Introduction to Policies
To manage in a flexible way the product many features, theBQN uses policies. Policies define the actions to perform on the traffic(e.g., traffic optimization, rate limitation, generation of metrics, etc.),along with the action parameters (e.g., a speed limit).
There are three kinds of policies:
- Flow policies, to act on IP flows (for example, a TCP connection or a UDP flow).
- Rate policies, associated with subscriber sessions.
- Monitoring policies, also associated with subscriber sessions.
A subscriber session is defined as all the traffic from the same IPv4 address on the access side, or, in the case of IPv6, from the same /64subnet. See Policy Enforcement section for more details.
Every flow is assigned a flow policy. Every subscriber is assigned a rate policy and a monitoring policy. Because a subscriber has many flows, the flows may be assigned to different flow policies.
Through flow policies we control the following functionalities:
- TCP Optimization (TCPO).
- Shaping per subscriber: limit to the combined speeds of all the flows assigned to the flow policy, for that subscriber. For example, if the limit is 12 Mbps, four flows of the same subscriber can have 3 Mbps each.
- Shaping per flow: speed limit of a flow assignedto the flow policy. For example, a limit of 5 Mbps prevent any flow under thatpolicy to exceed those 5 Mbps.
- Total blocking of the traffic under this policy.
- Blocking only incoming connections from Internetof specific traffic types.
- Quota counting: decide this traffic volume counts when checking the volume quota.
- Quota limitation: what to do when the quota is reached, whether traffic is blocked or slow down to some specified speed.
Through rate policies, we control the following functionalities:
- Limit the total network speed of a subscriber.
- ACM optimization.
Through monitoring policies, we control the following functionalities:
- The amount of sampling when collecting DPI information for a subscriber (whether automatic or base on some explicit sampling percentage).
Policies are defined as part of the BQN configuration, along with rules and profiles that decide what policy to apply depending on the traffic characteristics.
Additionally, rate policies can managed from an externals ystem, creating them dynamically and assigning them to the subscribers. The BQN supports many APIs to integrate with external systems:
- BQN REST
- Integrations with many billing vendors.
The rate policies from an external system always take precedence over those rate policies configured in the BQN, that are used as a fallback (i.e. for those subscribers without a policy assignment from the external system).
The BQN enforces policies on subscriber sessions. A subscriber session is all traffic of a distinctive IP address on the access side: one single IPv4 address or one IPv6 subnet. For example, a policy with rate limits will apply those limits to the totalthroughput of that distinctive IP address.
If there is a NAT between the BQN server and the real subscribers, subscribers whose IP addresses are translated to the same IP address would be considered as the same subscriber.
The default IPv6 subnet is /64 (to change it, go to Administration->General Settings and edit the field IPv6 prefix for subscribers).
A new subscriber session is identified when the first packet from an access IP address is received. This is when the subscriber rate and monitoring rules are evaluated, to choose which policies to apply.
Check the Policy of a Subscriber
You can check the rate policies applied to a subscriber in Status->Subscribers->Subscriber Attributes. It lists the subscribers, with the applied policy in RATE-POLICY column.
The ASSIGNED-BY column, indicates the origin of the policy: BQN configuration, radius, BQN rest API or billing system.
Clicking on the subscriber IP address or Subscriber ID leads to the Subscriber dashboard (see Network Visibility, Subscriber Dashboad for more information).
At the top of the page, there are fields to filter the subscribers by policy, source of the policy assignment or IP address.
You can dig in the active flows of a subscriber in Status->Flows->Details, which shows the policy applied to each flow in FLOW-POLICY column, along with other information:
Status->Subscribers->Subscriber Attributescontains the information that were in Status->Radius/REST/Billing->Subscribersin previous versions.
Check the Subscriber of a Policy
Given a policy, it is possible to see how many subscriber IPaddresses are under each policy going to Status->Policies.
To check flow policies, go to Status->Policies->Flow Policies:
A click on a policy name leads to the policy definition and a click on the FLOWS counter shows a list of flows associated to that policy.
To check rate policies, go to Status->Policies->Rate Policies:
A click on a policy name leads to the policy definition and a click on the SUBS-ACTIVE counter shows a list of subscribers associated to that policy.
To check rate policies, go to Status->Policies->Monitoring Policies:
A click on a policy name leads to the policy definition anda click on the ACTIVE-SUBSCRIBERS counter shows a list of subscribers associated to that policy.
Status->Policies->Rate Policies combines the informationthat were in Status->Radius/REST/Billing->Policies and Status->Policiesin previous versions.
Status->Policies->Flow Policies andStatus->Policies->Monitoring Policies contain the information thatwere in Status->Policies in previous versions.