I have a 7206 router I am replacing with a newer 7206 that connects all remote branches.
My existing 7206 is using BGP to connect remote sites and distributing BGP into OSPF.
I have the second router up and running connected to the network by a single ethernet interface. There are no issues at the moment.
I want to have both routers up while I swap out everything, swapping an interface at a time while I make sure the new router is going to be ok.
The existing router has all connections intact including serial connections to DR and all remote branches.
Existing router has an interface
10.1.70.1 on the LAN
New router has an interface
10.1.71.1 on the LAN
OSPF is getting routes from the two core switches on the new 7206.
Is there any potential problem (from the standpoint of conflicting BGP processes by using the same AS number) if I just apply the config on the existing 7206 to the new 7206 while both are up?
The BGP config is as follows:
router bgp 65001
network 10.1.0.0 mask 255.255.0.0
network 10.1.70.0 mask 255.255.255.0
network 10.5.0.0 mask 255.255.0.0
network 172.16.254.1 mask 255.255.255.255
redistribute static route-map STATICtoBGP
redistribute ospf 1 match internal external 2
neighbor 220.127.116.11 remote-as 65011
neighbor 18.104.22.168 version 4
neighbor 22.214.171.124 soft-reconfiguration inbound
neighbor 126.96.36.199 remote-as 65000
neighbor 188.8.131.52 version 4
neighbor 184.108.40.206 soft-reconfiguration inbound
distance bgp 150 200 201
If you are replacing the 7206 router why don't just do a hot cutover carrying over the logical configuration, it would be much easier to configure the new router with the interface facing the core switch in a shutdown state with ip 10.1.70.1, place the new router connection on that same vlan the 70.1 is under, the interface facing bgp peer you still have to move the physical connection to the new router anyways. Once you are about to cutover shutdown the port on the core switch connecting old router bring up the interface in new router and move the remaining physical connection for the bgp interface, the fall back will be simple reverting back the above. I would do it this way.., having the new router pre-configured with exact same logical information the chances to have problems is much lesser than creating new interfaces or vlans in addition to creating new 10.1.71.0 network.
you can also do it the way you want with new network 10.1.71.0 but you would need to advertize that in bgp as the 10.1.70.0 net, having the bgp on the new router should not conflict becasue new router does not bgp peer with anything until you cutover the physical connection to it from old router.
Thanks for the reply.
The reason to have the additional interface is that we have two core 6509 switches.
At the moment there is no redundancy to the 7206 router on the internal ethernet interfrace, there is only the 10.1.70..1 connection.
When we implement the new 7206, I was going to have the existing interface link to one of the 6509s and since I cannot have the 7206 with two interfaces in the same subnet, I created the 10.1.71.1 to link to the other 6509.
So both of the interfaces will exist.
If we loose one core switch, we still have the other switch linke to the 7206 so we will not loose DR or remote branches.
So this task isn't a swap but a router addition ?
In that case, both routers should function correctly with their respective BGP configs as long as you have the BGP peer configured from the remote-end towards the new router.
I also recommend configuring an iBGP peer between the two routers in case one router loses the WAN connectivity, it can use the other router as the gateway out of your network.
Thanks for the reply, edison.
I bet you hate seeing my name in these posts.
You must be thinking "what a doofus"
It is a swap, but the second interface to the other core switch is an addition.
Currently the existing 7206 only has the 10.1.70.1 interface linkd to one of the 6509s.
If we loose the 6509, we have lost our connectivity to DR and the remote branches (which recently happened).
I wanted to add the second gigabit etherent interface on the new 7206 when it gets swapped out.
This router has a little bit different platform (NPE-G1 rather than the NPE-400) and a different IOS image.
Even though the feature set is pretty much the same, I fugured I could have them both up at the same time with identical configs (with the exception of the two gigabit etherent interfaces). Then I could turn down the interface on the old router, turn up the interface on the new router and swap out the interfaces (links to DR, remote branches and a briged connection) to make sure everything is going to work properly.
So the BGP peer would be the same, but not turned up until after the old router has been tuend downm,
I didn t know if there would be any issues with having both routers configured the same (from a BGP perspective) while I am doing this.
Does this sound feasable to you?
I prefer that you ask questions here before making a deployment if you aren't 100% sure of something, we are always glad to help out.
I understand now, the new router will have 2 LAN interfaces and you are planning to assign the old router's LAN IP on one of the interfaces while adding a new LAN IP Subnet on the second interface.
You are still facing a single point of failure on the router but it seems you are more concerned with the 6509. Any reason why you aren't planning to leave two routers as your WAN routers? You have the hardware available.
As for the BGP query, you can have BGP configured in the new router. It will try to initiate a peer with the neighbors configured under BGP but it won't form any BGP peering until the neighbors are pointing back to this new router.
I am never 100% sure about anything.
I have a tendancy to over complicate things, and be too cautious, but there are so many unforseen things that can go wrong.
There are many times I have asked questions like this and one of you guys that have a lot more knowledge and experience will say "you can't do that because, x, y or Z", some of which could be disasterous.
You all have been a great help.
The existing 7206 is going to our disaster recovery site.
There is a 3750 in DR now and it will not handle what we will be adding to that link.
Agreed on the single point of failure.
Next year I hope to get a second 7206, but for now, they do not want to spend the money.
"I am never 100% sure about anything.
I have a tendancy to over complicate things, and be too cautious, but there are so many unforseen things that can go wrong."
And that is why you are a good network engineer. When you are making changes in your network especially in critical sites it pays to be very cautious. With experience you can "speed" things up a bit but if you always err on the side of caution you won't go far wrong.