F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP PEM
  4. BIG-IP Policy Enforcement Manager: Implementations
  5. Configuring Quota Management using Rating Groups
Manual Chapter : Configuring Quota Management using Rating Groups

Applies To:

Show Versions Show Versions

BIG-IP PEM

  • 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>
 

Overview: Configuring quota management

You can use the Policy Enforcement Manager™ to implement quota management process for prepaid subscribers per session and per application. You can provision prepaid charging per subscriber or application that communicates with the quota protocol endpoint (QPE), such as online charging system (OCS), over the 3GPP Gy interface. The Gy endpoint allows online credit control for Layer 4 to 7 service data flow-based charging. This type of policing is called quota management; this feature ensures that subscribers do not consume resources that are not authorized. The Diameter Credit-Control Application (DCCA) specifies an approach based on a series of interrogations, that use Credit-Control-Request (CCR) and Credit-Control-Answer (CCA) messages.

If threshold for a Quota bucket is almost reached and the current flow 8KB interval is not used, then CCR-U is sent after 8KB consumption (maximum). PEM forwards it and after 8KB interval, or in between if in middle, it sends CCR-U. Consider 8KB consumption intervals when Quota bucket is being checked for exhaustion.

If larger bytes arrives between 8KB interval then it is let through. After we detect Quota is being exhausted, after usage of 8KB interval, then we update the internal policy change for the session. After reevaluation interval (20 seconds) the flow is reevaluated and then termination action is applied. However, for new flows as soon as Quota expires they are dropped.

The PCRF reports the quota usage under a number of circumstances and notifies the server through the use of the Reporting-Reason AVP in the CCR. The reason for reporting credit usage can occur directly in the Multiple-Services-Credit-Control AVP or in the Used-Service-Units AVP and depends on whether it applies for all quota types or a particular quota type.

Task summary

About Gy support and rating groups

The Gy interface in 3GPP architecture facilitates communication between the online charging system (OCS) and the PCEF. In turn, this communication supports the advanced credit authorization and quota-specific reporting. Policy Enforcement Manager™ provides online credit control, through user configuration, for Layer 4 to 7 service data flow-based charging.

The subscriber traffic contains consumed based on allocated quota that is based on applications, category, or a group of them and is measured in terms of volume, time, and events. A rating group, which is the same as a quota bucket, can be created. A rating group is identified by a service-identifier AVP that gathers a set of services, which has the same costs and rating type. Once you create a rating group, you can assign it to multiple rules inside the policy. For all the traffic matching the rule, quota is consumed from this bucket to make sure there is no over-subscription of resources. For example, you can have a rating group assigned to managing video traffic of 500 MB. This rating group needs to be assigned to a rule that matches the video traffic, to ensure that there is no over-subscription of subscriber video traffic.

Note: You need to assign a default rating group on your policy rule or assign a new one. The default rating group is for all traffic that does not belong to another rating group.

Multiple Services Credit Control (MSCC) is a procedure that allows quota management for multiple services within one Gy Session. It is possible to allocate quota on a per service basis or the services can be grouped into rating group to gather aggregation of quota management. When the MSCC is present in the CCR message, it represents PCRF. The MSCC requests quota for a particular service, or multiple services, or usage being reported. When the MSCC is present in the CCA message, it represent OCS that grants quota for the service or services.

About Online Charging System

Online charging uses IETF Diameter Credit Control application. It uses the Gy reference point in the 3GPP standards for messages between the Online Charging Server and the PCEF. The PCEF requests resource allocation and reports credit control information to the OCS (Online Charging System). Event Charging with Unit Reservation (ECUR) using CCR Initial and Termination can be used to generate event messages.

Online charging has two sub-functions:
  • Unit determination, that refers to the calculation of the number of non-monetary units like service units, data volume, time and events that shall be assigned prior to starting service delivery. PEM uses the Session Charging with Unit Reservation (SCUR) system.
  • Rating refers to determining a price, based on the non-monetary units calculated by the unit determination function. When online charging is used in the P-GW, the credit control is per rating group. P-GW allows reporting of the service usage per rating group or per combination of the rating group and service ID. Service ID sometimes is synonymous of rating group. Gy messages does not have to include both service identifier and rating group. You can use both service identifier and rating group, to be able to rate based on rating group but keep track of usage per service. For example, if you rate Facebook, Twitter and YouTube in the same way, so to create a single rating group, you accumulate usage per each service. With this setup you get less reservation spreading, while keeping track of usage per service. This reporting level can be activated per PCC rule.

