Cisco Cisco ASR 5000 Livre blanc
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 1
White Paper
Secure Wi-Fi Offload for Untrusted Networks:
Cisco ePDG Evolved Packet Data Gateway
Cisco ePDG Evolved Packet Data Gateway
Mobile subscribers want access to the Internet at home, work, hotspots, and
everywhere in between. They also expect the same quality of experience and access
to the same services regardless of access type. At the same time, we are in the midst
of a mobile data surge that is placing strains on macro radio resources. These are
some of the factors promoting expanded service offerings over multiple new
unsecure, untrusted access networks, such as broadband DSL, fiber to the home,
high-density events, or cable broadband networks, using technologies such as Wi-Fi.
How do you cost-effectively and securely deliver the same intelligent services over
untrusted networks that your customers enjoy today?
everywhere in between. They also expect the same quality of experience and access
to the same services regardless of access type. At the same time, we are in the midst
of a mobile data surge that is placing strains on macro radio resources. These are
some of the factors promoting expanded service offerings over multiple new
unsecure, untrusted access networks, such as broadband DSL, fiber to the home,
high-density events, or cable broadband networks, using technologies such as Wi-Fi.
How do you cost-effectively and securely deliver the same intelligent services over
untrusted networks that your customers enjoy today?
The Cisco
®
ePDG Evolved Packet Data Gateway, one component of Cisco’s Small Cell Gateway, provides
subscribers easy access as they transparently roam between external trusted networks and untrusted networks.
The solution offers the highest possible level of security, market-leading IP Security/Internet Key Exchange
Version 2 (IPsec/IKEv2) tunnel performance, integration of multiple network functions into a single platform for the
lowest possible total cost of ownership, real-time integrated intelligence with policy enforcement, and voice-grade
reliability. Cisco ePDG is tightly integrated into Cisco’s Evolved Packet Core (EPC) solution, using the same
hardware platforms (Cisco ASR 5000 and ASR 5500) and software as our existing functions, such as Cisco
Packet Data Network (PDN) Gateway (PGW), Cisco Serving Gateway (SGW), Home Agent (HA), and Cisco high
Rate Packet Data (HRPD) Serving Gateway (HSGW).
Cisco ePDG is a crucial component of a comprehensive solution that allows for integration of access of traffic that
does not meet 3rd Generation Partnership Project (3GPP) standards into EPC, including a client as well as the
access policy control framework. The access policy control framework is a very important element, providing you
with the means to grant the user quality of experience while maintaining control over mobile devices. This
framework extends the 3GPP-defined policy solution and provides exceptional Cisco value additions that allow
optimal access and network selection as well as enhanced quality of service (QoS).
By using the same software found in Cisco’s deployed EPC solution, you can provide the same service
capabilities and consistency on the Wi-Fi network as is available on the macro network. This includes consistent
QoS provided over the Wi-Fi network, supporting real-time low-latency applications, such as voice and video, with
optimal user quality. The solution also addresses challenges such as mobile billing for Wi-Fi traffic as well as
Lawful Intercept.
Cisco ePDG terminates and manages subscriber-initiated IPsec/IKEv2 tunnels. The IPsec tunnels are used to
perform secure transfers of authentication information and subscriber data over the untrusted interfaces and
backhauls. In addition, Cisco ePDG performs the following functions:
●
Authentication and authorization of the subscriber equipment and data