Cisco Cisco ASR 5000 Weißbuch
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 5
Cisco ePDG Features and Benefits
Cisco ePDG is a software application on the Cisco ASR 5000 and ASR 5500, which are the same platforms that
support other fourth-generation (4G) and third-generation (3G) nodes in the following:
●
EPC: Mobility Management Entity (MME), Cisco SGW, and Cisco PGW
●
Universal Mobile Telecommunications System (UMTS): Cisco Gateway GPRS Support Node (GGSN) and
Serving GPRS Support Node (SGSN)
●
Code Division Multiple Access (CDMA): Cisco Packet Data Serving Node (PDSN) and Home Agent (HA)
The Cisco ePDG software application is built on StarOS, the same software used for all other applications
supported on the Cisco ASR 5000 and ASR 5500. This provides a high degree of flexibility for deployment plus a
single hardware and software platform for ePDG, PGW, SGSN, GGSN, HA, HSGW, and PDSN. This flexibility
allows Cisco ePDG to be deployed as a standalone chassis or co-located with any of the nodes provided by Cisco.
For example, a single chassis can support an ePDG + PGW combination node or ePDG + PGW + SGW + MME.
Note that the Cisco ASR 5000 can also be deployed as PDG/Tunnel Termination Gateway (TTG) and as Packet
Data Interworking Function (PDIF). A vast set of services and capabilities are available on Cisco ePDG, delivering
outstanding value. In addition, the same in-line services provided for other applications can optionally be enabled
through Cisco ePDG.
This flexibility and service consistency allows Cisco to provide the same level of QoS over Wi-Fi networks as over
macro networks. For example, voice traffic can be offloaded to the Wi-Fi network, providing a consistent voice
over Long-Term Evolution (LTE) experience.
In addition, by using the Cisco ASR 5000 or ASR 5500 platforms, you will obtain the same level of redundancy,
survivability, and availability for Wi-Fi services as for macro services. This includes both card -level and
geographic redundancy.
Cisco ePDG supports IPSec/IKE v2 tunnel termination per RFC 4306, including: multiple child SA support;
Network Address Translation (NAT) Traversal (RFC 3947), NAT Keepalive, and access control list (ACL);
configurable dead peer detection (RFC 3706) timer support; Diffie-Hellman Groups 1, 2, 5, 14; and Denial of
Service (DoS) protection, including thresholds for control plane attacks. For tunnel authentication and
authorization, Cisco ePDG supports Extensible Authentication Protocol (EAP) and Key Agreement (AKA)
authentication methods as mandated by 3GPP. The following encryption and authentication algorithms are
supported:
●
HMAC-MD5-96 (RFC 2403) NULL Encryption (RFC 2410)
●
HMAC-SHA1-96 (RFC 2404)
●
AES-128-CBC (RFC 3602)
●
DES-CBC (RFC 2405)
●
AES-256-CBC
●
3DES-CBC (RFC 2451)
●
PRF_AES-128-XCBC
For UE-initiated connectivity, Cisco ePDG supports connectivity to more than a single PDN. Cisco ePDG supports
UE connectivity to multiple access point names (APNs). The ePDG allows the UE to establish an SWu tunnel for
each APN. The capability to support connection to multiple PDNs for a single APN is on the ePDG roadmap.