In Policy Enforcement Manager™, you can create a rule within an enforcement policy that tells the system to send aggregated usage data concerning individual subscribers to a Policy and Charging Rules Function (PCRF). The rule specifies what type of traffic you are interested in, and one of the actions the system can take with the data collected is to send it for processing over a Gx interface to a PCRF.
The system sends the data in the standard Gx format. The report granularity must be set to session for Gx reporting to be available. The PCRF determines the policies for each subscriber, whether or not reporting is enabled, and how often to send the data and monitoring key that identifies the type of traffic PCRF wants to get usage for.
Similarly, the Traffic Dectection function (TDF) functionality performs applications traffic detection and reporting of detected application by using TDF application identifier. The Policy Enforcement Manager™ supports the Sd interface which is used by PCRF to talk to TDF. This provides the ability to apply the detection, enforce actions and apply charging parameters for the specified application traffic.
Note: Gx and Sd are mutually exclusive.
For example, a rule might collect session-based information about all traffic destined to a particular IP address. The BIG-IP® system communicates with the PCRF and sends information about the subscribers for whom reporting is enabled. You establish the connection to the PCRF by creating a listener with Gx interface enabled.
Task summary
Creating a listener for subscriber discovery and policy provisioning
You can create listeners that specify how to handle traffic for policy enforcement. Creating a listener does preliminary setup tasks on the BIG-IP® system for application visibility, intelligent steering, bandwidth management, and reporting. You can also connect with a Policy and Charging Rules Function (PCRF) over a Gx interface.
- On the Main tab, click .
The Control Plane Listeners page opens.
- In the Policy Provisioning and Online Charging Virtuals area, click Add.
The New Configure Diameter Endpoint Provisioning and Online Charging screen opens.
- In the Name field, type a unique name for the listener.
- In the Description field, type a description of the listener.
- For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor from the Available list to the Selected list.
- To connect to a PCRF, from the Diameter Endpoint list, select Enabled and select Gx or Sdfrom the Supported Apps options.
- In the Product Name field, type the product name which is used to communicate with the PCRF.
- In the Origin Host field, type the fully qualified domain name of the PCRF or external policy server, for example, ocs.xnet.com.
- In the Origin Realm field, type the realm name or network in which the PCRF resides, for example, xnet.com.
- In the Destination Host field, type the destination host name of the PCRF or external policy server, for example, pcrfdest.net.com.
- In the Destination Realm field, type the realm name or network of the PCRF, for example, net.com.
- For the Pool Member Configuration setting, add the PCRF servers that are to be members of the Gx endpoint pool. Type the Member IP Address and Port number, then click Add.
- In the Message Retransmit Delay field, type the number of milliseconds to wait before retransmitting unanswered messages in case of failure from the BIG-IP system to the PCRF over the Gx interface. The default value is 1500.
- In the Message Max Retransmit field, type the maximum number of times that messages can be retransmitted from the BIG-IP system to the PCRF. The default value is 2.
- In the Fatal Grace Time field, type the time period in seconds that a diameter connection can remain disconnected before the system terminates all sessions associated with that diameter endpoint. The default value is 500.
- Click Finished.
The Policy Enforcement Manager creates a listener.
When you create a listener, the Policy Enforcement Manager™ also creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual server for HTTP traffic. The system sets up classification and assigns the appropriate policy enforcement profile to the virtual servers. The system also creates a virtual server for the Gx interface with a diameter endpoint profile. If you are connecting to a RADIUS authentication server, a virtual server for RADIUS is also added.