Product Documentation

Telco Subscriber Management

Oct 12, 2015

The number of subscribers in a telco network is increasing at an unprecedented rate, and managing them is becoming a challenge for service providers. Newer, faster, and smarter devices are placing high demand on the network and the subscriber management systems. It is no longer feasible to provide each subscriber the same standard of service, and the need for traffic processing on a per-subscriber basis is imperative.

The NetScaler appliance provides the intelligence to profile subscribers on the basis of their information stored in the PCRF. When a mobile subscriber connects to the Internet, the packet gateway associates an IP address with the subscriber and forwards the data packet to the appliance. The appliance receives the subscriber information dynamically or you can configure static subscribers. This information enables the NetScaler to apply its rich traffic management capabilities, such as content switching, integrated caching, rewrite, and responder, on a per-subscriber basis to manage the traffic. 

Dynamic Subscribers

The NetScaler appliance dynamically receives the subscriber information through any of the following interfaces:

  • Gx Interface
  • RADIUS Interface
  • RADIUS and Gx Interface

注意

High availability (HA) is supported from release 11.0 build 63.x.

In an HA setup, the subscriber sessions are continually synchronized on the secondary node. In the event of a failover, the subscriber information is still available on the secondary node.

Gx Interface 

A Gx interface (as specified in 3GPP 29.212) is a standard interface based on the Diameter protocol that allows exchange of policy control and charging rules between a PCRF and a PCEF entity in a Telco network. 

As soon as an IP-CAN session is established, the packet gateway forwards the subscriber ID, such as the MSISDN, and Framed-IP address information about the subscriber to the PCRF as a Diameter message. When the data packet arrives at the appliance from PGW, the appliance uses the subscriber IP address to query the PCRF to get the subscriber information. This is also known as secondary PCEF functionality. 

The PCC rules received by the appliance over the Gx interface are stored in the appliance for the duration of the subscriber session, that is, until the PCRF sends a RAR message with a Session-Release-Cause AVP or the subscriber session is terminated from the NetScaler command line or the configuration utility. If there are any updates to an existing subscriber, the PCRF sends the updates in an RAR message. A subscriber session is initiated when a subscriber logs on to the network, and terminated when the subscriber logs off.

The following illustration shows the high-level traffic flow. It assumes that the data plane traffic is HTTP. The appliance sends a Credit Control Request (CCR) over a Gx interface to the PCRF server and, in the credit control answer (CCA), receives the PCC rules and, optionally, other information, such as the RAT type, that applies to the particular subscriber. PCC rules include one or more policy (rule) names and other parameters. The appliance uses this information to retrieve the predefined rules stored on the appliance, and to direct the flow of traffic. It also stores this information in the subscriber policy and enforcement management system for the duration of the subscriber session. After a subscriber session is terminated, the appliance discards all the information about the subscriber. The following example shows the commands for configuring a Gx interface.

 
Example 複製

set subscriber param -interfaceType GxOnly

set subscriber gxInterface -vServer vdiam -pcrfRealm testrealm1.net -idleTTL 1200 -negativeTTL 120

localized image
RADIUS Interface
As soon as an IP-CAN session is established, the packet gateway forwards the subscriber information in a RADIUS Accounting Start message to the appliance through the RADIUS interface. The following example shows the commands for configuring a RADIUS interface.
Example 複製

set subscriber param -interfaceType RadiusOnly

set subscriber radiusInterface -listeningService srad1

The following illustration shows the high-level traffic flow.

localized image

RADIUS and Gx Interface

As soon as an IP-CAN session is established, the packet gateway forwards the subscriber ID, such as the MSISDN, and Framed-IP address information about the subscriber to the appliance through the RADIUS interface. The appliance uses this subscriber ID to query the PCRF on the Gx interface to get the subscriber information. This is also known as primary PCEF functionality. The following example shows the commands for configuring a RADIUS and Gx interface.

Example 複製

set subscriber param -interfaceType RadiusandGx

set subscriber gxInterface -vServer vdiam -pcrfRealm testrealm1.net -holdOnSubscriberAbsence YES -idleTTL 60 -negativeTTL 120

set subscriber radiusInterface -listeningService srad1

The following illustration shows the high-level traffic flow.

localized image

Static Subscriber

You can configure the subscribers manually on the NetScaler appliance by using the command line or the configuration utility. You create static subscribers by assigning a unique subscriber ID and optionally associating a policy to each subscriber. The following example shows the command for configuring a static subscriber.

Example 複製

add subscriber profile * -subscriberRules default_rule

add subscriber profile * -subscriberRules default_rule

 

add subscriber profile * -subscriberRules default_rule

 

add subscriber profile * -subscriberRules default_rule

 

Note: A default profile is used if the appliance cannot find a subscriber session on the appliance.

In the following example, subscriptionIdvalue specifies the international telephone number, and subscriptionIdType (E164 in this example) specifies the general format for international telephone numbers. Subscriber rules correspond to the Charging-Rule-Install AVP that is used to add a rule that is not already present, or to modify an existing rule as instructed from the PCRF. 

Example 複製

add subscriber profile 1.1.1.1 -subscriberRules policy1 policy2 -subscriptionIdType E164 –subscriptionIdvalue 98767543211

add subscriber profile 2002::a66:e8d3 -subscriberRules policy1 policy3 -subscriptionIdtype E164 –subscriptionIdvalue 98767543212

IPv6 Prefix based Subscriber Sessions

A telco user is generally identified by the IPv6 prefix rather than the complete IPv6 address. The NetScaler appliance now uses the prefix instead of the complete IPv6 address (/128) to identify a subscriber in the database (subscriber store). For communicating with the PCRF server (for example, in a CCR-I message), the appliance now uses the framed-IPv6-Prefix AVP instead of the complete IPv6 address. The default prefix length is /64, but you can configure the appliance to use a different value.

