The ePDG (Evolved Packet Data Gateway) is a 3GPP network component used to support Wi-Fi access, and its main role is to establish a secure IPsec channel between non-3GPP accesses (e.g., Wi-Fi) and the EPC (Evolved Packet Core). ePDGs are typically deployed in operator core networks and are key network elements for VoWiFi (Voice over Wi-Fi) and Wi-Fi offload. key network element for VoWiFi (Voice over Wi-Fi) and Wi-Fi offload.
Full Protocol Stack Standard Support
Strong compatibility, reduces the complexity of heterogeneous network integration and shortens deployment cycles
High-Reliability Disaster Recovery Capability
Ensures service continuity, avoids single point of failure risks, meets carrier-grade high availability requirements.
End-to-End Secure Encryption
Ensures the confidentiality and integrity of user data during public network transmission, defends against man-in-the-middle attacks.
Dynamic Seamless Switching Capability
Enhances user experience and ensures continuity of VoWiFi/VoLTE voice services.
Intelligent Local DNS Resolution
Reduces reliance on external DNS, optimizes traffic scheduling efficiency, and lowers network latency.
Emergency Service Priority Assurance
Meets public safety regulations and expands emergency service coverage scenarios.
ePDG Secure Access Technology
ePDG (Evolved Packet Data Gateway) is a key network element in the 5GC core network responsible for non-3GPP access (such as Wi-Fi). It establishes IPsec secure tunnels with user devices via the public network to enable encrypted communication and authentication, ensuring secure user access.
ePDG supports collaboration with AAA/HSS to complete EAP-AKA based authentication processes, and forwards user data to the core network (e.g., UPF, IMS, or Internet) via S2b or N3/N6 interfaces.
Distributed ePDG deployment can be extended to the edge network to achieve local traffic offloading, reduce latency, and alleviate transmission pressure. This meets the low-latency, high-security requirements of 5G services and is a key enabler for multi-access convergence and VoWiFi applications.
Function List
Interface Functional Features » SWu:
Connectivity Detection: DPD (Dead Peer Detection) detects inactive terminals and automatically clears contexts
Key Update: Supports dynamic key update for IKE SA and Child SA
Conflict Handling: Implements exchange conflict resolution mechanism according to RFC 7296
» SWm:
Redundant Connection: Supports SCTP multi-path coupling and active-standby HSS switching
» S2b:
Local DNS Resolution: Integrates DNS functionality, dynamically selects PGW address based on APN/PLMN
Protocol Functional Features » Diameter:
Basic Functions: Supports connection setup, capability negotiation (CER/CEA), heartbeat detection (DWR/DWA), and status management
Transport Layer Support: Establishes transport links based on SCTP or TCP
» IKEv2:
Basic Functions: Supports SA negotiation (IKE_SA_INIT), authentication (IKE_AUTH), notification exchange (INFORMATIONAL), NAT traversal, and identity protection
Key Management: Supports key update and lifecycle management for IKE SA and Child SA
» ESP:
Tunnel Mode: Encrypts original IP packets using DES/3DES/AES encryption algorithms and MD5/SHA1 integrity checks
» GTP:
GTP-C Control Plane: Supports session management (Create/Modify/Delete Session) and mobility management
GTP-U User Plane: Identifies tunnels using TEID to transmit user data
Process Functional Features » Registration: Establishes IPSec tunnel via IKEv2, completes authentication and session setup
» Detach: Releases session and IPSec tunnel resources
» Emergency Services: Supports emergency calls without SIM cards, bypasses regular authentication
» Handover: Seamless switching between 3GPP and non-3GPP access (e.g., WiFi-LTE handover)
Advanced Features » Dynamic Load Balancing: Distributes PGW traffic based on local DNS weight
» Disaster Recovery Backup: Supports active-standby HSS switching and SCTP multi-path redundancy
» QoS Assurance: High-priority scheduling for emergency services
Security Features » Identity Protection: Encrypts identity information exchange using IKEv2
» Data Encryption: Encrypts user data via ESP tunnel mode
» Integrity Check: Prevents data tampering (MD5/SHA1)
IPLOOK's compact EPC also called "IKEPC500 series", it combines MME, SGW, PGW, HSS, PCRF, IMS and DRA network elements in one X86 COTS platform what are 100% 3GPP compliant, and each of them can support all standard interfaces defined by 3GPP.
