F5 BIG-IP Policy Enforcement Manager
Optimize and Monetize Networks with Context-Aware Policy Enforcement

Overview:

The growth in device usage and the explosion of data traffic from resource-intensive content like streaming video and high-bandwidth, over-the-top applications is forcing fixed-line and mobile service providers to push their networks to the limit. The challenge is to find ways to efficiently deliver customized services with best-in-class customer experience, while also optimizing network utilization and managing radio access network congestion.

F5 BIG-IP Policy Enforcement Manager (PEM) delivers the insight you need to understand subscriber behavior and effectively manage network traffic with a wide range of policy enforcement capabilities. BIG-IP PEM provides intelligent layer 4–7 traffic steering, network intelligence, and dynamic control of network resources through subscriber- and context-aware solutions. It also provides deep reporting, which you can capitalize on to build tailored services and packages based on subscribers’ app usage and traffic classification and patterns to increase ARPU.

Key Benefits

Enable new business models and services
Base your business models and services on insights gathered through comprehensive analytics and subscriber awareness capabilities, for better quality of experience (QoE) and higher ARPU and profitability.

Optimize network performance
Reduce network congestion and deliver better performance to your subscribers with layer 7 intelligent traffic steering capabilities and the ability to implement bandwidth control policies.

Consolidate services and reduce costs
Combine core elements in your network infrastructure—including policy enforcement, intelligent traffic steering, carrier-grade NAT, and network firewall—as well as integrated VAS capabilities, such as URL filtering and TCP optimization, within an easy-to-manage unified platform. Lower CapEx and OpEx, and gain energy efficiency for a greener environment.

Achieve carrier-grade performance and scalability
Manage traffic with fewer servers—and without sacrificing performance. Take advantage of best-in-class performance and scalability for total concurrent sessions, traffic throughput, and transactions per second with BIG-IP PEM, a NEBS-compliant platform.

Roll out new services faster
Simplify your network and gain greater visibility into subscriber usage patterns to create customized services and get them to market quickly—and boost subscriber satisfaction and loyalty

Traffic Detection:

BIG-IP PEM, as a 3GPP compliant Policy and Charging Enforcement Function (supporting Gx/Gy interface) or as a Traffic Detection Function (supporting Sd interface), offers service providers a comprehensive set of traffic classification capabilities. These capabilities help you accurately identify the specific applications and services your subscribers are using, and how they’re using them. You can use this information to create service plans that meet the needs of your subscribers, while also using it to regulate network usage. The combination of differentiated services and network usage control leads to increased profitability.

Traffic classification

Understanding the types of applications and services, as well as the protocols being used in the network, is key to determining how to manage subscribers’ bandwidth consumption for optimal network performance. It’s also key to developing and monetizing innovative services while ensuring optimal network efficiency and utilization monitoring.

For example, as your subscriber is watching a TV show on YouTube, you can prompt the subscriber to purchase a “turbo button” feature which, when activated, delivers a burst of bandwidth to the subscriber’s device. The result is a better experience for the subscriber, and incremental revenue for you.

BIG-IP PEM gives you the ability to classify traffic into several categories of applications and protocols—including classification of application subcategories that include voice, video, and IM. These are some examples of the types of apps and protocols BIG-IP PEM supports:

• P2P: BitTorrent, Gnutella
• VoIP: SIP, Skype, Yahoo!, Jabber
• Web: HTTP, HTTPS, FTP, YouTube, Facebook
• Streaming: HTTP streaming, RTSP, HTTP audio
• Non-TCP/UDP: IPsec, GRE, IPinIP, ICMP

As the number of apps and services being used in the network grows, you need to continually update your signature libraries to ensure that protocol classifications and subscriber plans are accurate, based on subscribers’ usage patterns. To this end, BIG-IP PEM supports dynamic and hitless signature upgrades, so you can seamlessly receive new signatures for new or existing applications—without having to perform a software release upgrade.

Other types of traffic classification employed on BIG-IP PEM include behavior and heuristics analysis, and deep packet inspection.

Subscriber awareness

BIG-IP PEM performs subscriber discovery via RADIUS and/or DHCP and provides information such as IP address, IMSI, and user name, which, when correlated with application flows, allows for deeper understanding of the type of applications and services subscribers are using and how they are using them. In addition, BIG-IP PEM can retrieve info on RAT type (Radio Access Technology) via RADIUS messages and can apply different policies based on subscriber use of 3G or 4G LTE networks. BIG-IP PEM can also function as a RADIUS client for authentication and accounting for subscribers.

Policy Enforcement:

Intelligent traffic steering

With BIG-IP PEM, service providers can perform layer 7 advanced steering of application and subscriber traffic to multiple, value-added services including web caching, video optimization, and parental control. For example, BIG-IP PEM detects if a subscriber’s mobile device is consuming video. If so, it can direct traffic from that device to your video optimization server. By steering traffic only to relevant servers, you can reduce the burden on other servers thereby reducing CapEx and OpEx.

