Route Domains HA & Traffic Groups
Running Big-IP 17.5 on a pair of r4600's. On a pair of tenants, we're running a parent-child route domain setup. We're doing this not for IP overlap but for routing purposes. The virtual server addresses are in the default route domain which is the parent route domain. This is basically the "outside" vlan. The HA-Sync vlan is also here. Pool member are in the new child route domain, RD1. This is basically the "inside" vlan. All Self IPs for both route domains are in the same traffic groups (traffic-group-1 & traffic-group-local-only). Questions: HA: If we use the HA-Sync vlan and the self IP for the "inside" vlan, will we have any issue even though they exist in different route domains? Should I move the HA-Sync vlan to RD1? Traffic Groups: Is there an issue with all the self IPs from both route domains being in the same traffic groups? Thanks in advanced.How do you handle Route Domains?
Through time, I've solved a million unique issues with route domains, as they allow you to lock down portions of your network, but more importantly, they allow you to overlap IP addresses. Some people find them scary. To me, I find that a simple organization plan at the beginning helps me to get things situated. I'm looking to see how other people approach design here. Firstly, Route Domain 0 is special. I try to reserve that for 'on-box' communication, or critical data plane communication for services like DNS or upstream / downstream routes, depending on your use for the box, in general. I avoid putting any VIPs (besides SelfIPs or maybe a forwarding VS, if the need were there) on RD0 at all, as it is shared. If you think of your other route domains as 'tennants' of 0's 'host' services, you should succeed. Community, if you've got a second, I'd love to hear your thoughts on this. How do you feel about route domains? Do you use IP overlap? Why or why not?
Route domain / partition problem
We're having an ltm cluster running 14.1.4.1 and we have configured a number of route domains and partitions on it. All but one route domains have been separated from the Common partition and live in their own partition. The odd one seems to reside both in its own partition as well as in Common. As a number of virtual servers are active in this route domain (and are working fine), I'm reluctant to delete the partition and route domain, and start again from scratch. I've tried editing the bigip.conf and bigip_base.conf files for both the Common and this partition, taking another partition as a template. However, when I issue "load sys config verify" I get the following error message: 01070973:3: The specified route domain (66) does not exist for address (<ip address>%66). Unexpected Error: Loading configuration process failed. The first item to be defined in bigip_base.conf is the route domain with this very id... Any clues as to what's causing this?
Problem when attempting to route between two route domains.
Hello, I have this scenario A front-end vlan (vlan_one), belonging to Route Domain #1 A back-end vlan (vlan_two), belonging to Route Domain #2 Some virtual servers in between, to balance traffic from the front-end users to the back-end servers. Now, some administrators behind a firewall connected to the front-end (vlan_one) need to reach the back-end servers directly. So that routing between Routing Domains #1 & #2 should be enabled. How can I perform the routing between both Route Domains? I disabled the "strict isolation" on both Route Domains, plus within the Route Domain #1 (Front-End) I set the Route Domain #2 (Back-End) as his parent Domain. But the routing does not seems to work. Do you think this is the right way to do that? Or did I left something? Regards in advance.Problem when attempting to route between two route domains.
Hello, I have this scenario A front-end vlan (vlan_one), belonging to Route Domain #1 A back-end vlan (vlan_two), belonging to Route Domain #2 Some virtual servers in between, to balance traffic from the front-end users to the back-end servers. Now, some administrators behind a firewall connected to the front-end (vlan_one) need to reach the back-end servers directly. So that routing between Routing Domains #1 & #2 should be enabled. How can I perform the routing between both Route Domains? I disabled the "strict isolation" on both Route Domains, plus within the Route Domain #1 (Front-End) I set the Route Domain #2 (Back-End) as his parent Domain. But the routing does not seems to work. Do you think this is the right way to do that? Or did I left something? Regards in advance.Route Domain Traffic logs
Hi all, So, I have a question about checking for traffic coming through the BigIP. The customer has two route domains set up on their network, adding %1 & %2 on the respective networks. How would I capture the traffic coming into the BigIP, and the same traffic leaving, with the %1 or %2, attached to the IP address? I need to demonstrate to the customer what is happening to the traffic
vCMP route-domain issue
Having a strange issue. F5 is logically inline between a firewall and the servers. I attempted to migrate from a virtual edition to vCMP guest and ran into a few issues. The main issue I am struggling with is that the vCMP guest, configured with partitions and route-domains is not reachable on the server facing Self-IP from the client side. Code 12.1.2 Let's say we have 2 VLANs in one parition/route-domain. VLAN 10, 192.168.10.0/24 client facing VLAN 20, 192.168.20.0/24 server facing The route-domain in question has a default route with the gateway being a layer 3 VLAN on the firewall. The servers have a default gateway of the Floating Self-IP on the F5. Virtual Edition: VLAN 10 and VLAN 20 Self-IP addresses are pingable from user networks through the firewall F5 can ping servers in VLAN 10 from VLAN 10 Self-IP Users can ping servers in VLAN 10 through the firewall vCMP Guest: VLAN 10 Self IP addresses are pingable from the user networks through the firewall VLAN 20 Self IP addresses are unresponsive F5 can ping servers in VLAN 10 from VLAN 10 Self-IP Users CANNOT ping server in VLAN 10 through the firewall bigip.conf file objects were copied from Virtual Edition partition to vCMP guest partition. All bigip_base.conf objects were created manually. 4 partitions/route-domains in total each setup similarly, all have the same issue. Per F5 instructions: - inherited VLANs from host - deleted VLANs in guest - created route-domains - created partitions with appropriate route-domain set as default for partition - re-created VLANs inside appropriate paritions Not really sure where to begin. Probably should have restarted MCPD, but didn't get a chance before rollback. Am I missing something, or could it have just been an MCPD issue?Route domain Question- Please help
We have two enviornment env-A and env-B which needs to configure in same F5 device which has LTM, GTM and AFM enabled. We are planning to implement different route domains for these two enviornment which is not sharing the routes. Since we have separate IP subnet for env-A and env-B, Do we need to mention %id on GTM and AFM to allow traffic? Env-A has all rules allowed for AFM and Env-B should be blocked and allow only for specefic IP address. Is it possible? Do we need different GTM listeners for different route domains? -Freeky
Provide internet access for servers behind the LTM configured with 2 different route domains (Outside/Inside)
Hello everybody, Would you please help me provide internet access for one of my servers behind the LTM. I know how to do it without route domains but because of IPS Passthrough design I configured to different route domains. traffic from outbound (route domain outside) to inbound (route domain inside) is working fine but from inside to outside is not working. Any ideas appreciated.
