F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Policy Enforcement Manager: Implementations
  3. Configuring Quota Management using Rating Groups
Manual Chapter : Configuring Quota Management using Rating Groups

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1

BIG-IP PEM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Manual Chapter

Configuring Quota Management using Rating Groups

Overview: Configuring quota management

You can use the Policy Enforcement Manager to implement quota management process for prepaid subscribers per session and per application. You can provision prepaid charging per subscriber or application that communicates with the quota protocol endpoint (QPE), such as online charging system (OCS), over the 3GPP Gy interface. The Gy endpoint allows online credit control for Layer 4 to 7 service data flow-based charging. This type of policing is called quota management; this feature ensures that subscribers do not consume resources that are not authorized. The Diameter Credit-Control Application (DCCA) specifies an approach based on a series of interrogations, that use Credit-Control-Request (CCR) and Credit-Control-Answer (CCA) messages.
If threshold for a Quota bucket is almost reached and the current flow 8KB interval is not used, then CCR-U is sent after 8KB consumption (maximum). PEM forwards it and after 8KB interval, or in between if in middle, it sends CCR-U. Consider 8KB consumption intervals when Quota bucket is being checked for exhaustion.
If larger bytes arrives between 8KB interval then it is let through. After we detect Quota is being exhausted, after usage of 8KB interval, then we update the internal policy change for the session. After reevaluation interval (20 seconds) the flow is reevaluated and then termination action is applied. However, for new flows as soon as Quota expires they are dropped.
The PCRF reports the quota usage under a number of circumstances and notifies the server through the use of the Reporting-Reason AVP in the CCR. The reason for reporting credit usage can occur directly in the Multiple-Services-Credit-Control AVP or in the Used-Service-Units AVP and depends on whether it applies for all quota types or a particular quota type.

Task summary

About Gy support and rating groups

The Gy interface in 3GPP architecture facilitates communication between the online charging system (OCS) and the PCEF. In turn, this communication supports the advanced credit authorization and quota-specific reporting. Policy Enforcement Manager provides online credit control, through user configuration, for Layer 4 to 7 service data flow-based charging.
The subscriber traffic contains consumed based on allocated quota that is based on applications, category, or a group of them and is measured in terms of volume, time, and events. A rating group, which is the same as a quota bucket, can be created. A rating group is identified by a service-identifier AVP that gathers a set of services, which has the same costs and rating type. Once you create a rating group, you can assign it to multiple rules inside the policy. For all the traffic matching the rule, quota is consumed from this bucket to make sure there is no over-subscription of resources. For example, you can have a rating group assigned to managing video traffic of 500 MB. This rating group needs to be assigned to a rule that matches the video traffic, to ensure that there is no over-subscription of subscriber video traffic.
You need to assign a default rating group on your policy rule or assign a new one. The default rating group is for all traffic that does not belong to another rating group.
Multiple Services Credit Control (MSCC) is a procedure that allows quota management for multiple services within one Gy Session. It is possible to allocate quota on a per service basis or the services can be grouped into rating group to gather aggregation of quota management. When the MSCC is present in the CCR message, it represents PCRF. The MSCC requests quota for a particular service, or multiple services, or usage being reported. When the MSCC is present in the CCA message, it represent OCS that grants quota for the service or services.

About Online Charging System

Online charging uses IETF Diameter Credit Control application. It uses the Gy reference point in the 3GPP standards for messages between the Online Charging Server and the PCEF. The PCEF requests resource allocation and reports credit control information to the OCS (Online Charging System). Event Charging with Unit Reservation (ECUR) using CCR Initial and Termination can be used to generate event messages.
Online charging has two sub-functions:
  • Unit determination, that refers to the calculation of the number of non-monetary units like service units, data volume, time and events that shall be assigned prior to starting service delivery. PEM uses the Session Charging with Unit Reservation (SCUR) system.
  • Rating refers to determining a price, based on the non-monetary units calculated by the unit determination function. When online charging is used in the P-GW, the credit control is per rating group. P-GW allows reporting of the service usage per rating group or per combination of the rating group and service ID. Service ID sometimes is synonymous of rating group. Gy messages does not have to include both service identifier and rating group. You can use both service identifier and rating group, to be able to rate based on rating group but keep track of usage per service. For example, if you rate Facebook, Twitter and YouTube in the same way, so to create a single rating group, you accumulate usage per each service. With this setup you get less reservation spreading, while keeping track of usage per service. This reporting level can be activated per PCC rule.

