PCRF

Camiant™
Multimedia Policy Engine

Cable Manager
User’s Guide
Document Number: DOC–10001

Revision: AR
Released: June 2009
Copyright © 2004–2009 Camiant, Inc., All Rights Reserved
This guide is produced and copyrighted by Camiant, Inc. Any use or reproduction of the contents of this manual without
the prior written consent of Camiant, Inc. is strictly prohibited.
NOTICE
All title and copyrights to this document are owned by Camiant, Inc. No part of the contents of this document may be
reproduced or transmitted in any form or by any means without the written permission of Camiant, Inc.
Camiant, Inc. shall not be liable for errors contained herein. Camiant, Inc. shall not be liable for any damages whatsoever,
including, without limitation, damages for loss of business profits, business interruption, loss of business information, or
other pecuniary loss arising out of the use of this documentation even if Camiant, Inc. has been made aware of the
possibility of such damages.
Information contained in this document is subject to change without notice. While every effort is made to ensure that the
information is accurate as of the publication date, users are reminded to update their use of this document with
documents published by Camiant, Inc. subsequent to this date.
Third-party product information is for informational purposes only, and constitutes neither an endorsement nor a
recommendation. Camiant, Inc. expressly disclaims any responsibility with respect to the performance of the third-party
products.
For permission to reproduce or distribute this document, please contact your Camiant account executive.
Camiant is a trademark of Camiant, Inc.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
All other trademarks mentioned in this document are property of their respective owners.
Camiant, Inc.
200 Nickerson Road
Marlborough, MA 01752 USA
508.486.9996
www.Camiant.com
Contents
About This Guide ............................................................. vii
Intended Audience ...................................................................................................... vii
Conventions ................................................................................................................ vii
Related Documentation .............................................................................................. viii
Contacting Camiant...................................................................................................... ix
Customer Comments ................................................................................................... ix
1 Introduction ...................................................................... 11
The Multimedia Policy Engine...................................................................................... 12
Overview ............................................................................................................. 12
Understanding Policy Rules.......................................................................................... 14
Overview of Major Tasks ............................................................................................. 15
The MPE Manager....................................................................................................... 16
Organizing Policy Rules ........................................................................................ 16
GUI Overview ...................................................................................................... 16
Specifications for Using the GUI........................................................................... 17
GUI Icons............................................................................................................. 17
Shortcut Selection Keys ....................................................................................... 18
2 Managing Policy Servers................................................ 19

Policy Server Profiles.................................................................................................... 20
Creating a Policy Server Profile............................................................................. 20
Configuring or Modifying a Policy Server Profile................................................... 22
Configuring Protocol Options on the Policy Server....................................................... 24
Deleting a Policy Server Profile ............................................................................. 26
Policy Server Groups.................................................................................................... 27
Creating a Policy Server Group ............................................................................ 27
Adding a Policy Server to a Policy Server Group ................................................... 28
Creating a Policy Server Subgroup ....................................................................... 29
Renaming a Policy Server Group .......................................................................... 30
Removing a Policy Server Profile from a Policy Server Group................................. 31
Deleting a Policy Server Group ............................................................................. 32
Configuring SSL Certificates ........................................................................................ 33
Configuring Hostnames and Hosts....................................................................... 33
Generating a Certificate on Each Server ............................................................... 33
Exporting the Local Certificate ............................................................................. 33
Importing the Peer Certificate .............................................................................. 33
Reapplying the Configuration to a Policy Server........................................................... 34
Checking the Status of a Policy Server ......................................................................... 36
Policy Server Reports ................................................................................................... 38
Multimedia Policy Engine Cable Manager User’s Guide iii

CONTENTS
Cluster Information Report................................................................................... 40

Policy Statistics ..................................................................................................... 42
Protocol Statistics ................................................................................................. 43
Policy Server Logs ........................................................................................................ 45
The Policy Log ...................................................................................................... 46
The Event Log ...................................................................................................... 48
Alerts ................................................................................................................... 52
3 Protocol Routing.............................................................. 53
PCMM Routing Architectures ...................................................................................... 54
Configuring PCMM Routing ........................................................................................ 55
4 Managing Network Elements....................................... 57

Creating a Network Element........................................................................................ 58
Modifying a Network Element.............................................................................. 60
Deleting Network Elements .................................................................................. 61
Finding a Network Element .................................................................................. 63
Configuring Options for Network Elements .................................................................64
CMTS................................................................................................................... 64
Working with Network Element Groups ...................................................................... 66
Creating a Network Element Group ..................................................................... 66
Adding a Network Element to a Network Element Group..................................... 67
Creating a Network Element Subgroup ................................................................ 68
Deleting a Network Element from a Network Element Group ............................... 69
Renaming a Network Element Group ................................................................... 70
Deleting a Network Element Group or Subgroup.................................................. 71
Associating a Network Element with a Policy Server ..................................................... 72
Adding Network Elements to the MPE Manager .......................................................... 74
Using the OSSI XML Interface............................................................................... 74
Importing an XML File to Input Network Elements................................................ 74
Exporting an XML File .......................................................................................... 75
5 Managing Application Profiles .................................... 77

Creating an Application Profile .................................................................................... 78
Modifying an Application Profile.................................................................................. 80
Deleting an Application Profile .................................................................................... 80
6 Managing Traffic Profiles .............................................. 81

Creating a Traffic Profile ..............................................................................................82
Modifying a Traffic Profile............................................................................................ 84
Deleting a Traffic Profile ..............................................................................................85
Working with Traffic Profile Groups............................................................................. 86
Adding a Traffic Profile to a Traffic Profile Group.................................................. 86
Deleting a Traffic Profile from a Traffic Profile Group............................................ 86
Modifying a Traffic Profile Group Name ............................................................... 86
Deleting a Traffic Profile Group ............................................................................ 86
iv Multimedia Policy Engine Cable Manager User’s Guide

CONTENTS
7 Event Messaging.............................................................. 87
Overview..................................................................................................................... 88
Configuring Global Settings for Event Messaging ........................................................ 90
Configuring Local Policy Server Settings for Event Messaging............................... 92
The Record Keeping Server.......................................................................................... 94
Creating an RKS Profile........................................................................................ 94
Modifying an RKS Profile ..................................................................................... 95
Deleting an RKS Profile ........................................................................................ 95
8 Management Agent Servers ......................................... 97

Creating a Management Agent Profile ........................................................................ 98
Modifying a Management Agent Profile ............................................................ 100
Deleting a Management Agent Profile ............................................................... 101
Reapplying a Management Agent Profile Configuration..................................... 101
Management Agent Tasks......................................................................................... 102
Using the Management Agent Event Log Viewer....................................................... 105
Filtering the Event Log ....................................................................................... 107
9 Managing Policy Rules.................................................. 109

Creating, Evaluating, and Deploying Policy Rules ....................................................... 110
Creating Policy Rules ......................................................................................... 110
Evaluating Policy Rules ....................................................................................... 111
Deploying Policy Rules ....................................................................................... 113
Creating a New Policy ............................................................................................... 116
Creating Time-Dependent Policy Rules ............................................................... 120
Modifying a Policy ............................................................................................. 121
Deleting a Policy ................................................................................................ 122
Policy Templates........................................................................................................ 123
Creating a Policy Template ................................................................................ 123
Modifying a Policy Template .............................................................................. 125
Deleting a Policy Template ................................................................................. 126
Managing a Policy Group .......................................................................................... 127
Creating a Policy Group ..................................................................................... 127
Adding a Policy to a Policy Group ...................................................................... 128
Removing a Policy from a Policy Group .............................................................. 129
Changing the Sequence of Policies within a Policy Group .................................. 131
Displaying Policy Details Contained Within a Policy Group.................................. 133
Deploying a Policy/Policy Group to Policy Servers ............................................... 134
Removing a Policy from a Policy Group on a Policy Server .................................. 135
Removing a Policy/Policy Group from a Policy Server .......................................... 136
Changing the Sequence of Deployed Policies or Groups .................................... 137
Importing and Exporting Policies, Policy Groups, and Templates ................................ 138
Importing Policies .............................................................................................. 138
Exporting Policies............................................................................................... 140
The Policy Log ........................................................................................................... 141
10 Managing Network Topology ..................................... 143

The Network Topology Map...................................................................................... 144
Multimedia Policy Engine Cable Manager User’s Guide v

CONTENTS
Network Element Components .......................................................................... 144

Viewing the Map ............................................................................................... 145
Laying Out the Map Automatically ..................................................................... 147
Viewing Alerts.................................................................................................... 149
Network Path Management.......................................................................................152
Creating a Path .................................................................................................. 152
Modifying a Path................................................................................................ 154
Deleting a Path .................................................................................................. 154
11 Managing User Licenses............................................... 155

Displaying Installed Licenses.......................................................................................156
Displaying Individual Licenses ............................................................................. 157
Installing a License.....................................................................................................158
Assigning Licenses to a Policy Server................................................................... 159
Tracking Licenses.......................................................................................................161
Viewing the License Tracking Summary Report................................................... 161
Viewing the License Tracking Detail Report ........................................................ 163
12 System Administration ................................................ 165

Configuring System Settings......................................................................................166
Using Import/Export...................................................................................................168
Viewing MPE Manager Cluster Reports......................................................................169
Viewing the Event Log...............................................................................................172
Modifying the Event Log Configuration.............................................................. 173
Viewing the Audit Log...............................................................................................174
Defining Audit Log Search Parameters................................................................ 176
Exporting or Purging Audit Log Data .................................................................. 177
Viewing the Alert Log................................................................................................178
Managing Scheduled Tasks........................................................................................180
Configuring a Scheduled Task ............................................................................ 182
User Management.....................................................................................................184
Configuring Roles .............................................................................................. 184
Creating a New Role .......................................................................................... 184
Modifying a Role................................................................................................ 186
Deleting a Role................................................................................................... 187
Creating a New Scope........................................................................................ 188
Modifying a Scope ............................................................................................. 189
Deleting a Scope ................................................................................................ 189
Creating a User Profile ....................................................................................... 190
Modifying a User Profile ..................................................................................... 192
Deleting a User Profile........................................................................................ 193
Changing a Password......................................................................................... 194
Locking and Unlocking User Accounts................................................................ 195
Glossary ........................................................................... 197
Index ................................................................................. 205
vi Multimedia Policy Engine Cable Manager User’s Guide

ABOUT THIS GUIDE
This guide describes how to use the Multimedia Policy Engine (MPE)
Manager to configure and manage MPE devices. The information in this
guide is presented as follows:
■ “Introduction” on page 11
■ “Managing Policy Servers” on page 19
■ “Managing Network Elements” on page 57
■ “Managing Application Profiles” on page 77
■ “Event Messaging” on page 87
■ “Management Agent Servers” on page 97
■ “Managing Policy Rules” on page 109
■ “Managing Network Topology” on page 143
■ “Managing User Licenses” on page 155
■ “System Administration” on page 165
■ “Glossary” on page 197
Intended Audience
This guide is intended for the following trained and qualified service
personnel who are responsible for operating MPE devices:
■ System operators
■ System administrators
Conventions
Your view of the product may vary from the figures used as examples in
this guide; the pages that you see depend on your configuration or
application.
The MPE is the Camiant policy server. The terms policy server and MPE
are synonymous.
Multimedia Policy Engine Cable Manager User’s Guide vii

ABOUT THIS GUIDE
The following conventions are used throughout this guide to emphasize

certain information, such as user input, page options and output, and
menu selections.
Italics —I ndicates book titles and user input variables.
Monospace — Indicates program output.
Monospace bold — Indicates user input.
Monospace italics — Indicates variables in commands.
Note: This icon indicates helpful suggestions or references to other

documents.
CAUTION: This icon notifies you to proceed carefully to avoid damaging

equipment or losing data.
WARNING: This icon warns you to proceed carefully to avoid injury.
Related Documentation
The following guides provide additional information for the
configuration and use of Camiant products:
■ Cable Product Release Notes
■ Hardware Installation Guide
■ Software Installation Guide
■ Service User Interface User’s Guide
Note: This version of the document supersedes the application note

Configuring the MPE for Use with Diameter Rx/Gq Interfaces in a PCMM
Environment, DOC-00060, revision A1, November 2007.
The following documents are useful for reference:

■ PCMM specifications PKT-SP-MM-I02 and IO3
■ PKT-SP-DQOS-I12-050812 - PacketCable™ Dynamic Quality-of-Service
Specification
viii Multimedia Policy Engine Cable Manager User’s Guide

Customer Comments
Contacting Camiant
Camiant Inc. maintains a site on the World Wide Web where you can find
information on our company and its products. Use the following URL:
http://www.camiant.com
To obtain technical tips or support, contact the Camiant Customer

Service Department at 508-486-9996 and selection Option 3 for
Customer Support. You can also contact us using the following URL:
http://www.camiant.com/support
Customer Comments
Customer comments are not only welcomed, they are encouraged.
Please take a moment and let us know how we are doing. To do this,
respond in one of the following ways:
E-mail your comments to documentation@camiant.com
FAX your comments to 508-486-9595, attention Technical Publications
Multimedia Policy Engine Cable Manager User’s Guide ix

1
INTRODUCTION
This chapter provides an overview of the Camiant Multimedia Policy

Engine (MPE), which manages multiple network-based client sessions;
the network in which the MPE operates; policies; and the MPE Manager,
which controls MPEs and associated applications.
This chapter discusses the following topics:

■ The Multimedia Policy Engine
■ Network Environment
■ Understanding Policy Rules
■ Overview of Major Tasks
■ The MPE Manager
Multimedia Policy Engine Cable Manager User’s Guide 11

CHAPTER 1: INTRODUCTION
The Multimedia Policy Engine

The MPE includes a simple, powerful, and flexible policy rules engine.
Through the use of policy rules, you can modify the behavior of an MPE
dynamically as it processes protocol messages.
Overview The core function of the MPE network is to establish service flows
between the subscribers and application servers that provide
multimedia services, as shown in Figure 1:
Figure 1: The MPE Manager and MPEs
A service flow is activated only after the contents of its QoS request are
examined and approved by the MPE. If approved, the request is
forwarded to the intended destination network node.
For example, when a subscriber wishes to open an IP-streaming session,

the following actions occur:
1 An application receives the subscriber's request and sends a QoS request
to the MPE for the associated network element, requesting that certain
12 Multimedia Policy Engine Cable Manager User’s Guide

The Multimedia Policy Engine
network resources be provisioned in order to be used for the

application.
2 The MPE examines the QoS request before it gets to the network
element and processes the request against the policy rules within its
policy repository. The MPE then makes a decision based on the defined
policy rules to accept or reject the request.
3 Depending on the decision made, the MPE performs one of the following
actions:
■ Accepts the QoS request and forwards it to the network element,
where the required network resources are provisioned, allowing the
service flow for IP-streaming to be admitted and activated.
■ Rejects the QoS request, in which case, an error message is sent
back to the application and no service flow is established.
Note: When provisioned resources are no longer required and

deleted, the network resources are recovered for use
elsewhere.

Understanding Policy Rules

A policy rule is an if-then style rule that has a set of conditions and
actions. If the conditions are met, the actions are performed. You can
create policy rules within the MPE Manager, using a wizard that contains
a large number of conditions and actions to assist you in the
construction of policy rules. Once you create policy rules, you deploy
them to the MPE.
You can combine policy rules to provide additional power and flexibility.
When there are multiple policy rules, the order in which the policy rules
are evaluated can also influence the policy server behavior, so the order
of evaluation is also configurable through the MPE Manager. You can also
organize policy rules into groups in order to simplify the management of
the policy rules.
The following are sample scenarios for which you might use policy rules:
■ You can modify the contents of protocol messages using policy rules.
For example, you could use a policy rule to override the requested
bandwidth parameters in a request.
■ You can create policy rules that track the use of resources for
devices in the network and implement limits on how those resources
are used. For example, some cable modems have limits on the
number of dynamic flows that they can support. Using policy rules,
you can ensure that a cable modem does not exceed this limit.
■ Some protocols allow for the provisioning of default QoS parameters
for subscribers. With these protocols, policy rules could be used to
implement subscriber tiers where different subscribers have
different bandwidth available.
■ You can configure policy rules to monitor the reservation of
bandwidth on network elements and notify operators when an
element exceeds certain threshold levels.
■ In many protocols, the policy server acts as an intermediary between
the Application Managers (AMs) and the QoS enforcement devices.
Many of these QoS enforcement devices implement proprietary
features that are activated through the use of standard (or
non-standard) fields in protocol messages. Using policy rules, you
can activate these proprietary features on behalf of the AMs, thus
allowing them to use these features without modification.

Overview of Major Tasks
Overview of Major Tasks

The major tasks involved in using the MPE are as follows:
1 Create a Policy Server profile, which defines the configuration of an
MPE. This step is described in Chapter 2.
2 Configure attributes on the policy server. This step is described in
Chapter 2.
3 Create network element profiles, including protocol options, for each
network element to be managed. This step is described in Chapter 4.
4 Specify which policy server will manage which network elements. This
step is described in Chapter 4.
5 Create application profiles, which specify protocol information to
associate each request with an application. This step is described in
Chapter 5.
6 Create traffic profiles, which define default settings for protocol
messages. This step is described in Chapter 6.
7 Create policy rules. This step is described in Chapter 9.
8 Deploy the policy rule from the MPE Manager to a policy server. This
step is described in Chapter 9.

The MPE Manager

The MPE Manager provides centralized management and administration
of policy rules, MPE devices, and associated applications, all from a
single management console. This management console is web-based and
supports the following features and functions:
■ Configuration and management of MPEs and additional Camiant
products
■ Definition of network components
■ Creation, modification, deletion, and deployment of policy rules
■ Monitoring of individual product subsystem status
■ Administration and management of MPE Manager users
Organizing Policy Rules If you are working with multiple policy rules, the MPE Manager includes
several features to simplify the management of those rules.
The order in which rules are evaluated is important. The MPE Manager
allows you to configure the evaluation order of policies (see “Evaluating
Policy Rules” on page 111).
The MPE Manager provides a policy template feature to simplify the

creation of multiple policies that have similar conditions and actions.
Once you create a policy template, you can use it to create additional
policies. See “Creating a Policy Template” on page 123 for a complete
description of the rocess.
The MPE Manager also provides a policy grouping feature. Policies can
be organized into groups and the groups can be used to simplify the
process of deploying policies to policy servers (see “Creating a Policy
Group” on page 127).
GUI Overview The MPE Manager uses an intuitive and highly portable Graphical User
Interface (GUI) supporting industry-standard web technologies (SSL,
HTTP, HTTPS, and XML). Figure 2 shows the structure of the MPE
Manager GUI.

The MPE Manager
Figure 2: Structure of the MPE Manager GUI
Work Area
Content Tree
Navigation Pane
■ Navigation Pane — Provides access to the various available options

within the MPE Manager.
■ Content Tree — Contains an expandable/collapsible listing of all the
defined items for a given selection. For content trees that contain a
group labeled ALL, you can create customized groups that display on
the tree.
The content tree section is not visible with all navigation selections.
■ Work Area — Contains information that relates to choices in both the
navigation pane and the content tree. This is the area in which you
perform all work.
Specifications for Using Camiant recommends the following:

the GUI ■ Web Browsers —
❏ Internet Explorer 6 or higher, on Windows XP
❏ SVG Plug-in for Windows-IE. To download this plug-in point your
Web browser to:
http://www.adobe.com/svg/viewer/install/mainframed.html
■ Monitor — 1024 x 768 or higher
Note: When using the MPE Manager for the first time, Camiant
recommends that you change the default username and
password to a self-assigned value. See “Changing a Password”
on page 194 for information on this procedure.
GUI Icons The MPE Manager provides easy to use icons for removing, deleting, or
changing the sequential order of the items displayed.

Remove icon — When visible in the work area, selecting

the scissors icon removes an item from the group it is
associated with. The item is still listed in the ALL group and
any other group that it is currently associated with. For
example, if you remove policy server PS_1 from policy
server group PS_Group2, PS_1 still displays in the ALL
group.
Delete icon — When visible in the work area, selecting the
trash can icon deletes an item, removing it from the MPE.
Note: Deleting an item from the ALL folder also deletes the
item from any associated group. A delete verification window
opens when this icon is selected.
Move icon — The up/down arrow icons are displayed when

it is possible to change the sequential order of items in a
list.
Shortcut Selection Keys The MPE Manager uses the following standard browser techniques for
selecting multiple items from a list:
■ Shift/click — selects two or more consecutive items. To do this,

select the first item, then Shift/click on a second item to select both
items and all items in between.
■ Control/click — selects two or more non-consecutive items. To do
this, hold down the Ctrl key as you click on each item.

2
MANAGING POLICY SERVERS
This chapter describes how to use the Multimedia Policy Engine (MPE)
Manager to configure and manage policy servers in a network.
Note: The MPE is the Camiant policy server. The terms policy server and
MPE are synonymous.

