Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
Packet Data Interworking Function Overview
▀ Product Description
▄ Cisco ASR 5000 Series Packet Data Interworking Function Administration Guide
OL-22963-01
Product Description
The goal of the Fixed Mobile Convergence (FMC) application is to enhance the in-building cellular coverage for FMC
subscribers, to reduce the cost of the infrastructure required to carry these calls, and to provide secure access to the
carrier’s network from a non-secure network. Designed for use exclusively on the Cisco® ASR 5000 Chassis, the
Packet Data Interworking Function (PDIF) is a network function based on the 3GPP2 X.S0028-200 standard defining
cdma2000 Packet Data Services over an 802.11 WLAN.
subscribers, to reduce the cost of the infrastructure required to carry these calls, and to provide secure access to the
carrier’s network from a non-secure network. Designed for use exclusively on the Cisco® ASR 5000 Chassis, the
Packet Data Interworking Function (PDIF) is a network function based on the 3GPP2 X.S0028-200 standard defining
cdma2000 Packet Data Services over an 802.11 WLAN.
A PDIF allows mobile devices to access the Internet over an all-IP WLAN using IKEv2 as the signaling interface. The
IKEv2 control path exists between the mobile station (MS) (a dual-mode handset (DMH)) and the PDIF establishing an
IPSec tunnel. PDIF also acts as a security gateway protecting CDMA network resources and data (see the Interfaces
section). The PDIF is tightly integrated with a collocated Foreign Agent (FA) service, and the PDIF is known
throughout this manual as PDIF/FA.
IKEv2 control path exists between the mobile station (MS) (a dual-mode handset (DMH)) and the PDIF establishing an
IPSec tunnel. PDIF also acts as a security gateway protecting CDMA network resources and data (see the Interfaces
section). The PDIF is tightly integrated with a collocated Foreign Agent (FA) service, and the PDIF is known
throughout this manual as PDIF/FA.
For handsets that do not support mobile IP, PDIF supports proxy mobile IP. If the MS is not suitable for proxy mobile
IP registration, it may still be allowed to establish a simple IP session, in which case the traffic is directly routed to the
Internet or corporate network from the PDIF. This behavior is controlled through the
IP registration, it may still be allowed to establish a simple IP session, in which case the traffic is directly routed to the
Internet or corporate network from the PDIF. This behavior is controlled through the
configuration in the domain, local default subscriber, or the corresponding Diameter AVP or RADIUS Access Accept.
If this is not present, establishing a simple IP session is permitted. Proxy-MIP is documented in the System Enhanced
Features Configuration Guide. Although not required for Proxy-MIP, this manual documents Proxy-MIP with a custom-
designed feature called multiple authentication (Multi-Auth). Instead of the more usual subscriber authentication, Multi-
Auth requires both the device and the subscriber be authenticated using EAP/AKA authentication for the first stage (the
device authentication) and GTC/MD5 for the second stage (the subscriber authentication). For this installation, neither
GTC nor MD5 is supported, which means authentication is done using PAP/CHAP instead.
If this is not present, establishing a simple IP session is permitted. Proxy-MIP is documented in the System Enhanced
Features Configuration Guide. Although not required for Proxy-MIP, this manual documents Proxy-MIP with a custom-
designed feature called multiple authentication (Multi-Auth). Instead of the more usual subscriber authentication, Multi-
Auth requires both the device and the subscriber be authenticated using EAP/AKA authentication for the first stage (the
device authentication) and GTC/MD5 for the second stage (the subscriber authentication). For this installation, neither
GTC nor MD5 is supported, which means authentication is done using PAP/CHAP instead.
When the subscriber is mobile, the MS operates as a normal mobile phone, sending voice and data over the CDMA
network. When the FMC subscriber returns home, or encounters a WiFi hotspot, the MS detects the presence of the
WiFi network, and automatically establishes an IPSec session with the PDIF/FA. When the secure connection has been
established and mobile IP registration procedures successfully finished, the PDIF/FA works with other network
elements to provide the MS with access to packet data services.
network. When the FMC subscriber returns home, or encounters a WiFi hotspot, the MS detects the presence of the
WiFi network, and automatically establishes an IPSec session with the PDIF/FA. When the secure connection has been
established and mobile IP registration procedures successfully finished, the PDIF/FA works with other network
elements to provide the MS with access to packet data services.
From here, all voice and data communication is carried over the IPSec tunnel and the PDIF/FA functions as a pass-
through for the authentication and accounting information on a RADIUS and/or Diameter server. The MS continues
operating over the IPSec tunnel until such time as it can no longer access the WiFi Access Point (AP). At this point, the
MS switches back to the CDMA network for normal mobile operation.
through for the authentication and accounting information on a RADIUS and/or Diameter server. The MS continues
operating over the IPSec tunnel until such time as it can no longer access the WiFi Access Point (AP). At this point, the
MS switches back to the CDMA network for normal mobile operation.