relevant to the fundamental operation of this

This is an unapproved Task Group document being circulated for comment. 125 IEEE 802.16.1-00/01r4, September 2000

1 scheduling service and should be set according to network policy. The key service parameters are the Nom- 2 inal Polling Interval, the Tolerated Poll Jitter, the Nominal Grant Interval, the Tolerated Grant Jitter, the 3 Unsolicited Grant Size and the Request/Transmission Policy. 4 5 6 In UGS-AD service, when restarting UGS after an interval of rtPS, the BS SHOULD provide additional 7 grants in the first (and/or second) grant interval such that the SS receives a total of one grant for each grant 8 interval from the time the SS requested restart of UGS, plus one additional grant. Because the Service Flow 9 is provisioned as a UGS flow with a specific grant interval and grant size, when restarting UGS, the SS shall 10 11 not request a different sized grant than the already provisioned UGS flow. As with any Service Flow, 12 changes can only be requested with a DSC command. 13 14 The Bandwidth Management Field allows for the SS to dynamically state how many grants per interval are 15 required to support the number of flows with activity present. In UGS/AD, the SS may use the Slip Indicator 16 17 Bit in the Bandwidth Management Field. The remaining seven bits of the Bandwith Management Field 18 define the Active Grants field. This field defines the number of grants within a Nominal Grant Interval that 19 this Service Flow currently requires. When using UGS/AD, the SS shall indicate the number of requested 20 grants per Nominal Grant Interval in this field. The Active Grants field is ignored with UGS without Activity 21 Detection. This field allows the SS to signal to the BS to dynamically adjust the number of grants per inter- 22 23 val that this UGS Service Flow is actually using. The SS shall not request more than the number of Grants 24 per Interval in the ActiveQoSParameterSet. 25 26 2.9.4 Non-Real-Time Polling Service 27 28 29 The Non-Real-Time Polling Service (nrtPS) is designed to support non real-time service flows that require 30 variable size data grants on a regular basis, such as high bandwidth FTP. The service offers unicast polls on a 31 regular basis which assures that the flow receives request opportunities even during network congestion. 32 The BS typically polls nrtPS CIDs on an (periodic or non-periodic) interval on the order of one second or 33 less. 34 35 36 The BS shall provide timely unicast request opportunities. In order for this service to work correctly, the 37 Request/Transmission Policy setting (refer to 2.3.5.6.3) SHOULD be such that the SS is allowed to use con- 38 tention request opportunities. This will result in the SS using contention request opportunities as well as uni- 39 cast request opportunities and unsolicited data grants. All other bits of the Request/Transmission Policy are 40 41 not relevant to the fundamental operation of this scheduling service and should be set according to netowrk 42 policy. The key service elements are Nominal Polling Interval, Minimum Reserved Traffic Rate, Maximum 43 Sustained Traffic Rate, Request/Transmission Policy and Traffic Priority. 44 45 2.9.5 Best Effort Service 46 47 48 The intent of the Best Effort (BE) service is to provide efficient service to best effort traffic. In order for this 49 service to work correctly, the Request/Transmission Policy setting SHOULD be such that the SS is allowed 50 to use contention request opportunities. This will result in the SS using contention request opportunities as 51 well as unicast request opportunities and unsoliced data grants. All other bits of the Request/Transmission 52 53 Policy are not relevant to the fundamental operation of this scheduling service and should be set according to 54 network policy. The key service elements are the Minimum Reserved Traffic Rate, the Maximum Sustained 55 Traffic Rate, and the Traffic Priority. 56 57 58 2.10 Bandwidth Allocation and Request Mechanisms 59 60 Note that at registration every SS is assigned two dedicated CIDs for the purpose of sending and receiving 61 62 control messages. Two connections are used to allow differentiated levels of QoS to be applied to the differ- 63 ent connections carrying MAC management traffic. Increasing (or decreasing) bandwidth requirements is 64 necessary for all services except uncompressible constant bit rate UGS connections. The needs of uncom- 65

This is an unapproved Task Group document being circulated for comment. 126 IEEE 802.16.1-00/01r4, September 2000

1 pressible UGS connections do not change between connection establishment and termination. The require- 2 ments of compressible UGS connections, such as channelized T1, may increase or decrease depending on 3 traffic. DAMA services are given resources on a demand assignment basis, as the need arises. 4 5 6 When a SS needs to ask for bandwidth on a connection with Best Effort scheduling service, it sends a mes- 7 sage to the BS containing the immediate requirements of the DAMA connection. QoS for the connection 8 was established at connection establishment and is looked-up by the BS. 9 10 11 There are numerous methods by which the SS can get the bandwidth request message to the BS. 12 13 2.10.1 Requests 14 15 Requests refer to the mechanism that SSs use to indicate to the BS that it needs upstream bandwidth alloca- 16 17 tion. A Request may come as a stand-alone Bandwidth Request Header or it may come as a piggyback 18 request (refer to Section 2.5). 19 20 Because the modulation format of the upstream can dynamically change, all requests for bandwidth shall be 21 made in terms of the number of bytes needed to carry the MAC header and payload, but not the PHY layer 22 23 overhead.The Bandwidth Request Message may be transmitted during any of the following intervals: 24 25 Request IE 26 27 Any Data Grant IE 28 29 The number of bytes requested shall be the total number that are desired by the SS for the connection at the 30 time of the request (excluding any physical layer overhead), subject to UCD and administrative limits. 31 32 Regarding the grant of the bandwidth requested, there are two modes of operation for SSs: Grant per Con- 33 34 nection mode (GPC) and Grant per Terminal mode (GPT). In the first case, the BS grants bandwidth explic- 35 itly to each connection, whereas in the second case the bandwidth is granted to all the connections belonging 36 to the SS. The latter case (GPT) allows smaller UL maps and more intelligent SSs to take last moment deci- 37 sions and perhaps utilize the bandwidth differently than it was originally granted by the BS, which may be 38 useful for real-time applications that require a faster response from the system. 39 40 41 In GPC mode, the SS shall have only one request outstanding at a time per Connection ID. If the BS does not 42 immediately respond with a Data Grant, the SS is able to unambiguously determine that its request is still 43 pending because the BS shall continue to issue a Data Grant Pending in every MAP for as long as a request 44 is unsatisfied. In GPT mode, additional requests or re-requests are based on timers and Data Grant Pending 45 46 is not required. In GPC mode all requests are incremental. In GPT mode most requests are incremental, but 47 the SS periodically issues aggregate requests (total data pending in queue), resetting the base station's per- 48 ception of the connection's needs. Piggyback requests are always incremental 49 50 The BS shall be able to support both modes of operation. A SS may operate in either of the two modes, 51 52 depending on its capabilities. The mode of operation shall be agreed upon Registration and shall not change 53 during operation time. 54 55 2.10.1.1 Grants per Connection (GPC) mode 56 57 58 When a SS is operating in GPC mode, if the BS does not immediately respond with a Data Grant, the SS is 59 able to unambiguously determine that its request is still pending because the BS shall continue to issue a 60 Data Grant Pending in every MAP for as long as a request is unsatisfied. 61 62 The procedure followed by SSs operating in GPC mode is shown in Figure 61 63 64 65

This is an unapproved Task Group document being circulated for comment. 127 IEEE 802.16.1-00/01r4, September 2000

1 2 . 3 4 Start 5 Discard 6 untransmitted portion of SDU 7 Yes 8 Await SDU 9 arrival 10 11 12 Request Bandwidth for 13 CIDx 14 Backoff and re- Retries request for No 15 exhausted? untransmitted 16 portion of SDU 17 Process MAP Information 18 Yes Elements 19 No 20 21

22 Yes Send 23 untransmitted Ack time Data Grant Grant for protion of SDU No No 24 expired? Pending? CIDx? with piggyback 25 field = 0 26 27 Yes No 28 29 30 Grant smaller Fragmentation Another 31 than Request allowed for Yes No SDU in or Request 32 CIDx? queue? 33 No remainder? 34 35 36 Yes 37 Yes 38 Send 39 untransmitted Discard grant or Apply protion of SDU 40 send up request fragmentation with request for in granted slot rules for CIDx next SDU in 41 piggyback field 42 43 44 45 46 . 47 48 Figure 61—SS GPC mode flowchart 49 50 51 2.10.1.2 Grants per Terminal (GPT) mode 52 53 For SSs operating in GPT mode, the bandwidth allocation is issued to its Basic CID and not explicitly to 54 55 individual CIDs. Since it is non-deterministic which request is being honored in this scheme, when certain 56 connection receives a shorter or null opportunity to transmit (i.e. scheduler decision, request message lost, 57 etc.), no explicit reason is given. In any case, based on the latest information received from the BS and the 58 status of the request, the SS may decide to perform backoff and request again or to discard the frame. 59 60 61 The procedure followed by SSs operating in GPT mode is shown in Figure 62 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 128 IEEE 802.16.1-00/01r4, September 2000

1 2 3 . 4 Start 5 Discard untransmitted 6 portion of SDU

7 Await SDU 8 arrival 9 10 Request 11 Bandwidth for 12 CIDx 13 14 Process MAP 15 Information Elements 16 Yes 17 18 Backoff and re- 19 request for Grant for untransmitted Basic CID? 20 No portion of queue 21

22 Yes 23

24 No Process Basic CID Grant and assign 25 No bandwidth to the 26 outstanding requests 27 28 Send untransmitted Retries Ack time Bandwidth protion of SDU 29 Yes No exhausted? expired? for CIDx? with piggyback 30 field = 0 31

32 Yes No 33 34 Grant smaller 35 Fragmentation Another than Request allowed for Yes No SDU in 36 or Request No CIDx? queue? 37 remainder? 38 39 Yes 40 Yes Send 41 untransmitted Discard grant or Apply protion of SDU 42 send up request fragmentation with request for in granted slot rules for CIDx queue contents 43 in piggyback field 44 45 46 . 47 48 Figure 62—SS GPT mode flowchart 49 50 51 52 2.10.2 Polling 53 54 Polling is the process by which the BS allocates to the SSs bandwidth specifically for the purpose of making 55 56 bandwidth requests. These allocations may be to individual SSs or to groups of SSs. Allocations to groups of 57 connections and/or SSs actually define bandwidth request contention IEs. The allocations are not in the form 58 of an explicit message, but are contained as a series of Information Elements (IE) within the upstream MAP. 59 60 Note that polling is done on either a SS or connection basis. Bandwidth is always requested on a CID basis 61 62 and bandwidth is allocated on either a connection (GPC mode) or SS (GPT mode) basis, based on the SS 63 capability. 64 65

This is an unapproved Task Group document being circulated for comment. 129 IEEE 802.16.1-00/01r4, September 2000

1 2.10.2.1 Unicast 2 3 When a SS is polled individually, no explicit message is transmitted to poll the SS. Rather, the SS is allo- 4 5 cated, in the upstream MAP, bandwidth sufficient to respond with a bandwidth request. If the SS does not 6 need bandwidth, it returns a request for 0 bytes (Note that 0 byte requests are only used in the individual 7 polling case since explicit bandwidth for a reply has been allocated.). SSs operating in GPT mode, which 8 have an active UGS connection of sufficient bandwidth, may not be polled individually unless they set the 9 Poll Me (PM) bit in the header of a packet on the UGS connection. Only inactive SSs and SSs explicitly 10 11 requesting to be polled will be polled individually. This saves bandwidth over polling all SSs individually. 12 Active SSs respond to polling at their current upstream modulation, while inactive SSs must respond at 13 QAM-4 to ensure their transmission is robust enough to be detected by the BS. 14 15 The information exchange sequence for individual polling is shown in Figure 63. 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 130 IEEE 802.16.1-00/01r4, September 2000

1 2 3 Individual Polling 4 of CPEs 5 6 7 8 More BW available for 9 No 10 individual 11 polling? 12 13 Yes 14 15 Initiate multicast 16 Unpolled CPEs and broadcast 17 Yes with poll me bit polling algorithm. set? 18 19 20 No 21 22 At CPE's operational 23 modulation Set up poll to SS’s withUnpolled, expired individual CPE & Yes 24 inactivepolling interval? CPEs? 25 mark as polled. 26 27 No 28 PHY/MAC QAM-4 QAM-16 QAM-64 29 CONTROL Data Data Data 30 31 PHY MAC Preamble 32 Control Control 33 Were any 34 individual polls No 35 Uplink Map set up? 36 37 CPE k additional BW Allocation 38 Yes 39 40 Await individual 41 Reg Cont BW Req CPE-1 CPE-2 CPE N BW requests in 42 Slots Slots Data Data Data scheduled CPE 43 uplink time. 44 45 BW Request 46 47 48 BW Requests? No 49 50 51 PHY/MAC QAM-4 QAM-16 QAM-64 52 CONTROL Data Data Data Yes 53 54 PHY MAC Use BW allocation Preamble 55 Control Control algorithm & 56 change uplink 57 subframe map. 58 Uplink Map 59 60 61 CPE k BW Done 62 Allocation 63 64 Figure 63—Unicast Polling 65

This is an unapproved Task Group document being circulated for comment. 131 IEEE 802.16.1-00/01r4, September 2000

1 2.10.2.2 Multicast and Broadcast 2 3 If there are more SSs that are inactive than there is bandwidth available for individual polling, some SSs may 4 5 be polled in multicast groups and a broadcast poll may be issued. Certain CIDs are reserved for multicast 6 groups and for broadcast messages, as described in Table 1. As with individual polling, the poll is not an 7 explicit message but bandwidth allocated in the upstream MAP. The difference is that rather than associating 8 allocated bandwidth with a SS's Basic CID, the allocation is to a multicast or broadcast CID. 9 10 11 12 Table 21—Sample Upstream MAP with Multicast and Broadcast IE 13 14 Interval Description Upstream MAP Information Element Fields 15 16 CID UIUC Offset 17 18 (16 bits) (4 bits) (12 bits) 19 20 Initial Ranging 0000 2 0 21 22 Multicast group 0xFFC5 Bandwidth Request 0xFFC5 1 405 23 Multicast group 0xFFDA Bandwidth Request 0xFFDA 1 200 24 25 Broadcast Bandwidth Request 0xFFFF 1 200 26 27 SS 5 Uplink Grant 0x007B 4 156 28 29 SS 21 Uplink Grant 0x01C9 7 75 30 31 **** 32 33 **** 34 35 **** 36 37 38 39 When the poll is directed at a multicast or broadcast CID, SSs belonging to the polled group may request 40 bandwidth Request Intervals allocated in the upstream frame. With multicast and broadcast polling, to 41 reduce the likelihood of collision, only SS's needing bandwidth reply. Zero-length bandwidth requests are 42 not allowed in multicast or broadcast Request intervals. SSs always transmit using the modulation defined 43 in the burst profile in the Request intervals. This will typically be at QPSK modulation. 44 45 46 If the BS does not respond with an error message or a bandwidth allocation within the expiration of timer 47 MT5, the SS assumes a collision has occurred and uses a truncated binary exponential back-off algorithm 48 (see 2.7) to try at another contention opportunity. The multicast and broadcast polling process is shown in 49 Figure 64. 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 132 IEEE 802.16.1-00/01r4, September 2000

1 2 3 Multicast and 4 broadcast polling 5 6 7 8 Bandwidth 9 Yes available for 10 multicast polls? 11 12 Poll next multicast 13 group in MAC No 14 Control block 15 16 Bandwidth 17 available for 18 broadcast polls? 19 20 21 PHY/MAC QAM-4 QAM-16 QAM-64 CONTROL Data Data Data Yes 22 23 No PHY MAC 24 Preamble Control Control Place broadcast 25 poll in MAC 26 Control block 27 Uplink Map 28 29 30 Multicast or 31 Broadcast Poll 32 Multicast or 33 broadcast polls No 34 set up? 35 36 Reg Cont BW Req CPE-1 CPE-2 CPE N Yes 37 Slots Slots Data Data Data 38 39 Monitor BW 40 Request 41 Contention Slots for BW requests 42 43 Collision CPE ID 44 BW Requests Connection ID 45 Amount 46 47 Valid (non- 48 collision) BW No 49 requests PHY/MAC QAM-4 QAM-16 QAM-64 50 CONTROL Data Data Data 51 52 Yes PHY MAC 53 Preamble Control Control 54 Use BW allocation 55 algorithm & change uplink 56 Uplink Map 57 subframe map. 58 59 CPE k BW 60 Allocation 61 62 Done 63 64 Figure 64—Multicast and Broadcast Polling 65

This is an unapproved Task Group document being circulated for comment. 133 IEEE 802.16.1-00/01r4, September 2000

1 2.10.3 Poll-Me Bit 2 3 SSs with currently active USG connections may set the poll me bit (bit PM in the MAC header GM field) in 4 5 a MAC packet of the USG connection to indicate to the BS that they need polled to request bandwidth. To 6 reduce the bandwidth requirements of individual polling, SSs with active USG connections need be individ- 7 ually polled only if the Poll-Me bit is set (or if the interval of the USG is too long to satisfy the QoS of the 8 SSs other connections). Once the BS detects this request for polling, the process for individual polling is 9 used to satisfy the request. The procedure by which a SS stimulates the BS to poll it is shown in Figure 65. 10 11 To minimize the risk of the BS missing the poll me bit, the SS may set the bit in all USG MAC headers in the 12 frame. 13 14 15 Poll Me Bit Usage 16 17 18 19 20 Piggybacking Attempt 21 & BW Stealing piggybacking & No 22 exhausted? BW Stealing first 23 24 25 Yes 26 27 28 29 30 31 USG Packet 32 available? 33 34 35 36 Yes 37 38 39 Set PM=1 in 40 No MAC header 41 42 43 44 45 46 47 Done 48 49 50 Figure 65—Poll Me Bit Usage 51 52 53 54 55 2.11 Network Entry and Initialization 56 57 The procedure for initialization of a SS shall be as shown in Figure 66. This figure shows the overall flow 58 59 between the stages of initialization in a SS. This shows no error paths, and is simply to provide an overview 60 of the process. The more detailed finite state machine representations of the individual sections (including 61 error paths) are shown in the subsequent figures. Timeout values are defined in 2.2. 62 63 The procedure can be divided into the following phases: 64 65

This is an unapproved Task Group document being circulated for comment. 134 IEEE 802.16.1-00/01r4, September 2000

1 Scan for downstream channel and establish synchronization with the BS. 2 Obtain transmit parameters (from CD message) 3 4 Perform ranging 5 Establish IP connectivity 6 Establish time of day 7 8 Transfer operational parameters 9 Perform registration 10 Privacy initialization (if provisioned to utilize Privacy capabilities) 11 12 13 Each SS contains the following information when shipped from the manufacturer: 14 15 A unique 48-bit MAC address which is assigned during the manufacturing process. This is used to iden- 16 17 tify the SS to the various provisioning servers during initialization. 18 Security information as defined in 2.14 (e.g., X.509 certificate) used to authenticate the SS to the security 19 server and authenticate the responses from the security and provisioning servers. 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 135 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 Scan for 5 Downstream Time of Day 6 Channel Established 7 8 9 Downstream 10 Sync Transfer 11 Established Operational 12 Parameters 13 14 15 Obtain 16 Upstream Transfer 17 Parameters Complete 18 19 20 Upstream 21 Parameters Register 22 Aquired with 23 CMTSBS 24 25 26 Ranging & Automatic 27 Registration Adjustments 28 Complete 29 30 31 Ranging & 32 Auto Adj Complete No Privacy 33 *1 *1: Enabled 34 Baseline Privacy 35 enabled 36 Establish Yes 37 IP 38 Connectivety 39 Baseline 40 Privacy 41 Initialization 42 IP 43 Complete 44 Baseline 45 Privacy 46 Initialized 47 Establish 48 Time of 49 Day 50 51 Operational 52 53 54 Figure 66— SS Initialization Overview 55 56 57 58 2.11.1 Scanning and Synchronization to Downstream 59 60 61 On initialization or after signal loss, the SS shall acquire a downstream channel. The SS shall have non-vol- 62 atile storage in which the last operational parameters are stored and shall first try to re-acquire this down- 63 stream channel. If this fails, it shall begin to continuously scan the possible channels of the downstream 64 frequency band of operation until it finds a valid downstream signal. 65

This is an unapproved Task Group document being circulated for comment. 136 IEEE 802.16.1-00/01r4, September 2000

1 2.11.2 Scanning and Synchronization to Downstream 2 3 On initialization or after signal loss, the SS shall acquire a downlink channel. The SS shall have non-volatile 4 5 storage in which the last operational parameters are stored and shall first try to re-acquire this downstream 6 channel. If this fails, it shall begin to continuously scan the possible channels of the downlink frequency 7 band of operation until it finds a valid downlink signal. Once the Transmission Convergence Sublayer has 8 achieved synchronization, as defined in >>>TBD: PHY-Specific acquisition<<<, the MAC Sublayer shall 9 attempt to acquire the downlink channel parameters. 10 11 12 A downstream signal is considered to be valid when the SS has achieved the following steps: 13 14 a) synchronization of the modulation symbol timing 15 b) synchronization of the convolutional decoder if present 16 17 c) synchronization of the FEC framing 18 d) synchronization of the MPEG packetization 19 e) recognition of PCD MAC messages 20 21 This implies that it has locked onto the correct frequency, equalized the downstream channel, recovered any 22 23 PMD sublayer framing and the FEC is operational (refer to Section TBD). At this point, a valid bit stream is 24 being sent to the transmission convergence sublayer. The transmission convergence sublayer performs its 25 own synchronization. On detecting the well-known BWA PID, along with a payload unit start indicator per 26 [H.222], it delivers the MAC frame to the MAC sublayer. 27 28 29 2.11.3 Obtain Downlink Parameters 30 31 The MAC sublayer shall search for the DL-MAP MAC management messages. The CPE achieves MAC 32 synchronization once it has received at least one DL-MAP messages for the same Upstream Channel ID. A 33 CPE MAC remains in synchronization as long as it continues to successfully receive the UCD and DCD 34 35 messages for its Channel. If the Lost SYNC Interval (refer to Section 2.2) has elapsed without a valid UCD 36 or DCD message, a CPE shall not use the upstream and shall try to re-establish synchronization again. 37 38 2.11.4 Obtain Upstream Parameters 39 40 41 Refer to Figure 67. After synchronization, the SS shall wait for a Physical Channel Descriptor message 42 (UCD) from the BS in order to retrieve a set of transmission parameters for a possible upstream channel. 43 These messages are transmitted periodically from the BS for all available upstream channels and are 44 addressed to the MAC broadcast address. The SS shall determine whether it can use the upstream channel 45 from the channel description parameters. 46 47 48 The SS shall collect all UCDs which are different in their channel ID field to build a set of usable channel 49 IDs. If no channel can be found after a suitable timeout period, then the SS shall continue scanning to find 50 another downstream channel. 51 52 53 The SS shall determine whether it can use the upstream channel from the channel description parameters. If 54 the channel is not suitable, then the SS shall try the next channel ID until it finds a usable channel. If the 55 channel is suitable, the SS shall extract the parameters for this upstream from the UCD. It then shall wait for 56 the next DL-MAP message and extract the upstream mini-slot timestamp from this message. The SS then 57 shall wait for a bandwidth allocation map for the selected channel. It may begin transmitting upstream in 58 59 accordance with the MAC operation and the bandwidth allocation mechanism. 60 61 The SS shall perform initial ranging at least once per Figure 68. If initial ranging is not successful, then the 62 next channel ID is selected, and the procedure restarted from UCD extraction. When there are no more chan- 63 nel IDs to try, then the SS shall continue scanning to find another downstream channel. 64 65

This is an unapproved Task Group document being circulated for comment. 137 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 138 IEEE 802.16.1-00/01r4, September 2000

1 Collect UCD 2 Messages 3 4 5 6 Build channel list Timeout 7 T1 8 End of 9 Yes channel 10 list? 11 Select first 12 channel Scanning 13 14 Select next 15 channel 16 W ait for usable 17 UCD 18 19 20 21 Good upstream descriptor 22 23 24 25 Wait for DL-MAPSYNC 26 27 28 29 SYNC 30 31 32 33 Extract upstream 34 m inislot timing No 35 36 UL-MAP 37 Wait for UL-MAPmap 38 for this channel 39 40

41 Map for selected 42 channel 43 44 45 46 Initial 47 Ranging 48 49 50 Initial 51 Ranging 52 Successful 53 ? 54 55 56 Yes 57 58 Station 59 Maintenance 60 61 62 63 64 65 Figure 67— Obtaining Upstream Parameters

This is an unapproved Task Group document being circulated for comment. 139 IEEE 802.16.1-00/01r4, September 2000

1 2.11.5 Message Flows During Scanning and Upstream Parameter Acquisition 2 3 The BS shall generate DL-MAP and UCD messages on the downstream at periodic intervals within the 4 5 ranges defined in 2.2. These messages are addressed to all SSs. Refer to the following tables and figures. 6 7 8 Table 22—Message Flows During Scanning and Upstream Parameter Acquisition 9 10 BS SS 11 12 13 clock time to send DL-MAP ------DL-MAP------> | 14 15 clock time to send UCD ------UCD------> | 16 17 | 18 clock time to send DL-MAP ------DL-MAP------> | 19 20 | Example of a UCD cycle 21 | prior to SS power-on 22 23 | 24 clock time to send DL-MAP ------DL-MAP------> | 25 26 | 27 | 28 29 | 30 clock time to send DL-MAP ------DL-MAP------> | 31 32 | 33 | 34 35 clock time to send DL-MAP ------DL-MAP------> 36 clock time to send UCD ------UCD------> 37 38 39 40 41 clock time to send DL-MAP ------DL-MAP------> 42 power on sequence complete 43 44 45 clock time to send DL-MAP ------DL-MAP------> 46 47 establish PHY synchronization 48 & wait for UCD 49 50 51 clock time to send DL-MAP ------DL-MAP------> 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 140 IEEE 802.16.1-00/01r4, September 2000

1 Table 22—Message Flows During Scanning and Upstream Parameter Acquisition 2 3 BS SS 4 5 6 clock time to send DL-MAP ------DL-MAP------> 7 8 clock time to send UCD ------UCD------> 9 obtain parameters for this upstream 10 channel to use for initialization 11 12 clock time to send DL-MAP ------DL-MAP------> 13 extract slot info for upstream & wait for 14 transmit opportunity to perform ranging 15 16 clock time to send DL-MAP ------DL-MAP------> 17 18 19 clock time to send UL-MAP ------UL-MAP------> 20 start ranging process 21 22 23 24 2.11.6 Initial Ranging and Automatic Adjustments 25 26 Ranging is the process of acquiring the correct timing offset such that the ’s transmissions are aligned to a 27 symbol that marks the beginning of a Mini-slot boundary. The timing delays through the PHY layer shall be 28 29 relatively constant. Any variation in the PHY delays shall be accounted for in the guard time of the upstream 30 PHY layer overhead. 31 32 First, a SS shall synchronize to the downstream and learn the upstream channel characteristics through the 33 Physical Channel Descriptor MAC management message. At this point, the SS shall scan the UL-MAP mes- 34 35 sage to find an Initial Maintenance Region. The BS shall make an Initial Maintenance region large enough to 36 account for the variation in delays between any two SSs (maximum round trip propagation delay due to cell 37 size plus maximum allowable implementation delay). 38 39 The SS shall put together a Ranging Request message to be sent in an Initial Maintenance region. The CID 40 41 field shall be set to the non-initialized SS value (zero). 42 43 Ranging adjusts each SS’s timing offset such that it appears to be co-located with the BS. The SS shall set its 44 initial timing offset to the amount of internal fixed delay equivalent to co-locating the SS next to the BS. This 45 amount includes delays introduced through a particular implementation, and shall include the downstream 46 47 PHY interleaving latency, if any. 48 49 When the Initial Maintenance transmit opportunity occurs, the SS shall send the Ranging Request message. 50 Thus, the SS sends the message as if it was co-located with the BS. 51 52 53 Once the BS has successfully received the Ranging Request message, it shall return a Ranging Response 54 message addressed to the individual SS. Within the Ranging Response message shall be a temporary CID 55 assigned to this SS until it has completed the registration process. The message shall also contain informa- 56 tion on RF power level adjustment and offset frequency adjustment as well as any timing offset corrections. 57 58 59 The SS shall now wait for an individual Station Maintenance region assigned to its temporary CID. It shall 60 now transmit a Ranging Request message at this time using the temporary CID along with any power level 61 and timing offset corrections. 62 63 The BS shall return another Ranging Response message to the SS with any additional fine tuning required. 64 65 The ranging request/response steps shall be repeated until the response contains a Ranging Successful notifi-

This is an unapproved Task Group document being circulated for comment. 141 IEEE 802.16.1-00/01r4, September 2000

1 cation or the BS aborts ranging. Once successfully ranged, the SS shall join normal data traffic in the 2 upstream. In particular, state machines and the applicability of retry counts and timer values for the ranging 3 process are defined in Table 2. 4 5 6 Note: The burst type to use for any transmission is defined by the Uplink Interval Usage Code (UIUC). Each 7 UIUC is mapped to a burst type in the UCD message. 8 9 10 The message sequence chart and flow charts on the following pages define the ranging and adjustment pro- 11 cess which shall be followed by compliant SSs and BSs. 12 13 14 Table 23—Ranging and Automatic Adjustments Procedure 15 16 17 BS SS 18 19 20 [time to send the Initial Maintenance 21 opportunity] 22 send map containing Initial Maintenance ------UL-MAP------> 23 information element with a broadcast/mul- ticast Connection ID 24 25 <------RNG-REQ------transmit ranging packet in contention 26 mode with Connection ID parameter = 0 27 28 [receive recognizable ranging packet] 29 30 allocate temporary Connection ID 31 send ranging response ------RNG-RSP------> 32 add temporary Connection ID to poll list store temporary Connection ID & adjust 33 other parameters 34 35 36 [time to send the next map] 37 send map with Station Maintenance infor------UL-MAP------> recognize own temporary Connection 38 mation element to SS using temporary ID in map 39 CID 40 <------RNG-REQ------reply to Station Maintenance opportu- 41 nity poll 42 send ranging response ------RNG-RSP------> 43 44 adjust local parameters 45 [time to send an Initial Maintenance 46 opportunity] send map containing Initial 47 Maintenance information element with a broadcast/multicast Connection ID 48 49 send periodic transmit opportunity to ------UL-MAP------> 50 broadcast address 51 52 53 Note: The BS shall allow the SS sufficient time to have processed the previous RNG-RSP (i.e., to modify the transmitter 54 55 parameters) before sending the SS a specific ranging opportunity. This is defined as SS Ranging Response Time in 2.2. 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 142 IEEE 802.16.1-00/01r4, September 2000

1 Ranging Request is within the tolerance of the BS. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 143 IEEE 802.16.1-00/01r4, September 2000

1 2 Wait for broadcast 3 maintenance 4 opportunity 5 6 7 8 Time out T2 9 Map with 10 maintenance opportunity 11 12 13 14 15 Send 16 Error RNG-REQ 17 Re-initialize MAC 18 19 20 21 Wait for 22 RNG-RSP 23 24 25 26 27 Time out T3 RNG-RSP 28 29 30 31 32 Retries Adjust local 33 Y exhausted parameters per 34 ? RNG-RSP 35 36 N 37 38 Wait for unicast Random Backoff 39 maintenance Error (Note) opportunity 40 Re-initialize MAC 41 42 43 44 Time to increase 45 Y power? 46 (Note) 47 48 Increase local power 49 50 N 51 52 53 Wait for 54 broadcast ranging 55 opportunity 56 57 58 Note: Timeout T3 may occur because the RNG-REQs from multiple SSs collided. 59 To avoid these SS repeating the loop in lockstep, a random backoff is required. 60 This is a backoff over the ranging window specified in the MAP. In addition, the 61 SS should not increase its Tx power after each backoff in case the timeout was 62 due to a collision instead of a low power condition. T3 timeouts can also occur 63 during multi-channel operation. On a system with multiple upstream channels, the 64 SS MUST attempt initial ranging on every suitable upstream channel before 65 moving to the next available downstream channel.

This is an unapproved Task Group document being circulated for comment. 144 IEEE 802.16.1-00/01r4, September 2000

1 2 Wait for 3 StationBroadcast Maintenance ranging 4 opportunity 5 6 7 8 Map with 9 Timeout T4 Maintenance 10 opportunity 11 12 13 Error: Send 14 Re-initialize MAC RNG-REQ 15 16 17 18 19 Waitfor 20 RNG-RSP 21 22 23 24 25 Timeout T3 RNG-RSP 26 27 28 29 Adjust local 30 parameters per 31 Yes RNG-RSP 32 Retries Exhausted? 33 34 35 Success set from Yes 36 No CMTS?BS? 37 (Note 1) 38 39 Error: Adjust local Re-initialize MAC power 40 No Enable data 41 transfer 42 No 43 Abort Ranging set 44 from CMTS?BS? 45 Wait for 46 Station Maintenance Establish IP layer 47 opportunity Yes 48 49 50 Error: Re-initialize MAC 51 52 53 Figure 68—Initial Ranging - SS (continued) 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 145 IEEE 802.16.1-00/01r4, September 2000

1 2 3 Wait for 4 recognizable 5 RNG-REQ 6 7 8 9 RNG-REQ 10 11 12 No 13 CIDSID assigned to 14 thisthis SSCM already?already? 15 16 Yes Assign temporary 17 CIDSID 18 Reset retry count 19 in poll list for this 20 SSCM Add SSCM to poll list for future 21 maps 22 23 24 25 Send RNG-RSP (continue) 26 Map will be sent per allocation 27 algorithm and pending till 28 complete. (Note 2) 29 Wait for polled 30 RNG-REQ 31 32 33 RNG-REQ not 34 RNG-REQ 35 received 36 37 38 39 No Good Enough? Yes Retries Exhausted? 40 (Note 1) 41 No Send 42 RNG-RSP 43 Yes (success) 44 Retries Exhausted? Yes 45 No Remove SSCM from 46 poll list Send Send 47 Remove SSCM from RNG-RSP RNG-RSP 48 poll list 49 (abort) (continue) Start T9 50 51 Wait for Wait for polled 52 recognizable Done RNG-REQ 53 RNG-REQ 54 55 56 57 58 59 60 61 62 Figure 69—Initial Ranging - BS 63 64 65

This is an unapproved Task Group document being circulated for comment. 146 IEEE 802.16.1-00/01r4, September 2000

1 Means ranging is within the tolerable limits of the BS. 2 RNG-REQ pending-till-complete was nonzero, the BS SHOULD hold off the station maintenance 3 4 opportunity accordingly unless needed, for example, to adjust the SS's power level. If opportu- 5 nities are offered prior to the pending-till-complete expiry, the “good-enough” test which fol- 6 lows receipt of a RNG-RSP shall not judge the SS's transmit equalization until pending-till- 7 8 complete expires. 9 10 2.11.7 Ranging Parameter Adjustment 11 12 Adjustment of local parameters (e.g., transmit power) in a SS as a result of the receipt (or non-receipt) of an 13 14 RNG-RSP is considered to be implementation-dependent with the following restrictions: 15 16 All parameters shall be within the approved range at all times 17 18 19 Power adjustment shall start from the minimum value unless a valid power is available from non-volatile 20 storage, in which case this shall be used as a starting point. 21 Power adjustment shall be capable of being reduced or increased by the specified amount in response to 22 23 RNG-RSP messages. 24 If, during initialization, power is increased to the maximum value (without a response from the BS) it 25 shall wrap back to the minimum. 26 27 For multi-channel support, the SS shall attempt initial ranging on every suitable upstream channel before 28 29 moving to the next available downstream channel. 30 31 2.11.8 Initial Connection Establishment 32 33 2.11.8.1 Establish IP Connectivity 34 35 36 At this point, the SS shall invoke DHCP mechanisms [RFC-2131] in order to obtain an IP address and any 37 other parameters needed to establish IP connectivity. The DHCP response shall contain the name of a file 38 which contains further configuration parameters. Refer to Table 24. 39 40 41 42 Table 24—Establishing IP Connectivity 43 44 SS DHCP 45 46 47 send DHCP request to broadcast 48 address 49 ------DHCP discover------> 50 51 check SS MAC address & respond 52 <------DHCP offer ------53 choose server 54 55 ------DHCP request------> 56 process request 57 <------DHCP response------58 59 set up IP parameters from DHCP 60 response 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 147 IEEE 802.16.1-00/01r4, September 2000

1 2.11.8.2 Establish Time of Day 2 3 The SS and BS need to have the current date and time. This is required for time-stamping logged events 4 5 which can be retrieved by the management system. This need not be authenticated and need only be accurate 6 to the nearest second. 7 8 The protocol by which the time of day shall be retrieved is defined in [RFC-868]. Refer to Table 25. The 9 request and response shall be transferred using UDP. The time retrieved from the server (UTC) shall be com- 10 11 bined with the time offset received from the DHCP response to create the current local time 12 13 14 Table 25—Establishing Time of Day 15 16 17 SS Time Server 18 19 20 send request to time server 21 22 ------time of day request------> 23 24 process request 25 <------time of day response------26 27 set up / correct time of day from 28 response 29 30 31 Successfully acquiring the Time of Day is not mandatory for a successful registration, but is necessary for 32 33 on-going operation. The specific timeout for Time of Day Requests is implementation dependent. However, 34 the SS shall not exceed more than 3 Time of Day requests in any 5 minute period. 35 36 2.11.9 Transfer Operational Parameters 37 38 39 After DHCP is successful, the SS shall download the parameter file using TFTP, as shown in 70. The TFTP 40 configuration parameter server is specified by the “siaddr” field of the DHCP response. The SS shall use an 41 adaptive timeout for TFTP based on binary exponential backoff. Refer to [RFC-1123] and [RFC-2349]. 42 43 The parameter fields required in the DHCP response and the format and content of the configuration file 44 45 shall be as defined in 2.4. Note that these fields are the minimum required for interoperability. 46 47 If a SS downloads a configuration file containing an upstream channel and/or downstream frequency differ- 48 ent from what the SS is currently using, the SS shall not send a Registration Request message to the BS. 49 The SS shall redo initial ranging using the configured upstream channel and/or downstream frequency. 50 51 52 2.11.9.1 Registration 53 54 A SS shall be authorized to forward traffic into the network once it is initialized and configured. The SS is 55 authorized to forward traffic into the network via registration. To register with a BS, the SS shall forward its 56 57 provisioned set of service flows and any other operational parameters in the configuration file (refer to 2.4) 58 to the BS as part of a Registration Request. Figure 70 shows the procedure that shall be followed by the SS. 59 60 The configuration parameters downloaded to the SS shall include a network access control object (see 61 2.3.1.3). If this is set to “no forwarding,” the SS shall not forward data from attached SS to the network, yet 62 63 the SS shall respond to network management requests. This allows the SS to be configured in a mode in 64 which it is manageable but will not forward data. 65

This is an unapproved Task Group document being circulated for comment. 148 IEEE 802.16.1-00/01r4, September 2000

1 2 3 Time of Day 4 Request 5 6 7 8 W ait for Ti me of 9 Day Response 10 11 12 Time of Day Time of Day retries are Timeout 13 Response asynchronous with registration 14 15 16 17 Request 18 Config File 19 20 No 21 Scan for 22 Wait for Retries Yes Downstream 23 Successful TFTP exceeded? 24 Channel 25 26 Config File Increm ent 27 Timeout 28 Received Retry Counter 29 30 31 32 Mandatory 33 items present? 34 35 36 Yes 37 38 39 40 SSCM MIC valid? 41 42 43 Yes 44 45 Acquire 46 Operational 47 Parameters 48 49 50 51 Send Reg- 52 Req 53 54 55 56 Wait for Reg-Rsp 57 58 59 Figure 70—Registration — SS 60 61 62 63 Once the SS has sent a Registration Request to the BS it shall wait for a Registration Response to authorize 64 it to forward traffic to the network. Figure 71 shows the waiting procedure that shall be followed by the SS. 65

This is an unapproved Task Group document being circulated for comment. 149 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 Wait for Reg-Rsp 5 6 7 8 9 10 11 Timeout T6 Reg-Rsp 12 13 14 15 16 Retries Response= Im plem entation 17 No No 18 exhausted? ok? Dependent 19 20 21 Yes 22 Yes 23 Setup Service Flows & 24 Error: Re-initialize Send Activate Operational 25 MAC Reg-Req Param eters 26 27 28 29 30 Wait for Reg-Rsp Send 31 Reg-Ack 32 33 34 35 36 Operational 37 38 39 40 41 42 Reg-Rsp 43 44 45 46 47 Figure 71—Wait for registration response — SS 48 49 50 51 52 The BS shall perform the following operations to confirm the SS authorization (refer to Figure 72): 53 54 Calculate a MIC per 2.4 and compare it to the BS MIC included in the Registration Request. If the MIC is 55 invalid, the BS shall respond with an Authorization Failure. 56 57 If present, check the TFTP Server Timestamp field. If the BS detects that the time is different from its 58 local time by more than SS Configuration Processing Time (refer to Table 2), the BS shall indicate 59 authentication failure in the REG-RSP. The BS SHOULD also make a log entry stating the SS MAC 60 61 address from the message. 62 If present, check the TFTP Server Provisioned SS Address field. If the Provisioned SS Address does not 63 match the requesting SS’s actual address, the BS shall indicate authentication failure in the REG- 64 65 RSP. The BS SHOULD also make a log entry stating the SS MAC address from the message.

