Packet Data Convergence Protocol
The Packet Data Convergence Protocol (PDCP) is a Layer 2 sublayer protocol within the radio access network (RAN) of 3GPP mobile communication standards, including UMTS, LTE, and 5G New Radio (NR), designed to efficiently transfer user and control plane data over the radio interface while providing security and optimization features.[1][2][3] Specified in 3GPP Technical Specification (TS) 25.323 for UMTS (introduced in Release 1999), TS 36.323 for LTE (Release 8 onward), and TS 38.323 for 5G NR (Release 15 onward), PDCP operates between the Radio Resource Control (RRC) or Service Data Adaptation Protocol (SDAP) layers above and the Radio Link Control (RLC) layer below, ensuring reliable packet handling in wireless environments.[4][2][3] PDCP's core functions include header compression and decompression using protocols such as Robust Header Compression (ROHC) for IP packets and Ethernet Header Compression (EHC) for Ethernet frames, to reduce overhead on the air interface, thereby improving spectral efficiency.[5] It also performs ciphering and deciphering of data for confidentiality, as well as integrity protection and verification to prevent tampering, particularly for control plane signaling.[5] Additional capabilities encompass maintenance of sequence numbers for in-sequence delivery and duplicate detection, reordering of out-of-order packets, timer-based service data unit (SDU) discard, and support for data duplication and recovery during handovers or re-establishments.[5] These features enable PDCP to support both acknowledged and unacknowledged data transfer modes, adapting to varying radio conditions in cellular networks.[5] Evolving with each 3GPP release, PDCP has incorporated enhancements such as support for dual connectivity and carrier aggregation in LTE, and in 5G NR, additions like uplink data switching for faster handovers and improved status reporting for robust retransmissions. In Release 18, further enhancements support extended reality (XR) services, enhanced multicast broadcast service (eMBS), and multi-path relaying for advanced applications.[2][3][6] The protocol's design emphasizes low latency and high throughput, critical for modern applications like ultra-reliable low-latency communications (URLLC) in 5G.[5] Overall, PDCP plays a pivotal role in the end-to-end packet data handling, bridging upper-layer applications with the physical radio transmission.[3]Introduction
Definition and Purpose
The Packet Data Convergence Protocol (PDCP) is a sublayer of Layer 2 in the 3GPP radio access network protocol stack, positioned above the Radio Link Control (RLC) sublayer and below the Service Data Adaptation Protocol (SDAP) in the 5G NR user plane or below the Radio Resource Control (RRC) in the control plane. In LTE and UMTS, it serves as the uppermost Layer 2 sublayer for the user plane, responsible for converging and processing packet data from upper layers before transfer to the lower layers.[5] It operates within the radio interface between the user equipment (UE) and the base station, handling both user plane data packets and control plane signaling to ensure efficient radio resource utilization in mobile networks such as UMTS, LTE, and 5G NR.[7][8] The primary purposes of PDCP include the efficient transfer of user plane and control plane data, reduction of protocol overhead through header compression, and provision of security features to protect data integrity and confidentiality during transmission over the air interface.[5] By compressing headers of IP-based data streams, such as TCP/IP or RTP/UDP/IP, PDCP minimizes bandwidth consumption on radio links where resources are scarce.[8] Additionally, it applies ciphering to prevent unauthorized access and integrity protection to detect tampering, ensuring robust data handling in potentially hostile wireless environments.[7] PDCP provides key services to upper layers, including the Radio Resource Control (RRC) for control plane signaling and the Internet Protocol (IP) layer for user plane traffic, such as sequenced delivery of service data units (SDUs) and mapping of radio bearers to dedicated PDCP entities.[5] Each PDCP entity is configured per radio bearer by upper layers, supporting functions like maintenance of sequence numbers for reordering and duplication detection.[7] It interacts with the Radio Link Control (RLC) sublayer below for segmentation and reassembly of PDCP protocol data units (PDUs) to adapt to varying radio conditions.[8] PDCP distinguishes between user plane and control plane operations to optimize for different requirements. User plane PDCP entities prioritize data efficiency through header compression and ciphering, focusing on high-throughput transfer of application data over data radio bearers (DRBs).[5] In contrast, control plane PDCP entities emphasize signaling security via mandatory integrity protection and optional ciphering for signaling radio bearers (SRBs), ensuring reliable delivery of RRC messages without the need for extensive compression.[7]Position in the Protocol Stack
