diff --git a/geant/gap_ansible/roles/base_config/defaults/main.yml b/geant/gap_ansible/roles/base_config/defaults/main.yml
index 86405e60cc0d8ac85698bf4338e83378f8f77e83..7c6293f3bbac567bd841dc1be877ac7665d789a4 100644
--- a/geant/gap_ansible/roles/base_config/defaults/main.yml
+++ b/geant/gap_ansible/roles/base_config/defaults/main.yml
@@ -1,2 +1,3 @@
 ---
 # defaults file for base_config
+# ansible_net_has_2RE: false  # safe to set because when ansible gets this var from the real Juniper box, it will be overwritten.
diff --git a/geant/gap_ansible/roles/base_config/tasks/deploy_base_config.yaml b/geant/gap_ansible/roles/base_config/tasks/deploy_base_config.yaml
index 9c25cf27c9410ca93bd92cb3c74f8bb56d70619e..8803e4451c0f19c499b00c860b5742affa574d70 100644
--- a/geant/gap_ansible/roles/base_config/tasks/deploy_base_config.yaml
+++ b/geant/gap_ansible/roles/base_config/tasks/deploy_base_config.yaml
@@ -5,9 +5,12 @@
     src_format: text
     check_commit: true
   diff: true
+  register: output
   when: >
-    verb == "deploy" and
-    ( dry_run | ansible.builtin.bool ) is true and
+    verb == "deploy"
+    and
+    ( dry_run | ansible.builtin.bool )
+    and
     wfo_router.router.vendor == "juniper"
 
 
@@ -19,8 +22,10 @@
     comment: "{{ commit_comment }}"
   diff: true
   when: >
-    verb == "deploy" and
-    ( dry_run | ansible.builtin.bool ) is false and
+    verb == "deploy"
+    and
+    not ( dry_run | ansible.builtin.bool )
+    and
     wfo_router.router.vendor == "juniper"
 
 - name: Deploy base_config on "{{ inventory_hostname }}" [CHECK ONLY][NOKIA]
@@ -32,18 +37,33 @@
     commit: true
     validate: true
   diff: true
+  register: output
   check_mode: true
   when: >
-    verb == "deploy" and
-    ( dry_run | ansible.builtin.bool ) is true and
+    verb == "deploy"
+    and
+    ( dry_run | ansible.builtin.bool )
+    and
     wfo_router.router.vendor == "nokia"
 
+
+- name: Fail if there is any diff
+  ansible.builtin.fail:
+    msg: Base config drift detected!!!
+  when: >
+    output.changed | ansible.builtin.bool
+    and
+    is_verification_workflow | ansible.builtin.bool
+
+
 - name: Validation succeeded
   ansible.builtin.debug:
     msg: "Base config has been validated against the router and no syntax errors were found"
   when: >
-    verb == "deploy" and
-    ( dry_run | ansible.builtin.bool ) is true and
+    verb == "deploy"
+    and
+    ( dry_run | ansible.builtin.bool )
+    and
     wfo_router.router.vendor == "nokia"
 
 
@@ -58,14 +78,18 @@
   diff: true
   check_mode: false
   when: >
-    verb == "deploy" and
-    ( dry_run | ansible.builtin.bool ) is false and
+    verb == "deploy"
+    and
+    not ( dry_run | ansible.builtin.bool )
+    and
     wfo_router.router.vendor == "nokia"
 
