Cisco Cisco Packet Data Gateway (PDG)
Evolved Packet Data Gateway Overview
Features and Functionality ▀
ePDG Administration Guide, StarOS Release 17 ▄
21
the method for authenticating the subscriber session. EAP-AKA uses symmetric cryptography and pre-shared keys to
derive the security keys between the UE and EAP server. The ePDG represents the EAP authenticator and triggers the
identity challenge-response signaling between the UE and back-end 3GPP AAA server. On successful verification of
user credentials, the 3GPP AAA server obtains the Cipher Key and Integrity Key from the HSS. It uses these keys to
derive the MSK (Master Session Key) that are returned on EAP-Success to the ePDG. The ePDG uses the MSK to
derive the authentication parameters.
derive the security keys between the UE and EAP server. The ePDG represents the EAP authenticator and triggers the
identity challenge-response signaling between the UE and back-end 3GPP AAA server. On successful verification of
user credentials, the 3GPP AAA server obtains the Cipher Key and Integrity Key from the HSS. It uses these keys to
derive the MSK (Master Session Key) that are returned on EAP-Success to the ePDG. The ePDG uses the MSK to
derive the authentication parameters.
After the user credentials are verified by the 3GPP AAA and HSS, the ePDG returns the PDN address obtained from the
P-GW (using PMIPv6/GTPv2) to the UE. In the connection establishment procedures, the PDN address is triggered
based on subscription information conveyed over the SWm reference interface. Based on the subscription information
and requested PDN-Type signaled by the UE, the ePDG informs the P-GW of the type of required address (IPv6 and/or
IPv4 Home Address Option for dual IPv4/v6 PDNs).
P-GW (using PMIPv6/GTPv2) to the UE. In the connection establishment procedures, the PDN address is triggered
based on subscription information conveyed over the SWm reference interface. Based on the subscription information
and requested PDN-Type signaled by the UE, the ePDG informs the P-GW of the type of required address (IPv6 and/or
IPv4 Home Address Option for dual IPv4/v6 PDNs).
IPv6 Capabilities
IPv6 addressing enables increased address efficiency and relieves pressures caused by the rapidly approaching IPv4
address exhaustion problem.
address exhaustion problem.
The ePDG offers the following IPv6 capabilities:
Support for any combination of IPv4, IPv6, or dual stack IPv4/v6 address assignment from address pools on the
P-GW.
Support for native IPv6 transport and service addresses on the PMIPv6/GTPv2 S2b interface with the P-GW.
IPv6 transport is supported on the SWm Diameter AAA interface with the external 3GPP AAA server. Note that the
ePDG supports IPv6 transport for the UE-ePDG tunnel endpoints on the SWu interface.
ePDG supports IPv6 transport for the UE-ePDG tunnel endpoints on the SWu interface.
General Call Flow
The following section explains the basic ePDG call flows.