Applies To:Show Versions
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Overview: Provisioning dynamic subscribers
If you have subscribers that are managed on a separate policy charging and rules function (PCRF), you can connect the BIG-IP system to that policy server to provision dynamic subscribers. Dynamic subscribers are subscribers that are managed by a separate PCRF.
The BIG-IP system receives traffic from GGSN, a gateway between the GPRS mobile network and the Internet. When a subscriber makes a request that is routed to the BIG-IP system, the Policy Enforcement Manager queries the PCRF over a Gx interface. The PCRF responds with information about the subscriber. This information is stored on the BIG-IP system, which recognizes the subscriber in future requests.
You can use dynamic subscriber provisioning alone or in combination with static subscribers.
Provisioning dynamic subscribers
- On the Main tab, click The Listeners screen opens. .
- Click Create. The New Listener screen opens.
- In the Name field, type a unique name for the listener.
For the Destination setting, select Host
or Network, and type the IP address or network and netmask to
Tip: You can use a catch-all virtual server (0.0.0.0) to specify all traffic that is routed to the BIG-IP system.The system will create a virtual server using the address or network you specify.
- For the Service Port setting, type or select the service port for the virtual server.
- From the Protocol list, select the protocol of the traffic for which to deploy enforcement policies (TCP, UDP, or TCP and UDP). The system will create a virtual server for each protocol specified.
- To use network address translation, from the Source Address Translation list, select Auto Map. The system treats all of the self IP addresses as translation addresses.
- For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor from the Available list to the Selected list.
- For subscriber provisioning using RADIUS, ensure that Subscriber Identity Collection is set to RADIUS.
- For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor for RADIUS traffic from the Available list to the Selected list.
In the Policy Provisioning area, select enforcement policies to apply to the
For Global Policy, move policies to apply to all subscribers
to High Precedence or Low Precedence.
Note: For URL categorization to take effect, you need to associate the enforcement policy with a classification profile.
- For Unknown Subscriber Policy, move policies to use if the subscriber is unknown to Selected.
- For Global Policy, move policies to apply to all subscribers to High Precedence or Low Precedence.
- To connect to a PCRF, from the Diameter Endpoint list, select Enabled and select Gx from the Supported Apps options.
- In the Origin Host field, type the fully qualified domain name of the PCRF or external policy server, for example, ocs.xnet.com.
- In the Origin Realm field, type the realm name or network in which the PCRF resides, for example, xnet.com.
- In the Destination Host field, type the destination host name of the PCRF or external policy server, for example, pcrfdest.net.com.
- In the Destination Realm field, type the realm name or network of the PCRF, for example, net.com.
- For the Pool Member Configuration setting, add the PCRF servers that are to be members of the Gx endpoint pool. Type the Member IP Address and Port number, then click Add.
- In the Message Retransmit Delay field, type the number of milliseconds to wait before retransmitting unanswered messages in case of failure from the BIG-IP system to the PCRF over the Gx interface. The default value is 1500.
- In the Message Max Retransmit field, type the maximum number of times that messages can be retransmitted from the BIG-IP system to the PCRF. The default value is 2.
- In the Fatal Grace Time field, type the time period in seconds that a diameter connection can remain disconnected before the system terminates all sessions associated with that diameter endpoint. The default value is 500.
- Click Finished. The Policy Enforcement Manager creates a listener, and displays the listener list.