F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

fluzocapacitor's avatar
fluzocapacitor
Icon for Cirrus rankCirrus
Jun 08, 2025

Delayed connection when traffic crosses router domains in F5 BIG-IP

Hi everyone, I'm experiencing an issue with F5 BIG-IP involving multiple router domains and would appreciate any insight. We’ve recently moved some VLANs into a separate router domain (RD2) on our ...
application delivery
fluzocapacitor's avatar
fluzocapacitor
Icon for Cirrus rankCirrus
Jun 08, 2025

Thanks for the detailed explanation — we’ll test your suggestions with explicit routes and forwarding virtual servers between route domains.

That said, I’m still puzzled by one thing:
If the F5 doesn’t have a valid route between RD2 and RD0, how is it even able to eventually send the response back at all? I would expect the traffic to consistently fail or time out immediately, since the device shouldn’t know how to reach the destination in another route domain.

Yet, in our case, it delays for 10–15 seconds and then succeeds. Could the F5 be falling back to some kind of indirect routing or trying multiple options before failing over to a default behavior?

Also, just to give more context — we introduced multiple route domains on the F5 because previously all servers were in a single VRF on the upstream router. We’ve now segmented them into multiple VRFs, and within these new VRFs, some servers use the F5 as their default gateway, while others route through the firewall.

Thanks again for your help — any insight into how the F5 is even partially succeeding without explicit inter-RD routing would be great to understand.

VishnuGatla's avatar
VishnuGatla
Icon for Cumulonimbus rankCumulonimbus
Jun 08, 2025

When the F5 receives traffic that it doesn’t know how to route (for example, from RD2 to RD0 with no explicit route), it will attempt to resolve the next hop using ARP (for IPv4) or Neighbor Discovery (for IPv6) and if there’s no immediate route or ARP entry, the F5 will send ARP requests and wait for a response. During this time, the connection is held open, and the client may experience a delay.

If you want traffic to flow between route domains, you need to do two things:

  1. Disable Strict Isolation:
    Go to Network > Route Domains in the BIG-IP Configuration Utility, select each route domain you want to communicate, and uncheck the “Strict Isolation” box. You must do this on both the source and destination route domains.
  2. Set Up Explicit Routes and Forwarding Virtual Servers:
    • Add static routes in each route domain that point to the other, using the correct route domain notation (for example, 10.0.0.0%2 for RD2).
    • Create a forwarding (IP) virtual server in each route domain. This allows the BIG-IP to pass traffic between the domains, acting as a bridge.

Here is an article: