• Table of contents
• EPDG implementation plan
  • The big picture
  • Control Plane
  • User Plane
  • 3GPP Interfaces and Procedures
    • ePDG
      • S2b to PGW (GTPv2C)
      • SWm to AAA (DIAMETER)
      • SWu to UE (IKEv2, ESP)
      • Gxb to PCRF (not needed?)
    • 3GPP AAA Server
      • SWx to HSS (DIAMETER)
      • S6b to PGW (DIAMETER)
      • SWm to ePDG (DIAMETER)
    • custom Interfaces / Procedures
      • CEAI
  • Authentication

EPDG implementation plan¶

The big picture¶

Ideally, we want to reuse existing code whenever possible, rather than reinvent the wheel. Time will tell, if this works out or if we have to rewrite more of it.

• StrongSwan charon for handling IKEv2 and managing the IPsec SAs in the kernel IPsec
• Erlang DIAMETER application for all the related interfaces
• Erlang gtplib for S2b

This means we will have two major "applications" running:

• charon
• ePDG (likely in Erlang)

Between those two we will need some kind of non-standard, custom interface. For now I've called it "CEAI" for (Charon External AKA Interface)

Control Plane¶

• red color indicates elements / interfaces to be implemented.

User Plane¶

• red color indicates elements / interfaces to be implemented.
• blue color indicates control-plane elements controlling the user plane

3GPP Interfaces and Procedures¶

ePDG¶

S2b to PGW (GTPv2C)¶

Create Session Request / Response¶

Delete Session Request / Response¶

Modify Bearer Request / Respone (not needed?)¶

Modify Bearere Command (not needed?)¶

Bearer Resource Command (not needed?)¶

Create Bearer Request / Response¶

Update Bearer Request / Response (not needed?)¶

SWm to AAA (DIAMETER)¶

Diameter-EAP-Request (DER) / Diameter-EAP-Response (DEA)¶

Diameter-AA-Request (AAR) / Diameter-AA-Response (AAA)¶

Session-Termination-Request (STR) / Session-Termination-Answer (STA)¶

Re-Auth-Requst (RAR) / Re-Auth-Answer (RAA)¶

Abort-Session-Request (ASR) / Abort-Session-Answer (ASA)¶

SWu to UE (IKEv2, ESP)¶

Gxb to PCRF (not needed?)¶

3GPP AAA Server¶

SWx to HSS (DIAMETER)¶

Push-Profile-Request (PPR) / Push-Profile-Answer (PPA)¶

Registration-Termination-Request (RTR) / Registration-Termination-Answer (RTA)¶

Multimedia-Auth-Request (MAR) / Multimedia-Auth-Answer (MAA)¶

Server-Assignment-Request (SAR) / Server-Assignment-Answer (SAA)¶

S6b to PGW (DIAMETER)¶

FIXME

SWm to ePDG (DIAMETER)¶

see above.

custom Interfaces / Procedures¶

CEAI¶

FIXME

Authentication¶