Applies To:

Show Versions Show Versions

Manual Chapter: Web Hosting for Multiple Customers using Route Domains
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

 
Using the route domains feature of the BIG-IP system, you can provide hosting service for multiple customers by isolating each type of application traffic within a defined address space on the network. This enhances security and dedicates BIG-IP resources to each application.
Implementing route domains also allows you to use duplicate IP addresses on the network, as long as each of the duplicate addresses resides in a separate route domain and is isolated on the network through a separate VLAN. For example, if you are processing traffic for two different customers, you can create two separate route domains. The same node address (such as 10.0.10.1) can reside in each route domain, in the same pool or in different pools, and you can assign a different monitor to each of the two corresponding pool members.
Using the remainder of this chapter, you can set up a basic configuration with two route domains. Before you follow the step-by-step procedure, however, you must gather the following information, for each customer (that is, each type of application traffic):
You must perform this procedure for each type of application traffic that you want to isolate within a route domain.
Note: To perform this procedure, you must have the Administrator or Resource Administrator user role assigned to your user account.
In this procedure, you use the System, Network, and Local Traffic navigation menus of the Configuration utility.
Important: The tables in the procedure show only those settings that you need to explicitly configure. Settings for which you can use the default values are not shown.
After you complete this procedure, each administrative partition contains one route domain, and the route domain in each partition is designated as the default route domain for the partition. With this configuration, you do not need to specify the %ID notation in any BIG-IP system addresses that you create.
a)
Expand System, click Users, and on the menu bar, click Partition List.
b)
Click the Create button, and specify values for these settings:

Type a unique name for the partition. The name should indicate the application to which the partition pertains, for example, partition_App_A.
Optionally, type a description of the partition, for example:
This partition contains BIG-IP objects for managing Application_A.
c)
Click Finished.
2.
Using the Partition list box on the upper-right portion of the Configuration utility screens, set the current partition to the partition that you created in step 1.
a)
Expand Network, and click VLANs.
b)
Click the Create button, and specify values for these settings:

In the Available box, click an interface number and use the Move button to move the number to the Tagged box.
Note: You can use the same interface for other VLANs later, as long as you always assign the interface as a tagged interface.
c)
Click Finished.
d)
Repeat steps 3b and 3c for the second VLAN. An example of a name for the second VLAN is internal_App_A.
b)
Click the Create button, and specify values for these settings:

Type a description of the route domain, for example:
This route domain pertains to Application_A.
Verify that the Strict Isolation box is checked.
Partition Default Route Domain
From the list, select Make this route domain the Partition Default Route Domain. Setting this value ensures that the %ID notation is not required in IP addresses for objects pertaining to this route domain.
c)
Click Finished.
a)
Expand Network, and click Self IPs.
b)
Click the Create button, and specify values for these settings:

From the VLAN list, select the first of the VLANs that you created in step 3.
c)
Click Finished.
d)
Repeat steps 5b and 5c. For the VLAN setting, select the second VLAN that you created in step 3.
a)
Expand Local Traffic, and click Pools.
b)
Click the Create button, and specify values for these settings:

c)
Click Finished.
a)
b)
Click the Create button, and specify values for these settings. For all other virtual server settings, you can use the default values.

Type: Choose a virtual server type, either Host or Network.
Address: Type an IP address for the virtual server.
Netmask: Type a netmask for the virtual server address.
Service Port: Select a service port from the list, or type a service port number.
c)
Click Finished.
a)
Expand Network, and click Routes.
b)
Click the Add button, and specify values for the following settings.

Select Route.
From the list, select either Use Gateway or Use VLAN. Depending on your selection, specify either a next-hop address or the internal VLAN you selected in step 3, respectively.
c)
Click Finished.
d)
Repeat steps 8b and 8c for each route that you add. Add one route for each pool member IP address.
You can also add a default route for this route domain. (Each route domain on the BIG-IP system can contain a default route.)
A good example of the use of traffic isolation on a network is an ISP that services multiple customers, where each customer deploys a different application. Figure 6.1 shows two route domain objects on a BIG-IP system, where each route domain corresponds to a separate customer and therefore resides in its own partition. Within each partition, the ISP created the network objects and local traffic objects required for that customers application (AppA or AppB).
The configuration in Figure 6.1 results in the BIG-IP system segmenting traffic for two different applications into two separate route domains. The routes for each applications traffic cannot cross route domain boundaries because cross-routing restrictions are enabled on the BIG-IP system by default. Figure 6.2 shows the resulting route isolation for AppA and AppB application traffic.
TMOS® Management Guide for BIG-IP® Systems
 
Chapter 13, Configuring Administrative Partitions
 
Chapter 14, Managing User Accounts
 
Chapter 8, Configuring VLANs and VLAN Groups
 
Chapter 12, Configuring Self IP Addresses
 
Chapter 7, Working with Interfaces
 
Chapter 11, Configuring Route Domains
 
Chapter 10, Configuring Routes
Configuration Guide for BIG-IP® Local Traffic ManagerTM
 
Chapter 2, Configuring Virtual Servers
 
Chapter 4, Configuring Load Balancing Pools
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)