Dynamic service chaining

Dynamic service chaining capabilities within BIG-IP PEM enable service providers to send traffic to multiple services within a single flow and to dynamically add or remove different services of the chain depending on subscriber requirements. For example, BIG-IP PEM can send subscribers who want to watch a specific video clip to a URL filtering/parental control service first. This service ensures the subscriber is allowed to view the specific content before sending it to a video optimization server. With dynamic service chaining, service providers can create differentiated services and provide opportunities to increase ARPU.

Bandwidth control

BIG-IP PEM provides significant flexibility in controlling bandwidth—via rate limiting, DSCP marking, and layer 2 quality of service marking. Limits can be applied to a group of subscribers, to all subscribers, or at the application level. This flexibility enables you to establish tiered services to create and manage incremental revenue-generating plans based on subscribers’ actual data usage patterns. Bandwidth control can also be used to implement fair-usage policies to allow your subscribers to consume a fair amount of bandwidth while distributing it more proportionally across the subscriber base.

Video analytics

Video traffic is a major source of congestion in a service provider’s network—causing significant degradation in subscriber QoE if not managed carefully. With the BIG-IP PEM video analytics capability, service providers can get enhanced visibility into media traffic including reporting on video type, encoding rate, resolution, and video mean opinion score (MOS). Leveraging this information, service providers can apply specific policies based on video type per subscriber. For example, premium subscribers will be able to stream HD video, while non-premium subscribers will only be able to stream SD video for that specific application (while streaming HD video for all other applications).

RAN congestion detection and control

Data-intensive applications (including mobile video) continue to place significant strain on service provider networks, and more specifically on resource constraint elements such as the Radio Access Network (RAN). As one of the most expensive elements within service provider networks, the RAN must be optimized and policies implemented to detect and control congestion within the RAN. This enables service providers to optimize network resources while improving subscriber QoE.

As an inline network device, BIG-IP PEM monitors subscriber throughput, loss rate, and delay. It can then apply specific policies to the subscriber traffic, including rate limiting and steering specific subscriber traffic to optimization services—leading to reduction in traffic congestion. As a result, the service provider can save CapEx and OpEx on core network infrastructure and provide a high QoE.

Tethering detection

Mobile subscribers, on average, are expected to have 3–4 devices with them at any one time. However, many do not have separate data plans for each of their devices, instead tethering their devices to their primary device, typically via WiFi. From a service provider perspective, unauthorized tethering of devices leads to additional bandwidth strain on their already resource-constrained network, leading to poorer quality of experience and loss of revenues. Service providers need to be able to detect tethered devices and apply policies to reduce the impact on their network. BIG-IP PEM supports a comprehensive set of tethering detection algorithms. These polices allow service providers to alleviate network congestion and increase revenue streams with new plans for subscribers.

Others:

Reporting Data

Granular reports provide information about subscriber and application flows. For instance, BIG-IP PEM provides data about activity at the per-session and per-application level, as well as event-driven, flow-based records. These reports are generated within the BIG-IP PEM platform at periodic intervals over high-speed logging interfaces as well as via IPFIX, which provides an efficient and powerful way to collect and stream large amounts of data. BIG-IP PEM also provides quick and easy on-box reporting capabilities at an aggregate or application level. With this data, you can truly understand how your subscribers are using your services and take advantage of this information to define new service plans.

Charging

BIG-IP PEM supports the Gy interface and integrates with multiple online charging subsystems to enable you to implement real-time credit control and quota management, such as time-based quotas, quota replenishment, and quote breach, for subscriber sessions. Online credit control can be used for both prepaid and postpaid subscribers.

URL Filtering

Service providers have the option to integrate URL filtering services within BIG-IP PEM. Through URL filtering, service providers can implement parental control services, which block traffic to specific websites based on certain URL categories or based on specific URLs you define. Parental control services extend service providers’ offerings with new revenue-generating services that provide subscribers with a higher quality QoE.

BIG-IP PEM is placed inline between the edge router and the network gateway (GGSN/PGW) in a mobile network or a BRAS/BNG in a fixed-line network. It offloads data traffic services from the PGW/BNG and many of the traffic classification capabilities from the packet gateway/broadband network gateway, and provides intelligent layer 7 traffic steering capabilities.

Architecture:

The advanced architecture of the BIG-IP system gives you total flexibility to control application delivery without creating traffic bottlenecks.

TMOS

At the heart of BIG-IP PEM is the F5 TMOS operating system. TMOS understands the intricacies between the application, the network, and your subscribers to give you intelligent control over application delivery, as well as total visibility, flexibility, and control across all services. TMOS also enables integration between BIG-IP PEM and other F5 products so that BIG-IP PEM can intelligently adapt to the diverse and evolving requirements of applications and networks.

iRules

F5 iRules is a TCL-based scripting language used with BIG-IP devices to give you greater flexibility in handling application traffic within the application transaction or flow. With complete payload inspection and transformation capabilities, the ability to take advantage of event-driven iRules, and session-aware switching, the BIG-IP system offers the most intelligent control point from which to address diverse application delivery issues—at network speed.

iControl

The F5 iControl API helps automate communications between third-party applications and BIG-IP PEM, removing the need for manual intervention. iControl supports a true publish/ subscribe model, which reduces network overhead and improves the performance of services that integrate with BIG-IP PEM through the iControl interface. For most network services, this can reduce network bandwidth and processing time.

