F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Policy Enforcement Manager: Implementations
  3. Configuring Tiered Services with Bandwidth Control
Manual Chapter : Configuring Tiered Services with Bandwidth Control

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1

BIG-IP PEM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Manual Chapter

Configuring Tiered Services with Bandwidth Control

Overview: Configuring tiered services with bandwidth control

You can set up Policy Enforcement Manager to enforce different levels of bandwidth control on subscribers, providing more bandwidth to subscribers with higher tier subscriptions. Bandwidth control in this case is per subscriber and per application.
This implementation provides three tiers of service: gold (the highest level), silver (the next highest), and bronze (the lowest level). You create three dynamic bandwidth controllers, one for each tier to provide different bandwidth limits for subscribers with different plans. Each tier includes bandwidth control limits for three types of application traffic (P2P, audio-video, and web). You also create three enforcement policies, one for each tier. In the enforcement policies, rules applies bandwidth control to the different types of traffic.
Finally, subscribers are provisioned dynamically through a policy charging and rules function (PCRF) over a Gx interface. On the PCRF, you need to have associated subscribers with one of the subscriber tiers called gold, silver, and bronze.

Task Summary

Creating dynamic bandwidth control policies for tiered services

You can create dynamic bandwidth controllers for tiered services so that PEM can enforce different rates of bandwidth control for subscribers having different policy levels. Use this procedure and the values specified to create three bandwidth controllers, one for each tier of service.
  1. On the Main tab, click
    Acceleration
    Bandwidth Controllers
    .
  2. Click
    Create
    .
  3. In the
    Name
     field, type the name of the bandwidth controller. In this example, name the three bandwidth controllers as follows:
    • Type
      gold-bwc
       for the premium subscription level.
    • Type
      silver-bwc
       for the medium subscription level.
    • Type
      bronze-bwc
       for the lowest subscription level.
    There is no requirement to use these names, but it is convenient to use a similar name for the bandwidth controller and the enforcement policy that you will attach it to. Later in this example, you will attach the gold-bwc bandwidth controller to the gold enforcement policy.
  4. In the
    Maximum Rate
     field, type a number and select the unit of measure to indicate the total throughput allowed for all the subscribers using each bandwidth controller. For this example, specify
    10 Mbps
     for all three bandwidth controllers
    If you want to use different values, the number must be in the range from 1Mbps to 320Gbps.
  5. From the
    Dynamic
     list, select
    Enabled
    .
    The screen displays additional settings.
  6. In the
    Maximum Rate Per User
     field, type a number and select the unit of measure relative to the tier of service. For example, use the following values:
    • For gold-bwc, specify
      8 Mbps
      .
    • For silver-bwc, specify
      4 Mbps
      .
    • For bronze-bwc, specify
      2 Mbps
      .
  7. Leave the
    IP Type of Service
     and
    Link Quality of Service
     values set to
    Pass Through
    , the default value.
  8. In the
    Categories
     field for each bandwidth controller, add three categories of traffic:
    P2P
    ,
    Web
    , and
    Audio-video
    .
    • For gold-bwc, set
      P2P
       to 20%, set
      Web
       to 70%, and set
      Audio-video
       to 40%.
    • For silver-bwc, set
      P2P
       to 20%, set
      Web
       to 60%, and set
      Audio-video
       to 30%.
    • For bronze-bwc, set
      P2P
       to 20%, set
      Web
       to 50%, and set
      Audio-video
       to 20%.
    In the rule for the policy, different types of traffic, P2P, web, or audio-video traffic is limited to a smaller percentage of the total bandwidth for all subscribers who use that policy.
  9. Click
    Finished
    .
If this is the first bandwidth control policy created on a BIG-IP device, the system also creates a default static bandwidth control policy named
default-bwc-policy
 in the Common partition to handle any traffic that is not included in the policy you created. If you delete all bandwidth controllers, this policy is also deleted.
For PEM to enforce bandwidth control, you need to create enforcement policies with rules that refer to the bandwidth controller.

