Use internal virtual for ICAP forwarding into another route-domain
Hi everybody,
I'm currently facing the following challenge: I need to pass incoming requests for an http virtual to external AV scanners using ICAP. The ICAP servers are already defined as an ICAP pool with associated vip in one partition on my BigIP (being accessible for ICAP clients anywhere in the network).
Now I need to access the same ICAP vip/pool from another (http) virtual on the same BigIP using a request adapt profile. The clue: the http virtual is located in a different partition than the ICAP virtual and each partition uses an own (non-default) route domain for separation purposes.
To overcome this, I was thinking about a setup like depicted here: http://www.plantuml.com/plantuml/png/RLBBJiCm4BpxAqQzjrLpv83QYWiNL04tX2gtte15uWr-K2JKVoSsmQdYth8pwzdPpAwTbzQ7jX6TF7x8Dy9irmFQQpROO0dBmHCKjr8Rh6Ru4NsJyJZHOV-bkukgOsukIiEALfEw6cfjF5aZcxq-oYxBJF0iM11HIWm6CB_Dqt43HRKCZKTwc_5vRCgUhiBLA3YFU66n5xVq6SZvlLIoywBiA9ub5oLKDgQD37k2vmvSuwNaNmM0rFCk7Uvta4fPSYx2N2Exq0OfGZROOXdPnvJXtL-6bI2ZeiumyC3USrlCJ5ffP73ayFImUKRoNhEDQAs_IS5ni4VgpOoYvskNj9rUKZLUqkG6fj7d_LTJe18NVpw_AwvW95AkMQuWiknvc5HhIoVPDA8C0ul5IFz_H31lioQZGjly0W00
However, when trying to configure this, I immediately faced the first problem: internal servers always are created in route domain 0, regardless of the default route domain for the partition. Since there is no way to define the destination of an internal virtual, I also cannot override this by adding a %n suffix to the destination. Of course, I could create the internal ICAP vip and pool in the Common partition (thus using RD 0), but I do not have any IP addresses or routing configured in RD 0, so I cannot control how the traffic flow from the BigIP to the ICAP service would be (besides the fact that this would break my whole concept of having separate domains and partitions for sets of applications).
Maybe I'm misunderstanding the proper use of internal servers? Does anybody know a way to define internal virtuals outside route domain 0?
Do you have general objections in regard to the planned setup or any suggestions on how to do it instead? Any hints are welcome. Thanks in advance!
Martin