For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brad_146558's avatar
Brad_146558
Icon for Nimbostratus rankNimbostratus
Aug 04, 2016

Route Domains and VLANs

I'm starting a project to separate our F5 into 3 different route domains. One for DMZ, Prod and Non-Prod as I started the planning and sorting what virtual servers would go into what route domains I ...
application delivery
LTM
security
ekaleido_26616's avatar
ekaleido_26616
Icon for Cirrocumulus rankCirrocumulus
Aug 04, 2016

You can have the virtuals reside in route domain 0 and put the various pool members into separate route domains and establish parent-child route domain relationships. I don't know that route domains is what you really want to do though. Think of them like a VRF. They're not so much a security measure (just like routing isn't a security measure).

 

Brad_146558's avatar
Brad_146558
Icon for Nimbostratus rankNimbostratus
Aug 04, 2016

Route Domains were a compromise with our security team, they really don't like the fact that we only have 1 F5 and when we put in our routes originally to separate the traffic we ran into some asymmetrical routing issues. The idea behind implementing route domains was to get us past the routing issue and allow us to route specific traffic over certain routes to make sure that DMZ traffic never touches Prod traffic and etc.

 

I know the whole thing sounds a little crazy and the way we originally had it setup worked just fine, but security didn't like it.