Forum Discussion
Route domain Question- Please help
We have two enviornment env-A and env-B which needs to configure in same F5 device which has LTM, GTM and AFM enabled. We are planning to implement different route domains for these two enviornment which is not sharing the routes.
- Since we have separate IP subnet for env-A and env-B, Do we need to mention %id on GTM and AFM to allow traffic?
- Env-A has all rules allowed for AFM and Env-B should be blocked and allow only for specefic IP address. Is it possible?
- Do we need different GTM listeners for different route domains?
-Freeky
- F5_Freek_243545Nimbostratus
I have GTM used to create www.myapp.com as wideip. This will be pointed to the LTM created in route domain 2.
But in the F5 documentation it says 'For systems that include both BIG-IP Local Traffic Manager (LTM) and BIG-IP Global Traffic Manager (GTM), you can configure route domains on internal interfaces only.'
What does it mean? Can't we have VIP configured with route domain 2 and add to GTM wide ip pool?
- Deep_287674Nimbostratus
Well as per my understanding we can create two separate route Domain One for F5 AFM and another for F5 GTM and % can be used to determine the particular route domain and separate the traffic.
- Chris_GrantEmployeeBear in mind that the GTM is handing out IP addresses to DNS resolvers which won't know anything about your route domains. So it doesn't make sense to have a route domain on a GMT object.
- F5_Freek_243545Nimbostratus
Thanks Brad. That helps a lot.
One more question.
My L3 router forwards traffic for 10.1.1.0/24 to F5. How does F5 decide which route domain to recieve the traffic if we are using the same subnet for both route domains?
- Brad_ParkerCirrusThe route domain will be determined by the VLAN the packet arrives on. A VLAN can only be part of one route domain, so whatever the VLAN it arrives on determines the route domain.
- Brad_ParkerCirrus
- Yes, you would need to use %id, unless you create partition for each and change the default route domain for the partition(
). That will automatically append the %id in the background for you so you don't have to worry about it provided you create the objects in the partition.tmsh modify auth partition env-A default-route-domain
- Yes, you can add policy to the route domain scope if you so wish.
- Only if you enable strict isolation on your route domains.
- Yes, you would need to use %id, unless you create partition for each and change the default route domain for the partition(
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com