This is an unapproved Task Group document being circulated for comment. 150 IEEE 802.16.1-00/01r4, September 2000

1 If the Registration Request contains Service Flow encodings, verify the availability of the Quality of Ser- 2 vice requested in the provisioned Service Flow(s). If unable to provide the Service Flow(s), the BS 3 4 shall respond with a Class of Service Failure and the appropriate Service Flow Response(s). 5 Verify the availability of any SS Capabilities requested. If unable or unwilling to provide the SS Capabil- 6 ity requested, the BS shall turn that SS Capability ‘off’ (refer to 6.2.8.1). 7 8 Assign a Service Flow ID for each class of service supported. 9 Reply to the SS in a Registration Response. 10 If the Registration Request contains Service Flow encodings, the BS shall wait for a Registration 11 12 Acknowedgment as shown in Figure 73. 13 14 If timer T9 expires, the BS shall both de-assign the temporary CID from that SS and make some provision 15 for aging out that CID. 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 151 IEEE 802.16.1-00/01r4, September 2000

1

2 Waiting for Reg- 3 Req 4 5 6 Reg-Req 7 8 9 10 Stop T9 11 12 13 Calculate MIC 14 over Reg-Req 15 16 Send Reg-Rsp with 17 CMTSBS MIC No Response = Valid? 18 Authentication Failure 19 20 Yes 21 22 23 Send Reg-Rsp with TFTP Server IP and/ Response = No 24 or Timestamp Valid? Authentication Failure & 25 Should Log Failure 26

27 Yes Wait for Reg-Req 28 29 Send Reg-Rsp with 30 Can the requested Response = Class of 31 service(s) ever be No Service Failure & Service 32 supported? Not Available=Reason 33 Permanent 34 35 Yes 36 37 Send Reg-Rsp with Can the requested Response = Class of 38 service(s) currently No Service Failure & Service 39 be supported? Not Available=Reason 40 Temporary 41 42 43 Set modem 44 capabilities 45 supported in RegRsp 46 47 48 Create 49 Requested Services 50 51 52 53 Send Reg-Rsp with 54 Response = ok 55 56 57 Waiting for Reg- 58 Ack 59 60 Figure 72—Registration — BS 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 152 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 W aiting for Reg- 7 Ack 8 9 10 11 12 Reg-Ack Timeout T7 13 14 15 16 17 W aiting for Reg- Req Retries 18 Yes No 19 Exhausted? 20 21 22 Send Reg-Rsp Destroy 23 with Response Services 24 = OK 25 26 27 28 W aiting for Reg- Wait for Reg-Ack 29 Req 30 31 Figure 73—Registration Acknowledgment— BS 32 33 34 35 2.11.9.2 Privacy Initialization 36 37 38 Following registration, if the SS is provisioned to run Privacy, the SS shall initialize Privacy operations, as 39 described in 2.14. A SS is provisioned to run Privacy if its configuration file includes a Privacy Configura- 40 tion Setting (2.3.3.1.1) and if the Privacy Enable parameter (2.3.1.11) is set to enable. 41 42 43 2.11.9.3 Connection IDs During SS Initialization 44 45 After completion of the Registration process, the SS will have been assigned Service Flow IDs (SFIDs) to 46 match its provisioning. However, the SS must complete a number of protocol transactions prior to that time 47 (e.g., Ranging, DHCP, etc.), and requires a temporary Connection ID in order to complete those steps. 48 49 50 On reception of an Initial Ranging Request, the BS shall allocate a temporary CID and assign it to the SS for 51 initialization use. The BS may monitor use of this CID and restrict traffic to that needed for initialization. It 52 shall inform the SS of this assignment in the Ranging Response. 53 54 55 On receiving a Ranging Response addressed to it, the SS shall use the assigned temporary CID for further 56 initialization transmission requests until the Registration Response is received. 57 58 On receiving a Ranging Response instruction to move to a new downstream frequency and/or upstream 59 channel ID, the SS shall consider any previously assigned temporary CID to be deassigned, and must obtain 60 61 a new temporary CID via initial ranging. 62 63 It is possible that the Ranging Response may be lost after transmission by the BS. The SS shall recover by 64 timing out and re-issuing its Initial Ranging Request. Since the SS is uniquely identified by the source MAC 65

This is an unapproved Task Group document being circulated for comment. 153 IEEE 802.16.1-00/01r4, September 2000

1 address in the Ranging Request, the BS may immediately re-use the temporary CID previously assigned. If 2 the BS assigns a new temporary CID, it shall make some provision for aging out the old CID that went 3 unused (see Section TBD). 4 5 6 When assigning provisioned SFIDs on receiving a Registration Request, the BS may re-use the temporary 7 CID, assigning it to one of the Service Flows requested. If so, it shall continue to allow initialization mes- 8 sages on that CID, since the Registration Response could be lost in transit. If the BS assigns all-new CIDs 9 for class-of-service provisioning, it shall age out the temporary CID. The aging-out shall allow sufficient 10 11 time to complete the registration process in case the Registration Response is lost in transit. 12 13 2.11.9.4 Multiple-Channel Support 14 15 In the event that more than one downstream signal is present in the system, the SS shall operate using the 16 17 best valid downstream signal that it encounters when scanning. It will be instructed via the parameters in the 18 configuration file to shift operation to different downstream and/or upstream frequencies if necessary. 19 20 Both upstream and downstream channels shall be identified where required in MAC management messages 21 using channel identifiers. 22 23 24 2.12 Ranging 25 26 27 The BS shall provide each SS a Periodic Ranging opportunity at least once every T4 seconds. The BS shall 28 send out Periodic Ranging opportunities at an interval sufficiently shorter than T4 that a MAP could be 29 missed without the SS timing out. The size of this “subinterval” is BS dependent. For GPT mode terminals, 30 any allocation of uplink bandwidth constitutes a Periodic Ranging opportunity. 31 32 33 The SS shall reinitialize its MAC layer after T4 seconds have elapsed without receiving a Periodic Ranging 34 opportunity. 35 36 Remote RF signal level adjustment at the SS is performed through a periodic maintenance function using the 37 38 RNG-REQ and RNG-RSP MAC messages. This is similar to initial ranging and is shown in Figure 74 and 39 Figure 75. On receiving a RNG-RSP, the SS shall not transmit until the RF signal has been adjusted in accor- 40 dance with the RNG-RSP and has stabilized. 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 154 IEEE 802.16.1-00/01r4, September 2000

1 2 3 On periodic timer 4 add SSCM to poll list 5 for future maps Map will be sent per allocation 6 algorithm and pending till 7 complete (Note 2) 8 9 Wait for polled 10 RNG-REQ 11 12 13 14 RNG-REQ not 15 received RNG-REQ 16 17 18 19 20 No Yes 21 Retries Exhausted? Good Enough? 22 (Note 1) 23 No 24 25 Yes Send 26 RNG-RSP Retries Exhausted? (success) 27 Yes 28 No 29 Send Send 30 RemoveSS CM from RNG-RSP RNG-RSP 31 poll list 32 (abort) (continue) 33 34 35 Remove CM SSfrom Wait for polled 36 Done 37 poll list RNG-REQ 38 39 40 Destroy SIDsCIDs 41 associated with 42 this CMSS 43 44 45 46 47 Done 48 49 50 Note 1: Means Ranging Request is within the tolerance limits of the CMTS for powerBS and transmit 51 equalization (if supported) 52 Note 2: RNG-REQ pending-till-complete was nonzero, the CMTS SHOULDBS hold off the station 53 maintenance opportunity accordingly unless needed, for example, to adjust the CM's powerSS’s level. If 54 opportunities are offered prior to the pending-till-complete expiry, the "good-enough" test which follows 55 receiptof a RNG-RSP MUST NOT judge the CM's transmitSS equalization until pending-till-complete expires. 56 57 Figure 74—Periodic Ranging - BS 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 155 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 Operational 7 8 9 10 11 Unicast 12 maintenance Timeout T3 Timeout T4 RNG-RSP opportunity 13 14 15 16 Start T4 Timer T3 Timer 17 Yes 18 started? 19 20 Reset RNG-REQ 21 Send Retry Counter; RNG-REQ RNG-REQ Clear T3 Timer 22 retries exceeded? 23 No 24 25 Increment 26 RNG-REQ 27 Retry Counter Abort ranging 28 Yes Yes from BSCMTS? 29 30 No 31 Start T3 Timer Success or Continue 32 33 Adjust local Error: 34 parameters per Re-initialize MAC 35 RNG-RSP 36 37 38 39 Figure 75—Periodic Ranging - SS 40 41 42 43 44 45 2.12.1 Burst Mode Downstream Modulation/FEC Management 46 47 48 The downstream modulation/FEC format for data transmission (characterized by the burst types) is deter- 49 mined by the BS according to the quality of the signal that is received by each SS. To reduce the volume of 50 upstream traffic, the SS monitors the carrier to noise and interference ratio (CNIR), and compares the aver- 51 aged value against the allowed region of operation. This region is bounded by threshold levels. If the 52 received CNIR goes outside of the allowed operating region, the SS requests a change to a new burst type 53 54 using the RNG-REQ message. The BS acknowledges the receipt of the RNG-REQ message using the RNG- 55 RSP message. The RNG-RSP message contains the new SS operating burst type, which can be either the 56 same as or different from the existing type. 57 58 The SS applies an algorithm to determine its best operating modulation/FEC region in accordance with the 59 60 threshold parameters established in the RNG-RSP message. The Threshold Delta parameter shall be applied 61 to the two threshold points in accordance with Figure 76. The Threshold Delta provides hysterisis around 62 which the SS applies the thresholds. 63 64 65

This is an unapproved Task Group document being circulated for comment. 156 IEEE 802.16.1-00/01r4, September 2000

1 Table 26—Downlink Modulation/FEC Change Initiated from SS 2 3 4 BS SS 5 6 DL Modulation/FEC Requires 7 Modification 8 9 Receive RNG-REQ <------RNG-REQ ------Send RNG-REQ 10 11 Determine burst type that is now appropriate 12 13 Modify burst type within provisioned limits 14 established for SS 15 16 Send RNG-RSP ------RNG-RSP ------> Receive RNG-RSP 17 18 Begin using new burst type for the SS 19 20 21 22 23 24 25 26 40 27 28 Burst Profile 3 29 30 30 Burst Profile #3 Minimum Entry Threshold 31 32 Overlap 33 Burst Profile #3 Exit Threshold 34 35 20 36 Burst Profile 2 37 (dB) C/(N+I) 38 Burst Profile #2 Minimum Entry Threshold 39 10 Overlap 40 Burst Profile #2 Exit Threshold 41 Burst Profile 1 42 43 Burst Profile #1 Minimum Entry Threshold 44 0 Burst Profile #1 Exit Threshold 45 46 Figure 76—Modulation Threshold Usage 47 48 49 50 51 52 53 54 2.13 Quality of Service 55 56 57 This standard defines several Quality of Service (QoS) related concepts. These include: 58 59 Service Flow QoS Scheduling 60 Dynamic Service Establishment 61 62 Two-Phase Activation Model 63 64 65

This is an unapproved Task Group document being circulated for comment. 157 IEEE 802.16.1-00/01r4, September 2000

1 2.13.1 Theory of Operation 2 3 The various BWA protocol mechanisms described in this document can be used to support Quality of Ser- 4 5 vice (QoS) for both upstream and downstream traffic through the SS and the BS. This section provides an 6 overview of the QoS protocol mechanisms and their part in providing end-to-end QoS. 7 8 The requirements for Quality of Service include: 9 10 A configuration and registration function for pre-configuring SS-based QoS Service Flows and traffic 11 12 parameters. 13 A signaling function for dynamically establishing QoS-enabled Service Flows and traffic parameters 14 Utilization of MAC scheduling and traffic parameters for upstream Service Flows. 15 16 Utilization of QoS traffic parameters for downstream Service Flows. 17 Grouping of Service Flow properties into named Service Classes, so upper layer entities and external 18 applications (at both the SS and BS) can request Service Flows with desired QoS parameters in a 19 globally consistent way. 20 21 22 The principal mechanism for providing QoS is to associate packets traversing the RF MAC interface into a 23 Service Flow as identified by the Connection ID. A Service Flow is a unidirectional flow of packets that is 24 provided a particular Quality of Service. The SS and BS provide this QoS according to the QoS Parameter 25 Set defined for the Service Flow. 26 27 28 The primary purpose of the Quality of Service features defined here is to define transmission ordering and 29 scheduling on the air interface. However, these features often need to work in conjunction with mechanisms 30 beyond the air interface in order to provide end-to-end QoS or to police the behavior of SSs. 31 32 33 Service Flows exist in both the upstream and downstream direction, and may exist without actually being 34 activated to carry traffic. Service Flows have a 32-bit Service Flow Identifier (SFID) assigned by the BS. 35 All Service Flows have an SFID; active Service Flows also have a 16-bit Connection Identifier (CID). 36 37 At least two Service Flows must be defined in each configuration file: one for upstream and one for down- 38 39 stream service. The first upstream Service Flow describes the Primary Upstream Service Flow, and is the 40 default Service Flow used for otherwise unclassified traffic and all MAC Messages. The first downstream 41 Service Flow describes service to the Primary Downstream Service Flow. Additional Service Flows 42 defined in the Configuration file create Service Flows that are provided QoS services. 43 44 45 2.13.2 Service Flows 46 47 A Service Flow is a MAC-layer transport service that provides unidirectional transport of packets either to 48 upstream packets transmitted by the SS or to downstream packets transmitted by the BS7. A Service Flow is 49 characterized by a set of QoS Parameters such as latency, jitter, and throughput assurances. In order to stan- 50 51 dardize operation between the SS and BS, these attributes include details of how the SS requests upstream 52 minislots and the expected behavior of the BS upstream scheduler. 53 54 A Service Flow is partially characterized by the following attributes8: 55 56 57 58 7 59 A Service Flow, as defined here, has no direct relationship to the concept of a “flow” as defined by the IETF’s Integrated Services (int- 60 serv) Working Group [RFC-2212]. An intserv flow is a collection of packets sharing transport-layer endpoints. Multiple intserv flows 61 can be served by a single Service Flow. 62 8Some attributes are derived from the above attribute list. The Service Class Name is an attribute of the ProvisionedQoSParamSet. The 63 activation state of the Service Flow is determined by the ActiveQoSParamSet. If the ActiveQoSParamSet is null then the service flo w is 64 65 inactive.

This is an unapproved Task Group document being circulated for comment. 158 IEEE 802.16.1-00/01r4, September 2000

1 ServiceFlowID: exists for all service flows 2 Connection ID: mapping to a SFID only exists when the connection has admitted or active service 3 4 flow(s) 5 ProvisionedQosParamSet: defines a set of QoS Parameters which appears in the configuration file and is 6 presented during registration. This may define the initial limit for authorizations allowed by the 7 8 authorization module. The ProvisionedQosParamSet is defined once when the Service Flow is cre- 9 ated via registration.9 10 11 AdmittedQosParamSet: defines a set of QoS parameters for which the BS (and possibly the SS) are 12 reserving resources. The principal resource to be reserved is bandwidth, but this also includes any 13 other memory or time-based resource required to subsequently activate the flow. 14 ActiveQosParamSet: defines set of QoS parameters defining the service actually being provided to the 15 16 Service Flow. Only an Active Service Flow may forward packets. 17 A Service Flow exists when the BS assigns a Service Flow ID (SFID) to it. The SFID serves as the princi- 18 pal identifier in the SS and BS for the Service Flow. A Service Flow which exists has at least an 19 20 SFID, and an associated Direction. 21 The Authorization Module is a logical function within the BS that approves or denies every change to 22 QoS Parameters and Classifiers associated with a Service Flow. As such it defines an “envelope” 23 24 that limits the possible values of the AdmittedQoSParameterSet and ActiveQoSParameterSet. 25 26 The relationship between the QoS Parameter Sets is as shown in Figure 14 and Figure 78. The ActiveQoSPa- 27 rameterSet is always a subset10 of the AdmittedQoSParameterSet which is always a subset of the authorized 28 “envelope.” In the dynamic authorization model, this envelope is determined by the Authorization Module 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 9The ProvisionedQoSParamSet is null when a flow is created dynamically. 54 10To say that QoS Parameter Set A is a subset of QoS Parameter Set B the following shall be true for all QoS Parameters in A and B:if 55 56 (a smaller QoS parameter value indicates less resources, e.g. Maximum Traffic Rate) 57 A is a subset of B if the parameter in A less than or equal to the same parameter in B 58 if (a larger QoS parameter value indicates less resources, e.g. Tolerated Grant Jitter) 59 A is a subset of B if the parameter in A is greater than or equal to the same parameter in B 60 61 if (the QoS parameter specifies a periodic interval, e.g. Nominal Grant Interval), 62 A is a subset of B if the parameter in A is an integer multiple of the same parameter in B 63 if (the QoS parameter is not quantitative, e.g. Service Flow Scheduling Type) 64 65 A is a subset of B if the parameter in A is equal to the same parameter in B

This is an unapproved Task Group document being circulated for comment. 159 IEEE 802.16.1-00/01r4, September 2000

1 (labeled as the AuthorizedQoSParameterSet). In the provisioned authorization model, this envelope is deter- 2 mined by the ProvisionedQoSParameterSet. 3 4 5 6 7 AuthQoSParamSet = ProvisionedQoSParamSet 8 (SFID) 9 10 11 12 AdmittedQoSParamSet 13 (SFID & CID) 14 15 16 ActiveQoSParamSet 17 18 (SFID & Active CID) 19 20 21 22 23 24 25 26 27 28 29 30 31 Figure 77—Provisioned Authorization Model “Envelopes” 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 160 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 ProvisionedQoSParamSet 7 (SFID) 8 9 10 AuthQoSParamSet 11 (BS only, not known by SS) 12 13 AdmittedQoSParamSet 14 15 (SFID & CID) 16 17 18 ActiveQoSParamSet 19 (SFID & Active CID) 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 Figure 78—Dynamic Authorization Model “Envelopes” 35 36 37 38 It is useful to think of three types of Service Flows: 39 40 Provisioned: this type of Service Flow is known via provisioning through the configuration file, its 41 42 AdmittedQoSParamSet and ActiveQoSParamSet are both null. 43 Admitted: this type of Service Flow has resources reserved by the BS for its AdmittedQoSParamSet, but 44 these parameters are not active (its ActiveQoSParamSet is null). Admitted Service Flows may have 45 been provisioned or may have been signalled by some other mechanism. 46 47 Active: this type of Service Flow has resources committed by the BS for its QoS Parameter Set, (e.g. is 48 actively sending MAPs containing unsolicited grants for a UGS-based service flow). Its 49 ActiveQoSParamSet is non-null. 50 51 52 2.13.3 Object Model 53 54 The major objects of the architecture are represented by named rectangles in Figure 79. The Service Flow is 55 the central concept of the MAC protocol. It is uniquely identified by a 32-bit Service Flow ID (SFID) 56 assigned by the BS. Service Flows may be in either the upstream or downstream direction. Admitted Service 57 58 Flows are mapped a 16-bit Connection ID (CID). 59 60 Outgoing user data is submitted to the MSAP by an convergence sub-layer process for transmission on the 61 MAC interface. The information delivered to the MSAP includes the Connection Identifier identfying the 62 connection across which the information is delivered. The Service Flow for the connection is mapped via the 63 64 Connection ID (CID). 65

This is an unapproved Task Group document being circulated for comment. 161 IEEE 802.16.1-00/01r4, September 2000

1 The Service Class is an optional object that may be implemented at the BS. It is referenced by an ASCII 2 name which is intended for provisioning purposes. A Service Class is defined in the BS to have a particular 3 QoS Parameter Set. The QoS Parameter Sets of a Service Flow may contain a reference to the Service Class 4 5 Name as a “macro” that selects all of the QoS parameters of the Service Class. The Service Flow QoS 6 Parameter Sets may augment and even override the QoS parameter settings of the Service Class, subject to 7 authorization by the BS. 8 9 10 11 PDU Service Flow 12 13 SFID SFID [Service Class] Direction 14 [CID] [CID] 15 [SFID] [ProvQosParamSet] 16 [AdmittedQoSParamSet] 17 [ActiveQosParamSet] 18 19 20 21 N 22 23 24 0,1 25 26 Service Class 27 28 Service Class Name 29 QoSParamSet 30 31 32 33 34 35 Figure 79—Theory of Operation Object Model 36 37 38 39 2.13.4 Service Classes 40 41 The Service Class serves the following purposes: 42 43 44 It allows operators, who so wish, to move the burden of configuring service flows from the provi- 45 sioning server to the BS. Operators provision the SSs with the Service Class Name; the imple- 46 47 mentation of the name is configured at the BS. This allows operators to modify the 48 implementation of a given service to local circumstances without changing SS provisioning. 49 For example, some scheduling parameters may need to be tweaked differently for two different 50 51 BSs to provide the same service. As another example, service profiles could be changed by 52 time of day. 53 It allows BS vendors to provide class-based-queuing if they choose, where service flows compete 54 55 within their class and classes compete with each other for bandwidth. 56 It allows higher-layer protocols to create a Service Flow by its Service Class Name. For example, 57 telephony signaling may direct the SS to instantiate any available Provisioned Service Flow of 58 class “G711”. 59 60 61 Note: The Service Class is optional: the flow scheduling specification may always be provided in full; a service flow 62 may belong to no service class whatsoever. BS implementations may treat such “unclassed” flows differently from 63 “classed” flows with equivalent parameters. 64 65

This is an unapproved Task Group document being circulated for comment. 162 IEEE 802.16.1-00/01r4, September 2000

1 Any Service Flow may have its QoS Parameter Set specified in any of three ways: 2 3 4 By explicitly including all traffic parameters. 5 By indirectly referring to a set of traffic parameters by specifying a Service Class Name. 6 By specifying a Service Class Name along with modifying parameters. 7 8 The Service Class Name is “expanded” to its defined set of parameters at the time the BS successfully 9 10 admits the Service Flow. The Service Class expansion can be contained in the following BS-originated Mes- 11 sages: Registration Response, DSA-REQ, DSC-REQ, DSA-RSP and DSC-RSP. In all of these cases, the BS 12 shall include a Service Flow Encoding that includes the Service Class Name and the QoS Parameter Set of 13 the Service Class. If a SS-initiated request contained any supplemental or overriding Service Flow parame- 14 ters, a successful response shall also include these parameters. 15 16 17 When a Service Class name is given in an admission or activation request, it is possible that the returned 18 QoS Parameter Set may change from activation to activation. This can happen because of administrative 19 changes to the Service Class’ QoS Parameter Set at the BS. If the definition of a Service Class Name is 20 changed at the BS (e.g. its associated QoS Parameter Set is modified), it has no effect on the QoS Parameters 21 22 of existing Service Flows associated with that Service Class. A BS may initiate DSC transactions to existing 23 Service Flows which reference the Service Class Name to affect the changed Service Class definition. 24 25 When a SS uses the Service Class Name to specify the Admitted QoS Parameter Set, the expanded set of 26 TLV encodings of the Service Flow will be returned to the SS in the response Message (REG-RSP, DSA- 27 28 RSP, or DSC-RSP). Use of the Service Class Name later in the activation request may fail if the definition of 29 the Service Class Name has changed and the new required resources are not available. Thus, the SS 30 SHOULD explicitly request the expanded set of TLVs from the response Message in its later activation 31 request. 32 33 34 2.13.5 Authorization 35 36 Every change to the Service Flow QoS Parameters shall be approved by an authorization module. This 37 includes every REG-REQ or DSA-REQ Message to create a new Service Flow, and every DSC-REQ Mes- 38 sage to change a QoS Parameter Set of an existing Service Flow. Such changes include requesting an admis- 39 40 sion control decision (e.g. setting the AdmittedQoSParamSet) and requesting activation of a Service Flow 41 (e.g. setting the ActiveQoSParameterSet). Reduction requests regarding the resources to be admitted or acti- 42 vated are also checked by the authorization module. 43 44 In the static authorization model, the authorization module receives all registration Messages, and stores the 45 46 provisioned status of all “deferred” Service Flows. Admission and activation requests for these provisioned 47 service flows will be permitted, as long as the Admitted QoS Parameter Set is a subset of the Provisioned 48 QoS Parameter Set, and the Active QoS Parameter Set is a subset of the Admitted QoS Parameter Set. 49 Requests to change the Provisioned QoS Parameter Set will be refused, as will requests to create new 50 dynamic Service Flows. This defines a static system where all possible services are defined in the initial con- 51 52 figuration of each SS. 53 54 In the dynamic authorization model, the authorization module not only receives all registration Messages, 55 but also communicates through a separate interface to an independent policy server. This policy server may 56 provide to the authorization module advance notice of upcoming admission and activation requests, and 57 58 specifies the proper authorization action to be taken on those requests. Admission and activation requests 59 from a SS are then checked by the Authorization Module to ensure that the ActiveQoSParameterSet being 60 requested is a subset of the set provided by the policy server. Admission and activation requests from a SS 61 that are signalled in advance by the external policy server are permitted. Admission and activation requests 62 from a SS that are not pre-signalled by the external policy server may result in a real-time query to the policy 63 64 server, or may be refused. 65

This is an unapproved Task Group document being circulated for comment. 163 IEEE 802.16.1-00/01r4, September 2000

1 During registration, the SS shall send to the BS the authenticated set of TLVs derived from its configuration 2 file which defines the Provisioned QoS Parameter Set. Upon receipt and verification at the BS, these are 3 handed to the Authorization Module within the BS. The BS shall be capable of caching the Provisioned QoS 4 5 Parameter Set, and shall be able to use this information to authorize dynamic flows which are a subset of the 6 Provisioned QoS Parameter Set. The BS SHOULD implement mechanisms for overriding this automated 7 approval process (such as described in the dynamic authorization model). For example: 8 9 10 Deny all requests whether or not they have been pre-provisioned 11 Define an internal table with a richer policy mechanism but seeded by the configuration file information 12 Refer all requests to an external policy server 13 14 2.13.6 Types of Service Flows 15 16 17 It is useful to think about three basic types of Service Flows. This section describes these three types of Ser- 18 vice Flows in more detail. However, it is important to note that there are more than just these three basic 19 types. (Refer to 2.3.5.5.1) 20 21 22 2.13.6.1 Provisioned Service Flows 23 24 A Service Flow may be Provisioned but not immediately activated (sometimes called “deferred”). That is, 25 the description of any such service flow in the TFTP configuration file contains an attribute which provisions 26 but defers activation and admission (refer to 2.3.5.5.1). During Registration, the BS assigns a Service Flow 27 28 ID for such a service flow but does not reserve resources. The BS may also require an exchange with a pol- 29 icy module prior to admission. 30 31 As a result of external action beyond the scope of this specification, the SS may choose to activate a Provi- 32 sioned Service Flow by passing the Service Flow ID and the associated QoS Parameter Sets. If authorized 33 34 and resources are available, the BS shall respond by mapping the Service Flow to a CID. The BS may deac- 35 tivate the Service Flow, but SHOULD not delete the Service Flow during the SS registration epoch. 36 37 As a result of external action beyond the scope of this specification, the BS may choose to activate a Service 38 Flow by passing the Service Flow ID as well as the CID and the associated QoS Parameter Sets. The BS may 39 40 deactivate the Service Flow, but SHOULD not delete the Service Flow during the SS registration epoch. 41 Such a Provisioned Service Flow may be activated and deactivated many times (through DSC exchanges). In 42 all cases, the original Service Flow ID shall be used when reactivating the service flow. 43 44 2.13.6.2 Admitted Service Flows 45 46 47 This protocol supports a two-phase activation model which is often utilized in telephony applications. In the 48 two-phase activation model, the resources for a “call” are first “admitted,” and then once the end-to-end 49 negotiation is completed (e.g. called party’s gateway generates an “off-hook” event) the resources are “acti- 50 vated.” Such a two-phase model serves the purposes a) of conserving network resources until a complete 51 52 end-to-end connection has been established, b) performing policy checks and admission control on resources 53 as quickly as possible, and, in particular, before informing the far end of a connection request, and c) pre- 54 venting several potential theft-of-service scenarios. 55 56 For example, if an upper layer service were using unsolicited grant service, and the addition of upper-layer 57 58 flows could be adequately provided by increasing the Grants Per Interval QoS parameter, then the following 59 might be used. When the first upper-layer flow is pending, the SS issues a DSA-Request with the Admit 60 Grants Per Interval parameter equal one, and the Activate Grants Per Interval parameter equal zero. Later 61 when the upper-layer flow becomes active, it issues a DSC-Request with the instance of the Activate Grants- 62 per-Interval parameter equal to one. Admission control was performed at the time of the reservation, so the 63 64 later DSC-Request, having the Activate parameters within the range of the previous reservation, is guaran- 65

This is an unapproved Task Group document being circulated for comment. 164 IEEE 802.16.1-00/01r4, September 2000

1 teed to succeed. Subsequent upper-layer flows would be handled in the same way. If there were three upper- 2 layer flows establishing connections, with one flow already active, the Service Flow would have Admit(ted) 3 Grants-per-Interval equal four, and Active Grants-per-Interval equal one. 4 5 6 An activation request of a Service Flow where the new ActiveQoSParamSet is a subset of the AdmittedQoS- 7 ParamSet are being added shall be allowed (except in the case of catastrophic failure). An admission request 8 where the AdmittedQoSParamSet is a subset of the previous AdmittedQoSParamSet, so long as the 9 ActiveQoSParamSet remains a subset of the AdmittedQoSParameterSet, shall succeed. 10 11 12 A Service Flow that has resources assigned to its AdmittedQoSParamSet, but whose resources are not yet 13 completely activated, is in a transient state. A timeout value shall be enforced by the BS that requires Service 14 Flow activation within this period. (Refer to 2.3.5.5.10) If Service Flow activation is not completed within 15 this interval, the assigned resources in excess of the active QoS parameters shall be released by the BS. 16 17 18 It is possible in some applications that a long-term reservation of resources is necessary or desirable. For 19 example, placing a telephone call on hold should allow any resources in use for the call to be temporarily 20 allocated to other purposes, but these resources must be available for resumption of the call later. The Admit- 21 tedQoSParamSet is maintained as “soft state” in the BS; this state shall be refreshed periodically for it to be 22 23 maintained without the above timeout releasing the non-activated resources. This refresh may be signalled 24 with a periodic DSC-REQ Message with identical QoS Parameter Sets, or may be signalled by some internal 25 mechanism within the BS outside of the scope of this specification (e.g. by the BS monitoring RSVP refresh 26 Messages). 27 28 29 2.13.6.3 Active Service Flows 30 31 A Service Flow that has a non-NULL set of ActiveQoSParameters is said to be an Active Service Flow. It is 32 requesting11 and being granted bandwidth for transport of data packets. An admitted Service Flow may be 33 made active by providing an ActiveQoSParameterSet, signaling the resources actually desired at the current 34 35 time. This completes the second stage of the two-phase activation model. (Refer to 2.13.6.2) 36 37 A Service Flow may be Provisioned and immediately activated. This is the case for the Service Flows asso- 38 ciated with the Basic CIDs. It is also typical of Service Flows for monthly subscription services, etc. These 39 Service Flows are established at registration time and shall be authorized by the BS MIC. These Service 40 41 Flows may also be authorized by the BS authorization module. 42 43 Alternatively, a Service Flow may be created dynamically and immediately activated. In this case, two-phase 44 activation is skipped and the Service Flow is available for immediate use upon authorization. 45 46 47 2.13.7 General Operation 48 49 2.13.7.1 Static Operation 50 51 Static configuration of Service Flows uses the Registration process. A provisioning server provides the SS 52 53 with configuration information. The SS passes this information to the BS in a Registration Request. The BS 54 55 56 57 58 59 60 61 62 63 64 11 65 According to its Request/Transmission Policy (refer to2.3.5.6.3)

This is an unapproved Task Group document being circulated for comment. 165 IEEE 802.16.1-00/01r4, September 2000

1 adds information and replies with a Registration Response. The SS sends a Registration Acknowledge to 2 complete registration. 3 4 5 6 Provisioning 7 TFTP Configuration Server 8 9 Registration-Request 10 11 12 13 SSCM 14 Registration Response 15 CMTSBS 16 Registration-Ack 17 18 19 20 21 22 Figure 80—Registration Message Flow 23 24 25 26 A TFTP configuration file consists of one or more instances of Service Flow Encodings. 27 28 29 Table 27—TFTP File Contents 30 31 32 Items Service Flow Service Flow 33 Reference ID 34 35 Service Flow Encodings 1..m None Yet 36 Immediate activation requested, upstream 37 38 Service Flow Encodings (m+1)..n None Yet 39 40 Provisioned for later activation requested, upstream 41 Service Flow Encodings (n+1)..p None Yet 42 43 Immediate activation requested, downstream 44 45 Service Flow Encodings (p+1)..q None Yet 46 Provisioned for later activation requested, downstream 47 48 49 50 Service Flow Encodings contain either a full definition of service attributes (omitting defaultable items if 51 desired) or a service class name. A service class name is an ASCII string which is known at the BS and 52 which indirectly specifies a set of QoS Parameters. (Refer to Section 5.3.6.1.3 and C.2.2.3.4) 53 54 Note: At the time of the TFTP configuration file, Service Flow References exist as defined by the provisioning 55 56 server. Service Flow Identifiers do not yet exist because the BS is unaware of these service flow definitions. 57 58 The Registration Request packet contains Downstream Classifiers (if to be immediately activated) and all 59 Inactive Service Flows. The configuration file, and thus, the Registration Request, generally does not con- 60 tain a Downstream Classifier if the corresponding Service Flow is requested with deferred activation. This 61 allows for late binding of the Classifier when the Flow is activated. 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 166 IEEE 802.16.1-00/01r4, September 2000

1 Table 28—Registration Request Contents 2 3 4 Items Service Flow Service 5 Flow ID 6 7 Service Flow Encodings 1..m None Yet 8 Immediate activation requested, upstream 9 May specify explicit attributes or service class name 10 11 Service Flow Encodings (m+1)..n None Yet 12 13 Provisioned for later activation requested, upstream 14 Explicit attributes or service class name 15 16 Service Flow Encodings (n+1)..p None Yet 17 Immediate activation requested, downstream 18 Explicit attributes or service name 19 20 Service Flow Encodings (p+1)..q None Yet 21 Provisioned for later activation requested, downstream 22 Explicit attributes or service name 23 24 25 26 The Registration Response sets the QoS Parameter Sets according to the Quality of Service Parameter Set 27 Type in the Registration Request. 28 29 The Registration Response preserves the Service Flow Reference attribute, so that the Service Flow Refer- 30 31 ence can be associated with SFID and/or CID. 32 33 34 Table 29—Registration Response Contents 35 36 37 Items Service Flow Service Flow Connection 38 Reference Identifier Identifier 39 40 Active Upstream Service Flows 1..m SFID CID 41 Explicit attributes 42 43 Provisioned Upstream Service Flows (m+1)..n SFID Not Yet 44 Explicit attributes 45 46 Active Downstream Service Flows (n+1)..p SFID N/A 47 48 Explicit attributes 49 Provisioned Downstream Service Flows (p+1)..q SFID N/A 50 51 Explicit attributes 52 53 54 The SFID is chosen by the BS to identify a downstream or upstream service Flow that has been authorized 55 56 but not activated. A DSC-Request from a SS to admit or activate a Provisioned Service Flow contains its 57 SFID. 58 59 2.13.7.2 Dynamic Service Flow Creation — SS Initiated 60 61 62 Service Flows may be created by the Dynamic Service Addition process, as well as through the Registration 63 process outlined above. The Dynamic Service Addition may be initiated by either the SS or the BS, and may 64 create one upstream and/or one downstream dynamic Service Flow(s). A three-way handshake is used to 65

This is an unapproved Task Group document being circulated for comment. 167 IEEE 802.16.1-00/01r4, September 2000

1 create Service Flows. The SS-initiated protocol is illustrated in Figure 81 and described in detail in Section 2 2.13.8.3.1. 3 4 5 6 DSA-Request 7 8 9 CM 10 SS 11 DSA-Response 12 SS BSCMTS 13 DSA-Acknowledge 14 15 16 BS 17 18 19 Figure 81—Dynamic Service Addition Message Flow — SS Initiated 20 21 22 23 A DSA-Request from a SS contains Service Flow Reference(s), and QoS Parameter set(s) (marked either for admission- 24 only or for admission and activation). 25 26 27 2.13.7.2.1 Dynamic Service Flow Creation — BS Initiated 28 29 A DSA-Request from a BS contains Service Flow Identifier(s) for one upstream and/or one downstream Ser- 30 vice Flow, possibly a CID, and set(s) of active or admitted QoS Parameters. The protocol is as illustrated in 31 Figure 82 and is described in detail in Section 2.13.8.3. 32 33 34 35 36 DSA-Request 37 38 DSA-Response CMTSBS 39 40 CM 41 SS 42 43 44 DSA-Acknowledge 45 46 47 48 Figure 82—Dynamic Service Addition Message Flow — BS Initiated 49 50 51 52 2.13.7.2.2 Dynamic Service Flow Modification and Deletion 53 54 55 In addition to the methods presented above for creating service flows, protocols are defined for modifying 56 and deleting service flows. Refer to Section 2.13.8.4 and Section 2.13.8.5. 57 58 Both provisioned and dynamically created Service flows are modified with the DSC message, which can 59 change the Admitted and Active QoS Parameter sets of the flow. 60 61 62 A successful DSC transaction changes a Service Flow’s QoS parameters by replacing both the Admitted and 63 Active QoS parameter sets. If the message contains only the Admitted set, the Active set is set to null and the 64 flow is deactivated. If the message contains neither set (‘000’ value used for Quality of Service Parameter 65

This is an unapproved Task Group document being circulated for comment. 168 IEEE 802.16.1-00/01r4, September 2000

1 Set type, see Section 2.3.5.5.1) then both sets are set to null and the flow is de-admitted. When the message 2 contains both QoS parameter sets, the Admitted set is checked first and, if admission control succeeds, the 3 Active set in the message is checked against the Admitted set in the message to ensure that it is a subset. If 4 5 all checks are successful, the QoS parameter sets in the message become the new Admitted and Active QoS 6 parameter sets for the Service Flow. If either of the checks fails, the DSC transaction fails and the Service 7 Flow QoS parameter sets are unchanged. 8 9 2.13.8 Dynamic Service 10 11 12 2.13.8.1 Connection Establishment 13 14 Service Flows may be created, changed or deleted. This is accomplished through a series of MAC manage- 15 ment Messages referred to as Dynamic Service Addition (DSA), Dynamic Service Change (DSC) and 16 17 Dynamic Service Deletion (DSD). The DSA Messages create a new Service Flow. The DSC Messages 18 change an existing Service Flow. The DSD Messages delete an existing Service Flow. This is illustrated in 19 Figure 83. 20 21 DSD 22 DSC 23 24 25 26 Null Operational DSA 27 28 29 30 Figure 83—Dynamic Service Flow Overview 31 32 33 The Null state implies that no Service Flow exists that matches the SFID and/or TransactionID in a Message. 34 Once the Service Flow exists, it is operational and has an assigned SFID. In steady state operation, a Service 35 36 Flow resides in a Nominal state. When Dynamic Service messaging is occurring, the Service Flow may tran- 37 sition through other states, but remains operational. Since multiple Service Flows may exist, there may be 38 multiple state machines active, one for every Service Flow. Dynamic Service Messages only affect those 39 state machines that match the SFID and/or Transaction ID. If privacy is enabled, both the SS and BS shall 40 verify the HMAC digest on all dynamic service Messages before processing them, and discard any Messages 41 42 that fail. 43 44 Service Flows created at registration time effectively enter the SF_operational state without a DSA transac- 45 tion. 46 47 48 TransactionIDs are unique per transaction and are selected by the initiating device (SS or BS). To help pre- 49 vent ambiguity and provide simple checking, the TransactionID number space is split between the SS and 50 BS. The SS shall select its TransactionIDs from the first half of the number space (0x0000 to 0x7FFF). The 51 BS shall select its TransactionIDs from the second half of the number space (0x8000 to 0xFFFF). 52 53 54 Each dynamic service Message sequence is a unique transaction with an associated unique transaction iden- 55 tifier. The DSA/DSC transactions consist of a request/response/acknowledge sequence. The DSD transac- 56 tions consist of a request/response sequence. The response Messages will return a confirmation code of okay 57 unless some exception condition was detected. The acknowledge Messages will return the confirmation code 58 in the response unless a new exception condition arises. A more detailed state diagram, including transition 59 60 states, is shown below. The detailed actions for each transaction will be given in the following sections. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 169 IEEE 802.16.1-00/01r4, September 2000

1 2.13.8.2 Dynamic Service Flow State Transitions 2 3 The Dynamic Service Flow State Transition Diagram is the top-level state diagram and controls the general 4 5 Service Flow state. As needed, it creates transactions, each represented by a Transaction state transition dia- 6 gram, to provide the DSA, DSC, and DSD signaling. Each Transaction state transition diagram only commu- 7 nicates with the parent Dynamic Service Flow State Transition Diagram. The top-level state transition 8 diagram filters Dynamic Service Messages and passes them to the appropriate transaction based on Service 9 Flow Identifier (SFID), Service Flow Reference number, and TransactionID. 10 11 12 There are six different types of transactions: locally initiated or remotely initiated for each of the DSA, DSC 13 and DSD Messages. Most transactions have three basic states: pending, holding and deleting. The pending 14 state is typically entered after creation and is where the transaction is waiting for a reply. The holding state is 15 typically entered once the reply is received. The purpose of this state is to allow for retransmissions in case 16 17 of a lost Message, even though the local entity has perceived that the transaction has completed. The deleting 18 state is only entered if the Service Flow is being deleted while a transaction is being processed. 19 20 The flow diagrams provide a detailed representation of each of the states in the Transaction state transition 21 diagrams. All valid transitions are shown. Any inputs not shown should be handled as a severe error condi- 22 23 tion. 24 25 With one exception, these state diagrams apply equally to the BS and SS. In the Dynamic Service Flow 26 Changing-Local state, there is a subtle difference in the SS and BS behaviors. This is called out in the state 27 transition and detailed flow diagrams. 28 29 30 [Note: The ‘Num Xacts’ variable in the Dynamic Service Flow State Transition Diagram is incremented 31 every time the top-level state diagram creates a transaction and is decremented every time a transaction ter- 32 minates. A Dynamic Service Flow shall not return to the Null state until it’s deleted and all transactions have 33 terminated.] 34 35 36 The inputs for the state diagrams are identified below. 37 38 Dynamic Service Flow State Transition Diagram inputs from unspecified local, higher-level entities: 39 40 41 Add 42 Change 43 Delete 44 45 46 Dynamic Service Flow State Transition Diagram inputs from DSx Transaction State Transition diagrams: 47 48 DSA Succeeded 49 50 DSA Failed 51 DSA ACK Lost 52 DSA Erred 53 54 DSA Ended 55 56 57 58 DSC Succeeded 59 60 DSC Failed 61 DSC ACK Lost 62 DSC Erred 63 64 DSC Ended 65

This is an unapproved Task Group document being circulated for comment. 170 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 DSD Succeeded 5 DSD Erred 6 DSD Ended 7 8 DSx Transaction State Transition diagram inputs from the Dynamic Service Flow State Transition Diagram: 9 10 11 SF Add 12 SF Change 13 14 SF Delete 15 16 17 18 19 SF Abort Add 20 SF Change-Remote 21 SF Delete-Local 22 23 SF Delete-Remote 24 25 26 27 SF DSA-ACK Lost 28 29 SF-DSC-REQ Lost 30 SF-DSC-ACK Lost 31 SF DSC-REQ Lost 32 33 34 35 36 SF Changed 37 38 SF Deleted 39 40 The creation of DSx Transactions by the Dynamic Service Flow State Transition Diagram is indicated by the 41 notation 42 43 DSx-[ Local | Remote ] ( initial_input ) 44 45 46 where initial_input may be SF Add, DSA-REQ, SF Change, DSC-REQ, SF Delete, or DSD-REQ depending 47 on the transaction type and initiator. 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 171 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 Null 5 6 7 DSA-REQ / Add / DSA-Local( SF Add ) DSA Ended / 8 DSA-Remote( DSA-REQ ) DSC-REQ / SF DSA-ACK Lost 9 10 11

12 Adding Adding Add Failed Local Remote 13 ( DSA Failed / ) DSA Failed / 14 ( Delete / SF Abort Add ) 15 16

17 DSA Succeeded / DSA Succeeded / 18 ( DSA Erred / 19 DSA Erred / DSD-Local( SF Delete ) ) DSD-Local( SF Delete ) ( Delete / SF Delete-Local, 20 DSD-Local( SF Delete ) ) 21 22 Nominal 23 Change / DSC-REQ / DSC-Local( SF Change-Remote, 24 ( DSC-REQ / [ CMTSBS Only ] ) SF Change ) DSC-Remote( DSC-REQ ) ( DSA ACK Lost / 25 SF DSC-REQ Lost ) ( DSC ACK Lost / New DSC-REQ / DSD Ended && 26 SF DSC-REQ Lost ) SF DSC-ACK Lost Num Xacts == 0 / 27 ( DSC Succeeded / ( DSC Succeeded / 28 SF Changed ) SF Changed ) ( DSC Failed / ( DSC Failed / 29 SF Changed ) SF Changed ) 30 Delete / Changing DSC-REQ / SF Change-Remote, Changing 31 SF Delete-Local, Local DSC-Remote( DSC-REQ ) [ SSCM Only ] Remote 32 DSD-Local( SF Delete ) ( DSC-REQ / ) 33 ( DSA ACK Lost / SF DSD-REQ Lost ) 34 ( DSC ACK Lost / ( DSC Erred / SF Delete-Local, SF DSD-REQ Lost ) ( DSC Erred / 35 DSD-Local( SF Delete ) ) DSD-Local( SF Delete ) ) ( Delete / SF Delete-Local, ( Delete / SF Delete-Local, 36 DSD-Local( SF Delete ) ) DSD-Local( SF Delete ) ) 37 38 39 40 Deleting

41 DSD-REQ / SF Delete-Remote, DSD-Remote( DSD-REQ ) 42 43

44 ( DSD Succeeded / SF Deleted ) 45 ( DSD Erred / SF Deleted ) 46 DSD Succeeded / SF Deleted 47 48 49 Deleted 50 51 52 53 Figure 84—Dynamic Service Flow State Transition Diagram 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 172 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 Begin 7 8 9 10 11 SF Add / DSA-REQ 12 13 14 15 DSA-RSP Timeout T7 && Retries Available / DSA-REQ 16 Pending 17 18 19 20 Timeout T7 && Retries Exhausted / 21 22 23 ( DSA-RSP / DSA Succeeded, DSA-ACK ) ( DSA-RSP / DSA Failed, DSA-ACK ) 24 ( SF Abort Add / ) 25

26 DSA-RSP / 27 DSA ACK Lost 28 29 DSA-RSP / DSA-ACK, DSA ACK Lost 30 Retries Holding Deleting 31 Exhausted Down Service Flow ( DSA-RSP / DSA Succeeded, DSA-ACK ) SF Delete-Local / 32 ( DSA-RSP / DSA Failed, DSA-ACK ) 33 ( SF Abort Add / ) 34 35 36 37 38 ( Timeout T10 / DSA Ended ) ( SF Changed / DSA Ended ) 39 ( SF Change-Remote / DSA Ended ) 40 41 42 Timeout T10 / ( Timeout T10 / DSA Ended ) DSA Erred, DSA Ended ( SF Deleted / DSA Ended ) 43 44 45 SF Delete-Remote / DSA Ended 46 End 47 48 49 50 Figure 85—DSA - Locally Initiated Transaction State Transition Diagram 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 173 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 Begin 5 6 7 8 9 ( DSA-REQ / DSA-RSP ) ( DSA-REQ / DSA Failed, DSA-RSP ) 10 ( Timeout T8 && Retries Available / DSA-RSP ) 11 ( DSA-REQ && Retries Available / DSA-RSP ) 12 ( DSA-REQ && Retries Exhausted / ) ( SF DSA-ACK Lost && Retries Available / DSA-RSP ) 13 ( SF DSA-ACK Lost && Retries Exhausted / ) 14 DSA-ACK 15 Pending 16 17 18 SF Delete-Local / 19 20 21 ( DSA-ACK / DSA Succeeded ) 22 ( DSA-ACK / DSA Failed ) 23 24 25 ( DSA-REQ / ) 26 ( DSA-ACK / ) 27 28 ( DSA-ACK / ) 29 ( Timeout T8 && Retries Exhausted / DSA Erred, DSA Ended ) Holding Deleting ( SF Delete-Local / ) 30 ( SF Delete-Remote / DSA Ended ) Down Service Flow ( SF Change-Remote / ) 31 32 33 34 35 36 ( Timeout T8 / DSA Ended ) 37 ( SF Changed / DSA Ended ) 38 ( SF Deleted / DSA Ended ) ( SF Delete-Remote / DSA Ended ) 39

40 ( Timeout T10 / DSA Ended ) 41 ( SF Deleted / DSA Ended ) 42 ( SF Delete-Remote / DSA Ended ) 43 44 45 End 46 47 48 49 50 Figure 86—DSA - Remotely Initiated Transaction State Transition Diagram 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 174 IEEE 802.16.1-00/01r4, September 2000

1 2 3

4 Begin 5 6 7 8 9 SF Change / DSC-REQ 10

11 ( Timeout T7 && Retries Available / DSC-REQ ) 12 ( SF DSC-REQ Lost && Retries Available / DSC-REQ ) 13 ( SF DSC-REQ Lost && Retries Exhausted / )

14 DSC-RSP Pending 15 SF Change-Remote / DSC Ended [ CMSS Only ] 16 17 18 19 Timeout T7 && Retries Exhausted / 20 21 22 ( DSC-RSP / DSC Succeeded, DSC-ACK ) 23 ( DSC-RSP / DSC Failed, DSC-ACK ) SF Delete-Local / 24 25 DSC-RSP / 26 DSC ACK Lost 27 28 29 30 Retries Holding DSC-RSP / Deleting Exhausted ( DSC-RSP / DSC Succeeded, DSC-ACK ) Down DSC-ACK, DSC ACK Lost Service Flow 31 ( DSC-RSP / DSC Failed, DSC-ACK ) 32 33 34 35 36 37 ( Timeout T10 / DSC Ended ) 38 ( SF Changed / DSC Ended ) ( SF Change-Remote / DSC Ended ) 39 40 41 Timeout T10 / ( Timeout T10 / DSC Ended ) 42 DSC Erred, DSC Ended ( SF Deleted / DSC Ended ) 43 44 45 SF Delete-Remote / DSC Ended End 46 47 48 49 50 Figure 87—DSC - Locally Initiated Transaction State Transition Diagram 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 175 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 Begin 5 6 7 8 9 10 DSC-REQ / DSC-RSP 11 ( Timeout T8 && Retries Available / DSC-RSP ) 12 ( DSC-REQ && Retries Available / DSC-RSP ) ( DSC-REQ && Retries Exhausted / ) 13 ( SF DSC-ACK Lost && Retries Available / DSC-RSP ) 14 ( SF DSC-ACK Lost && Retries Exhausted / ) DSC-ACK 15 Pending 16 17 18 19 SF Delete-Local / 20 21 22 ( DSC-ACK / DSC Succeeded ) 23 ( DSC-ACK / DSC Failed ) 24 25 26 ( DSC-REQ / ) 27 ( DSC-ACK / ) 28 29 30 ( DSC-ACK / ) ( Timeout T8 && Retries Exhausted / DSC Erred, DSC Ended ) Holding Deleting ( SF Delete-Local / ) 31 ( SF Delete-Remote / DSC Ended ) Down Service Flow ( SF Change-Remote / ) 32 33 34 35 36 37 ( Timeout T8 / DSC Ended ) 38 ( SF Changed / DSC Ended ) 39 ( SF Deleted / DSC Ended ) 40 ( SF Delete-Remote / DSC Ended ) 41 42 ( Timeout T10 / DSC Ended ) ( SF Deleted / DSC Ended ) 43 ( SF Delete-Remote / DSC Ended ) 44 45 46 47 End 48 49 50 51 Figure 88—DSC - Remotely Initiated Transaction State Transition Diagram 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 176 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 Begin 6 7 8 9 10 SF Delete / DSD-REQ 11 12 13 14 ( Timeout T7 && Retries Available / DSD-REQ ) 15 DSD-RSP ( SF DSD-REQ Lost && Retries Available / DSD-REQ ) Pending 16 ( SF DSD-REQ Lost && Retries Exhausted / ) 17 18 19 20 21 22

23 ( DSD-RSP / DSD Succeeded ) 24 ( SF Delete-Remote / ) 25 26 27 28 29 30 31 Holding ( DSD-RSP / DSD Succeeded ) Timeout T7 && Retries Exhausted / DSD Erred, DSD Ended 32 Down ( SF Deleted / ) 33 34 35 36 37 38 39 40 Timeout T7 / DSD Ended 41 42 43 44 45 46 47 48 End 49 50 51 Figure 89—DSD - Locally Initiated Transaction State Transition Diagram 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 177 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 Begin 5 6 7 8 9 10 DSD-REQ / DSD Succeeded, DSD-RSP 11 12 13 14 Holding 15 DSD-REQ / DSD-RSP 16 Down 17 18 19

20 ( Timeout T10 / DSD Ended ) 21 ( SF Deleted / DSD Ended ) 22 23 24 25 26 End 27 28 29 30 Figure 90—Dynamic Deletion (DSD) - Remotely Initiated Transaction State Transition Diagram 31 32 33 2.13.8.3 Dynamic Service Addition 34 35 A SS wishing to create an upstream and/or a downstream Service Flow sends a request to the BS using a 36 dynamic service addition request Message (DSA-REQ). The BS checks the SS's authorization for the 37 38 requested service(s) and whether the QoS requirements can be supported and generates an appropriate 39 response using a dynamic service addition response Message (DSA-RSP). The SS concludes the transaction 40 with an acknowledgment Message (DSA-ACK). 41 42 In order to facilitate a common admission response, an upstream and a downstream Service Flow can be included in a 43 44 single DSA-REQ. Both Service Flows are either accepted or rejected together. 45 46 47 Table 30: Dynamic Service Addition Initiated from SS 48 49 SS BS 50 51 52 53 New Service Flow(s) needed 54 55 Check if resources are available 56 57 Send DSA-REQ ---DSA-REQ--> Receive DSA-REQ 58 59 Check if SS authorized for Service(s)a 60 61 Check Service Flow(s) QoS can be sup- 62 63 ported 64 65

This is an unapproved Task Group document being circulated for comment. 178 IEEE 802.16.1-00/01r4, September 2000

1 Table 30: Dynamic Service Addition Initiated from SS 2 3 Create SFID(s) 4 5 If upstream AdmittedQoSParamSet is non- 6 null, map Service Flow to CID 7 8 If upstream ActiveQoSParamSet is non- 9 10 null, Enable reception of data on new 11 upstream Service Flow 12 13 Receive DSA-RSP <--DSA-RSP--- Send DSA-RSP 14 15 If ActiveQoSParamSet is non-null, 16 Enable transmission and/or reception of 17 data on new Service Flow(s) 18 19 Send DSA-ACK ---DSA-ACK--> Receive DSA-ACK 20 21 If downstream ActiveQoSParamSet is 22 non-null, Enable transmission of data on 23 24 new downstream Service Flow 25 a 26 Note: authorization can happen prior to the DSA-REQ being received by the BS. The details of BS signalling to 27 anticipate a DSA-REQ are beyond the scope of this specification. 28 29 2.13.8.3.1 BS Initiated Dynamic Service Addition 30 31 32 A BS wishing to establish an upstream and/or a downstream dynamic Service Flow(s) with a SS performs 33 the following operations. The BS checks the authorization of the destination SS for the requested class of 34 service and whether the QoS requirements can be supported. If the service can be supported the BS gener- 35 ates new SFID(s) with the required class of service and informs the SS using a dynamic service addition 36 request Message (DSA-REQ). If the SS checks that it can support the service, it responds using a dynamic 37 38 service addition response Message (DSA-RSP). The transaction completes with the BS sending the 39 acknowledge Message (DSA-ACK). 40 41 42 43 44 45 46 47 Dynamic Service Addition State Transition Diagrams 48 49 Dynamic Service Addition State Transition Diagrams 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 179 IEEE 802.16.1-00/01r4, September 2000

1 Table 31: Dynamic Service Addition Initiated from BS 2 3 4 CPE BS 5 6 7 8 New Service Flow(s) required for CPE 9 10 Check CPE authorized for Service(s) 11 Check Service Flow(s) QoS can be sup- 12 13 ported 14 15 Create SFID(s) 16 If upstream AdmittedQoSParamSet is non- 17 18 null, map Service Flow to CID 19 20 If upstream ActiveQoSParamSet is non-null, 21 Enable reception of data on new upstream 22 Service Flow 23 24 Receive DSA-REQ <--DSA-REQ--- Send DSA-REQ 25 26 Confirm CPE can support Service 27 Flow(s) 28 29 Add Downstream SFID (if present) 30 31 Enable reception on any new down- 32 stream Service Flow 33 34 Send DSA-RSP ---DSA-RSP--> Receive DSA-RSP 35 36 Enable transmission & reception of data on 37 new Service Flow(s) 38 39 Receive DSA-ACK <--DSA-ACK--- Send DSA-ACK 40 41 Enable transmission on new upstream 42 Service Flow 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 180 IEEE 802.16.1-00/01r4, September 2000

1 2.13.8.3.2 Dynamic Service Addition State Transition Diagrams 2 3 4 DSA-Local 5 Begin 6 7 8 9 10 SF Add 11 12 13 14 15 DSA-REQ 16 17 18 19 20 Start T7 Timer 21 22 23 24 25 Save transmitted 26 DSA-REQ 27 28 29 30 Set DSA-REQ Retries Available 31 to 'DSx Request 32 Retries' 33 34 35 DSA-Local 36 DSA-RSP 37 Pending 38 39 40 41 Figure 91—DSA - Locally Initiated Transaction Begin State Flow Diagram 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 181 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSA-Local 4 DSA-RSP Pending 5 6 7 8 9 Timeout T7 SF Delete-Remote SF Abort Add DSA-RSP 10 11 12 13 Retries Stop T7 Timer Stop T7 Timer Stop T7 Timer 14 Available 15 ? No 16 17 Save DSA-ACK 18 Yes DSA Ended with Condition Code 'reject-add- Okay ? 19 aborted'

20 Saved Start T10 Timer 21 DSA-REQ No DSA-Local Yes 22 End 23 24 DSA-Local Enable Start T7 Timer 25 Retries Exhausted service flow 26 27

28 Decrement DSA DSA-REQ DSA Failed 29 Succeeded 30 Retries Available 31 32 DSA-Local Set Condition Set Condition 33 DSA-RSP Code to 'reject-xxx' Code to 'okay' 34 Pending 35 36 37 38 39 DSA-ACK 40 41 42 43 Save transmitted DSA-ACK 44 45 46 47 48 49 Start T10 Timer 50 51 52 53 DSA-Local Holding Down 54 55 56 57 Figure 92—DSA - Locally Initiated Transaction DSA-RSP Pending State Flow Diagram 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 182 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSA-Local 4 Holding Down 5 6 7 8 9 SF Changed, 10 SF Change-Remote, Timeout T10 SF Delete-Local DSA-RSP 11 SF Delete-Remote 12 13

14 DSA-Local Saved 15 Stop T10 Timer Deleting DSA-ACK 16 Service Flow 17 18 19 DSA ACK 20 Lost

21 DSA Ended 22 23 24 DSA-Local 25 Holding Down 26 DSA-Local End 27 28 29 30 Figure 93—DSA - Locally Initiated Transaction Holding State Flow Diagram 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 183 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 DSA-Local Retries Exhausted 5 6 7 8 9 10 11 Timeout T10 SF Delete-Remote SF Abort Add DSA-RSP 12 13 14 Save DSA-ACK 15 with Condition DSA Erred Stop T10 Timer 16 Code 'reject-add- Okay ? 17 aborted' 18 No 19 20 Yes 21 22 DSA Ended Enable 23 service flow 24 25 26 27 DSA-Local End DSA DSA Failed 28 Succeeded 29 30 31

32 Set Condition Set Condition 33 Code to 'reject-xxx' Code to 'okay' 34 35 36 37 38 39 DSA-ACK 40 41 42 43 44 Save transmitted 45 DSA-ACK 46 47 48 49 50 DSA-Local 51 Holding Down 52 53 54 55 56 Figure 94—DSA - Locally Initiated Transaction Retries Exhausted State Flow Diagram 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 184 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSA-Local 4 Deleting 5 Service Flow 6 7 8 9

10 SF Deleted, Timeout T10 DSA-RSP 11 SF Delete-Remote 12 13 14 15 DSA ACK Stop T10 Timer 16 Lost 17 18 19 DSA-Local 20 Deleting 21 Service Flow 22 DSA Ended 23 24 25 26 DSA-Local 27 End 28 29 30 Figure 95—DSA - Locally Initiated Transaction Deleting Service Flow State Flow Diagram 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 185 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSA-Remote 4 Begin 5 6 7 8 DSA-REQ 9 10 11 12 13 No Okay ? 14 15 16 17 Yes 18 19 20 21 [SS[ CM only] Only ] [[BS CMTS only] Only ] Enable Enable DSA Failed 22 downstream upstream 23 service flow service flow 24 25 26 27 28 Set Condition Set Condition Code to 'reject-xxx' Code to 'okay' 29 30 31 32 33 34 DSA-RSP 35 36 37 38 Start T8 Timer 39 40 41 42 Save transmitted 43 DSA-RSP 44 45

46 Set DSA-RSP 47 Retries Available 48 to 'DSx Response Retries' 49 50 51 DSA-Remote 52 DSA-ACK 53 Pending 54 55 56 Figure 96—DSA - Remotely Initiated Transaction Begin State Flow Diagram 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 186 IEEE 802.16.1-00/01r4, September 2000

1 2 DSA-Remote 3 DSA-ACK 4 Pending 5 6 7

8 SF DSA-ACK SF Delete- SF Delete- DSA-REQ Timeout T8 DSA-ACK 9 Lost Remote Local 10 11 12 13 Retries Stop T8 Timer Stop T8 Timer Stop T8 Timer Available 14 ? 15 No 16 17 Yes Start T10 Timer 18 19 Saved 20 DSA Erred DSA-RSP DSA-Remote 21 Retries Deleting 22 Available Service Flow 23 ? 24 Start T8 Timer No 25 Yes 26 DSA Ended No Okay ? 27 Decrement Saved 28 DSA-RSP DSA-RSP 29 Retries Available Yes DSA-Remote 30 End 31 32 33 [SS[ CM only] Only ] [BS[ CMTS only] Only ] DSA-Remote Disable Enable Enable 34 DSA-ACK service flow upstream downstream Pending 35 service flow service flow 36 37 38 39 DSA 40 DSA Failed 41 Succeeded 42 43 44 45 46 Start T8 Timer 47 48 49 50 DSA-Remote 51 Holding Down 52 53 54 55 56 Figure 97—DSA - Remotely Initiated Transaction DSA-ACK Pending State Flow Diagram 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 187 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSA-Remote 4 Holding Down 5 6 7 8 9 SF Changed, SF Delete-Local, 10 SF Deleted, Timeout T8 DSA-ACK SF Change-Remote 11 SF Delete-Remote 12 13 14 15 Stop T8 Timer 16 DSA-Remote 17 Holding Down 18 19 20 21 DSA Ended 22 23 24 25 DSA-Remote 26 End 27 28 29 30 Figure 98—DSA - Remotely Initiated Transaction Holding Down State Flow Diagram 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 188 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSA-Remote 4 Deleting 5 Service Flow 6 7 8 9 10 SF Deleted, DSA-REQ, Timeout T10 11 SF Delete-Remote DSA-ACK 12 13 14 15 DSA-Remote 16 Stop T10 Timer Deleting Service Flow 17 18 19 20 21 22 DSA Ended 23 24 25 26 27 DSA-Remote 28 End 29 30 31 32 Figure 99—DSA - Remotely Initiated Transaction Deleting Service State Flow Diagram 33 34 2.13.8.4 Dynamic Service Change 35 36 37 The Dynamic Service Change (DSC) set of Messages is used to modify the flow parameters associated with 38 a Service Flow. Specifically, DSC can modify the Service Flow Specification. 39 40 A single DSC Message exchange can modify the parameters of one downstream service flow and/or one 41 42 upstream service flow. 43 44 To prevent packet loss, any required bandwidth change is sequenced between the SS and BS. 45 46 The BS controls both upstream and downstream scheduling. The timing of scheduling changes is indepen- 47 48 dent of direction AND whether it’s an increase or decrease in bandwidth. The BS always changes scheduling 49 on receipt of a DSC-REQ (SS initiated transaction) or DSC-RSP (BS initiated transaction). 50 51 The BS also controls the downstream transmit behavior. The change in downstream transmit behavior is 52 always coincident with the change in downstream scheduling (i.e. BS controls both and changes both simul- 53 54 taneously). 55 56 The SS controls the upstream transmit behavior. The timing of SS transmit behavior changes is a function of 57 which device initiated the transaction AND whether the change is an “increase” or “decrease” in bandwidth. 58 59 60 If an upstream Service Flow’s bandwidth is being reduced, the SS reduces its payload bandwidth first and 61 then the BS reduces the bandwidth scheduled for the Service Flow. If an upstream Service Flow’s bandwidth 62 is being increased, the BS increases the bandwidth scheduled for the Service Flow first and then the SS 63 increases its payload bandwidth. 64 65

This is an unapproved Task Group document being circulated for comment. 189 IEEE 802.16.1-00/01r4, September 2000

1 If the bandwidth changes are complex, it may not be obvious to the SS when to effect the bandwidth 2 changes. This information may be signalled to the SS from a higher layer entity. 3 4 5 Any service flow can be deactivated with a Dynamic Service Change command by sending a DSC-REQ 6 Message, referencing the Service Flow Identifier, and including a null ActiveQoSParameterSet. However, if 7 a Primary Service Flow of a SS is deactivated that SS is de-registered and shall re-register. Therefore, care 8 should be taken before deactivating such Service Flows. If a Service Flow that was provisioned during regis- 9 tration is deactivated, the provisioning information for that Service Flow shall be maintained until the Ser- 10 11 vice Flow is reactivated. 12 13 A SS shall have only one DSC transaction outstanding per Service Flow. If it detects a second transaction 14 initiated by the BS, the SS shall abort the transaction it initiated and allow the BS initiated transaction to 15 complete. 16 17 18 A BS shall have only one DSC transaction outstanding per Service Flow. If it detects a second transaction 19 initiated by the SS, the BS shall abort the transaction the SS initiated and allow the BS initiated transaction 20 to complete. 21 22 23 Note: Currently anticipated applications would probably control a Service Flow through either the SS or BS, and 24 not both. Therefore the case of a DSC being initiated simultaneously by the SS and BS is considered as an excep- 25 tion condition and treated as one. 26 27 2.13.8.4.1 SS-Initiated Dynamic Service Change 28 29 30 A SS that needs to change a Service Flow definition performs the following operations. 31 32 The SS informs the BS using a Dynamic Service Change Request Message (DSC-REQ). The BS shall 33 decide if the referenced Service Flow can support this modification. The BS shall respond with a Dynamic 34 35 Service Change Response (DSC-RSP) indicating acceptance or rejection. The SS reconfigures the Service 36 Flow if appropriate, and then shall respond with a Dynamic Service Change Acknowledge (DSC-ACK). 37 38 39 Table 32—SS-Initiated DSC 40 41 42 BS SS 43 44 Service Flow Requires Modifying 45 46 Receive DSC-REQ <------DSC-REQ ------Send DSC-REQ 47 48 Validate Request 49 50 Modify Service Flow 51 52 Increase Channel Bandwidth if 53 Required 54 55 Send DSC-RSP ------DSC-RSP ------> Receive DSC-RSP 56 57 Modify Service Flow 58 Adjust Payload Bandwidth 59 60 Receive DSC-ACK <------DSC-ACK ------Send DSC-ACK 61 62 Decrease Channel Bandwidth if 63 Required 64 65

This is an unapproved Task Group document being circulated for comment. 190 IEEE 802.16.1-00/01r4, September 2000

1 2.13.8.4.2 BS-Initiated Dynamic Service Change 2 3 A BS that needs to change a Service Flow definition performs the following operations. 4 5 6 The BS shall decide if the referenced Service Flow can support this modification. If so, the BS informs the 7 SS using a Dynamic Service Change Request Message (DSC-REQ). The SS checks that it can support the 8 service change, and shall respond using a Dynamic Service Change Response (DSC-RSP) indicating accep- 9 tance or rejection. The BS reconfigures the Service Flow if appropriate, and then shall respond with a 10 11 Dynamic Service Change Acknowledgment (DSC-ACK) 12 13 14 Table 33—BS-Initiated DSC 15 16 17 BS SS 18 19 Service Flow Requires Modifying 20 21 Send DSC-REQ ------DSC-REQ ------> Receive DSC-REQ 22 23 Modify Service Flow 24 Decrease Payload Bandwidth if 25 26 Required 27 28 Receive DSC-RSP <------DSC-RSP ------Send DSC-RSP 29 Modify Service Flow 30 31 Adjust Channel Bandwidth 32 33 Send DSC-ACK ------DSC-ACK ------> Receive DSC-ACK 34 35 Increase Payload Bandwidth if 36 Required 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 191 IEEE 802.16.1-00/01r4, September 2000

1 2.13.8.4.3 Dynamic Service Change State Transition Diagrams 2 3 4 5 6 DSC-Local 7 Begin 8 9 10 11 12 SF Change 13 14 15 16 17 Save service flow 18 QoS state 19 20 21 22 [[SS CM only]Only ] 23 If decrease upstream bandwidth, modify 24 transmission 25 26 27 28 29 DSC-REQ 30 31 32 33 34 Start T7 Timer 35 36 37 38 39 Save tra nsm itted 40 DSC-REQ 41 42 43 44 Set DSC-REQ 45 R etries A vailable to 'DSx Request 46 Retries' 47 48 49 50 DSC-Local 51 DSC-RSP Pending 52 53 54 55 56 Figure 100—DSC - Locally Initiated Transaction Begin State Flow Diagram 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 192 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSC-Local DSC-RSP 4 Pending 5 6 7

SF Change- 8 SF DSC-REQ SF Delete- SF Delete- Timeout T7 Remote DSC-RSP Lost Remote Local 9 [ CM Only ] 10 11

12 Stop T7 Timer Stop T7 Timer Retries 13 Available ? Stop T7 Timer 14 No 15 16 Start T10 Timer Yes 17 DSC Ended 18 DSC-Local Saved 19 Start T10 Timer Deleting DSC-REQ Retries Service Flow 20 Available DSC-Local ? Okay ? 21 End No 22 DSC-Local Start T7 Timer 23 No Retries Exhausted Yes 24 Yes 25 Decrement Saved 26 DSC-REQ DSC-REQ 27 Retries Available

[ CM Only ] [BS[ CMTS only] Only ] 28 Restore [SS only] If increase upstream Modify schedule and, service flow bandwidth, modify if downstream, 29 QoS state 30 transmission transmission 31 DSC-Local DSC-RSP 32 Pending 33

DSC 34 DSC Failed 35 Succeeded 36 37 Set Condition Set Condition 38 Code to 'reject-xxx' Code to 'okay' 39 40 41 42 43 DSC-ACK 44 45 46 47 Start T10 Timer 48 49 Save transmitted 50 DSC-ACK 51 52

53 DSC-Local 54 Holding Down 55 56 57 Figure 101—DSC - Locally Initiated Transaction DSC-RSP Pending State Flow Diagram 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 193 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 DSC-Local Holding Down 5 6 7 8 9 10 SF Changed, 11 SF Change-Remote, Timeout T10 SF Delete-Local DSC-RSP 12 SF Delete-Rem ote 13 14 15 DSC-Local Saved Stop T10 Timer Deleting 16 DSC-ACK 17 Service Flow 18 19 20 DSC ACK 21 Lost 22 23 DSC Ended 24 25 DSC-Local 26 Holding Down 27 DSC-Local 28 End 29 30 31 32 Figure 102—DSC - Locally Initiated Transaction Holding Down State Flow Diagram 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 194 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSC-Local 4 Retries Exhausted 5 6 7 8 9 10 Timeout T10 SF Delete-Remote SF Delete-Local DSC-RSP 11 12 13 DSC-Local 14 DSC Erred Stop T10 Timer Deleting 15 Service Flow 16 17 18 19 No Okay ?

20 DSC Ended 21 22 23 Yes 24 DSC-Local 25 End 26 27 [SS[ CM only] Only ] [[BS CMTS only] Only ] Restore If increase Modify schedule 28 service flow upstream and, if 29 QoS state bandwidth, modify downstream, 30 transmission transmission 31 32 33 34 DSC DSC Failed 35 Succeeded 36 37 38 39 Set Condition Set Condition 40 Code to 'reject-xxx' Code to 'okay' 41 42 43 44 45 DSC-ACK 46 47 48 49 Save transmitted 50 DSC-ACK 51 52 53 54 DSC-Local 55 Holding Down 56 57 58 Figure 103—DSC - Locally Initiated Transaction Retries Exhausted State Flow Diagram 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 195 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSC-Local 4 Deleting 5 Service Flow 6 7 8 9 10 SF Deleted, Timeout T10 DSC-RSP 11 SF Delete-Remote 12 13 14 15 DSC ACK Stop T10 Timer 16 Lost 17 18 19 DSC-Local 20 Deleting 21 Service Flow 22 DSC Ended 23 24 25

26 DSC-Local 27 End 28 29 30 31 32 Figure 104—DSC - Locally Initiated Transaction Deleting Service Flow State Flow Diagram 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 196 IEEE 802.16.1-00/01r4, September 2000

1 2

3 DSC-Remote 4 Begin 5 6 7 DSC-REQ 8 9 10 11 Save service flow 12 QoS state 13 14 15

16 Okay ? 17 18 19 No

20 Yes 21 22 23 24 [SS[ CM only] Only ] [[BS CMTS only] Only ] 25 If decrease upstream Modify schedule and, bandwidth, modify if downstream, 26 transmission transmission 27 28 29 30 31 Set Condition Set Condition 32 Code to 'reject-xxx' Code to 'okay' 33 34 35 36 37 DSC-RSP 38 39 40 41 Start T8 Timer 42 43 44 Save transmitted 45 DSC-RSP 46 47

48 Set DSC-RSP 49 Retries Available to 'DSx Response 50 Retries' 51 52 53 DSC-Remote DSC-ACK 54 Pending 55 56 57 Figure 105—DSC - Remotely Initiated Transaction Begin State Flow Diagram 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 197 IEEE 802.16.1-00/01r4, September 2000

1 \ 2 3 DSC-Remote 4 DSC-ACK Pending 5 6 7 8

9 SF DSC-ACK SF Delete- SF Delete- DSC-REQ Timeout T8 DSC-ACK 10 Lost Remote Local 11 12 13 14 Retries Stop T8 Timer Stop T8 Timer Stop T8 Timer Available 15 ? 16 No 17 18 Yes Start T10 Timer 19 20 Saved 21 DSC Erred DSC-RSP DSC-Remote 22 Retries Deleting 23 Available Service Flow 24 ?

25 Start T8 Timer 26 No Yes 27 DSC Ended Okay ?

28 No Decrement 29 Saved DSC-RSP 30 DSC-RSP Retries Available Yes 31 DSC-Remote 32 End 33 [SS[ CM only] Only ] Restore If increase 34 service flow upstream 35 DSC-Remote QoS state bandwidth, modify DSC-ACK transmission 36 Pending 37 38 DSC DSC Failed 39 Succeeded 40 41 42 43 44 45 Start T8 Timer 46 47 48 49 DSC-Remote Holding Down 50 51 52 Figure 106—DSC - Remotely Initiated Transaction DSC-ACK Pending State Flow Diagram 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 198 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 DSC-Remote 5 Holding Down 6 7 8 9 10 SF Changed, SF Delete-Local, SF Deleted, Timeout T8 DSC-ACK 11 SF Change-Remote 12 SF Delete-Remote 13 14 15 16 Stop T8 Timer 17 DSC-Remote 18 Holding Down 19 20 21 22 23 DSC Ended 24 25 26

27 DSC-Remote 28 End 29 30 31 32 Figure 107—DSC - Remotely Initiated Transaction Holding Down State Flow Diagram 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 199 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSC-Remote 4 Deleting 5 Service Flow 6 7 8 9 10 SF Deleted, DSC-REQ, Timeout T10 11 SF Delete-Remote DSC-ACK 12 13 14 15 DSC-Remote Stop T10 Timer Deleting 16 Service Flow 17 18 19 20 21 22 DSC Ended 23 24 25 26 DSC-Remote 27 End 28 29 30 31 32 Figure 108—DSC - Remotely Initiated Transaction Deleting Service Flow State Flow Diagram 33 34 35 36 2.13.8.5 Connection Release 37 38 Any service flow can be deleted with the Dynamic Service Deletion (DSD) Messages. When a Service Flow 39 is deleted, all resources associated with it are released. However, if a Basic Service Flow of a SS is deleted, 40 that SS is de-registered and shall re-register. Also, if a Service Flow that was provisioned during registration 41 42 is deleted, the provisioning information for that Service Flow is lost until the SS re-registers. However, the 43 deletion of a provisioned Service Flow shall not cause a SS to re-register. Therefore, care should be taken 44 before deleting such Service Flows. 45 46 47 Note: Unlike DSA and DSC Messages, DSD Messages are limited to only a single Service Flow. 48 49 2.13.8.5.1 SS Initiated Dynamic Service Deletion 50 51 A SS wishing to delete a Service Flow generates a delete request to the BS using a Dynamic Service Dele- 52 tion-Request Message (DSD-REQ). The BS removes the Service Flow and generates a response using a 53 54 Dynamic Service Deletion-Response Message (DSD-RSP). Only one Service Flow can be deleted per DSD- 55 Request. 56 57 2.13.8.5.2 BS Initiated Dynamic Service Deletion 58 59 60 A BS wishing to delete a dynamic Service Flow generates a delete request to the associated SS using a 61 Dynamic Service Deletion-Request Message (DSD-REQ). The SS removes the Service Flow and generates 62 a response using a Dynamic Service Deletion-Response Message (DSD-RSP). Only one Service Flow can 63 be deleted per DSD-Request. 64 65

This is an unapproved Task Group document being circulated for comment. 200 IEEE 802.16.1-00/01r4, September 2000

1 Table 34: Dynamic Service Deletion Initiated from SS 2 3 4 SS BS 5 6 Service Flow no longer needed 7 8 Delete Service Flow 9 10 Send DSD-REQ ---DSD-REQ--> Receive DSD-REQ 11 Verify SS is Service Flow ‘owner’ 12 13 Delete Service Flow 14 15 Receive DSD-RSP <--DSD-RSP--- Send DSD-RSP 16 17 18 19 Table 35: Dynamic Service Deletion Initiated from BS 20 21 22 SS BS 23 24 Service Flow no longer needed 25 26 Delete Service Flow 27 Determine associated SS for this 28 29 Service Flow 30 31 Receive DSD-REQ <---DSD-REQ--- Send DSD-REQ 32 Delete Service Flow 33 34 Send DSD-RSP ---DSD-RSP--> Receive DSD-RSP 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 201 IEEE 802.16.1-00/01r4, September 2000

1 2.13.8.5.3 Dynamic Service Deletion State Transition Diagrams 2 3 4 5 6 DSD-Local 7 Begin 8 9 10 11 12 SF Delete 13 14 15 16 17 18 Disable 19 service flow 20 21 22 23 24 DSD-REQ 25 26 27 28 29 Start T7 Timer 30 31 32 33 34 35 Save transmitted 36 DSD-REQ 37 38 39 40 Set DSD-REQ Retries Available 41 to 'DSx Request 42 Retries' 43 44 45 46 DSD-Local DSD-RSP 47 Pending 48 49 50 51 Figure 109—DSD - Locally Initiated Transaction Begin State Flow Diagram 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 202 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSD-Local 4 DSD-RSP 5 Pending 6 7 8 9 10 SF DSD-REQ Timeout T7 SF Delete-Remote DSD-RSP 11 Lost 12 13 14 15 Retries Retries Stop T7 Timer Stop T7 Timer 16 Available Available 17 ? ? 18 No 19 20 Yes Yes 21 DSD Succeeded 22 Saved Saved 23 DSD Erred DSD-REQ DSD-REQ 24 No 25 26 27 28 Start T7 Tim er Start T7 Timer DSD Ended 29 30 31 32 DSD-Local Decrement 33 DSD-Local Holding Down DSD-REQ End 34 Retries Available 35 36 37 38 39 DSD-Local 40 DSD-RSP 41 Pending 42 43 44 Figure 110—DSD - Locally Initiated Transaction DSD-RSP Pending State Flow Diagram 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 203 IEEE 802.16.1-00/01r4, September 2000

1 2 3 DSD-Local 4 Holding Down 5 6 7 8 9 10 Timeout T7 SF Deleted DSD-RSP 11 12 13 14 DSD 15 DSD Ended 16 Succeeded 17 18 19 20 DSD-Local 21 End DSD-Local 22 Holding Down 23 24 25 26 Figure 111—DSD - Locally Initiated Transaction Holding Down State Flow Diagram 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 204 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 DSD-Remote 5 Begin 6 7 8 9 10 DSD-REQ 11 12 13 14 15 Disable service flow 16 17 18 19 20 DSD 21 Succeeded 22 23 24 25 26 DSD-RSP 27 28 29 30 31 Start T10 Timer 32 33 34 35 36 Save transmitted 37 DSD-RSP 38 39 40 41 42 DSD-Remote 43 Holding Down 44 45 46 47 Figure 112—DSD - Remotely Initiated Transaction Begin State Flow Diagram 48 49 50 51 52 2.14 Authentication and Privacy 53 54 2.14.1 Privacy Overview 55 56 Privacy provides subscribers with privacy across the fixed broadband wireless network. It does this by 57 58 encrypting connectionss between SS and BS. 59 60 In addition, Privacy provides operators with strong protection from theft of service. The BS protects against 61 unauthorized access to these data transport services by enforcing encryption of the associated traffic flows 62 across the network. Privacy employs an authenticated client/server key management protocol in which the 63 64 65

This is an unapproved Task Group document being circulated for comment. 205 IEEE 802.16.1-00/01r4, September 2000

1 BS, the server, controls distribution of keying material to client SS. Additionally, the basic privacy mecha- 2 nisms are strengthened by adding digital-certificate based SS authentication to its key management protocol. 3 4 5 2.14.2 Architectural Overview 6 7 Privacy has two component protocols: 8 9 10 An encapsulation protocol for encrypting packet data across the fixed broadband wireless access network. 11 This protocol defines (1) a set of supported cryptographic suites, i.e., pairings of data encryption and 12 authentication algorithms, and (2) the rules for applying those algorithms to a MAC header’s pay- 13 load. 14 15 A key management protocol (Privacy Key Management, or “PKM”) providing the secure distribution of 16 keying data from BS to SS. Through this key management protocol, SS and BS synchronize keying 17 data; in addition, the BS uses the protocol to enforce conditional access to network services. 18 19 20 2.14.2.1 Packet Data Encryption 21 22 Encryption services are defined as a set of capabilities within the MAC sublayer. MAC Header information 23 specific to encryption is allocated in the Generic MAC Header Formant. 24 25 26 This specification supports a single packet date encryption algorithm: the Cipher Block Chaining (CBC) 27 mode of the US Data Encryption Standard (DES) algorithm [FIPS-46-1] [FIPS-81]. It does not pair DES 28 CBC with any packet data authentication algorithm. Additional data encryption algorithms may be sup- 29 ported in future enhancements to the protocol specification, and these algorithms may be paired with data 30 31 authentication algorithms. 32 33 Encryption is always applied to the MAC PDU payload; the Generic MAC Header is not encrypted. All 34 MAC management messages shall be sent in the clear to facilitate registration, ranging, and normal opera- 35 tion of the MAC sublayer. 36 37 38 Section 2.15 specifies the format of MAC PDUs carrying encrypted packet data payloads. 39 40 2.14.2.2 Key Management Protocol 41 42 43 SS use the Privacy Key Management protocol to obtain authorization and traffic keying material from the 44 BS, and to support periodic reauthorization and key refresh. The key management protocol uses X.509 digi- 45 tal certificates [ITU1], RSA [RSA, RSA1, RSA3] (a public-key encryption algorithm) and two-key triple 46 DES to secure key exchanges between SS and BS. 47 48 49 The Privacy Key Management protocol adheres to a client/server model, where the SS, a PKM “client”, 50 requests keying material, and the BS, a PKM “server”, responds to those requests, ensuring individual SS 51 clients only receive keying material they are authorized for. The PKM protocol uses MAC management mes- 52 saging. 53 54 55 Privacy uses public-key cryptography to establish a shared secret (i.e., an Authorization Key) between SS 56 and BS. The shared secret is then used to secure subsequent PKM exchanges of traffic encryption keys. This 57 two-tiered mechanism for key distribution permits refreshing of traffic encryption keys without incurring the 58 overhead of computation-intensive public-key operations. 59 60 61 A BS authenticates a client SS during the initial authorization exchange. Each SS carries a unique X.509 62 digital certificate issued by the SS’s manufacturer. The digital certificate contains the SS’s Public Key along 63 with other identifying information; i.e., SS MAC address, manufacturer ID and serial number. When 64 requesting an Authorization Key, a SS presents it’s digital certificate to a BS. The BS verifies the digital cer- 65

This is an unapproved Task Group document being circulated for comment. 206 IEEE 802.16.1-00/01r4, September 2000

1 tificate, and then uses the verified Public Key to encrypt an Authorization Key, which the BS then sends back 2 to the requesting SS. 3 4 5 The BS associates a SS’s authenticated identity to a paying subscriber, and hence to the data services that 6 subscriber is authorized to access. Thus, with the Authorization Key exchange, the BS establishes an authen- 7 ticated identity of a client SS, and the services (i.e., specific traffic encryption keys) the SS is authorized to 8 access. 9 10 11 Since the BS authenticates SS, it can protect against an attacker employing a cloned SS, masquerading as a 12 legitimate subscriber’s SS. The use of the X.509 certificates prevents cloned SSs from passing fake creden- 13 tials onto a BS. 14 15 SS shall have factory-installed RSA private/public key pairs or provide an internal algorithm to generate 16 17 such key pairs dynamically. If a SS relies on an internal algorithm to generate its RSA key pair, the SS shall 18 generate the key pair prior to its first Privacy initialization, described in Section 2.14.3.1. SS with factory- 19 installed RSA key pairs shall also have factory-installed X.509 certificates. SS that rely on internal algo- 20 rithms to generate an RSA key pair shall support a mechanism for installing a manufacturer-issued X.509 21 certificate following key generation. 22 23 24 The PKM protocol is defined in detail in Section 2.16. 25 26 2.14.2.3 Security Associations 27 28 29 A Security Association (SA) is the set of security information a BS and one or more of its client SS share in 30 order to support secure communications across the BWA network. Three types of Security Associations are 31 defined: Primary, Static, and Dynamic. A Primary Security Association is related to the Basic CID that every 32 SS establishes during registration. Static Security Associations are provisioned within the BS. Dynamic 33 Security Associations are established and eliminated, on the fly, in response to the initiation and termination 34 35 of specific traffic flows. Both Static and Dynamic SAs can by shared by multiple SS. 36 37 A Security Association’s shared information includes traffic encryption keys and CBC initialization vectors. 38 In order to support, in future protocol enhancements, alternative data encryption and data authentication 39 algorithms, Security Association parameters include a cryptographic suite identifier, indicating a the particu- 40 41 lar pairing of packet data encryption and packet data authentication algorithms employed by the security 42 association. At the time of release of this specification, 56-bit DES is the only packet data encryption algo- 43 rithms supported, and neither are paired with a PDU authentication algorithm. 44 45 Security Associations are identified using a SAID. 46 47 48 Each (Privacy enabled) SS establishes an exclusive Primary Security Association with its BS. All of a SS’s 49 upstream traffic, and typically all downstream unicast traffic directed at SS device(s) behind the SS, are 50 encrypted under the SS’s exclusive, Primary Security Association. (Selected downstream unicast traffic 51 flows may be encrypted under Static or Dynamic SAs.) The CID corresponding to a SS’s Primary SA shall 52 53 be equal to the SS’s Basic CID. Downstream traffic may be encrypted under any of the three types of SAs. A 54 downstream multicast PDU, however, is typically intended for multiple SS and hence is more likely to be 55 encrypted under Static or Dynamic SAs, which multiple SS can access, as opposed to a Primary SA, which 56 is restricted to a single SS. 57 58 59 Using the PKM protocol, a SS requests from its BS a SA’s keying material. The BS ensures that each client 60 SS only has access to the Security Associations it is authorized to access. 61 62 A SA's keying material (e.g., DES key and CBC Initialization Vector) has a limited lifetime. When the BS 63 delivers SA keying material to a SS, it also provides the SS with that material's remaining lifetime. It is the 64 65 responsibility of the SS to request new keying material from the BS before the set of keying material that the

This is an unapproved Task Group document being circulated for comment. 207 IEEE 802.16.1-00/01r4, September 2000

1 SS currently holds expires at the BS. The PKM protocol specifies how SS and BS maintain key synchroniza- 2 tion. 3 4 5 2.14.3 Operational Overview 6 7 2.14.3.1 SS Initialization 8 9 SS initialization is divided into the following sequence of tasks: 10 11 12 scan for downstream channel and establish synchronization with the BS 13 obtain transmit parameters 14 15 perform ranging 16 establish IP connectivity (DHCP) 17 establish time of day 18 19 transfer operational parameters (download parameter file via TFTP) 20 BS Registration 21 22 Privacy establishment follows BS registration. 23 24 25 If a SS is to run Privacy, its parameter file, downloaded during the transfer of operational parameters, shall 26 include Privacy Configuration Settings. These additional configuration settings are defined in . 27 28 Upon completing BS registration, the BS will have assigned one or more static CIDs to the registering SS 29 that match the SS’s static class-of-service provisioning. The first static CID assigned during the registration 30 31 process is the Basic CID, and this CID will also serve as the SS’s Privacy Basic SAID. If a SS is configured 32 to run Privacy, BS registration is immediately followed by initialization of the SS’s Privacy security func- 33 tions. 34 35 Privacy initialization begins with the SS sending the BS an Authorization Request, containing: 36 37 38 data identifying the SS (e.g., MAC address), 39 the SS’s RSA public key, 40 41 an X.509 certificate verifying the binding between the SS’s identifying data and the SS’s public key, 42 a list of the SS’s security capabilities (i.e., the particular pairings of encryption and authentication algo- 43 rithms the SS supports) and 44 the SS’s Primary SAID. 45 46 47 If the BS determines the requesting SS is authorized for the Authorization Request’s Basic SAID, the BS 48 responds with an Authorization Reply containing an Authorization Key, from which SS and BS derive the 49 keys needed to secure a SS’s subsequent requests for traffic encryption keys and the BS’s responses to these 50 requests. The BS encrypts the Authorization Key with the receiving SS’s public key. 51 52 53 The Authorization Reply also contains a list of security association descriptors, identifying the primary and 54 static SAs the requesting SS is authorized to access. Each SA descriptor consists of a collection of SA 55 parameters, including the SA’s SAID, type and cryptographic. The list contains at least one entry: a descrip- 56 tor describing the SS’s primary security association. Additional entries are optional, and would describe any 57 58 static SAs the SS was provisioned to access. 59 60 After successfully completing authentication and authorization with the BS, the SS sends key requests to the 61 BS, requesting traffic encryption keys to use with each of its SAIDs. A SS’s traffic key requests are authenti- 62 cated using a keyed hash (the HMAC algorithm [RFC-2104]); the Message Authentication Key is derived 63 64 from the Authorization Key obtained during the earlier authorization exchange. The BS responds with key 65 replies, containing the Traffic Encryption Keys (TEKs); TEKs are triple DES encrypted with a key encryp-

This is an unapproved Task Group document being circulated for comment. 208 IEEE 802.16.1-00/01r4, September 2000

1 tion key derived from the Authorization Key. Like the Key Requests, Key Replies are authenticated with a 2 keyed hash, where the Message Authentication Key is derived from the Authorization Key. 3 4 5 2.14.3.2 SS Key Update Mechanism 6 7 The traffic encryption keys which the BS provides to client SS have a limited lifetime. The BS delivers a 8 key’s remaining lifetime, along with the key value, in the key replies it sends to its client SS. The BS controls 9 which keys are current by flushing expired keys and generating new keys. It is the responsibility of individ- 10 11 ual SSs to insure the keys they are using match those the BS is using. SS do this by tracking when a particu- 12 lar SAID’s key is scheduled to expire and issuing a new key request for the latest key prior to that expiration 13 time. 14 15 In addition, SSs are required to periodically reauthorize with the BS; as is the case with Traffic Encryption 16 17 Keys, an Authorization Key has a finite lifetime which the BS provides the SS along with the key value. It is 18 the responsibility of each SS to reauthorize and obtain a fresh Authorization Key (and an up-to-date list of 19 SA descriptors) before the BS expires the SS’s current Authorization Key. 20 21 Privacy initialization and key update is implemented within the Privacy Key Management protocol, defined 22 23 in detail in Section 2.16. 24 25 26 2.15 MAC PDU Formats 27 28 When operating with Privacy enabled, SS and BS encrypt the payload regions of particular MAC PDUs they 29 transmit onto the FBWA network. 30 31 32 33 34 35 36 37 38 39 Generic MAC Header Payload (optional) 40 41 42 43 44 45 Encrypted portion of the MAC PDU 46 47 48 Figure 113—MAC PDU Encryption 49 50 51 52 The Generic MAC header shall not be encrypted. The Header contains all the Encryption information 53 (Encryption Control Field, Encryption Key Sequence Field, and CID) needed to decrypt a Payload at the 54 receiving station. 55 56 57 Four bits of a MAC Header contains a key sequence number. Recall that the keying material associated with 58 a SA has a limited lifetime, and the BS periodically refreshes a SA’s keying material. The BS manages a 4- 59 bit key sequence number independently for each SA and distributes this key sequence number along with the 60 SA’s keying material to client SS. The BS increments the key sequence number with each new generation of 61 keying material. The MAC Header includes this sequence number, along with the SAID, to identify the spe- 62 63 cific generation of that SA keying material being used to encrypt the attached payload. Being a 4-bit quan- 64 tity, the sequence number wraps around to 0 when it reaches 15. 65

This is an unapproved Task Group document being circulated for comment. 209 IEEE 802.16.1-00/01r4, September 2000

1 Comparing a received PDU’s key sequence number with what it believes to be the “current” key sequence 2 number, a SS or BS can easily recognize a loss of key synchronization with its peer. A SS shall maintain the 3 two most recent generations of keying material for each SA. Keeping on-hand the two most recent key gen- 4 5 erations is necessary for maintaining uninterrupted service during a SA’s key transition. 6 7 Encryption of the payload is indicated by the Encryption Control (EC) bit field. A value of 0 indicates the 8 payload is encrypted and the EKS field contains meaningful data. A value of 1 indicates the payload is not 9 encrypted and the EKS field is set to all zeros. 10 11 12 2.15.1 Fragmentation and Encryption 13 14 A fragment may have its payload encrypted. Encryption is applied after fragmentation. Likewise, decryption 15 is applied before reassembly of the PDU fragments. 16 17 18 2.16 Privacy Key Management (PKM) Protocol 19 20 21 2.16.1 State Models 22 23 2.16.1.1 Introduction 24 25 26 The PKM protocol is specified by two separate, but interdependent, state models: an authorization state 27 model (the Authorization state machine) and an operational service key state model (the Traffic Encryption 28 Key, or TEK state machine). This section defines these two state models. The state models are for explana- 29 tory purposes only, and should not be construed as constraining an actual implementation. 30 31 32 SS authorization, controlled by the Authorization state machine, is the process of: 33 34 the BS authenticating a client SS’s identity 35 36 the BS providing the authenticated SS with an Authorization Key, from which a Key Encryption Key 37 (KEK) and message authentication keys are derived 38 the BS providing the authenticated SS with the identities (i.e., the SAIDs) and properties of primary and 39 40 static security associations the SS is authorized to obtain keying information for 41 42 The KEK is a two-key triple DES encryption key that the BS uses to encrypt the Traffic Encryption Keys 43 (TEKs) it sends to the SS. Traffic encryption keys are used for encrypting user data traffic. SS and BS use 44 message authentication keys to authenticate, via a keyed message digest, the key requests and responses they 45 exchange. 46 47 48 After achieving initial authorization, a SS periodically seeks re-authorization with the BS; reauthorization is 49 also managed by the SS's Authorization state machine. A SS must maintain its authorization status with the 50 BS in order to be able to refresh aging Traffic Encryption Keys. TEK state machines manage the refreshing 51 of Traffic Encryption Keys. 52 53 54 A SS begins authorization by sending an Authentication Information message to its BS. The Authentication 55 Information message contains the SS manufacturer’s X.509 certificate, issued by an external authority. The 56 Authentication Information message is strictly informative, i.e., the BS may choose to ignore it; however it 57 does provide a mechanism for a BS to learn the manufacturer certificates of its client SS. 58 59 60 The SS sends an Authorization Request message to its BS immediately after sending the Authentication 61 Information message. This is a request for an Authorization Key, as well as for the SAIDs identifying any 62 Static Security Associations the SS is authorized to participate in. The Authorization Request includes: 63 64 65 the SS’s manufacturer ID and serial number

This is an unapproved Task Group document being circulated for comment. 210 IEEE 802.16.1-00/01r4, September 2000

1 the SS’s MAC address 2 the SS's public key 3 4 a manufacturer-issued X.509 certificate binding the SS’s public key to its other identifying information 5 a description of the cryptographic algorithms the requesting SS supports; a SS’s cryptographic capabilities 6 is presented to the BS as a list of cryptographic suite identifiers, each indicating a particular pairing 7 8 of packet data encryption and packet data authentication algorithms the SS supports 9 the SS’s Basic CID. The Basic CID is the first static CID the BS assigns to a SS during RF MAC registra- 10 tion -- the primary SAID is equal to the Basic CID 11 12 13 In response to an Authorization Request message, a BS validates the requesting SS’s identity, determines the 14 encryption algorithm and protocol support it shares with the SS, activates an Authorization Key for the SS, 15 encrypts it with the SS's public key, and sends it back to the SS in an Authorization Reply message. The 16 authorization reply includes: 17 18 19 an Authorization Key encrypted with the SS's public key 20 a 4-bit key sequence number, used to distinguish between successive generations of Authorization Keys 21 a key lifetime 22 23 the identities (i.e., the SAIDs) and properties of the single primary and zero or more static security associ- 24 ations the SS is authorized to obtain keying information for 25 26 While the Authorization Reply may identify Static SAs in addition to the Primary SA whose SAID matches 27 28 the requesting SS’s Basic CID, the Authorization Reply shall not identify any Dynamic SAs. 29 30 The BS, in responding to a SS’s Authorization Request, will determine whether the re-questing SS, whose 31 identity can be verified via the X.509 digital certificate, is authorized for basic unicast services, and what 32 additional statically provisioned services (i.e., Static SAIDs) the SS's user has subscribed for. Note that the 33 34 protected services a BS makes available to a client SS can depend upon the particular cryptographic suites 35 SS and BS share support for. 36 37 Upon achieving authorization, a SS starts a separate TEK state machine for each of the SAIDs identified in 38 the Authorization Reply message. Each TEK state machine operating within the SS is responsible for man- 39 40 aging the keying material associated with its respective SAID. TEK state machines periodically send Key 41 Request messages to the BS, requesting a refresh of keying material for their respective SAIDs. A Key 42 Request includes: 43 44 45 identifying information unique to the SS, consisting of the manufacturer ID, serial number, MAC address 46 and RSA Public Key 47 the SAID whose keying material is being requested 48 an HMAC keyed message digest, authenticating the Key Request 49 50 51 The BS responds to a Key Request with a Key Reply message, containing the BS’s active keying material for 52 a specific SAID. This keying material includes: 53 54 55 the triple-DES-encrypted traffic encryption key 56 CBC initialization vector 57 a key sequence number 58 59 a key’s remaining lifetime 60 an HMAC keyed message, authenticating the Key Reply 61 62 The traffic encryption key (TEK) in the Key Reply is triple DES (encrypt-decrypt-encrypt or EDE mode) 63 encrypted, using a two-key, triple DES key encryption key (KEK) derived from the Authorization Key. 64 65

This is an unapproved Task Group document being circulated for comment. 211 IEEE 802.16.1-00/01r4, September 2000

1 Note that at all times the BS maintains two active sets of keying material per SAID. The lifetimes of the two 2 generations overlap such that each generation becomes active halfway through the life of it predecessor and 3 expires halfway through the life of its successor. A BS includes in its Key Replies both of a SAID’s active 4 5 generations of keying material. 6 7 The Key Reply provides the requesting SS, in addition to the TEK and CBC initialization vector, the remain- 8 ing lifetime of each of the two sets of keying material. The receiving SS uses these remaining lifetimes to 9 estimate when the BS will invalidate a particular TEK, and therefore when to schedule future Key Requests 10 11 such that the SS requests and receives new keying material before the BS expires the keying material the SS 12 currently holds. 13 14 The operation of the TEK state machine’s Key Request scheduling algorithm, combined with the BS’s regi- 15 men for updating and using a SAID’s keying material (see Section 2.18), insures that the SS will be able to 16 17 continually exchange encrypted traffic with the BS. 18 19 A SS shall periodically refresh its Authorization Key by re-issuing an Authorization Request to the BS. 20 Reauthorization is identical to authorization with the exception that the SS does not send Authentication 21 Information messages during reauthorization cycles. Section 2.16.1.2’s description of the authorization state 22 23 machine clearly indicates when Authentication Information messages are sent. 24 25 To avoid service interruptions during reauthorization, successive generations of the SS’s Authorization Keys 26 have overlapping lifetimes. Both SS and BS shall be able to support up to two simultaneously active Autho- 27 rization Keys during these transition periods. The operation of the Authorization state machine’s Authoriza- 28 29 tion Request scheduling algorithm, combined with the BS’s regimen for updating and using a client SS’s 30 Authorization Keys (see Section 2.18), insures that SS will be able to refresh TEK keying information with- 31 out interruption over the course of the SS’s reauthorization periods. 32 33 A TEK state machine remains active as long as: 34 35 36 the SS is authorized to operate in the BS’s security domain; i.e., it has a valid Authorization Key, and 37 the SS is authorized to participate in that particular Security Association; i.e. BS continues to provide 38 39 fresh keying material during re-key cycles. 40 41 The parent Authorization state machine stops all of its child TEK state machines when the SS receives from 42 the BS an Authorization Reject during a reauthorization cycle. Individual TEK state machines can be started 43 or stopped during a reauthorization cycle if a SS’s Static SAID authorizations changed between successive 44 re-authorizations. 45 46 47 Communication between Authorization and TEK state machines occurs through the passing of events and 48 protocol messaging. The Authorization state machine generates events (i.e., Stop, Authorized, Authorization 49 Pending, and Authorization Complete events) that are targeted at its child TEK state machines. TEK state 50 machines do not target events at their parent Authorization state machine. The TEK state machine affects the 51 52 Authorization state machine indirectly through the messaging a BS sends in response to a SS’s requests: a 53 BS may respond to a TEK machine’s Key Requests with a failure response (i.e., Authorization Invalid mes- 54 sage) that will be handled by the Authorization state machine. 55 56 2.16.1.1.1 Preliminary Comment on Dynamic Security Associations and Dynamic SA Map- 57 58 ping 59 60 Section 2.14.2.3 introduced Dynamic SAs and mentioned how a BS can establish or eliminate a Dynamic 61 SA in response to the initiation or termination of downstream traffic flows (e.g., a particular multicast 62 group’s traffic). In order for a SS to run a TEK state machine to obtain a Dynamic Security Association’s 63 64 keying material, the SS needs to know the corresponding SAID value. The BS, however, does not volunteer 65

This is an unapproved Task Group document being circulated for comment. 212 IEEE 802.16.1-00/01r4, September 2000

1 to client SS the existence of Dynamic SAs; instead, it is the responsibility of SS to request of the BS the 2 mappings of traffic flow identifiers (e.g., an multicast address) to dynamic SAIDs. 3 4 5 The protocol defines a messaging exchange by which a SS learns the mapping of a downstream traffic flow 6 to a Dynamic SA (all upstream traffic is encrypted under a SS’s Primary SA). A SA Mapping state machine 7 specifies how SSs manage the transmission of these mapping request messages. This is a forward-looking 8 definition designed to support multicast traffic encryption. 9 10 11 The Authorization state machine controls the establishment and termination of TEK state machines associ- 12 ated with the Primary and any Static SAs; it does not, however, control the establishment and termination of 13 TEK state machines associated with Dynamic SAs. SS shall implement the necessary logic to establish and 14 terminate a Dynamic SA’s TEK state machine. This interface specification, however, does not specify how 15 SS should manage their Dynamic SA’s TEK state machines. 16 17 18 A full description of the SA Mapping state model is deferred to Section 2.17. 19 20 2.16.1.1.2 Security Capabilities Selection 21 22 23 As part of their authorization exchange, the SS provides the BS with a list of all the cryptographic suites 24 (pairing of data encryption and data authentication algorithms) the SS supports. The BS selects from this list 25 a single cryptographic suite to employ with the requesting SS’s primarySA. The Authorization Reply the BS 26 sends back to the SS includes a primary SA descriptor which, among other things, identifies the crypto- 27 graphic suite the BS selected to use for the SS’s primary SA. A BS shall reject the authorization request if it 28 29 determines that none of the offered cryptographic suites are satisfactory. 30 31 The Authorization Reply also contains an optional list of static SA descriptors; each static SA descriptor 32 identifies the cryptographic suite employed within the SA. The selection of a static SA’s cryptographic suite 33 is typically made independent of the requesting SS’s cryptographic capabilities. A BS may include in its 34 35 Authorization Reply static SA descriptors identifying cryptographic suites the requesting SS does not sup- 36 port; if this is the case, the SS shall not start TEK state machines for static SAs whose cryptographic suites 37 the SS does not support. 38 39 The above selection framework was incorporated in order to support future enhancements to MAC hardware 40 41 and to the Privacy protocol. At the time of release of this specification, 56-bit DES and 40-bit DES are the 42 only packet data encryption algorithms supported, and neither are paired with a packet data authentication 43 algorithm. 44 45 2.16.1.2 Authorization State Machine 46 47 48 The Authorization state machine consists of six states and eight distinct events (including receipt of mes- 49 sages) that can trigger state transitions. The Authorization finite state machine (FSM) is presented below in a 50 graphical format, as a state flow model (Figure 114), and in a tabular format, as a state transition matrix 51 (Table 36). 52 53 54 The state flow diagram depicts the protocol messages transmitted and internal events generated for each of 55 the model’s state transitions; however, the diagram does not indicate additional internal actions, such as the 56 clearing or starting of timers, that accompany the specific state transitions. Accompanying the state transi- 57 tion matrix is a detailed description of the specific actions accompanying each state transition; the state tran- 58 59 sition matrix shall be used as the definitive specification of protocol actions associated with each state 60 transition. 61 62 The following legend applies to the Authorization State Machine flow diagram in depicted in Figure 114. 63 64 65 Ovals are states.

This is an unapproved Task Group document being circulated for comment. 213 IEEE 802.16.1-00/01r4, September 2000

1 Events are in italics. 2 Messages are in normal font. 3 4 State transitions (i.e. the lines between states) are labeled with /. So “timeout/Auth Request” means that the state received a 6 “timeout” event and sent an Authorization Request (“Auth Request”) message. If there are multiple 7 8 events or messages before the slash “/” separated by a comma, any of them can cause a transition. If 9 there are multiple events or messages listed after the slash, all of the specified actions must accom- 10 pany the transition. 11 12 13 The Authorization state transition matrix presented in Table 36 lists the six Authorization machine states in 14 the top-most row and the eight Authorization machine events (includes message receipts) in the left-most 15 column. Any cell within the matrix represents a specific combination of state and event, with the next state 16 (the state transitioned to) displayed within the cell. For example, cell 4-B represents the receipt of an Autho- 17 rization Reply (Auth Reply) message when in the Authorize Wait (Auth Wait) state. Within cell 4-B is the 18 19 name of the next state, “Authorized.” Thus, when a SS’s Authorization state machine is in the Authorize 20 Wait state and an Authorization Reply message is received, the Authorization state machine will transition to 21 the Authorized state. In conjunction with this state transition, several protocol actions must be taken; these 22 are described in the listing of protocol actions, under the heading 4-B, in Section 2.16.1.2.5. 23 24 25 A shaded cell within the state transition matrix implies that either the specific event cannot or should not 26 occur within that state, and if the event does occur, the state machine shall ignore it. For example, if an 27 Authorization Reply message arrives when in the Authorized state, that message should be ignored (cell 4- 28 C). The SS may, however, in response to an improper event, log its occurrence, generate an SNMP event, or 29 take some other vendor-defined action. These actions, however, are not specified within the context of the 30 31 Authorization state machine, which simply ignores improper events. 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 Figure 114—Authorization State Machine Flow Diagram 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 214 IEEE 802.16.1-00/01r4, September 2000

1 Table 36— Authorization FSM State Transition Matrix 2 State (A) (B) (C) (D) (E) (F) 3 Start Auth Wait Authorized Reauth Auth Silent 4 5 Event or Wait Reject 6 Rcvd Wait 7 Message 8 (1) Auth Wait 9 10 Provisioned 11 12 (2) Auth Auth 13 Auth Reject Reject Reject 14 15 Wait Wait 16 (3) Silent Silent 17 Perm Auth 18 Reject 19 (4) Authorized Authorized 20 21 Auth Reply 22 23 (5) Auth Wait Reauth Start 24 Timeout Wait 25 26 27 (6) Reauth 28 Auth Grace Wait 29 Timeout 30 (7) Reauth Reauth 31 Auth Invalid Wait Wait 32 33 34 (8) Reauth 35 Reauth Wait 36 37 38 39 2.16.1.2.1 States 40 41 Start 42 43 44 This is the initial state of the FSM. No resources are assigned to or used by the FSM in this state—e.g., all 45 timers are off, and no processing is scheduled. 46 47 Authorize Wait (Auth Wait) 48 49 50 The SS has received the “Provisioned” event indicating that it has completed RF MAC registration with the 51 BS. In response to receiving the event, the SS has sent both an Authentication Information and an Authorize 52 Request message to the BS and is waiting for the reply. 53 54 Authorized 55 56 57 The SS has received an Authorization Reply message which contains a list of valid SAIDs for this SS. At 58 this point, the SS has a valid Authorization Key and SAID list. Transition into this state triggers the creation 59 of one TEK FSM for each of the SS’s privacy-enabled SAIDs. 60 61 Reauthorize Wait (Reauth Wait) 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 215 IEEE 802.16.1-00/01r4, September 2000

1 The SS has an outstanding re-authorization request. The SS was either about to time out its current authori- 2 zation or received an indication (an Authorization Invalid message from the BS) that it’s authorization was 3 no longer valid. The SS sent an Authorization Request message to the BS and is waiting for a response. 4 5 6 Authorize Reject Wait (Auth Reject Wait) 7 8 The SS received an Authorization Reject message in response to its last Authorization Request. The Autho- 9 rization Reject’s error code indicated the error was not of a permanent nature. In response to receiving this 10 11 reject message, the SS set a timer and transitioned to the Authorize Reject Wait state. The SS remains in this 12 state until the timer expires. 13 14 Silent 15 16 17 The SS received an Authorization Reject message in response to its last Authorization Request. The Autho- 18 rization Reject’s error code indicated the error was of a permanent nature. This triggers a transition to the 19 Silent state, where the SS is not permitted to pass Subscriber traffic, but is able to respond to SNMP manage- 20 ment requests arriving from across the cable network. 21 22 23 2.16.1.2.2 Messages 24 25 Note that the message formats are defined in detail in Section 2.16.2. 26 27 Authorization Request (Auth Request) 28 29 30 Request an Authorization Key and list of authorized SAIDs. Sent from SS to BS. 31 32 Authorization Reply (Auth Reply) 33 34 35 Receive an Authorization Key and list of authorized, static SAIDs. Sent from BS to SS. The Authorization 36 Key is encrypted with the SS’s public key. 37 38 Authorization Reject (Auth Reject) 39 40 41 Attempt to authorize was rejected. Sent from the BS to the SS. 42 43 Authorization Invalid (Auth Invalid) 44 45 The BS can send an Authorization Invalid message to a client SS as: 46 47 48 an unsolicited indication, or 49 a response to a message received from that SS 50 51 52 In either case, the Authorization Invalid message instructs the receiving SS to re-authorize with its BS. 53 54 The BS responds to a Key Request with an Authorization Invalid message if (1) the BS does not recognize 55 the SS as being authorized (i.e., no valid Authorization Key associated with SS) or (2) verification of the Key 56 Request’s keyed message digest (in HMAC-Digest Attribute) failed. Note that the Authorization Invalid 57 58 event, referenced in both the state flow diagram and the state transition matrix, signifies either the receipt of 59 a Authorization Invalid message or an internally generated event. 60 61 Authentication Information (Authent Info) 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 216 IEEE 802.16.1-00/01r4, September 2000

1 The Authentication Information message contains the SS manufacturer’s X.509 Certificate, issued by an 2 external authority. The Authent Info message is strictly an informative message the SS sends to the BS; with 3 it, a BS may dynamically learn the manufacturer certificate of client SS. Alternatively, a BS may require out- 4 5 of-band configuration of its list of manufacturer certificates. 6 7 2.16.1.2.3 Events 8 9 Provisioned 10 11 12 The Authorization state machine generates this event upon entering the Start state if the RF MAC has com- 13 pleted initialization, i.e., BS registration. If the RF MAC initialization is not complete, the SS sends a Provi- 14 sioned event to the Authorization FSM upon completing BS registration. The Provisioned event triggers the 15 SS to begin the process of getting its Authorization Key and TEKs. 16 17 18 Timeout 19 20 A retransmission or wait timer timed out. Generally a request is resent. 21 22 23 Authorization Grace Timeout (Auth Grace Timeout) 24 25 The Authorization Grace timer timed out. This timer fires a configurable amount of time (the Authorization 26 Grace Time) before the current authorization is supposed to expire, signalling the SS to re-authorize before 27 its authorization actually expires. The Authorization Grace Time is specified in a configuration setting 28 29 within the TFTP-downloaded parameter file. 30 31 Reauthorize (Reauth) 32 33 SS's set of authorized static SAIDs may have changed. Event generated in response to an SNMP set, meant 34 35 to trigger a reauthorization cycle. 36 37 Authorization Invalid (Auth Invalid) 38 39 This event can be internally generated by the SS when there is a failure authenticating a Key Reply or Key 40 41 Reject message, or externally generated by the receipt of an Authorization Invalid message, sent from the BS 42 to the SS. A BS responds to a Key Request with an Authorization Invalid if verification of the request’s mes- 43 sage authentication code fails. Both cases indicate BS and SS have lost Authorization Key synchronization. 44 45 A BS may also send a SS an unsolicited Authorization Invalid message to a SS, forcing an Authorization 46 47 Invalid event. 48 49 Permanent Authorization Reject (Perm Auth Reject) 50 51 The SS receives an Authorization Reject in response to an Authorization Request. The error code in the 52 53 Authorization Reject indicates the error is of a permanent nature. What is interpreted as a permanent error is 54 subject to administrative control within the BS. Authorization Request processing errors that can be inter- 55 preted as permanent error conditions include: 56 57 58 unknown manufacturer (do not have CA certificate of the issuer of the SS Certificate) 59 invalid signature on SS certificate 60 ASN.1 parsing failure 61 inconsistencies between data in the certificate and data in accompanying PKM data Attributes 62 63 incompatible security capabilities 64 65

This is an unapproved Task Group document being circulated for comment. 217 IEEE 802.16.1-00/01r4, September 2000

1 When a SS receives an Authorization Reject indicating a permanent failure condition, the Authorization 2 State machine moves into a Silent state where the SS is not permitted to pass Subscriber traffic, but is able to 3 respond to SNMP management requests received across the cable network interface. SS shall issue an 4 5 SNMP Trap upon entering the Silent state. 6 7 Authorization Reject (Auth Reject) 8 9 The SS receives an Authorization Reject in response to an Authorization Request. The error code in the 10 11 Authorization Reject does not indicate the failure was due to a permanent error condition. As a result, the 12 SS’s Authorization state machine will set a wait timer and transition into the Authorization Reject Wait 13 State. The SS remains in this state until the timer expires, at which time it will re-attempt authorization. 14 15 [Note: the following events are sent by an Authorization state machine to the TEK state machine.] 16 17 18 [TEK] Stop 19 20 Sent by the Authorization FSM to an active (non -START state) TEK FSM to terminate the FSM and remove 21 the corresponding SAID’s keying material from the SS’s key table. 22 23 24 [TEK] Authorized 25 26 Sent by the Authorization FSM to a non-active (START state), but valid TEK FSM. 27 28 29 [TEK] Authorization Pending (Auth Pend) 30 31 Sent by the Authorization FSM to a specific TEK FSM to place that TEK FSM in a wait state until the 32 Authorization FSM can complete its re-authorization operation. 33 34 35 [TEK] Authorization Complete (Auth Comp) 36 37 Sent by the Authorization FSM to a TEK FSM in the Operational Reauthorize Wait (Op Reauth Wait) or 38 Rekey Reauthorize Wait (Rekey Reauth Wait) states to clear the wait state begun by a TEK FSM Authoriza- 39 tion Pending event. 40 41 42 2.16.1.2.4 Parameters 43 44 All configuration parameter values are specified in the TFTP-downloaded parameter file (see 2.20: TFTP 45 Configuration File Extensions). 46 47 48 Authorize Wait Timeout (Auth Wait Timeout) 49 50 Timeout period between sending Authorization Request messages from Authorize Wait state. See 2.20.1.1.1. 51 52 53 Authorization Grace Time (Auth Grace Time) 54 55 Amount of time before authorization is scheduled to expire that the SS starts reauthorization. See . 56 57 Authorization Grace Time (Auth Grace Timeout) 58 59 60 Amount of time before authorization is scheduled to expire that the SS starts re-authorization. See 61 2.20.1.1.2. 62 63 Authorize Reject Wait Timeout (Auth Reject Wait Timeout) 64 65

This is an unapproved Task Group document being circulated for comment. 218 IEEE 802.16.1-00/01r4, September 2000

1 Amount of time a SS’s Authorization FSM remains in the Authorize Reject Wait state before transitioning to 2 the Start state. See . 3 4 5 2.16.1.2.5 Actions 6 7 Actions taken in association with state transitions are listed by - below: 8 9 1-A Start (Provisioned) Æ Auth Wait 10 11 12 send Authentication Information message to BS 13 send Authorization Request message to BS 14 15 set Authorization Request retry timer to Authorize Wait Timeout 16 17 2-B Auth Wait (Auth Reject) Æ Auth Reject Wait 18 19 clear Authorization Request retry timer 20 21 set a wait timer to Authorize Reject Wait Timeout 22 23 2-D Reauth Wait (Auth Reject) Æ Auth Reject Wait 24 25 26 clear Authorization Request retry timer 27 generate TEK FSM Stop events for all active TEK state machines 28 set a wait timer to Authorize Reject Wait Timeout 29 30 Æ 31 3-B Auth Wait (Perm Auth Reject) Silent 32 33 clear Authorization Request retry timer 34 35 disable all forwarding of SS traffic 36 37 3-D Reauth Wait (Perm Auth Reject) Æ Silent 38 39 clear Authorization Request retry timer 40 41 generate TEK FSM Stop events for all active TEK state machines 42 disable all forwarding of SS traffic 43 44 4-B Auth Wait (Auth Reply) Æ Authorized 45 46 47 clear Authorization Request retry timer 48 decrypt and record Authorization Key delivered with Authorization Reply 49 50 start TEK FSMs for all SAIDs listed in Authorization Reply (provided the SS supports the cryptographic 51 suite that is associated with a SAID) and issue a TEK FSM Authorized event for each of the new 52 TEK FSMs 53 54 set the Authorization Grace timer to go off “Authorization Grace Time” seconds prior to the supplied 55 Authorization Key’s scheduled expiration 56 57 4-D Reauth Wait (Auth Reply) Æ Authorized 58 59 60 clear Authorization Request retry timer 61 decrypt and record Authorization Key delivered with Authorization Reply 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 219 IEEE 802.16.1-00/01r4, September 2000

1 start TEK FSMs for any newly authorized SAIDs listed in Authorization Reply (provided the SS supports 2 the cryptographic suite that is associated with the new SAID) and issue TEK FSM Authorized event 3 4 for each of the new TEK FSMs 5 generate TEK FSM Authorization Complete events for any currently active TEK FSMs whose corre- 6 sponding SAIDs were listed in Authorization Reply 7 8 generate TEK FSM Stop events for any currently active TEK FSMs whose corresponding SAIDs were not 9 listed in Authorization Reply 10 set the Authorization Grace timer to go off “Authorization Grace Time” seconds prior to the supplied 11 12 Authorization Key’s scheduled expiration 13 14 5-B Auth Wait (Timeout) Æ Auth Wait 15 16 17 send Authentication Information message to BS 18 send Authorization Request message to BS 19 set Authorization Request retry timer to Authorize Wait Timeout 20 21 5-D Reauth Wait (Timeout) Æ Reauth Wait 22 23 24 send Authorization Request message to BS 25 set Authorization Request retry timer to Reauthorize Wait Timeout 26 27 Æ 28 5-E Auth Reject Wait (Timeout) Start 29 30 no protocol actions associated with state transition 31 32 Æ 33 6-C Authorized (Auth Grace Timeout) Reauth Wait 34 35 send Authorization Request message to BS 36 set Authorization Request retry timer to Reauthorize Wait Timeout 37 38 39 7-C Authorized (Auth Invalid) Æ Reauth Wait 40 41 clear Authorization Grace timer 42 43 send Authorization Request message to BS 44 set Authorization Request retry timer to Reauthorize Wait Timeout 45 if the Authorization Invalid event is associated with a particular TEK FSM, generate a TEK FSM Autho- 46 47 rization Pending event for the TEK state machine responsible for the Authorization Invalid event 48 (i.e., the TEK FSM that either generated the event, or sent the Key Request message the BS 49 responded to with an Authorization Invalid message) 50 51 Auth Invalid Æ 52 7-D Reauth Wait ( ) Reauth Wait 53 54 if the Authorization Invalid event is associated with a particular TEK FSM, generate a TEK FSM Autho- 55 rization Pending event for the TEK state machine responsible for the Authorization Invalid event 56 57 (i.e., the TEK FSM that either generated the event, or sent the Key Request message the BS 58 responded to with an Authorization Invalid message) 59 60 8-C Authorized (Reauth) Æ Reauth Wait 61 62 63 clear Authorization grace timer 64 send Authorization Request message to BS 65

This is an unapproved Task Group document being circulated for comment. 220 IEEE 802.16.1-00/01r4, September 2000

1 set Authorization Request retry timer to Reauthorize Wait Timeout 2 2.16.1.3 TEK State Machine 3 4 5 The TEK state machine consists of six states and nine events (including receipt of messages) that can trigger 6 state transitions. Like the Authorization state machine, the TEK state machine is presented in both a state 7 flow diagram and a state transition matrix. And as was the case for the Authorization state machine, the state 8 transition matrix shall be used as the definitive specification of protocol actions associated with each state 9 transition. 10 11 12 Shaded states in Figure 115 (Operational, Rekey Wait, and Rekey Reauthorize Wait) have valid keying mate- 13 rial and encrypted traffic can be passed. 14 15 The Authorization state machine starts an independent TEK state machine for each of its authorized SAIDs. 16 17 18 As mentioned previously in Section 2.16.1.1, the BS maintains two active TEKs per SAID. The BS includes 19 in its Key Replies both of these TEKs, along with their remaining lifetimes. The BS encrypts downstream 20 traffic with the older of its two TEKs and decrypts upstream traffic with either the older or newer TEK, 21 depending upon which of the two keys the SS was using at the time. The SS encrypts upstream traffic with 22 23 the newer of its two TEKs and decrypts downstream traffic with either the older or newer TEK, depending 24 upon which of the two keys the BS was using at the time. See Section 2.18 for details on SS and BS key 25 usage requirements. 26 27 Through operation of a TEK state machine, the SS attempts to keep its copies of a SAID’s TEKs synchro- 28 29 nized with those of its BS. A TEK state machine issues Key Requests to refresh copies of its SAID’s keying 30 material soon after the scheduled expiration time of the older of its two TEKs and before the expiration of its 31 newer TEK. To accommodate for SS/BS clock skew and other system processing and transmission delays, 32 the SS schedules its Key Requests a configurable number of seconds before the newer TEK’s estimated expi- 33 ration in the BS. With the receipt of the Key Reply, the SS shall always update its records with the TEK 34 35 Parameters from both TEKs contained in the Key Reply Message. Figure 115 illustrates the SS’s scheduling 36 of its key refreshes in conjunction with its management of a SA’s active TEKs. 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 221 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4

5 / 6

7 Wait 8 Rekey Reauth Auth Comp Key Request

9 / 10 / 11 Timeout 12 / Key Request

13 Auth Pend 14 Stop 15 16

17 / 18 19 Stop Key Reject, Rekey Wait 20 / 21 22

23 Tek Invalid 24 25 26 27 / 28 29 30 Key Reply /

31 /

32 Key Request 33 Stop TEK Refresh Timeout 34 / 35 /

36 Stop Key Reject,

37 Timeout 38 Key Request 39 / 40 41 Start Op Wait

42 / Key Reply / Operational Authorized 43 Key Request 44

45 / 46 Auth Pend / 47 Stop 48 49 / / Auth Comp 50 Key Request 51 Wait

52 TEK Invalid Key Request Op Reauth Tek Invalid 53 Key Request 54 55 56 57 58 59 Figure 115—TEK State Machine Flow Diagram 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 222 IEEE 802.16.1-00/01r4, September 2000

1 Table 37—TEK FSM State Transition Matrix 2 State (A) (B) (C) (D) (E) (F) 3 Start Op Wait Op Reauth Op Rekey Rekey 4 5 Event or Wait Wait Reauth 6 Rcvd Wait 7 Message 8 (1) Start Start Start Start Start 9 10 Stop 11 12 (2) Op Wait 13 Authorized 14 15 16 (3) Op Reauth Rekey 17 Auth Pend Wait Re-auth 18 Wait 19 20 21 (4) Op Wait Rekey Wait 22 Auth Comp 23 24 (5) Op Wait Op Wait Op Reauth 25 TEK Wait 26 27 Invalid 28 29 (6) Op Wait Rekey Wait 30 Timeout 31 32 33 (7) Rekey Wait 34 TEK 35 Refresh 36 Timeout 37 38 (8) Operational Operational 39 Key Reply 40 41 (9) Start Start 42 43 Key Reject 44 45 46 2.16.1.3.1 States 47 48 Start 49 50 51 This is the initial state of the FSM. No resources are assigned to or used by the FSM in this state—e.g., all 52 timers are off, and no processing is scheduled. 53 54 Operational Wait (Op Wait) 55 56 57 The TEK state machine has sent its initial request (Key Request) for its SAID’s keying material (traffic 58 encryption key and CBC initialization vector), and is waiting for a reply from the BS. 59 60 Operational Reauthorize Wait (Op Reauth Wait) 61 62 63 The wait state the TEK state machine is placed in if it does not have valid keying material while the Authori- 64 zation state machine is in the in the middle of a reauthorization cycle. 65

This is an unapproved Task Group document being circulated for comment. 223 IEEE 802.16.1-00/01r4, September 2000

1 Operational 2 3 The SS has valid keying material for the associated SAID. 4 5 6 Rekey Wait 7 8 The TEK Refresh Timer has expired and the SS has requested a key update for this SAID. Note that the 9 newer of its two TEKs has not expired and can still be used for both encrypting and decrypting data traffic. 10 11 12 Rekey Reauthorize Wait (Rekey Reauth Wait) 13 14 The wait state the TEK state machine is placed in if the TEK state machine has valid traffic keying material, 15 has an outstanding request for the latest keying material, and the Authorization state machine initiates a 16 17 reauthorization cycle. 18 19 2.16.1.3.2 Messages 20 21 Note that the message formats are defined in detail in Section 2.16.2. 22 23 24 Key Request 25 26 Request a TEK for this SAID. Sent by the SS to the BS and authenticated with keyed message digest. The 27 message authentication key is derived from the Authorization Key. 28 29 30 Key Reply 31 32 Response from the BS carrying the two active sets of traffic keying material for this SAID. Sent by the BS to 33 the SS, it includes the SAID’s traffic encryption keys, triple DES encrypted with a key encryption key 34 35 derived from the Authorization Key. The Key Reply message is authenticated with a keyed message digest; 36 the authentication key is derived from the Authorization Key. 37 38 Key Reject 39 40 41 Response from the BS to the SS to indicate this SAID is no longer valid and no key will be sent. The Key 42 Reject message is authenticated with a keyed message digest; the authentication key is derived from the 43 Authorization Key 44 45 TEK Invalid 46 47 48 The BS sends a SS this message if it determines that the SS encrypted an upstream PDU with an invalid 49 TEK; i.e., a SAID’s TEK key sequence number, contained within the received PDU’s MAC Header, is out of 50 the BS’s range of known, valid sequence numbers for that SAID. 51 52 53 2.16.1.3.3 Events 54 55 Stop 56 57 Sent by the Authorization FSM to an active (non-START state) TEK FSM to terminate TEK FSM and 58 59 remove the corresponding SAID’s keying material from the SS’s key table. See Section . 60 61 Authorized 62 63 Sent by the Authorization FSM to a non-active (START state) TEK FSM to notify TEK FSM of successful 64 65 authorization. See Section .

This is an unapproved Task Group document being circulated for comment. 224 IEEE 802.16.1-00/01r4, September 2000

1 Authorization Pending (Auth Pend) 2 3 Sent by the Authorization FSM to TEK FSM to place TEK FSM in a wait state while Authorization FSM 4 5 completes re-authorization. See Section . 6 7 Authorization Complete (Auth Comp) 8 9 Sent by the Authorization FSM to a TEK FSM in the Operational Reauthorize Wait or Rekey Reauthorize 10 11 Wait states to clear the wait state begun by the prior Authorization Pending event. See Section . 12 13 TEK Invalid 14 15 This event can be triggered by either a SS’s data packet decryption logic, or by the receipt of a TEK Invalid 16 17 message from the BS. 18 19 A SS’s data packet decryption logic triggers a TEK Invalid event if it recognizes a loss of TEK key synchro- 20 nization between itself and the encrypting BS; i.e., a SAID’s TEK key sequence number, contained within 21 the received, downstream PDU’s MAC Header, is out of the SS’s range of known sequence numbers for that 22 23 SAID. 24 25 A BS sends a SS a TEK Invalid message, triggering a TEK Invalid event within the SS, if the BS’s decryp- 26 tion logic recognizes a loss of TEK key synchronization between itself and the SS. 27 28 29 Timeout 30 31 A retry timer timeout. Generally, the particular request is retransmitted. 32 33 TEK Refresh Timeout 34 35 36 The TEK refresh timer timed out. This timer event signals the TEK state machine to issue a new Key 37 Request in order to refresh its keying material. The refresh timer is set to fire a configurable length of time 38 (TEK Grace Time) before the expiration of the newer TEK the SS currently holds. This is configured via the 39 BS to occur after the scheduled expiration of the older of the two TEKs. 40 41 42 2.16.1.3.4 Parameters 43 44 All configuration parameter values are specified in TFTP downloaded parameter file (see Section 2.20,: 45 TFTP Configuration File Extensions). 46 47 48 Operational Wait Timeout 49 50 Timeout period between sending of Key Request messages from the Op Wait state. See Section 2.20.1.1.3. 51 52 53 Rekey Wait Timeout 54 55 Timeout period between sending of Key Request messages from the Rekey Wait state. See Section 56 2.20.1.1.4. 57 58 59 TEK Grace Time 60 61 Time interval, in seconds, before the estimated expiration of a TEK that the SS starts rekeying for a new 62 TEK. 63 64 65

This is an unapproved Task Group document being circulated for comment. 225 IEEE 802.16.1-00/01r4, September 2000

1 TEK Grace Time is specified in a configuration setting within the TFTP-downloaded parameter file, and is 2 the same across all SAIDs. See Section 2.20.1.1.5. 3 4 5 2.16.1.3.5 Actions 6 7 1-B Op Wait (Stop) Æ Start 8 9 10 clear Key Request retry timer 11 terminate TEK FSM 12 13 1-C Op Reauth Wait (Stop) Æ Start 14 15 16 terminate TEK FSM 17 18 1-D Operational (Stop) Æ Start 19 20 21 clear TEK refresh timer, which is timer set to go off “Tek Grace Time” seconds prior to the TEK’s sched- 22 uled expiration time 23 terminate TEK FSM 24 25 remove SAID keying material from key table 26 27 1-E Rekey Wait(Stop) Æ Start 28 29 30 clear Key Request retry timer 31 terminate TEK FSM 32 remove SAID keying material from key table 33 34 1-F Rekey Reauth Wait(Stop) Æ Start 35 36 37 terminate TEK FSM 38 remove SAID keying material from key table 39 40 Æ 41 2-A Start (Authorized) Op Wait 42 43 send Key Request Message to BS 44 45 set Key Request retry timer to Operational Wait Timeout 46 47 3-B Op Wait (Auth Pend) Æ Op Reauth Wait 48 49 clear Key Request retry timer 50 51 52 3-E Rekey Wait (Auth Pend) Æ Rekey Reauth Wait 53 54 clear Key Request retry timer 55 56 Æ 57 4-C Op Reauth Wait (Auth Comp) Op Wait 58 59 send Key Request message to BS 60 61 set Key Request retry timer to Operational Wait Timeout 62 63 4-F Rekey Reauth Wait (Auth Comp) Æ Rekey Wait 64 65

This is an unapproved Task Group document being circulated for comment. 226 IEEE 802.16.1-00/01r4, September 2000

1 send Key Request message to BS 2 set Key Request retry timer to Rekey Wait Timeout 3 4 5 5-D Operational (TEK Invalid) Æ Op Wait 6 7 clear TEK refresh timer 8 9 send Key Request message to BS 10 set Key Request retry timer to Operational Wait Timeout 11 remove SAID keying material from key table 12 13 Æ 14 5-E Rekey Wait (TEK Invalid) Op Wait 15 16 clear Key Request retry timer 17 18 send Key Request message to BS 19 set Key Request retry timer to Operational Wait Timeout 20 remove SAID keying material from key table 21 22 5-F Rekey Reauth Wait (TEK Invalid) Æ Op Reauth Wait 23 24 25 remove SAID keying material from key table 26 27 6-B Op Wait (Timeout) Æ Op Wait 28 29 30 send Key Request message to BS 31 set Key Request retry timer to Operational Wait Timeout 32 33 Æ 34 6-E Rekey Wait (Timeout) Rekey Wait 35 36 send Key Request message to BS 37 set Key Request retry timer to Rekey Wait Timeout 38 39 40 7-D Operational (TEK Grace Timeout) Æ Rekey Wait 41 42 send Key Request message to BS 43 44 set Key Request retry timer to Rekey Wait Timeout 45 46 8-B Op Wait (Key Reply) Æ Operational 47 48 (Note: Key Reply passed message authentication.) 49 50 51 clear Key Request retry timer 52 process contents of Key Reply message and incorporate new keying material into key database 53 54 set the TEK refresh timer to go off “TEK Grace Time” seconds prior to the key’s scheduled expiration 55 56 8-E Rekey Wait (Key Reply) Æ Operational 57 58 (Note: Key Reply passed message authentication.) 59 60 61 clear Key Request retry timer 62 process contents of Key Reply message and incorporate new keying material into key database 63 64 set the TEK refresh timer to go off “TEK Grace Time” seconds prior to the key’s scheduled expiration 65

This is an unapproved Task Group document being circulated for comment. 227 IEEE 802.16.1-00/01r4, September 2000

1 9-B Op Wait (Key Reject) Æ Start 2 3 (Note: Key Reject passed message authentication.) 4 5 6 clear Key Request retry timer 7 terminate TEK FSM 8 9 Æ 10 9-E Rekey Wait (Key Reject) Start 11 12 clear Key Request retry timer 13 terminate TEK FSM 14 15 remove CID keying material from key table 16 17 2.16.2 Key Management Message Formats 18 19 Privacy Key Management employs two MAC message types: PKM-REQ and PKM-RSP. 20 21 22 23 Table 38—Privacy Key Management MAC Messages 24 25 26 Type Value Message Name Message Description 27 28 9 PKM-REQ Privacy Key Management Request [SS -> BS] 29 30 10 PKM-RSP Privacy Key Management Response [BS -> SS] 31 32 33 While these two MAC management message types distinguish between PKM requests (SS to BS) and 34 35 responses (BS to SS), more detailed information about message contents is encoded in the PKM messages 36 themselves. This maintains a clean separation between privacy management functions and MAC bandwidth 37 allocation, timing and synchronization. 38 39 2.16.2.1 Packet Formats 40 41 42 Exactly one PKM message is encapsulated in the Management Message Payload field of a MAC manage- 43 ment message. 44 45 A summary of the PKM message format is shown below. The fields are transmitted from left to right. 46 47 48 0 1 2 3 49 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 50 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 51 | Code | Identifier | Length | 52 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 53 54 | Attributes ... 55 +-+-+-+-+-+-+-+-+-+-+-+-+- 56 57 58 Code 59 60 The Code field is one , and identifies the type of PKM packet. When a packet is received with an invalid 61 62 Code field, it SHOULD be silently discarded. 63 64 PKM Codes (decimal) are assigned as follows: 65

This is an unapproved Task Group document being circulated for comment. 228 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 Table 39—Privacy Key Management Message Codes 6 7 8 Code PKM Message Type MAC Management 9 Message Name 10 11 0-3 Reserved - 12 13 4 Auth Request PKM-REQ 14 15 5 Auth Reply PKM-RSP 16 17 6 Auth Reject PKM-RSP 18 19 7 Key Request PKM-REQ 20 8 Key Reply PKM-RSP 21 22 9 Key Reject PKM-RSP 23 24 10 Auth Invalid PKM-RSP 25 26 11 TEK Invalid PKM-RSP 27 28 12 Authent Info PKM-REQ 29 30 13 Map Request PKM-REQ 31 32 14 Map Reply PKM-RSP 33 34 15 Map Reject PKM-RSP 35 36 16-255 Reserved - 37 38 39 Identifier 40 41 42 The Identifier field is one . A SS uses the identifier to match a BS's responses to the SS's requests. 43 44 The SS shall change (e.g., increment, wrapping around to 0 after reaching 255) the Identifier field 45 46 whenever it issues a new PKM message. A "new" message is an Authorization Request, Key 47 Request or SA Map Request that is not a retransmission being sent in response to a Timeout event. 48 For retransmissions, the Identifier field shall remain unchanged. 49 50 51 The Identifier field in Authentication Information messages, which are informative and do not effect 52 any response messaging, may be set to zero. 53 54 55 The Identifier field in a BS’s PKM response message shall match the Identifier field of the PKM 56 Request message the BS is responding to. The Identifier field in TEK Invalid messages, which are 57 not sent in response to PKM requests, shall be set to zero. The Identifier field in unsolicited Authori- 58 59 zation Invalid messages shall be set to zero. 60 61 On reception of a PKM response message, the SS associates the message with a particular state 62 63 machine (the Authorization state machine in the case of Authorization Replies, Authorization 64 Rejects, and Authorization Invalids; a particular TEK state machine in the case of Key Replies, Key 65

This is an unapproved Task Group document being circulated for comment. 229 IEEE 802.16.1-00/01r4, September 2000

1 Rejects and TEK Invalids; a particular SA Mapping state machine in the case of SA Map Replies 2 and SA Map Rejects). 3 4 5 A SS may keep track of the Identifier of its latest, pending Authorization Request. The SS may 6 silently discard Authorization Replies and Authorization Rejects whose Identifier fields do not 7 8 match those of the pending requests. 9 10 A SS may keep track of the Identifier of its latest, pending Key Request. The SS may silently discard 11 12 Key Replies and Key Rejects whose Identifier fields do not match those of the pending requests. 13 14 A SS may keep track of the Identifier of its latest, pending SA Map Request. The SS may silently 15 16 discard SA Map Replies and SA Map Rejects whose Identifier fields do not match those of the pend- 17 ing requests. 18 19 Length 20 21 22 The Length field is two s. It indicates the length of the Attribute fields in s. The length field does not 23 include the Code, Identifier and Length fields. s outside the range of the Length field shall be treated 24 as padding and ignored on reception. If the packet is shorter than the Length field indicates, it 25 26 SHOULD be silently discarded. The minimum length is 0 and maximum length is 1490. 27 28 Attributes 29 30 31 PKM Attributes carry the specific authentication, authorization and key management data 32 exchanged between client and server. Each PKM packet type has its own set of required and optional 33 Attributes. Unless explicitly stated, there are no requirements on the ordering of attributes within a 34 35 PKM message. 36 37 The end of the list of Attributes is indicated by the Length of the PKM packet. 38 39 40 Attributes are type/length/value (TLV) encoded, as shown below. The fields are transmitted from left 41 to right. 42 43 0 1 2 3 44 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 45 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 46 | Type | Length | Value... 47 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 48 49 50 51 Packet formats for each of the PKM messages are described below. The descriptions list the PKM attributes 52 53 contained within each PKM message type. The Attributes themselves are described in Section 2.16.2.2. 54 Unknown attributes shall be ignored on receipt, and skipped over while scanning for recognized attributes. 55 56 The BS shall silently discard all requests that do not contain ALL required attributes. The SS shall silently 57 discard all responses that do not contain ALL required attributes. 58 59 60 2.16.2.1.1 Authorization Request (Auth Request) 61 62 Code: 4 63 64 65 Attributes:

This is an unapproved Task Group document being circulated for comment. 230 IEEE 802.16.1-00/01r4, September 2000

1 Table 40—Authorization Request Attributes 2 3 4 Attribute Contents 5 6 SS-Identification contains information used to identify SS to BS 7 8 SS-Certificate contains the SS’s X.509 user certificate 9 10 Security-Capabilities describes requesting SS’s security capabilities 11 SAID SS’s primary SAID equal to the Basic CID 12 13 14 15 The SS-Identification attribute contains a set of data that identifies the requesting SS to the BS. Note that the 16 BS is in all likelihood using only a single item in the SS-Identification attribute (e.g., SS MAC address) as a 17 SS handle. While a specific item could be selected for inclusion in the Authorization Request message, 18 19 including the entire SS-Identification attribute for client identification provides vendors with greater flexibil- 20 ity in the headend’s system design. 21 22 The SS-Certificate attribute contains an X.509 SS certificate issued by the SS’s manufacturer. The SS’s 23 X.509 certificate is a public-key certificate which binds the SS’s identifying information to it’s RSA public 24 25 key in a verifiable manner. The X.509 certificate is digitally signed by the SS’s manufacturer, and that signa- 26 ture can be verified by a BS that knows the manufacturer’s public key. The manufacturer’s public key is 27 placed in an X.509 certification authority (CA) certificate, which in turn is signed by a higher level certifica- 28 tion authority. 29 30 31 The Security-Capabilities attribute is a compound attribute describing the requesting SS’s security capabili- 32 ties. This includes the data encryption algorithm(s) a SS supports and the data authentication algorithm(s) 33 supported (of which there are currently none). 34 35 A SAID attribute contains a Privacy security association identifier, or SAID. In this case, the provided SAID 36 37 is the SS’s Basic CID, which is equal to the Basic CID assigned the to SS during MAC registration. 38 39 2.16.2.1.2 Authorization Reply (Auth Reply) 40 41 Sent by the BS to a client SS in response to an Authorization Request, the Authorization Reply message con- 42 43 tains an Authorization Key, the key’s lifetime, the key’s sequence number, and a list of SA-Descriptors iden- 44 tifying the Primary and Static Security Associations the requesting SS is authorized to access and their 45 particular properties (e.g., type, cryptographic suite). The Authorization Key shall be encrypted with the 46 SS’s public key. The SA-Descriptor list shall include a descriptor for the Basic CID reported to the BS in the 47 corresponding Authorization Request. The SA-Descriptor list may include descriptors of Static SAIDs the 48 49 SS is authorized to access. 50 51 Code field: 5 52 53 Attributes: 54 55 56 2.16.2.1.3 Authorization Reject (Auth Reject) 57 58 BS responds to a SS’s authorization request with an Authorization Reject message if the BS rejects the SS’s 59 authorization request. 60 61 62 Code field: 6 63 64 Attributes: 65

This is an unapproved Task Group document being circulated for comment. 231 IEEE 802.16.1-00/01, August 2000

1 Table 41—Authorization Reply Attributes 2 3 4 Attribute Contents 5 6 AUTH-Key Authorization (AUTH) Key, encrypted with the target client SS’s public key 7 8 Key-Lifetime Authorization key lifetime 9 10 Key-Sequence-Number Authorization key sequence number 11 (one or more) SA- Each SA-Descriptor compound Attribute specifies a SAID and additional properties of 12 13 Descriptor the SA. 14 15 16 Table 42—Auth Rej Attributes 17 18 19 Attribute Contents 20 21 Error-Code Error code identifying reason for rejection of authorization request 22 23 Display-String (optional) Display String providing reason for rejection of authorization request 24 25 26 27 The Error-Code and Display-String attributes describe to the requesting SS the reason for the authorization 28 failure. 29 30 2.16.2.1.4 Key Request 31 32 33 Code: 7 34 35 Attributes: 36 37 38 Table 43—Key Request Attributes 39 40 41 Attribute Contents 42 43 SS-Identification Contains information used to identify SS to BS 44 45 Key-Sequence-Number Authorization key sequence number 46 47 SAID Security Association ID 48 49 HMAC-Digest Keyed SHA message digest 50 51 52 53 The HMAC-Digest Attribute is a keyed message digest. The HMAC-Digest Attribute shall be the final 54 Attribute in the Key Request’s Attribute list. The message digest is performed over the PDU header and all 55 of the Key Request’s Attributes, other than the HMAC-Digest, in the order in which they appear within the 56 packet. 57 58 59 Inclusion of the keyed digest allows the BS to authenticate the Key Request message. The HMAC-Digest’s 60 authentication key is derived from the Authorization Key. See Section 2.19, Cryptographic Methods, for 61 details. 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 232 IEEE 802.16.1-00/01r4, September 2000

1 2.16.2.1.5 Key Reply 2 3 Code: 8 4 5 6 Attributes: 7 8 9 Table 44—Key Reply Attributes 10 11 12 Attribute Contents 13 14 Key-Sequence-Number Authorization key sequence number 15 16 SAID Security Association ID 17 18 TEK-Parameters “Older” generation of key parameters relevant to SAID 19 20 TEK-Parameters “Newer” generation of key parameters relevant to SAID 21 22 HMAC-Digest Keyed SHA message digest 23 24 25 The TEK-Parameters Attribute is a compound attribute containing all of the keying material corresponding 26 27 to a particular generation of a SAID's TEK. This would include the TEK, the TEK’s remaining key lifetime, 28 its key sequence number, and the CBC initialization vector. The TEK is encrypted. See Section 2.16.2.2.13 29 for details. 30 31 At all times the BS maintains two sets of active generations of keying material per SAID. (A set of keying 32 33 material includes the a TEK and its corresponding CBC initialization vector.) One set corresponds to the 34 “older” generation of keying material, the second set corresponds to the “newer” generation of keying mate- 35 rial. The newer generation has a key sequence number one greater than (modulo 16) that of the older gener- 36 ation. Section 2.18.1 specifies BS requirements for maintaining and using a SAID’s two active generations 37 of keying material. 38 39 40 The BS distributes to a client SS both generations of active keying material. Thus, the Key Reply message 41 contains two TEK-Parameters Attributes, each containing the keying material for one of the SAIDs two 42 active sets of keying material. 43 44 45 The HMAC-Digest Attribute is a keyed message digest. The HMAC-Digest Attribute shall be the final 46 Attribute in the Key Reply’s Attribute list. The message digest is performed over the PKM message header 47 (starting with the PKM Code field) and all of the Key Reply’s Attributes, other than the HMAC-Digest, in 48 the order in which they appear within the packet. 49 50 51 Inclusion of the keyed digest allows the receiving client to authenticate the Key Reply message and ensure 52 SS and BS have synchronized Authorization Keys. The HMAC-Digest’s authentication key is derived from 53 the Authorization Key. See Section 2.19, Cryptographic Methods, for details. 54 55 2.16.2.1.6 Key Reject 56 57 58 Receipt of a Key Reject indicates the receiving client SS is no longer authorized for a particular SAID. 59 60 Code: 9 61 62 63 Attributes: 64 65

This is an unapproved Task Group document being circulated for comment. 233 IEEE 802.16.1-00/01r4, September 2000

1 Table 45—Key Reject Attributes 2 3 4 Attribute Contents 5 6 Key-Sequence-Number Authorization key sequence number 7 8 SAID Security Association ID 9 10 Error-Code Error code identifying reason for rejection of Key Request 11 Display-String (optional) Display string containing reason for Key Reject 12 13 HMAC-Digest Keyed SHA message digest 14 15 16 17 The HMAC-Digest Attribute is a keyed message digest. The HMAC-Digest Attribute shall be the final 18 Attribute in the Key Reject’s Attribute list. The message digest is performed over the PKM message header 19 (starting with the PKM Code field) and all of the Key Reject’s Attributes, other than the HMAC-Digest, in 20 21 the order in which they appear within the packet. 22 23 Inclusion of the keyed digest allows the receiving client to authenticate the Key Reject message and ensure 24 SS and BS have synchronized Authorization Keys. The HMAC-Digest’s authentication key is derived from 25 the Authorization Key. See Section 2.19, Cryptographic Methods, for details. 26 27 28 2.16.2.1.7 Authorization Invalid 29 30 The BS can send an Authorization Invalid message to a client SS as: 31 32 33 an unsolicited indication, or 34 a response to a message received from that SS 35 36 In either case, the Authorization Invalid message instructs the receiving SS to re-authorize with its BS. 37 38 39 The BS sends an Authorization Invalid in response to a Key Request if (1) the BS does not recognize the SS 40 as being authorized (i.e., no valid Authorization Key associated with the requesting SS) or (2) verification of 41 the Key Request’s keyed message digest (in HMAC-Digest Attribute) failed, indicating a loss of Authoriza- 42 tion Key synchronization between SS and BS. 43 44 45 Code: 10 46 47 Attributes: 48 49 50 51 Table 46—Authorization Invalid Attributes 52 53 Attribute Contents 54 55 Error-Code Error code identifying reason for Authorization Invalid 56 57 Display-String (optional) Display String describing failure condition 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 234 IEEE 802.16.1-00/01r4, September 2000

1 2.16.2.1.8 TEK Invalid 2 3 The BS sends a TEK Invalid message to a client SS if the BS determines that the SS encrypted an upstream 4 5 PDU with an invalid TEK; i.e., a SAID’s TEK key sequence number, contained within the received packet’s 6 MAC Header, is out of the BS’s range of known, valid sequence numbers for that SAID. 7 8 Code: 11 9 10 11 Attributes: 12 13 14 Table 47—TEK Invalid Attributes 15 16 17 Attribute Contents 18 19 Key-Sequence-Number Authorization key sequence number 20 21 SAID Security Association ID 22 23 Error-Code Error code identifying reason for TEK Invalid message 24 Display-String (optional) Display string containing vendor-defined in-formation 25 26 HMAC-Digest Keyed SHA message digest 27 28 29 30 The HMAC-Digest Attribute is a keyed message digest. The HMAC-Digest Attribute shall be the final 31 Attribute in the TEK Invalid’s Attribute list. The message digest is performed over the PKM message header 32 33 (starting with the PKM Code field) and all of the TEK Invalid’s Attributes, other than the HMAC-Digest, in 34 the order in which they appear within the packet. 35 36 Inclusion of the keyed digest allows the receiving client to authenticate the TEK Invalid message and ensure 37 SS and BS have synchronized Authorization Keys. The HMAC-Digest’s authentication key is derived from 38 39 the Authorization Key. See Section 2.19, Cryptographic Methods, for details. 40 41 2.16.2.1.9 Authentication Information (Authent Info) 42 43 The Authentication Info message contains a single CA-Certificate Attribute, containing an X.509 CA certif- 44 45 icate for the manufacturer of the SS. The SS’s X.509 user certificate shall have been issued by the certifica- 46 tion authority identified by the X.509 CA certificate. All X.509 CA certificates shall be issued by an external 47 root certification authority. 48 49 Authentication Information messages are strictly informative: while the SS shall transmit Authent Info mes- 50 51 sages as indicated by the Authentication state model (Section 2.16.1.2), the BS may ignore them. 52 53 Code: 12 54 55 Attributes: 56 57 58 59 Table 48—Authentication Information Attributes 60 61 62 Attribute Contents 63 64 CA-Certificate certificate of manufacturer CA that issued SS certificate 65

This is an unapproved Task Group document being circulated for comment. 235 IEEE 802.16.1-00/01, August 2000

1 The CA-certificate attribute contains an X.509 CA certificate for the CA that issued the SS’s X.509 user cer- 2 tificate. The external certification authority issues these CA-certificates to SS manufacturers. 3 4 5 2.16.2.1.10 SA Map Request (MAP Request) 6 7 A SS sends SA Map Requests to its BS to request the mapping of a particular downstream traffic flow to a 8 SA. Section 2.17 describes the SA Mapping state model which uses the message. 9 10 11 Code: 13 12 13 Attributes: 14 15 16 Table 49—SA Map Request Attributes 17 18 19 Attribute Contents 20 21 SS-Identification Contains information used to identify SS to BS 22 23 SA-Query Contains addressing information identifying the downstream traffic flow SS is request- 24 ing an SA mapping for 25 26 27 28 2.16.2.1.11 SA Map Reply (Map Reply) 29 30 A BS sends an SA Map Reply as a positive response to a client SS’s SA Map Request. The SA Map Reply 31 32 informs the SS of a mapping between a queried address and a SA. Section 2.17 describes the SA Mapping 33 state model which uses the message. 34 35 Code: 14 36 37 38 Attributes: 39 40 41 Table 50—SA Map Reply Attributes 42 43 44 Attribute Contents 45 46 SA-Query Contains addressing information identifying the downstream traffic flow SS is requested 47 an SA mapping for 48 49 SA-Descriptor SA-Descriptor compound Attribute specifies the mapped SA’s SAID and other proper- 50 ties. 51 52 53 54 2.16.2.1.12 SAID Map Reject (Map Reject) 55 56 A BS sends SA Map Reject as a negative response to a client SS’s SA Map Request. The SA Map Reject 57 58 informs the SS that either (1) downstream traffic flow identified in the SA-Query Attribute is not being 59 encrypted or (2) the requesting SS is not authorized to receive that traffic. The contents of an error code 60 attribute distinguishes between the two cases. Section 2.17 describes the SA Mapping state model which 61 uses the message. 62 63 64 Code: 15 65

This is an unapproved Task Group document being circulated for comment. 236 IEEE 802.16.1-00/01r4, September 2000

1 Attributes: 2 3 4 Table 51—SA MAP Reject Attributes 5 6 7 Attribute Contents 8 9 SA-Query Contains addressing information identifying the downstream traffic flow SS requested 10 an SA mapping for 11 12 Error-Code Error code identifying reason for rejection of SA Map Request 13 14 Display-String (optional) Display string containing reason for Map Reject 15 16 17 18 2.16.2.2 PKM Attributes 19 20 A summary of the Attribute format is shown below. The fields are transmitted from left to right. 21 22 23 0 1 2 3 24 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 25 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 26 | Type | Length | Value... 27 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 28 29 30 31 Type 32 33 The Type field is one . Values of the PKM Type field are specified below. Note that Type values 34 between 0 and 127 are defined within the Privacy Specification, values between 128 and 255 are 35 36 vendor-assigned Attribute Types. 37 38 A PKM server shall ignore Attributes with an unknown Type. 39 40 41 A PKM client shall ignore Attributes with an unknown Type. 42 43 44 PKM client and server (i.e., SS and BS) may log receipt of unknown attribute types. 45 46 Length 47 48 49 The Length field is 2 s, and indicates the length of this Attribute’s Value field, in s. The length field 50 does not include the Type and Length fields. The minimum Attribute Length is 0, the maximum 51 Length is . 52 53 54 Packets containing attributes with invalid lengths SHOULD be silently discarded. 55 56 Value 57 58 59 The Value field is zero or more s and contains information specific to the Attribute. The format and 60 length of the Value field is determined by the Type and Length fields. All multi- integer quantities 61 are in network-byte order, i.e., the containing the most-significant bits is the first transmitted on the 62 63 wire. 64 65

This is an unapproved Task Group document being circulated for comment. 237 IEEE 802.16.1-00/01, August 2000

1 Table 52—PKM Attribute Types 2 3 4 Type BPKM Attribute 5 6 0 Reserved 7 8 1 Serial-Number 9 10 2 Manufacturer-ID 11 3 MAC-Address 12 13 4 RSA-Public-Key 14 15 5 SS-Identification 16 17 6 Display-String 18 19 7 AUTH-KEY 20 21 8 TEK 22 23 9 Key-Lifetime 24 25 10 Key-Sequence-Number 26 27 11 HMAC-Digest 28 12 SAID 29 30 13 TEK-Parameters 31 32 14 Reserved 33 34 15 CBC-IV 35 36 16 Error-Code 37 38 17 CA-Certificate 39 40 18 SS-Certificate 41 42 19 Security-Capabilities 43 44 20 Cryptographic-Suite 45 46 21 Cryptographic-Suite-List 47 22 Version 48 49 23 SA-Descriptor 50 51 24 SA-Type 52 53 25 SA-Query 54 55 26 SA-Query-Type 56 57 27 IP-Address 58 59 28-126 Reserved 60 61 127 Vendor-Defined 62 63 128-255 Vendor-assigned attribute types 64 65

This is an unapproved Task Group document being circulated for comment. 238 IEEE 802.16.1-00/01r4, September 2000

1 Note that a “string” does not require termination by an ASCII NULL because the Attribute already 2 has a length field. 3 4 5 The format of the value field is one of five data types. 6 7 8 Table 53—Attribute Value Data Types 9 10 11 string 0 – n s 12 13 uint8 8-bit unsigned integer 14 15 uint16 16-bit unsigned integer 16 17 uint32 32-bit unsigned integer 18 19 compound collection of Attributes 20 21 22 23 2.16.2.2.1 Serial-Number 24 25 Description 26 27 28 This Attribute indicates the serial number assigned by the manufacturer to a SS device. 29 30 A summary of the Serial-Number Attribute format is shown below. The fields are transmitted from 31 32 left to right. 33 34 0 1 2 3 35 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 36 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 37 38 | Type = 1 | Length | String... 39 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 40 41 42 Type 43 44 1 for Serial-Number 45 46 47 Length 48 49 >= 0 and =<255 50 51 52 String 53 54 The String field is zero or more s and contains a manufacturer-assigned serial number. 55 56 57 The manufacturer-assigned serial number shall be encoded in the ISO 8859-1 character encoding. 58 59 The characters employed shall be restricted to the following: 60 61 62 A-Z (0x41-0x5A) 63 a-z (0x61-0x7A) 64 65 0-9 (0x30-0x39)

This is an unapproved Task Group document being circulated for comment. 239 IEEE 802.16.1-00/01r4, September 2000

1 “-” (0xD2) 2 3 2.16.2.2.2 Manufacturer-ID 4 5 6 Description 7 8 9 This Attribute identifies the manufacturer. The identifier is 3 s long and contains the 3- Organiza- 10 tionally Unique Identifier (OUI) assigned to applying organizations by the IEEE [IEEE802]. The 11 12 first two bits of the 3- string are set to zero. 13 14 A summary of the Manufacturer-ID Attribute format is shown below. The fields are transmitted 15 16 from left to right. 17 0 1 2 3 18 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 19 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 20 | Type = 2 | Length | String... 21 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 22 23 24 25 Type 26 27 2 for Manufacturer-ID 28 29 Length 30 31 32 3 33 34 String 35 36 37 The String field is three s and contains an IEEE OUI. 38 39 2.16.2.2.3 MAC-Address 40 41 42 Description 43 44 This Attribute identifies the IEEE MAC address assigned to the SS. Guaranteed to be unique, it is 45 46 likely to be used as a SS handle/index at the BS. 47 48 A summary of the MAC-Address Attribute format is shown below. The fields are transmitted from 49 left to right. 50 51 52 0 1 2 3 53 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 54 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 55 | Type = 3 | Length | String... 56 57 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 58 59 60 Type 61 62 3 for MAC-Address 63 64 65 Length

This is an unapproved Task Group document being circulated for comment. 240 IEEE 802.16.1-00/01r4, September 2000

1 6 2 3 String 4 5 6 The String field contains a 6- MAC address. 7 8 2.16.2.2.4 RSA-Public-Key 9 10 11 Description 12 13 This Attribute is a string attribute containing a DER-encoded RSAPublicKey ASN.1 type, as 14 15 defined in the RSA Encryption Standard PKCS #1 v2.0 [RSA3]. 16 17 PKCS #1 v2.0 specifies that an RSA public key consists of both an RSA public modulus and an 18 19 RSA public exponent; the RSAPublicKey type includes both of these as DER-encoded INTEGER 20 types. 21 22 23 PKCS #1 v2.0 states that the RSA public exponent may be standardized in specific applications, and 24 the document suggests values of 3 or 65537 (F4). The protocol standardizes on F4 for a public expo- 25 nent and employs a 1024-bit modulus. 26 27 28 A summary of the Public-Key Attribute format is shown below. The fields are transmitted from left 29 to right. 30 0 1 2 3 31 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 32 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 33 34 | Type = 4 | Length | String... 35 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 36 37 38 Type 39 40 41 4 for RSA-Public-Key 42 43 Length 44 45 140 (length of DER-encoding, using F4 as the public exponent, and a 1024-bit public modulus) 46 47 48 String 49 50 DER-encoded RSAPublicKey ASN.1 type 51 52 53 2.16.2.2.5 SS-Identification 54 55 Description 56 57 58 This Attribute is a compound attribute, consisting of a collection of sub-attributes. These sub- 59 attributes contain information that can be used to uniquely identify a SS. Sub-attributes shall 60 include: 61 62 63 Serial-Number 64 Manufacturer-ID 65

This is an unapproved Task Group document being circulated for comment. 241 IEEE 802.16.1-00/01, August 2000

1 MAC-Address 2 RSA-Public-Key 3 4 5 6 The SS-Identification may also contain optional Vendor-Defined Attributes. 7 8 0 1 2 3 9 10 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 11 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 | Type = 5 | Length | Compound 13 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 14 15 16 Type 17 18 19 5 20 21 Length 22 23 24 >= 126 25 26 2.16.2.2.6 Display-String 27 28 Description 29 30 31 This Attribute contains a textual message. It is typically used to explain a failure response, and might 32 be logged by the receiver for later retrieval by an SNMP manager. Display strings shall be no longer 33 34 than 128 bytes. 35 36 A summary of the Display-String Attribute format is shown below. The fields are transmitted from 37 38 left to right. 39 0 1 2 3 40 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 41 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 42 | Type = 6 | Length | String... 43 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 44 45 46 47 Type 48 49 6 for Display String 50 51 Length 52 53 54 >=0 and <= 128 55 56 String 57 58 59 A string of characters. There is no requirement that the character string be null terminated; the length 60 field always identifies the end of the string. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 242 IEEE 802.16.1-00/01r4, September 2000

1 2.16.2.2.7 AUTH-Key 2 3 Description 4 5 6 The Authorization Key is an 20 byte quantity, from which a key encryption key, and two message 7 authentication keys (one for upstream requests, and a second for downstream replies) are derived. 8 9 10 This Attribute contains either a 96 or a 128- quantity containing the Authorization Key RSA- 11 encrypted with the SS's 1024-bit RSA public key. Details of the RSA encryption procedure are given 12 13 in section 7.5. The ciphertext produced by the RSA algorithm will be the length of the RSA modu- 14 lus, i.e., 128 s. 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 243 IEEE 802.16.1-00/01r4, September 2000

1 0 1 2 3 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Type = 7 | Length | String ... 5 6 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 7 8 9 Type 10 11 7 for AUTH-Key 12 13 14 Length 15 16 96 or 128 17 18 19 String 20 21 96 or 128- quantity representing an RSA-encrypted Authorization Key. 22 23 2.16.2.2.8 TEK 24 25 26 Description 27 28 This Attribute contains an 8- quantity that is a TEK DES key, encrypted with a Key Encryption Key 29 30 derived from the Authorization Key. TEK keys are encrypted using the Encrypt-Decrypt-Encrypt 31 (EDE) mode of two-key triple DES. See Section 2.19, Cryptographic Methods, for details. 32 33 0 1 2 3 34 35 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 36 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 37 | Type = 8 | Length | String ... 38 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 39 40 41 Type 42 43 44 8 for TEK 45 46 Length 47 48 49 8 50 51 String 52 53 54 64-bit quantity representing a (two-key triple DES EDE mode) encrypted traffic encryption key. 55 56 2.16.2.2.9 Key-Lifetime 57 58 Description 59 60 61 This Attribute contains the lifetime, in seconds, of an Authorization Key or TEK. It is a 32-bit 62 unsigned quantity representing the number of remaining seconds that the associated key will be 63 64 valid. 65

This is an unapproved Task Group document being circulated for comment. 244 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 0 1 2 3 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 6 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 7 | Type = 9 | Length | uint32 ... | 8 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 9 10 | ... uint32 | 11 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 12 13 14 Type 15 16 9 for Key-Lifetime 17 18 19 Length 20 21 4 22 23 24 uint32 25 26 32-bit quantity representing key lifetime 27 28 29 A key lifetime of zero indicates that the corresponding Authorization Key or traffic encryption key 30 is not valid. 31 32 2.16.2.2.10 Key-Sequence-Number 33 34 35 Description 36 37 This Attribute contains a 4-bit sequence number for a TEK or Authorization Key. The 4-bit quantity, 38 39 however, is stored in a single , with the high-order 4 bits set to 0. 40 41 A summary of the Key-Sequence-Number Attribute format is shown below. The fields are transmit- 42 43 ted from left to right. 44 45 0 1 2 3 46 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 47 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 48 49 | Type = 10 | Length | uint8 | 50 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 51 52 53 Ty pe 54 55 10 for Key-Sequence-Number 56 57 58 Length 59 60 1 61 62 63 uint8 64 65

This is an unapproved Task Group document being circulated for comment. 245 IEEE 802.16.1-00/01, August 2000

1 4-bit sequence number 2 3 2.16.2.2.11 HMAC-Digest 4 5 6 Description 7 8 This Attribute contains a keyed hash used for message authentication. The HMAC algorithm is 9 10 defined in [RFC-2104]. The HMAC algorithm is specified using a generic cryptographic hash algo- 11 rithm. Privacy uses a particular version of HMAC that employs the Secure Hash Algorithm (SHA- 12 1), defined in [FIPS-180-1]. 13 14 15 A summary of the HMAC-Digest Attribute format is shown below. The fields are transmitted from 16 left to right. 17 0 1 2 3 18 19 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 20 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 21 | Type = 11 | Length | String ... 22 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 23 24 25 Type 26 27 28 11 for HMAC-Digest 29 30 Length 31 32 33 20-s 34 35 String 36 37 38 A 160-bit (20 ) keyed SHA hash 39 40 2.16.2.2.12 SAID 41 42 Description 43 44 45 This Attribute contains a 16-bit SAID (SAID) used by the Privacy Protocol as the security associa- 46 tion identifier. 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 246 IEEE 802.16.1-00/01r4, September 2000

1 0 1 2 3 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 3 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4 | Type = 12 | Length | uint16 ... | 5 6 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 7 | ...uint16 | 8 +-+-+-+-+-+-+-+-+ 9 10 11 Type 12 13 14 12 for SAID 15 16 Length 17 18 19 2 20 21 uint16 22 23 24 16-bit quantity representing a SAID 25 26 2.16.2.2.13 TEK-Parameters 27 28 Description 29 30 31 This Attribute is a compound attribute, consisting of a collection of sub-attributes. These sub- 32 attributes represent all security parameters relevant to a particular generation of a SAID's TEK. 33 34 35 A summary of the TEK-Parameters Attribute format is shown below. The fields are transmitted from 36 left to right. 37 0 1 2 3 38 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 39 40 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 41 | Type = 13 | Length | Compound... 42 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 43 44 45 Type 46 47 48 13 for TEK-Parameters 49 50 Length 51 52 53 33 54 55 Compound 56 57 The Compound field contains the following sub-Attributes: 58 59 60 2.16.2.2.14 CBC-IV 61 62 Description 63 64 65

This is an unapproved Task Group document being circulated for comment. 247 IEEE 802.16.1-00/01r4, September 2000

1 Table 54—TEK-Parameters Sub-Attributes 2 3 4 Attribute Contents 5 6 TEK TEK, encrypted (two-key triple DES-EDE mode) with the KEK 7 8 Key-Lifetime TEK Remaining Lifetime 9 10 Key-Sequence-Number TEK Sequence Number 11 CBC-IV Cipher Block Chaining (CBC) Initialization Vector 12 13 14 15 This Attribute contains a 64-bit (8-byte) value specifying a Cipher Block Chaining (CBC) Initializa- 16 17 tion Vector. 18 19 A summary of the HMAC-Digest Attribute format is shown below. The fields are transmitted from 20 left to right. 21 22 23 0 1 2 3 24 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 25 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 26 | Type = 15 | Length | String ... 27 28 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 29 30 31 Type 32 33 15 for CBC-IV 34 35 36 Length 37 38 8 s 39 40 String 41 42 43 A 64-bit quantity representing a DES-CBC initialization vector. 44 45 2.16.2.2.15 Error-Code 46 47 48 Description 49 50 This Attribute contains a one- error code providing further information about an Authorization 51 52 Reject, Key Reject, Authorization Invalid, or TEK Invalid. 53 54 A summary of the Error-Code Attribute format is shown below. The fields are transmitted from left 55 56 to right. 57 0 1 2 3 58 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 59 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 60 | Type = 16 | Length | uint8 | 61 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 62 63 64 65 Type

This is an unapproved Task Group document being circulated for comment. 248 IEEE 802.16.1-00/01r4, September 2000

1 16 for Error-Code 2 3 Length 4 5 6 1 7 8 uint8 9 10 11 1- error code 12 13 14 A BS shall include the Error-Code Attribute in all Authorization Reject, Authorization Invalid, Key 15 Reject and TEK Invalid messages. Table 55 lists code values for use with this Attribute. The BS may 16 employ the nonzero error codes (1-8) listed below; it may, however, return a code value of zero (0). 17 18 Error code values other than those defined in Table 55 shall be ignored. Returning a code value of 19 zero sends no additional failure information to the SS; for security reasons, this may be desirable. 20 21 22 Table 55—Error-Code Attribute Code Values 23 24 25 Error Messages Description 26 Code 27 28 0 all no information 29 30 1 Auth Reject, Auth Invalid Unauthorized SS 31 32 2 Auth Reject, Key Reject Unauthorized SAID 33 34 3 Auth Invalid Unsolicited 35 36 4 Auth Invalid, TEK Invalid Invalid Key Sequence Number 37 38 5 Auth Invalid Message (Key Request) authentication failure 39 6 Auth Reject Permanent Authorization Failure 40 41 7 Map Reject not authorized for requested downstream traffic flow 42 43 8 Map Reject downstream traffic flow not mapped to SAID 44 45 46 47 Error code 6, Permanent Authorization Failure, is used to indicate a number of different error condi- 48 49 tions affecting the PKM authorization exchange. These include: 50 51 an unknown manufacturer; i.e., the BS does not have the CA certificate belonging to the issuer of a SS 52 53 certificate 54 SS certificate has an invalid signature 55 ASN.1 parsing failure during verification of SS certificate 56 SS certificate is on the “hot list” 57 58 inconsistencies between certificate data and data in accompanying PKM attributes 59 SS and BS have incompatible security capabilities 60 61 62 Their common property is that the failure condition is considered permanent: any re-attempts at 63 authorization would continue to result in Authorization Rejects. Details about the cause of a Perma- 64 nent Authorization Failure may be reported to the SS in an optional Display-String Attribute that 65

This is an unapproved Task Group document being circulated for comment. 249 IEEE 802.16.1-00/01r4, September 2000

1 may accompany the Error-Code Attribute in Authorization Reject messages. Note that providing 2 this additional detail to the SS should be administratively controlled within the BS. The BS may log 3 4 these Authorization failures, or even trap then to an SNMP manager. 5 6 2.16.2.2.16 Vendor-Defined 7 8 The Vendor-Defined Attribute is a compound attribute whose first sub-attribute shall be the Manufacturer-ID 9 10 Attribute. Subsequent Attribute(s) are user defined, with Type values as-signed by the vendor identified by 11 the previous Manufacturer-ID Attribute. 12 13 0 1 2 3 14 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 15 16 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 17 | Type = 127 | Length | Compound ... 18 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 19 20 21 Type 22 23 24 1 27 for Vendor-Defined 25 26 Length 27 28 29 >= 6 30 31 Compound 32 33 34 The first sub-attribute shall be Manufacturer-ID. Subsequent attributes can include both universal 35 Types (i.e., defined within this specification) and vendor-defined Types, specific to the vendor iden- 36 tified in the preceding Manufacturer-ID sub-attribute. 37 38 2.16.2.2.17 CA-Certificate 39 40 41 Description 42 43 This Attribute is a string attribute containing an X.509 CA Certificate, as defined in [X.509]. 44 45 46 A summary of the CA-Certificate Attribute format is shown below. The fields are transmitted from 47 left to right. 48 0 1 2 3 49 50 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 51 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 52 | Type = 17 | Length | String... 53 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 54 55 56 Type 57 58 59 17 for CA-Certificate 60 61 Length 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 250 IEEE 802.16.1-00/01r4, September 2000

1 Variable. Length shall not cause resulting MAC management message to exceed the maximum 2 allowed size. 3 4 5 String 6 7 X.509 CA Certificate (DER-encoded ASN.1) 8 9 10 2.16.2.2.18 SS-Certificate 11 12 Description 13 14 15 This Attribute is a string attribute containing a SS’s X.509 User Certificate, as defined in [X.509]. 16 17 A summary of the SS-Certificate Attribute format is shown below. The fields are transmitted from 18 19 left to right. 20 0 1 2 3 21 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 22 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 23 | Type = 18 | Length | String... 24 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 25 26 27 28 Type 29 30 18 for SS-Certificate 31 32 Length 33 34 35 Variable. Length shall not cause resulting MAC management message to exceed the maximum 36 allowed size. 37 38 39 String 40 41 X.509 User Certificate (DER-encoded ASN.1) 42 43 44 2.16.2.2.19 Security-Capabilities 45 46 Description 47 48 49 The Security-Capabilities Attribute is a compound attribute whose sub-attributes identify the version 50 of Privacy a SS supports and the cryptographic suite(s) a SS supports. 51 0 1 2 3 52 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 53 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 54 | Type = 19 | Length | Compound ... 55 56 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 57 58 59 Type 60 61 19 for Security-Capabilities 62 63 64 Length 65

This is an unapproved Task Group document being circulated for comment. 251 IEEE 802.16.1-00/01, August 2000

1 >=9 2 3 Compound 4 5 6 The Compound field contains the following sub-Attributes: 7 8 9 Table 56—Security-Capabilities Sub-Attributes 10 11 12 Attribute Contents 13 14 Cryptographic-Suite-List list of supported cryptographic suites 15 16 Version version of Privacy supported 17 18 19 20 2.16.2.2.20 Cryptographic-Suite 21 22 Description 23 24 25 0 1 2 3 26 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 27 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 28 | Type = 20 | Length | uint16 ... | 29 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 30 31 | ...uint16 | 32 +-+-+-+-+-+-+-+-+ 33 34 35 Type 36 37 20 for Cryptographic-Suite 38 39 40 Length 41 42 2 43 44 45 Uint16 46 47 A 16-bit integer identifying a pairing of a data encryption algorithm (encoded in the left-most, most 48 49 significant, byte) and a data authentication algorithm (encoded in the right-most, least significant, 50 byte). Currently, 56-bit and 40-bit DES are the only algorithms specified for use within security, and 51 neither are paired with a data authentication algorithm. 52 53 54 55 2.16.2.2.21 Cryptographic-Suite-List 56 57 58 Description 59 60 0 1 2 3 61 62 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 63 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 64 | Type = 21 | Length | String... 65

This is an unapproved Task Group document being circulated for comment. 252 IEEE 802.16.1-00/01r4, September 2000

1 Table 57—Data Encryption Algorithm Identifiers 2 3 4 Value Description 5 6 0 Reserved 7 8 1 CBC-Mode, 56-bit DES 9 10 2 CBC-Mode, 40-bit DES 11 3-255 Reserved 12 13 14 15 Table 58—Data Authentication Algorithm Identifiers 16 17 18 Value Description 19 20 0 No Data Authentication 21 22 1-255 Reserved 23 24 25 26 Table 59—Cryptographic-Suite Attribute Values 27 28 29 Value Description 30 31 256 (0x0100 hex) CBC-Mode 56-bit DES & no data authentication 32 33 512 (0x0200 hex) CBC-Mode 40-bit DES & no data authentication 34 all remaining values Reserved 35 36 37 38 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 39 40 41 Type 42 43 44 21 for Cryptographic-Suite-List 45 46 Length 47 48 49 2*n, where n=number of cryptographic suites listed 50 51 Uint8 52 53 54 A list of byte pairs identifying a collection of cryptographic suites. Each byte pair represents a sup- 55 ported cryptographic suite, with an encoding identical to the value field of the Cryptographic-Suite 56 Attribute (Section 2.16.2.2.20). The BS shall not interpret the relative ordering of byte pairs in the 57 58 list as a SS’s preferences amongst the cryptographic suites it supports. 59 60 2.16.2.2.22 Version 61 62 Description 63 64 65 0 1 2 3