The Packet Data Convergence Protocol (PDCP) is a sublayer of Layer 2 in the 3GPP radio access network protocol stack, positioned above the Radio Link Control (RLC) sublayer and below the Service Data Adaptation Protocol (SDAP) in the 5G NR user plane or below the Radio Resource Control (RRC) in the control plane. In LTE and UMTS, it is the uppermost Layer 2 sublayer for the user plane. This placement applies symmetrically in both the user equipment (UE) and the base station (eNodeB in LTE or gNodeB in NR).[9][10] PDCP interacts with adjacent layers through logical interfaces where it delivers PDCP protocol data units (PDUs) to the RLC sublayer as service data units (SDUs), and receives PDCP SDUs from the RLC sublayer for processing. There is no direct peer-to-peer connection between PDCP entities across the air interface; instead, data transfer relies on the underlying RLC and Medium Access Control (MAC) sublayers for segmentation, reassembly, and multiplexing.[10] In terms of radio bearer mapping, a dedicated PDCP entity is instantiated for each radio bearer, supporting both data radio bearers (DRBs) that carry user plane traffic and signaling radio bearers (SRBs) that handle control plane signaling. This one-to-one mapping ensures isolated processing of bearer-specific data flows.[9][10] PDCP is deployed across both the control plane and user plane architectures, with termination occurring at the PDCP layer itself in the network side (e.g., at the gNodeB for NR). In the control plane, it primarily supports SRBs for RRC signaling, while in the user plane, it processes DRBs for IP packet transmission, enabling functions such as header compression for efficient upper-layer data handling.[9][10]History and Evolution
Origins in UMTS
The Packet Data Convergence Protocol (PDCP) was introduced in 3GPP Release 99, with initial specifications around 2000-2001, as a component of the UMTS Terrestrial Radio Access Network (UTRAN) to support efficient packet data handling in third-generation mobile networks.[11] This release aimed to enhance IP-based services over the wireless air interface, with PDCP positioned at Layer 2 of the radio protocol stack to process user data before transmission to the Radio Link Control (RLC) layer.[12] The initial specification, documented in 3GPP TS 25.323 (ETSI TS 125 323 V3.6.0, September 2001), outlined PDCP's core role in the packet-switched (PS) domain, associating each PS domain Radio Access Bearer (RAB) with a dedicated PDCP entity.[12] PDCP's primary functions in early UMTS centered on IP header compression and basic ciphering for user plane data, enabling robust transport of IP packets over the Wideband Code Division Multiple Access (WCDMA) air interface. In Releases 99 and 4, header compression utilized RFC 2507 for compressing IP, TCP, and UDP headers over point-to-point links, reducing overhead from typically 40 octets (IPv4) to as low as 2-3 octets per packet.[13][12] Support for the more advanced Robust Header Compression (ROHC) in RFC 3095 for real-time streams like RTP/UDP/IP was added in Release 5 (ETSI TS 125 323 V5.0.0, March 2002).[14][15] Ciphering was applied to PDCP Service Data Units (SDUs) post-compression to ensure confidentiality of user plane traffic, using algorithms specified in the overall UMTS security architecture, but without integrity protection for user plane data.[12] Support for the control plane was limited and optional, primarily through signaling primitives for configuration, while the protocol's scope remained confined to the PS domain, excluding circuit-switched (CS) services.[12] A key early use case for PDCP in UMTS was to facilitate efficient IP packet transport in bandwidth-constrained WCDMA environments, where large IP headers could consume up to 40% of air interface resources for voice or data sessions; compression mitigated this waste, supporting emerging IP multimedia services with improved spectral efficiency.[12] This foundational design prioritized lossless data transfer and sequence numbering for Serving Radio Network Subsystem (SRNS) relocation, ensuring continuity during handovers without advanced features like control plane integrity.[11]Developments in LTE
The Packet Data Convergence Protocol (PDCP) for Long-Term Evolution (LTE) was first specified in 3GPP Technical Specification TS 36.323 as part of Release 8, published in 2008, with ongoing enhancements documented through subsequent releases up to Release 15.[2][16] These developments built upon the foundational PDCP from Universal Mobile Telecommunications System (UMTS) by introducing advanced security and efficiency features tailored to LTE's all-IP architecture.[16] A key advancement in LTE PDCP was the introduction of integrity protection specifically for control plane signaling radio bearers (SRBs), which safeguards radio resource control (RRC) messages against tampering.[17] This protection employs 32-bit message authentication codes (MAC-I) generated using algorithms such as 128-EIA1, based on the SNOW 3G stream cipher, or 128-EIA2, based on AES in CMAC mode.[17] Additionally, ciphering was extended to both user plane data radio bearers (DRBs) and control plane SRBs, utilizing 128-EEA1 (SNOW 3G) or 128-EEA2 (AES in counter mode) to encrypt PDCP protocol data units (PDUs), with keys derived from the EPS security context.[17] These security mechanisms, mandatory for SRBs and optional for DRBs, enhance protection against eavesdropping and modification in LTE's evolved packet system.[17] LTE PDCP also supports configurable sequence numbers (SNs) of 7 bits or 12 bits for both user plane DRBs and control plane SRBs (with 5 bits as a baseline for SRBs), allowing for extended numbering spaces up to 4096 to accommodate higher data rates.[16] This enables robust in-sequence reordering of out-of-order PDUs at the receiving end and detection of duplicates, reducing packet loss and ensuring reliable delivery even under variable channel conditions.