F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Policy Enforcement Manager: Implementations
  3. About Subscriber and Policy Provisioning
Manual Chapter : About Subscriber and Policy Provisioning

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1

BIG-IP PEM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Manual Chapter

About Subscriber and Policy Provisioning

Overview: Subscriber and policy provisioning

The Policy Enforcement Manager (PEM) is flexible in extracting Attribute Value Pair (AVPs) from Radius and encoding AVPs to and from PCRF. This solves interoperability issues to a larger extent. The configuration includes creation of RADIUS and Gx protocol profiles. The RADIUS AVPs, diameter AVPs, as well as manually defined parameters can be stored as subscriber attributes in the BIG-IP system.
Subscriber and policy provisioning addresses the following factors:
  • Different AVPs in RADIUS accounting messages are extracted and mapped to subscriber attributes for the session. This is used for subscriber identity, additional subscriber characterization related to network type, location and so on, and their changes. For example, RAT-Type, 3GPP-Location-Info, 3GPP-SGSN-Address, or allowing discovery of certain events included and covered by the accounting process.
  • Add AVPs specified in CCR-I, CCR-u, CCR-T and RAA messages and also extract AVPs from CCA-I, CCA-U and RAR. For example, one can configure to send multiple Subscription-ID read over RADIUS to PCRF.
  • Custom policy decisions from AVPs can be made with use of extracted parameters. For example, Operator can configure policy based on RAT-type (2G/3G/4G) or any custom AVP extracted of the subscriber.
  • Extracted parameters can be inserted in to reporting records over HSL and Gx.

Task summary

Configuring RADIUS in PEM profile

You can create a custom PEM RADIUS protocol profile and add a message defining how the RADIUS message is to be processed in the Policy Enforcement Manager. Radius messages configured on subscribers can be in, out or any direction.
  1. On the Main tab, click
    Subscriber Management
    Profiles
    Protocol
    RADIUS
    .
    The Configuration screen opens.
  2. Click
    Create
    .
    The New RADIUS Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. In the
    Description
     field, type optional descriptive text for the profile.
  5. From the
    Subscriber ID Type
     list, select an option which the identifier represents when the subscriber session is created.
    Options
    Subscriber ID Type
    E164
    A number that defines the format of an MSISDN international phone number (up to 15 digits).
    NAI
    A fully qualified network name that identifies a subscriber and the home network to which the subscriber belongs.
    IMSI
    A globally unique code number, that identifies a GSM, UMTS, or LTE mobile phone user.
    Private
    The subscriber ID type is private for the given deployment.
  6. From the
    Subscriber ID List
     list, in the
    Subscriber ID Name
     setting, type the subscriber ID name.
    Enabled
    .
  7. From the
    Subscriber ID List
     list, in the
    Order
     setting, type the order of RADIUS AVPs when constructing the subscriber ID.
  8. From the
    Subscriber ID List
     list, in the
    RADIUS AVP
     setting, select the value of RADIUS AVP which you have used to create the subscriber ID.
  9. From the
    Subscriber ID List
     list, in the
    Prefix
     setting, type the suffix string to be added to THE extracted subscriber ID attribute that is specified in the RADIUS AVP for the subscriber session created.
  10. From the
    Subscriber ID List
     list, in the
    Suffix
     setting, type the suffix string when constructing subscriber ID with the value of the RADIUS AVP.
  11. To configure the RADIUS Message, click
    Create & Add RADIUS Message
    .
    The Policy Enforcement Manager creates a new RADIUS message page, where you can configure the AVP List.
  12. Click
    Finished
    .
You have created a custom RADIUS profile.

