Router migration using dual-as
I am working on a project that involves moving a router from one BGP ASN to another. The topology above shows the current situation and we want to move R2 to ASN20 and have it hooked up to R4 instead of R3. Normally this would be pretty trivial however the owner of R1 in ASN 500 is a provider that is notorious for not being able to schedule an engineer at the same time we have one available. The idea is to move R2 and have it in ASN 20 but use local-as to make R1 still maintain a BGP neighbourship with it. Because our engineer might not be around when the provider engineer updates the neighbourship we can use dual-as to make R2 accept eBGP sent to either the old or the new ASN.
Here’s the starting configs:
R1 R2 R3 R4
So first thing we do is raise a change to move R2 – basically we’re doing our own migration without the need to have a big conference call with the owner of R1. We’ll shut down the interfaces so we don’t send any incorrect BGP updates and set of any alerts.
interface f 0/1 shutdown interface f 0/0 shutdown
So now that’s done we can move the cable; in this case from f0/1 on R3 to f0/1 on R4.
We’ll get rid of the ASN 10 config and get the ASN 20 neighbourship up first.
no router bgp 10
router bgp 20 neighbor 172.16.0.4 remote-as 20 neighbor 172.16.0.4 update-source Loopback0
We can now bring up that interface and we should see the neighbourship form.
interface f 0/1 no shutdown
Next we want to get the neighbourship back up to ASN 500
router bgp 20 neighbor 192.168.0.0 remote-as 500 neighbor 192.168.0.0 local-as 10
Local-AS basically makes R1 think it’s talking to ASN 10 rather than ASN 20. We can bring up the interface and should see the neighbour form.
interface f 0/0 no shutdown
Now you can stop there if you like; the migration is complete from a functional point of view. Service teams don’t like this sort of kludge though because it doesn’t make sense to them at 3am when something is not working. The bonus round is to get the owner of R1 to update the remote-as at their convenience. To do this we’ll use the following command on R2 to tell it to accept either the real ASN or the Local-AS from R1.
router bgp 20 neighbor 192.168.0.0 local-as 10 no-prepend replace-as dual-as
At some point in the next few months the owner of R1 will log on and update their router config thus:
router bgp 500 neighbour 192.168.0.1 remote-as 20
That requires no action on R2 and will ‘just work’. You can go in and clean up your config at any time after this to make sure that the service team are happy.
router bgp 20 no neighbor 192.168.0.0 local-as 10 no-prepend replace-as dual-as
The topology now looks like this:
Final configs should look something like this:
R1-end R2-end R3-end R4-end