EPG Overview

Technical Product Description

38/221 02-AXB 250 12-V3 Uen S1

Copyright

© Ericsson AB 2019. All rights reserved. No part of this document may be

reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. Ericsson shall
have no liability for any error or damage of any kind resulting from the use of this
document.

Trademark List

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27

 Contents

Contents

1 EPG Overview 1

2 Virtual EPG in a Cloud Environment 2

3 EPG Network Overview 3

3.1 Control and User Plane Separation 3
3.2 5G Core Overview 5

4 EPG Characteristics 6

5 EPG Functions 7
5.1 Session Management 7
5.2 Quality of Service 7
5.3 User Packet Handling 7
5.4 RADIUS 8
5.5 Offline Charging 8
5.6 Policy and Charging Control 9
5.7 Credit Control 9
5.8 IP Routing 10
5.9 Tunneling 10
5.10 Security 10
5.11 Resilience 11
5.12 Event-Based Monitoring 11
5.13 UE Trace 12
5.14 Integrated Traffic Capture 12
5.15 Service Chaining 12

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27

EPG Overview

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27

 EPG Overview

1 EPG Overview

The EPG is a fundamental component of the EPC and 5GC networks. EPG acts as
a gateway between a mobile packet core network and other PDNs, such as the
internet, corporate intranets, and private data networks.

The control plane in the EPG consists of the following network functions:

— PGW-C

— SGW-C

For more information about the PGW-C, see PGW-C Overview. For more
information about the SGW-C, see SGW-C Overview.

The user plane in the EPG consists of the following network functions:

— PGW-U

— SGW-U

— UPF

For more information about the PGW-U, the SGW-U, and the UPF, see User Plane
Overview.

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27 1

 EPG Overview

2 Virtual EPG in a Cloud Environment

The components of the virtual EPG are deployed as VMs in a cloud environment.
A VM can take the role of a Virtual Route-Processor (VRP) or a Virtual Service-
Forwarder (VSFO). A VSFO can be configured as control plane or user plane.
Figure 1 shows an overview of the virtual EPG in a cloud environment.

Figure 1 Virtual EPG in a Cloud Environment

Virtual EPG

CEE VMs VMs

VRP VRP

VSFO VSFO

VSFO VSFO

Hypervisor Hypervisor
Generic
OpenStack
HW (x86) HW (x86)

Switch Switch

VRP
Control Plane VSFO
User Plane VSFO
Router Router

External PDN

2 38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27

 EPG Network Overview

3 EPG Network Overview

The EPG supports GPRS, EPS, and CUPS-based architecture technologies. The
GPRS and EPS provide basic solutions for IP and Non-IP communication
between the UE and the internet, corporate intranets, and private data networks.
The GPRS technology enables packet data services to the GSM and WCDMA
systems. The EPS technology enables packet data services to the LTE system and
the non-3GPP networks, including the trusted non-3GPP network and the
untrusted non-3GPP network.

3.1 Control and User Plane Separation

The EPG uses a Control and User Plane separation (CUPS) architecture, enabling
flexible deployment and operation of the network, by using distributed or
centralized deployment. Using separated planes allows independent scaling
between functions on the Control Plane and User Plane - without affecting the
interfaces towards the surrounding nodes. The Control Plane and the User Plane
communicate through the Sxb interface for PGW-C and PGW-U, and the Sxa
interface for SGW-C and SGW-U, using the Packet Forwarding Control Plane
(PFCP) protocol. The PGW-C and SGW-C control the packet processing in the
PGW-U and SGW-U nodes by establishing, modifying, or deleting PFCP Session
contexts through the Sxa or Sxb interfaces.

The control plane (PGW-C or SGW-C) can be connected to one or several user
plane nodes. The opposite is also true, the user plane can be connected to one or
several control plane nodes.

The EPG can act as one or more of the following network functions:
PGW-C The PGW-C is responsible for session connectivity control
for the PCEF. This includes selection and control of the
PGW-U with respect to its functions.

SGW-C The SGW-C is responsible for session connectivity control.

This includes selection and control of the SGW-U with
respect to its functions.

