Cisco Cisco Packet Data Gateway (PDG)
Evolved Packet Data Gateway Overview
▀ Features and Functionality
▄ ePDG Administration Guide, StarOS Release 18
62
4. ePDG Identifies the previous session based on the received Fast-reauth-id as it already created mapping. ePDG
will handle this request as new session. This is because the request is for new APN and also the presence of
CP-Payload indicates that the call should be established till PGW without retaining the IP address(S2B
interface). The ePDG sends the Diameter-EAP-Request message to the 3GPP AAA Server, containing the fast-
reauth-id-1 and APN-2. Please note that ePDG uses the new diameter-session-id here as it is creating a new
session.
CP-Payload indicates that the call should be established till PGW without retaining the IP address(S2B
interface). The ePDG sends the Diameter-EAP-Request message to the 3GPP AAA Server, containing the fast-
reauth-id-1 and APN-2. Please note that ePDG uses the new diameter-session-id here as it is creating a new
session.
5. AAA server supports Fast-Reauthentication on per-UE basis. Hence it accepts fast-reauth-id-1 for APN-2.
6. The 3GPP AAA Server validates the fast-reauth-id-1 and initiates the fast re-authentication request.
6. The 3GPP AAA Server validates the fast-reauth-id-1 and initiates the fast re-authentication request.
Important:
Please note that there is no communication with HSS/HLR at this stage since
fast-reauth-id-1 is used. This makes the procedure faster and reduce load in HSS.
7.
The ePDG responds with its identity, a certificate, and sends the AUTH parameter to protect
the previous message it sent to the UE (in the IKE_SA_INIT exchange). The EAP message
received from the 3GPP AAA Server (EAP-Request/Fast-Reauthentication) is included in
order to start the EAP procedure over IKEv2.
received from the 3GPP AAA Server (EAP-Request/Fast-Reauthentication) is included in
order to start the EAP procedure over IKEv2.
8. The UE checks the authentication parameters and responds to the fast-reauthentication. The only payload (apart
from the header) in the IKEv2 message is the EAP message.
9. The ePDG forwards the EAP-Response/Fast-Reauthentication message to the 3GPP AAA Server.
10. The AAA checks if the Fast-reauthentication response is correct. When all checks are successful, the 3GPP AAA
10. The AAA checks if the Fast-reauthentication response is correct. When all checks are successful, the 3GPP AAA
Server sends the final Diameter-EAP-Answer(with a result code indicating success) including the users IMSI,
relevant service authorization information, an EAP success and the key material to the ePDG. This key material
consists of the MSK generated during the fast-reauthentication process. AAA-Server includes the SN-Fast-
Reauth-Username AVP with the fast-reauthentication-id value given to UE in step 5. ePDG creates mapping
between IMSI and Fast-reauthentication-ID at this point.
relevant service authorization information, an EAP success and the key material to the ePDG. This key material
consists of the MSK generated during the fast-reauthentication process. AAA-Server includes the SN-Fast-
Reauth-Username AVP with the fast-reauthentication-id value given to UE in step 5. ePDG creates mapping
between IMSI and Fast-reauthentication-ID at this point.
11. The EAP Success message is forwarded to the UE over IKEv2.
12. The UE shall take its own copy of the MSK as input to generate the AUTH parameter to authenticate the first
12. The UE shall take its own copy of the MSK as input to generate the AUTH parameter to authenticate the first
IKE_SA_INIT message. The AUTH parameter is sent to the ePDG in IKE_AUTH message.
13. The ePDG checks the correctness of the AUTH received from the UE. At this point the UE is authenticated. In
S2b interface, ePDG initiates GTPv2 signaling between ePDG and PDN GW for creating the default-bearer for
APN by sending Create-Session-Request to PGW with UE/APN details and request for IP-address allocation.
APN by sending Create-Session-Request to PGW with UE/APN details and request for IP-address allocation.
14. PGW responds with the Create-Session-Response message containing the allocation IP address, QoS details for
this default-bearer connection.
15. The ePDG calculates the AUTH parameter which authenticates the second IKE_SA_INIT message. The ePDG
shall send the assigned Remote IP address in the configuration payload (CFG_REPLY) in the
IKE_AUTH_RESPONSE message to UE.
IKE_AUTH_RESPONSE message to UE.
16. Call-2 is connected now for APN-2 and Call-1 already exists for APN-1.
ePDG Offline charging
Offline charging is a process where charging information is collected concurrently with that resource usage. The
charging information is then passed through a chain of logical charging functions. At the end of this process, CDR files
are generated by the network, which are then transferred to the network operator's Billing Domain(BD). Charging
information like amount of data transmitted in uplink and downlink direction are collected as part of ePDG-CDR are
used to inter-operator settlements.
charging information is then passed through a chain of logical charging functions. At the end of this process, CDR files
are generated by the network, which are then transferred to the network operator's Billing Domain(BD). Charging
information like amount of data transmitted in uplink and downlink direction are collected as part of ePDG-CDR are
used to inter-operator settlements.
ePDG Offline charging Architecture
The ePDG Offline charging involves the following functionalists for WLAN 3GPP IP Access:
Charging Trigger Function