Use cases of routing domain and partition

Route domains are primarily used where you need to use the same IP address space for separate environments, and control/restrict traffic flow between them.

 

This is useful for lab/test environments (as the address space can be the same as live), or for multi-tenanted environments.

 

Partitions used to separate ans delegate administrative permissions. It has nothing common with route domains.

 

E.g. You have 2 admins and you have 2 vips. You want admin 1 to manage vip1 and has no access to vip2. Admin 2 need to manage vip2 and should not has access to manage vip1.

 

In that case you create 2 partitions and assigned deferent privileges for admins. Admin1 has full access to objects in partition1 and has no access to partition2 Asmin2 has full access to objects in partition2 and has no access to partition1 You create VIP1 under P1 and VIP2 under P2. Now you achieved your initial goals

 

Route domains are designed to create separate network segment where you can you same IP subnet as in other domains. Route domains has more common with VRF from routing point of view.

 

Let say due to some reason you have 2 customers/departments who uses the same IP subnet and you want big-ip to server requests coming from these subnets but you do not want customer1 access resources in subnet of customer2 and vice versa. In that case you create two route domains. You still can use the same subnet to create VIPs but traffic from subnet of customer1 will not be mixed with traffic from subnet of customer2

 

Partitions designed for administration purposes Route domains for routing purposes.

 

Partition was first created to manage administrative roles.

 

In the real world, partitions are used to split configuration of different environnements even if there are managed by the same admin team.

 

Route domains are used to configure bigip interfaces and prevent routing.

 

You can use both features without the other but it’s recommended to use partition when using route domains to prevent the use of %rd in ip addresses.

 

VRF is nothing but RD in F5. There is no IP conflicts happen here.

 

Example. you have a two web servers, one at vlan100 and other at vlan200. let us say if you are using a firewall acting a default GW for F5 then for users in VLAN 100 return traffic should go via vlan100 interface in Firewall and for the same situation for vlan 200 users as well. if you do not use VRF (Route domains in F5) routing, then firewall will block return traffic from F5. So in this scenario we should use RD in F5 to solve this problem.

 

Cheers, Kommi