Configuring RADIUS AVP in PEM profile

You can create a RADIUS AVPs that could be used to extract RADIUS attributes for subscriber sessions. PEM already has a list of predefined standard AVP attributes already defined as part of configuration.
  1. On the Main tab, click
    Subscriber Management
    Profiles
    Protocols
    RADIUS AVP
    .
    The RADIUS AVP screen opens.
  2. Click
    Create
    .
    The Subscriber Attribute Properties screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. In the
    Description
     field, type optional descriptive text for the profile.
  5. From the
    Data Type
     list, select an option for the data type of the RADIUS AVP.
    Options
    Data Type
    3GPP RAT Type
    The value format to be encoded or decoded as the 3GPP-RAT-Type defined in 3GPP TS 29.061.
    3GPP User Location Information
    The value format to be encoded or decoded as the 3GPP-User-Location-Info defined in 3GPP TS 29.061.
    IP Address
    The Account Status Type AVP is set to 3 (Interim-Update).
    IPv4 Address
    The IPv4 address in network byte order.
    IPv6 Address
    The IPv6 address in network byte order.
    Integer
    The 32-bit unsigned integer in network byte order.
    Octet
    The TF-8 text [RFC3629], totaling 253 octets or less in length.
    String
    The binary data, totaling 253 octets or less in length. This includes the opaque encapsulation of data structures defined outside of RADIUS.
    Time
    The 32-bit unsigned value in network byte order and in seconds since 00:00:00 UTC, January 1, 1970.
  6. In the
    Minimum Length
     field, type the minimum data length of the RADIUS AVP. The default value is
    0
    .
  7. In the
    Maximum Length
     field, type the maximum data length of the RADIUS AVP. The default value is
    0
    .
  8. In the
    Vendor ID Length
     field, type the vendor ID of the RADIUS VSA. Type the default value is
    1045
    .
  9. In the
    Vendor Type
     field, type the vendor type of the RADIUS VSA. The default value is
    20
    .
  10. In the
    Type
     field, type of the RADIUS AVP. The default value is
    26
    .
  11. Click
    Finished
    .
You have created RADIUS AVP that help with policy decisions.

Configuring RADIUS message

You can configure the RADIUS message in the previously created Policy Enforcement Manager (PEM) RADIUS protocol profile, to extract AVPs for the subscriber session creation in the ingress direction. PEM provides the list of RADIUS messages which are populated with well known standard AVPs that are extracted to create attributes, in the subscriber session. To apply mapping between RADIUS AVPs TO PEM subscriber attributes, create mapping between each RADIUS AVP.
  1. On the Main tab, click
    Subscriber Management
    Profiles
    Protocols
    RADIUS AVP
    .
    The RADIUS AVP screen opens.
  2. In the
    Name
     field, type a unique name for the profile.
  3. From the
    Direction
     list, in the
    AVP List
     setting, select
    Any
    ,
    In
     or
    Out
     to process the radius message in both ingress and egress, ingress or egress direction respectively.
  4. From the Message Type list, select an option which the identifier represents when the subscriber session is created.
    Options
    Message Type
    Accounting Request Start
    The Account Status Type AVP is set to 1 (Start).
    Accounting Request Stop
    The Account Status Type AVP is set to 2 (Stop).
    Accounting Request Interim Update
    The Account Status Type AVP is set to 3 (Interim-Update).
  5. To apply mapping between RADIUS AVPs and PEM subscriber attributes configure the actions you want to implement.
    • In the
      AVP
       field, type the name of the application service to which the AVP belongs.
    • In the
      Default
       field, type the default value that is used in the subscriber session, if the RADIUS message is not present.
    • From the
      Ingress
       list, select the
      Import
       option for the RADIUS AVP to be parsed and the value to be stored in the subscriber attribute. The default value is
      None
      .
    • From the
      RADIUS AVP
       list, select the name of the RADIUS AVP. The default value is
      None
      .
    • From the
      Subscriber Attribute
       list, select the name of the subscriber session attribute to be mapped to RADIUS AVP. The default value is
      None
      .
  6. Click
    Finished
    .
You have created a custom RADIUS message.

Configuring Diameter in PEM profile

You can create a custom Diameter protocol profile and add a message which is defined as the Gx Credit-Control-Request (CCR), in any direction.
  1. On the Main tab, click
    Subscriber Management
    Profiles
    Protocol
    Gx
    .
    The Configuration screen opens.
  2. Click
    Create
    .
    The New Diameter Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. In the
    Description
     field, type optional descriptive text for the profile.
  5. From the
    Subscriber ID Type
     list, select an option which the identifier represents when the subscriber session is created.
    Options
    Subscriber ID Type
    E164
    A number that defines the format of an MSISDN international phone number (up to 15 digits).
    NAI
    A fully qualified network name that identifies a subscriber and the home network to which the subscriber belongs.
    IMSI
    A globally unique code number, that identifies a GSM, UMTS, or LTE mobile phone user.
    Private
    The subscriber ID type is private for the given deployment.
  6. From the
    Diameter AVP
     list, in the
    Subscriber ID
     setting, select the Diameter AVP.
  7. From the
    Type AVP
     list, in the
    Subscriber ID
     setting, select the AVP that is specified in message that should be matched.
  8. To configure the Diameter Message, click
    Create & Add Diameter Message
    .
    The Policy Enforcement Manager creates a new Diameter protocol profile message.
  9. Click
    Finished
    .
You have created a custom Diameter profile.

