Cisco Cisco Packet Data Gateway (PDG)
Evolved Packet Data Gateway Overview
▀ Features and Functionality
▄ ePDG Administration Guide, StarOS Release 17
56
S.No Use Case
Expected Behavior
2.
ePDG receives the emergency session with UE indicating the
emergency APN connectivity request for UE whose authentication
fails at AAA.
emergency APN connectivity request for UE whose authentication
fails at AAA.
ePDG shall be rejecting the call.
3.
Local PGW configured within the Emergency APN support and
dynamic PGW selection fails as DNS server does not respond.
dynamic PGW selection fails as DNS server does not respond.
ePDG shall be utilizing the APN profile
configuration and establish call with local
configured PGW.
configuration and establish call with local
configured PGW.
4.
Local PGW configured within the Emergency APN support and
PGW obtained from dynamic PGW selection fails does not responds.
PGW obtained from dynamic PGW selection fails does not responds.
ePDG shall be utilizing the APN profile
configuration and establish call with local
configured PGW.
configuration and establish call with local
configured PGW.
5
Local configuration based PGW selection is configured as preferred
way of PGW selection corresponding to emergency APN profile.
way of PGW selection corresponding to emergency APN profile.
ePDG shall be utilizing the APN profile
configuration and establish call with local
configured PGW.
configuration and establish call with local
configured PGW.
Passing on UE tunnel Endpoint Address over SWm support
Mobile operators would like to be able to block Vowifi calls from users while roaming.It is required that the tunnel end-
point (WLC or AP) IP address to be passed on from ePDG. This is very important to the operator as it generates a huge
amount of revenue from roaming calls and would like to minimise the revenue leakage from users making Vowifi calls
while roaming.
point (WLC or AP) IP address to be passed on from ePDG. This is very important to the operator as it generates a huge
amount of revenue from roaming calls and would like to minimise the revenue leakage from users making Vowifi calls
while roaming.
How Passing on UE tunnel Endpoint Address over SWm works
The provisioning of UE Tunnel Endpoint-IP (IKEv2 tunnel endpoint incase of NAT) to AAA server will help the
operator in identifying the UE's location at AAA server. The operator uses this information to control the access or to
decide the UE connections. For example, Operator can lookup the GeoIP database (GeoDB) against the UE tunnel
endpoint IP to identify the country from where the UE is connecting from. Based on this information operator can allow
the call or reject it(using auth-failure) according to the policy configured. Lets say the policy dictates that the VoWiFi
calls are allowed only for UEs connecting from home country but not allowed while roaming outside the country, they
can save the revenue leakage using this information.
operator in identifying the UE's location at AAA server. The operator uses this information to control the access or to
decide the UE connections. For example, Operator can lookup the GeoIP database (GeoDB) against the UE tunnel
endpoint IP to identify the country from where the UE is connecting from. Based on this information operator can allow
the call or reject it(using auth-failure) according to the policy configured. Lets say the policy dictates that the VoWiFi
calls are allowed only for UEs connecting from home country but not allowed while roaming outside the country, they
can save the revenue leakage using this information.
The value will be sent in UE-Local-IP-Address AVP(IPv4/IPv6) in all the DER messages to AAA server in SWm
interface.The AVP is sent as part of standard SWm dictionary (aaa-custom16). In case of AAA server rejects the call
based on the tunnel endpoint IP, ePDG will send AUTHENTICATION_FAILED/24 as NOTIFY error message in
IKEv2 message to communicate the same to UE.
interface.The AVP is sent as part of standard SWm dictionary (aaa-custom16). In case of AAA server rejects the call
based on the tunnel endpoint IP, ePDG will send AUTHENTICATION_FAILED/24 as NOTIFY error message in
IKEv2 message to communicate the same to UE.
This feature is supported for EAP based authentication mechanism and not for non UICC deployment using certificate
based device authentication.
based device authentication.