Policy Provisioning Tool Overview

This chapter provides an overview of the Policy Provisioning Tool (PPT) which is an integral part of the Cisco’s Policy Control and Charging (PCC) Solution, designed to be used in conjunction with the Intelligent Policy Control Function (IPCF) on Cisco© chassis and the Subscriber Service Controller (SSC) on Cisco© UCS or IBM© Blade Center.

This chapter contains following sections:

PCC Solution Elements

This section provides a brief overview of PCC solution components.

The Cisco Policy and Charging Control (PCC) solution includes following functional entities:

Intelligent Policy Control Function (IPCF)

This section briefly describes IPCF.

IPCF provides policy control and charging rule functions in a core network. IPCF acts as a Policy Charging and Rules Function (PCRF) supplemented with usage monitoring capability that enables policies around data consumption. IPCF interfaces with Policy Charging and Enforcement Function (PCEF) over standard Gx interface.

Cisco IPCF is compliant with 3GPP standard in operator’s core network. It performs following key functions:
  • Derive and authorize the QoS information for the service data flow for session as well as bearer use.
  • Select appropriate charging criteria and mechanism apt for data usage.
  • Provide network control regarding the service data flow detection and gating.
  • Ensure that the PCEF user plane traffic treatment is in accordance with user’s subscription profile.
  • Correlate service and charging information across PCEF and Application Function (AF).

IMPORTANT:

For more information on IPCF function and supported interfaces, refer Cisco ASR 5000 Series Intelligent Policy Control Function Administration Guide.

Subscriber Service Controller (SSC)

This section briefly describes SSC.

SSC provides the SPR functionality for the Cisco PCC solution that is compliant with 3GPP R8, and uses an extended implementation of 3GPP Sh messaging for exchanging static as well as dynamic subscriber profile data with IPCF. SSC allows the enforcement of aggregate rules supporting volume usage across groups of subscribers sharing common account. It also provides optional decision center functionality.

SSC provides a centralized and simplified policy management for the network. It interfaces with IPCF over Sp interface which is based on standard Sh protocol, for subscriber profile and usage related transactions. SSC also supports a proprietary interface to receive event notification data from IPCF.

IMPORTANT:

For more information on SSC function and supported interfaces, refer Cisco ASR 5000 Subscriber Service Controller Installation and Administration Guide.

Policy Provisioning Tool (PPT)

This section briefly describes PPT.

The PPT is a GUI-based policy and profile management tool in the PCC solution that allows operators to perform subscriber policy provisioning and management functions.

The PPT interfaces with IPCF as well as SSC to provide centralized policy management interface for operators.

PPT Introduction

This section describes Policy Provisioning Tool (PPT) application.

Cisco Policy Provisioning Tool (PPT) is a Web-based client-server application that provides a comprehensive policy design experience to service providers or network operators. Using wizard-based implementation of policy use cases, PPT enables service providers to design policies for network usage and monitoring. These policies can then be used to monitor and control services rendered to subscribers as well as their network usage. PPT interfaces with other components of PCC solution such as IPCF and SSC to exchange data such as QoS profile or data plans.

PPT can be deployed to configure policies using a local library of user defined actions and conditions along with rules, rule bases, Access Point Names (APNs), and other data elements from Policy Control Enforcement Function (PCEF) such as Gateway GPRS Support Node (GGSN), Serving GPRS Support Node (SGSN) or Packet Data Serving Node (PDSN). PPT is designed to simplify policy use case configuration by importing relevant rules, flows and other data elements from PCEF. In most deployments the PCEF is located at a gateway that is responsible for enforcing policy and charging related decisions received from IPCF. PCEF performs service data flow detection as well as gate enforcement for the data flows.

PPT works in conjunction with other PCC solution components such as IPCF, SSC and PCEFs such as GGSN or PDSN to provide following functionality:
  • Designing highly flexible, easily expandable and manageable policy use cases using a GUI based tool.
  • Configuring policies using libraries containing rules, rule bases as well as APN and traffic type categories.
  • Configuring and maintaining policies that can be used by IPCF and SSC to provide various services to the subscribers.
  • Configuring data plans containing service usage limits and thresholds.
  • Deploying policies across multiple IPCF instances and interfacing with multiple SSC instances in a PCC deployment.
  • Configuring templates for notification messages to subscribers that can be sent thru e-mail as well as SMS using the SSC component of PCC solution.
  • Configuring Quality of Service (QoS) profiles, that can act as a container for QoS parameters used to determine the availability and quality of services being offered.
  • Maintaining a policy database.

Depending upon your business model and network configuration PPT can fetch policy related objects from PCEF as well as provision policy related objects to SSC and IPCF instances.

PPT can fetch following policy related information from PCEF:
  • APN names
  • Ruledef names
  • Rulebase names

IMPORTANT:

User can use this information in policy configuration. But, the definition of these objects is not fetched i.e. the definition of the rule is not fetched. For the policy configuration, only the name is required.

PPT can provision following policy related IPCF objects:
  • Map profiles
  • Data Services
  • Timedef
  • Quality of Service (QoS) Profiles
  • Profiles
  • PCC Service
  • Dynamic rules
PPT can provision following policy related SSC objects:
  • Data plans
  • SMS and e-mail notification templates
  • Subscription tiers
  • Dynamic profile attributes
  • Areas
  • Regions
  • Region lists

IMPORTANT:

PPT is a policy provisioning tool. It does not perform any functions related to subscriber profile provisioning, such as creating subscribers or associating data plans to subscribers. Such functions are performed by the SSC component of the PCC solution.

Following figure describes a network scenario where PPT is deployed with other PCC solution components such as IPCF and SSC.
Figure 1. Deployment Scenario
The client-server architecture of PPT provides a GUI based tool to quickly create new policies. Depending upon the business model, subscriber base and network configuration, following categories of policies can be created using PPT application:
  • Subscriber profile based policies using subscriber attributes such as subscription tiers, IMSI and MSISDN.
  • Volume based policies using maximum limits and thresholds.
  • Access Point Name (APN) based policies using the network configuration.
  • Speed based policies using Quality of Service (QoS) and throughput.
  • Location based polices using home region roaming and base station id.
  • Time based polices using time of the day, day of the week.
  • Access type based policies using category of network access technology deployed, such as 2G, 3G or LTE.
  • Subscriber session based policies using usage per session.
  • Protocol based policies indicating allowed or restricted protocols such as P2P, FTP, HTTP.
  • Content based polices indicating allowed or restricted content categories.
  • URL based polices indicating allowed or blocked URLs.

Features and Functionality

This section describes features and functionality supported by PPT application.

Following features are described in this section:

Synchronizing Policy Objects from Multiple IPCF, SSC and PCEF Instances

This section briefly describes intelligent, on-demand policy objects synchronization between PPT and IPCF, SSC and PCEF instances.

While creating and maintaining policies, PPT application needs to synchronize with IPCF and SSC instances in the deployment to get latest values of all the policy related IPCF as well as SSC objects. If any PCEF instance is part of the PCC deployment then PPT application needs to synchronize with the PCEF such as GGSN or PDSN to get latest values of policy related PCEF objects.

Synchronization can be performed using a script as well as GUI. A synchronization script can be scheduled to be executed periodically. In the PPT Administration menu, users with administrative privileges can access the Element Summary GUI to perform synchronization as well as view its status. The synchronization process can be monitored by accessing SNMP traps related to scheduler and synchronization status.

Policy object synchronization allows PPT application:
  • Faster access to configurations of all IPCF and SSC instances in the deployment.
  • Access to changes performed directly by IPCF and SSC.
PPT application can synchronize following IPCF objects:
  • Map profiles
  • Data Services
  • Timedef
  • Quality of Service (QoS) Profiles
  • Profiles
  • PCC Service
  • Dynamic rules
PPT application can synchronize following SSC objects:
  • Data plans
  • SMS and e-mail notification templates
  • Subscription tiers
  • Dynamic profile attributes
  • Areas
  • Regions
  • Region lists
PPT application can synchronize following PCEF objects:
  • APN names
  • Ruledef Names
  • Rulebase Names

PPT application synchronizes latest values of all these objects periodically and maintains these values in PPT database. It can be configured to perform synchronization process when Administrators initiate the process by using GUI.

High Availability (HA) Support in the PPT Application

PPT application can monitor processes associated with its components such as:
  • Apache Web Server
  • PostgreSQL Database Server
  • PSMon
  • Notification Server
  • Scheduler
  • Monitor Server

It can also re-start a failed process. Enhanced PPT architecture ensures availability and continuity of PPT application in a transparent manner, in case of hardware failure. This High Availability (HA) feature is implemented using Veritas© Cluster solution.

Three main components of a cluster solution are:
  • Active node
  • Stand-by node
  • Shared Disk

The machines on which PPT is installed are configured as active or stand-by nodes in a cluster. The shared disk is used for data storage which is accessible by all active nodes in the cluster. These nodes share a floating IP address that is used by the client PPT application to securely connect to the PPT server. As each node contains configuration file for PPT application, PPT administer must ensure that both the files are synchronized periodically to avoid inconsistent configuration across PPT cluster.

IMPORTANT:

Same version of PPT application must be installed on active and stand-by nodes. The administrator account that owns and manages the PPT application must have same UID on all nodes.

The shared disk is used for data storage which is accessible by all active nodes in the cluster.

IMPORTANT:

It is not possible to upgrade a standalone PPT installation to the clustered installation supporting HA feature.

Viewing Manageability status of IPCF, SSC and PCEF Instances

This section briefly describes the manageability status of PCC solution components such as various IPCF and SSC instances that are interacting with PPT application. It also describes the manageability of PCEF instance.

In a PCC deployment, PPT application may need to communicate with multiple IPCF as well as SSC instances. PPT application can be configured to exchange information with various IPCF, SSC and PCEF instances. At any given instance some of these instances may not be in an active state, or reachable from the PPT application. Enhanced PPT architecture provides a mechanism that can monitor and display the current status of all configured IPCF, SSC and PCEF instances using a monitor server process for each such instance. PPT application database is always updated with the current status of each instance.

While configuring connections with existing IPCF, SSC and PCEF instances, their manageable status is indicated by green radio button. PPT application does not connect with an un-manageable IPCF, SSC or PCEF instance. Appropriate SNMP alarms are generated upon status change of any such instance.

PPT Architecture

Cisco’s Policy Provisioning Tool is a client-server application. It comprises a server and web based GUI client.

PPT server includes following components:
  • Apache Web Server
  • PostgreSQL Database Server
  • PSMon
  • Notification Server
  • Scheduler
  • Monitor Server
PPT client includes following components:
  • Browser

Following figure describes PPT architecture:


Figure 2. PPT Architecture

Apache Web Server: Apache server is used to relay requests received from clients to the PPT server.

PostgreSQL Database Server: PostgreSQL RDBMS provides centralized database for most of the data being accessed by different components of PPT. It stores details of users accessing PPT application. Along with user details, it also stores information pertaining to elements such as IPCF and SSC nodes, audit logs of traffic types, rules and rule bases, Access Point Names (APNs), user defined conditions and actions along with configured policies.

PSMon: This is a script which runs as a daemon process on PPT server. It monitors the server components including Apache server, PostgreSQL, and Policy Provisioning Server. PSMon periodically examines state of PPT components and restarts the in-active components. The administrator can configure a PSMon configuration file that contains a list of components to be monitored along with the time interval after which their state should be examined, and maximum number of retries for restarting a component.

IMPORTANT:

The PSMon configuration file psmon.conf is located in <ppt-install-dir>/3rdparty/psmon directory.

Notification Server: This is a script which is responsible for generating SNMP v1 or v2 traps including the instances whenever a PPT component is started, stopped or restarted. It also sends traps for events related to Web server, Database and PSMon. The SNMP targets can be configured using the script confSNMPTarget.sh located in <ppt-install-dir>/scripts directory. PPT administrator can configure a maximum of five SNMP targets at a time, and for each target can specify whether it should receive SNMP v1 or v2 traps.

IMPORTANT:

Notification server checks for the Notification target file after every five minutes, hence changes made to the SNMP target configuration file would not take more than five minutes to come to effect.

Scheduler: Scheduler's responsibility is to trigger different operations at the scheduled time or periodically. One of these tasks is synchronization, the other is to cleanup log files created by PostgreSQL server. Synchronization can be scheduled using parameters from the <ppt-install-dir>/etc/ppt.cfg file.

Monitor Server: Monitor server is a background process. It stores the status of all the IPCF, SSC and PCEF instances that are configured in the PPT application. Any such instance can be either manageable or not-manageable, this information is stored in a PPT database. Monitor server process checks whether the configured IPCF, SSC or PCEF instances are manageable or not. If the configured IPCF, SSC or PCEF instances are un-manageable, then PPT client is not allowed to select them.

Browser: This is the only component required at the client side. It is an Internet browser, which requires the Java script and cookies enabled.

System Requirements

This section identifies the minimum system requirements for PPT software, that can be installed on Sun Solaris as well as Linux platform.

Linux Server Hardware Platform:
  • Cisco UCS running OS version Cisco MITG RHEL v5.5
  • Cisco UCS C460 Server
  • 2 x Intel Xeon X5675 processors with 32 GB DDR3 RAM
  • 2 x 300 GB SAS hard disk drives with 10,000 RPM
  • Quad Gigabit Ethernet interfaces

RHEL Operating System Cisco MITG RHEL v5.5 OS is a custom image that contains software packages that are mandatory to support Cisco MITG external software applications. Users must not install any other applications on the platforms running Cisco MITG RHEL v5.5 OS. For detailed software compatibility information, refer Cisco MITG RHEL v5.5 OS Application Note.

Sun Server Hardware Platform:
  • Sun Solaris or SPARC running OS version SunOS 10
  • Sun Microsystems X4270
  • 1 x 1.2 GHz 8 core UltraSPARC T2 processors with 16 GB RAM
  • 2 x 146 GB SAS hard disk drives
  • Quad Gigabit Ethernet interfaces
Ensure that the following patches are installed for Sun Platform:

IMPORTANT:

Solaris 10 must be installed using the End User System support 64-bit software group and it must be specified during the installation of the operating system. This option installs the libraries required for proper operation of the PPT.

  • The timezone patch 113225-07 or later and libc patch 12874-33 or later for extended daylight savings time (DST) support.
  • Solaris 10 with Recommended Patch Cluster dated on or after July 16, 2007 and not later than Nov 2008. Ensure that the kernel patch is not later than the stable patch 137137-09.

IMPORTANT:

Solaris 10 Kernel patch beyond 137137-09 may result in kernel panic while executing or invoking system calls.

Client Platform:The only requirement at the client side is a browser which supports Java script and cookies enabled. The recommended browsers include Internet Explorer 7 or later and Mozilla Firefox 3.5 or later.

Licenses

Policy Provisioning Tool is not a licensed product.

PPT Deployment and Interfaces

This section describers PPT deployment in a network and various interfaces it uses to communicate with other components of PCC solution such as IPCF and SSC.

PPT in PCC Environment

In a given PCC environment PPT can be deployed with other components of Cisco PCC solution such as IPCF and SSC.

Following figure describes a network scenario where PPT is deployed along with other components of PCC solution in a network.

IMPORTANT:

In some deployments server components of PPT and Web Element Manager (WEM) applications may share a common hardware platform.


Figure 3. PPT Deployment Scenario

Interfaces

PPT supports following network interfaces for communication with other PCC elements:
  • XML-HTPPs: PPT is a client-server application. A browser based policy configuration interface is used to access the data stored on the PPT server. The secure HTTP interface is used by the browser based GUI of PPT to communicate the information with PPT server.
  • XML-RPC: PPT requires objects such as data or service plans, subscription tiers, notification templates and subscriber profile attributes, to configure and maintain policies. The XML-RPC interface is used to fetch such objects from appropriate Subscriber Service Controller (SSC) instances.
  • CORBA: PPT requires objects such as Quality of Service (QoS), Policy Charging and Control service, data service as well as time definitions, to configure and maintain policies. CORBA interface is used to fetch these parameters from appropriate instance of Intelligent Policy Control Function (IPCF). The CORBA interface can also be used to fetch objects such as rule definitions, rule bases and APN information from the PCEF, for configuring and maintaining policies.