To configure the IPv6 prefix by using the command line

set subscriber param [-ipv6PrefixLookupList <positive_integer> ...]

The first example command below sets a single prefix and the second example command sets multiple prefixes.

Examples 複製

set subscriber param -ipv6PrefixLookupList 64

set subscriber param -ipv6PrefixLookupList 64 72 96

To configure the IPv6 prefix by using the configuration utility

  1. Navigate to Traffic Management > Subscriber > Parameters.
  2. In the details pane, under Settings, click Configure Subscriber Parameters and in IPv6 Prefix Lookup List, specify one or more prefixes.

Idle Session Management of Subscriber Sessions in a Telco Network

Subscriber session cleanup on a NetScaler appliance is based on control plane events, such as a RADIUS Accounting Stop message, a Diameter RAR (session release) message, or a "clear subscriber session" command. In some deployments, the messages from a RADIUS client or a PCRF server might not reach the appliance. Additionally, during heavy traffic, the messages might be lost. A subscriber session that is idle for a long time continues to consume memory and IP resources on the NetScaler appliance. The idle session management feature provides configurable timers to identify idle sessions, and cleans up these sessions on the basis of the specified action.

A session is considered idle if no traffic from this subscriber is received on the data plane or the control plane. You can specify an update, terminate (inform PCRF and then delete the session), or delete (without informing PCRF) action. The action is taken only after the session is idle for the time specified in the idle timeout parameter.

To configure the idle session timeout and the associated action by using the command line

set subscriber param [-idleTTL <positive_integer>] [-idleAction <idleAction>]

Examples 複製

set subscriber param -idleTTL 3600 -idleAction ccrTerminate

set subscriber param -idleTTL 3600 -idleAction ccrUpdate

set subscriber param -idleTTL 3600 -idleAction delete

To disable the idle session timeout, set the idle timeout to zero.

set subscriber param –idleTTL 0

To configure the idle session timeout and the associated action by using the configuration utility

  1. Navigate to Traffic Management > Subscriber > Parameters.
  2. In the details pane, under Settings, click Configure Subscriber Parameters and specify an Idle Time and Idle Action.
Subscriber Policy Enforcement & Management System

The NetScaler appliance uses the subscriber's IP address as the key to the subscriber policy enforcement and management system.

You can add subscriber expressions to read the subscriber information available in the Subscriber Policy Enforcement & Management System. These expressions can be used with policy rules and actions that are configured for NetScaler features, such as integrated caching, rewrite, responder, and content switching.

The following commands are an example of adding a subscriber-based responder action and policy. The policy evaluates to true if the subscriber rule value is“pol1”.

Example 複製

add responder action error_msg respondwith '\"HTTP/1.1 403 OK\r\n\r\n" + \" You are  not authorized to access Internet"'

add responder policy no_internet_access "SUBSCRIBER.RULE_ACTIVE(\"pol1\")" error_msg

In the following example, two policies are configured on the appliance. When the appliance checks the subscriber information and the subscriber rule is cache_enable, it performs caching. If the subscriber rule is cache_disable, the appliance does not perform caching.

Example 複製

add cache policy nocachepol -rule "SUBSCRIBER.RULE_ACTIVE(\"cache_disable\")" -action NOCACHE

add cache policy cachepol -rule "SUBSCRIBER.RULE_ACTIVE(\"cache_enable\")" -action CACHE -storeInGroup cg1

For a complete list of expressions starting with “SUBSCRIBER.” see the Policy Configuration Guide.

Subscriber Session Event Logging

The NetScaler appliance currently maintains millions of subscriber sessions in its database (subscriber store) but does not log these messages. Telco administrators need reliable log messages to track the control plane messages specific to a subscriber. They also need historical data to analyze subscriber activities. The appliance now supports logging of RADIUS control plane accounting messages and Gx control plane logging messages.  Some of the key attributes are MSISDN and time stamp. By using these logs, you can track a user by using their IP address, and MSISDN if available.

From these logs, you can learn about any activity related to a user, such as the time when a session was updated, deleted, or created (installed). Additionally, error messages are also logged.

Examples

1.       The following log entries are examples of GxOnly session update, RADIUSandGX delete, and RADIUSOnly install messages.

09/30/2015:16:38:56 GMT  Informational 0-PPE-0 : default SUBSCRIBER SESSION_EVENT 159 0 :  Session Update, GX MsgType: CCR-U, IP: 100.10.1.1

09/30/2015:17:27:56 GMT  Informational 0-PPE-0 : default SUBSCRIBER SESSION_EVENT 185 0 :  Session Delete, GX MsgType: CCR-T, RADIUS MsgType: Stop, IP: 100.10.1.1, ID: E164 - 30000000001

09/30/2015:17:25:05 GMT  Informational 0-PPE-0 : default SUBSCRIBER SESSION_EVENT 182 0 :  Session Install, RADIUS MsgType: Start, IP: 100.10.1.1, ID: E164 - 30000000001

2.       The following log entries are examples of failure messages, such as when a subscriber is not found on the PCRF server and when the appliance cannot connect to the PCRF server.

09/30/2015:16:44:15 GMT  Error 0-PPE-0 : default SUBSCRIBER SESSION_FAILURE 169 0 :  Failure Reason: PCRF failure response, GX MsgType: CCR-I, IP: 100.10.1.1

Sep 30 13:03:01  09/30/2015:16:49:08 GMT  0-PPE-0 : default SUBSCRIBER SESSION_FAILURE 176 0 :  Failure Reason: Unable to connect to PCRF, GX MsgType: CCR-I, RADIUS MsgType: Start, IP: 100.10.1.1, ID: E164 - 30000000001#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000