This is an unapproved Task Group document being circulated for comment. 253 IEEE 802.16.1-00/01r4, September 2000

1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 3 | Type = 22 | Length | uint8 | 4 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 5 6 7 8 Type 9 10 22 for Version 11 12 Length 13 14 15 1 16 17 Uint8 18 19 20 A 1- code identifying a version of Privacy security. 21 22 23 24 Table 60—Version Attribute Values 25 26 27 Value Description 28 29 0 Reserved 30 31 1 Current Privacy 32 2-255 Reserved 33 34 35 36 2.16.2.2.23 SA-Descriptor 37 38 Description 39 40 41 The SA-Descriptor Attribute is a compound attribute whose sub-attributes describe the properties of 42 a Security Association. These properties include the SAID, the SA type, and the cryptographic suite 43 44 employed within the SA. 45 0 1 2 3 46 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 47 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 48 | Type = 23 | Length | Compound... 49 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 50 51 52 Type 53 54 55 23 for SA-Descriptor 56 57 Length 58 59 60 14 61 62 Compound 63 64 65

This is an unapproved Task Group document being circulated for comment. 254 IEEE 802.16.1-00/01r4, September 2000

1 The Compound field contains the following sub-Attributes: 2 3 4 Table 61—SA-Descriptor Sub-Attributes 5 6 7 8 Attribute Contents 9 10 SAID Security Association ID 11 SA-Type Type of SA 12 13 Cryptographic-Suite pairing of data encryption and data authentication algorithms 14 employed within the SA 15 16 17 18 2.16.2.2.24 SA-Type 19 20 21 Description 22 23 Identifies Type of SA. Privacy defines three SA types: Primary, Static, Dynamic. 24 0 1 2 3 25 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 26 27 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 28 | Type = 24 | Length | uint8 | 29 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 30 31 32 Type 33 34 35 24 for SA-Type 36 37 Length 38 39 40 1 41 42 Uint8 43 44 45 A 1- code identifying the value of SA-type as defined in Table 62. 46 47 48 Table 62—SA-Type Attribute Values 49 50 51 Value Description 52 53 0 Primary 54 55 1 Static 56 57 2 Dynamic 58 3-127 Reserved 59 60 128-255 Vendor-specific 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 255 IEEE 802.16.1-00/01r4, September 2000

1 2.16.2.2.25 SA-Query 2 3 Description 4 5 6 Compound Attribute used in SA Map Request to specify mapping query arguments. Query argu- 7 ments include the query type and any addressing attributes particular to that query type - the address- 8 9 ing attributes identify a particular downstream traffic flow that a SA mapping is being requested for. 10 Currently, the only query type specified is Multicast, and the addressing argument associated with 11 that type is an IP group address. 12 0 1 2 3 13 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 14 15 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 16 | Type = 25 | Length | Compound... 17 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 18 19 20 Type 21 22 23 25 for SA-Query 24 25 Length 26 27 28 11 29 30 Compound 31 32 33 The Compound field contains the following sub-Attributes: 34 35 Table 2-3. SA-Query Sub-Attributes 36 37 Attribute Contents 38 SA-Query-Type Type of Query 39 IP-Address required if SA-Query-Type = IP-Multicast; contains an IP group 40 address whose SA mapping is being requested. 41 42 43 2.16.3.2.26 SA-Query-Type 44 45 46 Description 47 48 This Attribute identifies an IP address used to identify an encrypted IP traffic flow. It is used, for 49 example, to specify an IP multicast group address. 50 51 52 A summary of the IP-Address Attribute format is shown below. The fields are transmitted from left 53 to right. 54 0 1 2 3 55 56 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 57 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 58 | Type = 26 | Length | uint8 | 59 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 60 61 62 Type 63 64 65 26 for SA-Query-Type

This is an unapproved Task Group document being circulated for comment. 256 IEEE 802.16.1-00/01r4, September 2000

1 Length 2 3 4 1 5 6 Uint8 7 8 A 1- code identifying the value of SA-Query-Type as defined in Table 63. 9 10 11 12 Table 63—SA-Query-Type Attribute Values 13 14 15 Value Description 16 17 0 Reserved 18 19 1 IP Multicast 20 2-127 Reserved 21 22 128-255 Vendor-specific 23 24 25 26 27 28 2.17 Dynamic SA Mapping 29 30 31 2.17.1 Introduction 32 33 Dynamic Security Associations (Dynamic SAs), introduced in Section 2.14.2.3, are SAs that a BS establishes 34 and eliminates, dynamically, in response to its enabling and disabling of specific downstream traffic flows. 35 These traffic flows may be initiated by the actions of: 36 37 38 a SS (Customer Premise Equipment) device attached to one of the BS’s client SS, 39 an application server within the head end, 40 41 an OSS system, or 42 other unspecified mechanisms. 43 44 Regardless of what triggers the establishment of a Dynamic SA within the BS, client SS need a mechanism 45 for learning the mapping of a particular Privacy-protected downstream traffic flow to that flow’s dynamically 46 47 assigned Security Association (and that SA’s corresponding SAID). 48 49 The details of this mechanism and the associated requirements are TBD. 50 51 52 2.18 Key Usage 53 54 55 2.18.1 BS 56 57 After a SS completes MAC Registration, it initiates an Authorization exchange with its BS. The BS’s first 58 receipt of an Authorization Request message from the unauthorized SS initiates the activation of a new 59 Authorization Key (AK), which the BS sends back to the requesting SS in an Authorization Reply message. 60 Authorization Key Lifetime 61 This AK will remain active until it expires according to its predefined lifetime, , a 62 BS system configuration parameter (see Appendix A.2). 63 64 The BS shall use keying material derived from the SS’s Authorization Key for: 65

This is an unapproved Task Group document being circulated for comment. 257 IEEE 802.16.1-00/01r4, September 2000

1 verifying the HMAC-Digest in Key Requests received from that SS 2 encrypting (EDE mode two-key triple DES) the TEK in the Key Replies it sends to that SS (TEK is a sub- 3 4 attribute of a Key Reply’s TEK-Parameters Attribute) 5 calculating the HMAC-Digests it writes into Key Replies, Key Rejects and TEK Invalids sent to that SS 6 7 The BS must always be prepared to send a SS an AK upon request. The BS shall be able to support up to two 8 9 simultaneously active AKs for each client SS. The BS has two active AKs during an Authorization Key tran- 10 sition period; the two active keys have overlapping lifetimes. 11 12 An Authorization Key transition period begins when the BS receives an Authorization Request from a SS 13 and the BS has a single active AK for that SS. In response to this Authorization Request, the BS activates a 14 15 second AK, which it sends back to the requesting SS in an Authorization Reply. The BS shall set the active 16 lifetime of this second AK to be the remaining lifetime of the first AK, plus the predefined Authorization Key 17 Lifetime; thus, the second, “newer” key will remain active for one Authorization Key Lifetime beyond the 18 expiration of the first, “older” key. The key transition period will end with the expiration of the older key. 19 This is depicted in the top half of Figure 6-1. 20 21 22 The Authorization Key lifetime a BS reports in a Authorization reply shall reflect, as accurately as an imple- 23 mentation permits, the remaining lifetimes of AK at the time the reply message is sent. 24 25 As long as the BS is in the midst of a SS’s Authorization Key transition period, and thus is holding two 26 27 active Authorization Keys for that SS, it will respond to Authorization Requests with the newer of the two 28 active keys. Once the older key expires, an Authorization Request will trigger the activation of a new AK, 29 and the start of a new key transition period. 30 31 If a SS fails to reauthorize before the expiration of its most current AK, the BS will hold no active Authori- 32 33 zation keys for the SS and will consider the SS unauthorized. A BS shall remove from its keying tables all 34 TEKs associated with an unauthorized SS’s Primary SA. 35 36 A BS shall use a SS’s active AK(s) to verify the HMAC-digest in Key Requests received from the SS. If a BS 37 receives a Key Request while in an AK transition period, and the accompanying AK Key Sequence Number 38 39 indicates the Request was authenticated with the newer of the two AKs, the BS identifies this as an implicit 40 acknowledgment that the SS has obtained the newer of the SS’s two active AKs. 41 42 A BS shall use an active AK when calculating HMAC-Digests in Key Replies and Key Rejects, and when 43 encrypting the TEK in Key Replies. When sending Key Replies or Key Rejects within a key transition period 44 45 (i.e., when two active AKs are available), if the newer key has been implicitly acknowledged, the BS shall 46 use the newer of the two active AKs; if the newer key has not been implicitly acknowledged, the BS shall use 47 the older of the two active AKs. 48 49 The upper half of Figure 6-1 illustrates the BS’s policy regarding its use of AKs. 50 51 52 The BS shall maintain two sets of active traffic encryption keys (and their associated CBC initialization vec- 53 tors) per SAID. They correspond to two successive generations of keying material, and have overlapping 54 lifetimes. The newer TEK shall have a key sequence number one greater than (modulo 16) that of the older 55 TEK. Each TEK becomes active half way through the lifetime of its predecessor, and expires half way 56 57 through the lifetime of its successor. Once a TEK’s lifetime expires, the TEK becomes inactive and shall no 58 longer be used. 59 60 The BS transitions between the two active TEKs differently depending on whether the TEK is used for 61 downstream or upstream traffic. For each of its SAIDs, the BS shall transition between active TEKs accord- 62 63 ing to the following rules: 64 65

This is an unapproved Task Group document being circulated for comment. 258 IEEE 802.16.1-00/01r4, September 2000

1 The BS shall use the older of the two active TEKs for encrypting downstream traffic. At expiration of the 2 older TEK, the BS will immediately transition to using the newer TEK for encryption. 3 4 For decryption of upstream traffic, a transition period is defined that begins once the BS has sent the 5 newer TEK to a SS within a Key Reply Message. The upstream transition period begins from the 6 time the BS sends the newer TEK in a Key Reply Message and concludes once the older TEK 7 8 expires. While in the transition period, the BS shall be able to decrypt upstream frames using either 9 the older or newer TEK. 10 11 Note that the BS encrypts with a given TEK for only the second half of that TEK’s total lifetime. The BS is 12 13 able, however, to decrypt with a TEK for the TEK’s entire lifetime. 14 15 The upper half of Figure 6-2 illustrates this BS’s management of a Privacy Security Association’s TEKs. 16 17 The BS is responsible for maintaining keying information for both primary and multicast SAIDs in the 18 19 above manner. The Privacy Key Management protocol defined in this specification describes a mechanism 20 for synchronizing this keying information between a BS and its client SS. It is the responsibility of the SS to 21 update its keys in a timely fashion; the BS will transition to a new downstream encryption key regardless of 22 whether a client SS has retrieved a copy of that TEK. 23 24 25 The Key Replies sent by a BS contain TEK parameters (the TEK itself, a key lifetime, a key sequence num- 26 ber and a CBC IV) for the two active TEKs. The key lifetimes a BS reports in a Key Reply shall reflect, as 27 accurately as an implementation permits, the remaining lifetimes of these TEKs at the time the Key Reply 28 message is sent. 29 30 2.18.2 SS 31 32 33 The SS is responsible for sustaining authorization with its BS and maintaining an active Authorization Key. 34 A SS shall be prepared to use its two most recently obtained AKs. 35 36 37 AKs have a limited lifetime and must be periodically refreshed. A SS refreshes its Authorization Key by re- 38 issuing an Authorization Request to the BS. The Authorization state machine (Section 2.16.1.2) manages the 39 scheduling of Authorization Requests for refreshing AKs. 40 41 A SS’s Authorization state machine schedules the beginning of reauthorization a configurable length of time 42 Authorization Grace Time 43 (the ) before the SS’s latest AK is scheduled to expire. The Authorization Grace 44 Time is configured to provide a SS with an authorization retry period that is sufficiently long to allow for 45 system delays and provide adequate time for the SS to successfully complete an Authorization exchange 46 before the expiration of its most current AK. 47 48 49 Note that the BS does not require knowledge of the Authorization Grace Time. The BS, however, tracks the 50 lifetime of its Authorization Keys and shall deactive a key once it has expired. 51 52 A SS shall use the newer of its two most recent Authorization Keys when calculating the HMAC-Digests it 53 attaches to Key Requests. It shall be able to use either of its two most recent AKs to authenticate Key Replies 54 55 or Key Rejects, and to decrypt a Key Keply’s encrypted TEK. The SS uses the accompanying AK Key 56 Sequence Number to determine which of the two AKs to use. 57 58 The lower half of Figure 6-1 illustrates a SS’s maintenance and usage of its Authorization Keys. 59 60 61 A SS shall be capable of maintaining two successive sets of traffic keying material per authorized SAID. 62 Through operation of its TEK state machines, a SS attempts to always maintain a SAID’s two most recent 63 sets of traffic keying material. 64 65

This is an unapproved Task Group document being circulated for comment. 259 IEEE 802.16.1-00/01r4, September 2000

1 For each of its authorized SAIDs, the SS: 2 3 4 shall use the newer of its two TEKs to encrypt newly received upstream traffic. Traffic already queued up 5 may use either TEK (in no specific order) for a brief period of time covering the transition from the 6 old to the new key. 7 shall be able to decrypt downstream traffic encrypted with either of the TEKs 8 9 10 2.19 Cryptographic Methods 11 12 13 This section specifies cryptographic algorithms and key sizes protocol uses. 14 15 2.19.1 Packet Data Encryption 16 17 18 Privacy shall use the Cipher Block Chaining (CBC) mode of the US Data Encryption Standard (DES) algo- 19 rithm [FIPS-46, FIPS-46-1, FIPS-74, FIPS-81] to encrypt the MAC PDU payloads. 20 21 Privacy implementations shall support 56-bit DES. 22 23 24 CBC shall be initialized with an initialization vector that is provided, along with other SAID key material, in 25 a BS’s Key Reply. Chaining is done block to block within a frame and reinitialized on a frame basis in order 26 to make the system more robust to potential frame loss. 27 28 Residual termination block processing shall be used to encrypt the final block of plaintext when the final 29 30 block is less than 64 bits. Given a final block having n bits, where n is less than 64, the next-to-last ciphertext 31 block is DES encrypted a second time, using the ECB mode, and the least significant n bits of the result are 32 exclusive ORed with the final n bits of the payload to generate the short final cipher block. In order for the 33 receiver to decrypt the short final cipher block, the receiver DES encrypts the next-to-last ciphertext block, 34 using the ECB mode, and exclusive ORs the left-most n bits with the short final cipher block in order to 35 36 recover the short final cleartext block. This encryption procedure is depicted in Figure 9.4 (pg. 195) of 37 [SCHNEIER]. 38 39 In the special case when the frame’s to-be-encrypted plaintext is less than 64 bits, the initialization vector 40 shall be DES encrypted, and the left-most n bits of the resulting ciphertext corresponding to the number of 41 42 bits of the payload shall be exclusive ORed with the n bits of the payload to generate the short cipher 12 43 block. 44 45 2.19.2 Encryption of TEK 46 47 48 The BS encrypts the value fields of the TEK in the Key Reply messages it sends to client SS. This field is 49 encrypted using two-key triple DES in the encrypt-decrypt-encrypt (EDE) mode [SCHNEIER]: 50 51 52 encryption: C = Ek1[Dk2[Ek1[P]]] 53 decryption: P = Dk1[Ek2[Dk1[C]]] 54 55 P = Plaintext 64-bit TEK 56 C = Ciphertext 64-bit TEK 57 k1 = left-most 64 bits of the 128-bit KEK 58 k2 = right-most 64 bits of the 128-bit KEK 59 60 E[ ] = 56-bit DES ECB (electronic code book) mode encryption 61 62 63 12This method of encrypting short payloads is vulnerable to attack: EXORing two sets of ciphertext encrypted in the above manner 64 65 under the same set of keying material will yield the EXOR of the corresponding sets of plaintext. Further investigation is required.

This is an unapproved Task Group document being circulated for comment. 260 IEEE 802.16.1-00/01r4, September 2000

1 D[ ] = 56-bit DES ECB decryption 2 3 Section 2.19.4 below describes how the KEK is derived from the Authorization key. 4 5 6 2.19.3 HMAC-Digest Algorithm 7 8 The keyed hash employed by the HMAC-Digest Attribute shall use the HMAC message authentication 9 method [RFC- 2104] with the SHA-1 hash algorithm [FIPS-180-1]. 10 11 12 Upstream and downstream message authentication keys are derived from the Authorization Key (see Section 13 2.19.4 below for details). 14 15 2.19.4 Derivation of TEKs, KEKs and Message Authentication Keys 16 17 18 The BS generates Authorization Keys, TEKs and IVs. A random or pseudo-random number generator shall 19 be used to generate Authorization Keys and TEKs. A random or pseudo-random number generator may also 20 be used to generate IVs; regardless of how they are generated, IVs shall be unpredictable. [RFC-1750] pro- 21 vides recommended practices for generating random numbers for use within cryptographic systems. 22 23 24 [FIPS-81] defines DES keys as 8- (64-bit) quantities where the seven most significant bits (i.e., seven left- 25 most bits) of each are the independent bits of a DES key, and the least significant bit (i.e., right-most bit) of 26 each is a parity bit computed on the preceding seven independent bits and adjusted so that the has odd par- 27 ity. 28 29 30 The keying material for two-key triple DES consists of two distinct (single) DES keys. 31 32 PKM does not require odd parity. The PKM protocol generates and distributes 8- DES keys of arbitrary par- 33 ity, and it requires that implementations ignore the value of the least significant bit of each . 34 35 36 A key encryption key (KEK) and two message authentication keys are derived from a common Authoriza- 37 tion Key. The following defines how these keys are derived: 38 39 KEK is the Key Encryption Key used to encrypt Traffic Encryption Keys. 40 41 42 HMAC_KEY_U is the message authentication key used in upstream Key Requests 43 44 HMAC_KEY_D is the message authentication key used in downstream Key Replies, Key Rejects and TEK 45 Invalids. 46 47 48 SHA(x|y) denotes the result of applying the SHA function to the concatenated bit strings x and y. 49 50 Truncate(x,n) denotes the result of truncating x to its left-most n bits. 51 52 53 KEK = Truncate(SHA( K_PAD | AUTH_KEY ), 128) 54 55 HMAC_KEY_U = SHA( H_PAD_U | AUTH_KEY ) 56 57 58 HMAC_KEY_D = SHA( H_PAD_D | AUTH_KEY ) 59 60 Each _PAD_ is a 512 bit string: 61 62 63 K_PAD = 0x53 repeated 64 times. 64 65

This is an unapproved Task Group document being circulated for comment. 261 IEEE 802.16.1-00/01r4, September 2000

1 H_PAD_U = 0x5C repeated 64 times. 2 3 H_PAD_D = 0x3A repeated 64 times. 4 5 6 2.19.5 Public-Key Encryption of Authorization Key 7 8 Authorization keys in Authorization Reply messages shall be RSA public-key encrypted, using the SS’s 9 public key. The protocol uses F4 (65537 decimal, or equivalently, 010001 hexadecimal) as its public expo- 10 11 nent and a modulus length of 1024 bits. The protocol employs the RSAES-OAEP encryption scheme speci- 12 fied in version 2.0 of the PKCS#1 standard [RSA3]. RSAES-OAEP requires the selection of: a hash 13 function; a mask-generation function; and an encoding parameter string. The default selections specified in 14 [RSA3] shall be used when encrypting the authorization key. These default selections are: SHA-1 for the 15 hash function; MGF1 with SHA-1 for the mask-generation function; and the empty string for the encoding 16 17 parameter string. 18 19 2.19.6 Digital Signatures 20 21 The Protocol employs the RSA Signature Algorithm [RSA3] with SHA-1 [FIPS186] for all three of its cer- 22 23 tificate types. 24 25 As with its RSA encryption keys, Privacy uses F4 (65537 decimal, 010001 hexadecimal) as the public expo- 26 nent for its signing operation. The external authority Root CA will employ a modulus length of 2048 bits 27 (256 s) for signing the Manufacturer CA certificates it issues. Manufacturer CAs shall employ signature key 28 29 modulus lengths of at least 1024 bits, and no greater than 2048 bits. 30 31 2.19.7 Supporting Alternative Algorithms 32 33 The current specification requires the use of 56-bit DES for encrypting packet data, two-key triple DES for 34 35 encrypting traffic encryption keys, 1024-bit RSA for encrypting Authorization keys, and 1024-to-2048-bit 36 RSA for signing Privacy X.509 certificates. The choice of key lengths and algorithms, while appropriate for 37 current threat models and hardware capabilities, may be inappropriate in the future. 38 39 For example, it is generally agreed that DES is approaching the end of its practical usefulness as the industry 40 41 standard for symmetric encryption. NIST is currently overseeing the development and adoption of a new 42 standard encryption algorithm, commonly referred to as the Advanced Encryption Standard, or AES. Given 43 the nature of the security services, the protocol is being asked to support (basic privacy at a level better than 44 or equal to that possible over dedicated wires, and conditional access to RF data transport services) as well 45 as the protocol’s flexible key management policy (i.e., setting of key lifetimes), service providers will be jus- 46 47 tified in the continued reliance on DES for, at least, the next five years. Nevertheless, at some future date, 48 SSs will need to adopt a stronger traffic encryption algorithm, possibly AES. 49 50 51 2.20 TFTP Configuration File Extensions 52 53 All of a SS’s Privacy configuration parameter values are specified in the configuration file TFTP-down- 54 loaded by the SS during RF MAC initialization. Privacy configuration setting fields are included in both the 55 56 SS MIC and BS MIC calculations, and in a SS’s registration requests. 57 58 2.20.1 Privacy Configuration Setting Encodings 59 60 The following type/length/value encodings for Privacy configuration settings shall be used in both the con- 61 62 figuration file and in MAC SS registration requests. 63 64 65

This is an unapproved Task Group document being circulated for comment. 262 IEEE 802.16.1-00/01r4, September 2000

1 The Privacy Enable configuration setting controls whether Privacy is enabled or disabled in a SS. If Privacy 2 is enabled, the Privacy Configuration Setting shall also be present. The Privacy Configuration setting may be 3 present if Privacy is disabled. The separate Privacy Enable parameter allows an operator to disable or re- 4 5 enable Privacy by toggling a single configuration parameter, thus not requiring the removal or re-insertion of 6 the larger set of Privacy Configuration parameters. 7 8 This field defines the parameters associated with Privacy operation. It is composed of a number of encapsu- 9 lated type/length/value fields. The type fields defined are only valid within the encapsulated Baseline Pri- 10 11 vacy configuration setting string. 12 13 type length value 14 15 P_CFG n 16 17 18 2.20.1.1 Internal Baseline Privacy Encodings 19 20 2.20.1.1.1 Authorize Wait Timeout 21 22 23 The value of the field specifies retransmission interval, in seconds, of Authorization Request messages from 24 the Authorize Wait state. 25 26 sub-type length value 27 28 29 14 30 31 Valid Range: 1 - 30 32 33 34 Reauthorize Wait Timeout 35 36 The value of the field specifies retransmission interval, in seconds, of Authorization Request messages from 37 the Authorize Wait state. 38 39 sub-type length value 40 41 42 24 43 44 Valid Range: 1 - 30 45 46 47 2.20.1.1.2 Authorization Grace Time 48 49 The value of this field specifies the grace period for re-authorization, in seconds. 50 51 sub-type length value 52 53 54 34 55 56 Valid Range: 1 - 6,047,999 57 58 59 2.20.1.1.3 Operational Wait Timeout 60 61 The value of this field specifies the retransmission interval, in seconds, of Key Requests from the Opera- 62 tional Wait state. 63 64 65 sub-type length value

This is an unapproved Task Group document being circulated for comment. 263 IEEE 802.16.1-00/01r4, September 2000

1 44 2 3 Valid Range: 1 - 10 4 5 6 2.20.1.1.4 Rekey Wait Timeout 7 8 The value of this field specifies the retransmission interval, in seconds, of Key Requests from the Rekey Wait 9 state. 10 11 12 sub-type length value 13 14 54 15 16 17 Valid Range: 1 - 10 18 19 2.20.1.1.5 TEK Grace Time 20 21 The value of this field specifies grace period, in seconds, for rekeying the TEK. 22 23 24 sub-type length value 25 26 64 27 28 29 Valid Range: 1 - 302399 30 31 2.20.1.1.6 Authorize Reject Wait Timeout 32 33 The value of this field specifies how long a SS waits (seconds) in the Authorize Reject Wait state after 34 35 receiving an Authorization Reject. 36 37 sub-type length value 38 39 74 40 41 42 Valid Range: 1 - 600 43 44 2.20.1.1.7 SA Map Wait Timeout 45 46 47 The value of this field specifies the retransmission interval, in seconds, of SA Map Requests from the Map 48 Wait state. 49 50 sub-type length value 51 52 53 84 54 55 Valid Range: 1 - 10 56 57 2.20.1.1.8 SA Map Max Retries 58 59 60 The value of this field specifies the maximum number of Map Request retries allowed. 61 62 sub-type length value 63 64 65 94

This is an unapproved Task Group document being circulated for comment. 264 IEEE 802.16.1-00/01r4, September 2000

1 Valid Range: 0 - 10 2 3 4 5 6 2.20.1.2 Parameter Guidelines 7 8 Below are recommended ranges and values for Privacy’s various configuration and operational parameters. 9 These ranges and default values may change as service providers gain operational experience running Pri- 10 11 vacy. 12 13 Table 64—Recommended Operational Ranges for Privacy Configuration Parameters 14 15 16 17 18 19 System Name Description Minimum Default Maximum 20 Value Value Value 21 22 BS Authorization Lifetime, in seconds, BS assigns 1 day 7 days 70 days 23 24 Lifetime to new Authorization Key (86,400 sec.) (604,800 (6,048000 25 sec.) sec.) 26 27 BS TEK Lifetime Lifetime, in seconds, BS assigns 30 min. 12 hours 7 days 28 to new TEK (1800 sec.) (43,200 (604,800 29 sec.) sec.) 30 31 SS Authorize Wait Auth Req retransmission interval 2 sec. 10 sec. 30 sec. 32 Timeout from Auth Wait state 33 34 SS Reauthorize Auth Req retransmission interval 2 sec. 10 sec. 30 sec. 35 Wait Timeout from Reauth Wait state 36 37 SS Authorization Time prior to Authorization expi- 5 min. 10 min. 35 days 38 Grace Time ration SS begins re-authorization (300 sec.) (600 (3,024,000 39 sec.) sec). 40 41 SS Operational Wait Key Req retransmission interval 1 sec. 1 sec. 10 sec. 42 43 Timeout from Op Wait state 44 SS Rekey Wait Tim- Key Req retransmission interval 1 sec. 1 sec. 10 sec. 45 46 eout from Rekey Wait state 47 48 SS TEK Grace Time Time prior to TEK expiration SS 5 min. (300 1 hour 3.5 days 49 begins rekeying sec) (3,600 (302,399 50 sec.) sec) 51 52 SS Authorize Reject Delay before re-sending Auth 10 sec. 60 sec. 10 min. 53 Wait Request after receiving Auth (600 sec.) 54 Reject 55 56 SS SA Map Wait Map Request retransmission 1 sec. 1 sec. 10 sec. 57 Timeout interval from Map Wait state 58 59 SS SA Map Max Maximum number of times SS 0410 60 Retries retries SA Map Request before 61 62 giving up 63 64 65

This is an unapproved Task Group document being circulated for comment. 265 IEEE 802.16.1-00/01r4, September 2000

1 The valid range (vs. recommended operational range) for Authorization and TEK lifetimes are: 2 3 4 Authorization Lifetime Valid Range: 1 - 6,048,000 seconds 5 TEK Lifetime Valid Range: 1 - 604,800 seconds 6 7 Note that valid ranges defined for each of Privacy’s configuration parameters extend below the recom- 8 mended operational ranges. For the purposes of protocol testing, it is useful to run the privacy protocol with 9 10 timer values well below the low end of the recommended operational ranges. The shorter timer values 11 "speed up" prviacy’s clock, causing privacy protocol state machine events to occur far more rapidly than they 12 would under an "operational" configuration. While privacy implementations need not be designed to operate 13 efficiently at this accelerated privacy pace, the protocol implementation should operate correctly under these 14 shorter timer values. Table 65 provides a list of shortened parameter values which are likely to be employed 15 16 in protocol conformance and certification testing. 17 18 Table 65—Shortened Privacy Parameter Values for Protocol Testing 19 20 21 22 23 24 Authorization 5 min. (300 sec.) 25 Lifetime 26 27 TEK Lifetime 3 min. (180 sec.) 28 29 Authorization 1 min. (60 sec.) 30 Grace Time 31 32 TEK Grace time 1 min. (60 sec.) 33 34 35 36 The TEK Grace Time shall be less than half the TEK lifetime. 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 266 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 267 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 268 IEEE 802.16.1-00/01r4, September 2000

1 3 Physical Layer 2 3 4 3.1 Overview 5 6 7 The following physical layer specification was designed to meet the functional requirements that have been defined 8 for Broadband Wireless Access (BWA) systems. It incorporates many aspects of existing standards in order to lever- 9 age existing technology for reduced equipment cost and demonstrated robustness of implementation, with modifica- 10 11 tions to ensure reliable operation in the targeted 10-66 GHz frequency band. In addition, this physical layer was 12 designed with a high degree of flexibility in order to allow service providers the ability to optimize system deploy- 13 ments with respect to cell planning, cost considerations, radio capabilities, offered services, and capacity require- 14 ments. Two modes of operation have been defined for the downstream channel, one targeted to support a continuous 15 transmission stream and one targeted to support a burst transmission stream. Having this separation allows each to be 16 17 optimized according to their respective design constraints, while resulting in a standard that supports various system 18 requirements and deployment scenarios. 19 20 3.1.1 Multiplexing and Multiple Access Technique 21 22 23 The upstream physical layer is based on the use of a combination of time division multiple access (TDMA) and 24 demand assigned multiple access (DAMA). In particular, the upstream channel is divided into a number of "time 25 slots". The number of slots assigned for various uses (registration, contention, guard, or user traffic) is controlled by 26 the MAC layer in the base station and can vary in time for optimal performance. The downstream channel can be 27 either based upon time division multiplexing (TDM), where the information for each subscriber station is multiplexed 28 29 onto the same stream of data and is received by all subscriber stations located within the same sector, or in an alterna- 30 tive method (defined for the burst mode of operation) which allows bursts to be transmitted to specific CPEs in a sim- 31 ilar fashion to the TDMA upstream bursts. 32 33 3.1.2 Duplexing Technique 34 35 36 Several duplexing techniques are supported with this physical layer. The continuous transmission downstream mode 37 that is defined supports frequency division duplexing (FDD) only, while the burst mode of operation supports FDD 38 with adaptive modulation or time division duplexing (TDD). The primary difference between the continuous mode 39 and burst mode of operation for supporting FDD is the coding gain and how higher order modulation formats are sup- 40 41 ported. The continuous downstream mode is based on a concatenated Reed-Solomon, interleaver, and convolutional 42 code, and can support different orders of modulation on separate carriers. The burst mode supports the capability to 43 have different modulation formats transmitted on the same carrier so that the modulation level can be chosen on a 44 subscriber level basis (i.e., adaptive modulation). Note that adaptive modulation is supported with any of the duplex- 45 ing techniques that use the burst mode of operation. 46 47 48 3.1.3 Physical Media Dependent (PMD) Sublayers 49 50 Two different downstream physical layers have been defined in this standard. A Mode A downstream physical layer 51 has been designed for continuous transmission, while a Mode B physical layer has been designed to support a burst 52 53 transmission format. 54 Mode A is based upon a continuous transmission stream supporting a concatenation of Reed Solomon coding, inter- 55 56 leaving, and convolutional coding for use in an FDD only system. Mode B supports a burst format that allows sys- 57 tems to implement an adaptive modulation scheme for an FDD system as well as supporting TDD configurations. 58 59 This approach to standardization allows for service providers the ability to pick the format which best allows them to 60 meet their system requirements. Standards compliant subscriber stations are required to support at least one of the 61 downstream modes of operation as defined here. 62 63 A single upstream physical layer is also defined here to support a TDMA based burst upstream transmission. 64 65

This is an unapproved Task Group document being circulated for comment. 269 IEEE 802.16.1-00/01r4, September 2000

1 3.1.3.1 Continuous Downstream PMD Sublayer (Mode A) Overview 2 3 The Mode A downstream physical layer first encapsulates MAC packets into a convergence layer frame as defined by 4 5 the transmission convergence sublayer. Then, the data is randomized and encoded using a (204,188) Reed-Solomon 6 code over GF(256). Following the outer block encoder, the data goes through a convolutional interleaver with a 7 depth of I=12. Then, the data must either pass through an inner, constraint length 7, convolutional code with a rate of 8 1/2, 2/3, 3/4, 5/6, 7/8, or 1, or pass through a differential encoder (i.e., bypassing the convolutional encoder) as 9 defined in the following sections. Code bits are then mapped to a QPSK, 16-QAM (optional), or 64-QAM (optional) 10 11 signal constellation with symbol mapping as described here. Elements that are identified as optional need not be 12 implemented in order to be standards compliant. However, if these options are supported, they shall be supported in 13 the manner defined in this standard. Finally, symbols are Nyquist filtered using a square-root raised cosine filter with 14 a roll-off factor of 0.15, 0.25 or 0.35. 15 16 3.1.3.2 Burst Downstream PMD Sublayer (Mode B) Overview 17 18 The Mode B downstream physical layer has a framing mechanism associated with it that simplifies the support for 19 20 TDD systems and half-duplex terminals. The frame can either be configured to support a TDM transmission format, 21 which would typically be used in a TDD system or an FDD system supporting adaptive modulation/FEC groups (to 22 be discussed later). One unique preamble is used to indicate the beginning of a frame, which is followed by the PHY/ 23 MAC control data. A PHY control map is used to indicate the beginning of different modulation/FEC groups, which 24 will typically be in the order of QPSK followed by 16-QAM and 64-QAM with the FEC scheme chosen to meet each 25 26 desired C/I requirements. In addition, the modulation/FEC group specifications can change with time in order to 27 adjust to the changing channel conditions. Various frame configurations for FDD and TDD are supported, as was dis- 28 cussed in section Figure 2.6.4. All subscriber station data is FEC block encoded allowing for a shortening of the last 29 codeword of a burst. The Mode B downstream physical layer also goes through a transmission convergence sublayer 30 that inserts a pointer byte at the beginning of the payload information bytes to help the receiver identify the beginning 31 32 of a MAC packet. Data bits coming from the transmission convergence layer are first randomized, encoded using the 33 defined outer and possibly inner codes, and then mapped, along with the preambles, to a QPSK, 16-QAM, or 64- 34 QAM (optional) signal constellation. The modulated symbols are then Nyquist filtered using a square-root raised 35 cosine filter with a roll-off factor of 0.15, 0.25 or 0.35. 36 37 3.1.3.3 Upstream PMD Sublayer Overview 38 39 The upstream physical layer has been designed to support burst modulation for a TDMA based system. Since many 40 41 of the specific upstream channel parameters can be programmed by MAC layer messaging coming from the base sta- 42 tion, several parameters can be left unspecified and configured by the base station during the registration process in 43 order to optimize performance for a particular deployment scenario. In this mode, each burst is designed to carry 44 MAC messages of variable lengths. The transmitter first randomizes the incoming data, and then encodes the data 45 using an outer code and possibly an inner code to be selected by the MAC messages. The length of the codeword and 46 47 the error correction capability of the code are programmable by the MAC messages coming from the base station via 48 a burst configuration message. Each burst also contains a variable length preamble and a variable length guard space 49 at the end of the burst. The preamble and coded bits are mapped to QPSK, 16-QAM (optional), or 64-QAM 50 (optional) constellations. Nyquist pulse shaping using a square-root raised cosine filter is also employed with a roll- 51 off factor of 0.15, 0.25, or 0.35. 52 53 54 3.2 Downstream Physical Layer 55 56 57 This section describes the two different downstream physical layers that have been adopted for use in this standard. 58 A Mode A downstream physical layer has been designed for continuous transmission, while a Mode B physical layer 59 60 has been designed to support a burst transmission format. Subscriber stations must support at least one of these phys- 61 ical layers. 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 270 IEEE 802.16.1-00/01r4, September 2000

1 3.2.1 Mode A: Continuous Downstream Transmission 2 3 This mode of operation has been designed for a continuous transmission stream, using a single modulation/coding 4 5 combination on each carrier, in an FDD system (it is not applicable to FSDD or TDD operation). The physical media 6 dependent sublayer uses a concatenated Reed-Solomon, interleaver, and convolutional code Forward Error Correc- 7 tion coding scheme, and has no explicit frame structure. Where spectrum resources allow, multiple carriers may be 8 deployed, each using different modulation/coding methods defined here. 9 10 3.2.1.1 Mode A Downstream Transmission Convergence (TC) Sublayer 11 12 The downstream bitstream is defined as a continuous series of 188-byte packets. These packets consist of a one-byte 13 14 synchronization pattern (Byte 1) and a one-byte pointer (Byte 2) followed by 186 bytes of payload (Bytes 3-188). 15 The synchronization byte shall be set to hex 47 and shall be inverted to hex B8 every eight packets in order to reset 16 the randomization function. The pointer field identifies the byte number in the packet which indicates either the 17 beginning of the first MAC frame to start in the packet, or indicates the beginning of any stuff bytes that precede the 18 next MAC frame. For reference, the first byte in the packet is refered to as byte number 1. If no MAC frame begins 19 20 in the packet, then the pointer byte is set to 0. When no data is available to transmit, a stuff_byte pattern having a 21 value (0xFF) must be used within the payload to fill any gaps between the 802.16 MAC frames. This value is chosen 22 as an unused value for the first byte of the 802.16 MAC frame, which is designed to NEVER have this value. The 23 following figure illustrates the format of the packet leaving the convergence layer. 24 25 26 27 28 29 30 31 32 33 S P 186-byte Payload 34 35 P = 1 byte pointer field 36 37 S = 1 byte synch. pattern 38 39 40 Figure 116—Format of the Convergence Layer Packet 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 271 IEEE 802.16.1-00/01r4, September 2000

1 3.2.1.2 Mode A Physical Media Dependent (PMD) Sublayer 2 3 The encoding and decoding functions for the Mode A downstream physical layer are summarized in the following 4 5 block diagram: 6 7 8 9 Sync 10 byte Reed- Convol. Modulator Base- Baseband 11 inversion Solomon Convol. Code and To RF Data band Pulse 12 & Coder Interleaver Puncturing/ Physical Channel Interface Shaping 13 Randomi (204,188) Mapping Interface 14 zation 15 16 Base station 17 18 19 20 21 22 23 Synch1 24 Matched Physical Depunc./ Convol. Reed- byte 25 From Filter Baseband Interface Convol. de- Solomon inversion & Data 26 RF Channel & interface Demod. decoder interleaver Decoder derandomi 27 Equalizer 28 zation 29 30 31 Subscriber station 32 33 34 35 36 37 Figure 117— Conceptual Block diagram of the Mode A Downstream Physical Layer 38 39 40 3.2.1.2.1 Baseband interfacing 41 42 This unit shall adapt the data structure coming from the MAC layer to the format defined by the transmission conver- 43 gence sublayer defined above. 44 45 46 3.2.1.2.2 Synch. byte inversion and randomization 47 48 This unit shall invert the synch. byte according to the transmission convergence sublayer function, and randomizes 49 the data stream for spectrum shaping purposes. Randomization shall be employed to minimize the possibility of 50 transmission of an unmodulated carrier and to ensure adequate numbers of bit transitions to support clock recovery. 51 52 The stream of uncoded downstream packets, excluding synch. bytes, shall be randomized by modulo-2 addition of 53 the data with the output of the pseudo random binary stream (PRBS) generator, as illustrated in the following dia- 54 55 gram. 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 272 IEEE 802.16.1-00/01r4, September 2000

1 2 3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 4 5 6 0000 0011 ... 7 8 9 10 AND Randomized/clear 11 12 data output 13 Enable 14 Clear/randomized 15 data input 16 17 Data input (MSB first): 1 0 1 1 | 1 0 0 0 | x x x x | x x x x .... 18 19 PRBS sequence: | | 0 0 0 0 | 0 0 1 1 .... 20 21 22 Figure 118—Randomizer logic diagram 23 24 The PRBS shall be initialized at each inverted sync byte by the sequence 100101010000000 in the manner depicted in 25 the figure. The synch. byte (hex 47) shall be inverted (hex B8) every eight packets, starting at the beginning base sta- 26 tion powerup. 27 28 The generator polynomial for the PRBS shall be c(x) = x15 + x14 + 1. Following initialization, the first PRBS gener- 29 30 ator output bit shall be added to the first bit following the inverted synch. byte. Over subsequent synch. bytes, the 31 PRBS generator shall continue to step its internal shift register state but the PRBS output addition to the synch. byte 32 bits shall be disabled. Thus, the period of the PRBS sequence shall be 1504 bytes. The following diagram illustrates 33 the framing structure of the transport stream. 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 273 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 Sync. 187 bytes 6 byte 7 8 9 (a) Transmission convergence sublayer packet 10 11 12 PRBS period = 1504 bytes 13 14 R R R R 15 Sync1 Sync2 Sync8 Sync1 16 187 bytes 187 bytes 187 bytes 187 bytes 17 18 19 (b) Randomized transport packets: Sync bytes and Raondomized Sequence R 20 21 204 bytes 22 23 Sync. 24 187 bytes RS(204,188) 25 byte 26 27 (c) Reed-Solomon RS(204,188,t=8) error protected packet 28 29 30 31 Sync Sync 32 203 bytes 203 bytes 33 bytes byte 34 35 (d) Interleaved Frames maintaining sync. byte periodicity 36 37 38 Sync1 = not randomized complemented sync byte 39 40 Sync n = not randomized sync byte, n=2...8 41 42 43 Figure 119— Framing structure based on transmission convergence sublayer. 44 45 46 3.2.1.2.3 Reed Solomon Coding 47 48 Following the energy dispersal randomization process, systematic shortened Reed-Solomon encoding shall be per- 49 formed on each randomized transport packet, with T =8. This means that 8 erroneous bytes per transport packet can 50 51 be corrected. This process adds 16 parity bytes to the transport packet to give a 204 byte codeword. RS coding shall 52 also be applied to the packet synch byte, either non-inverted (i.e .47hex) or inverted (i.e. B8hex). 53 54 The Reed-Solomon code shall have the following generator polynomials: 55 µ0 µ1 µ2 µ2T-1 µ 56 Code Generator Polynomial: g(x) = (x+ )(x+ )(x+ )...(x+ )where = 02hex 57 8 4 3 2 58 Field Generator Polynomial: p(x) = x + x + x + x + 1 59 The shortened Reed-Solomon code shall be implemented by adding 51 bytes, all set to zero, before the information 60 61 bytes at the input of a (255,239) encoder; after the coding procedure these bytes are discarded. 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 274 IEEE 802.16.1-00/01r4, September 2000

