Forum Discussion
CirrostratusRoute Domains
I see a very old post on how secure route domains are
How safe are route domains? | DevCentral
I want to understand in this kind of deployment should we be aware of any issues or is it a good idea wrt security to use routedomain for DMZ? If anyone has deployed DMZ in route domain, what issues have you seen? What are the Pros and Cons if GTM is deployed?
We have used route domains for many customers at an MSP that I worked for and it always ended up being more of an issue for the customer in the long run. I recommend against using route domains if you can avoid it.
5 Replies
- Juergen_Mang
MVP
My answer is simple: Do not use it if you can avoid it. Different F5 Clusters for different zones is usually the best design. Many designs with Route Domains do not require it really because of the "Auto Last Hop" feature enabled by default.
InquisitiveMaiIf it is just LTM, Route domains are okay to use? If GTM is involved, it best not to use route domains?
- Juergen_Mang
Try to not use it at all
- Jeff_Granieri
Employee
Route domains depend upon on your use-case and need. I would avoid route leaking in route-domains, that kind of defeats the purpose of isolating the routing. A route domain should be used to essentially carve a non-vCMP capable BIG-IP and forcing usage on specific gateways/network links and creating a separate failover traffic-group. Route domains are just like a VRF. IMO I don't see value using it for GTM. I used it exclusively in a Trading environment to separate Internet traffic from Colo Traffic within a BIG-IP and it performed flawlessly.
- Paulius
We have used route domains for many customers at an MSP that I worked for and it always ended up being more of an issue for the customer in the long run. I recommend against using route domains if you can avoid it.