The IKEPC500 series consists of IKEPC 510 and IKEPC 520, using a unified EMS (Element Management System) to
reduce OPEX.
The IKEPC500 series can also be deployed in a centralized cloud or at the network edge, allowing a broad range of deployment scenarios.
Mobility Management Entity(MME) is a key component of the standards-defined Evolved Pack Core (EPC) for LTE. It provides mobility session management for the LTE network and supports subscriber authentication, roaming and handovers to other networks.
A Home Subscriber Server(HSS) / Home Subscriber Register(HLR) serves as the primary database repository of subscriber information within a LTE/EPC or IMS network core. By centralising all the subscriber information in a single place it allows the signalling to be separated from policy providing a stream lined, high performing network.
SGW(Serving Gateway)
The SGW node handles the user data traffic, but isn' t responsible for the signaling data used. It transports IP data from UE's to the LTE Core Network. The SGW also routes incoming and outgoing IP packets for better system collaboration and serves as an anchor for the UE when it moves from one eNodeB to another.
PGW (PDN Gateway)
PGW is the network node that connects the EPC to external IP networks. What the PGW does is that it routes packets to and from external IP networks. Beyond that, it also allocates an IP address to all UEs and enforces different policies regarding IP user traffic such as packet filtering.
Policy and Charging Rules Function (PCRF), is the part of the Evolved Packet Core (EPC) that supports service data flow detection, policy enforcement and flow-based charging. It offers a comprehensive solution that enables a new generation service provider to offer multiple use cases that allow them to better control their services and align their revenue with their resources.
Evolved Packet Data Gateway (ePDG), a vital role in Wi-Fi Calling (VoWiFi), enables mobile operators to securely connect untrusted non-3GPP IP access networks to trusted 3GPP E-UTRAN/EPC networks. It establishes IPSec tunnels using information obtained from the 3GPP AAA process, to ensure secure communication, the network security and internet working control.
By bridging Wi-Fi access points and mobile networks, IPLOOK ePDG helps expand wireless network coverage and offload traffic from congested cellular networks.
IPLOOK's compact EPC also called "IKEPC500 series", it combines MME, SGW, PGW, HSS, PCRF, IMS and DRA network elements in one X86 COTS platform what are 100% 3GPP compliant, and each of them can support all standard interfaces defined by 3GPP.
The IKEPC500 series consists of IKEPC 510 and IKEPC 520, using a unified EMS (Element Management System) to
reduce OPEX.
The IKEPC500 series can also be deployed in a centralized cloud or at the network edge, allowing a broad range of deployment scenarios.
Mobility Management Entity(MME) is a key component of the standards-defined Evolved Pack Core (EPC) for LTE. It provides mobility session management for the LTE network and supports subscriber authentication, roaming and handovers to other networks.
A Home Subscriber Server(HSS) / Home Subscriber Register(HLR) serves as the primary database repository of subscriber information within a LTE/EPC or IMS network core. By centralising all the subscriber information in a single place it allows the signalling to be separated from policy providing a stream lined, high performing network.
SGW(Serving Gateway)
The SGW node handles the user data traffic, but isn' t responsible for the signaling data used. It transports IP data from UE's to the LTE Core Network. The SGW also routes incoming and outgoing IP packets for better system collaboration and serves as an anchor for the UE when it moves from one eNodeB to another.
PGW (PDN Gateway)
PGW is the network node that connects the EPC to external IP networks. What the PGW does is that it routes packets to and from external IP networks. Beyond that, it also allocates an IP address to all UEs and enforces different policies regarding IP user traffic such as packet filtering.
Policy and Charging Rules Function (PCRF), is the part of the Evolved Packet Core (EPC) that supports service data flow detection, policy enforcement and flow-based charging. It offers a comprehensive solution that enables a new generation service provider to offer multiple use cases that allow them to better control their services and align their revenue with their resources.
Evolved Packet Data Gateway (ePDG), a vital role in Wi-Fi Calling (VoWiFi), enables mobile operators to securely connect untrusted non-3GPP IP access networks to trusted 3GPP E-UTRAN/EPC networks. It establishes IPSec tunnels using information obtained from the 3GPP AAA process, to ensure secure communication, the network security and internet working control.
By bridging Wi-Fi access points and mobile networks, IPLOOK ePDG helps expand wireless network coverage and offload traffic from congested cellular networks.
