For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Helena_101649's avatar
Helena_101649
Icon for Nimbostratus rankNimbostratus
May 28, 2013

Route Domains and Parent Domain

Hi, I want to setup a scenario similar to the one described in LTM Implementations manual chapter "Web Hosting Multiple Customers Using Route Domains", but with a third route domain which could fo...
config
design
Helena_101649's avatar
Helena_101649
Icon for Nimbostratus rankNimbostratus
Aug 06, 2015

Hi,

No, finally we dismiss the idea. We achived a sort of routing isolation between backends using differents Forwarings Virtual Servers for each VLAN, and restricting the inbound vlan to the Internet facing vlan. This is a simplified example:

VLAN1  
10.10.10.0 |   |
-----------|   |  VLAN_FRONT |          | 
           |LTM|-------------|Router    |-->  Outside
VLAN2      |   |  30.30.30.0 |30.30.30.1|          
20.20.20.0 |   |             |          | 
-----------|   |

ltm virtual /Common/FORWARDING_IN_VLAN1 {
    destination /Common/10.10.10.0:0
    ip-forward
    mask 255.255.255.0
    profiles {
        /Common/fastL4_NoReset { }
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vlans {
        /Common/VLAN_FRONT
    }
    vlans-enabled
}


ltm virtual /Common/FORWARDING_IN_VLAN2{
    destination /Common/20.20.20.0:0
    ip-forward
    mask 255.255.255.0
    profiles {
        /Common/fastL4_NoReset { }
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vlans {
       /Common/VLAN_FRONT
    }
    vlans-enabled
}


ltm virtual /Common/FORWARDING_OUT_VLAN1 {
    destination /Common/any:0
    ip-forward
    mask any
    profiles {
        /Common/fastL4_NoReset { }
    }
    rules {
        /Common/RUTAS_OUT_VLAN1
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vlans {
        /Common/VLAN_1
    }
    vlans-enabled
}
ltm virtual /Common/FORWARDING_OUT_VLAN2 {
    destination /Common/any:0
    ip-forward
    mask any
    profiles {
        /Common/fastL4_NoReset { }
    }
    rules {
        /Common/RUTAS_OUT_VLAN2
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vlans {
        /Common/VLAN_2
    }
    vlans-enabled
}


ltm rule /Common/RUTAS_OUT_VLAN1 {
    when CLIENT_ACCEPTED {
               node 30.30.30.1
}

ltm rule /Common/RUTAS_OUT_VLAN2 {
    when CLIENT_ACCEPTED {
               node 30.30.30.1
}

We use different iRules for outbound routing because actually we have more than one Internet facing network. All objects reside in partition Common. Next step will be to use vCMP to implement two different virtual LTMs, but we are not in a hurry since we don't have any issue with current configuration.

Regards