It was quite unpredictable idea to write article about numbering plans, which are used in GSM networks. Such simple thing is almost not described in Internet, so a friend of mine was quite confused about all these E.xxx.
Attention. This page is also available in Russian - see "GSM numbering plans"
I’m not going to discuss all theory. Even more - I’m going to explain how it works on real networks. OK, let’s start! Imagine that you have SIM card. For those, who don’t know I’ll share small secret – your SIM card doesn’t have your subscriber’s number (MSISDN). It has only IMSI, special mobile number. Probably, you’ll never know your IMSI, but you don’t need it all. IMSI is set to accordance with MSISDN on HLR in home network (HPMN).
So, IMSI is built using E.212 numbering plan (land mobile). It’s structure well described here. Please draw your attention on fixed number length (15 digits) and MCC, MNC fields.
MSISDN is E.164 (ISDN Telephony). We’re using these number on daily basis, when making calls one to each other. The structure of the number is well described here. Now please draw your attention on CC and NDC fields.
If we don’t take North America into consideration, then all GSM networks are using E.164 for during message exchange inside and between networks. Basically, if we need to reach some external network, then it’s enough to analyze heading digits from the number. Haven’t you been too lazy and checked link to Wikipedia about E.164 structure? :) So, if you know country code and national destination code then you’re able to exactly detect the next point to which message should be sent. Just for example, switch in Germany is trying to send signalling message to node 380671234567. if this switch has direct connection to international SS7 links, then it will analyze first digits of the number and decide:
CC=380 – Ukraine
NDC=67 – Kyivstar GSM
That’s all – now it can send message to Kyivstar’s GMSC using its MTP3 point code.
And now let’s imagine that you’re turning on your mobile phone for the first time.
Handset tries to find the “home” base station (BS), but if fails, then it tries to latch on the network with the maximum signal level from the BS. Anyway, the only information that handset may send to network is registration request and… own IMSI! Because that’s the only information SIM has. BS via base station controller (BSC) will forward this request to switch (MSC), which has to make some decision. Normally, MSC requests VLR for subscriber’s data, but we agreed before that this is the first registration in the network. So VLR doesn’t have any information about you. So what should they do? It’s necessary to get some subscriber’s data (his profile with MSISDN, call barring, call forwarding, services, etc). from HLR. But to get any data from HLR, it should be reached somehow. But MSC doesn’t have anything except subscriber’s IMSI. That’s where hybrid numbering E.214 comes to the picture. Why hybrid? Because it converts IMSI (E.212) to number, which can be sent via networks with E.164 routing. Want to know how this happens? It’s quite simple. Each switch has a table, which is used for such converting:
MCC to CC
MNC to NDC
As a result, from IMSI 255031234567890 we got MGT (Mobile Global Title) 380671234567890. As we discussed before, by using heading digits from the number, it’s possible to reach Home Network, where next digits will be used for check to which HLR this message (if the network has more than 1 HLR) is addressed. All further message handling will be based on E.164.
That’s all. Now you should be more confident in your knowledge about numbering plans. Anyway, if you have some questions feel free to leave a comment.
P.S. Short list of MAP messages which are sent using E.214 (probably, the list isn’t full):
1. sendAuthenticationInfo (opCode 56)
2. updateLocation (opCode 2)
3. updateGprsLocation (opCode 23)
4. restoreData (opCode 57)
5. purgeMS (opCode 67)
So, IMSI is built using E.212 numbering plan (land mobile). It’s structure well described here. Please draw your attention on fixed number length (15 digits) and MCC, MNC fields.
MSISDN is E.164 (ISDN Telephony). We’re using these number on daily basis, when making calls one to each other. The structure of the number is well described here. Now please draw your attention on CC and NDC fields.
If we don’t take North America into consideration, then all GSM networks are using E.164 for during message exchange inside and between networks. Basically, if we need to reach some external network, then it’s enough to analyze heading digits from the number. Haven’t you been too lazy and checked link to Wikipedia about E.164 structure? :) So, if you know country code and national destination code then you’re able to exactly detect the next point to which message should be sent. Just for example, switch in Germany is trying to send signalling message to node 380671234567. if this switch has direct connection to international SS7 links, then it will analyze first digits of the number and decide:
CC=380 – Ukraine
NDC=67 – Kyivstar GSM
That’s all – now it can send message to Kyivstar’s GMSC using its MTP3 point code.
And now let’s imagine that you’re turning on your mobile phone for the first time.
Handset tries to find the “home” base station (BS), but if fails, then it tries to latch on the network with the maximum signal level from the BS. Anyway, the only information that handset may send to network is registration request and… own IMSI! Because that’s the only information SIM has. BS via base station controller (BSC) will forward this request to switch (MSC), which has to make some decision. Normally, MSC requests VLR for subscriber’s data, but we agreed before that this is the first registration in the network. So VLR doesn’t have any information about you. So what should they do? It’s necessary to get some subscriber’s data (his profile with MSISDN, call barring, call forwarding, services, etc). from HLR. But to get any data from HLR, it should be reached somehow. But MSC doesn’t have anything except subscriber’s IMSI. That’s where hybrid numbering E.214 comes to the picture. Why hybrid? Because it converts IMSI (E.212) to number, which can be sent via networks with E.164 routing. Want to know how this happens? It’s quite simple. Each switch has a table, which is used for such converting:
MCC to CC
MNC to NDC
As a result, from IMSI 255031234567890 we got MGT (Mobile Global Title) 380671234567890. As we discussed before, by using heading digits from the number, it’s possible to reach Home Network, where next digits will be used for check to which HLR this message (if the network has more than 1 HLR) is addressed. All further message handling will be based on E.164.
That’s all. Now you should be more confident in your knowledge about numbering plans. Anyway, if you have some questions feel free to leave a comment.
P.S. Short list of MAP messages which are sent using E.214 (probably, the list isn’t full):
1. sendAuthenticationInfo (opCode 56)
2. updateLocation (opCode 2)
3. updateGprsLocation (opCode 23)
4. restoreData (opCode 57)
5. purgeMS (opCode 67)
