Policy Enforcement Manager™ (PEM™) provides capability
to apply subscriber base policy to multiple subscriber traffic. PEM provides a switch decision
between standard or full proxy to BIG-IP® TCP processing per flow, based on
preliminary subscriber policy evaluation. You can effectively handle policy actions such as
redirect, ICAP adaptation and HTTP header enrichment as the default PEM configuration creates a
full proxy listener. Other PEM actions, that do not require full proxy can be performed through
Fast L4 basis with BIG-IP TCP support. Some of these PEM actions are quality of service (QoS),
bandwidth control, and gate and reporting.
The Performance Layer4 virtual server type uses the Fast L4 profile. The Performance HTTP
virtual server type uses the Fast HTTP profile and is designed to speed up certain types of HTTP
connections and reduce the number of connections opened to the back-end HTTP servers. This is
accomplished by combining features from the TCP, HTTP, and OneConnect™
profiles into a single profile that is optimized for network performance. The Performance HTTP
virtual server processes connections on a packet-by-packet basis and buffers only enough data to
parse packet headers.
Task summary
Creating a Fast L4 profile in PEM
You have to create a listener to handle traffic for policy enforcement. Creating a
listener performs preliminary setup on the BIG-IP® system for
application visibility, intelligent steering, bandwidth management, and
reporting.
The BIG-IP® system specifies the listener that it wants to use
for a flow in situation where it decides the optimal listener. You can add an option to
specify the listener name in the configuration of the PEM profile.
-
On the Main tab, click .
The Policy Enforcement screen opens.
-
Click Create.
The New PEM Profile screen opens.
-
In the Name field, type a unique name of the policy enforcement
profile.
-
In the Optimization area, for the Connection Optimization
setting, Enabled is the default selection. This indicates that the
fast PEM optimization is enabled. To change the setting, select
Custom check box and select Disabled.
-
From the Fast L4 Virtual Server list, select the Fast L4 virtual
server previously configured. The Fast L4 virtual server is a server with an HTTP profile,
protocol TCP, and protocol profile Fast L4.
-
In the Policy Provisioning area, select enforcement policies to apply to the
traffic.
-
For Global Policy, move policies to apply to all subscribers
to High Precedence or Low Precedence.
Note: For URL categorization to take effect, you need to associate the
enforcement policy with a classification profile.
-
For Unknown Subscriber Policy, move policies to use if the
subscriber is unknown to Selected.
The system applies the global policy to all subscribers in parallel with the
subscriber policies, and must be configured with unknown subscriber policy.
High-precedence global policies override conflicting subscriber policies, and
low-precedence policies are overridden by conflicting subscriber policies.
-
Click Finished.
The Policy Enforcement Manager creates a policy enforcement profile with Fast
L4.
You have created a Fast L4 profile.
Disabling a Fast L4 profile in PEM
You have to create a listener to handle traffic for policy enforcement. Creating a
listener performs preliminary setup on the BIG-IP® system for
application visibility, intelligent steering, bandwidth management, and
reporting.
The BIG-IP® system specifies the listener that it wants to use
for a flow in situation where it decides the optimal listener. You can add an option to
specify the listener name in the configuration of the PEM™ profile.
-
On the Main tab, click .
The Policy Enforcement screen opens.
-
From the PEM profile list, select a Fast L4 profile that you have created, or click
Create to create a new Fast L4 profile.
-
In the Name field, type a unique name of the policy enforcement
profile.
-
In the Optimization area, for the Connection Optimization
setting, Enabled is the default selection. This indicates that the
fast PEM optimization is enabled. To change the setting, select
Custom check box and select Disabled.
-
From the Fast L4 Virtual Server list, select the Fast L4 virtual
server previously configured. The Fast L4 virtual server is a server with an HTTP profile,
protocol TCP, and protocol profile Fast L4.
-
In the Policy Provisioning area, select enforcement policies to apply to the
traffic.
-
For Global Policy, move policies to apply to all subscribers
to High Precedence or Low Precedence.
Note: For URL categorization to take effect, you need to associate the
enforcement policy with a classification profile.
-
For Unknown Subscriber Policy, move policies to use if the
subscriber is unknown to Selected.
The system applies the global policy to all subscribers in parallel with the
subscriber policies, and must be configured with unknown subscriber policy.
High-precedence global policies override conflicting subscriber policies, and
low-precedence policies are overridden by conflicting subscriber policies.
-
Click Finished.
The Policy Enforcement Manager creates a policy enforcement profile with Fast
L4.
You have disabled Fast L4 on a PEM profile.