1 3.2.1.2.4 Convolutional interleaving 2 3 The convolutional interleaving process shall be based on the Forney approach, with a depth of I=12. The interleaved 4 5 frame shall be composed of overlapping error protected packets and shall be delimited by synch. bytes (preserving 6 the periodicity of 204 bytes). 7 8 The interleaver is composed of I branches, cyclically connected to the input byte-stream by the input switch. Each 9 branch shall be a First In First Out (FIFO) shift register, with depth (M) cells (where M =N/I, N =2 0 4 =error pro- 10 tected frame length, I =12 = maximum interleaving depth, j = branch index). The cells of the FIFO shall contain 1 11 byte, and the input and output switches shall be synchronized, as shown in the diagram below. 12 13 For synchronization purposes, the sync bytes and the inverted sync bytes shall be always routed into the branch "0" of 14 the interleaver (corresponding to a null delay). 15 16 The deinterleaver is similar, in principle, to the interleaver, but the branch indexes are reversed (i.e . j=0 corresponds 17 to the largest delay). The de-interleaver synchronization is achieved by routing the first recognized sync byte into the 18 "0" branch. 19 20 21 Convolutional Interleaver Convolutional De-interleaver 22 23 24 sync word route 0 sync word route 0 0 0 25 M M M M 26 27 1 1 28 M 29 I-4 I-4 30 2 2 M M M 31 M M 32 Channel I-3 I-3 33 3 3 M M 34 M M M 35 1 byte per I-2 I-2 M 36 position 37 I-1 I-1 I-1 I-1 38 M M M M 39 40 41 42 43 44 45 M M-stage FIFO shift register 46 47 48 49 50 Figure 120— Conceptual diagram of the convolutional interleaver and de-interleaver. 51 52 3.2.1.2.5 Convolutional Coding with QPSK Modulation 53 54 55 When convolutional encoding is employed, the convolutional code shall be chosen from the following table of code 56 rates, which are obtained by puncturing a rate 1/2 constraint length 7 code having the following generator vectors G, 57 and puncturing patterns P (0 denotes punctured (deleted) bit). 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 275 IEEE 802.16.1-00/01r4, September 2000

1 Table 66—Convolutional Code Puncture Patterns 2 3 4 1/2 2/3 3/4 5/6 7/8 5 6 7 8 G1 G2 P Df P Df P Df P Df P Df 9 10 11 12 13 171 133 X=1 10 X=10 6 X=101 5 X=10101 4 X=1000101 3 14 oct oct Y=1 Y=11 Y=110 Y=11010 Y=1111010 15 I=X1 I=X1Y2Y3 I=X1Y2 I=X1Y2Y4 I=X1Y2Y4Y6 16 Q=Y1 Q=Y1X3Y4 Q=Y1X3 Q=Y1X3X5 Q=Y1Y3X5X7 17 18 19 20 21 22 23 The QPSK symbols will use gray-coded direct mapping of (I,Q) from bit pairs out of the convolutional encoder as 24 25 follows: 26 27 28 10 00 29 30 31 32 33 34 35 36 37 11 01 38 39 40 41 Figure 121— QPSK symbol mapping 42 43 44 3.2.1.2.6 Convolutional Coding with 16-QAM Modulation (optional) 45 46 16-QAM shall be supported using a rate 3/4 or 7/8 punctured convolutional code with the inner coding and constella- 47 tion mapping as described in [xxx]. 48 49 50 3.2.1.2.7 Differential encoding with QPSK or 16-QAM Modulation (16-QAM is optional) 51 52 In this mode, the inner convolutional code is disabled, and the mapping of bits to symbols shall use the following dif- 53 54 ferential encoder and mapper as defined in ITU-T J.83 Annex A. The two most significant bits (MSBs) of each sym- 55 bol shall be differentially coded in order to obtain a π/2 rotation-invariant QAM constellation. The differential 56 encoding of the two MSBs shall be given by the following Boolean expression: 57 58 ()⊕ ⋅ ()⊕ ()⊕ ⋅ ()⊕ 59 Ik = Ak Bk Ak Ik-1 + Ak Bk Ak Qk-1 60 61 ()⊕ ⋅ ()⊕ ()⊕ ⋅ ()⊕ 62 Qk = Ak Bk Bk Qk-1 + Ak Bk Bk Ik-1 63 64 65

This is an unapproved Task Group document being circulated for comment. 276 IEEE 802.16.1-00/01r4, September 2000

1 Note: For the above Boolean expressioab⊕ n "" denotes the EXOR abfunction,+ "" denotes the logical OR func- 2 tion, "ab⋅ " denotes the logical AND function and the overstrike denotes inversion. 3 4 The following figure gives an example of implementation of byte-to-symbol conversion. 5 6 q-1 0 7 8 Byte 8 B = b I 9 to k q Q k I and Q 10 from m- tuple differential 11 A = b mapping convolutional conversion k q+1 encoding I 12 k Q 13 interleaver 14 q=0 for QPSK, q=2 for 16-QAM 15 16 17 Figure 122— Example implementation of the byte to m-tuple conversion 18 19 and the differential encoding of the two MSBs. 20 21 For QPSK, the output of the differential encoder shall map directly to the QPSK signal constellation based on the 22 Quadrant to MSB mapping shown in the following table. The mapping of bits to symbols for 16-QAM, when imple- 23 mented as an option, is given by the following figure. 24 25 Table 67— Conversion of constellation of quadrant 1 to other quadrants of the 26 constellation diagrams given in the following diagrams. 27 28 29 30 31 32 Quadrant MSBs LSBs rotation 33 34 1000 35 36 210π 37 + /2 38 39 311+ π 40 41 401+ 3π/2 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 277 IEEE 802.16.1-00/01r4, September 2000

1 2 Q 3 11 01 10 11 4 5 6 7 IQ = 10 IQ = 00 kk kk 8 9 10 00 00 01 10 11 12 I 13 14 15 01 00 00 10 16 17 18 19 IQ = 11 IQ = 01 kk kk 20 21 11 10 01 11 22 23 24 25 26 27 Figure 123—16-QAM Constellation Diagram 28 29 3.2.1.2.8 Differential encoding with 64-QAM Modulation (optional) 30 31 32 64-QAM modulation shall be optionally supported in this specification in order to allow for the future support for 33 higher capacity links. This option uses the same differential encoding structure described above, with q=4 in the dif- 34 35 ferential encoder, and the following mapping of bits to symbols. 36 37 Q 38 39 1100 1110 0110 0100 1000 1001 1101 1100 40 41 1101 1111 0111 0101 1010 1011 1111 1110 42 IQ = 10 IQ = 00 kk kk 43 44 1001 1011 0011 0001 0010 0011 0111 0110 45 46 1000 1010 0010 0000 0000 0001 0101 0100 47 I 48 49 50 0100 0101 0001 0000 0000 0010 1010 1000 51 52 53 0110 0111 0011 0010 0001 0011 1011 1001 54 IQ = 11 I Q = 01 kk kk 55 1110 1111 1011 1010 0101 0111 1111 1101 56 57 1100 1101 1001 1000 0100 0110 1110 1100 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 278 IEEE 802.16.1-00/01r4, September 2000

1 Figure 124—64-QAM Constellation Diagram 2 3 3.2.1.2.9 Baseband Pulse Shaping 4 5 6 Prior to modulation, the I and Q signals shall be filtered by square-root raised cosine filters. The excess bandwidth 7 factor α shall be either 0.15, 0.25 or 0.35. The ideal square-root raised cosine filter is defined by the following trans- 8 fer function H: 9 10 ()() ()< ()α 11 Hf = 1 for ffN 1 – 12 1 13 --- 14 2 1 1 π fN– f 15 Hf()= --- + --- sin------for ()()f ()1 – α ≤≤ff()()1 + α α N N 16 2 2 2fN 17  18 ()() ()> ()α 19 Hf = 0 for ffN 1 + 20 21 1 RS 22 where fN ==------is the Nyquist frequency. 23 2TS 2 24 25 3.2.1.2.10 Summary of Mode A Downstream Physical Layer Parameters 26 27 28

29 14 15 30 Randomization 1 + X + X 31 Initialization: 100101010000000 32 33 34 Reed-Solomon Coding (204,188) with T=8 byte errors corrected 35 36 Interleaving Convolutional with depth I=12. 37 38 Convolutional coding Selectable: rate 1/2, 2/3, 3/4, 5/6, 7/8,or 1 (disabled) 39 40 41 Modulation QPSK, 16-QAM (optional), or 64-QAM (optional) 42 43 Differential encoding enabled/disabled (enabled only when convolutional cod- 44 ing is not employed) 45 46 Spectral shaping α 47 =0.15, 0.25 or 0.35 48 49 Spectral inversion inverted or non-inverted 50 51 52 3.2.2 Mode B: Burst Downstream Transmission 53 54 This mode of operation has been designed to support burst transmission in the downstream channel. In particular, 55 this mode is applicable for systems using adaptive modulation in an FDD system or for systems using TDD, both of 56 57 which require a burst capability in the downstream channel. Operating with a burst capability puts some constraints 58 on several aspects of the physical layer, primarily with respect to phase recovery and allowable codeword lengths, 59 which are taken into account in this mode of operation. In order to simplify phase recovery and channel tracking, a 60 fixed frame time is used. At the beginning of every frame, a preamble is transmitted in order to allow for phase 61 recover and equalization training. A description of the framing mechanism and the structure of the frame is further 62 63 described in Section Section 2.6.4. 64 65

This is an unapproved Task Group document being circulated for comment. 279 IEEE 802.16.1-00/01r4, September 2000

1 3.2.2.1 Mode B Downstream Transmission Convergence (TC) Sublayer 2 3 4 First, the downstream payload is segmented into blocks of data designed to fit into the proper codeword size after the 5 convergence layer bytes are added. Note that the payload length may vary, depending on whether shortening of code- 6 words is allowed or not for this burst type. A pointer byte is then added to each payload segment, as shown in the fol- 7 lowing figure: 8 9 10 11 12 13 14 P Variable length Payload 15 16 17 18 P = 1 byte pointer field 19 20 21 22 Figure 125— Format of the Convergence Layer Packet 23 24 25 The pointer field identifies the byte number in the packet which indicates either the beginning of the first MAC frame 26 27 to start in the packet, or indicates the beginning of any stuff bytes that precede the next MAC frame. For reference, 28 the first byte in the packet is refered to as byte number 1. If no MAC frame begins in the packet, then the pointer byte 29 is set to 0. When no data is available to transmit, a stuff_byte pattern having a value (0xFF) must be used within the 30 payload to fill any gaps between the 802.16 MAC frames. This value is chosen as an unused value for the first byte 31 of the 802.16 MAC frame, which is designed to NEVER have this value. 32 33 3.2.2.2 Mode B Physical Media Dependent (PMD) Sublayer 34 35 36 The downstream physical layer coding and modulation for this mode is summarized in the block diagram shown 37 below. 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 280 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 Modulator 7 Baseband FEC Preamble Symbol and To RF 8 Data Randomization Pulse Encoder Prepend Mapper Physical Channel Shaping 9 Interface 10 11 12 13 Subscriber Station 14 15 16 17 18 19 Physical From Interface Matched Symbol FEC De- 20 Data 21 RF Channel and Burst Filter De-mapper Decoder randomization Demod. 22 23 24 25 Base station 26 27 28 29 30 31 Figure 126—Conceptual Block diagram of the Mode B Downstream Physical Layer 32 33 3.2.2.2.1 Modulation/FEC Group Definitions 34 35 36 The downstream channel supports flexible modulation types and FEC coding on the user data portion of the frame. 37 Up to 16 modulation/FEC groups can be defined, each having the following parameters that are communicated to the 38 subscriber stations via MAC messages during the control portion of the downstream frame, which immediately fol- 39 lows the frame start preamble (see framing discussion from Section Section 2.6.4). Note that the control portion of 40 the frame has a fixed modulation (QPSK) and FEC scheme in order to allow the subscriber stations to detect the 41 42 MAC messages required to complete the registration process. After registration and authorization by the base station, 43 the subscriber station shall be assigned a particular modulation type and FEC type to be used for its user data. The 44 downstream channel and burst profiles are communicated to the CPEs via the MAC messages described in Section 45 2.5.2.2. 46 47 48 3.2.2.2.2 Downstream Physical Layer Terminal Capability Set Parameters 49 50 Since there exists some optional modulation and FEC schemes that can be implemented at the subscriber station, 51 there must exist some method for identifying the capability to the base station (i.e., including the highest order modu- 52 latoin supported, the optional FEC coding schemes supported, interleaving type supported, and the minimum short- 53 54 ened last codeword length supported). This information shall be communicated to the base station during the 55 subscriber registration period using the Registration Request and Response MAC messages described in Sections 56 2.5.7 and 2.5.8. 57 58 3.2.2.2.3 Randomization 59 60 61 Randomization shall be employed to minimize the possibility of transmission of an unmodulated carrier and to ensure 62 adequate numbers of bit transitions to support clock recovery. The stream of downstream packets shall be random- 63 64 65

This is an unapproved Task Group document being circulated for comment. 281 IEEE 802.16.1-00/01r4, September 2000

1 ized by modulo-2 addition of the data with the output of the pseudo random binary stream (PRBS) generator, as illus- 2 trated in the following diagram. 3 4 5 6 7 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 8 9 0000 0011 ... 10 11 12 13 14 AND Randomized/clear 15 data output 16 Enable 17 18 Clear/randomized 19 data input 20 21 22 23 Figure 127—Randomizer logic diagram. 24 25 At the beginning of each burst, the PRBS register is cleared and the seed value of 100101010000000 is loaded. Note 26 that a burst corresponds either to a TDM burst starting with a frame start preamble (Preamble 1 in the next section) or 27 a TDMA burst starting with a shortened preamble (Preamble 2 in the next section). The seed value must be used to 28 29 calculate the randomization bit, which is combined in an XOR with the first bit of data of each burst. 30 31 3.2.2.2.4 Forward Error Correction (FEC) 32 33 The forward error correction schemes for the Mode B downstream channel are selectable from the following types: 34 35 36 37 Table 68—FEC Code Types for Burst Downstream (Mode B) 38 39 40 Code Type Outer Code Inner Code 41 42 1 Reed Solomon over GF(256) None 43 44 2 Reed Solomon over GF(256) (24,16) Block convolutional code 45 46 3(Optional) Reed Solomon over GF(256) (9,8) Parity check code 47 48 4 (Optional) Block Turbo Code --- 49 50 51 52 Note that the first two code types MUST be implemented by all subscriber stations, while code types 3 and 4 are 53 optional. 54 55 Following is a summary of the four coding options: 56 (1) Reed-Solomon only: This case is useful either for a large data block or when high coding rate is required. The 57 58 protection could vary between t=1 to t=16. 59 (2) Reed-Solomon + Block convolutional code (soft decodable): This case is useful for low to moderate coding rates 60 61 providing good C/N enhancements. The coding rate is 2/3. 62 (3) Reed-Solomon + Parity check: This optional code his useful for moderate to high coding rates with small to 63 64 medium size blocks (i.e., K=16, 53 or 128). The code itself is a simple bit wise parity check operating on byte (8 bit) 65 level.

This is an unapproved Task Group document being circulated for comment. 282 IEEE 802.16.1-00/01r4, September 2000

1 (4) Block Turbo Code: This optional code is used to significantly lower the required C/I level needed for reliable 2 communication, and can be used to either extend the range of a base station or increase the code rate for greater 3 throughput. 4 5 6 3.2.2.2.5 Reed Solomon Encoding (for code types 1-3) 7 8 The outer block code for code types 1-3 shall be a shortened, systematic Reed-Solomon code generated from 9 GF(256) with information block lengths (K) variable from 6-255 bytes and error correction capability able to correct 10 11 up to 16 byte errors. The specified code generator polynomials are given by 12 Code Generator Polynomial: g(x) = (x+µ0)(x+µ1)(x+µ2) ... (x+µ2T-1), where µ= 02hex 13 14 Field Generator Polynomial: p(x) = x8 + x4 + x3 + x2 + 1 15 16 The specified code has a block length of 255 bytes, and shall be configured as a RS(255,255-R) code with informa- 17 tion bytes preceded by (255-N) zero symbols, where N is the codeword length and R the number of redundancy bytes 18 19 R=0 to 32. In the case of code type 3, R should be chosen odd if K is odd and should be chosen even if K is even in 20 order to ensure an even number of bytes in the codeword. 21 22 When the number of bytes entering the FEC process M is less than K bytes, the following operation is performed: 23 (1) (K-M) zero bytes are added to the M byte block as a prefix 24 25 (2) RS Encoding is performed 26 27 (3) If inner code is either of type 1 or 2 or if the code type 3 with (M+R) even, then 28 29 All of the (K-M) zero RS symbols not associated with the original data are discarded 30 31 (4) If inner code is code type 3 with (M+R) odd, then 32 The first (K-M-1) zero RS symbols not associated with the original data are discarded 33 34 (5) Inner coding is performed on remaining symbols 35 36 (6) The resulting byte block is converted to bit block 37 38 When the number of bytes entering the FEC process M is greater than K bytes, the following operation is performed: 39 40 (1) Encode K bytes 41 (2) Subtract K from M, meaning Let M=M-K 42 43 (3) If M

This is an unapproved Task Group document being circulated for comment. 283 IEEE 802.16.1-00/01r4, September 2000

1 Table 69—The Parameters of the Inner Codes for the Block Convolutional Code 2 3 4 5 6 7 Inner Code Rate Puncture pattern 8 9 G1 = 7, G2 = 5 10 11 2/3 11, 10 12 13 14 15 3.2.2.2.7 Code 3: Parity Check (Optional) 16 17 For the code type 3, a parity check bit is added to each RS symbol individually and inserted as the MSB of the result- 18 ing 9-bit word. The parity is an exclusive-or operation on all 8 bits within the symbol. The result is a 9(K+R) block of 19 20 bits, LSB first. 21 22 3.2.2.2.8 Code 4: Block Turbo Code (Optional) 23 24 25 The Block Turbo Code (BTC) is a Turbo decoded Product Code (TPC). The idea of this coding scheme is to use 26 extended Hamming block codes in a two dimensional matrix. The two-dimensional code block is depicted in Figure 27 128. The kx information bits in the rows are encoded into nx bits, by using an extended Hamming binary block (nx,kx) 28 29 code. Likewise, ky information bits in the columns are encoded into ny bits, by using the same or possibly different 30 extended Hamming binary block (ny,ky) code. The resultant code block is comprised of multiple rows and columns 31 32 of the constituent extended Hamming block codes. 33 34 Because extended Hamming codes are linear codes, it does not matter whether the rows or columns are encoded first. 35 For this standard, the rows shall be encoded first. After encoding the rows, the columns are encoded using another 36 block code (n ,k ), where the check bits of the first code are also encoded. The overall block size of such a product 37 y y 38 code is n = nx x ny, the total number of information bits kx x ky, the code rate is R = R x x Ry, where Ri = ki/ni and i=x 39 or y. 40 41 42 43 44 45 n1 46 k1 47 48 49 50 k information checks 51 2 52 bits 53 54 n2 55 checks 56 57 checks on 58 checks 59 60 61 62 63 64 Figure 128—Two-dimensional product code matrix. 65

This is an unapproved Task Group document being circulated for comment. 284 IEEE 802.16.1-00/01r4, September 2000

1 Table 70 provides the generator polynomials of the constituent Hamming codes used in this specification. 2 3 4 Table 70—Hamming Code Generator Polynomials 5 6 7 n k Generator Polynomial 8 9 5 2 10 31 26 x ++x 1 11 12 63 57 x6 ++x 1 13 14 15 16 The composite extended Hamming code specified requires addition of an overall even parity check bit at the end of 17 18 each codeword. 19 20 The encoder for a Block Turbo Code (BTCs) is composed of linear feedback shift registers (LFSRs), storage ele- 21 ments, and control logic. An example row (or column) encoder is shown here for clarification. The order of trans- 22 mission is important since the decoder must match for proper decoding. This specification mandates that the 23 24 resultant code block be transmitted row by row, left to right, top to bottom, for the case when no interleaving is used 25 (Interleaver Type 1 described below). 26 27 Figure 129 shows an example LFSR based on a x4 + x + 1 Hamming code polynomial to encode a (15,11) Hamming 28 code. Also shown is an even parity computation register that results in an extended Hamming code. Note that encod- 29 30 ers for the required (64,57) and (32,26) codes follow the same design concept. This figure is shown for clarification 31 of the BTC encoder design and does not depict an actual design implementation. 32 33 34 35 C 36 Overall Parity 37 Computation 38 39 40 A,B 41 42 43 C Encoded 44 Data Bits 45 A Bits 46 B,C A,B 47 Hamming ECC 48 Computation 49 50 51 A 52 x4 53 1 x 54 55 B,C 56 57 58 Figure 129—Example Encoder for a (16,11) Extended Hamming Code 59 60 The example circuit begins with all toggle switches in position A. Data to be encoded is fed as input one bit per clock 61 (LSB first) to both the Hamming error correction code (ECC) computation logic and the overall even parity computa- 62 63 tion logic. Extended Hamming codes are systematic codes, so this data is also fed through as output on the encoded 64 bit output. After all k bits are input, the toggle switches are moved to position B. At this point, data from the Ham- 65

This is an unapproved Task Group document being circulated for comment. 285 IEEE 802.16.1-00/01r4, September 2000

1 ming ECC logic is shifted out on the encoded bits bus. Finally, the overall parity bit is shifted out when the output 2 select switch is moved to position C. 3 4 In order to encode the product code, each data bit is fed as input both into a row LFSR and a column LFSR. Note that 5 6 only one row LFSR is necessary for the entire block, since data is written as input in row order. However, each col- 7 umn of the array must be encoded with a separate LFSR. Each column LFSR is clocked for only one bit of the row, 8 so a more efficient method of column encoding is to store the column LFSR states in a k x (n -k ) storage memory. 9 x y y 10 A single LFSR can then be used for all columns of the array. With each bit input, the appropriate column LFSR state 11 is read from the memory, clocked, and written back to the memory. 12 13 The encoding process will be demonstrated with an example. Assume a two-dimensional (8,4)x(8,4) extended Ham- 14 ming Product code is to be encoded. This block has 16 data bits, and 64 total encoded bits. Table 71 shows the orig- 15 16 inal 16 data bits denoted by Dyx, where y corresponds to a column and x corresponds to a row. 17 18 19 Table 71—Original Data for Encoding 20 21 22 D11 D21 D31 D41 23 24 D12 D22 D32 D42 25 26 D13 D23 D33 D43 27 28 D14 D24 D34 D44 29 30 31 32 33 The first four bits of the array are fed into the row encoder input in the order D 11, D21, D31, D41. Each bit is also fed 34 as input into a unique column encoder. Again, a single column encoder may be used, with the state of each column 35 stored in a memory. After the fourth bit is fed into the input, the first row encoder ECC bits are shifted out. 36 37 This process continues for all four rows of data. At this point, 32 bits have been taken as output from the encoder, and 38 39 the four column encoders are ready to shift out the column ECC bits. This data is shifted out at the end of the row. 40 This continues from the remaining 3 rows of the array. Table 72 shows the final encoded block with the 48 generated 41 ECC bits denoted by Eyx. 42 43 44 45 46 47 Table 72—Encoded Block 48 49 D D D D E E E E 50 11 21 31 41 51 61 71 81 51 D D D D E E E E 52 12 22 32 42 52 62 72 82 53 54 D13 D23 D33 D43 E53 E63 E73 E83 55 56 D14 D24 D34 D44 E54 E64 E74 E84 57 58 E15 E25 E35 E45 E55 E65 E75 E85 59 60 E16 E26 E36 E46 E56 E66 E76 E86 61 62 E17 E27 E37 E47 E57 E67 E77 E87 63 64 E18 E28 E38 E48 E58 E68 E78 E88 65

This is an unapproved Task Group document being circulated for comment. 286 IEEE 802.16.1-00/01r4, September 2000

1 Transmission of the block over the channel occurs in a linear manner; all bits of the first row are transmitted left to 2 right, followed by the second row, etc. This allows for the construction of a near zero-latency encoder, since the data 3 4 bits can be sent immediately over the channel, with the ECC bits inserted as necessary. For the (8,4)x(8,4) example, 5 the output order for the 64 encoded bits is D11, D21, D31, D41, E51, E61, E71, E81, D12, D22, … E88. 6 7 For easier readability, the following notation is used: 8 9 1. The codes defined for the rows (x-axis) are binary (nx,kx) block codes. 10 11 2. The codes defined for the columns (y-axis) are binary (ny,ky) block codes. 12 13 3. Data bits are noted D and parity bits are noted E . 14 yx yx 15 Shortened BTC 16 17 To match packet sizes, removing symbols from the array shortens a product code. Either rows or columns can be 18 19 removed until the appropriate size is reached. Note that parity bits are removed as part of the shortening process, 20 helping to keep the code rate high. Shortening is accomplished by removing entire rows and/or columns from the 21 array. This is equivalent to shortening the constituent codes that make up the product code. This method enables a 22 23 coarse granularity on shortening, and at the same time maintains the highest code rate possible by removing both data 24 and parity symbols. 25 26 Shortened Two -Dimensional BTC example 27 28 For example, the 128 byte BTC code in this specification is composed of (64,57) constituent codes in the two dimen- 29 sional array, which has been shortened by 25 rows and columns to form a (39,32) x (39,32) array. This code block 30 has 32 x 32 = 1024 data bits, which results in the desired 128 byte information block. Figure 138 shows the structure 31 32 of the resultant block. 33 34 35 36 37 38 39 40 57 bits 7 bits 41 42 43 44 45 57 bits 46 47 Unshortened Data 48 y Block Bits 49 50 Shortened 51 52 Block 53 7 bits ECC Bits 54 55 x 56 57 58 59 60 Figure 130—Structure of Shortened 2 D Block 61 62 Modifications to the encoder to support shortening are minimal. Since shortened bits are always zero, and zeros input 63 to the encoder LFSR result in a zero state, the shortened bits can simply be ignored for the purposes of encoding. The 64 65

This is an unapproved Task Group document being circulated for comment. 287 IEEE 802.16.1-00/01r4, September 2000

1 encoder simply needs to know how many bits per row to input to the row LFSR before shifting out the result. Simi- 2 larly, it must know the number of columns to input to the column encoders. 3 4 Transmission of the resultant code block must start with the first data bit in the first row, proceed left to right and then 5 6 row by row from top to bottom. 7 Table 73—Required Block Codes for the BTC Option for the Downlink Channel 8 9 10 11 Table 3-1: 12 13 14 Code (39,32)x(39,32) (63,56)x(63,56) 15 Aggregate Code 0.673 0.790 16 17 Rate 18 19 Uplink/Downlink/ Downlink Downlink 20 Both 21 22 Block size (pay- 1024 (128 bytes) 3136 (392 bytes) 23 load bits) 24 25 26 27 Interleaving 28 29 When using the Block Turbo Coding, two modes of bit interleaving shall be supported. The interleaver mechanism 30 shall be implemented by writing information bits into the encoder memory and reading out the encoded bits as fol- 31 32 lows: 33 1. Interleaver type 1: No interleaver. 34 35 In this mode the encoded bits are read from the encoder row by row, in the order that they were written. 36 37 2. Interleaver type 2: Block interleaver. 38 39 In this mode the encoded bits are read from the encoder, only after all first k2 rows were written into the encoder 40 41 memory. The bits are read column-by-column, proceeding from the top position in the first column. 42 43 3. Interleaver type 3: Reserved. 44 It is expected that other interleaving methods may yield better performance in some cases. So, this Interleaver type 3 45 46 has been reserved for future definition. 47 48 Block mapping to the signal constellation 49 50 The first encoded bit out shall be the LSB, which is the first bit written into the encoder. 51 Method for determining codes for payload size different than the listed examples 52 53 The following text describes a method for performing additional codeword shortening when the input block of data 54 55 does not match exactly the codeword information size. 56 57 1 Take the required payload as specified in bytes and convert it to bits (i.e., multiple by 8). 58 59 2 Take the square root of the resultant number. 60 3 Round the result up to the next highest integer. 61 62 4 Select the smallest base constituent code from the available list that has a k value equal to or greater than the 63 64 value determined in step 3. 65

This is an unapproved Task Group document being circulated for comment. 288 IEEE 802.16.1-00/01r4, September 2000

1 5 Subtract the value determined in step 3 from the k value selected in step 4. This value represents the number 2 of rows and columns that need to be shortened from the base constituent code selected in step 4. 3 4 This method will generally result in a code block whose payload is slightly larger than required in step 1. In order to 5 6 address the residual bits, the column dimension (ny,ky) should be shortened as needed as well as stuffing zero bits as 7 needed into the last bits of the last row of the resulting code matrix. The zero bits in the last row should be discarded 8 9 at the receiver. 10 Example: If a 20 byte payload code is desired, a (32,26) x (32,26) code is shortened by 13 rows and by 13 columns, 11 12 which results in a (19,13) x (19,13) code. There are 9 bits left over which are stuffed with zeros. Data input to the 13 defined encoder is 160 data bits followed by 9 zero bits. The code block is transmitted starting with the bit in row 1 14 column 1 (the LSB), then left to right, and then row by row. 15 16 17 3.2.2.2.9 Coding for the PHY/MAC control message portion of the frame 18 19 The PHY/MAC control portion of the downstream frame shall be encoded with a fixed set of parameters in order to 20 ensure that all subscriber stations can read the information. The modulation shall be QPSK, and the PHY/MAC con- 21 trol portion of the frame shall be encoded with an outer (40,20) Reed-Solomon code and an inner (24,16) convolu- 22 tional code. There must be a minimum of 2 codewords per control portion of the frame when a downstream 23 allocation map is present. 24 25 3.2.2.2.10 Burst Preambles 26 27 28 Tables 74 through 76 define the preambles for the different downstream burst types. These preamble are based upon 29 CAZAC sequences. The frame start preamble is always at the first part of a downstream frame and consists of a 32 30 symbol preamble (Burst Preamble 1), which is generated by repeating twice a CAZAC sequence of length 16 sym- 31 bols. In the case of the TDMA mode on a downstream, user bursts are transmitted with a shortened preamble of 16 32 symbols (Burst Preamble 2), which is generated with a single length 16 CAZAC sequence. Note that these sequences 33 34 have been shifted by +45 degrees in order to result in the same QPSK data symbol constellations. 35 Table 74— Burst Preamble Types 36 37 38 39 Burst type Preamble Modulation 40 Type Type 41 42 Downstream burst, Frame begin 1 QPSK 43 44 Downstream TDMA burst 2 QPSK 45 46 47 48 49 Table 75 defines the bit sequence for burst preamble 1. 50 Table 75— Burst Preamble 1 51 52 53 54 Symbol I Q B(1) B(2) 55 56 1 1 1 0 0 57 58 2 -1 1 1 0 59 60 61 3 -1 -1 1 1 62 63 4 1 -1 0 1 64 65

This is an unapproved Task Group document being circulated for comment. 289 IEEE 802.16.1-00/01r4, September 2000

1 2 3 5 1 1 0 0 4 5 6 -1 -1 1 1 6 7 7 1 1 0 0 8 9 10 8 -1 -1 1 1 11 12 9 1 1 0 0 13 14 10 1 -1 0 1 15 16 11 -1 -1 1 1 17 18 12 -1 1 1 0 19 20 21 13 1 1 0 0 22 23 14 1 1 0 0 24 25 15 1 1 0 0 26 27 16 1 1 0 0 28 29 17 1 1 0 0 30 31 32 18 -1 1 1 0 33 34 19 -1 -1 1 1 35 36 20 1 -1 0 1 37 38 21 1 1 0 0 39 40 22 -1 -1 1 1 41 42 43 23 1 1 0 0 44 45 24 -1 -1 1 1 46 47 25 1 1 0 0 48 49 26 1 -1 0 1 50 51 27 -1 -1 1 1 52 53 54 28 -1 1 1 0 55 56 29 1 1 0 0 57 58 30 1 1 0 0 59 60 31 1 1 0 0 61 62 32 1 1 0 0 63 64 65

This is an unapproved Task Group document being circulated for comment. 290 IEEE 802.16.1-00/01r4, September 2000

1 Table 76 defines the bit sequence for burst preamble 2. 2 3 Table 76—Burst Preamble 2 4 5 6 Symbol I Q B(1) B(2) 7 8 9 1 1 -1 0 1 10 11 2 -1 -1 1 1 12 13 3 1 1 0 0 14 15 4 1 1 0 0 16 17 5 1 1 0 0 18 19 20 6 -1 1 1 0 21 22 7 1 1 0 0 23 24 8 -1 -1 1 1 25 26 9 -1 1 1 0 27 28 10 1 1 0 0 29 30 31 11 1 1 0 0 32 33 12 1 1 0 0 34 35 13 -1 -1 1 1 36 37 14 1 -1 0 1 38 39 15 1 1 0 0 40 41 42 16 -1 -1 1 1 43 44 45 3.2.2.2.11 Modulation 46 47 To maximize utilization of the air-link, the physical layer uses a multi-level modulation scheme. The modulation con- 48 stellation can be selected based on the quality of the RF channel per subscriber. If link conditions permit, then a more 49 complex modulation scheme can be utilized hence maximizing air-link throughput while still allowing reliable data 50 51 transfer. If the air-link degrades over time, possibly due to environmental factors, the system can revert to the less 52 complex constellations to allow more reliable data transfer. 53 54 The modulation used by the BS in the downstream shall be QPSK, 16-QAM, (both mandatory) and 64-QAM. 55 The sequence of modulation bits shall be mapped onto a sequence of modulation symbols S(k), where k is the corre- 56 57 sponding symbol number. The number of bits per symbol is a result from the modulation type, for QPSK n=2, for 16- 58 QAM n=4, for 64-QAM n=6. B(m) denotes the modulation bit of a sequence to be transmitted, where m is the bit 59 number (m=1..n). In particular, B(1) corresponds to the first bit entering the modulator, B(2) corresponds to the sec- 60 ond bit entering the modulation, and so on. 61 62 The complex modulation symbol S(k) shall take the value I +jQ. The following subsections apply to the base-band 63 part of the transmitter. 64 65 Figure 131 and Table 77 describe the bit mapping for QPSK modulation.

This is an unapproved Task Group document being circulated for comment. 291 IEEE 802.16.1-00/01r4, September 2000

1 2 Q 3 10 00 4 5 6 7 8 I 9 10 11 01 11 12 13 14 15 16 Figure 131— QPSK Constellation 17 18 19 Table 77— QPSK Bits to Symbol Mapping 20 21 22 23 24 25 26 B(1) B(2) I Q 27 28 0011 29 30 011-1 31 10-11 32 33 11-1-1 34 35 36 37 Figure 132 and Table 78 describe the bit mapping for 16-QAM modulation. 38 39 40 Q 41 1001 0001 0101 42 1101 43 44 45 1100 1000 0000 0100 46 47 48 49 1110 1010 0010 0110 50 I 51 52 53 1111 1011 0011 0111 54 55 56 57 58 59 60 Figure 132— 16-QAM Constellation 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 292 IEEE 802.16.1-00/01r4, September 2000

1 Table 78— 16-QAM Bits to Symbol Mapping 2 3 4 5 6 7 B(1) B(2) B(3) B(4) I Q 8 9 010133 10 11 010031 12 13 01103-1 14 15 01113-3 16 17 000113 18 19 000011 20 00101-1 21 22 00111-3 23 24 1001-13 25 26 1000-11 27 28 1010-1-1 29 30 1011-1-3 31 32 1101-33 33 34 1100-31 35 36 1110-3-1 37 1111-3-3 38 39 40 41 42 Figure 133 and Table 79 describe the bit mapping for 64-QAM modulation. 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 293 IEEE 802.16.1-00/01r4, September 2000

1 2 Q 3 4 111011 110011 100011 101011 001011 000011 010011 011011 5 6 7 111010 110010 100010 101010 001010 000010 010010 011010 8 9 10 11 111000 110000 100000 101000 001000 000000 010000 011000 12 13 14 111001 110001 100001 101001 001001 000001 010001 011001 15 16 17 111101 110101 100101 101101 001101 000101 010101 011101 I 18 19 20 21 111100 110100 100100 101100 001100 000100 010100 011100 22 23 24 111110 110110 100110 101110 001110 000110 010110 011110 25 26 27 111111 110111 100111 101111 001111 000111 010111 011111 28 29 30 31 32 33 Figure 133— 64-QAM Constellation 34 35 Table 79— 64-QAM Bits to Symbol Mapping 36 37 38 39 40 41 B(1) B(2) B(3) B(4) B(5) B(6) I Q 42 43 01101177 44 45 01101075 46 01100073 47 48 01100171 49 50 0111017-1 51 52 0111007-3 53 54 0111107-5 55 56 0111117-7 57 58 01001157 59 60 01001055 61 62 01000053 63 64 01000151 65

This is an unapproved Task Group document being circulated for comment. 294 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 0101015-1 5 6 0101005-3 7 8 0101105-5 9 0101115-7 10 11 00001137 12 13 00001035 14 15 00000033 16 17 00000131 18 19 0001013-1 20 21 0001003-3 22 23 0001103-5 24 25 0001113-7 26 27 00101117 28 00101015 29 30 00100013 31 32 00100111 33 34 0011011-1 35 36 0011001-3 37 38 0011101-5 39 40 0011111-7 41 42 101011-17 43 44 101010-15 45 101000-13 46 47 101001-11 48 49 101101-1-1 50 51 101100-1-3 52 53 101110-1-5 54 55 101111-1-7 56 57 100011-37 58 59 100010-35 60 61 100000-33 62 100001-31 63 64 100101-3-1 65

This is an unapproved Task Group document being circulated for comment. 295 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 100100-3-3 5 6 100110-3-5 7 8 100111-3-7 9 110011-57 10 11 110010-55 12 13 110000-53 14 15 110001-51 16 17 110101-5-1 18 19 110100-5-3 20 21 110110-5-5 22 23 110111-5-7 24 25 111011-77 26 27 111010-75 28 111000-73 29 30 111001-71 31 32 111101-7-1 33 34 111100-7-3 35 36 111110-7-5 37 38 111111-7-7 39 40 41 42 43 44 3.2.2.2.12 Baseband Pulse Shaping 45 46 Prior to modulation, the I and Q signals shall be filtered by square-root raised cosine filters. The excess bandwidth 47 factor α shall be either 0.15, 0.25 or 0.35. The ideal square-root raised cosine filter is defined by the following trans- 48 fer function H: 49 50 51 ()Hf()= 1 for ()ff< ()1 – α 52 N 53 1 --- 54 π f – f 2 55 () 1 1 N ()()()α ≤≤()()α Hf = --- + --- sin------for fN 1 – ffN 1 + 56 2 2 2f α 57 N 58 ()() ()> ()α 59 Hf = 0 for ffN 1 + 60 61 R 62 1 S where fN ==------is the Nyquist frequency. 63 2TS 2 64 65

This is an unapproved Task Group document being circulated for comment. 296 IEEE 802.16.1-00/01r4, September 2000

1 3.2.2.2.13 Summary of Mode B Downstream Physical Layer Parameters 2 3 4 Table 80—Summary of Mode B Downstream Physical Layer Parameters 5 6 7 Transmission convergence layer Includes 1 pointer byte 8 9 Outer Coding Reed Solomon over GF(256) 10 11 Information byte lengths: 6-255 bytes 12 Error correction capability R=0-32 (T=0-16) 13 14 Block Turbo Code (optional) 15 (Note: There is no inner code selected in this case.) 16 17 Inner Coding Selectable from the following options: 18 None 19 20 (24,16) block convolutional code 21 (9,8) parity check code (optional) 22 23 Randomization 1 + X14 + X15 24 25 Initialization: 100101010000000 at the beginning of each burst 26 27 Preamble 32 symbol Frame Start Preamble 28 29 16 symbol preamble for TDMA case 30 31 Modulation QPSK, 16-QAM, or 64-QAM (optional) 32 33 Spectral shaping α=0.15, 0.25, or 0.35 34 35 36 37 3.3 Upstream Physical Layer 38 39 3.3.1 Upstream Channel and Burst Descriptions 40 41 42 Since subscriber stations cannot transmit in the upstream channel until they have received some minimal configura- 43 tion information from the base station, it is possible to support several different configurations that can be adjusted on 44 an upstream channel basis or on a burst-by-burst basis. These parameters, and their ranges, are supported through 45 46 MAC layer signaling, as described in Section 2.5.2.1. 47 48 3.3.2 Upstream Transmission Convergence (TC) Sublayer 49 50 51 When the transmission convergence layer is disabled, MAC packets are carried directly within upstream bursts. 52 When the transmission convergence layer is enabled, the payload shall be partitioned in the following manner. First, 53 the upstream payload is segmented into blocks of data designed to fit into the proper codeword size after the conver- 54 55 gence layer bytes are added. Note that the payload length may vary, depending on whether shortening of codewords 56 is allowed or not for this burst type. A pointer byte is then added to each payload segment. The pointer field identi- 57 fies the byte number in the packet which indicates either the beginning of the first MAC PDU to start in the packet, or 58 59 indicates the beginning of any stuff bytes that precede the next MAC PDU. For reference, the first byte in the packet 60 is refered to as byte number 1. If no MAC frame begins in the packet, then the pointer byte is set to 0. When no data 61 is available to transmit, a stuff_byte pattern having a value (0xFF) must be used within the payload to fill any gaps 62 between the 802.16 MAC frames. This value is chosen as an unused value for the first byte of the 802.16 MAC 63 64 65

This is an unapproved Task Group document being circulated for comment. 297 IEEE 802.16.1-00/01r4, September 2000

1 frame, which is designed to NEVER have this value. The following figure illustrates the format of the packet leaving 2 the convergence layer: 3 4 5 6 7 8 9 10 P Variable length Payload 11 12 13 P = 1 byte pointer field 14 15 16 17 Figure 134— Format of the Convergence Layer Packet 18 19 3.3.3 Upstream Physical Media Dependent (PMD) sublayer 20 21 22 The upstream physical layer coding and modulation are summarized in the block diagram shown below. 23 24 25 26 27 28 29 Modulator Baseband 30 FEC Preamble Symbol and To RF Data Randomization Pulse Encoder Prepend Mapper Physical Channel 31 Shaping 32 Interface 33 34 35 36 Subscriber Station 37 38 39 40 41 Physical 42 From Interface Matched Symbol FEC De- Data 43 RF Channel and Burst Filter De-mapper Decoder randomization 44 Demod. 45 46 47 48 Base station 49 50 51 52 53 Figure 135— Conceptual Block diagram of the 802.16 Burst Transmission Upstream Physical Layer 54 55 56 57 3.3.3.1 Randomization for spectrum shaping 58 59 The upstream modulator must implement a randomizer using the polynomial x 15+x14+1 with a 15-bit programmable 60 61 seed. At the beginning of each burst, the register is cleared and the seed value is loaded. The seed value must be used 62 to calculate the scrambler bit, which is combined in an XOR with the first bit of data of each burst (which is the MSB 63 of the first symbol following the last symbol of the preamble). 64 65

This is an unapproved Task Group document being circulated for comment. 298 IEEE 802.16.1-00/01r4, September 2000

