F5 LTM VRF/ZONES

Question

Hi Team,&nbsp;
We are working in one Greenfield Implementation, where we are creating VRFs/Zones named Prod/Test/Dev into our setup(In routers/switches/Firewalls).&nbsp;
In every environment Prod/Test/Dev, we are advertising respective VLANs plus I am keeping one VIP segment too).&nbsp;
So, similarly we want to partition the BIGIP LTM too, we are using F5-BIG-LTM-2200S(Note the setup is small, so proposed model will suffice, so no vCMP supportive models are suggested).&nbsp;
Query:
1. How we will do that ? By Admin_Partitioning ? or do we also need to use Route-Domains ?&nbsp;
Regards
Parveez&nbsp;

jgranieri · Answer

I am more familiar with route domains.  so basically you should create additional route-domains which are essentially similar to Cisco VRF's.  You have the option to select strict-isolation which means the route domain routing table is exclusively used and if there is no match on a route it will use the default route within that RD.  You should assign a physical interface north/south of the F5 for each particular route domain.  basically you can duplicate VIP addressing on the F5.  if you need any more pointers with route-domains let me know.    If you are running 11.5 code and higher you can also use HA traffic-groups.  so each VS within in each route domain should be configured in a specific traffic-group.  that will allow that RD/Traffic-group to failover without impacting the other RD's.&nbsp;

Forum Discussion

F5 LTM VRF/ZONES

1 Reply

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Query on source IP preservation for syslog traffic through F5 virtual server

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS