Manual Chapter :
Detecting Tethering, Device Operation System and Type
Applies To:
Show Versions
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1
BIG-IP PEM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Detecting Tethering, Device Operation System and Type
Overview: Detecting Tethering, Device Operating System, and Type
You can now gather insight on the device usage of subscribers, with the detection of Device
Type and Operating System (DTOS). The patterns can be used for business intelligence gathering,
as well as for customizing subscriber plans based on their usage. The Policy
Enforcement Manager™ (PEM™) provides the ability to report various types
of subscriber information and application visibility to external analytic systems through syslog
and other IPFIX reporting methods. The device type is identified based on the IMEI number, of
which the first eight numbers are from the Type Allocation Code (TAC) number. The operating
system (OS) detection is done by user-agent parsing, TCP/IP fingerprinting, and by looking up TAC
code in the TAC database. Furthermore, reporting can be configured for DTOS and tethering action.
A report (optional) is sent the first time PEM retrieves device OS information, and if a change
is detected in the OS name, a report is sent again to the configured destination.
When tethering is enabled, details of the state change are sent in a report. When DTOS is
enabled, the details of the state changes when there is a change in TCP fingerprinting or OS
value defined by the user agent. Also, a report (HSL log) is sent out whenever there is a change
in TCP fingerprinting, TCP OS, or user agent OS values. The default sampling interval for DTOS is
at 10 flows. The tethering sampling interval is 180 seconds.
Task summary
Configuring device
type, OS, and tethering
You can configure the PEM policy to look up the
device name and details (for monitoring purposes) and enable tethering detection.
- On the Main tab, click .The Policies screen opens.
- Click the name of the enforcement policy you want to add rules to.The properties screen for the policy opens.
- In the Policy Rules area, clickAdd.The New Rule screen opens.
- In theNamefield, type a name for the rule.
- In thePrecedencefield, type an integer that indicates the precedence for the rule in relation to the other rules. Number 1 has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.All rules in a policy are run concurrently. Precedence takes effect when there are conflicting rules. The conflict occurs when the traffic matches two rules and the policy actions from these rules differ. For example, if you have rule 1 with precedence 10 andGate Statusdisabled for a search engine, and you have rule 2 with precedence 11 andGate Statusenabled, then rule 1 is processed first because it has higher precedence. Rules conflict if they have identical or overlapping classification criteria (for the traffic that matches more than one rule). In some cases, different policy actions are not conflicting, and hence, applied in parallel.
- From theDevice and Tethering Detectionlist, in theDevice Type OS Detectionsetting, selectEnabled.If you enable device detection, al the filters are disabled for the policy rule.When the custom TACDB file is generated, it is stored at the location/var/local/pem/dtos/.
- From theDevice and Tethering Detectionlist, in theTethering Detectionsetting, selectEnabled.If you enable tethering, classification is disabled for the policy rule.
- ClickFinished.
You have created a rule that applies to policy based on device OS, type, and tethering.
Configuring PEM
policy action with tethering
You can also attach a policy action after
detecting tethering. The tethering detected state can be used as a TCL filter in a
custom filter for a Policy Enforcement Manager (PEM) rule.
- On the Main tab, click .The Policies screen opens.
- Click the name of the enforcement policy you want to add rules to.The properties screen for the policy opens.
- In the Policy Rules area, clickAdd.The New Rule screen opens.
- In theNamefield, type a name for the rule.
- In thePrecedencefield, type an integer that indicates the high precedence for the rule in relation to the other rules. Number1has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.TCL filter creation action should have high precedence.
- Click the Custom tab.The Custom Criteria setting opens.
- In theiRule Expressionfield, specify the TCL syntax that defines a custom iRule action, which can be later attached to a policy enforcement rule.PEM::session info tethering detected [IP::client_addr] = = {1}The expression in the example evaluates to true, if a subscriber is tethering. You can select theWrap Textcheck box to wrap the definition text, and select theExtend Text Areacheck box to increase the field space of format scripts.
- From theGate Statuslist, selectDisable, to block the traffic for a subscriber who is tethering.If you disableGate Status, the traffic is blocked.
- To apply bandwidth policy, for rate control to downlink traffic, in theBandwidth Controllersetting, select the name of a bandwidth control policy.You can assign any previously created static or dynamic bandwidth control policies. However, F5 does not recommend using thedefault-bwc-policy, which the system provides, nor thedynamic_spm_bwc_policy, which you can create to enforce dynamic QoS settings provisioned by the PCRF.Depending on the bandwidth control policy, PEM restricts bandwidth usage per subscriber, group of subscribers, per application, per network egress link, or any combination of these.
- To apply bandwidth policy, for rate control to uplink traffic and per category of application, in theBandwidth Controllersetting, select the name of a bandwidth control policy.You can assign any previously created static or dynamic bandwidth control policies. However, we do not recommend using thedefault-bwc-policy, which the system provides, nor thedynamic_spm_bwc_policy, which you can create for communicating with the PCRF.Depending on the bandwidth control policy, PEM restricts bandwidth usage per subscriber, group of subscribers, per application, per network egress link, per category of applications or any combination of these.
- ClickFinished.
You have created a rule that applies to tethering.
Creating a high-speed logging rule for device detection and tethering
You can specify a reporting destination where reports are sent out whenever the
subscribers go from a non-tethering state to a tethering state, or vice-versa. Before
you can create a high-speed logging (HSL) rule, you need to create a publisher that
defines the destination server or pool where the HSL logs are sent. In an enforcement
policy, a rule can specify that tethering details are sent to an external high-speed
logging server.
- On the Main tab, click .The Policies screen opens.
- Click the name of the enforcement policy you want to add rules to.The properties screen for the policy opens.
- In the Policy Rules area, clickAdd.The New Rule screen opens.
- In theNamefield, type a name for the rule.
- In thePrecedencefield, type an integer that indicates the high precedence for the rule in relation to the other rules. Number 1 has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.
- In theReportingsetting, specify where to send the tethering detection data:
- From theHSLlist, select the name of the publisher that specifies the server or pool of remote HSL servers to send the logs.
- From theFormat Scriptlist, select the format script of the report from theFormat Scriptlist.
The format script is previously configured in page. - ClickFinished.
You have created a rule that sends device detection and tethering data about the traffic to external high-speed logging servers.
Implementation result
The BIG-IP system allows improved insight to subscriber usage with
detection of tethering, and device OS and type.