[16] In later releases, such as Release 10 onward, these SN mechanisms were optimized for carrier aggregation, where PDCP entities manage routing and reordering across multiple component carriers via split bearers associated with dual acknowledged mode radio link control (AM RLC) entities.[18] Furthermore, LTE PDCP integrated robust header compression (RoHC) as specified in RFC 3095, which compresses IP/UDP/RTP headers to as little as 2-3 bytes for efficient transmission of small payloads.[19][16] This feature, configurable per DRB, is particularly vital for real-time services like Voice over LTE (VoLTE), where it minimizes overhead for RTP streams in IMS-based calls introduced in Release 9.[16] In carrier aggregation contexts from Release 10, RoHC operates consistently across aggregated carriers, supporting seamless handover and aggregation of voice traffic without recompression.[18]Enhancements in 5G NR
The Packet Data Convergence Protocol (PDCP) for 5G New Radio (NR) is specified in 3GPP Technical Specification (TS) 38.323, initially introduced in Release 15 in 2018, with subsequent refinements in Releases 16 through 18 to support 5G Advanced features.[20][21] These updates build on foundational elements from LTE while introducing capabilities tailored to diverse 5G use cases, including enhanced Mobile Broadband (eMBB), Ultra-Reliable Low-Latency Communications (URLLC), and massive Machine-Type Communications (mMTC). In Release 18 (as of 2025), enhancements include support for NR sidelink PDCP duplication to improve reliability in vehicle-to-everything (V2X) communications.[22] A key enhancement is the extension of PDCP sequence numbering (SN) to support either 12-bit or 18-bit lengths for data radio bearers (DRBs) and signaling radio bearers (SRBs), configurable by upper layers via RRC signaling.[21] This flexibility accommodates high data rates in eMBB scenarios by reducing reordering window sizes for lower SN lengths, while the 18-bit option—introduced in Release 16—enables extended sequences to minimize disruptions from packet loss or delay in URLLC and mMTC environments, ensuring robust handling of up to 2^18 - 1 PDCP protocol data units (PDUs) before wrap-around.[21] To bolster reliability in URLLC applications, PDCP incorporates service data duplication, allowing a single PDCP entity to generate duplicate PDUs that are transmitted via multiple radio link control (RLC) entities or logical channels.[20] Configurable for up to four RLC entities per direction and activated/deactivated by upper layers, this feature detects and discards duplicates at the receiver to avoid redundancy overhead, thereby achieving sub-millisecond latency targets without excessive resource consumption.[21] Enhancements in Release 16 further optimize duplication for dual active protocol stack (DAPS) handovers, integrating it with split bearers for seamless mobility. User plane integrity protection, optional for DRBs starting in Release 16, represents another advancement, enabling end-to-end data verification using algorithms like NEA2 (AES-CMAC) when configured by the network.[21] This builds continuity from LTE's control plane protections but extends to user data for enhanced security in sensitive URLLC flows, deriving integrity keys from the master key K_AMF and applying them based on the hyperframe number (HFN), direction, bearer ID, and fresh COUNT values.[20] PDCP's alignment with dual connectivity modes, such as E-UTRA-NR Dual Connectivity (EN-DC) and NR-DC, facilitates split bearer operations where PDCP PDUs are routed across master and secondary nodes for load balancing and redundancy.[20] Integrated with the Service Data Adaptation Protocol (SDAP) introduced in 5G, PDCP maps QoS flows to DRBs while excluding SDAP headers from compression or ciphering to preserve QoS markings, ensuring efficient handling of differentiated traffic in multi-connectivity setups.[21] These refinements prioritize low-latency reordering and security synchronization to meet 5G's stringent performance requirements.Key Functions
Header Compression
In the Packet Data Convergence Protocol (PDCP), header compression optimizes bandwidth usage over the radio interface by reducing the overhead from IP, UDP, and RTP headers in user plane data. This function is essential for bandwidth-constrained environments, particularly for real-time applications like VoIP and video streaming, where headers can constitute a significant portion of packet size. PDCP applies compression dynamically to service data units (SDUs) before further processing, targeting headers up to 40 bytes in length for IPv4/UDP/RTP packets.[19] Early implementations in UMTS utilized IP Header Compression (IPHC) as defined in RFC 2507, which compresses multiple IP headers and TCP/UDP headers on a hop-by-hop basis over point-to-point links. This scheme reduces UDP and TCP headers to typically 2-5 bytes without checksums, providing efficient compression for the era's networks. Starting with LTE and continuing in 5G NR, PDCP supports multiple header compression protocols, including Robust Header Compression (RoHC) per RFC 3095, Ethernet Header Compression (EHC) for Ethernet-framed traffic, and Uplink Data Compression (UDC) for general uplink data compression. RoHC is a stateful protocol that achieves higher efficiency and robustness against transmission errors, supporting profiles for RTP/UDP/IP, UDP/IP, ESP/IP, and uncompressed IP, compressing headers to as few as 1-3 bytes in optimal conditions. EHC, introduced in LTE Release 10, compresses Ethernet headers to reduce overhead in scenarios involving Ethernet payloads, while UDC, from Release 11, enables dictionary-based compression of uplink SDUs for improved efficiency in mobile-originated traffic. Each protocol is independently configured for a data radio bearer (DRB) via RRC signaling.