Product Documentation

Telco Subscriber Management

Oct 19, 2016

The number of subscribers in a telco network is increasing at an unprecedented rate, and managing them is becoming a challenge for service providers. Newer, faster, and smarter devices are placing high demand on the network and the subscriber management systems. It is no longer feasible to provide each subscriber the same standard of service, and the need for traffic processing on a per-subscriber basis is imperative.

The NetScaler appliance provides the intelligence to profile subscribers on the basis of their information stored in the PCRF. When a mobile subscriber connects to the Internet, the packet gateway associates an IP address with the subscriber and forwards the data packet to the appliance. The appliance receives the subscriber information dynamically or you can configure static subscribers. This information enables the NetScaler to apply its rich traffic management capabilities, such as content switching, integrated caching, rewrite, and responder, on a per-subscriber basis to manage the traffic. 

Dynamic Subscribers

The NetScaler appliance dynamically receives the subscriber information through any of the following interfaces:

  • Gx Interface
  • RADIUS Interface
  • RADIUS and Gx Interface

메모

High availability (HA) is supported from release 11.0 build 63.x.

In an HA setup, the subscriber sessions are continually synchronized on the secondary node. In the event of a failover, the subscriber information is still available on the secondary node.

Gx Interface 

A Gx interface (as specified in 3GPP 29.212) is a standard interface based on the Diameter protocol that allows exchange of policy control and charging rules between a PCRF and a PCEF entity in a Telco network. 

As soon as an IP-CAN session is established, the packet gateway forwards the subscriber ID, such as the MSISDN, and Framed-IP address information about the subscriber to the PCRF as a Diameter message. When the data packet arrives at the appliance from PGW, the appliance uses the subscriber IP address to query the PCRF to get the subscriber information. This is also known as secondary PCEF functionality. 

The PCC rules received by the appliance over the Gx interface are stored in the appliance for the duration of the subscriber session, that is, until the PCRF sends a RAR message with a Session-Release-Cause AVP or the subscriber session is terminated from the NetScaler command line or the configuration utility. If there are any updates to an existing subscriber, the PCRF sends the updates in an RAR message. A subscriber session is initiated when a subscriber logs on to the network, and terminated when the subscriber logs off.

The following illustration shows the high-level traffic flow. It assumes that the data plane traffic is HTTP. The appliance sends a Credit Control Request (CCR) over a Gx interface to the PCRF server and, in the credit control answer (CCA), receives the PCC rules and, optionally, other information, such as the RAT type, that applies to the particular subscriber. PCC rules include one or more policy (rule) names and other parameters. The appliance uses this information to retrieve the predefined rules stored on the appliance, and to direct the flow of traffic. It also stores this information in the subscriber policy and enforcement management system for the duration of the subscriber session. After a subscriber session is terminated, the appliance discards all the information about the subscriber. The following example shows the commands for configuring a Gx interface. 

 
Example 복사

set subscriber param -interfaceType GxOnly

add service pcrf-svc 203.0.113.1 DIAMETER 3868

add lb vserver vdiam DIAMETER 0.0.0.0 0 -persistenceType DIAMETER -persistAVPno 263

bind lb vserver vdiam pcrf-svc

set subscriber gxInterface -vServer vdiam -pcrfRealm testrealm1.net -revalidationTimeout 1200 -negativeTTL 120

localized image
RADIUS Interface
As soon as an IP-CAN session is established, the packet gateway forwards the subscriber information in a RADIUS Accounting Start message to the appliance through the RADIUS interface. A new service type, RADIUSListener, is added to process RADIUS Accounting messages. The following example shows the commands for configuring a RADIUS interface.
Example 복사

set subscriber param -interfaceType RadiusOnly

add service srad1 192.0.0.206 RADIUSLISTENER 1813

set subscriber radiusInterface -listeningService srad1

The following illustration shows the high-level traffic flow.

localized image

RADIUS and Gx Interface

As soon as an IP-CAN session is established, the packet gateway forwards the subscriber ID, such as the MSISDN, and Framed-IP address information about the subscriber to the appliance through the RADIUS interface. The appliance uses this subscriber ID to query the PCRF on the Gx interface to get the subscriber information. This is also known as primary PCEF functionality. The following example shows the commands for configuring a RADIUS and Gx interface.

