F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Policy Enforcement Manager: Implementations
  3. Provisioning Dynamic Subscribers
Manual Chapter : Provisioning Dynamic Subscribers

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1

BIG-IP PEM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Manual Chapter

Provisioning Dynamic Subscribers

Overview: Provisioning dynamic subscribers

If you have subscribers that are managed on a separate policy charging and rules function (PCRF), you can connect the BIG-IP system to that policy server to provision dynamic subscribers.
Dynamic subscribers
 are subscribers that are managed by a PCRF.
The BIG-IP system receives traffic from GGSN, a gateway between the GPRS mobile network and the Internet. When a subscriber makes a request that is routed to the BIG-IP system, the Policy Enforcement Manager queries the PCRF over a Gx interface. The PCRF responds with information about the subscriber. This information is stored on the BIG-IP system, which recognizes the subscriber in future requests.
You can use dynamic subscriber provisioning alone or in combination with static subscribers.

Provisioning dynamic subscribers

If you want to steer specific traffic, or otherwise regulate certain types of traffic, you need to have developed enforcement policies.
To provision subscribers dynamically through a separate PCRF, you create listeners that specify how to handle traffic for policy enforcement. Creating a listener provides preliminary setup on the BIG-IP system for application visibility, intelligent steering, bandwidth management, reporting, and other features.
  1. On the Main tab, click
    Policy Enforcement
    Data Plane Listeners
    .
    The Date Plane Listeners screen opens.
  2. Click
    Data Plane
    .
    The Data Plane screen opens.
  3. Click
    Add Group
    .
    The New Virtual Group screen opens.
  4. In the
    Name
     field, type a unique name for the listener.
  5. In the
    Destination Address
     field, type the IP address of the virtual server. For example,
    10.0.0.1
     or
    10.0.0.0/24
    .
    When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
    /32
     prefix.
    You can use a catch-all virtual server (
    0.0.0.0
    ) to specify all traffic that is delivered to the BIG-IP system. Configure the source and destination setting, during forwarding mode only. In the relay mode, the client does not have an IP address and the DHCP provides the client with an IP address.
    The system will create a virtual server using the address or network you specify.
  6. For the
    Service Port
     setting, type or select the service port for the virtual server.
  7. From the
    Protocol
     list, select the protocol of the traffic for which to deploy enforcement policies (
    TCP
    ,
    UDP
    , or
    TCP and UDP
    ).
    The system will create a virtual server for each protocol specified.
  8. To use network address translation, from the
    Source Address Translation
     list, select
    Auto Map
    .
    The system treats all of the self IP addresses as translation addresses.
  9. For the
    VLANs and Tunnels
     setting, move the VLANs and tunnels that you want to monitor from the
    Available
     list to the
    Selected
     list.
  10. For the
    VLANs and Tunnels
     setting, move the VLANs and tunnels that you want to monitor for RADIUS traffic from the
    Available
     list to the
    Selected
     list.
  11. In the Policy Provisioning area, select enforcement policies to apply to the traffic.
    1. For
      Global Policy
      , move policies to apply to all subscribers to
      High Precedence
       or
      Low Precedence
      .
      For URL categorization to take effect, you need to associate the enforcement policy with a classification profile.
    2. For
      Unknown Subscriber Policy
      , move policies to use if the subscriber is unknown to
      Selected
      .
    The system applies the global policy to all subscribers in parallel with the subscriber policies, and must be configured with unknown subscriber policy. High-precedence global policies override conflicting subscriber policies, and low-precedence policies are overridden by conflicting subscriber policies.
When you create a listener, the Policy Enforcement Manager also creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual server for the Gx interface. The system also creates a virtual server to handle HTTP traffic. The system assigns the appropriate classification and policy enforcement profiles to the virtual servers. If you are connecting to a RADIUS authentication server, a virtual server for RADIUS is also added.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information