 - name: PLEASE CHECK THE CONFIG ON THE BOX
   ansible.builtin.debug:
     msg: "Base config has been deployed, check on the router for the result"
   when: >
-    verb == "deploy" and
-    ( dry_run | ansible.builtin.bool ) is false and
+    verb == "deploy"
+    and
+    not ( dry_run | ansible.builtin.bool )
+    and
     wfo_router.router.vendor == "nokia"
diff --git a/geant/gap_ansible/roles/base_config/templates/routers/nokia/general.j2 b/geant/gap_ansible/roles/base_config/templates/routers/nokia/general.j2
index 703220a31e809f474c586e706aabf7927f41501f..f237ae55e9857aea7d6855f15e73643d6fd9e81a 100644
--- a/geant/gap_ansible/roles/base_config/templates/routers/nokia/general.j2
+++ b/geant/gap_ansible/roles/base_config/templates/routers/nokia/general.j2
@@ -5,7 +5,7 @@
     <contact alu:operation="replace">{{ nokia_system_contact }}</contact>
     <name alu:operation="replace">{{ short_hostname}}</name>
     <location alu:operation="replace">{{ nokia_snmp_location }}</location>
-    <load-balancing>
+    <load-balancing alu:operation="replace">
         <l4-load-balancing>true</l4-load-balancing>
         <lsr-load-balancing>lbl-ip-l4-teid</lsr-load-balancing>
         <system-ip-load-balancing>true</system-ip-load-balancing>
diff --git a/geant/gap_ansible/roles/base_config/templates/routers/nokia/qos/qos.j2 b/geant/gap_ansible/roles/base_config/templates/routers/nokia/qos/qos.j2
index 60e200cf88566a2478b8c3259e6c4a5cbf29c407..c942d4bf9fa574c21e498fb6e667087fe08c3b42 100644
--- a/geant/gap_ansible/roles/base_config/templates/routers/nokia/qos/qos.j2
+++ b/geant/gap_ansible/roles/base_config/templates/routers/nokia/qos/qos.j2
@@ -32,7 +32,7 @@
       {% endfor %}
     {% endfor %}
     </network-queue>
-    <network alu:operation="replace">    
+    <network alu:operation="replace">
     {% for net_pol in nokia_qos_network_policies %}
       <network-policy-name>{{ net_pol.name }}</network-policy-name>
       <description>{{ net_pol.description }}</description>
@@ -46,7 +46,7 @@
         <dscp>
           <dscp-name>{{ dscp.name}}</dscp-name>
           <fc>{{ dscp.fc }}</fc>
-          <profile>{{ dscp.profile }}</profile>              
+          <profile>{{ dscp.profile }}</profile>
         </dscp>
         {% endfor %}
         {% for lsp_exp in net_pol.ingress.lsp_exp %}
diff --git a/geant/gap_ansible/roles/base_config/templates/routers/nokia/router/router_base.j2 b/geant/gap_ansible/roles/base_config/templates/routers/nokia/router/router_base.j2
index 3639ef608c6232fe7cabe19df65d28b5902d8627..3bc40fc75ff24c68dafb000144c83c9b6da88e1c 100644
--- a/geant/gap_ansible/roles/base_config/templates/routers/nokia/router/router_base.j2
+++ b/geant/gap_ansible/roles/base_config/templates/routers/nokia/router/router_base.j2
@@ -20,10 +20,10 @@
                 </ipv6>
             </interface>
             <mpls-labels xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes" alu:operation="replace">
-                <static-label-range>9968</static-label-range>
+                <static-label-range>{{ mpls_labels.static_label_range }}</static-label-range>
                 <sr-labels>
-                    <start>10000</start>
-                    <end>19999</end>
+                    <start>{{ mpls_labels.sr_label_start }}</start>
+                    <end>{{ mpls_labels.sr_label_end }}</end>
                 </sr-labels>
             </mpls-labels>
             <mpls xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
diff --git a/geant/gap_ansible/roles/base_config/vars/main.yml b/geant/gap_ansible/roles/base_config/vars/main.yml
index 96c256c41a967f16547ca585255e283c76dc02cf..ab70cced0e51dcec43473b814e11dfbaccd06fab 100644
--- a/geant/gap_ansible/roles/base_config/vars/main.yml
+++ b/geant/gap_ansible/roles/base_config/vars/main.yml
@@ -1,5 +1,7 @@
 dry_run: "True"
 is_base_config_run: "True"
+is_verification_workflow: false
+
 verbs:
   - "compile"
   - "deploy"
diff --git a/geant/gap_ansible/roles/ibgp_update/tasks/deploy.yaml b/geant/gap_ansible/roles/ibgp_update/tasks/deploy.yaml
index 0cabfe6dbb1f1d2fb6a90692b0a529759f3030f0..26e38d191d059afd16e7b03f5268698d7df3383a 100644
--- a/geant/gap_ansible/roles/ibgp_update/tasks/deploy.yaml
+++ b/geant/gap_ansible/roles/ibgp_update/tasks/deploy.yaml
@@ -30,17 +30,19 @@
     commit: true
     validate: true
   diff: true
+  register: output
   check_mode: true
   when: >
     ( dry_run | ansible.builtin.bool ) is true and
     vendor == "nokia"
 