[23][24][25][22][19] RoHC operates in three primary modes to balance compression efficiency, reliability, and feedback overhead: unidirectional mode (U-mode), which requires no feedback from the decompressor and relies solely on periodic context refreshes; optimistic bidirectional mode (O-mode), which uses feedback only upon decompression failure to minimize channel usage; and reliable bidirectional mode (R-mode), which employs periodic acknowledgments for robust context synchronization. These modes leverage stateful context management, where the compressor and decompressor maintain shared models of header patterns, enabling incremental updates rather than full header transmission. Context initialization occurs via initial uncompressed packets, with transitions between modes handled dynamically based on link conditions. Header compression is configured exclusively for user plane data radio bearers (DRBs) and is not applied to control plane signaling. Similar configuration applies to EHC and UDC, with their specific feedback and context mechanisms defined in the respective specifications.[19][25] The benefits of PDCP header compression are pronounced for delay-sensitive traffic, reducing air interface overhead by 70-90% in VoIP and video scenarios, thereby improving spectral efficiency and supporting more concurrent sessions. For instance, RoHC can save over 85% of header bytes in GSM-EFR VoIP codecs under typical conditions. Configuration parameters, including the compression profile, maximum context ID, and mode, are negotiated via Radio Resource Control (RRC) signaling during bearer setup. Decompression failures trigger feedback packets, which PDCP encapsulates and sends to the peer for context repair, ensuring resilience without full re-establishment. Ciphering is applied to the compressed data for security post-compression.[26][27][25]Security Mechanisms
The Packet Data Convergence Protocol (PDCP) layer ensures secure data transmission in mobile networks by implementing ciphering for confidentiality and integrity protection for data authenticity, primarily targeting the PDCP service data units (SDUs) while excluding certain headers to maintain protocol efficiency. These mechanisms are applied after header compression and robust header compression (ROHC) processes, allowing compressed packets to be protected without altering their efficiency gains. Ciphering and integrity protection are configured by upper layers, such as the Radio Resource Control (RRC), and are essential for protecting signaling radio bearers (SRBs) and optionally data radio bearers (DRBs). In LTE (E-UTRA), these features are defined in 3GPP TS 36.323, while in 5G NR, enhancements including additional algorithms are specified in TS 38.323, with overarching security architecture in TS 33.401 for LTE and TS 33.501 for 5G.[28][29][30] Ciphering in PDCP provides confidentiality by encrypting the data portion of PDCP protocol data units (PDUs), excluding the PDCP header and any service data adaptation protocol (SDAP) header in 5G, to prevent unauthorized access to user and control plane data. Supported algorithms include the NULL algorithm (NEA0) for no encryption, SNOW 3G (128-NEA1) as a stream cipher, and AES in counter mode (128-NEA2), all using 128-bit keys in LTE. In 5G NR, these are extended to include ZUC (128-NEA3), with AES-CTR also supporting 256-bit keys for enhanced security where configured. The encryption process uses inputs such as a 128-bit key, a 32-bit COUNT (comprising a hyper frame number (HFN) and PDCP sequence number (SN)), a 5-bit bearer identifier, a 1-bit direction flag, and the message length, as specified in the security architecture standards. Ciphering is applied during data transfer operations, ensuring that only the payload is encrypted to preserve header-based routing and sequencing.[28][29][30][31] Integrity protection in PDCP verifies the authenticity and integrity of PDUs, preventing tampering or unauthorized modifications, and is mandatory for the control plane (SRBs) across LTE and 5G to secure RRC signaling. For the user plane (DRBs), it is optional in 5G NR but required for relay nodes in LTE, with the protection applied to both the PDCP header and data before ciphering. Algorithms include NULL (NIA0, generating a 32-bit all-zero MAC-I with no protection), SNOW 3G (128-NIA1), AES-CMAC (128-NIA2), and in 5G, ZUC (128-NIA3), all producing a 32-bit message authentication code for integrity (MAC-I) appended to the PDCP header. The integrity computation uses similar inputs to ciphering: a 128-bit key, 32-bit COUNT, 5-bit bearer, 1-bit direction, and message, with verification performed by recomputing and comparing the MAC-I at the receiver; mismatched PDUs are discarded. This mechanism ensures robust protection against man-in-the-middle attacks on critical signaling.