NorthStar Ingress Peer Engineering
The goal of Ingress Peer Engineering (IPE) in NorthStar is to influence the ingress links at which traffic enters the NorthStar managed network from other domains in order to steer traffic away from congested links. To do that, you configure a BGP policy to be applied to an ingress ASBR. The policy (conditions and actions) is inserted into the export list.
You can have one policy per ingress ASBR, with support for multiple terms (rules) within the policy. Conditions can include:
Route filters on prefixes (you can specify different prefixes for each term). You define a route filter list which is then referenced in the condition.
Regular expressions on AS paths
Actions can include:
Prepending of the AS path with a local AS number. This results in diverting traffic away from the ingress link, but does not influence where the traffic goes instead. With this action, the shortest AS path is preferred.
Multi-Exit Discriminator (MED). MED allows you to influence the choice of link for incoming traffic. This action prefers the path with the lowest MED metric.
If you include both actions, the shortest AS path has priority over the MED metric.
In the Junos OS, the IPE policy is inserted as the first item into the export list within the BGP configuration. Inserting it as the first item ensures that the policy is applied. In IOS-XR, the IPE policy overwrites any configured export policy in the BGP configuration because IOS does not have a “list” of policies.
You might find the following Junos OS documentation helpful for background:
NorthStar uses Netflow to measure traffic. This includes statistics from the traffic coming in, demand reports generation to show which AS is responsible for the most traffic, and extending the demands visibility to the ingress external border router.
See Netflow Collector for information about viewing demands in the web UI.
NorthStar Configuration Requirements for IPE
On the NorthStar application server, there are two settings important for the IPE features in NorthStar to function properly. They are described in tablex.
Table 1: Configurable Netflow Settings
Possible values are:
To modify, use the NorthStar CLI command set northstar analytics netflowd aggregate-by-prefix.
Interval at which statistics are printed to the log file. By default, this parameter is not set and stats are not printed.
The interval can be expressed as seconds ('s' or 'seconds'), minutes ('m' or 'minutes'), hours ('h' or 'hours'), or days ('d' or 'days'). Examples: 45s, 5minutes, 2h, 1days.
To enable and set the value, use the NorthStar CLI command set northstar analytics netflowd stats-interval.
Netflowd does not generate AS demands by default. Unless you specify otherwise, AS demands do not appear through the REST API or through Demand Reports in the UI, even if valid netflow records are being exported.
By default, this parameter is not set and AS demands are not generated. Enable the setting using the NorthStar CLI command set northstar analytics netflowd generate-as-demands.
IPE Demand Report Generation
When you create a Demand Reports task using Administration > Task Scheduler, you can select a check box to include IPE Demands. For each IPE demand, the resulting report includes:
Ingress ASBR (name of the router within the NorthStar domain where the traffic was received)
External Ingress Peer (IP address of the BGP neighbor from which the traffic came)
Egress ASBR (name of the router from which the traffic left the NorthStar managed network)
In addition, the many types of AS demand reports that are also selectable in a Demand Reports task can be useful tools for evaluating ingress and egress traffic patterns.
Creating an IPE Policy Using the Web UI
You create IPE policies from the IPE Policy tab in the network information table. The IPE Policy tab is not displayed by default. Click the + sign in the tabs heading bar and select IPE Policy to add the tab.
Table 2: Add IPE Window Field Descriptions
The ingress ASBR.
IP address of the BGP neighbor.
Select the condition as either Prefix or AS Path (mutually exclusive).
Prefix. This field is only available if you select Prefix as the condition.
Regular expression for the AS path. This field is only available if you select AS Path as the condition.
Priority for action of prepending of the AS path with a local AS number. If you specify any number greater than zero, the local AS number is prepended to the AS path.
Value for the action of selecting based on the MED metric.
Click Submit to complete the policy addition.
To modify an existing policy, select the row in the network information table and click Modify in the bottom tool bar. The Modify IPE Policy window is displayed where you can change certain parameters. To delete a selected policy, click Delete in the bottom tool bar. A delete message is displayed, prompting you to confirm your intention to delete the policy.
An alternative to using the Add IPE Policy window is to create policies by selecting specific demands on the Demand tab in the network information table.
Select one or more demands in the Demand tab, right-click, and select Create IPE Policy. This brings up the Create IPE Policy window shown in Figure 2 where you can specify policy parameters for each demand. If you enter a regular expression for the AS path, the regular expression is used as the condition (over the prefix). If you do not specify a regular expression, the prefix is used.
Viewing IPE Policy Traffic
From the IPE Policy tab in the network information table, you can view a chart showing traffic on the interface when an IPE policy has been applied. You can use this traffic information to evaluate the traffic going through the interface to determine if the policy is effective. For example, if you apply a policy with the goal of reducing traffic on a congested interface, and the traffic chart shows significant reduction, that’s a good indication the policy is working.
In the table of configured policies, right-click a policy and select View IPE Policy Traffic. A new tab in the network information table is created where you can see traffic over time for that specific policy. In the upper left corner of the traffic chart, you can select a time window of one hour (selected by default), one day, or seven days. Or you can select to customize a time range by specifying a start and end day and time.