You can set up Policy Enforcement Manager to enforce different levels of bandwidth control on subscribers, providing more bandwidth to subscribers with higher tier subscriptions. Bandwidth control in this case is per subscriber and per application.
This implementation provides three tiers of service: gold (the highest level), silver (the next highest), and bronze (the lowest level). You create three dynamic bandwidth controllers, one for each tier to provide different bandwidth limits for subscribers with different plans. Each tier includes bandwidth control limits for three types of application traffic (P2P, audio-video, and web). You also create three enforcement policies, one for each tier. In the enforcement policies, rules applies bandwidth control to the different types of traffic.
Finally, subscribers are provisioned dynamically through a policy charging and rules function (PCRF) over a Gx interface. On the PCRF, you need to have associated subscribers with one of the subscriber tiers called gold, silver, and bronze.
Task Summary
Creating dynamic bandwidth control policies for tiered services
You can create dynamic bandwidth controllers for tiered services so that PEM can
enforce different rates of bandwidth control for subscribers having different policy
levels. Use this procedure and the values specified to create three bandwidth
controllers, one for each tier of service.
-
On the Main tab, click .
-
Click Create.
-
In the Name field, type the name of the bandwidth
controller. In this example, name the three bandwidth controllers as
follows:
- Type gold-bwc for the premium subscription
level.
- Type silver-bwc for the medium subscription
level.
- Type bronze-bwc for the lowest subscription
level.
There is no requirement to use these names, but it is convenient to use a
similar name for the bandwidth controller and the enforcement policy that you
will attach it to. Later in this example, you will attach the gold-bwc bandwidth
controller to the gold enforcement policy.
-
In the Maximum Rate field, type a number and select the
unit of measure to indicate the total throughput allowed for all the subscribers
using each bandwidth controller. For this example, specify 10
Mbps for all three bandwidth controllers
If you want to use different values, the number must be in the range from
1Mbps to 320Gbps.
-
From the Dynamic list, select
Enabled.
The screen displays additional settings.
-
In the Maximum Rate Per User field, type a number and
select the unit of measure relative to the tier of service. For example, use the
following values:
- For gold-bwc, specify 8 Mbps.
- For silver-bwc, specify 4 Mbps.
- For bronze-bwc, specify 2 Mbps.
-
Leave the IP Type of Service and Link
Quality of Service values set to Pass
Through, the default value.
-
In the Categories field for each bandwidth controller,
add three categories of traffic: P2P,
Web, and Audio-video.
- For gold-bwc, set P2P to 20%, set
Web to 70%, and set
Audio-video to 40%.
- For silver-bwc, set P2P to 20%, set
Web to 60%, and set
Audio-video to 30%.
- For bronze-bwc, set P2P to 20%, set
Web to 50%, and set
Audio-video to 20%.
In the rule for the policy, different types of traffic, P2P, web, or
audio-video traffic is limited to a smaller percentage of the total bandwidth
for all subscribers who use that policy.
-
Click Finished.
If this is the first bandwidth control policy created on a BIG-IP device, the system also creates a default static bandwidth control
policy named default-bwc-policy in the Common partition to handle
any traffic that is not included in the policy you created. If you delete all bandwidth
controllers, this policy is also deleted.
For PEM to enforce bandwidth control, you need to create enforcement policies with
rules that refer to the bandwidth controller.
Creating enforcement policies for three tiers
To impose bandwidth control on multiple subscriber tiers, you need to create an
enforcement policy for each tier. Use this procedure and the values specified to create
three enforcement policies.
-
On the Main tab, click .
The Policies screen opens.
-
Click Create.
The New Policy screen opens.
-
In the Name field, type a name for the policy.
- Type gold for the premium subscription
level.
- Type silver for the medium subscription
level.
- Type bronze for the lowest subscription
level.
-
Click Finished.
The new enforcement policy is added to the policy list.
You have three enforcement policies that represent the three tiers of subscriber
traffic that you are creating.
After creating the enforcement policies, you add rules that specify how to treat
the subscriber traffic in each tier. In the implementation being developed, subscribers
in the different tiers will get different maximum amounts of bandwidth. Further limits
will be placed on specific types of traffic (P2P, audio-video, and web).
Creating the rules for tiered bandwidth control
You next add rules to each of the enforcement policies you created (gold, silver, and bronze). The rules limit the amount of bandwidth that P2P, web, and audio-video traffic can use. Create three rules for each enforcement policy.
-
On the Main tab, click .
The Policies screen opens.
-
Click the name of the enforcement policy you want to add rules to.
The properties screen for the policy opens.
-
In the Policy Rules area, click Add.
The New Rule screen opens.
-
In the Name field, type a name for the rule. For the
first rule, use the name P2P.
-
In the Precedence field, type an integer that indicates
the precedence, 1 being the highest.
In this case, you can use any value, for example, 10, as the precedence for
all the rules in all the policies because there is no conflict between the rules
you are creating. Each rule applies to a different type of traffic: web,
audio-video, and P2P.
