Applies To:

Show Versions Show Versions

Manual Chapter: Web Hosting Multiple Customers Using Route Domains
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Use of route domains to host multiple web customers on the BIG-IP system

Using the route domains feature of the BIG-IP system, you can provide hosting service for multiple customers by isolating each type of application traffic within a defined address space on the network. This enhances security and dedicates BIG-IP resources to each application.

Implementing route domains also allows you to use duplicate IP addresses on the network, as long as each of the duplicate addresses resides in a separate route domain and is isolated on the network through a separate VLAN. For example, if you are processing traffic for two different customers, you can create two separate route domains. The same node address (such as 10.0.10.1) can reside in each route domain, in the same pool or in different pools, and you can assign a different monitor to each of the two corresponding pool members.

A good example of the use of traffic isolation on a network is an ISP that services multiple customers, where each customer deploys a different application. The first illustration shows two route domain objects on a BIG-IP system, where each route domain corresponds to a separate customer, and thus, resides in its own partition. Within each partition, the ISP created the network objects and local traffic objects required for that customer's application (AppA or AppB).

The sample configuration results in the BIG-IP system segmenting traffic for two different applications into two separate route domains. The routes for each application's traffic cannot cross route domain boundaries because cross-routing restrictions are enabled on the BIG-IP system by default. The second illustration shows the resulting route isolation for AppA and AppB application traffic.

Illustration of sample BIG-IP configuration using route domains

Illustration of resulting route domain configuration

Task summary

Perform these tasks to host multiple web customers using route domains.

Task list

Creating an administrative partition

An administrative partition creates an access control boundary for users and applications.
  1. On the Main tab, expand System and click Users. The Users List screen opens.
  2. On the menu bar, click Partition List.
  3. Click Create. The New Partition screen opens.
  4. Name the partition. Names can contain only letters, numbers, and the underscore character.
  5. (Optional) Type a description in the Description field.
  6. For the Device Group setting, choose an action:
    Action Result
    Retain the default value. Choose this option if you want the folder corresponding to this partition to inherit the value of the device group attribute from folder root.
    Clear the check box and select the name of a device group. Choose this option if you do not want the folder corresponding to this partition to inherit the value of the device group attribute from folder root.
  7. For the Traffic Group setting, choose an action:
    Action Result
    Retain the default value. Choose this option if you want the folder corresponding to this partition to inherit the value of the traffic group attribute from folder root.
    Clear the check box and select the name of a traffic group. Choose this option if you do not want the folder corresponding to this partition to inherit the value of the traffic group attribute from folder root.
  8. Click Finished.
The new partition appears in the partition list.

Creating a VLAN with a tagged interface

When you create a VLAN with tagged interfaces, each of the specified interfaces can process traffic destined for that VLAN.
  1. On the Main tab, click Network > VLANs. The VLAN List screen opens.
  2. Click Create. The New VLAN screen opens.
  3. In the Name field, type a unique name for the VLAN. Names can contain only letters, numbers, and the underscore character.
  4. In the Tag field, type a numeric tag, from 1 to 4094, for the VLAN. Leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag. The VLAN tag identifies the traffic from hosts in the associated VLAN.
  5. For the Interfaces setting, click an interface number or trunk name in the Available list, and use the Move button to add the selected interface or trunk to the Tagged list. Repeat this step as necessary. You can use the same interface for other VLANs later, as long as you always assign the interface as a tagged interface.
  6. Select the Source Check check box if you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated.
  7. In the MTU field, retain the default number of bytes (1500).
  8. If you want to base redundant-system failover on VLAN-related events, check the Fail-safe box.
  9. Click Finished. The screen refreshes, and displays the new VLAN in the list.
The new VLAN appears in the VLAN list.

