Manual Chapter : Detecting Tethering Device Operation System and Type

Applies To:

Show Versions Show Versions

BIG-IP PEM

  • 13.0.1, 13.0.0
Manual Chapter

Overview: Detecting Tethering, Device Operating System, and Type

You can now gather insight on the device usage of subscribers, with the detection of Device Type and Operating System (DTOS). The patterns can be used for business intelligence gathering, as well as for customizing subscriber plans based on their usage. The Policy Enforcement Manager™ (PEM™) provides the ability to report various types of subscriber information and application visibility to external analytic systems through syslog and other IPFIX reporting methods. The device type is identified based on the IMEI number, of which the first eight numbers are from the Type Allocation Code (TAC) number. The operating system (OS) detection is done by user-agent parsing, TCP/IP fingerprinting, and by looking up TAC code in the TAC database. Furthermore, reporting can be configured for DTOS and tethering action. A report (optional) is sent the first time PEM retrieves device OS information, and if a change is detected in the OS name, a report is sent again to the configured destination.

When tethering is enabled, details of the state change are sent in a report. When DTOS is enabled, the details of the state changes when there is a change in TCP fingerprinting or OS value defined by the user agent. Also, a report (HSL log) is sent out whenever there is a change in TCP fingerprinting, TCP OS, or user agent OS values. The default sampling interval for DTOS is at 10 flows. The tethering sampling interval is 180 seconds.

Task summary

Configuring device type, OS, and tethering

You can configure the PEM™ policy to look up the device name and details (for monitoring purposes) and enable tethering detection.
  1. On the Main tab, click Policy Enforcement > Policies .
    The Policies screen opens.
  2. Click the name of the enforcement policy you want to add rules to.
    The properties screen for the policy opens.
  3. In the Policy Rules area, click Add.
    The New Rule screen opens.
  4. In the Name field, type a name for the rule.
  5. In the Precedence field, type an integer that indicates the precedence for the rule in relation to the other rules. Number 1 has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.
    Tip: All rules in a policy are run concurrently. Precedence takes effect when there are conflicting rules. The conflict occurs when the traffic matches two rules and the policy actions from these rules differ. For example, if you have rule 1 with precedence 10 and Gate Status disabled for a search engine, and you have rule 2 with precedence 11 and Gate Status enabled, then rule 1 is processed first because it has higher precedence. Rules conflict if they have identical or overlapping classification criteria (for the traffic that matches more than one rule). In some cases, different policy actions are not conflicting, and hence, applied in parallel.
  6. From the Device and Tethering Detection list, in the Device Type OS Detection setting, select Enabled.
    Note: If you enable device detection, al the filters are disabled for the policy rule.
    Note: When the custom TACDB file is generated, it is stored at the location /var/local/pem/dtos/.
  7. From the Device and Tethering Detection list, in the Tethering Detection setting, select Enabled.
    Note: If you enable tethering, classification is disabled for the policy rule.
  8. Click Finished.
You have created a rule that applies to policy based on device OS, type, and tethering.

Configuring PEM policy action with tethering

You can also attach a policy action after detecting tethering. The tethering detected state can be used as a TCL filter in a custom filter for a Policy Enforcement Manager™ (PEM™) rule.
  1. On the Main tab, click Policy Enforcement > Policies .
    The Policies screen opens.
  2. Click the name of the enforcement policy you want to add rules to.
    The properties screen for the policy opens.
  3. In the Policy Rules area, click Add.
    The New Rule screen opens.
  4. In the Name field, type a name for the rule.
  5. In the Precedence field, type an integer that indicates the high precedence for the rule in relation to the other rules. Number 1 has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.
    Note: TCL filter creation action should have high precedence.
  6. Click the Custom tab.
    The Custom Criteria setting opens.
  7. In the iRule Expression field, specify the TCL syntax that defines a custom iRule action, which can be later attached to a policy enforcement rule.
    PEM::session info tethering detected [IP::client_addr] = = {1}
    The expression in the example evaluates to true, if a subscriber is tethering. You can select the Wrap Text check box to wrap the definition text, and select the Extend Text Area check box to increase the field space of format scripts.
  8. From the Gate Status list, select Disable, to block the traffic for a subscriber who is tethering.
    Note: If you disable Gate Status, the traffic is blocked.
  9. To apply bandwidth policy, for rate control to downlink traffic, in the Bandwidth Controller setting, select the name of a bandwidth control policy.
    Note: You can assign any previously created static or dynamic bandwidth control policies. However, F5® does not recommend using the default-bwc-policy, which the system provides, nor the dynamic_spm_bwc_policy, which you can create to enforce dynamic QoS settings provisioned by the PCRF.
    Depending on the bandwidth control policy, PEM™ restricts bandwidth usage per subscriber, group of subscribers, per application, per network egress link, or any combination of these.
  10. To apply bandwidth policy, for rate control to uplink traffic and per category of application, in the Bandwidth Controller setting, select the name of a bandwidth control policy.
    Note: You can assign any previously created static or dynamic bandwidth control policies. However, we do not recommend using the default-bwc-policy, which the system provides, nor the dynamic_spm_bwc_policy, which you can create for communicating with the PCRF.
    Depending on the bandwidth control policy, PEM restricts bandwidth usage per subscriber, group of subscribers, per application, per network egress link, per category of applications or any combination of these.
  11. Click Finished.
You have created a rule that applies to tethering.

Creating a high-speed logging rule for device detection and tethering

You can specify a reporting destination where reports are sent out whenever the subscribers go from a non-tethering state to a tethering state, or vice-versa. Before you can create a high-speed logging (HSL) rule, you need to create a publisher that defines the destination server or pool where the HSL logs are sent. In an enforcement policy, a rule can specify that tethering details are sent to an external high-speed logging server.
  1. On the Main tab, click Policy Enforcement > Policies .
    The Policies screen opens.
  2. Click the name of the enforcement policy you want to add rules to.
    The properties screen for the policy opens.
  3. In the Policy Rules area, click Add.
    The New Rule screen opens.
  4. In the Name field, type a name for the rule.
  5. In the Precedence field, type an integer that indicates the high precedence for the rule in relation to the other rules. Number 1 has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.
  6. In the Reporting setting, specify where to send the tethering detection data:
    • From the HSL list, select the name of the publisher that specifies the server or pool of remote HSL servers to send the logs.
    • From the Format Script list, select the format script of the report from the Format Script list.
    Note: The format script is previously configured in Policy Enforcement > Reporting > Format Script page.
  7. Click Finished.
You have created a rule that sends device detection and tethering data about the traffic to external high-speed logging servers.

Implementation result

The BIG-IP® system allows improved insight to subscriber usage with detection of tethering, and device OS and type.