Creating enforcement policies for three tiers

To impose bandwidth control on multiple subscriber tiers, you need to create an enforcement policy for each tier. Use these steps and the values specified to create three enforcement policies.
  1. On the Main tab, click
    Policy Enforcement
    Policies
    .
    The Policies screen opens.
  2. Click
    Create
    .
    The New Policy screen opens.
  3. In the
    Name
     field, type a name for the policy.
    • Type
      gold
       for the premium subscription level.
    • Type
      silver
       for the medium subscription level.
    • Type
      bronze
       for the lowest subscription level.
  4. Click
    Finished
    .
    The new enforcement policy is added to the policy list.
You have three enforcement policies that represent the three tiers of subscriber traffic that you are creating.
After creating the enforcement policies, you add rules that specify how to treat the subscriber traffic in each tier. In the implementation being developed, subscribers in the different tiers will get different maximum amounts of bandwidth. Further limits will be placed on specific types of traffic (P2P, audio-video, and web).

Creating the rules for tiered bandwidth control

You next add rules to each of the enforcement policies you created (gold, silver, and bronze). The rules limit the amount of bandwidth that P2P, web, and audio-video traffic can use. Create three rules for each enforcement policy.
  1. On the Main tab, click
    Policy Enforcement
    Policies
    .
    The Policies screen opens.
  2. Click the name of the enforcement policy you want to add rules to.
    The properties screen for the policy opens.
  3. In the Policy Rules area, click
    Add
    .
    The New Rule screen opens.
  4. In the
    Name
     field, type a name for the rule. For the first rule, use the name
    P2P
    .
  5. In the
    Precedence
     field, type an integer that indicates the precedence, 1 being the highest.
    In this case, you can use any value, for example, 10, as the precedence for all the rules in all the policies because there is no conflict between the rules you are creating. Each rule applies to a different type of traffic: web, audio-video, and P2P.
  6. In the
    Classification
     setting, specify the type of traffic.
    1. For the first rule, from the
      Category
       list, select
      P2P
      . Use the default values for
      Match Criteria
       (
      Match
      ) and
      Application
       (
      Any
      ).
    2. Click
      Add
      .
  7. In the
    Rate Control
     setting, for
    Bandwidth Controller
    , select the name of the bandwidth controller and category. Choose
    1. For
      Bandwidth Controller
      , select the name that matches the policy you are working on. For example, if editing the gold policy, select
      gold-bwc
      .
    2. For
      Category
      , select the category that matches the type of traffic specified by the name of the rule. For example, select
      P2P
      .
  8. Click
    Finished
    .
  9. Repeat steps 3-8 to create a second rule for audio-video traffic with these settings.
    Option
    Values
    Name
    Audio-video
    Precedence
    10
    Classification Category
    Audio_video
    Rate Control-Bandwidth Controller
    Same as the name of the policy you are adding the rule to (gold-bwc, silver-bwc, or bronze-bwc)
    Bandwidth Controller-Category
    Audio-video
  10. Repeat steps 3-8 to create a third rule for web traffic with these settings.
    Option
    Values
    Name
    Web
    Precedence
    10
    Classification Category
    Web
    Rate Control-Bandwidth Controller
    Same as the name of the policy you are adding the rule to (gold-bwc, silver-bwc, or bronze-bwc)
    Bandwidth Controller-Category
    Web
The gold, silver, and bronze enforcement policies each have three rules called P2P, Web, and Audio-video. Each of the rules in the gold policy connects to the gold-bwc bandwidth controller; rules in the silver policy connect to the silver-bwc bandwidth controller and; rules in the bronze policy connect to the bronze-bwc policy.

Creating a listener for subscriber discovery with RADIUS and policy provisioning with PCRF