-
In the Classification setting, specify the type of
traffic.
-
For the first rule, from the Category list,
select P2P. Use the default values for
Match Criteria (Match)
and Application
(Any).
-
Click Add.
-
In the Rate Control setting, for Bandwidth
Controller, select the name of the bandwidth controller and
category. Choose
-
For Bandwidth Controller, select the name that
matches the policy you are working on. For example, if editing the gold
policy, select gold-bwc.
-
For Category, select the category that matches
the type of traffic specified by the name of the rule. For example,
select P2P.
-
Click Finished.
-
Repeat steps 3-8 to create a second rule for audio-video traffic with these
settings.
Option |
Values |
Name |
Audio-video |
Precedence |
10 (any value is OK) |
Classification Category |
Audio_video |
Rate Control-Bandwidth Controller |
Same as the name of the policy you are adding the rule to (gold-bwc, silver-bwc, or bronze-bwc) |
Bandwidth Controller-Category |
Audio-video |
-
Repeat steps 3-8 to create a third rule for web traffic with these
settings.
Option |
Values |
Name |
Web |
Precedence |
10 (any value is OK) |
Classification Category |
Web |
Rate Control-Bandwidth Controller |
Same as the name of the policy you are adding the rule to (gold-bwc,
silver-bwc, or bronze-bwc) |
Bandwidth Controller-Category |
Web |
The gold, silver, and bronze enforcement policies each have three rules called P2P,
Web, and Audio-video. Each of the rules in the gold policy connects to the gold-bwc
bandwidth controller; rules in the silver policy connect to the silver-bwc bandwidth
controller and; rules in the bronze policy connect to the bronze-bwc policy.
Creating a listener for subscriber discovery with RADIUS and policy provisioning with
PCRF
You create a listener to specify how to handle traffic for policy enforcement.
Creating a listener does preliminary setup tasks on the BIG-IP
system for application visibility, intelligent steering, bandwidth management, and
reporting. You can also connect with a Policy and Charging Rules Function (PCRF) over a
Gx interface.
-
On the Main tab, click .
The Listeners screen opens.
-
Click Create.
The New Listener screen opens.
-
In the Name field, type a unique name for the listener.
-
For the Destination setting, select Host
or Network, and type the IP address or network and netmask to
use.
Tip: You can use a catch-all virtual server
(0.0.0.0) to specify all traffic that is routed to the BIG-IP system.
The system will create a virtual server using the address or network you
specify.
-
For the Service Port setting, type or select the service port
for the virtual server.
-
From the Protocol list, select the protocol of the traffic for
which to deploy enforcement policies (TCP,
UDP, or TCP and UDP).
The system will create a virtual server for each protocol specified.
-
To use network address translation, from the Source Address
Translation list, select Auto Map.
The system treats all of the self IP addresses as translation addresses.
-
For the VLANs and Tunnels setting, move the VLANs and tunnels
that you want to monitor from the Available list to the
Selected list.
-
For subscriber provisioning using RADIUS, ensure that Subscriber Identity
Collection is set to RADIUS.
-
For the VLANs and Tunnels setting, move the VLANs and tunnels
that you want to monitor for RADIUS traffic from the Available list
to the Selected list.
-
For the tiered services example, do not assign global policies.
-
To connect to a PCRF, from the Diameter Endpoint list, select
Enabled and select Gx from the
Supported Apps options.
-
In the Origin Host field, type the fully qualified domain name
of the PCRF or external policy server, for example, ocs.xnet.com.
-
In the Origin Realm field, type the realm name or network in
which the PCRF resides, for example, xnet.com.
-
In the Destination Host field, type the destination host name of
the PCRF or external policy server, for example, pcrfdest.net.com.
-
In the Destination Realm field, type the realm name or network
of the PCRF, for example, net.com.
-
For the Pool Member Configuration setting, add the PCRF servers
that are to be members of the Gx endpoint pool. Type the Member IP
Address and Port number, then click
Add.
-
In the Message Retransmit Delay field, type the number of
milliseconds to wait before retransmitting unanswered messages in case of failure from the
BIG-IP system to the PCRF over the Gx interface. The default value is
1500.
-
In the Message Max Retransmit field, type the maximum number of
times that messages can be retransmitted from the BIG-IP system to the PCRF. The default
value is 2.
-
In the Fatal Grace Time field, type the time period in seconds
that a diameter connection can remain disconnected before the system terminates all
sessions associated with that diameter endpoint. The default value is
500.
-
Click Finished.
The Policy Enforcement Manager creates a listener, and displays the listener
list.
When you create a listener, the Policy Enforcement Manager also
creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual
server for HTTP traffic. The system sets up classification and assigns the appropriate
policy enforcement profile to the virtual servers. The system also creates a virtual
server for the Gx interface with a diameter endpoint profile. If you are connecting to a
RADIUS authentication server, a virtual server for RADIUS is also added.
Now you can send traffic through the network. As network traffic moves through the
BIG-IP system, the system handles policy enforcement.