I’m currently testing this on a Cisco ISR 1100 series running IOS XE 17.x. It’s a lab setup mainly for experimenting with dual-ISP policies.

Yes, exactly. The same device handles normal traffic (browsing, streaming, downloads) along with gaming traffic. That’s why I’m trying to split flows across ISPs for better performance.

Yes, I can mark based on destination ports (UDP/TCP) used by games like PUBG, Free Fire, COD Mobile, etc. I’ve also seen players in communities like apkdazy.com share domain/IP lists for gaming traffic optimization — that’s been helpful for identifying patterns.

At the moment, NAT is configured with overload per ISP interface. I haven’t yet implemented NAT based on source IP ranges, but that’s something I’m considering if I want to dedicate a subnet for gaming devices only.

I’m currently testing this on a Cisco ISR 1100 series running IOS XE 17.x. It’s a lab setup mainly for experimenting with dual-ISP policies.

Yes, exactly. The same device handles normal traffic (browsing, streaming, downloads) along with gaming traffic. That’s why I’m trying to split flows across ISPs for better performance.

Yes, I can mark based on destination ports (UDP/TCP) used by games like PUBG, Free Fire, COD Mobile, etc. I’ve also seen players in communities like apkdazy.com share domain/IP lists for gaming traffic optimization — that’s been helpful for identifying patterns.

At the moment, NAT is configured with overload per ISP interface. I haven’t yet implemented NAT based on source IP ranges, but that’s something I’m considering if I want to dedicate a subnet for gaming devices only.

I remove solved from my previous post' it not correct to select solve for non meaning comments like ask config.

Anyway 

I need to see how you config PBR 

How you set the next-hop?

Do you use verify or not ?

Run debug ip policy 

Share also NAT config 

MHM

config PBR 

ip access-list extended GAME-TRAFFIC
permit udp any any range 27000 27100
permit udp any any eq 3074
permit udp any any range 6000 7000

route-map PBR-GAMING permit 10
match ip address GAME-TRAFFIC
set ip next-hop 203.0.113.1 ! ISP2 gateway (gaming traffic)

For now, I have not enabled verify-availability (track object), but I’m planning to test it with IP SLA so that if ISP2 goes down, the gaming traffic automatically falls back to ISP1.

Yes, I ran debug ip policy — it shows the ACL hits for my UDP ports, so I know gaming traffic is matching correctly.

NAT config

ip access-list standard LAN-USERS
permit 192.168.10.0 0.0.0.255

ip nat inside source list LAN-USERS interface GigabitEthernet0/1 overload ! ISP1
ip nat inside source list LAN-USERS interface GigabitEthernet0/2 overload ! ISP2

I got some IP/port references for gaming traffic from apkdazy.com which helped build my ACL.

Use set egress interface and check again.

MHM

It simple friend 

Ypu use next-hop

How router know that this Next-hop Ip is valid or not?

Remember you have defualt route 

So router even if egress interface is down it can recursive IP via default route 

This need 

1- use egress 

Or

2- use verify 

MHM

QoS: On my side I can prioritize UDP game ports, but like you said, once traffic hits the ISP network it’s out of my control unless they support QoS. Most residential ISPs don’t, so that explains why results are mixed.

Different public IPs: Yes, each ISP assigns a separate public IP, and I see exactly what you’re describing — when one ISP fails, game sessions drop because the server only recognizes the old IP.

Same public IP: That would definitely solve the issue, but realistically not possible here. I was actually looking at alternatives like running a VPN tunnel with a single public endpoint. I have seen some discussions in apkdazy gaming communities about using this kind of setup to mask ISP changes and reduce lag. Might be worth experimenting with.

---

@jennasmith wrote:

QoS: On my side I can prioritize UDP game ports, but like you said, once traffic hits the ISP network it’s out of my control unless they support QoS. Most residential ISPs don’t, so that explains why results are mixed.

 Often, where you most want ISP QoS is on their link to you, as that's often a bottleneck.

As an alternative, you can police lower priority inbound ISP traffic to somewhat guarantee your critical traffic always has the bandwidth it needs.  In theory, it seems a fine alternative.  In practice, your ingress policing is after the traffic has been sent down the link toward you, and as the ingress traffic can burst above the policed bandwidth, it doesn't actually guarantee the bandwidth you want it to, but to insure there is sufficient ingress bandwidth, you have to police at a much higher value to try to slow ingress traffic before it uses your critical bandwidth.

For example, say your ingress bandwidth was 10 Mbps, and you wanted to insure 1 Mbps for gaming traffic, to try to insure that, you may need, and probably will need, to police non gaming traffic higher than 9 Mbps.  Possibly much higher.  The disadvantage, of course, is you're policing traffic all the time, even when there's no real need to.  For example, if you're not running a gaming app, you wouldn't want to police at all.  (Actually, with an EEM script, you might be able to conditionally police only when there is gaming traffic.)

---

@jennasmith wrote:

Different public IPs: Yes, each ISP assigns a separate public IP, and I see exactly what you’re describing — when one ISP fails, game sessions drop because the server only recognizes the old IP.

---

Exactly!  For traffic that doesn't hold an actual session, like some web traffic, such a failure might have no to minimal impact.

---

@jennasmith wrote:

Same public IP: That would definitely solve the issue, but realistically not possible here. I was actually looking at alternatives like running a VPN tunnel with a single public endpoint. I have seen some discussions in apkdazy gaming communities about using this kind of setup to mask ISP changes and reduce lag. Might be worth experimenting with.

---

You could certainly try VPN, but I would expect performance to be even worse.  First, VPN usually is encrypted, which will add some lag.  Second, VPN may cause packet fragmentation, more lag.  Third, and perhaps worst of all, if using some VPN server, out on the Internet, you have the additional transit time to/from that site, which is unlikely, to be "in line" with the direct transit path between your client and the game server.  (I.e. rather than client<>game-server, client<>VPN-server<>game-server.)  Fourth, although the game server will see one IP, the VPN tunnel will likely see your ISP public IP, which negates the whole point. (Usually, the point of using a VPN, is to keep secret your traffic between you and the VPN server.  Like, if the ISP were to block some specific traffic, such traffic wouldn't be visible to the ISP, unless VPN server was in the ISP network.)

There certainly are aspects of this situation that I do not understand. But it seems that the issue is pretty clear. The advantage of using 2 ISP is clear - better performance for gaming traffic when it uses a different ISP connection than other traffic. But the disadvantage is also clear - when there is a problem with ISP2 then gaming traffic fails over to use ISP1 and now traffic arrives at the gaming server with a different IP. Unfortunately any realistic solution is not clear.

I had a client who had a similar situation (not related to gaming), they wanted to send some traffic using ISPA and other traffic using ISPB. Fortunately they had a Public  IP subnet which they could advertise to both ISP, and so failover worked for them. But that is not realistic for a home environment.