PGW-U The PGW-U is responsible for User Plane connectivity

towards the external PDNs. It is controlled by the PGW-C
function.

SGW-U The SGW-U is responsible for User Plane connectivity

between the radio access network and packet gateway. It
is controlled by the SGW-C function.

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27 3

 EPG Overview

Trusted/Untrusted
LTE Non-3GPP WCDMA GSM
Network

UE WCDMA GSM with

System MS GPRS MS
eNodeB
RNC BSC

S1-U S12 S2b-C

Iu-U
S1-MME S2a-C Iu

S2b-U Gb
CDF
Rf S2a-U Iu-U
Rf
MME SGSN
S4-C

S11-C AAA Gn/Gp-C Gn/Gp

S6b/
S6bAuth

SGW-C PGW-C GGSN

S5/S8-C

Sxa EPG Sxb

S4-U

S5/S8-U
SGW-U PGW-U Gn/Gp-U

DNS
Bp DNS

BS/CGF OCS
Gy Gy
Gom

BS/CGF
O&M Ga/Bp Ga/Bp
Network
PCRF
Gx Gx

APN
Payload Network
SGW SGi Gi
Signal
3G Direct Tunnel
Content Classification Engine
ICAP ICAP

Figure 2 EPC Network Functions and Interfaces with CUPS

4 38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27

 EPG Network Overview

The signaling lines between the PGW-C and the APN network in Figure 2 are
used for RADIUS. The way of connection differs depending on how the PGW-C
can communicate with the RADIUS server:
— If the RADIUS server can be reached directly, the PGW-C communicates with
the RADIUS server directly.

— If the RADIUS server can be reached through only the PGW-U, the PGW-C
configures the PGW-U to forward RADIUS messages. Then the PGW-C
establishes a standalone PFCP session (Sx-u tunnel) to forward RADIUS
signaling between the PGW-C and the APN network.

3.2 5G Core Overview

In the 5GC network, the user plane network function is the UPF. Figure 3 shows
the 5GC network architecture. The UPF communicates with the SMF in the 5G
control plane through the N4 interface.

The EPG can be deployed as a combined SGW-U, PGW-U, and UPF node to
support seamless interoperability with session continuity between the EPC and
5GC networks.

Control Plane

Application
AUSF NSSF NEF NRF PCF UDM
Function

AMF SMF

Data Network
Radio Access
Network

Internet

UE UPF Service
Network

User Plane Corporate

Network
gNodeB

Figure 3 5G Core Network Architecture

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27 5

 EPG Overview

4 EPG Characteristics

The characteristics of the EPG depend on the hardware used in the chosen cloud
system and the software configuration. For more information on capacity,
throughput, and ISP, see the following documents:
— EPG Characteristics for the PGW-C and the SGW-C

— EPG Characteristics for the User Plane

6 38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27

 EPG Functions

5 EPG Functions

5.1 Session Management

Network Functions:
PGW-C, SGW-C, PGW-U, SGW-U, UPF

Session management in the EPG establishes and handles the user sessions
between the UE and a PDN network, with the help of the MME in an EPS
network. For the EPS, session management supports PDN connection creation,
deletion, and modification. These procedures deal with allocation of IP addresses
and QoS parameters.

PDP contexts and EPS bearers are set up and controlled through the GPRS
Tunneling Protocol (GTP). GTP Control (GTP-C) is a tunnel control and
management protocol that allows the EPG to provide PDN access for the UE, and
is used to create, modify, and delete tunnels.

5.2 Quality of Service

Network Functions:
PGW-C, SGW-C, PGW-U, SGW-U, UPF

The EPG negotiates and enforces QoS per session, per bearer, or both. The EPG
enforces the negotiated QoS by updating the DiffServ Code Point (DSCP) fields of
IP packet headers as they are forwarded. The EPG also enforces the negotiated
bit rates per EPS session, or bearer, or both. In addition, the EPG supports
enforcing bit rate limits on individual services on a per user basis.