Creating a self IP address for a default route domain in an administrative partition

Prerequisite: Ensure that you have created an internal VLAN and an external VLAN on the BIG-IP system.
Using this procedure, you must create two self IP addresses on the BIG-IP system. One self IP address is associated with the internal VLAN, and the other is associated with the external VLAN. Self IP addresses enable the BIG-IP system and other devices on the network to route application traffic through the associated VLAN.
  1. On the Main tab, click Network > Self IPs.
  2. Click Create. The New Self IP screen opens.
  3. In the IP Address field, type an IP address. This IP address should represent the address space of the VLAN that you specify with the VLAN setting. Because the route domain that you previously created is the default route domain for the administrative partition, you do not need to append the route domain ID to this IP address. The system accepts IP addresses in both the IPv4 and IPv6 formats.
  4. In the Netmask field, type the network mask for the specified IP address.
  5. From the VLAN/Tunnel list, select the VLAN to associate with this self IP address. If creating a self IP address for an address space:
    • On the internal network, select the VLAN that is associated with an internal interface or trunk.
    • On the external network, select the VLAN that is associated with an external interface or trunk.
  6. Click Finished. The screen refreshes, and displays the new self IP address in the list.
The BIG-IP system has a self IP address that is associated with the internal or external network.

Creating a load balancing pool

You can a create load balancing pool (a logical set of devices, such as web servers, that you group together to receive and process traffic) to efficiently distribute the load on your server resources.
  1. On the Main tab, click Local Traffic > Pools. The Pool List screen opens.
  2. Click Create. The New Pool screen opens.
  3. In the Name field, type a unique name for the pool.
  4. For the Health Monitors setting, in the Available list, select a monitor type, and click << to move the monitor to the Active list.
    Tip: Hold the Shift or Ctrl key to select more than one monitor at a time.
  5. From the Load Balancing Method list, select how the system distributes traffic to members of this pool. The default is Round Robin.
  6. For the Priority Group Activation setting, specify how to handle priority groups:
    • Select Disabled to disable priority groups. This is the default option.
    • Select Less than, and in the Available Members field type the minimum number of members that must remain available in each priority group in order for traffic to remain confined to that group.
  7. Using the New Members setting, add each resource that you want to include in the pool:
    1. Either type an IP address in the Address field, or select a node address from the Node List.
    2. Type a port number in the Service Port field, or select a service name from the list.
    3. To specify a priority group, type a priority number in the Priority field.
    4. Click Add.
  8. Click Finished.
The load balancing pool appears in the Pools list.

Creating a virtual server

A virtual server represents a destination IP address for application traffic.
  1. On the Main tab, click Local Traffic > Virtual Servers. The Virtual Server List screen displays a list of existing virtual servers.
  2. Click the Create button. The New Virtual Server screen opens.
  3. Type a unique name for the virtual server.
  4. In the Destination setting, in the Address field, type the IP address you want to use for the virtual server. The IP address you type must be available and not in the loopback network.
  5. Type a port number in the Service Port field, or select a service name from the Service Port list.
  6. In the Resources area of the screen, from the Default Pool list, select a pool name.
The web customer now has a destination IP address on the BIG-IP system for application traffic.

Adding routes that specify VLAN internal as the resource

Prerequisite: You must set your current administrative partition to the partition in which you want a specific customer's configuration to reside.
You must add a route for each destination IP address pertaining to the route domain. A destination address in this case is typically a node address for a pool member.
  1. On the Main tab, click Network > Routes.
  2. Click Add. The New Route screen opens.
  3. From the Type list, select Route.
  4. In the Destination field, type the destination IP address in the route. As long as the relevant route domain is the default route domain in the current administrative partition, you do not need to append the route domain ID to this address.
  5. In the Netmask box, type the network mask for the destination IP address.
  6. From the Resource list, select Use VLAN. A VLAN represents the VLAN through which the packets flow to reach the specified destination.
  7. From the VLAN list, select Internal.
  8. At the bottom of the screen, click Finished.
The BIG-IP system now includes routes to the nodes in the load balancing pool for a specific route domain.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)