Manual Chapter : Configuring Policy and RADIUS Updates

Applies To:

Show Versions Show Versions

BIG-IP PEM

  • 15.0.1, 15.0.0, 14.1.0
Manual Chapter

Configuring Policy and RADIUS Updates

Overview: Configuring policy and RADIUS updates

Policy Enforcement Manager (PEM) enables you to schedule policy reevaluations and radius updates on the BIG-IP® system in the following two ways:
  • You can configure the interval for reevaluation of policies, for a subscriber session, by configuring the re-evaluation interval. The BIG-IP system evaluates changes in the policy for traffic, once the re-evaluation interval is configured.
  • The RADIUS traffic contains the subscriber and IP address information that is monitored by the BIG-IP system. If you enable the timeout interval, the BIG-IP system avoids repeated deletion and creation of the subscriber during the configured interval rate.

Configuring PEM options

You can set up the BIG-IP system to schedule an interval that sets policy reevaluation and RADIUS re-transmission updates periodically.
  1. On the Main tab, click
    Policy Enforcement
    Global
    Options
    .
    The Global Options screen opens.
  2. In the Policy Options area, specify (in seconds) the
    Policy Re-evaluation Interval
    at which the policy re-evaluation is triggered, to evaluate the flow policy again.
    The re-valuation interval is only for active flows.
    For example, a subscriber is provisioned over Gx which has a policy to allow Netflix with some bandwidth. The subscriber is able to watch a movie using the Netflix service. However, consider that the PCRF installs a policy for this subscriber to block Netflix over the Gx interface. Then, while the subscriber is viewing the content, the Netflix content is blocked for the subscriber after the configured re-evaluation interval.
  3. In the RADIUS Options area, for the
    Re-Transmit Timeout
    setting, select
    Enabled
    and specify the time in seconds. If you select
    Disabled
    , each RADIUS message is handled as a new message and this might lead to deletion and creation of sessions even though the radius massage is a duplicate.
    This is the timeout after which the RADIUS message is considered as a new message, by the BIG-IP system.
  4. In the RADIUS Options area, for the
    Clear Sessions upon NAS Reboot
    setting, select
    Enabled
    to remove all the PEM sessions that are associated with the NAS-IP-Address received in the RADIUS Acct-ON or Acc-OFF request packet.
  5. In the Quota Management Options area, for the
    Default Rating Group
    setting, select
    Create
    to create a new rating group for quota management.
    This takes you to the
    Policy Enforcement
    Rating Groups
    New Rating Group
    screen. Click
    Policy Enforcement
    Options
    to go back to options screen.
  6. In the Statistics Options area, for the
    Analytics Mode
    setting, select
    Enabled
    to use analytics reporting. Select the external logging such as HSL endpoint in the
    External Log Publisher
    setting.
    This generates Application Visibility and Reporting (AVR) PEM reports, in a timely manner through graphs.
  7. From the
    Subscriber Aware
    list, select
    Enabled
    to display the statistics per subscriber.
    This generates Application Visibility and Reporting (AVR) PEM reports, in a timely manner through graphs.
  8. For the
    Content Insertion Options
    setting, in the
    Throttling
    fields, type the time used to set the maximum wait time before Policy Enforcement Manager applies the insert action again on the same subscriber.
    The insert actions do not conflict with each other.
The policy and RADIUS updates take effect immediately.

Terminating flow sessions

You can set up the BIG-IP system to terminate flows when a session is marked for deletion through the Policy Enforcement Manager.
  1. On the Main tab, click
    Policy Enforcement
    Global
    Options
    .
    The Global Options screen opens.
  2. In the Flow Management Options area, for the
    Terminate On Session Delete
    setting, select
    Enabled
    to terminate flows when session is deleted. The default value is
    Disabled
    .
The BIG-IP system will now terminate flows when sessions are marked for deletion.