Hi Piet,
yes go forward with this design, there are no security issues known to me yet (works like VRFs on Cisco devices).
For a better overview of all you configurations, please create an own partition for each route domain, then you will see only the affected items of each route domain and you don't need to put the %1 or %2 behind each IP-address (very recommended!!!).
Things you need to know with the current route domain implementation:
- IPv6 is NOT possible, because the route domains will internally mapped to IPv6 addresses
- telnet or ssh on the command line will only work with such a IPv6 address (there is an article how to create this address from the IPv4 address)
- if you are using iRules, you need to keep track of this %1 stuff as well
- naming of configuration items still must be different in both partitions/route domains
We are using route domains for several customer environments and have good experiences with it so far.
Ciao Stefan :)