Restricting User Access per Route Domain

Hi Daren,

Did you see this post:

https://devcentral.f5.com/questions/use-cases-of-routing-domain-and-partition-57935

response by surgeon:

Partitions used to separate ans delegate administrative permissions. It has nothing common with route domains.

E.g. You have 2 admins and you have 2 vips. You want admin 1 to manage vip1 and has no access to vip2. Admin 2 need to manage vip2 and should not has access to manage vip1.

In that case you create 2 partitions and assigned deferent privileges for admins. Admin1 has full access to objects in partition1 and has no access to partition2 Asmin2 has full access to objects in partition2 and has no access to partition1 You create VIP1 under P1 and VIP2 under P2. Now you achieved your initial goals

Route domains are designed to create separate network segment where you can you same IP subnet as in other domains. Route domains has more common with VRF from routing point of view.

Let say due to some reason you have 2 customers/departments who uses the same IP subnet and you want big-ip to server requests coming from these subnets but you do not want customer1 access resources in subnet of customer2 and vice versa. In that case you create two route domains. You still can use the same subnet to create VIPs but traffic from subnet of customer1 will not be mixed with traffic from subnet of customer2

Partitions designed for administration purposes Route domains for routing purposes.

addtionnal information that can help you:

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-ip-routing-administration-11-2-0/2.html

let me know if you need more details.

regards