[28][29][30][31] PDCP security keys are derived hierarchically from access stratum (AS) master keys using a key derivation function (KDF), ensuring fresh and unique keys for each session or bearer to mitigate key reuse risks. In LTE, keys such as K_RRCenc (for RRC ciphering), K_UPenc (for user plane ciphering), K_RRCint (for RRC integrity), and K_UPint (for user plane integrity in relay nodes) are generated from the base key K_eNB via a KDF with inputs including a fixed constant (e.g., FC=0x69), algorithm type, bearer identity, and length, as defined in TS 33.401. For 5G NR, the hierarchy starts from K_gNB or K_AMF, deriving K_RRCenc, K_RRCint for control plane, K_UPenc and K_UPint for user plane, and KEK (PDCP entity key) for short MAC-I in sidelink or specific configurations, using similar KDF parameters per TS 33.501; 256-bit variants are supported by deriving longer keys. Keys are provided to the PDCP entity during setup or reconfiguration, with fresh derivation triggered by security mode commands to align with authentication outcomes.[31][30][28][29] Activation and deactivation of PDCP security mechanisms are managed through RRC reconfiguration procedures, allowing dynamic enabling or suspension based on network policies and mobility events. In both LTE and 5G, upper layers signal activation via SecurityModeCommand, applying ciphering and integrity from specified PDCP SNs onward, with suspension possible during connection release or inactivity to reduce computational overhead. Deactivation occurs via SecurityModeRejection or reconfiguration, resetting protection until re-established, and keys are refreshed during handovers or re-establishments to prevent exposure. Replay protection is inherently provided through the 32-bit COUNT in ciphering and integrity inputs, where the HFN and PDCP SN detect out-of-sequence or duplicate packets, discarding them to thwart replay attacks; this is activated whenever integrity protection is enabled (except NULL). These procedures ensure seamless security transitions without data loss.[28][29][30][31]Sequence Handling and Reordering
The Packet Data Convergence Protocol (PDCP) utilizes sequence numbering to maintain the integrity and order of data transfer across potentially lossy radio links. Each PDCP entity assigns a monotonically increasing sequence number (SN) to every incoming service data unit (SDU) before transmission, ensuring unique identification within the entity's scope. The SN length has evolved across 3GPP releases: 7 bits in UMTS (Release 99 to 6), providing a sequence space of 128; 12 bits in LTE (Release 8 onward), offering 4096 possible values; and 12 or 18 bits in 5G NR (Release 15 onward), with 18-bit support configurable for user plane data radio bearers (DRBs) and multicast radio bearers (MRBs) to accommodate higher data rates and larger buffers, while signaling radio bearers (SRBs) and some DRBs use 12 bits.[21] The exact length is signaled by upper layers via radio resource control (RRC) configuration, differing by bearer type (e.g., SRBs versus DRBs) and direction (uplink/downlink), with the full COUNT value incorporating the SN and a hyper frame number (HFN) for extended range.[21] At the transmitting PDCP entity, the SN assignment occurs immediately after SDU reception and before lower-layer submission: the SN is derived as the TX_NEXT state variable modulo $2^{\text{SN length}}, after which TX_NEXT is incremented by 1 for the next SDU. This process repeats per SDU, cycling through the sequence space without reset unless re-establishment occurs, and applies independently to each PDCP entity for uplink, downlink, or sidelink communications. The resulting PDCP protocol data unit (PDU) carries the SN in its header, enabling downstream functions like reordering and integrity checks.[21] On the receiving side, PDCP implements reordering to reconstruct the original SDU sequence for upper-layer delivery, buffering out-of-order PDUs in a reception buffer while discarding those outside the valid window. The reordering window size is half the sequence space—2048 for 12-bit SN and 131072 for 18-bit SN—defining the maximum gap tolerated before declaring losses. Key state variables include RX_NEXT (the expected next COUNT), RX_DELIV (the first undelivered COUNT), and RX_REORD (the reordering boundary, set to RX_NEXT plus the window size). Upon PDU reception, if the received COUNT (RCVD_COUNT) equals RX_NEXT, consecutive buffered SDUs are delivered upward and variables advanced; if RCVD_COUNT > RX_NEXT but within the window, the PDU is buffered and a t-Reordering timer starts (or restarts if already running). Timer expiration triggers delivery of all buffered SDUs up to RX_REORD, forwarding any gaps as losses to lower layers for potential recovery. This mechanism ensures robust in-sequence delivery even under packet reordering from multipath or scheduling delays.[21] Duplication detection prevents redundant processing by comparing the RCVD_COUNT against RX_DELIV: PDUs with RCVD_COUNT < RX_DELIV are discarded as duplicates, as are those already buffered with matching COUNT. For data radio bearers, a configurable discardTimer (set by RRC, typically milliseconds to seconds) starts upon SDU arrival; if it expires without successful reordering and delivery, the SDU is discarded to free buffer space and signal lateness, enhancing efficiency in high-mobility scenarios. This timer applies per DRB but not to SRBs, where state continuity may override.[21] PDCP status reporting provides feedback on reception status via optional PDCP Status PDUs, sent from the receiving entity to the transmitter upon triggers like re-establishment, data recovery, or periodic polling for acknowledged mode (AM) DRBs and MRBs. The PDU format includes a 32-bit first missing COUNT (FMC, set to RX_DELIV) followed by a bitmap (up to ~9000 bytes) where each bit indicates if the corresponding SN (FMC + bit position modulo $2^{32}) is missing (0) or received (1), covering up to 71680 SDUs. Upon receipt, the transmitting PDCP discards SDUs marked as received to avoid resubmission to lower layers, indirectly prompting RLC retransmissions for missing ones in AM mode; this is absent in unacknowledged mode (UM) DRBs to minimize overhead.[21]Data Duplication