The EPG supports different mechanisms to control the QoS as part of the
negotiation procedure:

— Local configuration based on session parameters

— QoS control over the Gx interface

5.3 User Packet Handling

Network Functions:
PGW-U, SGW-U, UPF

The purpose of user packet handling in the EPG is to transport user packets
through the User Plane. User packets consist of end-user information and
associated data transfer control information. In the EPS, the user packets are
transported between the UE, the eNodeB, the SGW and PGW, and the PDN.

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27 7

 EPG Overview

To use the uplink and downlink user packet transfer functions provided by the
EPG, the UE must have an established default EPS bearer.

The EPG supports IPv4 and IPv6 for end users.

5.4 RADIUS
Network Functions:
PGW-C

RADIUS is an authentication, authorization, and accounting client-server

protocol. A RADIUS client, in this case the EPG, passes user information to a
RADIUS server in an attached IP network (referred to as an APN network). The
server processes user connection requests, authenticates the user, and returns
configuration information necessary for the client to deliver service to the user.
User passwords sent between the client and server are encrypted with a shared
secret key to enhance security.

5.5 Offline Charging

Network Functions:
PGW-C, SGW-C

Offline Charging in the EPG enables a BS to charge subscribers for GPRS and
EPS data volume, time usage, and events based on charging records generated
by the PGW-C or SGW-C. The EPG supports charging records in the form of CDRs
or Rf ACRs.

The charging records contain usage information related to bearers in the EPG
and can be used for non-real-time charging.

5.5.1 CDR-Based Charging

The Charging Support feature enables generation of CDRs for charging of data
volume, time usage, and events. Multiple sequential CDRs (partial CDRs) can be
generated, for example, for an EPS bearer. CDR generation is supported by all
node types and for all access networks supported by the EPG. CDRs can be
transferred directly to the BS or through a CGF.

The GPRS Tunneling Protocol Prime (GTP') over the Ga interface is used for near-
real-time CDR transfer, whereas Secure FTP (SFTP) over the Bp interface is used
for less time critical transfer.

5.5.2 Rf Charging
The Rf Charging interface feature enables generation of Rf ACRs for charging of
data volume. Rf ACRs are generated for PDN Connections, and multiple
sequential Rf ACRs (Rf ACR Interims) can be generated for each PDN

8 38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27

 EPG Functions

Connection. The SGW supports Rf ACR generation for LTE access network. The
PGW supports Rf ACR generation for 2G, 3G, and LTE through both GTPv2 /
GTPv1 interfaces.

Rf ACRs are transferred directly to a CDF using the Diameter-based Rf protocol.

5.6 Policy and Charging Control

Network Functions:
PGW-C, PGW-U, UPF

Policy and Charging Control is a function that enables a PCRF to provide service
authorization for services accessed through the PGW-C, the PGW-U, and the UPF
using PCC rules.

The service authorization can be predefined in the PGW-C and later activated by
the PCRF, or it can be dynamically provisioned through the Gx interface by the
PCRF at establishment and during the lifetime of an IP-Connectivity Access
Network (user) session.

5.6.1 Usage Monitoring over Gx

The Usage Monitoring over Gx functionality enables the EPG to report usage to
the PCRF at both session level and service level. It is supported on the Gx
interface.

5.6.2 Traffic Redirection

Traffic redirection provides the functionality to redirect packet flows of a user
session. The reason for redirection could be denial of a service, exhaustion of
credit for a service, notification of terms and conditions of a service delivery, and
so on. The EPG supports a set of methods and types of redirection. The function
is based on packet inspection and the conditions for redirection can be
provisioned for a user session by the configuration of the PCRF or the OCS.

5.6.3 Content Enrichment

Content enrichment provides the functionality to modify the packet flows of a
user session, by inserting certain information into payload protocol headers.
Content enrichment is based on packet inspection and the configured association
between ACRs or inspection rules and editing rules.

5.7 Credit Control

Network Functions:
PGW-C

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27 9

 EPG Overview

Credit control is a feature in the EPG that enables an OCS to apply credit control
on end-users, in real time, for services accessed through the EPG. The PGW
communicates with the OCS over the Gy interface.

Credit control is, in addition to access control, based on the reservation and
provisioning of quota and related properties per Rating Group (RG) of a user
session. Quota, representing credited usage of a specified type is granted by the
OCS, on request by the EPG. Used quota is reported back by the EPG to the OCS
for consecutive control.