What defines a rating group?

The four Attribute Value Pair (AVP) that defines a rating group, are the amount of time, the downloaded, uploaded and total bytes.
Rating group can be either the Granted Units (GSU) that is used before releasing the service or a new CCR needs to be sent, or Used Service Units (USU) which reports the total traffic for subscriber or service.
You can define rating group as follows:
  • Define the rating group for thresholds and timers
  • Validity time, which indicates the time that limits the validity of the granted quota
  • Quota holding indicates the number of seconds for which the quota granted by the OCS, is held by the gateway when no traffic is received for that rating group.
  • Quota consumption, used by the OCS, indicates to the client that the quota consumption must be stopped after a period at session termination or when no packets are received.
  • Time quota threshold indicates the threshold in seconds when the granted quota is time.
  • The Volume-Quota-Threshold AVP indicates the threshold in octets when the granted quota is volume.

Configuring quota management for global settings

You can set up global configuration for quota management in the BIG-IP system. A default rating group defines the case when a classified flow does not have an quota action. This can be used in cases were PEM might have policies to do quota management for specific applications, and no policy for the remaining application.
If a rating group is configured as default, that group cannot be used by any rules.
  1. On the Main tab, click
    Policy Enforcement
    Global
    Options
    .
    The Global Options screen opens.
  2. In the Quota Management Options area, for the
    Default Rating Group
     setting, select
    Create
     to create a new rating group for quota management.
    This takes you to the
    Policy Enforcement
    Rating Groups
    New Rating Group
     screen. Click
    Policy Enforcement
    Options
     to go back to options screen.
You created a default rating group that enables the possibility to implement quota per subscriber. Instead of defining all the policies with the corresponding rating group, you can define a single rating group and add it as a default.

Creating rating groups

You can assign a rating group to a rule and attach it to a policy. For example, if you want to allocate quota to all the videos a subscriber uses from multiple on-demand Internet streaming media, you can specify a quota bucket that covers all the quota consumption and ensures that the consumption does not exceed the specified time or volume.
  1. On the Main tab, click
    Policy Enforcement
    Rating Groups
    .
    The Rating Groups List screen opens.
  2. Click
    Create
    .
    The New Rating Group screen opens.
  3. In the
    Name
     field, type a name for the rating group.
  4. In the
    Description
     field, type optional descriptive text for the rating group.
  5. In the
    Rating Group ID
     field, type an unique identifier (integer). This Rating Group ID is used by the quota managing endpoint, such as, Gy.
  6. In the
    Initial Quota
     setting, specify
    Volume
     in octets, the initial quota to receive and send from the OCS, and the total quota volume.
  7. In the
    Initial Quota
     setting, specify
    Time
     in seconds, the initial time for quota.
  8. In the
    Default Quota
     setting, specify
    Volume
     in octets, the default quota to receive and send from the OCS, and the total quota volume.
  9. In the
    Threshold
     field, type a default threshold level you want to use for a sending quota replenishment request.
    The default value is
    0
    , which indicates that there is no threshold.
  10. In the
    Usage Time
     field, type the quota for how long the traffic can be used.
  11. In the
    Consumption Time
     field, type the maximum idle time that is accounted as quota usage. This is the default value of quota for time and specifies time units for charging as well.
  12. In the
    Validity Time
     field, type the duration for which the quota is used, if the online charging system (OCS) does not specify the validity time.
  13. In the
    Holding Time
     field, type the holding time (in seconds), for which the quota is valid without any usage, if the time is not specified by the OCS.
    The default values for consumption time, validity time and holding time are used, when the OCS does not specify them.
  14. From the
    Breach Action
     list, select the appropriate action to be taken when default quota expires or OCS does not provide new quota or breach action.
    Breach Action
    Description
    Terminate
    The system stops traffic when quota is breached.
    Allow
    The system allows traffic to go through even when the quota is breached.
    Redirect
    The system redirects traffic to the forwarding endpoint, when quota is breached.
  15. From the
    Request on Install
     list, select
    Yes
     if the quota has to be requested from the Gy, when the policy is installed for a subscriber. Otherwise, select
    No
     for quota to be requested when one of the applications associated with the rating group is detected.