Example 복사

set subscriber param -interfaceType RadiusandGx

add service pcrf-svc 203.0.113.1 DIAMETER 3868

add lb vserver vdiam DIAMETER 0.0.0.0 0 -persistenceType DIAMETER -persistAVPno 263

bind lb vserver vdiam pcrf-svc

set subscriber gxInterface -vServer vdiam -pcrfRealm testrealm1.net -holdOnSubscriberAbsence YES -revalidationTimeout 60 -negativeTTL 120

add service srad1 192.0.0.206 RADIUSLISTENER 1813

set subscriber radiusInterface -listeningService srad1

The following illustration shows the high-level traffic flow.

localized image

Static Subscriber

You can configure the subscribers manually on the NetScaler appliance by using the command line or the configuration utility. You create static subscribers by assigning a unique subscriber ID and optionally associating a policy to each subscriber. The following example shows the command for configuring a static subscriber.

Example 복사

add subscriber profile 2002::a66:e8d3/64 -subscriberRules policy1 policy3 -subscriptionIdtype E164 –subscriptionIdvalue 98767543212

add subscriber profile * -subscriberRules default_rule

 

add subscriber profile * -subscriberRules default_rule

 

add subscriber profile * -subscriberRules default_rule

 

Note: A default profile is used if the appliance cannot find a subscriber session on the appliance.

In the following example, subscriptionIdvalue specifies the international telephone number, and subscriptionIdType (E164 in this example) specifies the general format for international telephone numbers. Subscriber rules correspond to the Charging-Rule-Install AVP that is used to add a rule that is not already present, or to modify an existing rule as instructed from the PCRF. 

Example 복사

add subscriber profile 203.0.113.6 -subscriberRules policy1 policy2 -subscriptionIdType E164 –subscriptionIdvalue 98767543211

add subscriber profile 2002::a66:e8d3/64 -subscriberRules policy1 policy3 -subscriptionIdtype E164 –subscriptionIdvalue 98767543212

IPv6 Prefix based Subscriber Sessions

A telco user is generally identified by the IPv6 prefix rather than the complete IPv6 address. The NetScaler appliance now uses the prefix instead of the complete IPv6 address (/128) to identify a subscriber in the database (subscriber store). For communicating with the PCRF server (for example, in a CCR-I message), the appliance now uses the framed-IPv6-Prefix AVP instead of the complete IPv6 address. The default prefix length is /64, but you can configure the appliance to use a different value.

To configure the IPv6 prefix by using the command line

set subscriber param [-ipv6PrefixLookupList <positive_integer> ...]

The first example command below sets a single prefix and the second example command sets multiple prefixes.

Examples 복사

set subscriber param -ipv6PrefixLookupList 64

set subscriber param -ipv6PrefixLookupList 64 72 96

To configure the IPv6 prefix by using the configuration utility

  1. Navigate to Traffic Management > Subscriber > Parameters.
  2. In the details pane, under Settings, click Configure Subscriber Parameters and in IPv6 Prefix Lookup List, specify one or more prefixes.

Idle Session Management of Subscriber Sessions in a Telco Network

Subscriber session cleanup on a NetScaler appliance is based on control plane events, such as a RADIUS Accounting Stop message, a Diameter RAR (session release) message, or a "clear subscriber session" command. In some deployments, the messages from a RADIUS client or a PCRF server might not reach the appliance. Additionally, during heavy traffic, the messages might be lost. A subscriber session that is idle for a long time continues to consume memory and IP resources on the NetScaler appliance. The idle session management feature provides configurable timers to identify idle sessions, and cleans up these sessions on the basis of the specified action.

A session is considered idle if no traffic from this subscriber is received on the data plane or the control plane. You can specify an update, terminate (inform PCRF and then delete the session), or delete (without informing PCRF) action. The action is taken only after the session is idle for the time specified in the idle timeout parameter.

