About Policy Based Routing
Traditional routing is destination-based, meaning packets are routed based on destination IP address. However, it is difficult to change the routing of specific traffic in a destination-based routing system. With Policy Based Routing (PBR), you can define routing based on criteria other than destination network—PBR lets you route traffic based on source address, source port, destination address, destination port, protocol, or a combination of these.
Policy Based Routing can implement QoS by classifying and marking traffic at the network edge, and then using PBR throughout the network to route marked traffic along a specific path. This permits routing of packets originating from different sources to different networks, even when the destinations are the same, and it can be useful when interconnecting several private networks.
Some applications of policy based routing are:
1. Equal-Access and Source-Sensitive Routing
2. Quality of Service
3. Cost Saving
4. Load Sharing
Equal-Access and Source-Sensitive Routing - The below is an example of allowing internet access to ISP 1 or ISP 2 based source IPs.
Configuration Example:
In this setup, I am having two inside subnets to access internet via different outside interfaces.
debug policy-route
object network LanSubnet1_192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network LanSubnet2_192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network LanSubnet1_192.168.1.0
nat (LanSubnet1,outside1) dynamic interface
object network LanSubnet2_192.168.2.0
nat (LanSubnet2,outside2) dynamic interface
access-list LanSubnet1_internet extended permit ip 192.168.1.0 255.255.255.0 any
access-list LanSubnet2_internet extended permit ip 192.168.2.0 255.255.255.0 any
route-map PBR-MAP permit 10
match ip address LanSubnet1_internet
set interface OUTSIDE1 // this is not mandatory
set ip next-hop x.x.x.x
route-map PBR-MAP permit 20
match ip address LanSubnet2_internet
set interface OUTSIDE2 // this is not mandatory
set ip next-hop y.y.y.y
route-map PBR-MAP permit 30
set interface null0
interface GigabitEthernet0/0
name-if LanSubnet1
policy-route route-map PBR-MAP
interface GigabitEthernet0/1
name-if LanSubnet2
policy-route route-map PBR-MAP
route OUTSIDE1 0 0 <ISP 1> 1
route OUTSIDE2 0 0 <ISP 2> 2
Debug Commands
debug policy-route