Collapsed DMZ/Internal Infrastructure design

Hi Olayinka-F5LB, I'm sure others will weigh in as well, but it ultimately comes down to security policy requirements on what isolation means from physical and logical separation. A vcmp-enabled system would allow you to achieve logical isolation within a share physical asset. Otherwise, you could achieve routing isolation within a non-vcmp system using route domains. It comes down to policy, and then design/ownership/roles of responsibility on changes so shared systems don't inadvertently compromise your zones. If the behaviors of your organization concern you on achieving that, I'd recommend keeping dmz/internal cleanly separated. Note this is my opinion, not an official F5 position on that.

I have to agree with Jason, this is a policy discussion more than a technical one.  As he points out there are many ways to achieve traffic isolation. What a collapsed architecture does not do is provide fault domain isolation and that "line in the sand" of a network cable that seperates external, dmz, internal networks.   The other caveat is if you are in a regulated industry you need to account for your auditor and how they will consider a collapsed DMZ architecture.