Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1133
Views
30
Helpful
9
Replies

upgrade INET router from existing ISP to another router with new ISP

byme88
Level 1
Level 1

‎06-08-2022 12:13 PM

Hello all,

 

I am trying to upgrade our existing Internet router 3900 to 4331.

 

Scenario:

Existing router 3900 has BGP peering with 1 ISP with a default-route, and OSPF neighborship with a Cisco ASA outside interface using our public IP addresses This ASA's inside interfaces also runs EIGRP with the LAN network. The default-route from BGP and OSPF routes are redistributed into EIGRP Domain behind the firewall.

 

The goal is to both routers (3900 and 4300) live at the same time and slowly migrate all the services (NATs, Vendors Services, etc. ) from the outside world to the 4300 without downtime!

 

Now since the 3945 is reaching EOL soon, and we want to upgrade the Cisco 3900 to Cisco 4331 with the new ISP. Since we are only have 1 AS number, how are we going to peering with a new ISP on the 4300 to advertise exactly the networks we have on the 3900 without problem of 2 BGP peering with 2 different ISPs?

 

My sincere apology for unable to describe the topology clearly, please feel free to ask away anything that I am not clearly described here.

 

Thanks,

Byme88

Labels:
0 Helpful
9 Replies 9

Flavio Miranda
VIP
VIP

‎06-08-2022 12:59 PM

Hi

 

 You can peer with multiples ISPs using your AS, just add more neighbors. The strategy could be like this:

For Internet you stay with old ISP until the end of the migration so that you can keep receiving the default route from the old ISP.

For specific services which the address is know, you can use routes to send to the new ISP.

At the end of the process you can start receiving the default route from the new ISP as well.

For OSPF you can add Firewall outside interface, 3900 inside interface and 4331 inside interface in the same area 0.

You can also think about run iBGP between Firewall and Routers.

 

 

 

byme88
Level 1
Level 1
In response to Flavio Miranda

‎06-08-2022 02:06 PM - edited ‎06-08-2022 02:08 PM

Hi Flavio,

 

Thanks for the advice! Since your advice is to put both the 4331 and ASA into Area 0 of OSPF, which not the same as the current configuration of the 3900 and ASA, they are both in Area 1 for some reason.  BGP and OSPF on the 3900, the configuration of BGP and OSPF is like this:

 

For BGP:

 

router bgp xxxxx
bgp log-neighbor-changes
neighbor xxx.xx.xx.xx remote-as xxxx
!
address-family ipv4
redistribute connected
neighbor xxx.xx.xx.xx activate
neighbor xxx.xx.xx.xx send-community
neighbor xxx.xx.xx.xx remove-private-as
neighbor xxx.xx.xx.xx soft-reconfiguration inbound
neighbor xxx.xx.xx.xx route-map twtc-in in
neighbor xxx.xx.xx.xx route-map twtc-out out
exit-address-family

 

route-map twtc-in permit 1
match ip address 1
!
route-map twtc-out permit 1
match ip address 98
continue
set community xxxx.xxx
!
route-map twtc-out permit 5
match ip address 99
set as-path prepend XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX  -----> X =  IS OUR BGP AS NUMBER
set community 3549:697

 

access-list 1 permit 0.0.0.0
access-list 1 remark Default_BGP Route

access-list 90 permit 10.99.11.1

access-list 98 permit xxx.xxx.35.0 0.0.0.255 --------> This is our public IP advertised out the OSPF process
access-list 98 remark 35_Network


access-list 99 permit xxx.xxx.34.0 0.0.0.255 --------> This is our public IP advertised out the OSPF process

For OSPF:

router ospf 1
redistribute bgp 53746 metric 10 subnets
network xxx.xxx.34.0 0.0.0.255 area 0
network xxx.xxx.35.0 0.0.0.255 area 1
default-information originate

 

I am not sure what is the reason OSPF on this router is in Area 1, while the direct connect ASA outside is in Area 0.

 

Here is the configuration of the ASA:

 

router ospf 1
network xxx.xxx.35.0 255.255.255.0 area 1
log-adj-changes
!
router eigrp 1
auto-summary
default-metric 250000 10 255 255 1500
network 10.0.0.0 255.0.0.0
redistribute connected
redistribute static route-map route-static
redistribute ospf 1 route-map ospf

 

On The ASA:

 

router ospf 1
network 204.152.35.0 255.255.255.0 area 1
log-adj-changes

 

sh ospf neighbor on the ASA


Neighbor ID Pri State Dead Time Address Interface
xx.xxx.xx.xxx 255 FULL/DR 0:00:39 xxx.xxx.35.200 outside
xxx.xx.35.10 250 FULL/BDR 0:00:33 xxx.xxx.35.10 outside

 

Can you kindly review and advice how should I approach?

Much appreciated!

byme88

 

Flavio Miranda
VIP
VIP
In response to byme88

‎06-09-2022 09:14 AM

Hi

 I strongly encorage you to run a lab first. Analysing this config by looking seems to make sense but dont miss the chance to put this to work first. 

 Not sure if you are familiar with GNS3 or Eve but they can provide you with all the necessary parts you need foi this Project

 If you may not be able to simulate firewall, just use a router instead. From routing perspective, your firewall is a router. 

If you need any help to build this lab, i will be more then happy to assist you.

byme88
Level 1
Level 1
In response to Flavio Miranda

‎06-09-2022 09:54 AM

Hi Flavio,

thank you for your advice, I have never GNS3 or EVE, but will look into this! I will contact you if I need help! Thanks again!

byme88

Flavio Miranda
VIP
VIP
In response to byme88

‎06-09-2022 12:11 PM

 There are plenty of videos about GNS3 and Eve, but, dont hesitate to ask here in case you find some trouble.

Basically you can shadow your environment with one of this program.

byme88
Level 1
Level 1
In response to Flavio Miranda

‎06-09-2022 12:05 PM

Hi Flavio,

 

Yes, I will need your help to build this lab, please let me know where to start. I have never use GNS3 before.

Thanks in advance!

byme88

0 Helpful

paul driver
VIP
VIP

‎06-09-2022 12:49 AM

Hello

Can you post a topology of this network adding your desired new rtr you wish to upgrade to


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

byme88
Level 1
Level 1
In response to paul driver

‎06-09-2022 09:07 AM

Hi Paul,

I will try to do a couple Visios and post with both ol the existing router and new one!

thanks!

0 Helpful

byme88
Level 1
Level 1
In response to paul driver

‎06-10-2022 11:52 AM

Hi Paul,

 

Attached are 2 drawing and the related configuration of the internet router with BGP and OSPFl

1 drawing with existing 3945 router with existing ISP and the other with new 4331 in place.

The goal is to replace the 3945 without much downtime and unexpected problem.

I am thinking migrate the configuration from the 3945 to the 4331 and configure the Gig0/3/0 on the 4331 for the new ISP BGP peering.

The next step is to replace the 3945 while still using the old ISP as the primary internet circuit.

The problems I am facing are the BGP peering with 2 ISPs, how am I prevent the internet traffic from going out to the new ISP until we test and confirm that the 4331 is working after cutover?

Thanks,

Byme88

 

Preview file
5 KB
Preview file
80 KB
Preview file
58 KB
0 Helpful
Customers Also Viewed These Support Documents