Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


NorthStar Ingress Peer Engineering


The goal of Ingress Peer Engineering (IPE) in NorthStar is to influence the ingress links at which traffic enters the NorthStar managed network from other domains in order to steer traffic away from congested links. To do that, you configure a BGP policy to be applied to an ingress ASBR. The policy (conditions and actions) is inserted into the export list.

You can have one policy per ingress ASBR, with support for multiple terms (rules) within the policy. Conditions can include:

  • Route filters on prefixes (you can specify different prefixes for each term). You define a route filter list which is then referenced in the condition.

  • Regular expressions on AS paths

Actions can include:

  • Prepending of the AS path with a local AS number. This results in diverting traffic away from the ingress link, but does not influence where the traffic goes instead. With this action, the shortest AS path is preferred.

  • Multi-Exit Discriminator (MED). MED allows you to influence the choice of link for incoming traffic. This action prefers the path with the lowest MED metric.

If you include both actions, the shortest AS path has priority over the MED metric.

In the Junos OS, the IPE policy is inserted as the first item into the export list within the BGP configuration. Inserting it as the first item ensures that the policy is applied. In IOS-XR, the IPE policy overwrites any configured export policy in the BGP configuration because IOS does not have a “list” of policies.

You might find the following Junos OS documentation helpful for background:

NorthStar uses Netflow to measure traffic. This includes statistics from the traffic coming in, demand reports generation to show which AS is responsible for the most traffic, and extending the demands visibility to the ingress external border router.

See Netflow Collector for information about viewing demands in the web UI.

NorthStar Configuration Requirements for IPE

On the NorthStar application server, there are two settings important for the IPE features in NorthStar to function properly. They are described in tablex.

Table 1: Configurable Netflow Settings




Possible values are:

  • disable = aggregation by prefix is disabled

  • always = aggregation by prefix is enabled

  • unknown-destination = aggregation by prefix is enabled even though the flow is missing a BGP next hop (BGP_NH) or has a BGP_NH of

To modify, use the NorthStar CLI command set northstar analytics netflowd aggregate-by-prefix.


Interval at which statistics are printed to the log file. By default, this parameter is not set and stats are not printed.

The interval can be expressed as seconds ('s' or 'seconds'), minutes ('m' or 'minutes'), hours ('h' or 'hours'), or days ('d' or 'days'). Examples: 45s, 5minutes, 2h, 1days.

To enable and set the value, use the NorthStar CLI command set northstar analytics netflowd stats-interval.


Netflowd does not generate AS demands by default. Unless you specify otherwise, AS demands do not appear through the REST API or through Demand Reports in the UI, even if valid netflow records are being exported.

By default, this parameter is not set and AS demands are not generated. Enable the setting using the NorthStar CLI command set northstar analytics netflowd generate-as-demands.

IPE Demand Report Generation

When you create a Demand Reports task using Administration > Task Scheduler, you can select a check box to include IPE Demands. For each IPE demand, the resulting report includes:

  • Ingress ASBR (name of the router within the NorthStar domain where the traffic was received)

  • External Ingress Peer (IP address of the BGP neighbor from which the traffic came)

  • Egress ASBR (name of the router from which the traffic left the NorthStar managed network)

  • Prefix

In addition, the many types of AS demand reports that are also selectable in a Demand Reports task can be useful tools for evaluating ingress and egress traffic patterns.

Creating an IPE Policy Using the Web UI

You create IPE policies from the IPE Policy tab in the network information table. The IPE Policy tab is not displayed by default. Click the + sign in the tabs heading bar and select IPE Policy to add the tab.

To create a policy, click Add in the network information table bottom tool bar. The Add IPE Policy window is displayed as shown in Figure 1. The fields are described in Table 2.

Figure 1: Add IPE Policy Window
Add IPE Policy Window

Table 2: Add IPE Window Field Descriptions




The ingress ASBR.

BGP Neighbor

IP address of the BGP neighbor.

Match Type

Select the condition as either Prefix or AS Path (mutually exclusive).


Prefix. This field is only available if you select Prefix as the condition.


Regular expression for the AS path. This field is only available if you select AS Path as the condition.


Priority for action of prepending of the AS path with a local AS number. If you specify any number greater than zero, the local AS number is prepended to the AS path.


Value for the action of selecting based on the MED metric.

Click Submit to complete the policy addition.

To modify an existing policy, select the row in the network information table and click Modify in the bottom tool bar. The Modify IPE Policy window is displayed where you can change certain parameters. To delete a selected policy, click Delete in the bottom tool bar. A delete message is displayed, prompting you to confirm your intention to delete the policy.

An alternative to using the Add IPE Policy window is to create policies by selecting specific demands on the Demand tab in the network information table.

Select one or more demands in the Demand tab, right-click, and select Create IPE Policy. This brings up the Create IPE Policy window shown in Figure 2 where you can specify policy parameters for each demand. If you enter a regular expression for the AS path, the regular expression is used as the condition (over the prefix). If you do not specify a regular expression, the prefix is used.

Figure 2: Creating IPE Policies from the Demand Tab
Creating IPE Policies
from the Demand Tab

Viewing IPE Policy Traffic

From the IPE Policy tab in the network information table, you can view a chart showing traffic on the interface when an IPE policy has been applied. You can use this traffic information to evaluate the traffic going through the interface to determine if the policy is effective. For example, if you apply a policy with the goal of reducing traffic on a congested interface, and the traffic chart shows significant reduction, that’s a good indication the policy is working.

In the table of configured policies, right-click a policy and select View IPE Policy Traffic. A new tab in the network information table is created where you can see traffic over time for that specific policy. In the upper left corner of the traffic chart, you can select a time window of one hour (selected by default), one day, or seven days. Or you can select to customize a time range by specifying a start and end day and time.

Related Documentation