■ Multimedia Policy Server Profiles
■ Policy Server Groups
■ Configuring Protocol Options on the Policy Server
■ Configuring SSL Certificates
■ Reapplying the Configuration to a Policy Server
■ Checking the Status of a Policy Server
■ Viewing Policy Server Reports
■ Viewing and Configuring Policy Server Logs

CHAPTER 2: MANAGING POLICY SERVERS
Policy Server Profiles

A policy server profile contains the configuration information for a
policy server. The MPE Manager stores policy server profiles in a
configuration database. Once you define profiles, you can deploy them
to policy servers (MPE devices) across the network.
The following subsections describe how to manage policy server

profiles. For information on deploying defined policies to a policy
server, see “Deploying a Policy/Policy Group to Policy Servers” on
page 134.
Creating a Policy Server To create a policy server profile:

Profile
1 From the navigation pane, select Configuration. The content tree
displays a list of policy server groups; the initial group is ALL.
2 From the content tree, select the ALL group. The Policy Server
Administration page opens in the work area.
3 On the Policy Server Administration page, click Create Policy Server.
The New Policy Server Administration page opens.
4 Enter values for the configuration attributes (Figure 3 shows an
example):
■ Name — Name assigned to the policy server.
■ Host Name / IP Address — Registered domain name or IP address
assigned to the policy server.
■ Description / Location (optional) — Information that defines the
policy server function or location.
■ Secure Connection — Designates whether or not to use the HTTPS
protocol. See the Service User Interface User’s Guide for a
description of how to configure SSL (HTTPS).
■ Type — Defines the policy server type:
❏ Camiant — The policy server is an MPE device and can be fully
managed by the MPE Manager.
❏ Unmanaged — The policy server is not an MPE device and
therefore cannot be actively managed by the MPE Manager. This
selection is useful when a Camiant MPE device is routing traffic to
a non Camiant policy server.
5 When you finish, click Save (or Cancel to discard your changes). The
MPE Manager retrieves any preexisting configuration from the newly
defined MPE device. This can be useful when installing a new MPE
Manager into an existing network.
For most protocols to function correctly, once a policy server profile is

created, you must go to the Policy Server tab and configure the
attribute information (see “Configuring SSL Certificates” on page 33)
and associate network elements with the server (see “Associating a
Network Element with a Policy Server” on page 72).

Figure 3: New Policy Server Administration Page

Configuring or To configure or modify a policy server profile:

Modifying a Policy
Server Profile
2 From the content tree, select the policy server. The Policy Server
Administration page opens in the work area. Figure 4 shows an example.
The page contains the following tabs:
■ System — Defines the system information associated with this policy
server — the name, host name or IP address, information about the
policy server, and whether or not the policy server uses a secure
connection to any management system (such as the MPE Manager).
■ Reports — Displays various statistics and counters related to the
physical hardware of the cluster, policy execution, and network
protocol operation.
Note: Reports cannot be modified.
■ Logs — Displays the Policy Log, Event Log, and Alert configurations.
■ Policy Server — Lets you associate applications and network
elements with the policy server and configure protocol information.
■ EM — Lets you view and configure event messages.
■ Routing — Lets you organize large networks of policy servers into a
hierarchical configuration, applicable for network designs with
either centralized application architectures, or distributed
application architectures.
■ Policies — Lets you manage policies that are deployed on the policy
server.
■ DHCP — Lets you configure DHCP (Dynamic Host Configuration
Protocol).
3 Select the tab that contains the information you want to modify and
click Modify.
4 When you finish your modifications, click Save (or Cancel to discard
your changes).

Figure 4: Policy Server Administration Page

Configuring Protocol Options on the Policy Server

To configure protocol options on a policy server:
2 From the content tree, select the desired policy server. The Policy
Server Administration page opens.
3 On the Policy Server Administration page, select the Policy Server tab.
The current configuration options are displayed. Figure 5 shows an
example.
4 Click Modify and define options as necessary (described in Table 1).
5 When you finish, click Save (or Cancel to discard your changes).
Figure 5: Policy Server Tab

Configuring Protocol Options on the Policy Server
Table 1: Policy Server Protocol Configuration Options

Attribute Description
Associations
Applications The applications associated with this policy server. To modify this list, click Manage.
Network Elements The network elements associated with this policy server. To modify this list, click Manage.
Network Element Groups The network element groups associated with this policy server. To modify this list, select or
deselect groups.
Configuration
Management Agent Visible if your network contains management agents. For more information, see Chapter 8.
PCMM
Validate the application When enabled, all PCMM requests are checked to ensure that there is an application defined that
can be associated with the request (typically by matching the AMID in the request). If there is no
such application, the request is rejected by the policy server.
Validate the service class When enabled, any PCMM requests that refer to a Service Class Name in a traffic profile are
checked to ensure that the service class is known to be valid for the destination CMTS.
Validate the gate ID When enabled, all PCMM requests that refer to an existing gate are checked against the policy
server's database of existing gates. If the request refers to a gate ID that does not exist, then it is
rejected without forwarding to the CMTS.
Validate traffic profile When enabled, all PCMM requests that include traffic profiles are checked to ensure that the
envelopes parameters for the Authorized, Reserved and Committed envelopes are valid, as defined in the
PCMM Specification.
Enable MGPI Enable Multiple Grants Per Interval (MGPI) for all Rx applications. By default, not selected (that is,
MGPI is disabled).
Note: If MGPI is enabled, flow aggregation begins with the next call that creates or modifies an
application flow.
Upstream Service Flow The number of upstream service flows above which MGPI is triggered. A value from 1 through 99;
Limit for Triggering MGPI the default is 8.
Maximum Number of The maximum number of grants per interval allowed on one gate (that is, the maximum number
Grants per Interval of sub-flows aggregated on one service flow). A value from 2 through 99; the default is 8.
Diameter
Diameter Port The default is 3868.
Diameter Realm The policy server's domain of responsibility (for example, galactel.com).
Diameter Identity The fully qualified domain name (FQDN) of the policy server (for example, mpe3.galactel.com).
Diameter PCMM AMID This is the AMID used when requests are received from an Application Function (AF) that are
translated to PCMM. This AMID must be unique among all the AMIDs that are used by any PCMM
Application Managers (AMs) in your network. The default is 3472.
Diameter PCEF Default Defines the bandwidth parameters that are used when establishing a default traffic profile for a
Profile Policy and Charging Enforcement Function (PCEF). These parameters can be overridden by
configuring policy rules that apply different profiles.
Diameter AF Default Define the bandwidth parameters that are used when a request from an Application Function (AF)
Profiles does not contain sufficient information for the policy server to derive QoS parameters. These
profiles are defined per media type: Default, Audio, Video, Data, Application, Control, Text,
Message, and Other. The Default profile is used when a profile for a media type is not defined. To
specify values, create Diameter profiles in the general profile configuration.

Deleting a Policy Server Deleting a policy server profile from the ALL group also deletes it from
Profile any associated group.
To delete a policy server profile:

Administration page opens in the work area, displaying all defined
policy servers; for example:
3 Use one of the following methods to select the policy server profile to
delete:
■ From the work area, click the Delete icon located next to the policy
server profile you want to delete.
■ From the policy server group tree, select the policy server; the
Policy Server Administration page opens. Click the System tab; the
System tab opens. Click Delete.
You are prompted: “Are you sure you want to delete this Policy Server?”
Click OK to delete the policy server profile (or Cancel to cancel the
request).

Policy Server Groups

For organizational purposes, you can aggregate the MPEs in your
network into groups. The groups are displayed in the network topology
map and can be used to define authorization scopes. The following
subsections describe how to manage policy server groups.
Creating a Policy Server To create a policy server group:

Group
3 On the Policy Server Administration page, click Create Group. The
Create Group editor page opens.
4 Enter the name of the new policy server group. The name cannot
contain quotation marks (") or commas.
new group appears in the content tree.

Adding a Policy Server to To add a policy server to a policy server group:

a Policy Server Group
2 From the content tree, select the desired policy server group. The
Policy Server Administration page opens in the work area, displaying the
contents of the selected policy server group.
3 On the Policy Server Administration page, click Add Policy Server. The
Add Policy Server page opens, displaying the policy servers not already
part of the group. Figure 6 shows an example.
4 Click on the policy server you want to add; use the Ctrl or Shift keys to
select multiple policy servers.
5 When you finish, click Save (or Cancel to cancel the request). The
policy server is added to the selected group.
Figure 6: Add Policy Server Page

Creating a Policy Server You can create subgroups to further organize your policy server
Subgroup network. To add a policy server subgroup to an existing policy server
group:
Policy Server Administration page opens in the work area, displaying the
contents of the selected policy server group.
3 On the Policy Server Administration page, click Create Sub-Group. The
Create Group page opens (Figure 7).
4 Enter the name of the new subgroup. The name cannot contain
quotation marks (") or commas (,).
subgroup is added to the selected group.
Figure 7: Create Group Page

Renaming a Policy Server To modify the name assigned to a policy server group or sub-group:
Group
2 From the content tree, select the desired policy server group or
sub-group. The Policy Server Administration page opens in the work
area.
3 On the Policy Server Administration page, click Modify. The Modify
Group page opens (Figure 8).
4 Enter the new name in the Name field. The name cannot contain
5 When you finish, click Save (or Cancel to cancel the request). The group
is renamed.
Figure 8: Modify Group Page

Removing a Policy Server Removing a policy server from a policy server group or sub-group does
Profile from a Policy not delete the profile. To delete a policy server profile, see “Deleting a
Server Group Policy Server Profile” on page 26.
To remove a policy server profile from a policy server group or

sub-group:
area, displaying the contents of the selected policy server group or
sub-group:
3 Remove the desired policy server profile using one of the following
methods:
Note: The policy server is removed immediately; there is no

confirmation message.
■ Click the Scissors icon located next to the policy server you want to
remove.
■ From the content tree, select the policy server; the Policy Server
Administration page opens. Click the System tab; the System tab
opens. Click Remove.
The policy server is removed from the group or sub-group.

Deleting a Policy Server Deleting a policy server group also deletes any associated sub-groups.
Group However, any policy server profiles associated with the deleted groups
or sub-groups remain in the ALL group. You cannot delete the ALL group.
To delete a policy server group or subgroup:

area, displaying the contents of the selected policy server group or
sub-group; for example:
3 On the Policy Server Administration page, click Delete. You are

prompted, “Are you sure you want to delete this group?”
4 Click OK (or Cancel to cancel the request). The group is deleted.

Configuring SSL Certificates
Configuring SSL Certificates

The Secure Socket Layer (SSL) protocol is a point-to-point secure
transport mechanism that provides authentication, message integrity,
and confidentiality. It relies on the exchange of certificates that allow
two systems to interact with a high level of security. To configure a
server certificate, you must perform the following steps:
1 Configure hostnames and hosts
2 Generate a certificate on each server
3 Export the local certificate
4 Import the peer certificate
These steps are accomplished using the Service User Interface. For the
actual procedures needed to accomplish each step, see the Service User
Interface User’s Guide. The sections that follow provide a high-level
view of the process for each function.
Configuring Hostnames Before SSL certificates can be generated, hostnames (local) must be
and Hosts configured for both servers, and host entries must be entered for the
other (remote) server. To do this, see “Network Maintenance” in the
Service User Interface User’s Guide, and complete the following:
1 Configure a hostname for the local server.
2 Add the remote server as a host.
3 Ping both servers using the hostname command to test for connectivity.
Generating a Certificate Certificate creation is performed on each server (local and remote).
on Each Server When creating the certificate, ensure that the alias used matches the
hostname of the server the certificate is being created on. Also, the
default password of changeit must be used throughout the creation
process, or the certificates will not work. See “Create server
certificate” in the Service User Interface User’s Guide.
Exporting the Local Export the certificate to the keystore, where it will be copied via SCP to
Certificate the remote server. See “Configure SSL” in the Service User Interface
User’s Guide.
Importing the Peer Import the certificate that was previously exported from the remote
Certificate server to the local keystore. You must reboot the cluster for the new
certificate to take affect. See “Configure SSL” in the Service User
Interface User’s Guide.

Reapplying the Configuration to a Policy Server

The MPE Manager lets you reapply the configuration to each policy
server. When you reapply the configuration, the MPE Manager
reconfigures the corresponding MPE device completely with every
configuration field, ensuring that the MPE device configuration matches
that within the MPE Manager. This action is not needed during normal
operation but is useful in the following situations:
■ When all blades within a failed MPE device are replaced, the new
blades come up initially with default values. (The Service User
Interface User’s Guide describes how to restore both single-server
and clustered configurations.) Reapplying the policy server’s
configuration lets you redeploy the entire configuration rather than
reconfiguring the MPE device field by field. You should also apply the
Rediscover Cluster operation to the MPE Manager to re-initialize the
Cluster Info Report for the policy server, thereby clearing out the
failed blades’ status.
■ After performing a software upgrade on an MPE device, Camiant
recommends that you reapply the configuration from the MPE
Manager to ensure that the upgraded MPE device and the MPE
Manager are synchronized.
■ There are situations in which it is possible for an MPE device
configuration to become out of sync with the MPE Manager; for
example, when a break in the network causes communication to fail
between the MPE Manager and a given MPE device. If such a
condition occurs, the MPE Manager displays the policy server status
as “Configuration Mismatch.” In this case, reapplying the MPE device
configuration brings the MPE device back into synchronization with
the MPE Manager.
To reapply the configuration associated with a policy server:

3 From the group ALL, select the desired policy server. The Policy Server
Administration page displays information for that policy server. Figure 9
shows a sample.
4 On the Policy Server Administration page, select the System tab and
click Reapply Configuration. The profile information is saved to the
policy server.

Reapplying the Configuration to a Policy Server
Figure 9: Policy Server Administration Page

Checking the Status of a Policy Server

The MPE Manager lets you view the status of policy servers, either in a
network (all policy servers within a network) or individually.
■ Group View — Select ALL from the policy server content tree to view
all the defined policy servers or select a specific policy server group
or sub-group to view just the policy servers associated with the
group. The display in the work area includes a status column that
indicates if a policy server cluster is in one of the following states:
❏ On-line — Both policy server blades in the policy server cluster
are operational.
❏ Degraded — One policy server blade has failed, but the policy
server cluster continues to function with its one remaining blade.
The cluster is operating in simplex mode, that is, a stand-by
hardware blade is not available.
Note: If a blade is labeled Degraded, but the blade detail

does not show any failed or disconnected equipment, the
blade is performing a database synchronization operation;
until the synchronization process has completed, the blade
cannot perform as the master blade. Subsequently, for High
Availability to operate correctly in a clustered system, the
master blade of the cluster must not be rebooted unless the
slave blade is in the “On-line” state.
❏ Failed — A policy server is no longer functioning properly.

❏ Off-line — Communication to the policy server cluster has been
lost.
❏ Non-service Affecting Failure — One or more blades are in a
Degraded state in which a blade is disconnected (see previous
note).
■ Policy Server Profile View — Select a policy server from the content
tree, then click the System tab to view the policy server’s current
operating status (On-line or Off-line) and profile configuration.
Figure 10 shows an example of a Group View in which one of the servers

is off line.

Checking the Status of a Policy Server
Figure 10: Group View
Note: The MPE Manager’s status for a cluster is the only reliable
indicator of a cluster’s state (such as “On-line” or “Degraded”), as
opposed to the HA status display in the SUI.

Policy Server Reports

The Reports tab lets you view a hierarchical set of reports that you can
use to monitor both the status and the activity of a specific policy
server. Figure 11 shows a sample Reports tab for a policy server.
Each report page provides the following information:

■ Mode — The Mode field displays a summary of the current type of
information that is in the report.
■ Buttons — The buttons let you navigate between reports, or control
the information displayed within the report. The buttons differ from
one report page to the next. The following list describes the buttons
that are available on all report pages:
Note: The buttons displayed vary depending on your

configuration.
❏ Show Absolute/Deltas — Switches between “absolute mode”

(which displays the statistics since the last reset) and “delta
mode” (which displays changes in the statistics during the last
10-second refresh period).
❏ Reset All Counters — Resets the statistics for the current report
page back to initial values (usually 0 for most statistics).
❏ Rediscover Cluster — Rediscovers the cluster, deleting any failed
blades that have been removed from service.
❏ Pause/Resume — Stops or restarts automatic refreshing of
displayed information. The refresh period is 10 seconds.
❏ Cancel — Closes the report page and returns to the parent report
page.
The MPE Manager also displays various statistics and counters related to
the following:
■ Cluster Information — Information about the physical components
that make up a cluster.
■ Policy Statistics — Information about the execution of policy rules.
■ Protocol Statistics — Information about the active network
protocols.

Figure 11: Policy Server Reports Tab

Cluster Information The fields that are displayed in the Cluster Information Report section
Report include the following:
■ Status — The status of the cluster. For a summary of the possible
status values, see “Checking the Status of a Policy Server” on
page 36.
■ Failures — The number of cluster failures that have occurred.
■ Uptime — The total uptime for the cluster.
Also within the Cluster Information Report is a listing of all the blades
contained within the cluster, including the following blade-specific
information:
■ Overall — Displays the current status, number of failures, and total
uptime for the blade.
■ Utilization — Displays the blade CPU, memory, and disk utilization
percentages.
The Service LED button activates an LED on the blade, which allows for
identification of the physical blade in the chassis of the cluster.
Figure 12 shows a sample Cluster Information Report.
Figure 12: Cluster Information Report

Blade Information Report You can select the blade identifier (MAC address) for any blade in the
Blades table to display the Blade Information Report page, showing
detailed information about that blade's physical and logical interfaces.
Figure 13 shows a sample Blade Information Report.
When you finish viewing the report, click Cancel to return to the
previous display.
Figure 13: Blade Information Report

Policy Statistics The Policy Statistics section summarizes policy rule activity within the
policy server. This is presented as a table of statistics for each policy
rule that is configured for the policy server.
The statistics included are:

■ Name — The name of the policy being polled.
■ Evaluated — The number of times the conditions in the policy were
evaluated.
■ Executed — The number of times the policy actions were executed.
This implies that the conditions in the policy evaluated to be true.
■ Ignored — The number of times the policy was ignored. This can
happen because the policy conditions refer to data which was not
applicable given the context in which it was evaluated.
Figure 14 shows a sample.
Figure 14: Sample Policy Statistics

Protocol Statistics The Protocol Statistics section summarizes the protocol activity within
the policy server. This information is presented as a table of statistics
for each protocol. In some cases, a protocol is broken down into
sub-entries to distinguish between the different types of protocol
activity.
The Protocol Statistics include the following:

■ Connections — If the protocol is a connection-oriented protocol, this
represents the current number of established connections using each
protocol.
■ Total client messages in / out — The total number of
incoming/outgoing messages received/sent using each protocol.
For each entry in the Protocol Statistics table, you can select the name
of the entry to see a detailed report for that entry. For most protocols,
this report page displays a set of statistics that break down the protocol
activity by message type, message response type, errors, and so on.
Many of the protocol report pages also include a table that summarizes
the activity for each client or server with which the policy server is
communicating through that protocol. These tables also let you select a
specific entry to further examine detailed protocol statistics that are
specific to that client or server.
Since many of these statistics contain detailed protocol-specific

summaries of information, the specific definitions of the information
that is displayed are not included here. For more specific information,
see the appropriate technical specification that describes the protocol
in which you are interested (see “Related Documentation” on page viii).
Figure 15 shows a sample.
Figure 15: Sample Protocol Statistics

For example, for VoD devices, the Reports tab displays the following
information:
■ Total messages in/out — Total number of messages sent/received
from all VoD servers. This includes reserve requests, release
requests, and status (synchronization) messages.
■ Session count — Total number of session requests received by this
device, whether successful or not. A session teardown does not
decrement this value. (To see the current active session count, refer
to the network element statistics for each VoD server, which are
listed below this block of counters.)
■ Session success count — Number of successful reserve requests
(defined as a single reserve request followed by an ACK from the MPE
device) since the last reset.
■ Session failures — Number of failed session requests (defined as a
single reserve request from a VoD server followed by a NAK from the
MPE device).
Additionally, for individual VoD network elements, the Reports tab

displays the following information:
■ Network Element — Unique identifier for this device.
■ Session count — Number of active sessions handled by this device.
■ Session success count — Number of successful reserve requests
(defined as a single reserve request followed by an ACK from the
MPE) by this device since the last reset.
■ Upstream bandwidth — Current reserved upstream bandwidth
allocated for this device.
■ Downstream bandwidth — Current reserved downstream bandwidth
allocated for this device.
Note: Statistical information is returned from the MPE device

as a series of running “peg counts.” To arrive at interval rate
information, such as session success and failure counts, two
intervals are needed to perform the difference calculation.
Also, statistical information, such as session activation
counts, is kept in memory and is therefore not persisted
across the cluster. After a failover, non-persistent metrics
must be repopulated based on resampling from the newly
active master server. Therefore, when an MPE device is
brought on line, or after a failover, one or more sample
periods will display no statistical information.