PDCP supports data duplication to enhance transmission robustness, particularly in 5G NR for scenarios requiring high reliability such as carrier aggregation (CA), dual connectivity (DC), and sidelink communications. Introduced in LTE Release 16 and specified in 3GPP TS 38.323 for NR, this function allows the transmitting PDCP entity to duplicate selected PDUs and submit copies to multiple RLC entities associated with different logical channels, increasing the likelihood of successful delivery without relying solely on lower-layer retransmissions. Duplication is configured per DRB via RRC, targeting specific bearers (e.g., for URLLC traffic), and uses the same SN for duplicates to enable detection at the receiver. The receiving PDCP de-duplicates using the SN, delivering only the first correctly received copy in sequence. This mechanism reduces latency for critical applications by providing proactive redundancy, with activation/deactivation managed during bearer setup or reconfiguration to balance reliability and resource overhead.[22]Protocol Procedures
PDCP Entity Setup
The Packet Data Convergence Protocol (PDCP) entity is established during connection setup or reconfiguration for each radio bearer, including signaling radio bearers (SRBs) and data radio bearers (DRBs), excluding SRB0 and certain short-message variants like SRB1bis. This creation is triggered by the Radio Resource Control (RRC) layer through signaling messages such as RRCConnectionSetup or RRCReconfiguration in LTE, and RRCSetup or RRCReconfiguration in 5G NR, which specify key parameters including the sequence number (SN) length, header compression type, and security algorithms for ciphering and integrity protection.[32] Upon establishment, the transmitting PDCP entity initializes its state variables, such as setting the transmit HFN (hyper frame number) to zero and preparing the sequence handling mechanism. PDCP entities operate in a full processing mode that includes header compression, security functions, and robust header compression (RoHC) or enhancements like Ethernet header compression (EHC) and uplink data compression (UDC), tailored to the bearer type. For short signaling radio bearers, a transparent-like operation may bypass certain processing steps, such as header compression, to minimize overhead, though integrity protection remains active for SRB1, SRB2, and SRB3.[32] A reset procedure, invoked by upper layers during reconfiguration or recovery, reinitializes the PDCP state by setting the next expected transmit and receive SNs to zero, clearing buffers, and stopping any active timers to ensure a clean slate without data loss from prior sessions.[32] To support seamless mobility, PDCP re-establishment is performed during handovers, where the target entity inherits configuration from the source but applies new security keys, potentially using status transfer mechanisms to report unacknowledged PDCP service data units (SDUs) and avoid packet loss.[32] For dual active protocol stack (DAPS) handovers in 5G, the PDCP entity maintains parallel instances at source and target, enabling continued transmission until the source leg is released.[32] This re-establishment interacts briefly with the radio link control (RLC) layer to map initial data to appropriate acknowledged or unacknowledged mode entities. Configuration parameters are defined per PDCP entity during RRC setup to optimize performance and reliability. The t-Reordering timer, set by upper layers, governs the reordering window for out-of-sequence PDUs, triggering delivery of buffered data upon expiry if no gaps remain.[32] The discardTimer controls SDU retention at the transmitter, discarding PDUs after expiry to prevent indefinite buffering.[32] Header compression profiles, such as RoHC channels for IP packets (profile 0x0001 for RTP/UDP/IP), are configured to reduce overhead, with options for continuation across handovers to maintain compression context efficiency.[32]Data Transfer Operations
The Packet Data Convergence Protocol (PDCP) facilitates the transfer of user plane and control plane data between the transmitter and receiver in mobile networks, ensuring efficient and secure conveyance of Protocol Data Units (PDUs).[32] On the transmitter side, the PDCP entity receives a PDCP Service Data Unit (SDU) from the upper layer, such as the Service Data Adaptation Protocol (SDAP) or Radio Resource Control (RRC), and associates it with a COUNT value derived from the transmission sequence number (TX_NEXT).[32] If header compression is enabled, the SDU undergoes Robust Header Compression (ROHC) or Enhanced Header Compression (EHC) to reduce overhead, followed by optional Uplink Data Compression (UDC) if configured.[32] Subsequently, the compressed SDU is subjected to ciphering using security keys established during entity setup, and integrity protection is applied by appending a Message Authentication Code for Integrity (MAC-I) if required.