You create a listener to specify how to handle traffic for policy enforcement. Creating a listener does preliminary setup tasks on the BIG-IP system for application visibility, intelligent steering, bandwidth management, and reporting. You can also connect with a Policy and Charging Rules Function (PCRF) over a Gx interface.
  1. On the Main tab, click
    Subscriber Management
    Control Plane Listeners
    .
    The Control Plane Listeners page opens.
  2. In the Policy Provisioning and Online Charging Virtuals area, click
    Add
    .
    The New Configure Diameter Endpoint Provisioning and Online Charging screen opens.
  3. In the
    Name
     field, type a unique name for the listener.
  4. In the
    Destination Address
     field, type the IP address of the virtual server. For example,
    10.0.0.1
     or
    10.0.0.0/24
    .
    When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
    /32
     prefix.
    You can use a catch-all virtual server (
    0.0.0.0
    ) to specify all traffic that is delivered to the BIG-IP system. Configure the source and destination setting, during forwarding mode only. In the relay mode, the client does not have an IP address and the DHCP provides the client with an IP address.
    The system will create a virtual server using the address or network you specify.
  5. For the
    Service Port
     setting, type or select the service port for the virtual server.
  6. From the
    Protocol
     list, select the protocol of the traffic for which to deploy enforcement policies (
    TCP
    ,
    UDP
    , or
    TCP and UDP
    ).
    The system will create a virtual server for each protocol specified.
  7. To use network address translation, from the
    Source Address Translation
     list, select
    Auto Map
    .
    The system treats all of the self IP addresses as translation addresses.
  8. For the
    VLANs and Tunnels
     setting, move the VLANs and tunnels that you want to monitor from the
    Available
     list to the
    Selected
     list.
  9. For subscriber provisioning using RADIUS, ensure that
    Subscriber Identity Collection
     is set to
    RADIUS
    .
  10. For the
    VLANs and Tunnels
     setting, move the VLANs and tunnels that you want to monitor for RADIUS traffic from the
    Available
     list to the
    Selected
     list.
  11. For the tiered services example, do not assign global policies.
  12. To connect to a PCRF, from the
    Diameter Endpoint
     list, select
    Enabled
     and select
    Gx
     or
    Sd
    from the
    Supported Apps
     options.
  13. In the
    Origin Host
     field, type the fully qualified domain name of the PCRF or external policy server, for example,
    ocs.xnet.com
    .
  14. In the
    Origin Realm
     field, type the realm name or network in which the PCRF resides, for example,
    xnet.com
    .
  15. In the
    Destination Host
     field, type the destination host name of the PCRF or external policy server, for example,
    pcrfdest.net.com
    .
  16. In the
    Destination Realm
     field, type the realm name or network of the PCRF, for example,
    net.com
    .
  17. For the
    Pool Member Configuration
     setting, add the PCRF servers that are to be members of the Gx endpoint pool. Type the
    Member IP Address
     and
    Port
     number, then click
    Add
    .
  18. In the
    Message Retransmit Delay
     field, type the number of milliseconds to wait before retransmitting unanswered messages in case of failure from the BIG-IP system to the PCRF over the Gx interface. The default value is
    1500
    .
  19. In the
    Message Max Retransmit
     field, type the maximum number of times that messages can be retransmitted from the BIG-IP system to the PCRF. The default value is
    2
    .
  20. In the
    Fatal Grace Time
     field, type the time period in seconds that a diameter connection can remain disconnected before the system terminates all sessions associated with that diameter endpoint. The default value is
    500
    .
  21. Click
    Finished
    .
    The Policy Enforcement Manager creates a listener.
When you create a listener, the Policy Enforcement Manager also creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual server for HTTP traffic. The system sets up classification and assigns the appropriate policy enforcement profile to the virtual servers. The system also creates a virtual server for the Gx interface with a diameter endpoint profile. If you are connecting to a RADIUS authentication server, a virtual server for RADIUS is also added.
Now you can send traffic through the network. As network traffic moves through the BIG-IP system, the system handles policy enforcement.

Implementation result

When traffic flows through a BIG-IP system, the system limits the aggregated bandwidth for all subscribers having a gold, silver, or bronze policy. Subscribers with a gold policy can use more of the total bandwidth than silver or bronze subscribers. Further, subscriber traffic in any of the tiers that is classified as audio-video, web, or P2P is limited to a percentage of the total bandwidth allowed for that tier.
For example, if a subscriber has a silver subscription level and PEM classifies their traffic as Web, the traffic is limited to 60% of the
Maximum Rate
 specified in the
silver-bwc
 bandwidth controller (4 Mbps). This leaves 2.4 Mbps as the maximum bandwidth for all web traffic of silver tier subscribers.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information