You can create listeners that specify how to handle traffic for policy enforcement.
Creating a listener does preliminary setup tasks on the BIG-IP
system for application visibility, intelligent steering, bandwidth management, and
reporting. You can also connect with a Policy and Charging Rules Function (PCRF) over a
On the Main tab, click
The Listeners screen opens. .
The New Listener screen opens.
In the Name field, type a unique name for the listener.
For the Destination setting, select Host or
Network, and type the IP address or network and netmask to use.
Tip: You can use a catch-all virtual server (0.0.0.0) to specify all traffic that is routed to the BIG-IP system.
The system will create a virtual server using the address or network you specify.
For the Service Port setting, type or select the service port for the virtual server.
From the Protocol list, select the protocol of the traffic for which
to deploy enforcement policies (TCP, UDP, or
TCP and UDP).
The system will create a virtual server for each protocol specified.
To use network address translation, from the Source Address
Translation list, select Auto Map.
The system treats all of the self IP addresses as translation addresses.
For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor from the
to the Selected list.
For subscriber provisioning using RADIUS, ensure that Subscriber Identity
Collection is set to RADIUS.
For the VLANs and Tunnels setting, move the VLANs and tunnels that
you want to monitor for RADIUS traffic from the Available list to the
In the Policy Provisioning area, select enforcement policies to apply to the traffic.
The system applies the global policy to all subscribers in parallel with the subscriber
policies. High-precedence global policies override conflicting subscriber policies, and
low-precedence policies are overridden by conflicting subscriber policies.
For Global Policy, move policies to apply to all subscribers to High Precedence or
For Unknown Subscriber Policy, move policies to use if the subscriber is unknown to Selected.
To connect to a PCRF, from the Gx Interface list, select
In the Origin Host field, type the fully qualified domain name of the PCRF or external policy server, for example, pcrf.xnet.com.
In the Origin Realm field, type the realm name or network in which the PCRF resides, for example, xnet.com.
In the Destination Host field, type the destination host name of the PCRF or external policy server, for example, pcrfdest.net.com.
In the Destination Realm field, type the realm name or network of the PCRF, for example, net.com.
For the Pool Member Configuration setting, add the PCRF servers that
are to be members of the Gx endpoint pool. Type the Member IP Address
and Port number, then click Add.
In the Message Retransmit Delay field, type the number of milliseconds to wait before retransmitting unanswered messages in
case of failure from the BIG-IP system to the PCRF over the Gx interface.
The default value is 1500.
In the Message Max Retransmit field, type the maximum number of times that messages can be retransmitted from
the BIG-IP system to the PCRF. The default value is 2.
In the Fatal Grace Time field, type the time period in seconds that a diameter connection can remain disconnected
before the system terminates all sessions associated with that diameter
endpoint. The default value is 20.
The Policy Enforcement Manager creates a listener, and displays the listener list.
When you create a listener, the Policy Enforcement Manager also
creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual
server for HTTP traffic. The system enables classification and assigns the appropriate policy
enforcement profile to the virtual servers. The system also creates a virtual server for the Gx interface with a diameter endpoint profile. If you are connecting to a RADIUS
authentication server, a virtual server for RADIUS is also added.
Now you can send traffic through the network. As network traffic moves through the
BIG-IP system, the system handles policy enforcement.