Configuring Gx message

You can configure the Gx message in the Policy Enforcement Manager. The message is defined as RADIUS accounting on the ingress direction.
  1. In the
    Name
     field, type a unique name for the profile.
  2. From the
    Direction
     list, in the
    AVP List
     setting, select
    Any
    ,
    In
     or
    Out
     to process the radius message in both ingress and egress, ingress or egress direction respectively.
  3. From the Message Type list, select the message type.
  4. From the
    AVP List
     setting, apply mapping of Diameter AVPs to subscriber session attribute for specific Gx message, by configuring the following:
    • In the
      AVP Name
       field, type the name of the application service to which the AVP belongs.
    • In the
      Default
       field, type the diameter AVP default value.
    • From the
      Protected Flag
       list, select
      Enabled
       to choose the value of the protected flag, in the diameter AVP, when the message is inserted. This flag only applies to diameter AVP in outgoing message.
      The parent AVP inherits flags of child AVPs.
    • From the
      Mandatory Flag
       list, select
      Enabled
       to choose the value of the mandatory flag, in the diameter AVP, when the message is inserted. This flag only applies to diameter AVP in outgoing message.
    • From the
      Vendor-Specific Flag
       list, select
      Enabled
       to choose the value of the vendor-specific flag, in the diameter AVP, when the message is inserted. This flag only applies to diameter AVP in outgoing message.
    • From the
      Diameter AVP
       list, select the name of a configured diameter AVP. The default value is
      None
      .
    • In the
      Parent Label
       field, type the name of a parent label which groups AVPs that can be combined.
      The AVPs with the same parent-label are combined in the same grouped AVP.
    • From the
      Subscriber Attribute
       list, select the name of a configured subscriber session attribute. The default value is
      None
      .
    • From the
      Include Interim Message
       list, select
      Enabled
       for the AVP to be included in the interim-message (ccr-u only) updates which are generated if there is any change related to session parameters.
      This flag only applies to Diameter AVP in outgoing message.
    • From the
      Include Reporting Message
       list, select
      Enabled
       for the AVP to be included in the reporting message (ccr-u only) updates which are generated for reporting usage information.
      This flag only applies to Diameter AVP in outgoing message.
  5. Click
    Finished
    .
You have created a custom Gx message.

Configuring Subscriber Attributes in PEM profile

You can configure subscriber attributes in PEM profile. The subscriber attributes are used for storing values imported from RADIUS or DIAMETER and manually or iRule set of values for further use.
  1. On the Main tab, click
    Subscriber Management
    Profiles
    Protocols
    Subscriber Attributes
    .
    The Subscriber Attributes screen opens.
  2. Click
    Create
    .
    The Subscriber Attribute Properties screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. In the
    Description
     field, type optional descriptive text for the profile.
  5. From the
    Import
     list, select
    Enabled
     for the subscriber attribute to be imported (parsed) from the incoming messages. The default value is
    None
    .
  6. From the
    Export
     list, select
    Enabled
     for the subscriber attribute to be exported (inserted) to the outgoing messages. The default value is
    Enabled
    .
  7. From the
    Well Known Attribute ID
     list, select an option for an identifier of a well-known (built-in) subscriber attribute.
    The system provides a special handling for well-known subscriber attributes. Session reporting records have the most well-known attributes by default.
  8. Click
    Finished
    .
You have created a subscriber attribute in PEM profile.

Configuring Diameter AVP in PEM profile

You can configure Diameter AVP, that can be used in Gx messages.
  1. On the Main tab, click
    Subscriber Management
    Profiles
    Protocols
    Diameter AVP
    .
    The Diameter AVP screen opens.
  2. Click
    Create
    .
    The Diameter AVP Properties screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. In the
    Description
     field, type optional descriptive text for the profile.
  5. From the
    Parent AVP
    list, select
    None
    for name of the parent AVP, if it is in a grouped AVP.
  6. In the
    AVP Code
     field, type the AVP code of the diameter AVP.
  7. From the
    Data Type
     list, select the data type of the diameter AVP. The default value is
    Octet String
    .
  8. In the
    Length
     field, type the data length of the diameter AVP.
  9. In the
    Vendor ID
     field, type the vendor ID of the diameter Vendor Specific Attribute (VSA).
  10. Click
    Finished
    .
You have configured Diameter AVP.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information