[32] A PDCP header is then added, incorporating the PDCP Sequence Number (SN) set to TX_NEXT modulo the SN size (e.g., 12 or 18 bits), along with any necessary control fields.[32] The resulting PDCP Data PDU is forwarded to the lower layer, typically the Radio Link Control (RLC) entity, for further processing and transmission.[32] On the receiver side, the PDCP entity obtains PDCP Data PDUs from the lower layer, such as RLC, and derives a received COUNT (RCVD_COUNT) based on the SN in the header and the expected reception sequence (RX_NEXT).[32] It first verifies the integrity by checking the MAC-I against the received data using the corresponding security keys; if verification fails, the PDU is discarded, and the upper layer, such as RRC, is notified of the failure.[32] The PDU is then deciphered using RCVD_COUNT, followed by decompression to restore the original SDU if ROHC, EHC, or UDC was applied.[32] The decompressed SDU is stored in a reordering buffer, where SN-based reordering ensures delivery in ascending order of COUNT values, starting from RX_DELIV.[32] Duplicates are detected and discarded based on prior reception checks within the reordering window, and late arrivals are supported if they fall within this window before being discarded.[32] In-order SDUs are delivered to the upper layer once contiguous sequencing is achieved up to RX_DELIV.[32] PDCP also handles control PDUs separately from data transfer, which do not carry upper-layer SDUs.[32] Status report PDUs are generated and transmitted to indicate missing or received SNs, typically triggered during recovery processes, using a bitmap to report the reception status relative to a First Missing COUNT (FMC).[32] RoHC feedback PDUs are sent without SN or ciphering to provide compression state updates to the compressor, either as standalone PDUs or interspersed within data PDUs.[32] These control mechanisms ensure reliable feedback without disrupting the primary data flow.[32]Robustness Features
The Packet Data Convergence Protocol (PDCP) incorporates re-establishment procedures to maintain continuity during handovers, minimizing data loss by either resetting sequence numbers or transferring status information. In LTE systems, upon upper layers requesting PDCP re-establishment—typically triggered by handover—the transmitting PDCP entity resets its sequence number (SN) state variables, such as Next_PDCP_TX_SN and TX_HFN, to zero and retransmits all PDCP service data units (SDUs) that were not confirmed for delivery, in ascending COUNT order.[33] For the receiving side, the PDCP entity similarly resets RX_HFN and Next_PDCP_RX_SN to zero unless stored UE access stratum (AS) context is used, in which case it initializes based on transferred status to align with the source node.[33] This status, including the first missing SN and a bitmap of delivered packets, is transferred from the source eNodeB to the target via X2 or S1 interfaces during handover preparation, enabling the target to request retransmissions of lost PDCP protocol data units (PDUs) via status reports.[33] In 5G New Radio (NR), PDCP enhances robustness for ultra-reliable low-latency communication (URLLC) through data duplication introduced in Release 15. When configured with pdcp-Duplication, a PDCP entity associates with up to four unidirectional unacknowledged mode (UM) or acknowledged mode (AM) radio link control (RLC) entities. The transmitting PDCP entity duplicates each PDCP Data PDU by submitting identical copies—with the same PDCP SN and COUNT—to multiple activated RLC entities, such as primary and secondary paths, for parallel transmission.[32] Duplication is activated or deactivated dynamically via MAC control elements. The receiving PDCP entity discards duplicates upon detection via matching COUNT values, forwarding only the first correctly received copy to upper layers after integrity protection and deciphering.[32] In Release 19 (as of 2025), PDCP introduces support for indicating delay-critical PDUs to the RLC layer, enabling prioritized handling for applications like extended reality (XR) to meet stringent low-latency requirements.[32] To prevent ciphering desynchronization, PDCP employs hyper frame number (HFN) management as part of the 32-bit COUNT value, where HFN occupies the higher bits and PDCP SN the lower bits. The transmitting entity increments TX_HFN when Next_PDCP_TX_SN wraps around the maximum SN (e.g., after 4095 for 12-bit SN), while the receiving entity adjusts RX_HFN based on the received SN relative to RX_DELIV and the reordering window to maintain alignment.[33] Desynchronization risks arise if more than half the SN space is unacknowledged, potentially causing HFN overflow and incorrect deciphering; thus, implementations must monitor and avoid excessive unconfirmed PDUs, with re-establishment resetting HFN to zero for recovery.[33] This mechanism ensures robust security even in scenarios with packet loss or delays. Upon bearer release, PDCP handles end-of-data by notifying upper layers implicitly through delivery of all remaining buffered data. The receiving PDCP entity delivers stored PDCP SDUs to upper layers in ascending COUNT order—after header decompression and integrity verification—before discarding any undelivered PDUs and releasing the entity.[32] For the transmitting side, upper layers are informed via the discard of untransmitted SDUs, with any ongoing timers (e.g., t-Reordering) stopped to finalize delivery.[32] This procedure guarantees no data is lost in buffered queues during deactivation, supporting seamless session termination.[32]Specifications
3GPP Standards
The Packet Data Convergence Protocol (PDCP) is standardized within the 3rd Generation Partnership Project (3GPP) by the Technical Specification Group (TSG) Radio Access Network (RAN) Working Group 2 (WG2), which develops specifications for radio interface layer 2 and layer 3 protocols, including PDCP.[34] For Universal Mobile Telecommunications System (UMTS), the core PDCP specification is defined in 3GPP TS 25.323, which outlines the protocol's operation, while Radio Resource Control (RRC) aspects related to PDCP configuration and management are covered in TS 25.331; security aspects are specified in TS 33.102. These specifications evolved across Releases 4 to 7 to support enhanced packet data handling in 3G networks.[4][35][36] In Long-Term Evolution (LTE), the primary PDCP specification is provided in 3GPP TS 36.323, with RRC integration detailed in TS 36.331 to handle PDCP entity setup and control; these documents span Releases 8 to 17, and security aspects, including ciphering and integrity protection for PDCP, are specified in TS 33.401.[2][37][38] For 5G New Radio (NR), PDCP is specified in 3GPP TS 38.323, complemented by RRC procedures in TS 38.331 for PDCP management, and security in TS 33.501; introduced in Release 15 and onward, TS 38.323 received significant updates in version 16 to support packet duplication for improved reliability in dual connectivity scenarios.[3][39][40] As of November 2025, the most recent versions of these specifications incorporate enhancements from 3GPP Releases 18 and 19, enabling advanced features for 5G-Advanced deployments such as improved latency reduction and spectrum efficiency.[41][42]Header and PDU Formats
The Packet Data Convergence Protocol (PDCP) employs byte-aligned Protocol Data Units (PDUs) consisting of a header followed by payload, with the header structure varying based on the PDU type (data or control) and configuration parameters such as the length of the PDCP Sequence Number (SN) field. The basic header format is a 1- or 2-byte structure that includes a Data/Control (D/C) indicator (1 bit: 0 for control PDU, 1 for data PDU), optional reserved bits (R, set to 0 and ignored upon reception), and the PDCP SN field, which supports variable lengths of 5, 7, 12, 15, or 18 bits depending on the radio bearer type and release (e.g., 7 or 12 bits in LTE user plane, 12 or 18 bits in 5G NR).[43][44] While no explicit plane indicator (user vs. control) appears in the header—the plane is determined by the PDCP entity configuration—the format accommodates both user plane data transfer and signaling radio bearer (SRB) control operations. Reserved bits ensure future-proofing with unused fields in current releases.[43] PDCP Data PDUs carry the Service Data Unit (SDU) from upper layers, preceded by the header and optionally followed by a 32-bit Message Authentication Code for Integrity (MAC-I) if integrity protection is enabled. The SDU may be header-compressed and/or ciphered prior to encapsulation, but the header itself remains unciphered to enable SN-based reordering. Header sizes range from 1 byte (e.g., 7-bit SN in LTE user plane) to 3 bytes (e.g., 18-bit SN in 5G NR data radio bearer), with the SN providing uniqueness for duplicate detection and reordering—though detailed SN usage in reordering is addressed elsewhere. For instance, in an LTE user plane configuration with a 12-bit SN, the 2-byte header allocates the first byte to the D/C bit (bit 8=1), three reserved bits (bits 7-5=000), and SN bits 11-4 (bits 4-1), while the second byte holds SN bits 3-0 (bits 8-5), followed directly by the SDU or MAC-I.[43][44] Control PDUs, identified by D/C=0, use distinct formats without an SN field in most cases and are not subject to ciphering or integrity protection. There are three primary types: PDCP Feedback PDUs for RoHC (variable length, consisting of a 1-byte header with D/C=0 followed by the RoHC feedback packet), Status Report PDUs (variable length, comprising a 12- or 18-bit First Missing SDU (FMS) indicator followed by a bitmap of received SNs to signal losses), and Inter-RAT Handover Report PDUs (specific to LTE-WLAN Aggregation, including FMS, highest received watermark, and number of missing PDUs). Reserved bits ensure octet alignment, and the total control PDU header overhead remains minimal (typically 1-2 bytes plus payload). These formats support robust operation across LTE (TS 36.323) and 5G NR (TS 38.323), with NR introducing a 3-bit PDU Type field (e.g., 000 for status report, 001 for RoHC feedback) immediately after D/C to differentiate control subtypes.[43][44]| PDU Type | Header Size (bytes) | Key Fields | Optional Elements |
|---|---|---|---|
| Data PDU (7-bit SN, LTE UP) | 1 | D/C (1 bit), SN (7 bits) | MAC-I (4 bytes) |
| Data PDU (12-bit SN, LTE/SRB) | 2 | D/C (1 bit), R (3 bits), SN (12 bits) | MAC-I (4 bytes) |
| Data PDU (18-bit SN, 5G NR) | 3 | D/C (1 bit), R (1 bit), SN (18 bits) | MAC-I (4 bytes) |
| Control: RoHC Feedback | Variable (1+) | D/C (1 bit), RoHC packet | None |
| Control: Status Report | Variable (2+) | D/C (1 bit), PDU Type (3 bits), FMS (12/18 bits), Bitmap | None |
| Control: Inter-RAT Report (LTE) | Variable (3+) | D/C (1 bit), PDU Type (3 bits), FMS, HRW, NMP | None |