Cisco Source Based Routing

Traditionally, packets are forwarded by routers based on the destination IP address within it's header. However, sometimes it is desirable to route packets based on the source IP address.

An example of when you might want to do this is if you have two WAN links. Say you own a coffee shop and want to offer your customers free WiFi. Your router may have a WAN link into your organisations MPLS network and another WAN link directly to the internet. You want any devices on the corporate network to have traffic sent to the MPLS WAN and any traffic from guest devices sent to the internet WAN.

The below diagram shows an example topology.

Corporate Subnet: 192.168.0.0 /24
Guest Subnet: 192.168.1.0 /24

We will be using Policy Based Routing (PBR) to achieve this goal, the required configuration to ensure that staff follows the green route to the Corporate MPLS and that the guests follow the red route to the Internet is as follows.

  • An access list for each route, within this access list you need to define the network ranges you wish to follow this route. In our example, we will have an access list for the MPLS route and another for the Internet route. You could rely on the default route and just use policy based routing for the second route but in this example I am going to configure policy based routing for both routes.
  • Create a route map to inspect the traffic and decide how it should be routed.
  • Apply the route map to the LAN interface of the router.
Branch_Router(config)#ip access-list standard ROUTE-TO-MPLS
Branch_Router(config-std-nacl)#permit 192.168.0.0 0.0.255.255
!
Branch_Router(config)#ip access-list standard ROUTE-TO-INTERNET
Branch_Router(config-std-nacl)#permit 192.168.1.0 0.0.255.255
!
Branch_Router(config)#route-map source-based-routing
Branch_Router(config-route-map)#match ip address ROUTE-TO-MPLS
Branch_Router(config-route-map)#set interface gigabitEthernet 0/1
Branch_Router(config-route-map)#match ip address ROUTE-TO-INTERNET
Branch_Router(config-route-map)#set interface gigabitEthernet 0/2
!
Branch_Router(config)#interface gigabitEthernet 0/0
Branch_Router(config-if)#ip policy route-map source-based-routing
!

That's it! Traffic entering the LAN interface on Gi0/0 will now be inspected using the route-map 'source-based-routing', the route map well first see if the IP address matches any entries in the 'ROUTE-TO-MPLS' access-list, if true, the exit interface for that traffic will be via Gi0/1 towards the corporate MPLS. If no match is found we will move onto the next statement in the route-map which will do the same checks for guest traffic.