Introduction
Mobile operators today must deliver reliable connectivity regardless of how subscribers access the network. While cellular radio infrastructure remains the primary access method, many users connect through Wi-Fi networks in homes, offices, or public environments.
To maintain secure access to operator services in these scenarios, mobile networks rely on the Evolved Packet Data Gateway (ePDG).
The ePDG enables mobile devices to securely connect to the operator’s LTE core network through untrusted access networks such as Wi-Fi, allowing subscribers to use voice, messaging, and data services even when they are not connected directly to the cellular radio network.
For network architects and infrastructure teams, understanding the role of ePDG is essential when designing modern mobile core deployments.
What Is an Evolved Packet Data Gateway?
An Evolved Packet Data Gateway (ePDG) is a network function that provides secure connectivity between mobile subscriber devices and the operator’s core network when access occurs over Wi‑Fi, which is considered a non-trusted network.
When a device connects through Wi-Fi, it establishes an encrypted tunnel (IPsec tunnel) to the ePDG. The gateway then routes traffic into the mobile core where subscriber services are delivered.
This allows operators to extend core network services beyond traditional cellular coverage while maintaining authentication and policy enforcement.
List of ePDG Use Cases
Mobile traffic continues to grow rapidly, while subscriber expectations for connectivity remain high. Technologies like ePDG help operators maintain service quality while improving network efficiency.
Expanding Indoor Coverage
Indoor environments can limit cellular signal strength. By enabling secure connectivity over Wi-Fi, operators can extend service availability without deploying additional radio infrastructure.
Supporting Wi-Fi Calling
VoWiFi is one of the ePDG's most popular applications. Wi-Fi calling allows subscribers to place voice calls even when cellular coverage is weak. The ePDG securely routes voice traffic through Wi-Fi to the operator’s voice infrastructure. It also allows seamless session handoff between Wi-Fi and cellular networks, so users don’t notice any change in connectivity quality when they change network types.
Managing Network Capacity
Offloading traffic onto Wi-Fi networks helps reduce congestion on cellular spectrum while maintaining subscriber connectivity. It allows carriers to reduce congestion on their macro cellular networks by relying on trusted and untrusted Wi-Fi networks.
How ePDG Works in the Network
When a subscriber connects through Wi-Fi, several steps occur before services can be delivered.
Typical connection flow
- The device connects to a Wi-Fi network
- The device authenticates using SIM-based credentials
- A secure encrypted tunnel is created between the device and the ePDG
- Traffic is forwarded into the mobile core network
- Subscriber services such as data or voice are delivered
This architecture allows operators to extend core network services through Wi-Fi while maintaining control over authentication and security.
Key Elements in ePDG Architecture
Several elements interfaces are commonly used in deployments. These allow the gateway to authenticate users and integrate with the broader core network.
|
Function |
What it does |
|
eNodeB |
LTE base station that connects devices to the network and handles radio stuff. |
|
MME |
The brain of the LTE core for signaling, mobility, and authentication. |
|
S‑GW |
Moves user data between the radio network and the core, keeping sessions alive during handovers. |
|
P‑GW |
Connects LTE to the internet and other networks, handling IP addresses and policies. |
|
3GPP AAA Server |
Authentication, authorization, and accounting server that validates subscriber credentials and applies access policies |
How ePDG Fits Into a Modern Mobile Core Architecture
In modern mobile networks, ePDG typically operates alongside other core infrastructure components responsible for authentication, encryption, and traffic management. It’s a network element specified by 3GPP to provide secure access from untrusted non‑3GPP networks (mainly Wi‑Fi) into the LTE Evolved Packet Core (EPC). Its primary role is to terminate IPsec tunnels from the device and forward traffic into the EPC via the P‑GW, enabling services like Wi‑Fi offload and VoWiFi
Thecomponents involved may include security gateways, packet gateways, and subscriber management systems that together form the broader mobile core.
Operators deploying mobile core infrastructure often integrate ePDG functionality with elements such as a 4G core network platform and supporting security infrastructure.
In many deployments, these functions run as virtualized or cloud-native network functions, allowing operators to scale capacity and deploy services more efficiently.
The Role of ePDG in Future Mobile Networks
As mobile networks evolve, Wi-Fi will continue to complement cellular access.
Technologies like ePDG help operators securely integrate these access methods while maintaining service continuity and network control.
For mobile operators balancing coverage, performance, and infrastructure investment, ePDG remains an important part of modern network architecture.
Learn More About Mobile Core Architecture
For operators evaluating mobile core infrastructure, ePDG is typically deployed alongside components responsible for authentication, traffic routing, and network security.
Learn more about related architecture components:
- 4G Core Network → https://axyomcore.ai/4g-core
- Security Gateway → https://axyomcore.ai/security-gateway