What defines a rating group?

The four Attribute Value Pair (AVP) that defines a rating group, are the amount of time, the downloaded, uploaded and total bytes.

Note: Rating group can be either the Granted Units (GSU) that is used before releasing the service or a new CCR needs to be sent, or Used Service Units (USU) which reports the total traffic for subscriber or service.
You can define rating group as follows:
  • Define the rating group for thresholds and timers
  • Validity time, which indicates the time that limits the validity of the granted quota
  • Quota holding indicates the number of seconds for which the quota granted by the OCS, is held by the gateway when no traffic is received for that rating group.
  • Quota consumption, used by the OCS, indicates to the client that the quota consumption must be stopped after a period at session termination or when no packets are received.
  • Time quota threshold indicates the threshold in seconds when the granted quota is time.
  • The Volume-Quota-Threshold AVP indicates the threshold in octets when the granted quota is volume.

Configuring quota management for global settings

You can set up global configuration for quota management in the BIG-IP® system. A default rating group defines the case when a classified flow does not have an quota action. This can be used in cases were PEM might have policies to do quota management for specific applications, and no policy for the remaining application.
Note: If a rating group is configured as default, that group cannot be used by any rules.
  1. On the Main tab, click Policy Enforcement > Global > Options .
    The Global Options screen opens.
  2. In the Quota Management Options area, for the Default Rating Group setting, select Create to create a new rating group for quota management.
    This takes you to the Policy Enforcement > Rating Groups > New Rating Group screen. Click Policy Enforcement > Options to go back to options screen.
You created a default rating group that enables the possibility to implement quota per subscriber. Instead of defining all the policies with the corresponding rating group, you can define a single rating group and add it as a default.

Creating rating groups

You can assign a rating group to a rule and attach it to a policy. For example, if you want to allocate quota to all the videos a subscriber uses from multiple on-demand Internet streaming media, you can specify a quota bucket that covers all the quota consumption and ensures that the consumption does not exceed the specified time or volume.
  1. On the Main tab, click Policy Enforcement > Rating Groups .
    The Rating Groups List screen opens.
  2. Click Create.
    The New Rating Group screen opens.
  3. In the Name field, type a name for the rating group.
  4. In the Description field, type optional descriptive text for the rating group.
  5. In the Rating Group ID field, type an unique identifier (integer). This Rating Group ID is used by the quota managing endpoint, such as, Gy.
  6. In the Initial Quota setting, specify Volume in octets, the initial quota to receive and send from the OCS, and the total quota volume.
  7. In the Initial Quota setting, specify Time in seconds, the initial time for quota.
  8. In the Default Quota setting, specify Volume in octets, the default quota to receive and send from the OCS, and the total quota volume.
  9. In the Threshold field, type a default threshold level you want to use for a sending quota replenishment request.
    The default value is 0, which indicates that there is no threshold.
  10. In the Usage Time field, type the quota for how long the traffic can be used.
  11. In the Consumption Time field, type the maximum idle time that is accounted as quota usage. This is the default value of quota for time and specifies time units for charging as well.
  12. In the Validity Time field, type the duration for which the quota is used, if the online charging system (OCS) does not specify the validity time.
  13. In the Holding Time field, type the holding time (in seconds), for which the quota is valid without any usage, if the time is not specified by the OCS.
    Note: The default values for consumption time, validity time and holding time are used, when the OCS does not specify them.
  14. From the Breach Action list, select the appropriate action to be taken when default quota expires or OCS does not provide new quota or breach action.
    Breach Action Description
    Terminate The system stops traffic when quota is breached.
    Allow The system allows traffic to go through even when the quota is breached.
    Redirect The system redirects traffic to the forwarding endpoint, when quota is breached.
  15. From the Request on Install list, select Yes if the quota has to be requested from the Gy, when the policy is installed for a subscriber. Otherwise, select No for quota to be requested when one of the applications associated with the rating group is detected.

