Manual Chapter : Configuring Policy and RADIUS Updates

Applies To:

Show Versions Show Versions

BIG-IP PEM

  • 13.0.1, 13.0.0
Manual Chapter

Overview: Configuring policy and RADIUS updates

Policy Enforcement Manager™ (PEM™) enables you to schedule policy reevaluations and radius updates on the BIG-IP® system in the following two ways:

  • You can configure the interval for reevaluation of policies, for a subscriber session, by configuring the re-evaluation interval. The BIG-IP system evaluates changes in the policy for traffic, once the re-evaluation interval is configured.
  • The RADIUS traffic contains the subscriber and IP address information that is monitored by the BIG-IP system. If you enable the timeout interval, the BIG-IP system avoids repeated deletion and creation of the subscriber during the configured interval rate.

Configuring PEM options

You can set up the BIG-IP® system to schedule an interval that sets policy reevaluation and RADIUS re-transmission updates periodically.
  1. On the Main tab, click Policy Enforcement > Global > Options .
    The Global Options screen opens.
  2. In the Policy Options area, specify (in seconds) the Policy Re-evaluation Interval at which the policy re-evaluation is triggered, to evaluate the flow policy again.
    The re-valuation interval is only for active flows.
    For example, a subscriber is provisioned over Gx which has a policy to allow Netflix with some bandwidth. The subscriber is able to watch a movie using the Netflix service. However, consider that the PCRF installs a policy for this subscriber to block Netflix over the Gx interface. Then, while the subscriber is viewing the content, the Netflix content is blocked for the subscriber after the configured re-evaluation interval.
  3. In the RADIUS Options area, for the Re-Transmit Timeout setting, select Enabled and specify the time in seconds. If you select Disabled, each RADIUS message is handled as a new message and this might lead to deletion and creation of sessions even though the radius massage is a duplicate.
    This is the timeout after which the RADIUS message is considered as a new message, by the BIG-IP system.
  4. In the RADIUS Options area, for the Clear Sessions upon NAS Reboot setting, select Enabled to remove all the PEM sessions that are associated with the NAS-IP-Address received in the RADIUS Acct-ON or Acc-OFF request packet.
  5. In the Quota Management Options area, for the Default Rating Group setting, select Create to create a new rating group for quota management.
    This takes you to the Policy Enforcement > Rating Groups > New Rating Group screen. Click Policy Enforcement > Options to go back to options screen.
  6. In the Statistics Options area, for the Analytics Mode setting, select Enabled to use analytics reporting. Select the external logging such as HSL endpoint in the External Log Publisher setting.
    This generates Application Visibility and Reporting (AVR) PEM reports, in a timely manner through graphs.
  7. From the Subscriber Aware list, select Enabled to display the statistics per subscriber.
    This generates Application Visibility and Reporting (AVR) PEM reports, in a timely manner through graphs.
  8. For the Content Insertion Options setting, in the Throttling fields, type the time used to set the maximum wait time before Policy Enforcement Manager™ applies the insert action again on the same subscriber.
    Note: The insert actions do not conflict with each other.
The policy and RADIUS updates take effect immediately.

Terminating flow sessions

You can set up the BIG-IP® system to terminate flows when a session is marked for deletion through the Policy Enforcement Manager™.
  1. On the Main tab, click Policy Enforcement > Global > Options .
    The Global Options screen opens.
  2. In the Flow Management Options area, for the Terminate On Session Delete setting, select Enabled to terminate flows when session is deleted. The default value is Disabled.
The BIG-IP system will now terminate flows when sessions are marked for deletion.