Packet Data Gateway

Description

The Packet Data Gateway (PDG) is a critical network element within the 3GPP architecture, specifically defined for the core network domain. It functions as an access-agnostic gateway, providing connectivity between the user's device (User Equipment, UE) and external IP networks, known as Packet Data Networks (PDNs). The PDG is a central anchor point for the user's IP session. It performs several key roles: it establishes and manages IPsec tunnels (using IKEv2) with the UE to ensure secure data transmission, it acts as a policy enforcement point for applying Quality of Service (QoS) and charging rules, and it performs network address translation and IP address allocation for the UE.

Architecturally, the PDG resides in the home network of the subscriber. It interfaces with the 3GPP AAA (Authentication, Authorization, and Accounting) server for user authentication and authorization. It also connects to the Online Charging System (OCS) and Offline Charging System (OFCS) for billing. The PDG's operation involves several protocols. It uses the Wm reference point to communicate with the 3GPP AAA server for authentication. The user data plane traffic flows through the PDG via the established IPsec tunnel (over the Wn reference point from the access network) and is then routed to the external PDN (via the Wi reference point). The PDG also supports the Gateway GPRS Support Node (GGSN)-like functionality for specific access types, acting as the topological anchor for the user's IP address.

In the broader network evolution, the PDG was a foundational element for enabling secure, non-3GPP access (like WLAN) to 3GPP core network services, a concept formalized as Interworking WLAN (I-WLAN). It ensured that users could access operator services securely from any IP-based access network, with consistent authentication, authorization, and policy application. The PDG's design principles of secure tunneling, policy enforcement, and session anchoring were later evolved and incorporated into more advanced gateways like the evolved Packet Data Gateway (ePDG) for untrusted non-3GPP access in EPS, and the Non-3GPP InterWorking Function (N3IWF) in 5G systems.

Purpose & Motivation

The PDG was created to solve the problem of secure and seamless integration of non-3GPP IP access networks (primarily Wireless Local Area Networks - WLANs) with the 3GPP mobile core network. In the early 2000s, WLAN technology became widespread, but it lacked the integrated security, mobility management, and billing frameworks of cellular networks. The 3GPP standards body needed a way to allow mobile operators to extend their services over WLAN, creating a unified user experience.

The PDG addressed this by providing a standardized gateway in the operator's core network that could terminate secure tunnels from devices on untrusted IP networks. This solved several key issues: it provided strong authentication using SIM credentials (via the AAA server), it encrypted all user traffic from the device to the operator's network, and it allowed the operator to apply the same service policies and charging mechanisms as used for cellular data. This enabled new business models like 'Operator WiFi' and was a crucial step in the convergence of cellular and IP networks. It laid the groundwork for the future vision of access-agnostic service delivery, which is a cornerstone of 4G and 5G architectures.

Key Features

• Terminates IPsec security associations (IKEv2, ESP) with the User Equipment
• Acts as the topological anchor point for the UE's IP address
• Enforces QoS and charging policies based on user subscription and service
• Interfaces with 3GPP AAA for authentication and authorization
• Provides connectivity between UE and external Packet Data Networks (PDNs)
• Supports interworking between 3GPP and non-3GPP (e.g., WLAN) access networks

Evolution Across Releases

Defining Specifications