Adding rating group in enforcement policy

Before you can add rules to an enforcement policy, you need to create the policy, then reopen it.
You add rules to an enforcement policy to select the traffic you want to affect, and the actions to take. A rule associates an action with a specific type of traffic. So you can, for example, add a rule to select all audio-video traffic and send it to a pool of servers that are optimized to handle that type of traffic.
  1. On the Main tab, click Policy Enforcement > Policies .
    The Policies screen opens.
  2. Click the name of the enforcement policy you want to add rules to.
    The properties screen for the policy opens.
  3. In the Policy Rules area, click Add.
    The New Rule screen opens.
  4. In the Name field, type a name for the rule.
  5. In the Precedence field, type an integer that indicates the precedence for the rule in relation to the other rules. Number 1 has the highest precedence. Rules with higher precedence are evaluated before other rules with lower precedence.
    Tip: All rules in a policy are run concurrently. Precedence takes effect when there are conflicting rules. The conflict occurs when the traffic matches two rules and the policy actions from these rules differ. For example, if you have rule 1 with precedence 10 and Gate Status disabled for a search engine, and you have rule 2 with precedence 11 and Gate Status enabled, then rule 1 is processed first because it has higher precedence. Rules conflict if they have identical or overlapping classification criteria (for the traffic that matches more than one rule). In some cases, different policy actions are not conflicting, and hence, applied in parallel.
  6. From the Rating group list, in the Quota setting, select the prior configured rating group or create a new rating group. This specifies what you want to do with the traffic that you are classifying or specify what actions you want to apply to the traffic.
  7. Click Finished.
  8. Repeat steps 3-8 to create as many rules as needed to handle the traffic you are interested in.
The enforcement policy includes the rules with the conditions and actions you added.
Now you need to associate the enforcement policy with the virtual server (or servers) to which traffic is directed.

Creating a listener for quota management

You can create listeners that specify how to handle traffic for policy enforcement. You can add support for Gy over a diameter connection by adding a diameter profile which has Gy application support to the diameter virtual server in PEM.
  1. On the Main tab, click Subscriber Management > Control Plane Listeners.
    The Control Plane Listeners screen opens.
  2. In the Policy Provisioning and Online Charging Virtuals area, click Add.
    The New Configure Diameter Endpoint Provisioning and Online Charging screen opens.
  3. In the Name Prefix field, type a unique name for the listener.
  4. In the Description field, type a description of the listener.
  5. From the VLAN and Tunnel Traffic list, select Enabled on. Then, for the VLANs and Tunnels setting, move the VLAN or VLANs on which you want to allow the virtual servers to share traffic from the Available list to the Selected list.
  6. For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor from the Available list to the Selected list.
  7. To connect to a PCRF, from the Diameter Endpoint Provisioning list, select Gy from the Supported Apps options.
  8. In the Product Name field, type the product name which is used to communicate with the OCS.
  9. In the Origin Host field, type the fully qualified domain name of the OCS, for example, ocs.xnet.com.
  10. In the Origin Realm field, type the realm name or network in which the OCS resides, for example, xnet.com.
  11. In the Destination Host field, type the destination host name of the OCS, for example, ocsdest.net.com.
  12. In the Destination Realm field, type the realm name or network of the OCS, for example, net.com.
  13. For the Pool Member Configuration setting, add the OCS servers that are to be members of the Gy endpoint pool. Type the Member IP Address and Port number, then click Add.
  14. In the Message Retransmit Delay field, type the number of milliseconds to wait before retransmitting unanswered messages in case of failure from the BIG-IP system to the OCS over the Gy interface. The default value is 1500.
  15. In the Message Max Retransmit field, type the maximum number of times that messages can be retransmitted from the BIG-IP system to the OCS. The default value is 2.
  16. In the Fatal Grace Time field, type the time period in seconds that a diameter connection can remain disconnected before the system terminates all sessions associated with that diameter endpoint. The default value is 500.
  17. Click Finished.
    The Policy Enforcement Manager creates a listener.
When you create a listener, the Policy Enforcement Manager™ also creates virtual servers for each type of traffic (TCP, UDP, or both), and a virtual server for HTTP traffic. The system enables classification and assigns the appropriate policy enforcement profile to the virtual servers. The system also creates a virtual server for the Gy interface with a diameter endpoint profile.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information