Manual Chapter :
Configuring Policy and RADIUS Updates
Applies To:
Show VersionsBIG-IP LTM
- 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP PEM
- 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Configuring Policy and RADIUS Updates
Overview: Configuring policy and RADIUS updates
Policy Enforcement Manager™ (PEM™) enables you to
schedule policy reevaluations and radius updates on the BIG-IP system in
the following two ways:
- You can configure the interval for reevaluation of policies, for a subscriber session, by configuring the re-evaluation interval. The BIG-IP system evaluates changes in the policy for traffic, once the re-evaluation interval is configured.
- The RADIUS traffic contains the subscriber and IP address information that is monitored by the BIG-IP system. If you enable the timeout interval, the BIG-IP system avoids repeated deletion and creation of the subscriber during the configured interval rate.
Configuring PEM
options
You can set up the BIG-IP system to schedule an
interval that sets policy reevaluation and RADIUS re-transmission updates
periodically.
- On the Main tab, click.The Global Options screen opens.
- In the Policy Options area, specify (in seconds) thePolicy Re-evaluation Intervalat which the policy re-evaluation is triggered, to evaluate the flow policy again.The re-valuation interval is only for active flows.For example, a subscriber is provisioned over Gx which has a policy to allow Netflix with some bandwidth. The subscriber is able to watch a movie using the Netflix service. However, consider that the PCRF installs a policy for this subscriber to block Netflix over the Gx interface. Then, while the subscriber is viewing the content, the Netflix content is blocked for the subscriber after the configured re-evaluation interval.
- In the RADIUS Options area, for theRe-Transmit Timeoutsetting, selectEnabledand specify the time in seconds. If you selectDisabled, each RADIUS message is handled as a new message and this might lead to deletion and creation of sessions even though the radius massage is a duplicate.This is the timeout after which the RADIUS message is considered as a new message, by the BIG-IP system.
- In the RADIUS Options area, for theClear Sessions upon NAS Rebootsetting, selectEnabledto remove all the PEM sessions that are associated with the NAS-IP-Address received in the RADIUS Acct-ON or Acc-OFF request packet.
- In the Quota Management Options area, for theDefault Rating Groupsetting, selectCreateto create a new rating group for quota management.This takes you to thescreen. Click to go back to options screen.
- In the Statistics Options area, for theAnalytics Modesetting, selectEnabledto use analytics reporting. Select the external logging such as HSL endpoint in theExternal Log Publishersetting.This generates Application Visibility and Reporting (AVR) PEM reports, in a timely manner through graphs.
- From theSubscriber Awarelist, selectEnabledto display the statistics per subscriber.This generates Application Visibility and Reporting (AVR) PEM reports, in a timely manner through graphs.
- For theContent Insertion Optionssetting, in theThrottlingfields, type the time used to set the maximum wait time before Policy Enforcement Manager applies the insert action again on the same subscriber.The insert actions do not conflict with each other.
The policy and RADIUS updates take effect
immediately.
Terminating flow sessions
You can set up the BIG-IP system to terminate flows when a session is marked for deletion through
the
Policy Enforcement Manager.
- On the Main tab, click.The Global Options screen opens.
- In the Flow Management Options area, for theTerminate On Session Deletesetting, selectEnabledto terminate flows when session is deleted. The default value isDisabled.
The BIG-IP system will now terminate
flows when sessions are marked for deletion.