System management

BIG-IP PEM provides insight into the system for debugging and troubleshooting purposes. You can view system status, as well as view and modify specific configuration items. These include subscriber-specific information and certain system information, such as Radius, Gx, and Gy. The system management features in BIG-IP PEM give you greater control and monitoring capabilities and the ability to ensure that BIG-IP PEM is performing optimally.

High-performance services fabric

The BIG-IP system consolidates multiple service functions into a single platform. Built on the modular TMOS architecture, it is a very fast, low latency, full proxy that supports firewall capabilities, advanced defense against more than 30 distributed denial-of-service (DDoS) attack types, IP port scans and SYN floods, traffic load balancing, advanced network health monitoring, and traffic steering with preset policies based on server availability— resulting in improved service availabilityand reliability in the network.

Based on 3GPP standards, BIG-IP PEM as a policy enforcement platform is interoperable with many of the leading policy and charging rules function (PCRF) and online charging systems (OCS) platforms.

In addition to policy enforcement, BIG-IP PEM provides intelligent traffic steering capabilities so you can inspect and steer traffic to VAS servers and route it based on subscriber profiles. BIG-IP PEM also provides add-on modules for service providers who need a solution to transition networks from IPv4 to IPv6. One of these modules is BIG-IP Carrier-Grade NAT (CGNAT), which includes a wide range of solutions to help you migrate to IPv6—all on a single, high-performance, carrier-grade platform.

In addition, BIG-IP Advanced Firewall Manager (AFM) coupled with BIG-IP PEM provides a high-performance network firewall designed to guard networks against incoming threats that enter the network on the most widely deployed protocols. BIG-IP AFM also provides network-layer and session-layer DDoS mitigation to prevent sophisticated network target attacks.

Network Performance:

TCP optimization

BIG-IP PEM includes a highly optimized TCP/IP stack that provides leading edge TCP/IP techniques (which minimize the effects of congestion and packet loss for 3G/4G networks). TCP optimization delivers up to 2x performance gains for subscribers and a 4x improvement in bandwidth efficiency.

HTTP header enrichment

HTTP header enrichment enables you to append the HTTP header with information such as MSISDN, IMSI, and IP address, which can be used to provide further subscriber awareness to the application or service. With this capability, BIG-IP PEM (located between the subscriber’s mobile device and the network) enables you to provide a more personalized and interactive experience—all while increasing ARPU.

BIG-IP PEM Platforms:

BIG-IP PEM offers best-in-class performance and scalability for total concurrent sessions, traffic throughput, and transactions per second on its systems. NEBS-compliant, BIG-IP PEM scales up to 320 Gbps of throughput at layer 7 with more than 24 million concurrent subscribers. This high-availability platform also includes sophisticated health monitoring, fast system failovers, and comprehensive connection mirroring to ensure service uptime and at-peak performance.

Hardware includes BIG-IP iSeries appliances or the F5 VIPRION modular chassis and blade system designed specifically for service delivery, security, and high performance. VIPRION uses F5 ScaleN technologies to provide on-demand linear scalability, enabling you to add blades with no disruption to your network. Virtual editions of BIG-IP software run on commodity servers and provide agility and fast deployment of services in network functions virtualization (NFV) environments.

BIG-IP PEM provides a high degree of redundancy and resiliency with support for interchassis and intra-chassis redundancy. Both intra-chassis redundancy (which provides redundancy within a single system) and inter-chassis redundancy (which provides redundancy across multiple systems in the same location or different locations) enable you to adhere to service level agreements (SLAs) and avoid unplanned network outages, providing a greater QoE to your subscribers.

BIG-IP PEM is available on the VIPRION C2400, C4800, and C4480 chassis with the B4300 and B4340, both 96 GB blades, and the high-performance 100 GB B4480 blade. BIG-IP PEM is also available as a stand-alone appliance with the new BIG-IP iSeries i5x00, i7x00 and i10x00 appliances, as well as virtual network functions (vPCEF/vTDF) running on BIG-IP virtual editions, which offer the flexibility of a virtual BIG-IP system.

Performance Specifications
Throughput L7	320 Gbps
Concurrent connections	96 million
New connections per second	1.4 million CPS
Concurrent subscribers	24 million
New subscribers per second	30,000

F5 Global Services:

F5 Global Services offers world-class support, training, and consulting to help you get the most from your F5 investment. Whether it’s providing fast answers to questions, training internal teams, or handling entire implementations from design to deployment, F5 Global Services can help ensure your applications are always secure, fast, and reliable.

Documentation:

Download the F5 BIG-IP Policy Enforcement Manager Datasheet (.PDF)