1 3.3.3.2 Forward Error Correction 2 3 The forward error correction scheme for the upstream channel are selectable from the following types: 4 5 6 7 Table 81—FEC Code Types for the Upstream Channel 8 9 10 Code Type Outer Code Inner Code 11 12 1 Reed Solomon over GF(256) None 13 14 2 Reed Solomon over GF(256) (24,16) Block convolutional code 15 16 3 (Optional) Reed Solomon over GF(256) (9,8) Parity check code 17 18 4 (Optional) Block Turbo Code --- 19 20 21 22 Note that the first two code types MUST be implemented by all subscriber stations, while code types 3 and 4 are 23 optional. 24 25 Following is a summary of the four coding options: 26 (1) Reed-Solomon only: This case is useful either for a large data block or when high coding rate is required. The 27 28 protection could vary between t=1 to t=16. 29 (2) Reed-Solomon + Block convolutional code (soft decodable): This case is useful for low to moderate coding rates 30 31 providing good C/N enhancements. The coding rate is 2/3. 32 (3) Reed-Solomon + Parity check: This optional code is useful for moderate to high coding rates with small to 33 34 medium size blocks (i.e., K=16, 53 or 128). The code itself is a simple bit wise parity check operating on byte (8 bit) 35 level. 36 37 (4) Block Turbo Code: This optional code is used to significantly lower the required C/I level needed for reliable 38 communication, and can be used to either extend the range of a base station or increase the code rate for greater 39 throughput. 40 41 3.3.3.2.1 Reed Solomon Encoding (for code types 1-3) 42 43 44 The outer block code for code types 1-3 shall be a shortened, systematic Reed-Solomon code generated from 45 GF(256) with information block lengths (K) variable from 6-255 bytes and error correction capability able to correct 46 up to 16 byte errors. The specified code generator polynomials are given by 47 48 Code Generator Polynomial: g(x) = (x+µ0)(x+µ1)(x+µ2) ... (x+µ2T-1), where µ= 02hex 49 50 Field Generator Polynomial: p(x) = x8 + x4 + x3 + x2 + 1 51 52 The specified code has a block length of 255 bytes, and shall be configured as a RS(255,255-R) code with informa- 53 tion bytes preceded by (255-N) zero symbols, where N is the codeword length and R the number of redundancy bytes 54 55 R=0 to 32. In the case of code type 3, R should be chosen odd if K is odd and should be chosen even if K is even. 56 When the number of bytes entering the FEC process M is less than K bytes, the following operation is performed: 57 58 (1) (K-M) zero bytes are added to the M byte block as a prefix 59 60 (2) RS Encoding is performed 61 62 (3) If inner code is either of type 1 or 2 or if the code type 3 with (M+R) even, then 63 64 All of the (K-M) zero RS symbols not associated with the original data are discarded 65

This is an unapproved Task Group document being circulated for comment. 299 IEEE 802.16.1-00/01r4, September 2000

1 (4) If inner code is code type 3 with (M+R) odd, then 2 3 The first (K-M-1) zero RS symbols not associated with the original data are discarded 4 5 (5) Inner coding is performed on remaining symbols 6 (6) The resulting byte block is converted to bit block 7 8 When the number of bytes entering the FEC process M is greater than K bytes, the following operation is performed: 9 10 (1) Encode K bytes 11 12 (2) Subtract K from M, meaning Let M=M-K 13 14 (3) If M

This is an unapproved Task Group document being circulated for comment. 300 IEEE 802.16.1-00/01r4, September 2000

1 block code (ny,ky), where the check bits of the first code are also encoded. The overall block size of such a product 2 3 code is n = nx x ny, the total number of information bits kx x ky, the code rate is R = R x x Ry, where Ri = ki/ni and i=x 4 or y. 5 6 7 8 9 10 n1 11 k1 12 13 14 15 k2 information checks 16 17 bits 18 19 n2 20 checks 21 22 checks on 23 checks 24 25 26 27 28 29 Figure 136—Two-dimensional product code matrix. 30 31 Table 83 provides the generator polynomials of the constituent Hamming codes used in this specification. 32 33 34 Table 83—Hamming Code Generator Polynomials 35 36 37 n k Generator Polynomial 38 39 31 26 5 2 40 x ++x 1 41 42 63 57 x6 ++x 1 43 44 45 46 The composite extended Hamming code specified requires addition of an overall even parity check bit at the end of 47 48 each codeword. 49 The encoder for a Block Turbo Code (BTCs) is composed of linear feedback shift registers (LFSRs), storage ele- 50 51 ments, and control logic. An example row (or column) encoder is shown here for clarification. The order of trans- 52 mission is important since the decoder must match for proper decoding. This specification mandates that the 53 resultant code block be transmitted row by row, left to right, top to bottom, for the case when no interleaving is used 54 55 (Interleaver Type 1 described below). 56 4 57 Figure 137 shows an example LFSR based on a x + x + 1 Hamming code polynomial to encode a (15,11) Hamming 58 code. Also shown is an even parity computation register that results in an extended Hamming code. Note that encod- 59 ers for the required (64,57) and (32,26) codes can follow the same design concept. This figure is shown for clarifica- 60 61 tion of the BTC encoder design and does not depict an actual design implementation. 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 301 IEEE 802.16.1-00/01r4, September 2000

1 2

3 C 4 Overall Parity 5 Computation 6 7 8 A,B 9 10 11 C 12 Encoded Data Bits 13 Bits 14 A B,C A,B 15 Hamming ECC 16 17 Computation 18 19 A 20 x4 21 1 x 22 23 B,C 24 25 26 Figure 137—Example Encoder for a (16,11) Extended Hamming Code 27 28 This example circuit begins with all toggle switches in position A. Data to be encoded is fed as input one bit per 29 30 clock (LSB first) to both the Hamming error correction code (ECC) computation logic and the overall even parity 31 computation logic. Extended Hamming codes are systematic codes, so this data is also fed through as output on the 32 encoded bit output. After all k bits are input, the toggle switches are moved to position B. At this point, data from the 33 34 Hamming ECC logic is shifted out on the encoded bits bus. Finally, the overall parity bit is shifted out when the out- 35 put select switch is moved to position C. 36 37 In order to encode the product code, each data bit is fed as input both into a row LFSR and a column LFSR. Note that 38 only one row LFSR is necessary for the entire block, since data is written as input in row order. However, each col- 39 40 umn of the array must be encoded with a separate LFSR. Each column LFSR is clocked for only one bit of the row, 41 so a more efficient method of column encoding is to store the column LFSR states in a kx x (ny-ky) storage memory. 42 A single LFSR can then be used for all columns of the array. With each bit input, the appropriate column LFSR state 43 44 is read from the memory, clocked, and written back to the memory. 45 46 The encoding process will be demonstrated with an example. Assume a two-dimensional (8,4)x(8,4) extended Ham- 47 ming Product code is to be encoded. This block has 16 data bits, and 64 total encoded bits. Table 84 shows the orig- 48 inal 16 data bits denoted by Dyx, where y corresponds to a column and x corresponds to a row. 49 50 51 52 Table 84—Original Data for Encoding 53 54 D D D D 55 11 21 31 41 56 57 D12 D22 D32 D42 58 59 D13 D23 D33 D43 60 61 D14 D24 D34 D44 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 302 IEEE 802.16.1-00/01r4, September 2000

1 The first four bits of the array are fed into the row encoder input in the order D 11, D21, D31, D41. Each bit is also fed 2 3 as input into a unique column encoder. Again, a single column encoder may be used, with the state of each column 4 stored in a memory. After the fourth bit is fed into the input, the first row encoder ECC bits are shifted out. 5 6 This process continues for all four rows of data. At this point, 32 bits have been taken as output from the encoder, and 7 the four column encoders are ready to shift out the column ECC bits. This data is shifted out at the end of the row. 8 9 This continues from the remaining 3 rows of the array. Table 85 shows the final encoded block with the 48 generated 10 ECC bits denoted by Eyx. 11 12 13 14 15 Table 85—Encoded Block 16 17 18 D11 D21 D31 D41 E51 E61 E71 E81 19 20 D12 D22 D32 D42 E52 E62 E72 E82 21 22 D13 D23 D33 D43 E53 E63 E73 E83 23 24 D D D D E E E E 25 14 24 34 44 54 64 74 84 26 E E E E E E E E 27 15 25 35 45 55 65 75 85 28 E E E E E E E E 29 16 26 36 46 56 66 76 86 30 31 E17 E27 E37 E47 E57 E67 E77 E87 32 33 E18 E28 E38 E48 E58 E68 E78 E88 34 35 36 37 Transmission of the block over the channel occurs in a linear manner; all bits of the first row are transmitted left to 38 right, followed by the second row, etc. This allows for the construction of a near zero-latency encoder, since the data 39 40 bits can be sent immediately over the channel, with the ECC bits inserted as necessary. For the (8,4)x(8,4) example, 41 the output order for the 64 encoded bits is D11, D21, D31, D41, E51, E61, E71, E81, D12, D22, … E88. 42 43 For easier readability, the following notation is used: 44 45 1. The codes defined for the rows (x-axis) are binary (nx,kx) block codes. 46 47 2. The codes defined for the columns (y-axis) are binary (ny,ky) block codes. 48 49 3. Data bits are noted Dyx and parity bits are noted Eyx. 50 51 Shortened BTC 52 53 To match packet sizes, removing symbols from the array shortens a product code. Either rows or columns can be 54 removed until the appropriate size is reached. Note that parity bits are removed as part of the shortening process, 55 56 helping to keep the code rate high. Shortening is accomplished by removing entire rows and/or columns from the 57 array. This is equivalent to shortening the constituent codes that make up the product code. This method enables a 58 coarse granularity on shortening, and at the same time maintains the highest code rate possible by removing both data 59 60 and parity symbols. 61 62 Shortened Two -Dimensional BTC example 63 For example, the 128 byte BTC code in this specification is composed of (64,57) constituent codes in the two dimen- 64 65 sional array, which has been shortened by 25 rows and columns to form a (39,32) x (39,32) array. This code block

This is an unapproved Task Group document being circulated for comment. 303 IEEE 802.16.1-00/01r4, September 2000

1 has 32 x 32 = 1024 data bits, which results in the desired 128 byte information block. Figure 138 shows the structure 2 of the resultant block. 3 4 5 6 7 8 9 10 57 bits 7 bits 11 12 13 14 15 16 57 bits 17 18 Unshortened Data 19 y Block Bits 20 21 Shortened 22 Block 23 7 bits ECC Bits 24 25 26 x 27 28 29 30 31 Figure 138—Structure of Shortened 2 D Block 32 33 Modifications to the encoder to support shortening are minimal. Since shortened bits are always zero, and zeros input 34 to the encoder LFSR result in a zero state, the shortened bits can simply be ignored for the purposes of encoding. The 35 encoder simply needs to know how many bits per row to input to the row LFSR before shifting out the result. Simi- 36 37 larly, it must know the number of columns to input to the column encoders. 38 39 Transmission of the resultant code block must start with the first data bit in the first row, proceed left to right and then 40 row by row from top to bottom. 41 42 43 Table 86—Required Block Codes for the BTC Option for the Uplink Channel 44 45 46 Code (32,24)x(25,19) 47 48 Aggregate Code 0.608 49 Rate 50 51 Uplink/Downlink/ Uplink 52 Both 53 54 Block size (pay- 456 (57 bytes) 55 load bits) 56 57 58 59 Interleaving 60 61 When using the Block Turbo Coding, two modes of bit interleaving shall be supported. The interleaver mechanism 62 63 shall be implemented by writing information bits into the encoder memory and reading out the encoded bits as fol- 64 lows: 65

This is an unapproved Task Group document being circulated for comment. 304 IEEE 802.16.1-00/01r4, September 2000

1 1. Interleaver type 1: No interleaver. 2 3 In this mode the encoded bits are read from the encoder row by row, in the order that they were written. 4 5 2. Interleaver type 2: Block interleaver. 6 7 In this mode the encoded bits are read from the encoder, only after all first k2 rows were written into the encoder 8 memory. The bits are read column-by-column, proceeding from the top position in the first column. 9 10 3. Interleaver type 3: Reserved. 11 12 It is expected that other interleaving methods may yield better performance in some cases. So, this Interleaver type 3 13 14 has been reserved for future definition. 15 Block mapping to the signal constellation 16 17 The first encoded bit out shall be the LSB, which is the first bit written into the encoder. 18 19 Method for determining codes for payload size different than the listed examples 20 21 The following text describes a method for performing additional codeword shortening when the input block of data 22 does not match exactly the codeword information size. 23 24 1 Take the required payload as specified in bytes and convert it to bits (i.e., multiple by 8). 25 26 2 Take the square root of the resultant number. 27 28 3 Round the result up to the next highest integer. 29 30 4 Select the smallest base constituent code from the available list that has a k value equal to or greater than the 31 value determined in step 3. 32 33 5 Subtract the value determined in step 3 from the k value selected in step 4. This value represents the number 34 35 of rows and columns that need to be shortened from the base constituent code selected in step 4. 36 37 This method will generally result in a code block whose payload is slightly larger than required in step 1. In order to 38 address the residual bits, the column dimension (ny,ky) should be shortened as needed as well as stuffing zero bits as 39 needed into the last bits of the last row of the resulting code matrix. The zero bits in the last row should be discarded 40 41 at the receiver. 42 43 Example: If a 20 byte payload code is desired, a (32,26) x (32,26) code is shortened by 13 rows and by 13 columns, 44 which results in a (19,13) x (19,13) code. There are 9 bits left over which are stuffed with zeros. Data input to the 45 defined encoder is 160 data bits followed by 9 zero bits. The code block is transmitted starting with the bit in row 1 46 column 1 (the LSB), then left to right, and then row by row. 47 48 3.3.3.3 Preamble 49 50 51 The preamble shall be programmable and set by the base station based upon an integer number of repetitions of the 52 following length 16 CAZAC sequence. Table 86a defines the bit sequence for the base preamble. 53 54 3.3.3.4 Modulation 55 56 The modulation used on the upstream channel shall be variable and set by the base station. QPSK must be supported, 57 while 16-QAM and 64-QAM are optional, with the following mappings of bits to symbols. The sequence of modula- 58 tion bits shall be mapped onto a sequence of modulation symbols S(k), where k is the corresponding symbol number. 59 60 The number of bits per symbol is a result from the modulation type, for QPSK n=2, for 16-QAM n=4, for 64-QAM 61 n=6. B(m) denotes the modulation bit of a sequence to be transmitted, where m is the bit number (m=1..n). In partic- 62 ular, B(1) corresponds to the first bit entering the modulator, B(2) corresponds to the second bit entering the modula- 63 tion, and so on. 64 65

This is an unapproved Task Group document being circulated for comment. 305 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 5 6 Table 86a—Upstream Base Preamble Sequence 7 8 9 10 Symbol I Q B(1) B(2) 11 12 1 1 1 0 0 13 14 2 1 1 0 0 15 16 17 3 1 -1 0 1 18 19 4 -1 -1 1 1 20 21 5 -1 -1 1 1 22 23 6 1 1 0 0 24 25 7 1 1 0 0 26 27 28 8 -1 1 1 0 29 30 9 1 1 0 0 31 32 10 1 1 0 0 33 34 11 -1 1 1 0 35 36 12 1 1 0 0 37 38 39 13 -1 -1 1 1 40 41 14 1 1 0 0 42 43 15 -1 -1 1 1 44 45 16 1 -1 0 1 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 305a IEEE 802.16.1-00/01r4, September 2000

1 The complex modulation symbol S(k) shall take the value I +jQ. The following subsections apply to the base-band 2 part of the transmitter. 3 4 5 3.3.3.4.1 QPSK Symbol Mapping 6 7 The following mapping of bits to symbols shall be support for QPSK modulation: 8 9 10 11 Q 12 10 00 13 14 15 16 17 18 I 19 20 11 01 21 22 23 24 25 26 Figure 139— QPSK constellation mapping 27 28 29 Table 87—QPSK Bits to Symbol Mapping 30 31 32 33 34 35 36 B(1) B(2) I Q 37 38 0011 39 40 011-1 41 42 10-11 43 44 11-1-1 45 46 47 48 3.3.3.4.2 Gray-coded 16-QAM (Optional) 49 50 Figure 140 and Table 88 describe the bit mapping for 16-QAM modulation. 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 306 IEEE 802.16.1-00/01r4, September 2000

1 2 Q 3 1001 0001 0101 4 1101 5 6 7 1100 1000 0000 0100 8 9 10 11 1110 1010 0010 0110 12 I 13 14 15 1111 1011 0011 0111 16 17 18 19 20 21 22 Figure 140— 16-QAM Constellation 23 24 25 26 Table 88— 16-QAM Bits to Symbol Mapping 27 28 29 30 31 32 B(1) B(2) B(3) B(4) I Q 33 34 010133 35 36 010031 37 38 01103-1 39 01113-3 40 41 000113 42 43 000011 44 45 00101-1 46 47 00111-3 48 49 1001-13 50 51 1000-11 52 53 1010-1-1 54 55 1011-1-3 56 57 1101-33 58 1100-31 59 60 1110-3-1 61 62 1111-3-3 63 64 65

This is an unapproved Task Group document being circulated for comment. 307 IEEE 802.16.1-00/01r4, September 2000

1 3.3.3.4.3 Gray-coded 64-QAM (Optional) 2 3 4 Figure 141 and Table 89 describe the bit mapping for 64-QAM modulation. 5 6 Q 7 8 111011 110011 100011 101011 001011 000011 010011 011011 9 10 11 12 111010 110010 100010 101010 001010 000010 010010 011010 13 14 15 111000 110000 100000 101000 001000 000000 010000 011000 16 17 18 19 111001 110001 100001 101001 001001 000001 010001 011001 20 21 111101 110101 100101 101101 001101 000101 010101 011101 I 22 23 24 25 111100 110100 100100 101100 001100 000100 010100 011100 26 27 28 111110 110110 100110 101110 001110 000110 010110 011110 29 30 31 32 111111 110111 100111 101111 001111 000111 010111 011111 33 34 35 36 37 38 Figure 141— 64-QAM Constellation 39 Table 89—64-QAM Bits to Symbol Mapping 40 41 42 43 44 45 B(1) B(2) B(3) B(4) B(5) B(6) I Q 46 47 01101177 48 49 01101075 50 51 01100073 52 53 01100171 54 55 0111017-1 56 0111007-3 57 58 0111107-5 59 60 0111117-7 61 62 01001157 63 64 01001055 65

This is an unapproved Task Group document being circulated for comment. 308 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 01000053 5 6 01000151 7 8 0101015-1 9 0101005-3 10 11 0101105-5 12 13 0101115-7 14 15 00001137 16 17 00001035 18 19 00000033 20 21 00000131 22 23 0001013-1 24 25 0001003-3 26 27 0001103-5 28 0001113-7 29 30 00101117 31 32 00101015 33 34 00100013 35 36 00100111 37 38 0011011-1 39 40 0011001-3 41 42 0011101-5 43 44 0011111-7 45 101011-17 46 47 101010-15 48 49 101000-13 50 51 101001-11 52 53 101101-1-1 54 55 101100-1-3 56 57 101110-1-5 58 59 101111-1-7 60 61 100011-37 62 100010-35 63 64 100000-33 65

This is an unapproved Task Group document being circulated for comment. 309 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 100001-31 5 6 100101-3-1 7 8 100100-3-3 9 100110-3-5 10 11 100111-3-7 12 13 110011-57 14 15 110010-55 16 17 110000-53 18 19 110001-51 20 21 110101-5-1 22 23 110100-5-3 24 25 110110-5-5 26 27 110111-5-7 28 111011-77 29 30 111010-75 31 32 111000-73 33 34 111001-71 35 36 111101-7-1 37 38 111100-7-3 39 40 111110-7-5 41 42 111111-7-7 43 44 45 46 47 3.3.3.5 Baseband Pulse Shaping 48 49 50 Prior to modulation, the I and Q signals shall be filtered by square-root raised cosine filters. The excess roll-off factor 51 α shall be either 0.15, 0.25, or 0.35. The ideal square-root raised cosine filter is defined by the following transfer 52 function H: 53 54 ()() ()< ()α 55 Hf = 1 for ffN 1 – 56 1 57 --- 2 58 1 1 π fN– f 59 Hf()= --- + --- sin------for ()()f ()1 – α ≤≤ff()()1 + α 2 α N N 60 2 2fN 61 62 ()Hf()= 0 for ()ff> ()1 + α 63 N 64 65

This is an unapproved Task Group document being circulated for comment. 310 IEEE 802.16.1-00/01r4, September 2000

1 1 RS where f ==------is the Nyquist frequency. 2 N 2T 2 3 S 4 5 3.3.3.6 Summary of Upstream Physical Layer Parameters 6 7 8 Table 90—Summary of Upstream Physical Layer Parameters 9 10 11 Transmission convergence layer Selectable on/off. When enable, the TC layer 12 13 Outer Coding Reed Solomon over GF(256) 14 15 Information byte lengths: 6-255 bytes 16 Error correction capability R=0-32 (T=0-16) 17 18 Block Turbo Code (optional) 19 (Note: There is no inner code selected in this case.) 20 21 Inner Coding Selectable from the following options: 22 23 None 24 (24,16) block convolutional code 25 26 (9,8) parity check code (optional) 27 28 Randomization x15+x14 +1 29 30 Initialization seed: 15-bit programmable 31 32 Preamble Programmable length: 0-1024 bits 33 34 Based on repetition of 16 symbol defined sequence 35 Modulation QPSK, 16-QAM (optional), or 64-QAM (optional) 36 37 38 39 Spectral shaping 40 α=0.15, 0.25, or 0.35 41 42 43 44 3.4 Baud Rates and Channel Bandwidths 45 46 Due to the large amount of spectrum available in the 10-66 GHz region for point-to-multipoint operation, and the dif- 47 ferent regulatory requirements in various countries around the world, the baud rates and RF channel bandwidths have 48 49 been left somewhat flexible in order to allow service providers the ability to maximize capacity for a given spectrum 50 allocation. 51 52 The following tables recommend modem baud rates and channel sizes that should be implemented in order to allow 53 for interoperable equipment. It is recommended that subscriber station equipment generally support baud rates in the 54 range of 10-32 MBaud, while other vendor specific channel sizes and baud rates may also be implemented that are 55 56 not currently listed here. However, in order to limit the range of variable system parameters for implementation and 57 testing reasons, only a few channel sizes are defined here, which are expected to meet the majority of these system 58 deployments. The pulse shapes being used in these tables is a Nyquist Root-Raised Cosine with a roll-off factor of 59 60 0.15, 0.25, and 0.35. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 311 IEEE 802.16.1-00/01r4, September 2000

1 Table 91—Recommended Baud rates for a roll-off factor of 0.15 2 3 4 5 6 7 Channel Baud rates (MBaud) Recommended Number of PSs/ 8 9 Size(MHz) Frame Size (msec) Frame 10 11 12.5 10.8 2 5400 12 14 12 2 6000 13 14 20 17.2 1 4300 15 16 25 21.6 1 5400 17 18 28 24.2 1 6050 19 20 36 31.2 0.5 3900 21 22 40 34.6 0.5 4325 23 24 50 43.4 0.5 5425 25 26 27 28 29 30 Table 92—Recommended Baud rates for a roll-off factor of 0.25 31 32 33 34 35 36 Channel Size Baud rates (MBaud) Recommended Frame Number of PSs/ 37 (MHz) Size (msec) Frame 38 39 12.5 10 2 5000 40 41 14 11.2 2 5600 42 43 20 16 1 4000 44 45 25 20 1 5000 46 47 28 22.4 1 5600 48 49 36 28.8 0.5 3600 50 40 32 0.5 4000 51 52 50 40 0.5 5000 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 312 IEEE 802.16.1-00/01r4, September 2000

1 Table 93—Recommended Baud rates for a roll-off factor of 0.35 2 3 4 5 6 7 Channel Size Baud rates (MBaud) Recommended Frame Number of PSs/ 8 9 (MHz) Size (msec) Frame 10 11 12.5 9.2 2 4600 12 14 10.2 2 5100 13 14 20 14.8 1 3700 15 16 25 18.4 1 4600 17 18 28 20.6 1 5150 19 20 36 26.6 0.5 3325 21 22 40 29.6 0.5 3700 23 24 50 37 0.5 4625 25 26 27 28 3.5 Radio Sub-system Control 29 30 3.5.1 Synchronization Technique (Frame and Slot) 31 32 33 In order to satisfy timing requirements for telephony or other CBR applications (T1/E1), the downstream demodula- 34 tor should provide an output reference clock that is derived from the downstream symbol clock. This reference can 35 then be used by the subscriber station to provide timing for rate critical interfaces when the downstream clock is 36 locked to an accurate reference at the base station. A time-stamp based method could be used if the desired clock 37 accuracy is sufficient for the services provided, but it should at least be an option to choose to derive subscriber sta- 38 39 tion timing from the downstream symbol clock or an internal oscillator with time stamps coming from the MAC layer 40 at the base station. Accurate upstream time slot synchronization is supported through a ranging calibration procedure 41 defined by the MAC layer to ensure that upstream transmissions by multiple users do not interfere with each other. 42 Therefore, the physical layer needs to support accurate timing estimates at the base station, and the flexibility to 43 finely modify the timing at the subscriber station according to the transmitter characteristics specified in table below. 44 45 46 3.5.2 Frequency Control 47 48 Frequency control is also a critical component of the physical layer. Due to the large carrier frequencies proposed for 49 Broadband Wireless Access systems, frequency errors will exist in the radio units, and will vary with age and temper- 50 51 ature. In order to allow for cost effective radio units at the subscriber station, the upstream and downstream RF 52 sources should reference each other. Note that there also exists an initial ranging process for frequency and power 53 calibration. After the initial frequency has been calibrated, it is expected that periodic measurements of the frequency 54 offset value at the basestation will be made by the physical layer and sent to the subscriber station via a MAC mes- 55 sage, enabling low cost frequency references to be used in the radio units. 56 57 58 3.5.3 Power Control 59 60 As with frequency control, a power control algorithm should be supported for the upstream channel with both an ini- 61 tial calibration and periodic adjustment procedure without loss of data. The base station should be able to provide 62 accurate power measurements of the received burst signal. This value can then be compared against a reference level, 63 64 and the resulting error can be fed back to the subscriber station in a calibration message coming from the MAC layer. 65

This is an unapproved Task Group document being circulated for comment. 313 IEEE 802.16.1-00/01r4, September 2000

1 The power control algorithm should be designed to support power attenuation due to distance loss or power fluctua- 2 tions at rates of at most 10 dB/second with depths of at least 40 dB. 3 4 5 3.6 Minimum Performance 6 7 8 This section details the minimum performance requirements for proper operation of the system for the LMDS A Band 9 frequencies. The values listed in this section apply over the operational environmental ranges of the system equip- 10 ment and measured per Subsection xxx. 11 12 13 14 Basestation transmitter 15 16 Max. Tx phase noise Integrated phase noise <= 1.3 degrees for 16-QAM (assuming a 17 receiver tracking loop bandwidth of 1 % of the symbol rate) 18 19 Integrated phase noise <= 0.6 degrees for 64-QAM (assuming a 20 receiver tracking loop bandwidth of 1 % of the symbol rate) 21 22 Tx symbol Timing accuracy Peak-to-peak symbol jitter, referenced to the previous symbol zero 23 crossing, of the transmitted waveform, MUST be less than 0.02 of 24 the nominal symbol duration over a 2-sec. period. The peak-to- 25 26 peak cumulative phase error, referenced to the first symbol time 27 and with any fixed symbol frequency offset factored out, MUST be 28 less than 0.04 of the nominal symbol duration over a 0.1 sec 29 period. 30 31 Tx RF frequency/accuracy 10-66 GHz/ +- 5 ppm (including aging and temperature variations) 32 33 Spectral Mask (OOB) Per relevant local regulatory requirements 34 35 36 Spurious Per relevant local regulatory requirements 37 38 Composite Group delay variation < 20% of symbol period for 16-QAM 39 < 10% of symbol period for 64-QAM 40 41 42 Composite Amplitude ripple 1.0 dB peak-to-peak over the signal baud rate bandwidth (fc +/- 43 baud rate/2) 44 45 Base station receiver 46 47 48 Dynamic range 70 dB above receiver noise floor 49 50 Receiver equivalent noise floor (including -105 dBm 51 noise floor for a 1 MHz noise bandwidth, 52 noise figure, and other implementation 53 losses) 54 55 Maximum input 1 dB compression point -25 dBm 56 57 58 Adjacent channel interference 59 60 Subscriber Station transmitter 61 62 Tx Dynamic range 40 dB 63 64 65

This is an unapproved Task Group document being circulated for comment. 314 IEEE 802.16.1-00/01r4, September 2000

1 2 3 Min. Tx power level at Max. power level -26 dBW/MBaud (i.e., -13 dBW = 17 dBm for 20 MBaud) 4 setting (1 dB compression point) 5 6 Tx power level adjustment steps and The subscriber station shall adjust its Tx power level, based on 7 8 accuracy feedback from the basestation via MAC messaging, in steps of 9 [0.5] dB +/- TBD[0.2] dB in a monotonic fashion. 10 11 Max. Tx phase noise TBD at a later date. 12 13 Tx symbol timing jitter Peak-to-peak symbol jitter, referenced to the previous symbol zero 14 crossing, of the transmitted waveform, MUST be less than 0.02 of 15 16 the nominal symbol duration over a 2-sec. period. The peak-to- 17 peak cumulative phase error, referenced to the first symbol time 18 and with any fixed symbol frequency offset factored out, MUST be 19 less than 0.04 of the nominal symbol duration over a 0.1 sec 20 period." 21 22 Tx burst timing accuracy Must implement corrections to burst timing with an accuracy of +- 23 1/2 of a symbol and a resolution of +- 1/4 of a symbol 24 25 26 Tx RF frequency/accuracy 10-60 GHz/ +- TBD ppm 27 28 Tx frequency range TBD at a later date. 29 30 Spectral Mask (OOB) TBD by Coexistence group. 31 32 33 Spectral mask (in-band) TBD at a later date. 34 35 Filter distortion 36 37 Group delay variation TBD at a later date. 38 39 40 Amplitude ripple TBD at a later date. 41 42 Adjacent channel interference TBD by Coexistence group. 43 44 Co-channel interference TBD by Coexistence group. 45 46 Spurious TBD by Coexistence group. 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 315 IEEE 802.16.1-00/01r4, September 2000

1 Table 94— PHY Layer Requirements 2 3 4 5 6 7 PHY Layer Requirement Specifica- 8 tion Section 9 10 Reference Test Planes 11 12 Transmitter Minimum Requirements 13 14 - Introduction .1 15 16 - Tap-Gain Process Types .2 17 18 - Propagation Models .3 19 20 Transmitter Minimum Requirements 21 22 – Output Power .1 23 – Emission Spectrum .2 24 25 - Unwanted Conducted Emissions .3 26 27 - Unwanted Radiated Emissions .4 28 29 - RF Tolerance .5 30 31 - Required Oscillator Performance .5.1 32 33 - Frequency Stability .5.2 34 35 - Power Stability .6 36 37 - RF Output Power Time Mask .7 38 39 - Intermodulation attenuation .8 40 41 - CPE Channel Switching Time .9 42 - Tx / Rx Carrier Switching Time .10 43 44 - Off to On Carrier Switching Time .11 45 46 - On to Off Carrier Release Time .12 47 48 – Special Co-Location Requirements - Transmitter .13 49 50 Receiver Minimum Requirements 51 52 - Blocking Characteristics .1 53 54 – Spurious Response Rejection .2 55 56 - Intermodulation Response Rejection .3 57 58 - Unwanted Conducted Emissions .4 59 60 - Unwanted Radiated Emissions .5 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 316 IEEE 802.16.1-00/01r4, September 2000

1 2 3 4 - Received Signal Strength Indication .6 5 6 - Special Co-Location Requirements - Receiver .7 7 8 Transmitter / Receiver Performance 9 - Modulation Accuracy .1 10 11 – Receiver Performance .2 12 13 - Nominal Error Rates .2.1 14 15 - Static Reference Sensitivity Performance .2.2 16 17 - Dynamic Reference Sensitivity Performance .2.3 18 19 - Reference Interference Performance .2.4 20 21 - CPE receiver performance for synchronization acquisition .2.5 22 23 24 3.6.1 Reference test planes 25 26 27 TBD 28 29 3.6.2 Propagation Conditions 30 31 32 Line of sight radio propagation conditions between base station and subscriber stations are required, to achieve high 33 quality and availability service. Also, the subscriber stations need highly directional antennas, which minimize the 34 35 number of multipaths and interference from unexpected sources. The intersymbol interference may occur as a conse- 36 quence of multipaths. 37 3.6.2.1 Propagation Models 38 39 40 In this subsection, the propagation models that are referred to in this PHY Specification are defined. 41 42 Table 95— Propagation Models 43 44 45 46 47 48 Propagation model Tap number Relative delay ((s) Average relative Tap-gain 49 power (dB) process 50 51 Static 52 53 Dynamic 54 55 56 57 3.6.3 Transmitter characteristics 58 59 Unless stated otherwise, the transmitter requirements are referenced to the antenna output port and apply with the 60 transmitter tuned to any channel. 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 317 IEEE 802.16.1-00/01r4, September 2000

1 3.6.3.1 Output Power 2 3 In the following subsections, power is defined as the average power, measured through the square root raised cosine 4 5 filter over the scrambled bits of one transmitted burst. 6 The power at which CPEs or BSs may operate are specified in the following subsections. 7 8 9 3.6.3.1.1 BS 10 11 The BS transmitter maximum output power shall be as defined in . 12 13 Table 96— Maximum BS Transmitter Power 14 15 16 17 18 19 Power class Maximum power per carrier 20 21 1 22 23 24 25 The output power shall be adjustable over the range +20 dBm to -30 dBm via a configurable software parameter. 26 27 3.6.3.1.2 CPE 28 29 30 The CPE maximum power shall be as defined in 31 32 TBD 33 Table 97— CPE Power Control Levels 34 35 36 37 38 39 40 Step Level Power 41 42 0 43 1 44 45 2 46 47 * * * 48 49 98 50 51 99 52 53 100 54 55 56 57 Table 98—Emissions Spectrum 58 59 TBD 60 3.6.3.2 Unwanted Conducted Emissions 61 62 63 TBD 64 65

This is an unapproved Task Group document being circulated for comment. 318 IEEE 802.16.1-00/01r4, September 2000

1 3.6.3.3 Unwanted radiated emissions 2 3 TBD 4 5 3.6.3.4 Intermodulation Attenuation 6 7 8 TBD 9 3.6.3.5 Power Stability 10 11 12 TBD 13 14 3.6.3.6 RF Output Power Time Mask 15 16 TBD 17 18 3.6.3.7 Tx / Rx Carrier Switching Time Requirements 19 20 TBD 21 22 3.6.3.8 CPE Channel Switching Time 23 24 TBD 25 26 3.6.3.9 .3.10. Special Co-Location Requirements – Transmitter 27 28 29 TBD 30 31 3.6.4 Receiver Characteristic 32 33 TBD 34 35 3.6.4.1 Blocking Characteristics 36 37 38 TBD 39 3.6.4.2 Spurious Response Rejection 40 41 42 TBD 43 44 3.6.4.3 Intermodulation Response Rejection 45 46 TBD 47 48 3.6.4.4 Unwanted Conducted Emissions 49 50 TBD 51 52 3.6.4.5 Unwanted Radiated Emissions 53 54 TBD 55 56 3.6.4.6 Received Signal Strength Indication (RSSI) 57 58 59 TBD 60 3.6.4.7 Special Co-Location Requirements – Receiver 61 62 63 TBD 64 65

This is an unapproved Task Group document being circulated for comment. 319 IEEE 802.16.1-00/01r4, September 2000

1 3.6.5 Transmitter / Receiver Performance 2 3 TBD 4 5 3.6.5.1 Modulation Accuracy 6 7 8 TBD 9 3.6.5.2 Receiver Performance 10 11 12 TBD 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 320 IEEE 802.16.1-00/01r3, September 2000

1 4 Bibliography 2 3 4 5 IEEE Std 802-1990 "IEEE Standards for Local and Metropolitan Area Networks: Overview and Architec- 6 ture. IEEE 1990. 7 8 9 ISO/IEC 10039: 1991. Information technology -- Open Systems Interconnection -- Local area networks -- 10 MAC service definition. 11 12 13 ISO 7498-1:1984. Information technology -- Open Systems Interconnection -- Basic Reference Model. 14 15 16 ISO/IEC 15802-2:1995. Information technology -- Telecommunications and information exchange between 17 systems -- Local and metropolitan area networks -- Common specifications -- Part 2: LAN/MAN manage- 18 ment. 19 20 21 ISO 15802-3:1998. Information technology -- Telecommunications and information exchange between sys- 22 tems -- Local and metropolitan area networks -- Common specifications -- Part 3: Media Access Control 23 (MAC) bridging. 24 25 26 ISO/IEC 15802-5:1998. Information technology -- Telecommunications and information exchange between 27 systems -- Local and metropolitan area networks -- Common specifications -- Part 5: Remote Media Access 28 29 Control (MAC) bridging. 30 31 IEEE 802.1F-1993. IEEE Standards for Local and Metropolitan Area Networks: Common Definitions and 32 33 Procedures for IEEE 802 Management Information. 34 35 IEEE 802.1Q-1998. IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area 36 Networks. 37 38 39 IEEE 802.10-1998. IEEE Standards for Local and Metropolitan Area Networks: Standard for Interoperable 40 LAN/MAN Security (SILS). 41 42 43 IEEE 802.10c-1998. IEEE Standards for Local and Metropolitan Area Networks: Supplement to Standard 44 for Interoperable LAN/MAN Security (SILS) -- Key Management (Clause 3). 45 46 47 J. Costa ITU-R 9B/134E Broadband Wireless Access Draft New Recommendation ITU-R F.BWA Radio 48 Transmission Systems for Fixed Broadband Wireless Access (BWA) Based on Cable Modem Standards" 49 50 Apr. 1999. 51 52 D. Gray, "A Broadband Wireless Access System at 28 GHz" IEEE Radio and Wireless Conference, Boulder, 53 CO, pp. 1-7, Aug. 1997. 54 55 56 H. D. Graves, "A Detailed Analysis of MMDS and LMDS", February 23-26, 1997 IEEE MTT-S Wireless 57 Technology Symposium, Vancouver, Canada, pp. 7-10, Feb 1997. 58 59 60 H. Izadpanah, "LMDS: A Broadband Wireless Access Technology: An Overview", The 3rd IAA Annual 61 Conference on "Computers and Communications", The City University of New York, New York, Sept. 62 63 1998. 64 65

This is an unapproved Task Group document being circulated for comment. 321 IEEE 802.16.1-00/01, August 2000

1 H. Izadpanah, D. Gregoire, J. Schaffner, and HP Hsu, "MM-Wave Wireless Access Technology For The 2 Wideband Wireless Local Loop Applications", 1998 IEEE Radio and Wireless Conference (RAWCON'98) 3 4 Colorado Springs, CO, pp. ,Aug., 1998. 5 6 J. Schaffner, H. Izadpanah, and HP Hsu, "MM-Wave Wireless Technology and Testbed Development for 7 8 Wideband Infrastructure Access", WCC'98, San Diego, CA, Nov. 1998. 9 10 C.W. Lundgren and W.D. Rummler, "Digital radio outage due to selective fading observation vs. prediction 11 12 from laboratory simulation," Bell System Technical Journal, pp.1073-1100, May-June 1979. 13 14 M. Emshwiller, "Characterization on the performance of PSK digital radio transmission in the presence of 15 16 multipath fading," ICC'78 Conference Record, Toronto, Ontario, CANADA, Paper 47.3. 17 18 Microwave digital radio systems criteria, Bellcore Technical Reference TR-TSY-000752, October 1989. 19 20 21 W.D. Rummler, R.P. Coutts, and M. Linger, "Multipath fading channel models for microwave digital radio," 22 IEEE Communications Magazine, November 1986, pp.30-42. 23 24 25 M. Taylor, "LAN emulation over ATM", Computer Commun., Vol. 20, No. 1, January 1997. 26 27 R. Braden et al., "Integrated Services in the Internet Architecture: An Overview", RFC 1633, June 1994. 28 29 30 S. Blake et al, "An Architecture for Differentiated Services", RFC 2475, December, 1998. 31 32 33 S. Blake et al, "A Framework for Differentiated Services", Internet Draft, October, 1998. 34 35 "Broadband Radio Access Networks (BRAN); Requirements and architectures for broadband fixed radio 36 access networks (HIPERACCESS)", ETSI Technical Report TR 101 177 V1.1.1 (1998-05). 37 38 39 A. Azcorra et al., "IP/ATM Integrated Services over Broadband Access Copper Technologies" IEEE Com- 40 munications, pp. 90-97, Vol. 37, No. 5, May 1999. 41 42 43 Proc. Of 1999 IMT-2000 3rd Generation Wireless Technology Conference. Feb 10-12, 1999. New Orleans, 44 USA. 45 46 47 Lou Dellaverson, Evolution of a Global Standard on WATM. ATM Forum, 1999. 48 49 50 Proceedings of 1999 Wireless Symposium. Feb. 22-26, 1999. San Jose, USA. 51 52 R. K. Crane, "Prediction of Attenuation by Rain" IEEE, 1980. 53 54 55 ITU-T G.826: Error performance parameters and objectives for international, constant bit rate digital paths 56 at or above the primary rate (2/99). 57 58 59 ITU-R F.1189-1 Error performance objectives for constant bit rate digital paths at or above the primary rate 60 carried by digital radio-relay systems which may form part or all of the national portion of a 27500 km hypo- 61 thetical reference path. (1995-1997). 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 322 IEEE 802.16.1-00/01r3, September 2000

1 CCIR Recommendation 749, Radio-Frequency channels arrangements for radio-relay systems operating in 2 the 36.0 to 40.5 GHz band. (1992). 3 4 5 ITU-T Recommendation I.210 (1993) - "ISDN Service Capabilities Principles of Telecommunications Ser- 6 vices Supported by an ISDN and the Means to Describe Them". 7 8 9 W. Stallings, Data and Computer Communications, 5th ed., Prentice Hall, 1996. 10 11 12 G. Almes et. al. "A One-way Delay Metric for IPPM". Internet Draft, May 1999. 13 14 G. Almes et. al. "A Round-trip Delay Metric for IPPM". Internet Draft, May 1999. 15 16 17 G. Almes et. al. "A One-way Packet Loss Metric for IPPM". Internet Draft, May 1999. 18 19 ITU-T Recommendation I.35IP. Internet Protocol Data Communication Service IP Packet Transfer Perfor- 20 21 mance Parameters. 22 23 C. Demichelis. "Packet Delay Variation: Comparison between ITU-T and IETF draft definitions". Draft, 24 25 [email protected]. 26 27 M. Hamdi et. al. "Voice Service Interworking for PSTN and IP Networks". IEEE Comm. Magazine, Vol. 37 28 29 No. 5, May 1999. 30 31 J. Russell. "Multimedia Networking Performance Requirements". ATM Networks, I. Viniotis and R. O. 32 33 Onvural, Eds., New York; Plenum, 1993, pp. 187-198. 34 35 A. Dutta-Roy. "Cable it's not just for TV". IEEE Spectrum, Vol. 36 No. 5, May 1999. 36 37 38 K. Dubose and H.S. Kim. "An Effective Bit Rate/Table Lookup Based Admission Control Algorithm for the 39 ATM B-ISDN." In: Proc of the 17 th IEEE Conf. On Local Computer Networks, Sept. 1992. 40 41 42 L. P. Bermejo et. al. "Service Characteristic and Traffic Models in Broadband ISDN". Electrical Communi- 43 cation, Vol. 64-2/3, 1990, pp.132-138. 44 45 46 G. Galassi et. al. "Resource Management and Dimensioning in ATM Networks". IEEE Network Magazine, 47 May 1990, pp. 8-17. 48 49 50 ISO/IEC 8802-2:1998. Information technology -- Telecommunications and information exchange between 51 systems -- Local and metropolitan area networks -- Common specifications -- Part 2: Logical Link Control. 52 53 [68]IEEE P802.14/a Draft 3 Revision 3, Cable-TV access method and physical layer specification Oct. 54 55 1998. (unpublished draft) 56 57 Data-Over-Cable Service Interface Specifications. Radio Frequency Interface Specification V1.1 SP-RFI- 58 59 104-980724, Cable Television Laboratoriess, 1998. 60 61 RFC-2205 Resource ReSerVation Protocol (RSVP) -- Version 1 Functional Specification. R. Braden, Ed., L. 62 63 Zhang, S. Berson, S. Herzog, S. Jamin. September 1997. Status: PROPOSED STANDARD. 64 65

This is an unapproved Task Group document being circulated for comment. 323 IEEE 802.16.1-00/01, August 2000

1 Recommendation ITU-R M.1079 (June 1999). Performance and Quality of Service (QoS) Requirements for 2 International Mobile Telecommunications-2000 (IMT-2000 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

This is an unapproved Task Group document being circulated for comment. 324