5.8 IP Routing
Network Functions:
PGW-C, SGW-C, PGW-U, SGW-U, UPF

The main task of the EPG IP routing functions is to support IP addresses that
overlap APNs and allow for traffic separation between networks. The basic
activities involved in routing are determining the optimal routing paths and
transporting packets through the networks.

The router functionality in the EPG has the capability to set up and operate many
independent contexts (virtual router instances). This is crucial in supporting IP
addresses that overlap APNs, and useful for supporting traffic separation
between networks.

5.9 Tunneling
Network Functions:
PGW-C, SGW-C, PGW-U, SGW-U, UPF

Generic tunneling in an IP network uses an extension of the existing mechanism

of packet encapsulation to add another layer to the information being relayed.
The packet contains the IP addresses of the source and destination client and
server in its header fields.

Tunneling allows routers to use another set of source and destination IP

addresses that remain transparent to end users. With tunneling, a packet can
retain its original IP address and still be routed transparently across several
nodes in the network using a separate set of IP addresses.

5.10 Security
Network Functions:
PGW-C, SGW-C, PGW-U, SGW-U, UPF

The EPG provides four main mechanisms for perimeter defense:

10 38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27

 EPG Functions

Network Separation
Network separation is based on VPNs.

IP Packet Filtering
IP packet filtering allows only certain types of traffic over
individual interfaces.

Tunneling

User Access Control

The EPG ensures that only authorized users have access.

It is possible to block sessions from an IP address to prevent Denial of Service

(DoS) attacks, for example, if the number of sessions exceeds a configured limit.
The EPG also provides surveillance mechanisms like counters, alarms, and
logging.Tunneling provides separation of traffic flows, encrypted and
authenticated through SFTP over Bp.

5.11 Resilience
Network Functions:
PGW-C, SGW-C, PGW-U, SGW-U, UPF

The recovery mechanisms provide a non-stop mode of operation of the EPG,

enabling it to recover from both software and hardware failures with minimal
inconvenience to the attached subscribers. Resilience mechanisms enable the
node to tolerate various types of hardware, software while providing service
without interruptions.

5.11.1 Session Resilience for the User Plane

Network Functions:
PGW-U, SGW-U, UPF

The EPG provides user session resilience for the user plane through the session-
based N+1 user session resilience. For more information on resilience for the user
plane, see Session Resilience for the User Plane.

5.12 Event-Based Monitoring

Network Functions:
PGW-C, SGW-C, PGW-U, SGW-U, UPF

Event-Based Monitoring (EBM) enables the EPG to record event information in a

formatted report. The formatted event report is streamed in real-time or near-
real-time to an external post-processing system.

38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27 11

 EPG Overview

5.13 UE Trace
Network Functions:
PGW-C, SGW-C

The UE Trace feature allows the EPG to record detailed information about
signaling information that it sends out, and payload. UE Trace is used for
troubleshooting, monitoring, and optimization operations. It can be used
separately on the control plane and user plane for one or more selected UE
devices. The network operator identifies the selected UE device using the
International Mobile Subscriber Identity (IMSI).

5.14 Integrated Traffic Capture

Network Functions:
PGW-C, SGW-C, PGW-U, SGW-U, UPF

Integrated Traffic Capture (ITC) is used to capture Control Plane traffic on all
Control Processing Board (CPBs) and User Plane traffic on all Packet Processing
Boards (PPBs) simultaneously. ITC is used directly in the EPG without the need of
external probes. The traffic is captured in ITC files in a Packet Capture (PCAP)
format. The ITC files are used for troubleshooting connectivity issues

5.15 Service Chaining

Network Functions:
PGW-C, PGW-U

The Service Chaining feature enables the EPG to steer subscriber traffic to third
party service functions in the SGi-LAN.

The EPG selects the service chain, which consists of an ordered list of service
functions, using the predefined or dynamic PCC rules. By using service chaining,
the EPG, for example, can control which traffic flows are sent through video
optimizers or an MSP.

12 38/221 02-AXB 250 12-V3 Uen S1 | 2020-08-27