Policy Enforcer

Overview

The BIG-IP Next Policy Enforcer (PE) helps service providers to effectively manage and control subscriber traffic by analyzing application traffic, monitoring subscriber behavior, and enforcing custom traffic policies. For example, service providers can configure the system to block web traffic originating from specific IP addresses. Additionally, the Policy Enforcer facilitates Quality of Service (QoS) management by enabling traffic prioritization through Differentiated Services Code Point (DSCP) marking and linking QoS mechanisms.

The solution also offers flexibility to perform actions such as redirecting HTTP traffic destined for a particular IP address to a designated URL or optimizing video traffic for specific subscribers by routing it to dedicated optimization servers. Acting as a key intermediary between subscribers and the network they access, the BIG-IP system with Policy Enforcer intercepts and processes subscriber traffic based on pre-defined traffic policies.

The Policy Enforcer (PE) allows service providers to define and apply subscriber enforcement policies, which are composed of rules specifying how specific types of traffic should be managed. For a policy to be applied, it must first be assigned, or provisioned, to an active subscriber session. A subscriber session begins when a subscriber logs into the network (is authenticated) and ends either when the subscriber logs out or the session is terminated. Each session is uniquely identified by the IP address of the subscriber. Currently, the Policy Enforcer supports two types of policies: unknown subscriber policies and global policies. By default, all traffic flows are treated as unknown subscriber flows unless the Gx interface identifies the subscriber as known and specifies applicable policies. PE uses the Policy Enforcement Manager to apply the relevant policies to subscriber traffic. To determine which policy to enforce, PE first identifies the subscriber associated with the session.

Currently, BIG-IP Next supports PE for the following use cases:

• Deep Packet Inspection
• URL Categorization
• TCP Optimization
• UDP Ratepacing
• Flow Filter
• Reporting

Feedback

To provide feedback and help improve this document, please email us at cnfdocs@f5.com.