Policy Server Logs
Policy Server Logs

The log files contain information, viewable through a log viewer, for the
MPE device. The information in the log files records the activity of the
Policy Rules Engine; logs event and alerts; and provides you with an
indication of the state of the MPE device that can alert you to potential
problems. From this tab you can view and configure the logs for an
individual MPE device.
To view the logs:

displays a list of policy server groups.
Server Administration page opens in the work area.
3 On the Policy Server Administration page, select the Logs tab. Log
information, including the log levels, is displayed. Figure 16 shows an
example.
The available logs are:

■ Policy log
■ Event log
■ Alerts
Figure 16: Policy Server Logs Tab

The Policy Log The policy log records the activity of the Policy Rules Engine within the
selected MPE device.
To display the policy log, click Policy Log. The log appears in the work
area; Figure 17 shows an example.
To update the policy log display with the most recent data, click
Refresh. To close the display, click Cancel.
You can configure the severity of messages that are written to the policy
log. To configure the policy log display:
1 From the Logs tab, click Modify. The Modify Settings fields open in the
work area.
2 In the Policy Log Level field, select the minimum severity level to record
from the drop-down list:
■ Severe
■ Warning
■ Info
■ Config
■ Fine
■ Finer
■ Finest

Policy Server Logs
Figure 17: Policy Log

The Event Log The Event Log displays the various events generated by the MPE device.
You can configure the severity as well as the destination(s) of messages
that are written to the event log.
Viewing Events To view log information using the Event Log Viewer:
3 On the Policy Server Administration page, select the Logs tab. Log
information is displayed.
4 Click View Event Log. The Event Log Viewer page opens. While data is
being retrieved, an in-progress message appears. Figure 18 shows a
sample.
All events contain the following information:
■ Date/Time — Time when the event occurred. This time is relative to
the server time.
■ Blade — MAC address of the blade reporting the event.
■ Module — Name of the module reporting the event:
❏ PS — Policy Server
❏ HA — High Availability
❏ Manager — MPE Manager
❏ Scheduled Tasks — Task Manager
■ Code — The event code. For information about event codes and
messages, see the Event Log Messages Reference Guide.
■ Severity — Severity level of the event.
■ Message — The message associated with the event. If there is
additional information available, the event entry shows as a link.
Click on the link to see additional detail in the frame below.
5 You can filter the events displayed using the following:
■ Start Date/Time — Clickithe calendar icon, select the desired
starting date and time, then click Enter.
■ Event Log Timeline — If you have configured multiple log files, the
Event Log Timeline lets you select one of them. Click on a segment
to start the search within the log file represented by that segment.
■ Modules — Filter by originating module (such as DC, HA, Scheduled
Tasks, or Manager). Only events from the selected module(s) appear.

Policy Server Logs
■ Severity — Filter by severity level. Events with the selected severity

and higher are displayed. For example, if the severity selected is
Warning, the event log displays events with the severity levels
Warning, Error, Critical, Alert, and Emergency.
■ Contains — Enter a test string to search for. For example, if you
enter “connection,” all events containing the word “connection”
appear.
After entering the filtering information, click Refresh. The selected
events are displayed.
Figure 18: Event Log Viewer Page
Refreshing the display Events that occur after the Event Log Viewer starts are not visible until
you refresh the display. To refresh the display, click one of the following
buttons:
■ Refresh — Applies filter settings and refreshes the display. This
displays the most recent log entries that fit the filtering criteria.
■ Refresh Default — Removes all filtering values and refreshes the
display. This displays the most recent log entries.
■ Next/Prev — Once the number of event log entries exceeds the page
limit, pagination is applied. Use the Prev and Next buttons to
navigate through the event log entries. When the Next button is not
visible, you have reached the most recent log entries.
■ Close — Closes the Event Log Viewer.

Configuring the Event Log
To configure the event log:
work area.
2 To modify event log settings, click Modify. The Modify Log Settings page
opens.
3 In the Modify Event Log Settings section of the page, configure the
following:
■ Event Log Level — indicates the severity of messages that are
written to the event log files. These severity levels correspond to
syslog message severities from RFC 3164. Adjusting this setting
allows any new events, at or above the configured severity, to be
recorded in the Event Log. Valid levels are:
❏ Emergency — Provides the least amount of logging, recording
only those events causing the system to be unusable.
❏ Alert — Action must be taken immediately in order to prevent an
unusable system.
❏ Critical — Events causing service impact to operations.
❏ Error — Events describing any internal, non-service impacting, or
error.
❏ Warning — Messages that, if left unattended, may cause service
impact. This is the default value.
❏ Notice — Provides messages that may be of significant interest
that occur during normal operation.
❏ Info — Informational messages that occur during normal
operation. This setting slows down MPE processing.
❏ Debug — Provides the greatest amount of logging. This setting is
not recommended except in controlled environments.
CAUTION: Consider the implications of changing the default

logging level. Lowering the log level setting from its default
value (for example, from “Warning” to “Info”) causes more
events to be written to the log files and can adversely affect
performance. On the other hand, raising the log level setting
(for example, from “Warning” to “Alert”) can cause you to
miss important events.
This setting determines what messages are forwarded. For

example, if this setting is defined as “Warning,” a Debug message
is not forwarded, even if a forwarding server is set to accept it.
■ Event Log File Size (in KB) — Sets the maximum size of the event log
file, from 512 KB to 32768 KB.
■ Number of Log Files — Select a number from 2 through 8 to specify
the number of event logs saved in addition to the active event log
file.
■ Event Log Forward IP Address 1 — Event log entries can be
forwarded to multiple syslog servers; this sets the first syslog server
address. If you do not want to forward events to this server, leave

Policy Server Logs
the default address of 0.0.0.0. To filter the log level sent to this
server, select a level; all messages at or above this value are
forwarded. The default level is “Warning.”
■ Event Log Forward IP Address 2— Sets the second syslog server
■ Event Log Forward IP Address 3 — Sets the third syslog server
■ Event Log Forward IP Address 4 — Sets the fourth syslog server
■ Event Log Forward IP Address 5 — Sets the fifth syslog server
■ Event Log Forward Facility — Indicates the facility to associate with
a forwarded event log message; this setting is only applicable when
one or more Event Log Forwarding IP addresses is configured.
The facility values correspond to syslog message facilities from RFC
3164:
Name Syslog Code Facility

LOCAL 0 16 local use 0
Note: Local use 7 is reserved for Linux boot messages.

Alerts Alerts are issued when your network topology nears or exceeds the
maximum bandwidth limits set. For information on how alerts are
displayed, see “Viewing Alerts” on page 149.
To configure alerts:
work area.
2 In the Alert Configuration area, select or deselect Enable Alerts.

3
PROTOCOL ROUTING
Routing enables the MPE device to forward requests to other policy

servers for further processing. The following routing messages and
protocols are supported:
■ PacketCable MultiMedia (PCMM) messages

■ PCMM Routing Architectures
■ Configuring PCMM Routing

CHAPTER 3: PROTOCOL ROUTING
PCMM Routing Architectures

There are two architectures you can employ with PCMM routing:
Hierarchical and Mesh.
■ Hierarchical — There is a top-level MPE and one or more
bottom-level MPE clusters. A PCMM message is sent to the top-level
MPE, which then forwards the message to the appropriate MPE below
based on the subscriber IP address in the message.
■ Mesh — There is a set of two or more MPE clusters, but there is no
top-level cluster. If you imagine three MPE clusters arranged in a
triangle, a PCMM message coming into any one of these clusters can
be forwarded out to any of the other two MPE clusters. Each cluster
points to the other cluster.
In either architecture, a PCMM message is handled by the MPE cluster to

which it is sent. For example, in the hierarchical architecture, if a
PCMM message comes into the top-level MPE cluster, that cluster
handles the message itself if the appropriate CMTS is associated with it.
The message does not have to be forwarded.

Configuring PCMM Routing
Configuring PCMM Routing

To configure PCMM routing:
displays a list of policy server groups.
3 On the Policy Server Administration page, select the Routing tab. The
PCMM Routing configuration settings are displayed.
4 Click Modify. The Modify Routing Configuration page opens (Figure 5).
5 Set the following values:
■ Execute Policies for Routed Traffic — If this checkbox is enabled,
the policy server applies its locally configured policies to any
requests before forwarding them to another policy server. Typically,
this feature is disabled, as the policy server that is receiving the
request is also applying policies. However, in an environment where
you apply different types of policies within the two policy servers
this might be useful. Enabling this feature typically causes a
reduction in the performance of the routing feature.
■ Downstream Policy Servers — This is a list of policy servers to which
this policy server can forward requests. You can change this setting
by clicking on the policy servers in the list. Highlighted policy servers
are included; others are not.
■ Subnets — This is a read-only field that is visible only if you have
selected an MPE in the Downstream Policy Server list; it lists all the
subnets associated with the Downstream policy servers.

CHAPTER 3: PROTOCOL ROUTING
Figure 19: Modify Routing Configuration Page

4
MANAGING NETWORK ELEMENTS
This chapter describes how to manage network elements within the MPE
Manager. This chapter discusses the following topics:
■ Creating a Network Element
■ Configuring Options for Network Elements
■ Working with Network Element Groups
■ Associating a Network Element with a Policy Server
■ Adding Network Elements to the MPE Manager
A network element is a high-level device, server, or other entity within

your network for which you would like to use the MPE to manage Quality
of Service (QoS). Examples include a cable modem termination system
(CMTS), a packet-switched data network (PDSN), a router, a server, or a
zone. Once you have defined a network element in the MPE Manager,
you associate it with the MPE device that you will use to manage that
element.
There are also lower-level entities within the network that the MPE
device manages that are not considered network elements. These are
sub-elements, such as a channel within a CMTS or an interface on a
router, or devices that are connected directly to network elements,
such as a cable modem connected to a CMTS. Typically, there is no need
to define these lower-level entities because once a network element is
associated with an MPE device, the lower-level devices related to that
network element are discovered and associated automatically.
Create a network element profile for each device you are associating
with an MPE device. After defining a network element in the MPE
Manager, you must configure its protocol options. The options available
depend on the network element type.
Once you define network elements, you can combine them in network
element groups.

CHAPTER 4: MANAGING NETWORK ELEMENTS
Creating a Network Element

You must create a network element for each device associated with any
of the MPEs within the network. To create a network element:
1 From the navigation pane, select Network Elements. The content tree
displays a list of network element groups; the initial group is ALL.
2 From the content tree, select the network element group in which you
want to define the network element. (See “Working with Network
Element Groups” on page 66 for information on creating network
element groups.) The Network Element Administration page opens in
the work area.
3 On the Network Element Administration page, click Create Network
Element. The New Network Element page opens (Figure 20).
4 Enter information as appropriate for the network element:
■ Name (required) — The name you assign to the network element.
Enter up to 250 characters.
■ Host Name/IP Address (required) — Registered domain name or IP
address assigned to the network element.
■ Backup Host Name — Alternate address that will be used if
communication between the MPE device and the network element’s
primary address fails.
■ Description/Location — Any information that helps identify the
network element within the network. Enter up to 250 characters.
■ Type (required) — Select the type (and, as appropriate, the
sub-type) of network element.
■ SNMP Read Community String — A password-like field that allows
read-only access to the network element’s MIBs used for SNMP
polling. If a value is not entered, SNMP data is not collected from
this network element.
■ Capacity — The bandwidth allocated to this network element.
■ Links to other Network Elements — Specifies the links (paths) to
other network elements.
5 Select a policy server to associate it with this network element (see
“Associating a Network Element with a Policy Server” on page 72).
6 To add a network element to a network element group, select the
desired group (see “Adding a Network Element to a Network Element
network element is displayed in the Network Element Administration
page.

Figure 20: New Network Element Page

Modifying a Network To modify a network element:

Element
2 From the content tree, select the desired network element. The
Network Element Administration page opens in the work area.
3 On the Network Element Administration page, click Modify. The Modify
Network Element page opens (Figure 21).
4 Modify network element information as required. For a description of
the fields contained on this page, see “Creating a Network Element” on
page 58.
Figure 21: Modify Network Element Page

Deleting Network Deleting a network element from the ALL group also deletes it from any
Elements associated group.
To delete a network element:

2 From the content tree, select the ALL group. The Network Element
policy servers; for example:
3 From the work area, click the Delete icon located next to the network
element you want to delete.
You are prompted: “Are you sure you want to delete this Network
Element?” Click OK to delete the network element (or Cancel to cancel
the request).

Bulk delete To perform a bulk delete:
2 From the content tree, select ALL. The Network Element Administration
page opens in the work area.
3 On the Network Element Administration page, click Bulk Delete. The
Bulk Delete Network Elements page opens. Figure 22 shows an example.
By default, the Search Pattern entry box is empty; enter an asterisk to
generate a global search.
4 Select the desired network elements or network element groups to
delete.
5 Click Bulk Delete to delete the network element or group from the MPE
Manager and all the associated policy servers, or Cancel to cancel the
request.
Figure 22: Bulk Delete Network Elements Page

Finding a Network The MPE Manager Search function lets you find a specific network
Element element located within a large network element configuration. To
search the MPE Manager for a particular network element:
2 From the content tree, select ALL. The Network Element Administration
3 On the Network Element Administration page, click Search. The
Network Element Search Criteria window opens (Figure 23).
Figure 23: Network Element Search Criteria Window
4 Enter the desired search criteria:

■ Name — The name assigned to the network element.
■ Hostname/IP Address — The domain name or IP address of the
network element.
■ Description — The information pertaining to the network element
that helps identify it within the network. Enter up to 250 characters.
Note: Searches are not case sensitive. Criteria can be entered

using the wildcard characters '*' and '?'.
5 After entering all search criteria, click Search (or Cancel to cancel the
request). The search results are displayed; for example:

Configuring Options for Network Elements

The following subsections describe how to configure options for a given
network element type.
Note: Configuration changes made in the MPE Manager could potentially

be reverted on an MPE device if the scheduled run time of the OSSI
Distributor task on the Management Agent is before the scheduled rule time
for the MPE Manager. The discrepancy is resolved when the OSSI Distributor
Task runs on the MPE Manager.
CMTS To configure options for a CMTS:

2 Select a network element from the content tree. The Network Element
3 On the Network Element Administration page, select the CMTS tab and
then click Modify. The Modify Network Element page opens. Figure 24
shows a sample.
4 Configure the following information:
■ Configuration Features
❏ PCMM Enabled — Indicates whether the CMTS supports PCMM or
not. If this is enabled and this network element is associated with
a policy server, the policy server establishes a PCMM connection
to the CMTS. If this is disabled and this network element is
associated with a policy server, this invokes a special feature of
the policy server called Camiant Admission Control (CAC) for this
CMTS. When CAC mode is turned on for a CMTS, if the policy
server receives any PCMM messages that should be sent to that
CMTS, the policy server generates simulated responses for those
messages rather than rejecting them.
❏ DQOS Enabled — Use this checkbox to indicate that the policy
server should establish a DQOS connection to the CMTS.
CAUTION: Enable this option only if you are using DQOS in the
MPE and the CMTS is configured to accept a DQOS connection.
If this feature is enabled, and the CMTS is not configured to
accept the connection, many error messages can be written
to the policy server logs as the MPE repeatedly tries to
establish the DQOS connection.
■ Subnets
❏ Subnets Configured Manually — Within this field you can add or
delete subnets.
❏ Subnets Discovered via SNMP — This read-only field displays
subnets that were discovered using SNMP. If additional subnets
need to be added, they can be added by using the Subnets
Configured Manually field.

Configuring Options for Network Elements
❏ Subnets Configured via OSS — This read-only field displays

subnets that were imported via the OSS interface to the MPE
Manager.
Figure 24: Modify Network Element Page

Working with Network Element Groups
Creating a Network Network element groups let you organize network elements.
Element Group
To create a network element group:
2 From the content tree, select the ALL group. The Network Element
3 On the Network Element Administration page, click Create Group. The
Create Group editor page opens.
4 Enter the name of the new network element group. The name cannot
contain quotation marks (") or commas (,).
new group appears in the content tree.

Adding a Network Once a network element group is created, you can add individual
Element to a Network network elements.
Element Group
To add a network element to a network element group:
Network Element Administration page opens in the work area,
displaying the contents of the selected network element group.
3 On the Network Element Administration page, click Add Network
Element. The Add Network Element page opens, displaying the network
elements not already part of the group. Figure 25 shows an example.
4 Click on the network element you want to add; use the Ctrl or Shift keys
to select multiple network elements.
network element is added to the selected group.
Figure 25: Add Network Element Page

Creating a Network You can create subgroups to further organize your network element
Element Subgroup network. To add a network element subgroup to an existing network
element group:
2 From the content tree, select the desired network element group. The
Network Element Administration page opens in the work area,
displaying the contents of the selected network element group.
3 On the Network Element Administration page, click Create Sub-Group.
The Create Group page opens (Figure 26).
4 Enter the name of the new subgroup. The name cannot contain
subgroup is added to the selected group.
Figure 26: Create Group Page

Deleting a Network Removing a network element from the ALL group removes it from all
Element from a Network other groups and subgroups. Removing a network element from a
Element Group network element group or subgroup does not delete the network
element from the ALL group, from which it can be used again if needed.
To remove a network element from a network element group or

subgroup:
2 From the content tree, select the desired network element group or
subgroup. The Network Element Administration page opens in the work
area, displaying the contents of the selected network element group or
subgroup:
3 Remove the network element using one of the following methods:

■ On the Network Element Administration page, click the Delete icon
located next to the network element you want to remove.
■ From the content tree, select the network element; the Network
Element Administration page opens. Click the System tab; the
System tab opens. Click Delete.
You are prompted: “Are you sure you want to delete the Network
Element?” Click OK (or Cancel to cancel your request). The network
element is removed from the group or subgroup.

Renaming a Network To modify the name assigned to a network element group or subgroup:
Element Group
2 From the content tree, select the network element group or subgroup.
The Network Element Administration page opens in the work area.
3 On the Network Element Administration page, click Modify. The Modify
Group page opens (Figure 27).
4 Enter the new name in the Name field. The name cannot contain
5 When you finish, click Save (or Cancel to cancel the request). The group
is renamed.
Figure 27: Modify Group Page

Deleting a Network Deleting a network element group also deletes any associated
Element Group or subgroups. However, any network elements associated with the deleted
Subgroup groups or subgroups remain in the ALL group. You cannot delete the ALL
group.
To delete a network element group or subgroup:

displays a list of network element groups.
2 From the content tree, select the network element group or subgroup.
The Network Element Administration page opens in the work area,
displaying the contents of the selected network element group or
subgroup; for example:
3 On the Network Element Administration page, click Delete. You are

prompted, “Are you sure you want to delete this Group?”
4 Click OK (or Cancel to cancel the request). The group is deleted.

Associating a Network Element with a Policy Server

To associate a network element with a policy server:
3 On the Policy Server Administration page, select the Policy Server tab.
In the Associations section of the page, the network elements
associated with this policy server are displayed.
4 Click Modify. The Modify Policy Server page opens. Figure 28 shows an
example.
5 To the right of the list of network elements in the Associations section,
click Manage. The Select Network Elements window opens:
6 Select the desired network elements and click -->. To select multiple
entries, use the Ctrl and Shift keys.
7 When you finish, click OK (or Cancel to discard your changes). The
selected network elements are added to the list of network elements
managed by this MPE device.
8 To associate a network element group with the policy server, select the
group from the list of network element groups located under
Associations.