Adding rating group in enforcement policy

Before you can add rules to an enforcement policy, you need to create the policy, then reopen it.
You add rules to an enforcement policy to select the traffic you want to affect, and the actions to take. A
rule
 associates an action with a specific type of traffic. So you can, for example, add a rule to select all audio-video traffic and send it to a pool of servers that are optimized to handle that type of traffic.
  1. On the Main tab, click
    Policy Enforcement
    Policies
    .
    The Policies screen opens.
  2. Click the name of the enforcement policy you want to add rules to.
    The properties screen for the policy opens.
  3. In the Policy Rules area, click
    Add
    .
    The New Rule screen opens.
  4. In the
    Name
     field, type a name for the rule.
  5. In the
    Precedence
     field, type an integer that indicates the precedence for the rule in relation to the other rules. Number 1 has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.
    All rules in a policy are run concurrently. Precedence takes effect when there are conflicting rules. The conflict occurs when the traffic matches two rules and the policy actions from these rules differ. For example, if you have rule 1 with precedence 10 and
    Gate Status
     disabled for a search engine, and you have rule 2 with precedence 11 and
    Gate Status
     enabled, then rule 1 is processed first because it has higher precedence. Rules conflict if they have identical or overlapping classification criteria (for the traffic that matches more than one rule). In some cases, different policy actions are not conflicting, and hence, applied in parallel.
  6. From the
    Rating group
     list, in the
    Quota
     setting, select the prior configured rating group or create a new rating group. This specifies what you want to do with the traffic that you are classifying or specify what actions you want to apply to the traffic.
  7. Click
    Finished
    .
  8. Repeat steps 3-8 to create as many rules as needed to handle the traffic you are interested in.
The enforcement policy includes the rules with the conditions and actions you added.
Now you need to associate the enforcement policy with the virtual server (or servers) to which traffic is directed.

Creating a listener for quota management

You can create listeners that specify how to handle traffic for policy enforcement. You can add support for Gy over a diameter connection by adding a diameter profile which has Gy application support to the diameter virtual server in PEM.
  1. On the Main tab, click
    Subscriber Management
    Control Plane Listeners
    .
    The Control Plane Listeners page opens.
  2. In the Policy Provisioning and Online Charging Virtuals area, click
    Add
    .
    The New Configure Diameter Endpoint Provisioning and Online Charging screen opens.
  3. In the
    Name Prefix
     field, type a unique name for the listener.
  4. In the
    Description
     field, type a description of the listener.
  5. From the
    VLAN and Tunnel Traffic
     list, select
    Enabled on
    . Then, for the
    VLANs and Tunnels
     setting, move the VLAN or VLANs on which you want to allow the virtual servers to share traffic from the
    Available
     list to the
    Selected
     list.
  6. For the
    VLANs and Tunnels
     setting, move the VLANs and tunnels that you want to monitor from the
    Available
     list to the
    Selected
     list.
  7. To connect to a PCRF, from the
    Diameter Endpoint Provisioning
     list, select
    Gy
     from the
    Supported Apps
     options.
  8. In the
    Product Name
     field, type the product name which is used to communicate with the OCS.
  9. In the
    Origin Host
     field, type the fully qualified domain name of the OCS, for example,
    ocs.xnet.com
    .
  10. In the
    Origin Realm
     field, type the realm name or network in which the OCS resides, for example,
    xnet.com
    .
  11. In the
    Destination Host
     field, type the destination host name of the OCS, for example,
    ocsdest.net.com
    .
  12. In the
    Destination Realm
     field, type the realm name or network of the OCS, for example,
    net.com
    .
  13. For the
    Pool Member Configuration
     setting, add the OCS servers that are to be members of the Gy endpoint pool. Type the
    Member IP Address
     and
    Port
     number, then click
    Add
    .
  14. In the
    Message Retransmit Delay
     field, type the number of milliseconds to wait before retransmitting unanswered messages in case of failure from the BIG-IP system to the OCS over the Gy interface. The default value is
    1500
    .
  15. In the
    Message Max Retransmit
     field, type the maximum number of times that messages can be retransmitted from the BIG-IP system to the OCS. The default value is
    2
    .
  16. In the
    Fatal Grace Time
     field, type the time period in seconds that a diameter connection can remain disconnected before the system terminates all sessions associated with that diameter endpoint. The default value is
    500
    .
  17. Click
    Finished
    .
    The Policy Enforcement Manager creates a listener.
When you create a listener, the Policy Enforcement Manager also creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual server for HTTP traffic. The system enables classification and assigns the appropriate policy enforcement profile to the virtual servers. The system also creates a virtual server for the Gy interface with a diameter endpoint profile.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information