-- name: Validation succeeded
-  ansible.builtin.debug:
-    msg: "Base config has been validated against the router and no syntax errors were found"
+- name: Fail if there is any diff
+  ansible.builtin.fail:
+    msg: iBGP configuration drifted!!!
   when: >
-    ( dry_run | ansible.builtin.bool ) is true and
-    vendor == "nokia"
+    output.changed | ansible.builtin.bool
+    and
+    is_verification_workflow | ansible.builtin.bool
 
 
 - name: Update iBGP mesh ["{{ verb }}"] on "{{ inventory_hostname }}" [AND COMMIT][NOKIA]
diff --git a/geant/gap_ansible/roles/ibgp_update/tasks/main.yml b/geant/gap_ansible/roles/ibgp_update/tasks/main.yml
index 99c9c6152201dd45e73986d35e75a11e56a2850f..3fe519471853b89bc8fc816fc4d59809d9272695 100644
--- a/geant/gap_ansible/roles/ibgp_update/tasks/main.yml
+++ b/geant/gap_ansible/roles/ibgp_update/tasks/main.yml
@@ -29,7 +29,8 @@
 
 - name: Include PE into P tasks if selected
   ansible.builtin.include_tasks: add_pe_to_p.yaml
-  when: verb == "add_pe_to_p"
+  when: >
+    verb in [ "add_pe_to_p", "verify_p_ibgp" ]
 
