Manual Chapter : Enforcing Bandwidth Control Provisioned on PCRF

Applies To:

Show Versions Show Versions


  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

Overview: Enforcing bandwidth control provisioned on PCRF

Policy Enforcement Manager (PEM) can enforce bandwidth limits provisioned by the PCRF using dynamic PCC rules. You do this by creating a dynamic bandwidth controller with the name dynamic_spm_bwc_policy. This bandwidth controller must be created on the BIG-IP system using this predefined name. It does not need to be associated with an enforcement policy in PEM. Subscribers are assigned bandwidth in proportion to their configured rates. So for example, if subscriber A is assigned 4Mbps, and B is assigned 8Mbps, B will always get twice the bandwidth that A gets.

Task Summary

Creating a dynamic bandwidth control policy for PCRF

To set up bandwidth control through PCRF, you must have bandwidth control rules configured on the PCRF.
You can create a dynamic bandwidth controller so that PEM can enforce the maximum bit rate configured on the PCRF. You must follow the steps exactly as described here using the specified name for the bandwidth controller, and you must create the associated categories.
  1. On the Main tab, click Acceleration > Bandwidth Controllers.
  2. Click Create.
  3. In the Name field, type the name dynamic_spm_bwc_policy.
  4. In the Maximum Rate field, type a number and select the unit of measure to indicate the total throughput allowed for all the instances created for this dynamic bandwidth control policy. For example, use 4Gbps or a value that is appropriate for your hardware platform. The number must be in the range from 1Mbps to 320Gbps. You can set it to the maximum throughput value for the hardware, or to 90% of that value if you want to retain part of the system bandwidth for other uses.
  5. From the Dynamic list, select Enabled. The screen displays additional settings.
  6. In the Maximum Rate Per User field, type a number and select the unit of measure. For example, use 50Mbps. The number must be in the range from 1Mbps to 2Gbps. However, the value you use is just a place holder and is never used by the system. For this example, the value is overridden by the PCRF.
  7. Leave the IP Type of Service and Link Quality of Service values set to Pass Through, the default value.
  8. In the Categories field, add eight categories of traffic with the names cat1 through cat8.
    1. In the Category Name field, type one of the names cat1 through cat8.
    2. In the Max Category Rate field, type 100 and select %.
    3. Click Add to add the category to the Categories list.
    4. Repeat to add the remaining seven, to total eight categories.
  9. Click Finished.
If this is the first bandwidth control policy created on a BIG-IP device, the system also creates a default static bandwidth control policy named default-bwc-policy to handle any traffic that is not included in the policy you created. If you delete all bandwidth controllers, this policy is also deleted.
For PEM to enforce bandwidth control, you need to create a listener with a Gx interface configured.

Creating a listener for subscriber discovery and policy provisioning

You can create listeners that specify how to handle traffic for policy enforcement. Creating a listener does preliminary setup tasks on the BIG-IP system for application visibility, intelligent steering, bandwidth management, and reporting. You can also connect with a Policy and Charging Rules Function (PCRF) over a Gx interface.
  1. On the Main tab, click Policy Enforcement > Listeners. The Listeners screen opens.
  2. Click Create. The New Listener screen opens.
  3. In the Name field, type a unique name for the listener.
  4. For the Destination setting, select Host or Network, and type the IP address or network and netmask to use.
    Tip: You can use a catch-all virtual server ( to specify all traffic that is routed to the BIG-IP system.
    The system will create a virtual server using the address or network you specify.
  5. For the Service Port setting, type or select the service port for the virtual server.
  6. From the Protocol list, select the protocol of the traffic for which to deploy enforcement policies (TCP, UDP, or TCP and UDP). The system will create a virtual server for each protocol specified.
  7. To use network address translation, from the Source Address Translation list, select Auto Map. The system treats all of the self IP addresses as translation addresses.
  8. For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor from the Available list to the Selected list.
  9. For subscriber provisioning using RADIUS, ensure that Subscriber Identity Collection is set to RADIUS.
  10. For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor for RADIUS traffic from the Available list to the Selected list.
  11. In the Policy Provisioning area, select enforcement policies to apply to the traffic.
    1. For Global Policy, move policies to apply to all subscribers to High Precedence or Low Precedence.
      Note: For URL categorization to take effect, you need to associate the enforcement policy with a classification profile.
    2. For Unknown Subscriber Policy, move policies to use if the subscriber is unknown to Selected.
    The system applies the global policy to all subscribers in parallel with the subscriber policies, and must be configured with unknown subscriber policy. High-precedence global policies override conflicting subscriber policies, and low-precedence policies are overridden by conflicting subscriber policies.
  12. To connect to a PCRF, from the Diameter Endpoint list, select Enabled and select Gx from the Supported Apps options.
  13. In the Product Name field, type the product name which is used to communicate with the PCRF.
  14. In the Origin Host field, type the fully qualified domain name of the PCRF or external policy server, for example,
  15. In the Origin Realm field, type the realm name or network in which the PCRF resides, for example,
  16. In the Destination Host field, type the destination host name of the PCRF or external policy server, for example,
  17. In the Destination Realm field, type the realm name or network of the PCRF, for example,
  18. For the Pool Member Configuration setting, add the PCRF servers that are to be members of the Gx endpoint pool. Type the Member IP Address and Port number, then click Add.
  19. In the Message Retransmit Delay field, type the number of milliseconds to wait before retransmitting unanswered messages in case of failure from the BIG-IP system to the PCRF over the Gx interface. The default value is 1500.
  20. In the Message Max Retransmit field, type the maximum number of times that messages can be retransmitted from the BIG-IP system to the PCRF. The default value is 2.
  21. In the Fatal Grace Time field, type the time period in seconds that a diameter connection can remain disconnected before the system terminates all sessions associated with that diameter endpoint. The default value is 500.
  22. Click Finished. The Policy Enforcement Manager creates a listener, and displays the listener list.
When you create a listener, the Policy Enforcement Manager also creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual server for HTTP traffic. The system sets up classification and assigns the appropriate policy enforcement profile to the virtual servers. The system also creates a virtual server for the Gx interface with a diameter endpoint profile. If you are connecting to a RADIUS authentication server, a virtual server for RADIUS is also added.

Implementation result

When traffic flows through the BIG-IP system, the system limits the aggregated bandwidth for all subscribers to the Maximum Rate specified in the dynamic_spm_bwc_policy bandwidth control policy. The PCRF provides the Maximum Rate Per User for each subscriber, overriding the value in the bandwidth control policy. Policy Enforcement Manager restricts subscribers to the maximum user rate, and bandwidth is spread among subscribers fairly, on a best effort basis.