To configure the idle session timeout and the associated action by using the command line

set subscriber param [-idleTTL <positive_integer>] [-idleAction <idleAction>]

Examples 복사

set subscriber param -idleTTL 3600 -idleAction ccrTerminate

set subscriber param -idleTTL 3600 -idleAction ccrUpdate

set subscriber param -idleTTL 3600 -idleAction delete

To disable the idle session timeout, set the idle timeout to zero.

set subscriber param –idleTTL 0

To configure the idle session timeout and the associated action by using the configuration utility

  1. Navigate to Traffic Management > Subscriber > Parameters.
  2. In the details pane, under Settings, click Configure Subscriber Parameters and specify an Idle Time and Idle Action.
Subscriber Policy Enforcement & Management System

The NetScaler appliance uses the subscriber's IP address as the key to the subscriber policy enforcement and management system.

You can add subscriber expressions to read the subscriber information available in the Subscriber Policy Enforcement & Management System. These expressions can be used with policy rules and actions that are configured for NetScaler features, such as integrated caching, rewrite, responder, and content switching.

The following commands are an example of adding a subscriber-based responder action and policy. The policy evaluates to true if the subscriber rule value is“pol1”.

Example 복사

add responder action error_msg respondwith '\"HTTP/1.1 403 OK\r\n\r\n" + \" You are  not authorized to access Internet"'

add responder policy no_internet_access "SUBSCRIBER.RULE_ACTIVE(\"pol1\")" error_msg

In the following example, two policies are configured on the appliance. When the appliance checks the subscriber information and the subscriber rule is cache_enable, it performs caching. If the subscriber rule is cache_disable, the appliance does not perform caching.

Example 복사

add cache policy nocachepol -rule "SUBSCRIBER.RULE_ACTIVE(\"cache_disable\")" -action NOCACHE

add cache policy cachepol -rule "SUBSCRIBER.RULE_ACTIVE(\"cache_enable\")" -action CACHE -storeInGroup cg1

For a complete list of expressions starting with “SUBSCRIBER.” see the Policy Configuration Guide.

Subscriber Session Event Logging

The NetScaler appliance currently maintains millions of subscriber sessions in its database (subscriber store) but does not log these messages. Telco administrators need reliable log messages to track the control plane messages specific to a subscriber. They also need historical data to analyze subscriber activities. The appliance now supports logging of RADIUS control plane accounting messages and Gx control plane logging messages.  Some of the key attributes are MSISDN and time stamp. By using these logs, you can track a user by using their IP address, and MSISDN if available.

From these logs, you can learn about any activity related to a user, such as the time when a session was updated, deleted, or created (installed). Additionally, error messages are also logged.

Examples

1.       The following log entries are examples of GxOnly session update, RADIUSandGX delete, and RADIUSOnly install messages.

09/30/2015:16:38:56 GMT  Informational 0-PPE-0 : default SUBSCRIBER SESSION_EVENT 159 0 :  Session Update, GX MsgType: CCR-U, IP: 100.10.1.1

09/30/2015:17:27:56 GMT  Informational 0-PPE-0 : default SUBSCRIBER SESSION_EVENT 185 0 :  Session Delete, GX MsgType: CCR-T, RADIUS MsgType: Stop, IP: 100.10.1.1, ID: E164 - 30000000001

09/30/2015:17:25:05 GMT  Informational 0-PPE-0 : default SUBSCRIBER SESSION_EVENT 182 0 :  Session Install, RADIUS MsgType: Start, IP: 100.10.1.1, ID: E164 - 30000000001

2.       The following log entries are examples of failure messages, such as when a subscriber is not found on the PCRF server and when the appliance cannot connect to the PCRF server.

09/30/2015:16:44:15 GMT  Error 0-PPE-0 : default SUBSCRIBER SESSION_FAILURE 169 0 :  Failure Reason: PCRF failure response, GX MsgType: CCR-I, IP: 100.10.1.1

Sep 30 13:03:01  09/30/2015:16:49:08 GMT  0-PPE-0 : default SUBSCRIBER SESSION_FAILURE 176 0 :  Failure Reason: Unable to connect to PCRF, GX MsgType: CCR-I, RADIUS MsgType: Start, IP: 100.10.1.1, ID: E164 - 30000000001#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000

Subscriber Aware LSN Session Termination

In earlier releases, if a subscriber session is deleted when a RADIUS Accounting STOP or a PCRF-RAR message is received, or as a result of any other event, such as TTL expiry or flush, the corresponding LSN sessions of the subscriber are removed only after the configured LSN timeout period. LSN sessions that are kept open until this timeout expires continue to consume resources on the appliance.

From release 11.1, a new parameter (subscrSessionRemoval) is added. If this parameter is enabled, and the subscriber information is deleted from the subscriber database, LSN sessions corresponding to that subscriber are also removed. If this parameter is disabled, the subscriber sessions are timed out as specified by the LSN timeout settings.

To configure subscriber aware LSN session termination by using the NetScaler command line

At the command prompt, type:

set lsn parameter -subscrSessionRemoval ( ENABLED | DISABLED )

Example 복사

> set lsn parameter -subscrSessionRemoval ENABLED

Done

> sh lsn parameter

            LSN Global Configuration:

 

            Active Memory Usage: 0 MBytes

            Configured Memory Limit: 0 MBytes

            Maximum Memory Usage Limit: 912 MBytes

            Session synchronization: ENABLED

            Subscriber aware session removal: ENABLED

To configure subscriber aware LSN session termination by using the NetScaler GUI

  1. Navigate to System > Large Scale NAT.
  2. In Getting started, click Set LSN Parameter.
  3. Set the Subscriber Aware Session Removal parameter

Policy-based TCP Profile

You can configure the NetScaler appliance to perform TCP optimization based on subscriber attributes. For example, the appliance can now select different TCP profiles at run time, based on the network to which the user equipment (UE) is connected. As a result, you can improve a mobile user's experience by setting some parameters in the TCP profiles and then using policies to select the appropriate profile.     

Create different TCP profiles for subscribers connecting through a 4G network and for users connecting through any other network. Define a policy rule that is selected on the basis of a subscriber parameter, such as RAT-type. In the following examples, if RAT-Type is EUTRAN, a TCP profile that supports a faster connection is selected (Example 1). For all other RAT-Type values, a different TCP profile is selected (Example 2).

메모

The RAT-Type AVP (AVP code 1032) is of type Enumerated and is used to identify the radio access technology that is serving the UE.

The value "1004" indicates that the RAT is EUTRAN. (RFC 29.212).

Example 1 복사

add ns tcpProfile tcp2 -WS ENABLED -SACK ENABLED -WSVal 8 -initialCwnd 16 -oooQSize 15000 -slowStartIncr 1 –bufferSize  1000000 –flavor BIC -dynamicReceiveBuffering DISABLED -sendBuffsize 1000000 -dsack DISABLED -maxcwnd 4000000 -fack ENABLED –minRTO 500 –maxburst 15

add appqoe action appact2 -priority HIGH -tcpprofile tcp2

add appqoe policy apppol2 -rule "SUBSCRIBER.AVP(1032).VALUE.GET_UNSIGNED32(0, BIG_ENDIAN).EQ(1004)" -action appact2

bind cs vserver <name>  -policyname apppol2 –priority 20 –type request

Example 2 복사

add ns tcpProfile tcp1 -WS ENABLED -SACK ENABLED -WSVal 8 -initialCwnd 16 -oooQSize 15000 -slowStartIncr 1 –bufferSize  150000 –flavor BIC -dynamicReceiveBuffering DISABLED -sendBuffsize 150000 -dsack DISABLED -maxcwnd 4000000 -fack ENABLED –minRTO 200 –maxburst 15

add appqoe action appact1 -priority HIGH -tcpprofile tcp1

add appqoe policy apppol1 -rule "SUBSCRIBER.AVP(1032).VALUE.GET_UNSIGNED32(0, BIG_ENDIAN).NE(1004)" -action appact1

bind cs vserver <name>  -policyname apppol1 –priority 10 –type request