Alexander, Thank you for your response. “Can you clarify what is your concern? Did I understand you correctly that you asking how to configure the BGP without actually using the bgp routes and during maintenance window to switch to the BGP routing?” My concern is migrating to our new EBGP and new IP space without any downtime. So we need to be able to verify test traffic passes through the BGP before migrating production traffic to it. For inbound traffic both the old IPs and new IPs will need to be accessible while DNS propagates. Some business partners may also have hardcoded or host entries for our IP for their API requests, even though they shouldn’t. I understand that enabling ECMP restarts the router so ECMP will need to be done during a maintenance window. Having never done this before and not finding any documentation that matches what we plan to do makes it harder to plan. “Another question - the two peers, are they both external for your firewall? Am I guessing correctly that the two peers are just for resilience and you will receive the same routes from both and you need to advertise same routes to both (but with different metric)?” Yes, the two peers are to the same ISP via different fiber paths for resilience. “When you are configuring the BGP you can leave the option "Install Routes" unchecked (I believe this is off by default) - As you can see from this document when this option is not checked FW will bring the BGP peering up, it will receive and advertise any routes from peers, but the received routes are not installed in the RIB.” and “Which effectively allow you to test the BGP peering and what is received from the peers, without affecting the current routing and using the old path.” This sounds like a good first step to verify the peers are configured properly. After that we will need to send some test traffic over it. Thanks for the link. Thank you, Charles
... View more