Associating a Network Element with a Policy Server
Figure 28: Modify Policy Server Page

Adding Network Elements to the MPE Manager

In addition to defining network elements manually, you can add network
elements to the MPE Manager using the OSSI XML Interface or by
importing or exporting from an XML file. This section describes the XML
bulk import process and the OSSI XML Interface (OSSI).
Using the OSSI XML The OSSI XML interface provides access to raw data in the system
Interface directly via HTTP. The system data is entered and returned as XML
documents in accordance with defined schemas. The schema for the
input XML is provided to specify exactly which attributes of a network
element are permitted on import, as well as the formatting for those
attributes.
You can also define network element groups as part of the XML file and
imported within the same file. Groups let you define a logical
organization of network elements within the MPE Manager at the time of
import. Group structures include not only group attributes, but also
relationships between groups, subgroups, and elements.
The OSSI XML interface is divided into two areas:

■ Topology Interface — Allows you to query and manage network
elements within the system
■ Operational Measurements (OM) Interface — Allows you to retrieve
statistical data from the system
For detailed information, see the OSSI XML Interface Definition.
Importing an XML File to During the import process, network elements are read one at a time
Input Network Elements from the user-specified XML file. Each network element is then
validated and checked against the existing database for collisions.
Collisions are detected based on the network element name, which is
considered a unique key to the element. If that network element
already exists within the system, the existing element’s attributes are
updated (overwritten) by the attributes specified in the XML file being
imported. If that network element does not exist within the system, the
network element is created and imported as a new network element.
Camiant recommends that you export the existing database of network

elements before starting an import to ensure that you can recreate the
previous state if necessary (see “Exporting an XML File” on page 75).
To use an XML file to input defined network elements:

1 From the navigation pane, select Import/Export. The Import/Export
page opens in the work area (Figure 29).
2 On the Import/Export page, click Browse and locate the XML import
file.
3 Click Import.
Following the import, status messages provide the total counts of all
successful imports, updates, and failures. Click Details (the button is

Adding Network Elements to the MPE Manager
below the status messages) to open a window containing detailed

warnings and errors for each object. The error messages contain
identifying information for the XML structure that caused the error,
allowing you to pinpoint and fix problems in the XML file.
Figure 29: Import/Export Page
Exporting an XML File The Export feature outputs an XML file containing structures for all
network elements, interfaces, subnets, links, and network element
groups within the MPE Manager, in the same schema used on import.
This allows you to export to an XML file and then import that same file,
performing a restore or backup. The export file can also be transferred
to a third-party system.
To export an XML file:

1 From the navigation pane, select Import/Export. The Import/Export
2 On the Import/Export page, select the type of export: Network
Elements, Traffic Profiles, Charging Servers, Tiers, Time Periods,
Applications, or Entitlements.
3 Click Export. You are prompted, “Do you want to open or save this file?”
4 Click Save and save the file to the desired location (or Cancel to cancel
the request).

5
MANAGING APPLICATION PROFILES
This chapter describes how to manage application profiles within the

MPE Manager. This chapter discusses the following topics:
■ Creating an Application Profile
■ Modifying an Application Profile
■ Deleting an Application Profile
An application is a service that you provide (typically to users of your

network) for which you would like to manage quality of service (QoS).
Examples include services like VoIP telephony, video on demand (VoD),
and gaming. Once you have defined an application in the MPE Manager,
you associate it with the policy servers that will manage that
application.
When you are providing application services in your network, there are
usually one or more servers within your network that are used to
manage that service. These systems are referred to as Application
Managers or Application Servers. When these systems are establishing a
session that requires quality of service they issue a request to a policy
server.
In defining an application in the MPE Manager, you specify protocol

information that can be used by the policy servers to identify those
Application Managers and thus associate each request with its
associated application. This allows the policy server to apply policy
rules to the request that you have defined for the associated
application. Though configuring an application is optional, it can be very
useful for creating policies.

CHAPTER 5: MANAGING APPLICATION PROFILES
Creating an Application Profile

To create an application profile:
1 From the navigation pane, select Application. The content tree displays
the Applications group.
2 Select the Applications group. The Application Administration page
opens in the work area.
3 On the Application Administration page, click Create Application. The
New Application page opens (Figure 4).
4 Enter the following application profile information:
■ General Configuration
❏ Name — Name assigned to the application (for example, Rx).
❏ Description/Location (optional) — Any information that helps
identify the application.
❏ Connection IP Address(s) — Enter the IP addresses that are used
by Application Managers for this application. Click Add to include
the IP address in the connection list; to remove an address from
the list, select it and click Delete.
❏ Latency Sensitive — Select this option if the application is
latency sensitive.
■ License Tracking
❏ Tracked — Select Yes (the default) to track the application’s
sessions associated with a license. Otherwise, select No.
❏ Flows per Session — Specifies the number of upstream and
downstream sessions (1 to 4) that are allocated to this
application.
❏ License Timeout — Specifies the duration of time for which this
application requires a license. The default is 240 minutes (4
hours).
■ PCMM
❏ Application Manager IDs — Enter the PCMM AMIDs that are used
by Application Managers for this application. Click Add to define
multiple values. To delete an existing value, select it from the list
and click Delete.
❏ Session Class IDs — Enter the Session Class IDs that are used by
AMs for this application. Click Add to define multiple values. To
delete an existing value, select it from the list and click Delete.
■ Diameter
❏ Diameter Identity — Enter the Diameter identity (typically a fully
qualified domain name) or identities used by application
functions for this application. Click Add to define multiple
values. To delete an existing value, select it from the list and
click Delete.
Now you can associate the application with the profile of the desired
policy server (see “Managing Policy Servers” on page 19).

Creating an Application Profile
Figure 30: New Application Page

CHAPTER 5: MANAGING APPLICATION PROFILES
Modifying an Application Profile

To modify an application profile:
3 On the Application Administration page, select the application profile
you want to modify and click Modify. The application profile editor page
opens.
4 Modify the application profile information as necessary. See the
previous section for a description of the fields contained within this
page.
Deleting an Application Profile

To delete an application profile:
2 On the Application Administration page, select the application profile
you want to delete.
3 Delete the application profile using one of the following methods:
■ From the work area, click the Trash Can icon located next to the
profile you wish to delete.
■ From the Applications tree, select the application and click Delete.
You are prompted: “Are you sure you want to delete this Application?”
Click OK to delete the application profile from the MPE Manager and all
policy servers (or Cancel to cancel the request).

6
MANAGING TRAFFIC PROFILES
This chapter defines how to manage traffic profiles in the MPE Manager.
■ Creating a Traffic Profile
■ Modifying a Traffic Profile
■ Deleting a Traffic Profile
■ Working with Traffic Profile Groups
A traffic profile is a set of values defined for a set of parameters that

are used in protocol messages within the MPE device. Typically, these
traffic profile values are used to define the Quality of Service (QoS) for
sessions that are managed by those protocol messages.
Traffic profiles are used in the MPE device under several situations; for
example:
■ They define default settings for protocol messages (see “Configuring
SSL Certificates” on page 33)
■ They modify protocol messages thus modifying the QoS for sessions
managed by those messages (see “Creating a New Policy” on
page 116)
A traffic profile can be applied by a policy rule trigger, or a traffic

profile can be applied by default if no policy rule is triggered.
Each traffic profile has a type associated with it. Since each protocol
supports different parameters for controlling QoS settings, the available
MPE parameters depend on the underlying protocol. Therefore, each
profile type is associated with a single protocol, but a single protocol
can support multiple profile types.
You can create multiple traffic profiles of the same type, as the values
of the parameters for each profile determine the actual QoS that is
associated with that profile.
For example, one possible set of traffic profiles is as follows:

■ Default — Default predefined profile
■ P2P — profile for peer-to-peer traffic
■ RATE_LIMIT_128K — profile to limit download rate to 128 Kbps
■ RATE_LIMIT_64K — profile to limit download rate to 64 Kbps

CHAPTER 6: MANAGING TRAFFIC PROFILES
Creating a Traffic Profile

To create a traffic profile:
1 From the navigation pane, select Traffic Profiles. The content tree
displays the Traffic Profiles group.
2 Select the Traffic Profiles group.The Traffic Profile Administration page
3 On the Traffic Profile Administration page, click Create Traffic Profile.
The New Traffic Profile page opens (Figure 31).
4 Enter the following information:
■ Name — The name assigned to the profile.
■ Traffic Profile Type —
❏ Best Effort
❏ Diameter QoS
❏ Downstream
❏ Non-Real-Time Polling
❏ RSVP Flow Spec
❏ Real-Time Polling
❏ Service Class
❏ Unsolicited Grant
❏ Unsolicited Grant with Activity Detection
■ Protocol Fields — The set of protocol fields contained within the
Traffic Profile page varies depending on the Traffic Profile Type
selected.

Creating a Traffic Profile
Figure 31: New Traffic Profile Page

Modifying a Traffic Profile

To modify a traffic profile:
opens.
2 From the content tree, select the Traffic Profiles group. The Traffic
Profile Administration page opens.
3 Select the profile you want to modify and click Modify. The New Traffic
Profile page opens (Figure 32).
4 Modify profile information as required. For a description of the fields
contained on this page, see “Creating a Traffic Profile” on page 82.
5 When you finish, click Save.
Figure 32: Modifying a Traffic Profile

Deleting a Traffic Profile
Deleting a Traffic Profile

To delete a traffic profile:
opens.
2 From the content tree, select the Traffic Profiles group. The Traffic
Profile Administration page opens.
3 Select the traffic profile you want to delete.
4 Delete the traffic profile using one of the following methods:
■ From the work area, click the Trash Can icon located next to the
traffic profile you want to delete.
■ From the content tree, select the traffic profile and click Delete.
5 You are prompted, “Are you sure you want to delete this Traffic
Profile?” Click OK to delete the traffic profile or Cancel to cancel the
request.

Working with Traffic Profile Groups

The creation of traffic profile groups is consistent with the group
creation for any other component within the MPE Manager. To create a
traffic profile group, see “Creating a Policy Server Group” on page 27
for a basic understanding of the group creation process.
Once the traffic profile group is created, it can be populated with

individual traffic profile profiles.
Adding a Traffic Profile Adding traffic profiles to a traffic profile group is consistent with the
to a Traffic Profile Group addition of any other component within the MPE Manager. To add a
traffic profile to a traffic profile group, see “Adding a Policy Server to a
Policy Server Group” on page 28 for a basic understanding of the
addition process.
Deleting a Traffic Profile Deleting traffic profiles from a traffic profile group is consistent with
from a Traffic Profile the deletion of any other component within the MPE Manager. To delete
Group a traffic profile from a traffic profile group, see “Removing a Policy
Server Profile from a Policy Server Group” on page 31 for a basic
understanding of the deletion process.
Note: This procedure only removes a traffic profile from a group folder.
It does not delete the traffic profile from the ALL group folder, so it can
be used again if needed.
Modifying a Traffic Modifying a traffic profile group name is consistent with the
Profile Group Name modification of any other group name within the MPE Manager. To
modify a traffic profile group name, see “Renaming a Policy Server
Group” on page 30 for a basic understanding of the modification
process.
Deleting a Traffic Profile Deleting a traffic profile group is consistent with the deletion of any
Group other group within the MPE Manager. To delete a traffic profile group,
see “Deleting a Policy Server Group” on page 32 for a basic
understanding of the deletion process.
Note: In doing a group deletion, only the traffic profile group is

removed. The traffic profiles assigned to the group remain in the ALL
group.

7
EVENT MESSAGING
This chapter describes how to use the MPE Manager to configure and
manage Event Messaging and the Record Keeping Server that receives
the messages.

■ Overview
■ Configuring Global Settings for Event Messaging
■ Configuring the Record Keeping Server

CHAPTER 7: EVENT MESSAGING
Overview
Event messaging is the standard mechanism (as defined in PCMM
specification PKT-SP-MM-I03) by which an external server can be
notified when certain PCMM events occur. The external server that is
notified is referred to as a Record Keeping Server (RKS). These event
messages (EMs) are then correlated by the RKS to derive service billing
information, network resource usage patterns, capacity planning, and
so on.
Note: Most of the behaviors described in this chapter are standard

behaviors defined in PCMM specification PKT-SP-MM-I03. For more
specific details on the algorithms or protocols involved in event
messaging, refer to the PCMM specification.
In the PCMM architecture, event messages can be sent from a policy

server or a CMTS. A CMTS sends event messages only when instructed to
do so by the policy server (via signaling that is part of the PCMM
protocol). This is determined on a per-gate basis — the policy server
only instructs the CMTS to send event messages for gates for which it is
also sending event messages. An AM does not send any event messages,
but it can request the policy server to send them for any gates that it
creates. This is accomplished by including a special object (called an
Event Generation Info object) with the gate creation request.
Event message algorithm The policy server uses an algorithm to determine if it should send event
messages. As mentioned previously, this algorithm also determines
whether the policy server will instruct the CMTS to send event
messages.
The algorithm is as follows:

1 If Event Messaging support is disabled, then no messages are sent.
2 If the required Event Messaging attributes are not configured, then no
messages are sent. The required attributes are the FEID Domain and the
Element ID.
3 If the AM has included an Event Generation Info object with a gate
creation request, the contents of that object are examined:
■ If the object refers to an RKS that is configured on the policy server,
the event messages are sent to that RKS for all operations performed
on that gate.
■ If the object refers to an RKS that is not configured on the policy
server, then it is ignored.
4 If a default RKS is configured on the policy server, then event messages
are sent to the default RKS for all operations on that gate. If not, no
event messages are sent.
If you want to ensure that event messages are sent for every operation
that is performed, then configuring a default RKS will accomplish that.
However, there is one important limitation to this type of configuration.

Overview
When an AM requests event messages to be sent as part of that request,

it includes a piece of information called the Billing Correlation ID (or
BCID). The purpose of this BCID is to make it easier for the RKS to
correlate events that are associated with the same application session.
Since this is initiated from the AM, it can use the same BCID to associate
events for multiple gates together. Since most applications use multiple
gates for a single application session, this is a very desirable feature.
When your event messages are generated by the policy server using a
default RKS, there is no BCID that is available from the AM. In this
situation, the policy server generates a unique BCID for each gate.
Consequently. it is not possible to correlate multiple gates together
when using this type of event messaging configuration.
Event messaging attributes Event messaging is configured in the MPE Manager by configuring a set
of attributes. Each of these attributes is set either globally (shared by
all policy servers) or on a per-policy-server basis. You can configure an
attribute globally and then override it for a specific policy server.
For detailed instructions on setting these attributes for all policy

servers, see “Configuring Global Settings for Event Messaging” on
page 90 and “Configuring Local Policy Server Settings for Event
Messaging” on page 92.

Configuring Global Settings for Event Messaging

To configure global event message settings:
1 From the navigation pane, select Event Messaging. The Event Messaging
Administration page opens.
2 On the Event Messaging Administration page, click Modify. The Modify
Event Messaging page opens. Figure 33 shows an example.
3 Configure the attributes as follows:
■ Enable — Indicates event messaging is enabled. If this value is set to
Yes, event messages can be sent from the policy server (depending
on the algorithm described earlier). If this value is set to No, event
messages are not sent.
■ FEID Prefix — The 8-byte prefix used in the Financial Entity ID (FEID)
in event messages. As defined in the PCMM specification, the first 8
bytes of the FEID constitute operator-defined data. If this value is
not defined, these bytes are zero-filled.
■ FEID Domain — The domain name used in the FEID in event
messages. As defined in the PCMM specification, this is the MSO's
domain name, which uniquely identifies the operator for billing and
settlement purposes. This domain name is limited to 239 characters.
■ Record Keeping Server List — The list of configured RKSs. If you are
configuring event messaging in your network so that the AMs request
event messages, then the RKSs configured in the AMs are configured
in the policy server as well.
■ Default Record Keeping Server — Defines the default RKS for event
messaging.

Figure 33: Modify Event Messaging Page

Configuring Local Policy The MPE lets you configure how event messages are handled for a
Server Settings for Event specific policy server. Local settings override global settings for event
Messaging messaging.
To configure the Event Messages settings for a policy server:

displays a list of policy server groups; the default group is ALL.
3 On the Policy Server Administration page, select the EM tab. The
current configuration settings are displayed.
4 Click Modify. The Modify Event Messaging page opens (Figure 34).
5 Configure the attributes as follows. Select the Overrides radio button to
configure the value only for this policy server.
■ Element ID — This attribute is set on a per-policy-server basis. The
Element ID is used when the policy server sends event messages. As
defined in the PCMM specification, this is a 5-digit value (between 0
and 99999) that must be unique within the network among all
elements that send event messages. Therefore, this value must be
unique among all policy servers and CMTSs within your network.
■ Enable — Indicates event messaging is enabled. If this value is set to
Yes, event messages can be sent from the policy server (depending
on the algorithm described earlier). If this value is set to No, event
messages are not sent.
■ FEID Prefix — The 8-byte prefix used in the Financial Entity ID (FEID)
in event messages. As defined in the PCMM specification, the first 8
bytes of the FEID constitute operator-defined data. If this value is
not defined, these bytes are zero-filled.
■ FEID Domain — The domain name used in the FEID in event
messages. As defined in the PCMM specification, this is the MSO's
domain name, which uniquely identifies the operator for billing and
settlement purposes. This domain name is limited to 239 characters.
■ Record Keeping Server List — The list of configured RKSs. If you are
configuring event messaging in your network so that the AMs request
event messages, then the RKSs configured in the AMs are configured
in the policy server as well.
■ Default Record Keeping Server — Defines the default RKS for event
messaging.

Figure 34: Modify Event Messaging Page

The Record Keeping Server

An external server that receives event messages is known as a Record
Keeping Server (RKS). To use event messaging, you must configure one
or more RKSs, and then associate them with policy servers, either by
adding them to the Record Keeping Server List, or by defining one as the
default RKS.
When configuring an RKS, note that a single RKS may correspond to a

single external server, but it may also correspond to a pair of external
servers. This depends on how the RKS handles failover situations.
As defined in the PCMM Specification, an RKS is uniquely identified by

the following:
■ Primary IP Address
■ Primary Port
■ Secondary IP Address
■ Secondary Port
If you have a single server that provides both a primary and secondary
address, you can configure it as a single RKS. If you have two servers,
each of which only provides a single IP address/port, then you could
either configure both of them as a single RKS (that acts as a backup
pair) or you could configure them as two separate RKSs, each with a
Primary address/port and no Secondary address/port. However, if an
RKS does not have a Secondary address/port, then that RKS will not be
able to participate in the RKS failover mechanism as defined in the
PCMM specification.
Creating an RKS Profile To configure an RKS profile, complete the following:

1 From the navigation pane, select Record Keeping Server. The content
tree displays the Record Keeping Servers group.
2 Select the Record Keeping Servers group. The Record Keeping Server
3 On the Record Keeping Server Administration page, click Create Record
Keeping Server. The New Record Keeping Server page opens
(Figure 35).
■ Name — Name assigned to the RKS profile.
■ Description/Location (optional) — Information pertaining to the RKS
that helps identify it within the network or location.
■ Primary Address — IP address of the primary RKS.
■ Primary Port — IP port number of the primary RKS. The default port
is 1813.
■ Secondary Address (optional) — IP address of the secondary RKS.
■ Secondary Port (optional) — IP port number of the secondary RKS.
The default port is 1813.

The Record Keeping Server
Figure 35: New Record Keeping Server Page
Modifying an RKS Profile To modify an RKS profile:
3 On the Record Keeping Server Administration page, click on the RKS you
wish to modify. Configuration information for that RKS is displayed.
4 Click Modify. The Modify Record Keeping Server page opens.
5 Modify configuration information as needed.
Deleting an RKS Profile To delete an RKS profile:

3 Delete the desired RKS profile using one of the following methods:
■ Click the Trash icon located next to the profile you want to delete.
■ From the content tree, select the profile; the Record Keeping Server
Administration page opens. Click Delete.
You are prompted: “Are you sure you want to delete this Record Keeping
Server?”
4 Click OK (or Cancel to cancel the request). The RKS profile is deleted.

8
MANAGEMENT AGENT SERVERS
This chapter describes how to configure and manage a Management

Agent (MA) server.

■ Creating a Management Agent Profile
■ Management Agent Tasks
■ Using the Management Agent Event Log Viewer
The MA server is designed specifically for network architectures that

require a distributed topology and collection framework. The MA server
is not an actively managed device, but rather a distributed system that
collects topology and network information for use with PCMM message
routing and policy decisions.
The MA server sits between the MPE Manager and one or more MPEs. The
number of MA servers and MPEs depends on the size of the network. The
groupings that define the MPEs managed by an MA server and the MA
servers managed by the MPE Manager depends on the layout of the
network.
Using the MA server provides the following primary benefits:

■ A distributed framework, allowing the complete system to segment
and process data in a parallel fashion.
■ A reduction in the management traffic across the backbone network.
All communication between the MPE Manager and the MA server is

initiated by the MPE Manager, and, optionally, is performed over a
secured interface.

CHAPTER 8: MANAGEMENT AGENT SERVERS
Creating a Management Agent Profile

To create an MA profile:
1 From the navigation pane, select Management Agent. The Management
Agent Administration page opens in the work area.
2 On the Management Agent Administration page, click Create
Management Agent. The New Management Agent page opens
(Figure 36).
3 Enter the following profile information:
■ Name — Name assigned to the MA.
■ Host Name/IP Address — Registered domain name or IP address
assigned to the MA.
■ Description/Location (optional) — Information that defines the MA’s
function or location.
■ Secure Connection — Designates whether or not to use SSL, as a
secure connection for this MA. See the Service User Interface User’s
Guide for a description of how to configure SSL (HTTPS).
■ Policy Servers — Associates one or more policy servers with this MA
server.

Figure 36: New Management Agent Page

Modifying a To modify a management agent profile:

Management Agent
Profile
2 From the content tree, select the management agent you want to
modify. The management agent is displayed in the Management Agent
Administration page.
3 On the Management Agent Administration page, click Modify. The
Modify System Settings page opens. Figure 37 shows an example.
4 Edit the profile information (see “Creating a Management Agent Profile”
on page 98 for descriptions of these fields) as desired.
Figure 37: Modify System Settings Page

Deleting a Management To delete a management agent profile:

Agent Profile
2 Use one of the following methods to select the management agent
profile to delete:
you want to delete.
■ From the policy group tree, select the policy; the management agent
is displayed in the Management Agent Administration page. Click
Delete.
You are prompted: “Are you sure you want to delete this Management
Agent?” Click OK to delete the management agent (or Cancel to cancel
the request).
Reapplying a To reapply a configuration to a management agent server:

Management Agent
Profile Configuration
2 Select the management agent you want to reapply. The management
agent is displayed in the Management Agent Administration page.
3 On the Management Agent Administration page, click Reapply
Configuration. The management agent profile information is pushed to
the management agent server.
Note: The Reapply Configuration process can take up to 30 minutes.

However, this process runs in the background and allows you to continue
to use the MPE Manager, with the exception of the MA feature.

Management Agent Tasks

A set of configurable management agent tasks collect and distribute
data:
■ Subnet SNMP Collector — The SNMP Subnet Collector task allows you
to collect all subnet information residing on the CMTSs. This occurs
by polling, via SNMP, all CMTSs for all subnets and then updating the
MA with these subnets.
■ Service Class SNMP Collector — The Service Class SNMP Collector
task allows you to collect all service class information residing on the
CMTSs. This occurs by polling, via SNMP, all CMTSs for all service class
information and then updating the MA with this information.
■ Subscriber SNMP Collector — The Subscriber SNMP Collector task
allows you to use SNMP to poll the CMTSs for their subscriber
topology data (such as CPE IPs, CM MACs, and channel data) and then
to update the MA with this information.
■ CMTS Distributor — The CMTS Distributor task allows you to
distribute CMTS, Subnet, and Service Class data to the MPEs.
■ Subscriber Distributor — The Subscriber Distributor task reads the
subscriber topology data from the MA database and distributes it to
the appropriate MPEs.
Managing Management To view the current MA task status and the current scheduled data
Agent Tasks processing:

2 From the content tree, select the desired management agent. The
management agent is displayed in the Management Agent
3 On the Management Agent Administration page, select the Tasks tab.
The various configurable tasks are displayed. Figure 38 shows a sample.

Management Agent Tasks
Figure 38: Management Agent Tasks Tab
4 To view the status and the current execution schedule for a specific
task, click the task name. Detailed information is displayed; for
example:

5 Click one of the following buttons:

■ Reschedule — Reschedules when the task process starts:
❏ Click on the calendar Icon, select the date and time, and then
click Enter.
❏ Define the run interval. Valid values are from 0 to 24 hours and 0
to 55 minutes (in 5-minute increments).
❏ Define the task, if any, that this task follows.
❏ When you finish, click Save to save the information to the MA (or
Cancel to discard your changes).
■ Run Now — Runs the task process immediately.
■ Disable/Enable — Disables or enables this feature.
■ Refresh — Refreshes the current page.
■ Cancel — Ignores any information added and closes this page.

Using the Management Agent Event Log Viewer

To view the management agent event log or modify the MA Event Log
viewer configuration:
2 From the content tree, select the desired management agent. The
management agent is displayed in the Management Agent
3 On the Management Agent Administration page, select the Logs tab.
The current Event Log configuration is displayed. Figure 39 shows an
example.
Figure 39: Management Agent Logs Tab
4 To view the Event Log or to define event log filtering, click the View
Event Log link. The Event Log Viewer page opens. Figure 40 shows an
example.

Figure 40: Event Log Viewer

Filtering the Event Log You can filter the events that display using the following:
■ Event Log Timeline — Narrows the time from which event logs are
displayed by allowing you to select a region in the timeline.
■ Start Date/Time — Click the calendar icon, select the date, enter
the desired time, and click Enter.
■ Modules — Allows you to sort by module (such as DC). Only events

from the selected module(s) appear.
■ Severity — Allows you to filter by severity level. Event logs with the
selected severity and higher are displayed. For example, if the
severity selected is Warning, the event log displays events with the
severity levels Warning, Error, Critical, Alert, and Emergency.
After entering the filtering information, click one of the following
buttons:
■ Refresh — Applies filter settings and refreshes the event log display.
■ Refresh Default — Refreshes the event log display to its original
default values.
■ Next/Prev — Once the number of event log entries exceeds the page
limit, pagination is applied. Use the Prev/Next buttons to navigate
through the event log entries.
■ Close — Closes the event log viewer.
All events contain the following information:
■ Date/Time — Time when the event occurred. This time is relative to
the server time.
■ Module — Name of the module reporting the event.
■ Code — The event code.
Click on the link to see additional detail in the frame below.

9
MANAGING POLICY RULES
This chapter describes how to create policy rules and policy groups. This
chapter discusses the following topics:
■ Creating, Evaluating, and Deploying Policy Rules
■ Creating a New Policy
■ Policy Templates
■ Managing a Policy Group
■ Import/Export Policies, Policy Groups, Templates
■ Policy Log

CHAPTER 9: MANAGING POLICY RULES
Creating, Evaluating, and Deploying Policy Rules

The following topics provide an overview of how policy rules are
created, evaluated, and deployed.
Creating Policy Rules Policy rules are created (and modified) using the Policy wizard in the
MPE Manager. Understanding how a policy rule is structured is helpful in
understanding some of the other policy management concepts.
When you define a policy rule, you select from a list of available
conditions and actions. Most of the conditions and actions are
parameterized (they contain placeholders that may be replaced with
specific values to allow you to customize them as needed). For
example, consider the following policy rule:
where the device will be handling greater than 100

upstream reserved flows
apply profile Default Downstream Profile to request

continue processing message
This policy rule has two policy actions. The first action provides
parameters that let you define a specific traffic profile to be applied.
The second action instructs the policy server to evaluate the remaining
rules within the policy rules list, as opposed to immediately accepting
or rejecting the request.

Evaluating Policy Rules To write policy rules, it is important to understand how they are
evaluated by the Policy Rules Engine, and how the engine fits into the
protocol message processing within the policy server.
If you review the set of policy conditions that are available in the Policy
wizard, one thing you will discover is that there are not many
protocol-specific conditions. Although it is possible to write
protocol-specific policy rules, the Policy Rules Engine itself does not
have any protocol knowledge. Instead, it deals with a set of abstractions
that are mapped to the underlying protocol messages that are being
processed.
When the policy server receives a protocol message, the policy server
performs the initial processing of that message and then determines
whether or not the message is one that should be processed by the
Policy Rules Engine. As a general rule, protocol messages that are either
requesting bandwidth, or modifying previous requests for bandwidth,
are processed by the Policy Rules Engine. Most other protocol messages
are not. For example, a protocol message that releases bandwidth is
typically not processed by the policy rules because there is no reason to
prevent or modify that action.
Once a request is identified as a candidate for the policy rules, the

policy server then attempts to associate as much information with the
request as possible. For example:
■ Which network elements will be impacted if the request is allowed
to proceed?
■ Which application is associated with the request?
■ Which user is associated with the request?
The reason for collecting this information is to make it available to the

policy rules. The information that can be associated is largely
dependent on the protocol in question, how much information is
provided in the protocol message, and on the amount of network
topology information that has been provisioned into the policy server.
When the process of associating information with the request is

complete, the policy server analyzes the information and maps it into
two important abstractions that are central to the functioning of the
Policy Rules Engine:
■ A list of network devices that the request impacts. A network device
is any network element, or any logical or physical sub-component of
a network element, or any other network equipment. Examples
include: a router, a router interface, a PDSN, etc.
■ A list of flows associated with the request. A flow is a logical
representation of a Quality of Service (QoS) enforcement point that
is used for a specific purpose (typically in a single direction -
upstream vs. downstream). A flow is usually characterized by a
collection of bandwidth parameters. Different protocols may have a
different number of flows associated with requests. For example,
PCMM messages have only one flow per request, DQOS messages have
one or two flows per request (for each direction), RADIUS-S messages
have two flows per request.

After constructing these two lists, the Policy Rules Engine applies the
policy rules according to the
following algorithm:
For each network device:

For each flow that is being created or modified:
Evaluate all policy rules
End
End
It should be clear from this algorithm that a single message can result in
a policy rule being evaluated multiple times. This point is important to
understand to ensure that the policy rules you write operate in the way
you intended.
When there are multiple policy rules defined, they are always applied in
the same order. The only exception is when the policy actions indicate
that policy evaluation should be terminated. The policy actions are
divided into two types:
■ Optional actions
■ Required actions
You must select one, and only one, of the required actions when the
rule is created. This action determines the end result of the execution
of the policy rule. If optional actions are defined in a policy rule, they
are always performed before the required action. The required actions
are:
■ Reject message — The Policy Rules Engine aborts the normal
processing for this protocol message. For most protocols this results
in the immediate termination of policy rule processing and some
type of error response message being sent back to the originator of
the request.
The reject message can contain a numeric code (an integer between
0 and 65535) defined during policy creation that the MPE returns to
define the reason for the rejection (see “Creating, Evaluating, and
Deploying Policy Rules” on page 110).
■ Continue processing message — The Policy Rules Engine applies the
optional actions and continues processing policy rules.
■ Accept message — The Policy Rules Engine skips the rest of the
policy rules and immediately forwards the protocol message on to
the next processing step (this varies depending on the protocol).
Note: If a policy rule rejects a message, an event log message

and a syslog message are generated. Also, an alert is
generated which appears on the Network Topology page (it
does not appear in the top-level alert log).

Deploying Policy Rules Deploying a policy (or policy group) is the act of transferring the policy
from the MPE Manager to a policy server. Once deployed, the policy
rules defined within the policy or policy group are used as decision
making criteria by the policy server.
Figure 41 shows how policies P1 through P7 are created on the MPE

Manager and then deployed individually to different policy servers
within the network. Each of the policies are associated individually with
the policy servers where they are deployed. In the example, each policy
server displays the policies that have been deployed to them and the
order in which they are applied to policy requests, from top to bottom.
Figure 41: Policy Deployment
Figure 42 shows how the same library of policies can be grouped first
and then deployed as policy groups. When a policy group is created, the
policies are arranged in the order in which they are to be evaluated.
Grouping policies makes deployment of multiple policies easier and
helps to ensure consistency in how policies are applied to policy
requests on different policy servers.

Figure 42: Policy Group Deployment
When you first create a policy rule, that rule exists only within the MPE
Manager. Once the policy rule is deployed, any change to the policy rule
is automatically redeployed when you complete your changes.
Automatic redeployment also applies to policy groups as well. Any
changes to a policy group triggers automatic redeployment. If you add a
policy rule that was not previously deployed to a policy group that is
deployed to one or more policy servers, then the rule is deployed
automatically to those policy servers.
Figure 43 shows what happens when a policy (P3) is modified and then
its associated groups (PG-1 and PG-3) are redeployed automatically.

Figure 43: Policy Redeployment

Creating a New Policy

Individual policies are created within the Policy Library. When you
create a policy, the Policy wizard steps you through the process of
defining the policy’s attributes. The attributes the Policy wizard
displays depend on your configuraiton and selections.
Navigate through the Policy wizard using the Back, Next, or Cancel
buttons, or by clicking on the desired option in the navigation line at the
bottom left of the window.
The following procedure describes how to create a new policy, using the
following simple policy as an example:
If the media type is audio, then reject the message
To create a new policy:

1 From the navigation pane, select Policy Library. The content tree
displays a list of policy library groups; the initial group is ALL.
2 From the content tree, select the ALL group. The Policy Administration
3 On the Policy Administration page, click Create Policy. The Create New
Policy window opens (Figure 44).
Figure 44: Create New Policy Window
4 Select the starting point for the new policy:

■ Blank — The policy is created from the beginning, without any
pre-defined attributes.
■ Use Template — The policy is created based on a user-defined
template that has one or more partially or completely pre-defined

policy attributes. (see “Creating a Policy Template” on page 123).

This template can be modified as needed.
■ Copy Existing Policy — The policy is created based on the defined
attributes of an existing policy, which are then modified as needed,
with a different name assigned to the policy.
5 Click Next (or Cancel to close the wizard without saving the policy).
The Conditions page opens.
6 Select the desired policy conditions. As a condition is selected, it is
displayed in the Description area located at the bottom of the page; for
example:
Policy conditions are organized into the following categories:

■ Request — Related to specific fields or operations in protocol
messages (requests)
■ Application — Related to the application that is associated with a
request
■ Network Device Identity — Lets you identify specific network
devices that are affected by the policy rule
■ Network Device Usage — Lets you make decisions based on network
device resource usage
■ Mobility — Specific to protocols that deal with users that are mobile
within the network
■ User — Related to the user or account associated with a request
■ Time Of Day — Based on the time at which requests are issued

7 If a policy condition requires further input, it displays red underlined

text. Click the text to open a popup window, from which you can do one
of the following:
■ Select one or more predefined options.
■ Enter a variable value (such as the traffic bit rate or the number of
gates).
When you finish, click OK (or Cancel to discard your changes). The
popup window closes and the input is added to the policy condition.
8 When you finish defining policy conditions, click Next (or Cancel to
close the wizard without saving the policy). The Actions page for this
policy opens.
9 Select the required action that the MPE should execute if the policy
request matches the defined conditions of the policy; for example:

10 When you finish, click Next (or Cancel to close the wizard without
saving the policy). The Policy Name page opens:
11 Assign a unique name (where uniqueness is not case sensitive) to the

new policy.
12 Click Finish to complete the policy generation process and close the
window (or Cancel to close the wizard without saving the policy). The
policy information is saved to the MPE Manager.
After creating the policy, you can do one of the following:

■ Add the policy to a policy group (see “Adding a Policy to a Policy
■ Deploy the policy to one or more of the MPEs (see “Deploying a
Policy/Policy Group to Policy Servers” on page 134).

Creating You can define policy rules that take effect either at or during time
Time-Dependent Policy periods. Time is specified in two ways: as a condition within a policy, or
Rules using a defined time period. In addition, the MPE Manager supports
time-of-day triggers.
Time Conditions Time conditions appear on the Conditions page of the Policy wizard:
Select a condition to add it to the policy rule. Selecting more than one
condition combines them as logical additions (that is, condition and
condition). You can specify the following:
■ Start and end times — For example, where the current time
is between 18:00 and 23:59.
■ Weekdays or weekend days — Weekdays are Monday, Tuesday,
Wednesday, Thursday, and Friday; weekend days are Saturday and
Sunday.
■ Day — You can select a specific day of the week (for example, where
today is Saturday).
■ Time periods — To specify a defined time period, select the
condition where the current time is within the
specified time period. Click on specified and then select
the time period from the pop-up window. You can include or exclude
the time period using the operator is or is not.

Modifying a Policy Policies can be modified and then redeployed to the desired MPEs.
When a policy that resides in multiple policy groups is modified, the
changes are propagated throughout the various groups.
To modify an existing policy:

3 Select the policy and click Modify. The Policy wizard window opens.
4 Edit the desired policy information from one or more of the Policy
wizard pages. See “Creating a New Policy” on page 116 for details on
the fields within the Policy wizard.
5 When you finish, click Finish (or Cancel to discard your changes) to
complete the policy modification procedure and close the wizard.
The modified policy is now ready to be added to a policy group (see

“Adding a Policy to a Policy Group” on page 128), or deployed to one or
more of the MPEs (see “Deploying a Policy/Policy Group to Policy
Servers” on page 134).
Note: Redeployment of this policy is automatically performed to those

MPE devices where the policy was initially deployed.

Deleting a Policy Policies, policies within a policy group, and entire policy groups can be
removed from an MPE device when they are no longer needed. Because
the policy still resides on the MPE Manager, it can be redeployed at a
later date, if needed. If a policy is no longer needed by the network, it
can be deleted from the MPE Manager as well.
Note: Deleting a policy from the MPE Manager automatically removes

the policy from all associated MPE devices.
To delete a policy:
displays a list of policy groups; the initial group is ALL.
page opens in the work area, displaying all defined policies.
3 Use one of the following methods to select the policy to delete:
you want to delete.
■ From the policy group tree, select the policy; the Policy
Administration page opens. Click Delete.
You are prompted: “Are you sure you want to delete this Policy?” Click
OK to delete the policy (or Cancel to cancel the request).
To remove a deployed policy from a policy server, see “Removing a

Policy/Policy Group from a Policy Server” on page 136.

Policy Templates
Policy Templates
The MPE Manager lets you create policy templates to simplify the
creation of multiple policies that have similar conditions and actions. A
policy template is similar to a policy, except that some (or all) of the
parameters in the conditions and actions are not completely defined.
Those parameters are defined later, when you use the policy template
to create policy rules.
The Policy Template wizard is used to create or modify a policy

template. This wizard is similar to the Policy wizard; however, the
Policy Template wizard allows parameters to be only partially defined.
For example, a template may only be configured for policy requests
requiring bandwidth above a certain value, but not define the exact
bandwidth value. You then must specify a specific bandwidth value
when you use the template to create the new policy rule.
Creating a Policy To create a new policy template:

Template
1 From the navigation pane, select Template Library. The content tree
displays the Template Library group.
2 Select the Template Library group. The Template Administration page
3 On the Template Administration page, click Create Template. The
Create New Policy Template window opens (Figure 4).
4 Select the base policy or policy template with which to begin:
■ Blank — No policy template attributes are pre-defined.
■ Use Policy Template — Use an existing template with pre-defined
attributes. Modify the template as needed, then save the template
with a new template name.
■ Copy Existing Policy — Use an existing policy. Modify the policy as
needed, then save the policy as a policy template.
5 Edit the desired policy information from one or more of the Policy
wizard pages. See “Creating a New Policy” on page 116 for details on
the fields within the Policy wizard.
6 When you finish, click Finish to save the policy template and close the
window (or Cancel to discard your changes and close the window).

Figure 45: Create New Policy Template Window

Policy Templates
Modifying a Policy Modifying a policy template does not modify previously configured
Template policies.
To modify an existing policy template:

1 From the navigation pane, select Template Library. The content tree
displays the Template Library group.
2 Select the Template Library group. The Template Administration page
3 On the Template Administration page, click Modify. The Modify Policy
Template window opens (Figure 46).
4 Click Back to retrieve and modify the desired template information.
5 When you finish, click Finish to save the modified template and close
the window (or Cancel to discard your changes and close the window).
Figure 46: Modify Policy Template Window

Deleting a Policy To delete a policy template:

Template
1 From the navigation pane, select Template Library. The Template
policy templates.
2 Use one of the following methods to select the policy template to
delete:
template you want to delete.
■ From the template library, select the template; the Template
Administration page displays the template. Click Delete.
You are prompted: “Are you sure you want to delete this template?”
Click OK to delete the policy template (or Cancel to cancel the
request).

Managing a Policy Group

The MPE Manager lets you create policy groups. Policy groups are an
organizational aid that provide a flexible policy management and
deployment tool. Policies are saved to a group in the order in which the
policy server applies them to a policy request. If needed, the sequential
order in which a group’s policies are applied to policy requests can be
modified. You can save a policy to multiple policy groups and add a
policy to, or remove it from, a policy group at any time.
Creating a Policy Group To create a new policy group:

3 On the Policy Administration page, click Create Group. The group
naming field opens in the work area; for example:
4 Enter the name to assign to the new group, then click Save (or Cancel
to discard your changes). The new group information is saved to the MPE
Manager and displayed in the content tree.

Adding a Policy to a To add one or more policies to a policy group:

Policy Group
3 On the Policy Administration page, click Modify. The Policy
Administration page opens in the work area; for example:
4 Click Add Policy. The available policies are displayed:
5 Select the desired policy to add to this group and click Add (or Cancel
to cancel the request).
Note: Policies are applied to messages in the order in which

they appear in the group. You can change the sequential order
as desired (see “Changing the Sequence of Deployed Policies
or Groups” on page 137).
added policies are displayed in the policy group tree.
Now you can deploy the policy group to the policy servers (see
“Deploying a Policy/Policy Group to Policy Servers” on page 134).
Note: If this group had been deployed previously, it is automatically

redeployed at this time, ensuring the policy servers are synchronized
once again with the MPE Manager.

Removing a Policy from Removing a policy from a policy group that has been saved to the MPE
a Policy Group Manager only removes the policy from that selected policy group. The
policy itself remains in the ALL group, as well as any other group it had
been added to. (To remove a policy from all groups of the Policy Library,
see “Deleting a Policy” on page 122.)
To remove a policy from a policy group:

2 From the content tree, select the desired policy group. The Policy
3 Remove the desired policy using one of the following methods:
■ From the content tree, select the desired policy group and the
desired policy within the group. Its profile information is displayed.
Click Remove.
■ From the content tree, select the desired policy group and the
desired policy within the group. Its profile information is displayed.
Click Modify.
Select the Scissors icon located next to the policy you want to
remove.

