ePDG - Evolved Packet Data Gateway

Mobile operators usually see Wi-Fi as a relief for internet access. However, as they grow their data service portfolio, including voice, messaging, security (parental control and anti-malware inclusive), and secure CRM-protected video delivery which are mostly delivered from their service LANs over cellular radio access networks (RANs), they must look to extend the delivery of services over other access networks, including Wi-Fi.

 

Further, we will discuss the following topics:

EPC in a YateUCN: MME, SGW, PGW, PCEF

Wireless communications systems are widely deployed to provide various communication content such as voice, video, packet data, messaging, broadcast, and so on. These systems may be multiple-access systems capable of supporting communication with multiple users by sharing the available system resources such as time, frequency, and power.

A wireless network, such as a wireless local area network (WLAN), or another network operating in an unlicensed radio frequency spectrum such as MulteFire (like operating based on the Long Term Evolution (LTE) technology in an unlicensed spectrum) may include an access point (AP) that may communicate with mobile devices or stations (STAs). The AP may be coupled to a network, such as the Internet, and may enable a mobile device to communicate via the network (or communicate with other devices coupled to the access point).

A wireless device may communicate with a network device bi-directionally. For example, in a WLAN, a station or mobile device may communicate with an associated AP via downlink (DL) and uplink (UL). The DL (or forward link) may refer to the communication link from the AP to the station, and the UL (or reverse link) may refer to the communication link from the station to the AP.

The ePDG, in this case, provides access to PS domain services to WLAN UEs. For interaction with the LTE EPC (Evolved Packet Core), an ePDG (Evolved PDG) may be applied. General responsibilities include IP address management, support for MIP (Mobile IP), Quality of Service (QoS) enforcement, lawful intercept, and security.

 

Characteristics and Features of ePDG

The key features and characteristics of ePDG are:

  • The integration of multiple core network functions within a single node
  • Better performance including a backhaul security through IPSec tunnels, tunnel set-up rates, throughput, and deep packet inspection (DPI)
  • Real-time subscriber, service, and application intelligence
  • Significant memory resources
LTE EPC
Test YateUCN now!

Benefits of ePDG

  • 1.
    More Potential for Ultra-Broadband Services:
    With the emergence of mobile gateways like the ePDG, there has been an improvement in the delivery of ultra-broadband mobile services with exceptional performance and scale. These gateways have provided service agility and deployment flexibility with concurrent support for a wide range of functions including that of the ePDG for untrusted and non-3GPP networks.
  • 2.
    Scalable and Secure
    The ePDG supports secure access interworking between the mobile Packet Core and untrusted, non-3GPP networks. An IPSec tunnel is established between the user device and the ePDG to ensure security. The IPSec tunnel, which is transparent to the local Wi-Fi access point (AP), is established when the local IP address is assigned to the device. The tunnel originates from the user equipment for each Packet Data Network (PDN) session and protects both the user equipment (UE) and the wireless packet core.
  • 3.
    Privacy and security
    Security is the major concern of operators that adopt IP-based LTE. An ePDG can significantly improve the defenses of the operator against malware (which is becoming rampant) and hackers of IP systems. The ePDG protects the communication of the user while also optimizing the ability of the mobile core to resist attacks and overloads.
  • 4.
    Scalability and user experience
    Many operators handle millions of subscribers that make billions of calls every month. This requires that their gateway and core platform needs to be able to scale up to huge levels of usage. A dedicated ePDG is designed specifically to address this and secure the subscribers at the border resulting in an optimized performance level and the ability to scale. IPSec is extremely process-intensive and so can have an impact on the user experience and the performance of the core if carried out by a general-purpose platform. ePDG thus combines support for high-density service interfaces with low power consumption. Besides, encryption and decryption will have minimal impact on latency.
  • 5.
    Flexibility
    Mobile IP services are in their early stages and the needs of the operator and the subscriber are changing rapidly. Part of an operator’s competitive edge comes from its ability to respond to changes quickly and cost-effectively, to keep its user experience strong and up-to-date and doing this without having to put together a major network change each time the need arises. A purpose-built ePDG gateway often has a better ability to address emerging new requirements flexibly because it can perform changes at the edge, without having to impact on the entire packet gateway on each occasion of a change.

In conclusion, the ePDG offers certain capabilities and functionalities as highlighted below:

  • Full support for IPSec/IKEv2-based interface between the WLAN (wireless LAN) UEs and the ePDG.
  • Routing of packets between the WLAN UEs and the PGW
  • PGW selection via DNS client functionality to provide PDN (packet data network) connectivity to the WLAN UEs.
  • Support for passing assigned IPv4/IPv6 address configurations from the PGW to the WLAN UEs.
  • Tunnel authorization and authentication for the IPSec/PMIPv6/GTPv2 tunnels using an EAP-AKA authentication method between the 3GPP AAA server and the WLAN UEs. (NB: EAP – AKA stands for; Extensible Authentication Protocol – Authentication and Key Agreement)
Test YateUCN now!

Definition of terms

  • IPSec
    This is a protocol suite for a secure internet protocol (IP) communication providing authentication and encryption of IP packets.
  • IKE: Internet Key Exchange (IKEv2)
    This refers to a protocol used in setting up security association (SA) in the IPSec protocol suite.
  • EAP: Extensible Authentication Protocol
    This is an authentication framework that provides the transport and usage of keying material and parameters generated by EAP methods. EAP authentication goes between the AAA and UE.
  • ESP: Encapsulating Security Payload
    This is a protocol in the IPSec protocol suite that is responsible for authentication, integrity, and confidentiality of IP packets.IPSec is extremely process-intensive and so can have an impact on the user experience and the performance of the core if carried out by a general-purpose platform. ePDG thus combines support for high-density service interfaces with low power consumption. Besides, encryption and decryption will have minimal impact on latency.