 - name: Check status of iBGP on P router
   ansible.builtin.include_tasks: check_p_ibgp.yaml
diff --git a/geant/gap_ansible/roles/ibgp_update/templates/nokia/add_pe_to_p.j2 b/geant/gap_ansible/roles/ibgp_update/templates/nokia/add_pe_to_p.j2
index ef53ae4bfb7df21ac078204b0dd643e3ceedb384..2b9528d8b7b36c151c7fe877b15fdde5d42e4768 100644
--- a/geant/gap_ansible/roles/ibgp_update/templates/nokia/add_pe_to_p.j2
+++ b/geant/gap_ansible/roles/ibgp_update/templates/nokia/add_pe_to_p.j2
@@ -4,12 +4,12 @@
       <router-name>Base</router-name>
         <bgp>
           {% for pe_fqdn, pe_ipadd in pe_router_list.items() %}
-            <neighbor xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+            <neighbor xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes" alu:operation="replace">
               <ip-address>{{ pe_ipadd.lo4 }}</ip-address>
               <description>{{ pe_fqdn }}</description>
               <group>iGEANT-P-ONLY</group>
             </neighbor>
-            <neighbor xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes">
+            <neighbor xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes" alu:operation="replace">
               <ip-address>{{ pe_ipadd.lo6 }}</ip-address>
               <description>{{ pe_fqdn }}</description>
               <group>iGEANT6-P-ONLY</group>
diff --git a/geant/gap_ansible/roles/ibgp_update/templates/nokia/verify_p_ibgp.j2 b/geant/gap_ansible/roles/ibgp_update/templates/nokia/verify_p_ibgp.j2
new file mode 100644
index 0000000000000000000000000000000000000000..3c30bba2e56bf424f668e999a04a1ce04359f15d
--- /dev/null
+++ b/geant/gap_ansible/roles/ibgp_update/templates/nokia/verify_p_ibgp.j2
@@ -0,0 +1,51 @@
+
+<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:alu="urn:ietf:params:xml:ns:netconf:base:1.0">
+  <configure xmlns="urn:nokia.com:sros:ns:yang:sr:conf">
+    <router>
+      <router-name>Base</router-name>
+              <bgp xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes" alu:operation="replace">
+                <error-handling alu:operation="replace">
+                    <update-fault-tolerance>true</update-fault-tolerance>
+                </error-handling>
+                <local-as alu:operation="replace">
+                    <as-number>{{ geant_re_as_number }}</as-number>
+                </local-as>
+                <group alu:operation="replace">
+                    <group-name>iGEANT-P-ONLY</group-name>
+                    <admin-state>enable</admin-state>
+                    <next-hop-self>true</next-hop-self>
+                    <type>internal</type>
+                    <peer-as>{{ geant_re_as_number }}</peer-as>
+                    <capability-negotiation>true</capability-negotiation>
+                    <local-address>{{ subscription.router.router_lo_ipv4_address }}</local-address>
+                    <family>
+                        <mcast-ipv4>true</mcast-ipv4>
+                    </family>
+                </group>
+                <group alu:operation="replace">
+                    <group-name>iGEANT6-P-ONLY</group-name>
+                    <next-hop-self>true</next-hop-self>
+                    <type>internal</type>
+                    <peer-as>{{ geant_re_as_number }}</peer-as>
+                    <capability-negotiation>true</capability-negotiation>
+                    <local-address>{{ subscription.router.router_lo_ipv6_address }}</local-address>
+                    <family>
+                        <mcast-ipv6>true</mcast-ipv6>
+                    </family>
+                </group>
+              {% for pe_fqdn, pe_ipadd in pe_router_list.items() %}
+                <neighbor xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes" alu:operation="replace">
+                  <ip-address>{{ pe_ipadd.lo4 }}</ip-address>
+                  <description>{{ pe_fqdn }}</description>
+                  <group>iGEANT-P-ONLY</group>
+                </neighbor>
+                <neighbor xmlns="urn:nokia.com:sros:ns:yang:sr:conf" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nokia-attr="urn:nokia.com:sros:ns:yang:sr:attributes" alu:operation="replace">
+                  <ip-address>{{ pe_ipadd.lo6 }}</ip-address>
+                  <description>{{ pe_fqdn }}</description>
+                  <group>iGEANT6-P-ONLY</group>
+                </neighbor>
+              {% endfor %}
+            </bgp>
+    </router>
+  </configure>
+</config>
diff --git a/geant/gap_ansible/roles/ibgp_update/vars/main.yml b/geant/gap_ansible/roles/ibgp_update/vars/main.yml
index 554323f99447dc3cf5fc32ca23c72fd1119ab1bc..e118a3ef5d659ab367562d790c51cb4e3d68c389 100644
--- a/geant/gap_ansible/roles/ibgp_update/vars/main.yml
+++ b/geant/gap_ansible/roles/ibgp_update/vars/main.yml
@@ -1,10 +1,12 @@
 ---
 # vars file for ibg_update
 dry_run: "True"
+is_verification_workflow: false
 verbs:
   - add_pe_to_p # Adds all the existing PEs in the P-GROUP on the newly installed P
   - add_p_to_pe # Adds the newly installed P to the P-GROUP in all the existing PEs
   - check_p_ibgp
+  - verify_p_ibgp  # Validates the config of BGP stanza including neighbors
   - remove_p_from_pe # placeholder for future use | Removes the P that is going to be promoted to PE from the P-GROUP on all PEs
   - add_pe_to_pe # placeholder for future use | Adds the newly installed PE (could be an EX-P or a new PE) to the PE-GROUP on all the other PEs
   - add_new_pe_to_p # placeholder for future use | Adds the newly installed PE (could be an EX-P or a new PE) the P-GROUP on all the Ps