After a policy is removed from a policy group, the modified group is

ready to be deployed to the policy servers (see “Deploying a
Policy/Policy Group to Policy Servers” on page 134).
Note: This modified policy group is redeployed at this time, ensuring

the policy servers are synchronized once again with the MPE Manager.

Changing the Sequence Policies are applied to policy requests in the order in which they are
of Policies within a deployed to a policy server. The sequential ordering of policies, both
Policy Group inside and outside of a policy group, can be modified. For procedures on
this operation, see “Changing the Sequence of Deployed Policies or
Groups” on page 137.
When policies are applied to a message, the sequential order in which

they appear in the group is the order in which they are applied.
To change the order of the policies within a group:

Administration page opens in the work area (with policies in their
current sequential order).
3 On the Policy Administration page, click Modify. The Manage Policies
page opens (Figure 47).
4 Use the up and down arrow icons to change the sequential positioning of
a policy within the group.
modified group is ready to be deployed to the policy servers (see
“Deploying a Policy/Policy Group to Policy Servers” on page 134).
Note: This modified group is redeployed at this time, ensuring that the
policy servers are synchronized once again with the MPE Manager.

Figure 47: Manage Policies Page

Displaying Policy Details To display the policies within a policy group:

Contained Within a
Policy Group
3 Click Show Details. The configured policies, including the configured
parameters for the policies are displayed. Figure 48 shows an example.
Figure 48: Policy Group Details

Deploying a Policy/Policy The basic procedure for deploying either a policy or a policy group is the
Group to Policy Servers same. The following procedure uses the example of deploying a policy
group:
2 From the content tree, select the policy group to deploy. The Policy
3 On the Policy Administration page, click Deploy. The policy server tree
is displayed, listing all possible target policy servers and server groups
(you can expand the tree view if necessary).
4 Select the desired target policy servers or server groups.
5 Click Deploy (or Cancel to cancel the request). The policy information
is saved to each selected policy server. A message indicating that the
deployment process was successful is displayed.

Removing a Policy from Removing a policy from within a policy group that was deployed to a
a Policy Group on a policy server is a function of the Policy Library. The policy group is
Policy Server modified on the MPE Manager, then redeployed. (To remove the entire
policy group from a policy server, see “Removing a Policy/Policy Group
from a Policy Server” on page 136.)
To remove a policy from a policy group and then redeploy the group:
3 Remove the desired policy using one of the following methods:
■ From the Policy Library tree, select the policy. The Policy
Administration page displays the profile information. Click Remove.
■ On the Policy Administration page, click Modify and then select the
Scissors icon located next to the policy you want to remove.

Removing a Policy/Policy Removing a deployed policy or policy group from a policy server is
Group from a Policy performed using the Policy Server function of the MPE Manager.
Server
To remove a policy/policy group from a policy server:
2 From the content tree, select the policy or group to remove. The Policy
3 On the Policy Server Administration page, select the Policies tab.
4 Click Modify. The Manage Policies page opens (Figure 49).
5 Select the Scissors icon located next to the policy or policy group that
you want to remove.
policy or policy group is redeployed to the policy server, minus the
removed policy or policy group.

Changing the Sequence Changing the sequential order of deployed policies or policy groups is
of Deployed Policies or performed directly on a policy server using the Policy Server function.
Groups
To change the sequential order:
2 From the content tree, select the policy to reorder. The Policy Server
3 On the Policy Server Administration page, select the Policies tab.
4 Click Modify. The Manage Policies page opens in the work area.
Figure 50 shows an example.
5 Use the Up and Down arrow icons to change the sequential positioning
of the policies and policy groups.
policies and policy groups are redeployed to the policy server in their
new sequential order. A confirmation message displays in the work area.

Importing and Exporting Policies, Policy Groups, and Templates

Policies, policy groups, and templates can be exported from the MPE
Manager for backup purposes. These items are exported as a whole and
cannot be exported individually, as every policy, policy group, and
policy template that resides on the MPE Manager is saved to a single file
when performing the export function.
For information only, exported policies are marked with policy version
numbers as well as the version number of the MPE Manager software
under which they were created. This does not affect importation of
policies created under different versions of the MPE Manager.
Importing Policies To import a policy file to the MPE Manager:

1 From the navigation pane, select Policy Import. The Import/Export
page opens (Figure 51).
2 On the Import/Export page, click Browse to locate the policy file to
import.
3 Select the desired collision handling option:
■ Delete all before importing — All policies, policy groups, and
templates currently on the MPE Manager are deleted first, then the
imported versions are saved to the policy server.
■ Overwrite with imported version — All items are imported. If the
MPE Manager currently contains any policies, policy groups, or
templates using the same names as the ones being imported, they
are overwritten with the imported versions.
■ Reject any that already exist — All items are imported except for
imported versions with the same name as any Policy, policy group, or
Template currently on the MPE Manager.
■ Any collisions prevent all importing — No items are imported if any
of the imported versions has the same name as any policy, policy
group, or template currently on the MPE Manager.
4 Click Import.
If you try to import an invalid file you are prompted with a validation
error: “You must correct the following error(s) before proceeding: There
is a problem with the import file. The name is required, the file must be
present, and the file must be in the correct format.”

Importing and Exporting Policies, Policy Groups, and Templates
Figure 51: Import/Export Page

Exporting Policies To export the policies that reside on the MPE Manager:
1 From the navigation pane, select Policy Import. The Import/Export
page opens.
2 On the Import/Export page, click Export. The File Download window

opens:
3 Click Save (or Cancel to close the window and cancel the request). The
Save As window opens.
4 Assign a name to the policy file (the default is PolicyExport.xml), use
the browse function to map to the desired drive location, then click
Save. The Download Complete window opens, indicating the policies
were successfully exported.
5 Select Close to close the Download Complete window.
The Policy Log
The Policy Log

The Policy Log is used primarily by support personnel for debugging
purposes. To view the Policy Log:
3 On the Policy Server Administration page, select the Logs tab.
4 Click the Policy Log link. The Policy Log file is displayed. Figure 52
shows an example.
5 Optionally, select one of the following function buttons:
■ Refresh — Stops or restarts automatic refreshing of displayed
information.
■ Cancel — Ignores any changes made and closes the report page.
Figure 52: Policy Log

10
MANAGING NETWORK TOPOLOGY
This chapter describes how to manage the MPE network topology and
monitor network elements. This chapter discusses the following topics:
■ The Network Topology Map
■ Network Path Management

CHAPTER 10: MANAGING NETWORK TOPOLOGY
The Network Topology Map

The network topology map allows you to do the following:
■ Graphically view network elements
■ View and monitor bandwidth and sessions for the network elements
■ Visualize the MPE to network element connectivity
Note: In Cable mode, you can view network elements, access all
topology layouts, and monitor alerts; you cannot show statistics on a
node. In SPC mode, you can access all network topology options.
Network Element The network topology map uses the following icons for components:
Components
Indicates an MPE device.
Indicates that an upper-level group exists. Double click to move up

a level.
Indicates a sub-group.
Represents a network element (the icons that display depend upon

your network element configuration).
Allows you to view an alert.
Allows you to add a note to an alert.
Allows you to resolve an alert.

Viewing the Map To view the current network topology:

1 From the navigation pane, select Topology. The Network Topology page
opens. Figure 53 shows an example.
Note: If this is the first time you have viewed the Network
Topology, click within the map to activate the view. You are
presented with a stacked display of the network elements.
Figure 53: Network Topology Map — Initial View
2 You have a number of viewing options:

■ To arrange icons on the map manually, drag and drop them as
desired.
■ To view a sub-network, double-click the desired element; for
example:

Note: It can take several double clicks to drill down into a

network element group that contains many (100 or more)
network elements.
■ To view the network element name, place the cursor over the
desired network element; for example:
■ To display node statistics, right-click on the desired network element

and select Show Statistics on Node:
3 When you finish, right-click and select Layout > Save Layout. The
layout is saved. If the configuration is not saved, the map reverts back
to its last saved configuration the next time you open it.
To arrange the map automatically, see “Laying Out the Map

Automatically” on page 147.

Laying Out the Map You can arrange icons by dragging them around the map. You can also
Automatically automatically organize the map by network element layout or network
topology. To lay out the map automatically:
1 From the navigation pane, select Topology. The Network Topology page
opens.
2 Right-click, and from the pop-up menu that opens select Layout.
3 Select a layout format:
■ Layout > Random
■ Layout > Circular
■ Layout > Tree (right-click on desired component that is the root of

the tree)
4 When you finish, right-click and select Layout > Save Layout. The
layout is saved. If the configuration is not saved, the map reverts back
to its last saved configuration the next time you open it.

Figure 54: Topology Map Automatic Layout Options

Viewing Alerts The Network Topology Map contains the network alerts that are issued
when your topology nears or exceeds the maximum bandwidth limits
set. Figure 55 shows an example.
To modify the filtering used on network alerts:

1 Select the Start and End Date/Time by clicking on the calendar next to
each.
2 Select a Severity filter level, indicating the severity of messages to
filter the view on:
■ All — Displays all alert levels.
■ Emergency — Displays only those events causing the system to be
unusable.
■ Alert — Action must be taken immediately in order to prevent an
unusable system.
■ Critical — Provides events causing service impact to operations.
■ Error — Displays events describing any internal, non-service
impacting, or error.
■ Warning (default) — Displays messages that if left unattended can
cause service impact.
■ Notice — Provides messages that may be of interest that occur
during normal operation.
■ Info — Informational messages that occur during normal operation.
This option slows down MPE performance.
■ Debug — Used by Customer Support.
CAUTION: Consider the implications of changing the default

alert level. Lowering the alert level setting from its default
value (for example, from “Warning” to “Info”) causes more
events to be displayed and can adversely affect performance.
On the other hand, raising the alert level setting (for
example, from “Warning” to “Alert”) can cause you to miss
important alerts.
3 Select the Source (IP address) for the alert.

4 Select the state (Active or Resolved) for the alert.
5 After you have entered the filtering information, click Filter to refresh
the Network Alert display.

Figure 55: Network Alerts
Table 2 describes the fields contained in an alert.

Table 2: Network Alert Viewer Fields
Field Description
Date/Time Indicates the time the alert was received.
Severity Indicates the severity of the alert.
Text The user readable text of the alert.
Count The number of times this alert was received (and
duplicated).
First Occurrence The time this alert was first received.
Source The IP address/FQDN of the device this alert came from.
From within the Alert Viewer you can view further details, comment on,
and resolve alerts.

Viewing Alert Details Network-based alerts can be viewed in the topology map through a
warning signal displayed next to the icon for a network element, and an
animation highlighting a path through the network.
1 From the navigation pane, select Alerts. The Alert Viewer window
opens.
2 Click on the binoculars icon to the right of the alert. The warning
symbol and animated path, highlighted, are displayed:
Adding a Comment to an To add a comment to an alert:

Alert
opens.
2 Click on the Wordpad icon to the right of the alert. The Comments page
opens.
3 Enter the desired comment and then click Submit (or Cancel to close
the window and discard your changes).
Resolving an Alert To resolve an alert:
opens.
2 Click on the checkmark icon (to the right of the alert). You are
prompted, “Are you sure you want to resolve this Alert?”
3 Click OK to resolve the alert (or Cancel to leave the alert unchanged).

Network Path Management

To optimize traffic flow, you can define the paths traffic takes between
network elements (see Chapter 4) as a series of hops. You can create,
modify, or delete a path.
Creating a Path To create a path:

1 From the navigation pane, select Paths. The Path Administration
window opens.
2 Click Create Path. The New Path Configuration page opens:
3 Define the following:

■ Name — Name of the network path.
■ Description/Location (optional) — Description of the path. Enter up
to 250 characters.
■ Hops — Click Manage; the Select From Available Interfaces window
opens, listing the network elements defined within this MPE Manager
system:

Network Path Management
❏ Select from the list of available network elements. To search for

specific elements, type a search string in the Search Pattern
field. You can use an asterisk (*) as a wildcard character
representing any string, or a question mark (?) as a wildcard
character representing any single character. Searches are case
insensitive. Click Filter to search.
❏ Once you have selected a network element, click Add to add it to
the list of hops within the network path. (You can only add an
element to the path once.) The order is significant; to move an
element within the list, select it and click Up or Down.
❏ To remove a network element from the path, select it and click
Remove.
❏ When you finish defining the path, click OK (or Cancel to discard
your changes).The Select From Available Interfaces window
closes.
path is saved.

Modifying a Path To modify a path:

window opens.
2 Select the path to modify. Path details are displayed.
3 Click Modify. The Modify Path page opens:
4 Modify configuration information as necessary.

message “Path updated successfully” is displayed.
Deleting a Path To delete a path:

window opens:
2 Click the trash can icon next to the path you want to delete. You are
prompted: “Are you sure you want to delete this Path?”
3 Click OK (or Cancel to close the window and cancel the request). The
path is deleted.

11
MANAGING USER LICENSES
This chapter describes how to configure and track user licenses within
the MPE Manager.
Note: By default, only admin users can access the licensing feature (see
“Configuring System Settings” on page 166). Also, licenses are assigned
in increments of 1000 (refer to “Assigning Licenses to a Policy Server”
on page 159).

■ Displaying Installed Licenses
■ Installing a License
■ Tracking Licenses
The licensing feature takes into account which applications are covered
by the licenses, gates that have run too long, and the conversion from
gates to sessions. This task also determines daily, weekly, and quarterly
maximums. When the task determines a weekly maximum, it also
calculates an interim quarterly maximum, as if it were the last week in
the quarter. If the policy server has exceeded the defined license limit,
an alert is issued through the alert tracking subsystem.

CHAPTER 11: MANAGING USER LICENSES
Displaying Installed Licenses

To display installed licenses, from the navigation pane select
Configuration. The License Administration page opens in the work area,
listing all configured licenses. Figure 56 shows an example.
Figure 56: License Administration Page
The following information displays on this page:

■ Serial Number — The License Serial Number assigned by Camiant.
■ Sessions — The maximum allowed number of sessions, as defined for
this license.
■ Unassigned/Assigned — Displays if this license is associated with an
MPE device.

Displaying Installed Licenses
Displaying Individual There are two ways in which you can display individual licenses:
Licenses ■ Clicking on the license within the Content Tree.
■ Clicking on the license within the License Administration section.
Figure 57 shows a sample license.
Figure 57: Sample License
Within this page, the configuration and policy server association is

displayed. Note that the Configuration values contained within this page
are pre-defined by Camiant and the customer and cannot be modified
within the MPE Manager.

Installing a License
You must obtain a license from Camiant before you can install one on
the MPE Manager.
To install a license:
1 From the navigation pane, select Configuration (under License). The
License Administration page opens in the work area.
2 From the content tree, select the Licenses group.
3 On the License Administration page, click Install License. The Install
License page opens (Figure 58).
4 Enter the following information exactly as defined in the Camiant
license:
■ Serial Number — The serial number assigned by Camiant.
■ Customer Name — The customer name.
■ Sessions — The number of bundled licenses.
■ Date Issued — The date that the licenses become available.
■ Key — The generated key provided.
Figure 58: Install License Page

Installing a License
Assigning Licenses to a Once a license is assigned to a policy server, the license cannot be
Policy Server removed. A license may be reallocated once an MPE device is deleted
from the MPE Manager.
If a license is not assigned to a policy server, or if additional licenses

exist, the quantity remaining displays as unassigned within the License
Administration page. Figure 59 shows an example.
Figure 59: Display of Unassigned Licenses
In this example, the license with the serial number UNV-5788185 has
3000 licenses allocated, but only 1000 are assigned to a policy server.
The other 2000 licenses are unassigned.
To assign licenses to a policy server:

1 From the navigation pane, select Configuration (under License). The
License Administration page opens in the work area.
2 From the content tree, select the Licenses group. License information
is displayed.
3 Select the license within either the content tree or the work area. The
configured license information is displayed, including the number of
assigned licenses, and to which policy server the licenses are assigned;
for example:

4 Click Assign. The Assign License page opens with a drop-down menu of
available policy servers.
5 Select the desired policy server from the list.

6 When you finish, click Assign (or Cancel to discard your changes). The
bundle of licenses is committed to the policy server.

Tracking Licenses
Tracking Licenses
Tracked licenses within the MPE are displayed in the following reports:
■ License Tracking Summary Report — displays license information for
all policy servers.
■ License Tracking Detail Report — displays license information for a
specific policy server for a specific quarter.
Viewing the License The License Tracking Summary Report displays the policy servers that
Tracking Summary are using the Camiant Licensing feature. These policy servers are
Report displayed, one per line and sorted according to the policy server name.
Note: This report also displays the deleted policy servers.
To view the License Tracking Summary Report, from the navigation

pane, select Tracking Report. The License Tracking Summary Report
opens in the work area. Figure 60 shows an example.
The report contains the following fields:

■ Policy Server Name — The name of the policy server using the
licensing feature. This name is also used to link the License Tracking
Summary Report to the License Tracking Detail Report.
■ Licensed Sessions — The total number of licensed sessions allocated
to the designated policy server.
■ Current Peak Sessions — The maximum number of current sessions
at any one given time for the current quarter.
■ Maximum Prior Quarter — The maximum quarterly average peak for
the prior quarter.
If an MPE exceeds its licensed sessions, its row displays red text.

Figure 60: License Tracking Summary Report

Tracking Licenses
Viewing the License When you select a specific policy server within the License Tracking
Tracking Detail Report Summary Report, the License Tracking Detail Report displays for the
selected policy server.
The License Tracking Detail Report displays one line for each day in the
selected quarter. For each week, there is a section break, with a line for
the week. The breaks exist for all weeks but the weekly summary lines
exist only for weeks that fall entirely within the quarter. At the bottom
of the report, the quarter's average weekly peak opens.
This report displays data for the current quarter but can be used to view
previous and next quarters, depending on the data being displayed.
To view the License Tracking Detail Report:

1 From the navigation pane, select Tracking Report. The License Tracking
Summary Report page opens in the work area.
2 On the License Tracking Summary Report page, select a policy server.
The License Tracking Detail Report page opens. Figure 61 shows an
example.
3 To view reports for a different quarter, use one of the following buttons:
■ Next Quarter — Displays the License Tracking Detail Report for the
next quarter. This action is inactive if the report currently displayed
is the current quarter.
■ Previous Quarter — Displays License Tracking Detail Report for the
previous quarter. This action is inactive if the report currently
displayed is the first quarter for which there is data.
4 When you finish, click Cancel. The License Tracking Detail Report page
closes and returns you back to the License Tracking Summary Report
page.

Figure 61: License Tracking Detail Report Page
The following provides descriptions for the information contained within

the License Tracking Detail Report:
■ Date — The start date for the recorded line.

■ Peak Time — The time the peak value was reached.
■ Peak Sessions — The peak number of sessions. This value is a daily or
weekly maximum, depending on the time frame represented by the
line.
■ Licensed Sessions — The total number of licensed sessions allocated
to this policy server.
If a line is over the allotted session limit, the text displays in red.
In addition to the lines for the daily peaks, this report displays
information when data was missing in the data collection process. If
there is missing data for a day, the report displays a line containing the
following data:
■ Start time of data gap
■ End time of data gap

12
SYSTEM ADMINISTRATION
This chapter describes functions reserved for MPE Manager system

administrators. These functions are listed as options under the System
Administration section of the navigation pane.
Some options are visible only when you are logged in with
administrative rights to the MPE Manager. However, the Change
Password option is available to all user privilege levels (viewer,
operator, and administrator).

■ Configuring System Settings
■ Using Import/Export
■ Viewing Cluster Reports
■ Using the Event Log
■ Configuring and Viewing Audit Logs
■ Viewing the Alert Log
■ Managing Scheduled Tasks
■ User Management

CHAPTER 12: SYSTEM ADMINISTRATION
Configuring System Settings

Within the MPE Manager you can define the settings that control session
timeout, account inactivity duration, invalid login actions, and the alert
destination.
To define system settings:

1 From the navigation pane, select System Settings. The System Settings
2 On the System Settings page, click Modify. The System Settings page
opens. Figure 62 shows an example.
3 Define the following configuration settings:
■ Idle Timeout (minutes; 0=never) — Defines the interval of time, in
minutes, that a Web session is kept alive. The default value is 30
minutes; a value of zero indicates the session remains active
indefinitely.
■ Account Inactivity Lockout (days; 0=never) — Defines the
maximum number of days between successful logins after which a
user is locked out. If the user fails to log in for the defined number of
days, the user is locked out and cannot gain access to the system
until the Systems Administrator restores user privileges. The default
value is 21 days; a value of zero indicates no limit.
■ Maximum Concurrent Sessions Per User Account (0=unlimited) —
The maximum number of times a defined user can be logged in
simultaneously. A value of zero indicates no limit.
■ Alert Destination — The hostname or IP address of the target where
all alerts should be sent from for the various servers in the network.
Normally, this is the address of the MPE Manager.
4 Define the following invalid login threshold settings:
■ Enable — Enables login threshold control. By default, this feature is
enabled; clear the check box to disable this feature.
■ Threshold Value (number of failed logins) — Defines the maximum
number of consecutive failed logins after which action is taken.
Enter a value from 1 through 500; the default is 3 attempts.
■ Action(s) on Threshold — The system action to take if a user reaches
the invalid login threshold. By default, upon reaching the threshold,
a “warning” level event is written to the event log, including the
username submitted and the IP address from which the login
attempts were made. To change the event level, select a different
level from the list.
Select “Lock User” to prevent the user from logging in after reaching
the invalid login threshold.

Configuring System Settings
Figure 62: System Settings Page

Using Import/Export
“Importing an XML File to Input Network Elements” on page 74
describes the import/export process in detail.

Viewing MPE Manager Cluster Reports

The MPE Manager includes a hierarchical set of reports that monitor the
status of the MPE Manager cluster. To view cluster reports, from the
navigation pane, select Reports. The Manager Reports page opens.
At the top of each report page is the following:

■ Mode — The Mode field displays a summary of the current type of
information that is in the report.
■ Buttons — The buttons allow you to navigate between reports or to
control the information displayed within the report. The set of
buttons differs from one report page to the next. The following list
describes the buttons that are available across all of the report
pages:
Note: The buttons displayed within these pages vary

depending on your configuration.
❏ Show Absolute or Show Deltas — This button allows you to switch

between absolute mode (which displays the statistics since the
last reset) or “delta mode” (which displays changes in the
statistics during the last 10 second refresh period).
❏ Reset All Counters — This button allows you to reset the
statistics for the current report page back to initial values
(usually 0 for most statistics).
❏ Rediscover Cluster — Rediscovers the cluster, deleting any failed
blades which have been removed from service.
❏ Pause or Resume — Stops or restarts automatic refreshing of
displayed information. The refresh period is 10 seconds.
❏ Cancel — Closes the report page and returns to the parent report
page.
The fields that are displayed in the Cluster Information section include:
■ Status — The status of the blades. The possible status values are:
❏ On-line — All blades in the cluster are operational.
❏ Degraded — One blade has failed, but that the cluster continues
to function with its remaining blade.
Note: If a blade is labeled Degraded, but the blade detail

does not show any failed or disconnected equipment, the
blade is performing a database synchronization operation.
Note that until the database synchronization is finished, the
relevant blade cannot perform as a master blade.
❏ Failed — A blade is no longer functioning properly.

❏ Non-service Affecting Failure — Indicates that one or more
blades is in a Degraded state where an interface is disconnected
(see previous note).

Figure 63: Manager Reports Page
■ Failures — The number of times the primary blade has failed.

■ Uptime — The total uptime for the cluster.
Also within the Cluster Information Report is a listing of all the blades
contained within the cluster, including the following blade-specific
information:
■ Overall — Displays the current status, number of failures, and the
total uptime for the blade.
■ Utilization — Displays the blade CPU, Memory, and Disk utilization as
percentages.
■ Service LED — This button activates an LED on the blade, which
allows for identification of the physical blade in the chassis of the
cluster.

Blade Information Report Within the Blades section of the Manager Reports page, you can select
the blade identifier (MAC address) for any blade in the Blades table.
This displays the Blade Information Report page, showing detailed
information about that blade's physical and logical interfaces. Figure 64
shows an example.
Figure 64: Blade Information Report

Viewing the Event Log

The Event Log displays events generated by the MPE Manager.
To view the event log:

1 From the navigation pane, select Event Log. The Event Log page opens.
2 On the Event Log page, click View Event Log. The Event Log Viewer
window opens, displaying the most recent log entries. While data is
being retrieved, an in-progress message appears. Figure 65 shows an
example.
Events contain the following information:

■ Date/Time — Time when the event occurred, relative to the server
time.
■ Module — Name of the module reporting the event.
■ Code — The event code.
Click the link to see additional detail in the frame below.
3 You can filter the events that appear using the following:
■ Start Date/Time — Click the calendar icon to open the calendar and
clock, select the desired starting date and time, and click Enter.
■ Event Log Timeline — If you have configured multiple log files, the
Event Log Timeline lets you select a log file. Click on a segment to
start the search within the log file represented by that segment.
■ Modules — Filter by originating module (such as HA, Scheduled Tasks,
or Manager).
■ Severity — Filter by severity level. Events with the selected severity
and higher are displayed. For example, if the severity selected is
Warning, the event log displays events with the severity levels
Warning, Error, Critical, Alert, and Emergency.
■ Contains — Type a text string to search for. For example, if you type
“connection,” all events containing the word “connection” are
displayed.
When you finish, click Refresh.
4 Events that occur after the Event Log Viewer starts are not visible until
you refresh the display. To see the most recent log entries:
■ Refresh — Starts a search. Filter settings are applied when Refresh
is clicked.
■ Refresh Default — Cancels filtering criteria. Refreshes the display to
its original default values (display the most recent log entries).
■ Next/Prev — Navigate through the event log entries. When the Next
button disappears, you are viewing the most recent events.
■ Close — Closes the event log viewer.

Viewing the Event Log
Figure 65: Event Log Viewer
Modifying the Event Log To configure the event log display:

Configuration
1 From the navigation pane, select Event Log. The log file manager page
2 On the log file manager page, click Modify. The Modify Event Log
Settings page opens.
3 Define the settings. For a description of the settings, see “The Event
Log” on page 48.

Viewing the Audit Log

The MPE Manager lets you track and view the configuration changes
within the system. Using the audit log, you can track and monitor each
configuration event, affording you better system control.
To display the audit log:

1 From the navigation pane, select Audit Log. The Audit Log page opens
in the work area.
2 On the Audit Log page, click Show All. The Audit Log opens. Figure 66
shows an example.
Figure 66: Audit Log
For a detailed description of an item, click the underlined description.

The details of the event display. Figure 67 shows an example.
To filter search results, click Refine Search. (See “Defining Audit Log
Search Parameters” on page 176.)

Figure 67: Audit Log Details

Defining Audit Log To define the search parameters used for the Audit Log:
Search Parameters
in the work area.
2 On the Audit Log page, click Search. The Audit Log Search Restrictions
Page opens (Figure 68):
Figure 68: Audit Log Search Restrictions Page
3 Define the following items, depending on how restrictive you desire the
audit log search to be:
■ From/To — Specifies the start and end dates for this search.
■ Action by User Name(s) — Specifies the name of the user or users to
audit.
■ Action on Policy Server(s) — Specifies the name of the policy servers
to audit.
■ Audit Log Items to Show — Specifies an item to audit for display:
Policy Server, Network Element, Network Element Group, Network
Element Link, Application, Policy, Policy Group, Account, Tier, Path,
Entitlement, License, User, Audit, and OM Statistics. You can specify
three items; click More Lines to add an additional item.
■ Results Forms — Specifies the number of items per page to display,
along with which data to display (most recent or oldest items).
4 When you finish, click Search. The Audit Log displays search results.

Exporting or Purging You can export the audit log to a text file; the default filename is
Audit Log Data AuditLogExport.txt.
Exporting data To export data from the audit logs:
in the work area.
2 On the Audit Log page, click Export/Purge. The Export and Purge Audit
Log Items page opens (Figure 69).
3 In the Items to Export section, select one of the following options:
■ Export All Items — Writes all audit log entries.
■ Export Through Date — Enter a date in the format mm/dd/yyyy, or
click the Calendar icon to select a date from the pop-up window.
4 When you finish, click Export. A standard File Download window opens;
you can open or save the export file.
Figure 69: Export and Purge Audit Log Items Page
Purging data To purge data from the audit logs:
in the work area.
2 On the Audit Log page, click Export/Purge. The Export and Purge Audit
Log Items page opens
3 In the Items to Purge section, enter a date in the format mm/dd/yyyy,
or click the Calendar icon to select a date from the pop-up window.
4 When you finish, click Purge. You are prompted: “Click ‘OK’ to purge all
audit log items through: mm/dd/yyyy.”
5 Click OK (or Cancel to cancel the request). The data is purged from the
audit log.

Viewing the Alert Log

The MPE Manager is a central management point for alerts generated
asynchronously by the various servers within the Camiant system.
To view the alert log file, from the navigation pane, select Alerts. The
Alert Viewer window opens. Figure 70 shows an example.
You can define filtering criteria using the following fields:

■ Start Date — Filter out alerts before a specific date/time. Click the
calendar icon to specify a date/time.
■ End Date — Filter out alerts after a specific date/time. Click the
calendar icon to specify a date/time.
■ Severity — Filter alerts by severity level; select a level (the default
is All) from the drop-down list.
■ Source — Enter the IP address or FQDN of the device whose alerts
you want to view.
■ State — Select Active or Resolved.
After entering filtering information, click one of the following buttons:

■ Filter — Refreshes the Alert Viewer display with the filtering applied.
■ Resolve — Resolves (removes) all displayed alerts. You are
prompted: “Are you sure you want to resolve all filtered Alerts?”
Click OK or Cancel.
■ Close — Closes the Alert Viewer window.
Alert fields Alerts contain the following information:
■ Date/Time — The most recent time this alert was triggered.

■ Severity — The severity of the alert:
❏ Emergency — The system is unusable.
❏ Alert — Take action immediately to prevent an unusable system.
❏ Critical — Service impact to operations.
❏ Error — Internal, non-service impacting error.
❏ Warning — Can cause a service impact.
❏ Notice — Messages of significant interest occuring during normal
operation.
❏ Debug — Used by Customer Support.
■ Text — User-readable text of the alert.
■ Count — Number of times this alert was received (and duplicated).
■ First Occurrence — The first time this alert was triggered.
■ Source — IP address/FQDN of the device from which this alert was
generated.

Viewing the Alert Log
Figure 70: Alert Viewer Window
Alert details To view details for an alert, click the binoculars icon to the right of the
alert. A window opens displaying additional information; for example:
Annotation To add a comment to an alert, click the Wordpad icon to the right of the
alert. The Add Comment window opens:
Enter your comment and click Submit.
Resolving an alert To resolve an alert, click the check-mark icon to the right of the alert.
You are prompted: “Are you sure you want to resolve this Alert?” Click
OK to resolve (remove) the alert or Cancel to leave the alert
unchanged.

Managing Scheduled Tasks

The tasks in this section are scheduled to run at regular intervals, with
some tasks scheduled to run after others. With this in mind, you can
change the scheduling of these tasks to better manage network load or
to propagate a network element change to the policy servers on
demand. However, Camiant strongly recommends that you perform
these tasks in the order in which they are listed or serious system
problems can occur. Consult Camiant Product Support before changing
any task’s order.
The tasks include:

■ Alert Aging — Ensures that alerts age out and are eventually
removed from the MPE Manager. (The valid range is 1 to 365 days.)
■ Health Checker — Periodically checks the policy servers to ensure
that they are online.
■ OM Statistics — Periodically retrieves Operational Measurement (OM)
statistics from all policy servers.
The Operational Measurements XML interface retrieves operational
counters from the system. The OM interface requires that the OM
Statistics scheduled task is running on the MPE Manager. This task
collects the operational counters from the MPEs in the network and
records them in the MPE Manager's database; the data is then
available for query via the OM XML interface. You can configure the
task to poll at intervals between 5 minutes and 24 hours, with a
default value of 15 minutes; the system keeps the data available for
query for 1 to 30 days, with a default value of 7 days. The
recommended settings for this task vary depending on the volume of
data you are collecting.
When you request OM statistics, the data for the response is taken
from the information that has been collected by this task. You must
gather data via the OM Statistics scheduled task if you want data
available for subsequent OM queries.
Most values returned as part of the response are presented as the
positive change between the start time and end time. In order to
calculate a response, you must have a minimum of two recorded
values available; thus you must run the OM Statistics task at least
twice in a given time period in order to provide any data through the
OM XML interface. The OSSI XML Interface Definition document
describes the OM Interface and the OM Statistics in detail.
■ OSSI Distributor (optional) — Reads from the database topology and
subscriber data that has entered the MPE Manager via the OSSI
Interface, and distributes the data to the MA servers.
■ Subnet SNMP Collector — Collects all subnet information residing on
the CMTSs by polling, via SNMP, all CMTSs for all subnets and then
stores them in the local database.
■ Service Class SNMP Collector — Polls, via SNMP, all CMTSs for the
configured service classes and then stores them in the local
database.

■ Subscriber SNMP Collector — Polls, via SNMP, all CMTSs for the
configured subscribers and then stores them in the local database.
■ CMTS Distributor — Reads CMTS topology data from the MPE Manager
local database and then distributes it to the appropriate policy
servers within the system.
■ Subscriber Distributor — Reads subscriber data from the MPE
Manager local database and then distributes it to the appropriate
policy servers within the system.
■ CMTS MA Collector (optional) — Polls all of the MAs in the system for
subnet and service class data on each CMTS.
■ PCMM Routing Distribution — Detects changes in the CMTS subnet
information, and then forwards this information to any upstream
policy servers configured in a routing hierarchy.

Configuring a Scheduled To configure an individual task:

Task
1 From the navigation pane, select Scheduled Tasks. The Scheduled Task
Administration page opens in the work area. Figure 71 shows an
example.
2 To display details about a task, click on its name; the current settings
and status are displayed:
3 The options for this task are:

■ Reschedule — Click to reschedule the time that this task is
performed on the MPE:
❏ Schedule by Interval (Next Run Time or Run Interval) — Defines

the run interval for the task to follow. Valid run intervals are from
0 to 24 hours in 5-minute increments.
❏ Following another Task — Defines the run time as following the
completion of another scheduled task; e.g., in the page above,
you can see that Service Class SNMP runs after the Subnet SNMP
Collector completes its run and Subscriber SNMP Collector runs
after Service Class SNMP Collector completes its run.
■ Settings — Number of days to keep date; the default is seven days.

Figure 71: Scheduled Task Administration Page
■ Run Now — Runs the process immediately. You are prompted: “Click
‘OK’ to run this task now.” Click OK (or Cancel to cancel the
request).
■ Disable or Enable — Disables or enables this process. If you click
Disable, you are prompted: “Click ‘OK’ to disable this task.” Click
OK (or Cancel to cancel the request); the task is disabled, and the
button changes to Enable.
■ Refresh — Refreshes the page.
■ Cancel — Returns to the previous page.

User Management
The MPE Manager lets you configure the following user attributes:
■ Roles — What a user can do within the MPE Manager.
■ Scopes — Network element groups and policy server groups that
provide a context for a role.
■ User Profiles — Once you define roles and scopes, you can apply
them to user profiles.
Configuring Roles Assigning roles to the various users that access the MPE Manager lets you
control who can configure and access what within the MPE Manager. The
default roles are:
■ Viewer — Permits read-only access to functions associated with
policy server management and configuration. Access is also
permitted to limited system administration functions, such as
Change Password.
■ Operator — Permits full read/write access to all functions associated
with policy server management and configuration. Access is also
permitted to all system administration functions except user
administration.
■ Administrator — Permits full read/write access to all functions. You
cannot delete the Administrator role.
Creating a New Role To configure a new role:

1 From the navigation pane, select User Management. The content tree
displays the User Management group.
2 From the content tree, select the Roles group. The Role Administration
page opens in the work area, displaying existing roles.
3 On the Role Administration page, click Create Role. The New Role page
opens (Figure 72).
■ Name — The desired name for the new role.
■ Description/Location (optional) — The information pertaining to the
role that would help identify it within the MPE Manager.
■ Policy Server Privileges — Defines access to the following policy
server management functions, assigning each the privilege Hide,
Read-Only, or Read-Write:
❏ Configuration
❏ Network Element
❏ Application
❏ Subscriber Tier
❏ Traffic Profiles
❏ Record Keeping Server and Event Messaging
❏ License Management

User Management
Figure 72: New Role Page
■ Policy Management Privileges — Defines access to policy

management functions:
❏ Policy Library (with the privileges Hide, Read-Only, Read and
Deploy, or Read, Deploy, and Write)
❏ Template Library (with the privileges Hide, Read-Only, or Read
and Write)
■ System Administration Privileges — Define access to system
administration functions:
❏ XML Import/Export (with the privileges Hide or Show)
❏ Operational Measurements (with the privileges Hide or
Read-Only)
❏ User Management (with the privileges Hide, Read-Only, or
Read-Write)
❏ Scheduled Tasks (with the privileges Hide or Read-Write)
❏ Event Log, Audit Log, & Alerts (with the privileges Hide,
Read-Only, or Read-Write)

Modifying a Role To modify a role:

page opens in the work area, displaying existing roles.
3 Select the role to modify. The Role page opens.
4 On the Role page, click Modify. The Modify Role page opens. Figure 73
shows an example.
5 Modify role information as necessary. See “Creating a New Role” on
page 184 for a description of the fields contained within this page.
Figure 73: Modify Role Page

User Management
Deleting a Role
Note: You cannot delete a role that is in use.
To delete a role:
page opens in the work area, displaying existing roles. Figure 74 shows
an example.
3 Delete the role using one of the following methods:
■ From the work area, click the Trash Can icon located next to the role
to delete.
■ From the content tree, select the role to delete (role information
displays in the work area), then click Delete.
4 You are prompted: “Are you sure you want to delete this Role?” Select
OK to delete the role’s information from the MPE Manager (or Cancel to
cancel the request).
Figure 74: Deleting a Role

Creating a New Scope The MPE Manager lets you configure scopes that contain selections of
network element groups and policy server groups that provide a context
for a role. The default scope, Global, contains all items within the MPE
Manager. Once you define a scope you can apply it to a user.
To configure a new scope:

2 In the content tree, click Scopes. The Scope Administration page opens
in the work area, displaying existing scopes.
3 On the Scope Administration page, click Create Scope. The New Scope
page opens. Figure 75 shows an example.
■ Name — The desired name for the new scope.
■ Description/Location (optional) — The information pertaining to the
scope that would help identify it within the MPE Manager.
5 Select the policy server groups that you want this scope to access.
6 Select the network element groups that you want this scope to access.
Figure 75: Scope Administration Page

User Management
Modifying a Scope To modify a scope:

2 In the content tree, click Scopes. The Scope Administration page opens
in the work area, displaying existing scopes.
3 On the Scope Administration page, click on the scope you want to
modify. The scope description opens.
4 Click Modify. The Modify Scope page opens.
5 Modify scope inormation as necessary.
6 When you finish, click Save (or Cancel to cancel the request).
Deleting a Scope To delete a scope:
2 From the content tree, click Scopes. The Scope Administration page
opens in the work area, displaying existing scopes. Figure 76 shows an
example.
3 Delete the role using one of the following methods:
■ From the work area, click the Trash Can icon located next to the role
to delete.
■ From the content tree, select the role to delete (role information
displays in the work area), then click Delete.
4 You are prompted: “Are you sure you want to delete this Scope?” Select
OK to delete the scope from the MPE Manager (or Cancel to cancel the
request).
Figure 76: Deleting a Scope

Creating a User Profile The User Management functions include the tools necessary to create,
modify, or delete system user profiles. See “Configuring Roles” on
page 184 for more details.
The MPE Manager is configured initially with the following default

profiles and passwords:
■ Viewer/policies
■ Operator/policies
■ Admin/policies (you cannot delete this profile)
Each default user profile has an associated role assigned to it. The
Admin user is the only profile that cannot be deleted or have its
username modified. Also, the admin user is the only user who can
create, modify, or delete other users. The password assigned to the
Admin user can be changed. For security reasons, Camiant recommends
changing this value from its default value as soon as the system is
installed.
Note: When logging in, the username is not case sensitive; however the
password is case sensitive.
To create a new user profile:

1 Log in as Admin.
3 In the content tree, click Users. The User Administration page opens in
the work area, displaying existing users.
Note: The Log Out All Users button is visible only to the
admin user.
4 Click Create User. The New User page opens (Figure 77).
5 Define the following attributes:
■ Username — Assign a name to the user profile (this value is not case
sensitive).
■ Description/Location (optional) — Provide additional information
about the user profile.
■ Password — Assign a password to the user profile (this value is case
sensitive and must contain at least six characters; alphabetic,
numeric, and special characters are allowed).
■ Confirm Password — Re-enter the password to confirm the value
entered above.
■ Role — Assign a role to the user profile.
■ Scope — Assign a scope to the user profile.

User Management
Figure 77: New User Page

Modifying a User Profile To modify a user profile:

1 Log in as Admin.
4 Select the desired user profile from the content tree. The profile
information page opens.
5 Click Modify. The Modify User page opens. Figure 78 shows an example.
6 Modify the user profile as desired (see “Creating a User Profile” on
page 190).
Figure 78: Modify User Page

User Management
Deleting a User Profile To delete a user profile:

1 Log in as Admin.
the work area, displaying existing users; for example:
4 Delete the desired user profile using one of the following methods:
■ From the work area, select the Trash Can icon located next to the
profile you want to delete.
■ From the Users tree, select the user profile that you want to delete
(profile information displays in the work area), then click Delete.
5 You are prompted: “Are you sure you want to delete this user?” Click OK
to delete the user profile (or Cancel to cancel the request).

Changing a Password The Change Password option lets users change their password. This
system administration function is available to all users.
Note: The Admin user can change any user’s password. See “Modifying a
User Profile” on page 192.
To change your password:

1 From the navigation pane, select Change Password. The Change
Password page opens (Figure 79).
■ Current Password — The present value of the password.
■ New Password — The value of the new password (this value is case
sensitive and must contain a minimum of six characters; alphabetic,
numeric, and special characters are allowed).
■ Confirm Password — This value re-confirms the value of the new
password.
3 When you finish, click Change Password. Your password is changed.
Figure 79: Change Password Page

User Management
Locking and Unlocking A user is locked out after exceeding the login failure threshold, or if the
User Accounts Admin user locks the user out. A locked-out user sees the following
message on the login page when attempting to log in: “Your account is
locked. Please contact the Administrator.”
Note: The Admin account cannot lock the Admin account.
Locking an account To lock a user account:
1 Log in as Admin.
4 Click Lock. You are prompted: “Are you sure you want to lock out this
user?”
5 Click OK (or Cancel to cancel the request). The account is locked. The
page displays: “User account locked successfully.” The Lock button
becomes an Unlock button. On the User Administration page, the user’s
Locked Status changes to “Locked.”
Unlocking an Account To unlock a user account:
1 Log in as Admin.
2 From the navigation pane, select User Management.The content tree
3 Select the desired user profile from the content tree. The User
Administration page opens.
4 Click Unlock. You are prompted: “Are you sure you want to unlock this
user?”
5 Click OK (or Cancel to cancel the request). The account is unlocked.
The page displays: “User account unlocked successfully.” The Unlock
button becomes a Lock button. On the User Administration page, the
user’s Locked Status changes to “OK.”

GLOSSARY
AM See application manager.
AMID An identifier within the PCMM protocol that uniquely identifies an

application manager (AM). See also PacketCable Multimedia.
application A service provided to subscribers to a network; for example, voice over

IP (VoIP), video on demand (VoD), video conferencing, or gaming.
Camiant manages quality of service (QoS) of, and tracking quotas on,
applications.
application manager A server within a network that is responsible for establishing and
managing subscriber sessions associated with a specific application.
Camiant application managers enable non-PCMM applications to request
QoS enhancement on a PCMM access network and also provide protocol
translation and session state history and tracking. Camiant application
managers include the SIP AM and the BoD AM. See also PacketCable
Multimedia.
Bandwidth on Demand An application that provides dynamic allocation of bandwidth; for

(BoD) example, a broadband speed promotion.
blade A computer designed to fit into a standard equipment rack.
BoD See Bandwidth on Demand.
B-RAS Broadband remote access server.
BSS A “back-end” (office) system; for example, a provisioning or billing

system.
cable modem A device used to connect a computer to a cable TV service that provides
Internet access. A cable modem is considered customer premises
equipment, and connects to a cable modem termination system.

GLOSSARY
cable modem An edge device connecting to subscribers' cable modems in a broadband

termination system network.
(CMTS)
cluster A group of computers operating as one system. A Camiant cluster

supports High Availability (failover).
CMS Call management server.
CMTS See cable modem termination system.
COPS (Common Open An IP protocol, defined by the IETF in RPF 2748, that supports policy
Policy Service) control over QoS protocols. See also QoS.
COPS-PR (Common Open A policy provisioning standard defined by the IETF in RPF 3084. See also
Policy Service for Policy B-RAS.
Provisioning)
CPE Customer premises equipment; for example, a cable modem.
CRM Customer relationship management.
deep packet inspection A form of packet filtering that examines the data and/or header part of
(DPI) a packet as it passes an inspection point. The MPE uses DPI to recognize
the application for establishing QoS or managing quota. See also packet
inspection.
DHCP (Dynamic Host A client/server protocol used by network devices to obtain the
Configuration Protocol) parameters (such as an IP address) necessary for operation in an IP
network. DHCP allows devices to be added to the network with little or
no manual configuration.
Diameter A protocol for authentication, authorization, and accounting, can also

be used as a signaling protocol for mobility management which is
typically associated with an IMS and/or wireless type of environment.
Diameter is the successor to the RADIUS protocol. The MPE supports a
range of Diameter interfaces, including Rx, Gx, Gy, and Ty.
DNS (Domain Name A system for converting Internet host and domain names into IP
System) addresses.
DOCSIS® (Data over This specification defines the communication protocol(s) between cable
Cable Services Interface modems and CMTSs, and was established by cable television network
Specification) operators to facilitate data traffic over existing cable networks. See
also cable modem termination system.
DPI See deep packet inspection.

DQOS (Dynamic Quality of Service)
DQOS (Dynamic Quality A COPS-based protocol that is part of the PacketCable standards used to
of Service) communicate between a CMS and a CMTS for setting up voice calls. The
MPE can be inserted between these two entities to apply additional
policy rules as sessions are established. See also COPS, CMS, and CMTS.
dynamic tiering A policy that defines a temporary uplift of lower-tier subscribers to a

higher tier, such as a temporary speed boost for downloads as a free
sample.
edge router The router (sometimes called an “edge device”) that connects a carrier
or service provider network to a subscriber. An edge router is a policy
enforcement point.
FQDN (fully qualified The complete domain name for a specific computer on the Internet (for
domain name) example, www.camiant.com).
gate The logical representation of a policy decision that has been installed on
a CMTS. See also CMTS.
Georedundancy Redundancy between two geographically separate MPE Manager

systems.
High Availability (HA) The MPE is a dual-system cluster of identical hardware platforms that
provides stateful failover in case of primary platform, disk, or Ethernet
connection failure.
IMS See IP Multimedia System.
IP Multimedia System An architectural framework for delivering IP multimedia to mobile

(IMS) subscribers.
ISA (Interactive Services An on-demand video protocol.

Architecture)
LDAP (Lightweight A protocol for providing and receiving directory information in a TCP/IP
Directory Access network.
Protocol)
MGPI (Multiple Grants The ability to map multiple application flows using identical UGS
Per Interval) (Unsolicited Grant Service) traffic profiles destined for the same
subscriber into a single flow at the DOCSIS (service flow) level. Supports
applications interacting with an MPE device over a Diameter-based Rx
interface. See also Diameter, DOCSIS.
MPE See Multimedia Policy Engine.

GLOSSARY
MPE Manager A centralized management interface to create policies, maintain policy

libraries, configure, provision, and manage multiple distributed MPE
policy servers, and deploy policy rules to MPE policy servers. The MPE
Manager has a web-based interface.
MSO Multiple-service operators.
Multimedia Policy A PacketCable Multimedia qualified policy server. MPE is a

Engine (MPE) high-performance, high-availability platform for operators to deliver
and manage differentiated services over high-speed data networks. MPE
includes a protocol-independent policy rules engine that provides
authorization for services based on policy conditions such as subscriber
information, application information, time of day, and edge resource
utilization.
network device A physical piece of equipment or a logical (software) entity connected

to a network; for example, CMTS, video distribution router, gateway
router, or a link. This may also include sub-components of network
elements (such as an interface) or lower-level devices such as cable
modems or CPEs.
network element A high-level device (typically a router) or other entity within your
network for which you want to use the MPE to manage QoS, such as a
CMTS or PSDN.
network topology A map of physical equipment or logical entities in a network.
NGOD (Next Generation An on-demand video protocol.

On Demand)
OSSI (Operations An interface to a “back-end” (office) system.

Support System
Interface)
packet inspection Packet inspection (or shallow packet inspection) is a form of packet
filtering that checks the header portion of a packet. See also deep
packet inspection.
PacketCable Multimedia An architecture, developed by CableLabs, for cable operators to deliver

(PCMM) IP-based multimedia services that require QoS treatment.
PCMM See PacketCable Multimedia.
PCRF See policy and charging rules functions.
P-CSCF (Proxy-CSCF) Several roles of SIP servers or proxies, collectively called Call Session
Control Function (CSCF), process SIP signaling packets in the IMS. A

PDF
Proxy-CSCF is a SIP proxy that is the initial interface between a mobile

device and the IMS. See also IP Multimedia System and Session Initiation
Protocol.
PDF See policy decision function.
policy rules A set of rules to administer, manage, and control access to network
resources. A Camiant policy rule is a simple if-then statement consisting
of one or more conditions that must be matched (for example, day of
week, time of day, and wireless roaming status, subscriber entitlement)
and actions to be taken (accept, reject, log, or continue to next policy).
Policy rules are evaluated within the MPE, and the results are forwarded
to the appropriate policy enforcement point.
Policy and Charging The ability to dynamically control access, services, network capacity,
Control Model (PCCM) and charges in the network.
policy and charging rules Performed within the policy server in support of wireless networks.
function (PCRF)
policy decision function A policy decision point for service-based local policy control of IP bearer
resources. Policy decisions are made within the policy server.
policy enforcement point A logical entity, usually an edge device, that enforces policy decisions
by permitting or blocking packet flow into the IP network.
policy group An ordered group of policies, organized for administration or

deployment.
policy server A network element that interfaces with an application and makes policy
decisions, such as authorization, entitlements, bandwidth, and QoS,
based on the application's requirements and cable operator rule sets.
The policy server is an element of the PCMM architecture. The Camiant
policy server is the Multimedia Policy Engine (MPE). See also
PacketCable Multimedia.
PSDN (packet-switched A publicly available data communications network supporting

data network) packet-switched data (that is, data formed into packets with source,
address, and ordering information).
QAM device Quadrature Amplitude Modulation is an encoding scheme for

high-definition television signals. A QAM device is remotely located from
a CMTS, and performs downstream modulation. See also cable modem
termination system.
Q-Insight A Camiant product that provides graphical reports on dynamic service

activities of network elements, application utilization over time, and
subscriber tier distribution.

GLOSSARY
QoS (Quality of Service) A resource reservation control mechanism that provides different
priority to different applications, users, or data flows, or to guarantee a
level of performance in a congested network.
RADIUS (Remote A client/server protocol and associated software that enables remote
Authentication Dial-In access servers to communicate with a central server to authorize their
User Service) access to the requested service. The MPE functions with RADIUS servers
to authenticate messages received from remote gateways. See also
Diameter.
RKS (Record Keeping A device that collects PacketCable event messages, used for accounting
Server) management in a PCMM network. See also PacketCable Multimedia.
SCP Secure CoPy, a Linux utility for securely transferring files between host
systems.
Service User Interface A menu-based interface to the Camiant MPE, used to configure the MPE
(SUI) and manage system-level information.
Session Initiation A call-signaling IP protocol that enables Voice over IP (VoIP) and other
Protocol (SIP) text and multimedia sessions such as instant messaging, streaming
video, and online games.
Simple Network A network management protocol for devices on an IP network.

Management Protocol
(SNMP)
SIP See Session Initiation Protocol.
SIP AM The Camiant SIP Application Manager, which acts as a SIP forwarding
proxy server with additional features to enable QoS for SIP user agents
using the PCMM framework.
SNMP See Simple Network Management Protocol.
SOAP A protocol for exchanging XML-based messages over computer networks,

normally using HTTP/HTTPS. SOAP forms the foundation layer of the
web services protocol stack, providing a basic messaging framework
upon which abstract layers can be built.
SSH (Secure Shell) A network client/server protocol that allows data interchange over a
secure channel between two networked devices. Camiant supports, but
does not recommend, SSH access to the Service User Interface.
STUN (Simple Traversal A TCP protocol for assisting devices behind a NAT (Network Address
of UDP through NATS) Translation) firewall or router with packet routing. Camiant supports
STUN servers.

subscriber database
subscriber database Contains profiles of subscribers, including information such as the

services for which subscribers have paid and are thus entitled to
receive.
SUI See Service User Interface.
Universal Edge Resource A Camiant product that manages edge devices to improve bandwidth
Manager (UERM) efficiency in a QAM-based video network. See also QAM.
Upgrade Manager A Camiant product that manages software upgrades in a production

network. The Upgrade Manager is the only supported method for
upgrading Camiant systems.
Video on Demand (VoD) An interactive technology that allows subscribers to view programming
in real time or download it to view later.
VoD See video on demand.
VoIP Voice over IP.
XML (eXtensible Markup A text-based, general-purpose specification for creating custom markup
Language) languages, designed to facilitate the sharing of structured data between
different information systems.

delta mode 38
documentation
related viii
E
Event Generation Info object 88
Event Log 48
event log
forwarding 51
level 173
Index settings 50
viewer 48
event log file 48, 172
Event Log Timeline 48, 172
event message 22
event messages (EMs) 88
A event messaging
local settings 92
absolute mode 38
account
Account Inactivity Lockout 166
Administrator role 184 F
Alert Aging task 180 Failed status 36, 169
Alert Destination 166 FCAPS 166
alert log Financial Entity ID (FEID) 90, 92
adding comment 179
resolving alert 179
viewing 178 G
Alerts 52 GUI
AM, see application profile content tree 17
application 77 icons 17
Application Manager (AM) 14, 77 navigation pane 17
application profile 77 overview 16
creating 78 shortcut keys 18
deleting 80 work area 17
modifying 80
application server 77
audit log
displaying 174 H
exporting 177 Health Checker task 180
purging data from 177 High Availability 36
searching within 176
authorization scope 27
I
Idle Timeout 166
B invalid login threshold 166
Billing Correlation ID (BCID) 89
Blade Information Report 41
L
lockout, see user account
C log file 45
Change Password option 194 modifying 50
Cluster Information Report 40 Log Out All Users button 190
cluster report 169
CMTS Distributor task 102
content tree 17 M
MAC address 48
Management Agent (MA) server 97
D management agent Event Log Viewer 105
Degraded status 36, 169 management agent profile
configuring tasks 102

INDEX
creating 98
deleting 101 O
modifying 100 Off-line status 36
reapplying configuration 101 OM Statistics task 180
Maximum Concurrent Sessions 166 On-line status 36, 169
MGPI (multiple grants per interval) 25 Operational Measurements (OM) Interface 74
MPE Manager 16 Operator role 184
Alert Log 178 OSSI Distributor task 64, 180
and policy servers 19 OSSI XML interface 74
application profiles 77
Audit Log 174 topology interface 74
checking status of policy server 36 exporting XML file 75
cluster reports 169 input network elements 74
Event Log 172 Operational Measurements (OM) Interface 74
Graphical User Interface (GUI) 16 operational measurements (OM) interface 74
MA servers 97 OSSI XML Interface (OSSI) 74
network elements 57
network topology 143
policy rules 109
supported browsers 17 P
system administration 165 password 17
system settings 166 changing your 194
traffic profiles 81 path, see network path
user management 184 policy
Multimedia Policy Engine (MPE) 11 remove policy from group 135
Event Log Viewer 48 remove policy/policy group 136
log files 45 policy group 109, 127
policy log 46, 48 adding a policy rule to 128
policy statistics 42 changing the order of policy rules in 131
protocol statistics 43 creating 127
reapplying configuration to 34 deploying 134
status 36 displaying policy rules in 133
removing 136
removing a policy rule from 129, 135
Policy Library 116
N policy log 46, 48
navigation pane 17 policy rule 14, 109
network element 57 actions 112
adding using OSSI XML interface 74 conditions 117
associating with MPE 72 creating 116
bulk delete 62 deploying 134
creating 58 deploying (example) 113
deleting 61 evaluation 111
finding 63 group 14
modifying 60 modifying 121
network element group 66 overview 110
adding network element to 67 removing 136
creating 66 template 116, 123
creating sub-group 68 time-dependent 120
deleting 71 Policy Rules Engine 12, 111
deleting network element from 69 Policy Server
renaming 70 check status 92
network element subgroup policy server
creating 68 checking status 36
network path cluster status 36
creating 152 unmanaged 20
deleting 154 see also Multimedia Policy Engine (MPE)
modifying 154 Policy Server Administration page 22, 55
network topology map 27, 144 EM tab 22
adding comment 151 Logs tab 22
alerts 151 Policies tab 22
laying out 147 Policy Server tab 22
resolving alert 151 Reports tab 22
viewing 145 Routing tab 22
Non-service Affecting Failure status 36, 169 System tab 22

INDEX
policy server group 26 deleting 85

adding a policy server to 28, 67 modifying 84
creating 27 traffic profile group 86
creating a subgroup 29, 68 adding a traffic profile to 86
deleting 32 deleting 86
deleting a policy server from 31 deleting a traffic profile from 86
renaming 30 renaming 86
policy server profile 20
configuring 22
creating 20 U
deleting 26 unmanaged policy server 20
modifying 22 user account
policy server reports 38 locking 195
policy statistics 42 unlocking 195
policy template 16 user profile 184
creating 123 creating 190
deleting 126 deleting 193
modifying 125 modifying 192
Policy Template wizard 123 user profiles and passwords, default 190
Policy wizard 110, 116
protocol statistics 43
V
Viewer role 184
Q
Quality of Service (QoS) 81
enforcement device 14
managing 77 W
web browsers, recommended 17
work area 17
R
Record Keeping Server (RKS) 88
configuring 94 X
related documentation viii XML bulk import process 74
role 184
creating 184
deleting 187
modifying 186
privileges 184
S
scheduled tasks
configuring 182
disabling 183
Run Now button 183
scheduled tasks, list of 180
scope 184
creating 188
modifying 189
service 77
Service Class SNMP Collector task 102
Service LED button 40, 170
SNMP Read Community String 58
SSL certificate, configuring 33
Subnet SNMP Collector task 102
Subscriber Distributor task 102, 181
Subscriber SNMP Collector task 102
system settings, defining 166
T
traffic profile 81
creating 82

Camiant, Inc.
200 Nickerson Road
Marlborough, MA 01752 USA
508.486.9996
www.Camiant.com

PCRF

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

PCRF

Загружено:

Авторское право:

Доступные форматы

Camiant™

Multimedia Policy Engine

Document Number: DOC–10001

2 Managing Policy Servers................................................ 19

Multimedia Policy Engine Cable Manager User’s Guide iii

Cluster Information Report................................................................................... 40

4 Managing Network Elements....................................... 57

5 Managing Application Profiles .................................... 77

6 Managing Traffic Profiles .............................................. 81

iv Multimedia Policy Engine Cable Manager User’s Guide

8 Management Agent Servers ......................................... 97

9 Managing Policy Rules.................................................. 109

10 Managing Network Topology ..................................... 143

Multimedia Policy Engine Cable Manager User’s Guide v

Network Element Components .......................................................................... 144

11 Managing User Licenses............................................... 155

12 System Administration ................................................ 165

Glossary ........................................................................... 197

Index ................................................................................. 205

vi Multimedia Policy Engine Cable Manager User’s Guide

Multimedia Policy Engine Cable Manager User’s Guide vii

The following conventions are used throughout this guide to emphasize

Italics —I ndicates book titles and user input variables.

Monospace — Indicates program output.

Monospace bold — Indicates user input.

Monospace italics — Indicates variables in commands.

Note: This icon indicates helpful suggestions or references to other

CAUTION: This icon notifies you to proceed carefully to avoid damaging

WARNING: This icon warns you to proceed carefully to avoid injury.

Note: This version of the document supersedes the application note

The following documents are useful for reference:

viii Multimedia Policy Engine Cable Manager User’s Guide

To obtain technical tips or support, contact the Camiant Customer

E-mail your comments to documentation@camiant.com

FAX your comments to 508-486-9595, attention Technical Publications

Multimedia Policy Engine Cable Manager User’s Guide ix

This chapter provides an overview of the Camiant Multimedia Policy

This chapter discusses the following topics:

Multimedia Policy Engine Cable Manager User’s Guide 11

The Multimedia Policy Engine

Figure 1: The MPE Manager and MPEs

For example, when a subscriber wishes to open an IP-streaming session,

12 Multimedia Policy Engine Cable Manager User’s Guide

network resources be provisioned in order to be used for the

Note: When provisioned resources are no longer required and

Multimedia Policy Engine Cable Manager User’s Guide 13

Understanding Policy Rules

14 Multimedia Policy Engine Cable Manager User’s Guide

Overview of Major Tasks

Multimedia Policy Engine Cable Manager User’s Guide 15

The MPE Manager

The MPE Manager provides a policy template feature to simplify the

16 Multimedia Policy Engine Cable Manager User’s Guide

Figure 2: Structure of the MPE Manager GUI

■ Navigation Pane — Provides access to the various available options

Specifications for Using Camiant recommends the following:

Multimedia Policy Engine Cable Manager User’s Guide 17

Remove icon — When visible in the work area, selecting

Move icon — The up/down arrow icons are displayed when

■ Shift/click — selects two or more consecutive items. To do this,

18 Multimedia Policy Engine Cable Manager User’s Guide

This chapter discusses the following topics: