Applies To:

Show Versions Show Versions

Manual Chapter: Working with Route Domains
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

What is a route domain?

A route domain is a configuration object that isolates network traffic for a particular application on the network.

Because route domains segment network traffic, you can assign the same IP address or subnet to multiple nodes on a network, provided that each instance of the IP address resides in a separate routing domain.

Note: Route domains are compatible with both IPv4 and IPv6 address formats.
Important: For systems that include both BIG-IP Local Traffic Manager (LTM) and BIG-IP Global Traffic Manager (GTM), you can configure route domains on internal interfaces only.

Benefits of route domains

Using the route domains feature of the BIG-IP system, you can provide hosting service for multiple customers by isolating each type of application traffic within a defined address space on the network.

With route domains, you can also use duplicate IP addresses on the network, provided that each of the duplicate addresses resides in a separate route domain and is isolated on the network through a separate VLAN. For example, if you are processing traffic for two different customers, you can create two separate route domains. The same node address (such as 10.0.10.1) can reside in each route domain, in the same pool or in different pools, and you can assign a different monitor to each of the two corresponding pool members.

Sample partitions with route domain objects

This illustration shows two route domain objects on a BIG-IP system, where each route domain corresponds to a separate customer, and thus resides in its own partition. Within each partition, the customer created the network objects and local traffic objects required for that customer's application (AppA or AppB).
sample partitions with route domains Sample partitions with route domains

Sample route domain deployment

A good example of the use of route domains is a configuration for an ISP that services multiple customers, where each customer deploys a different application. In this case, the BIG-IP system isolates traffic for two different applications into two separate route domains. The routes for each application's traffic cannot cross route domain boundaries because cross-routing restrictions are enabled on the BIG-IP system by default.
sample route domain deployment A sample route domain deployment

About route domain IDs

A route domain ID is a unique numerical identifier for a route domain. You can assign objects with IP addresses (such as self IP addresses, virtual addresses, pool members, and gateway addresses) to a route domain by appending the %ID to the IP address.

The format required for specifying a route domain ID in an object’s IP address is A.B.C.D%ID, where ID is the ID of the relevant route domain. For example, both the local traffic node object 10.10.10.30%2 and the pool member 10.10.10.30%2:80 pertain to route domain 2.

The BIG-IP system includes a default route domain with an ID of 0. If you do not explicitly create any route domains, all routes on the system pertain to route domain 0.

Important: A route domain ID must be unique on the BIG-IP system; that is, no two route domains on the system can have the same ID.

Traffic forwarding across route domains

You can create a parent-child relationship between two route domains, and configure strict isolation, to control the extent to which the BIG-IP system can forward traffic from one route domain to another.

About parent IDs

When you create a route domain, you can specify the ID of another route domain as the parent route domain. The parent ID identifies another route domain that the system can search to find a route if the system cannot find the route within the child route domain.

For example, using the BIG-IP Configuration utility, suppose you create route domain 1 and assign it a parent ID of 0. For traffic pertaining to route domain 1, the system looks within route domain 1 for a route for the specified destination. If no route is found, the system searches the routes in route domain 0.

By default, if the system finds no route in the parent route domain, the system searches the parent route domain’s parent, and so on, until the system finds either a match or a route domain with no parent. In the latter case, the system refrains from searching any other route domains to find a match, thus preventing the system from using a route from another route domain.

You can disable this behavior on a route domain.

About strict isolation

You can control the forwarding of traffic across route domain boundaries by configuring the strict isolation feature of a route domain:

  • If strict isolation is enabled, the BIG-IP system allows traffic forwarding from that route domain to the specified parent route domain only. This is the default behavior. Note that for successful isolation, you must enable the strict isolation feature on both the child and the parent route domains.
  • If strict isolation is disabled, the BIG-IP system allows traffic forwarding from that route domain to any route domain on the system, without the need to define a parent-child relationship between route domains. Note that in this case, for successful forwarding, you must disable the strict isolation feature on both the forwarding route domain and the target route domain (that is, the route domain to which the traffic is being forwarded).

About default route domains for administrative partitions

The route domains feature includes the concept of default route domains, to minimize the need for you to specify the %ID notation. When you designate a route domain as the default route domain in a partition, any BIG-IP system objects in that partition that do not include the %ID notation in their IP addresses are automatically associated with the default route domain.

The default route domain for partition Common

The BIG-IP system, by default, includes one route domain, named route domain 0. Route domain 0 is known as the default route domain on the BIG-IP system, and this route domain resides in administrative partition Common. If you do not create any other route domains on the system, all traffic automatically pertains to route domain 0.

If you want to segment traffic into multiple route domains, you can create additional route domains in partition Common and then segment application traffic among those route domains. Any BIG-IP addresses that do not include the route domain ID notation are automatically associated with the default route domain.

Note: Any VLANs that reside in partition Common are automatically assigned to the default route domain.

The default route domain for other partitions

For administrative partitions other than Common, you can create a route domain and designate it as a partition default route domain. A partition can contain one partition default route domain only.

The benefit of having a partition default route domain is that when you create objects such as a virtual server and pool members within that partition, you do not need to specify the ID of that default route domain within the addresses for those objects. For example, if you create a partition default route domain with an ID of 2 in partition A, the system automatically assigns any partition A object IP addresses without a route domain ID to route domain 2.

If no partition default route domain exists within the partition, the system associates those addresses with route domain 0 in partition Common.

About VLANs and tunnels for a route domain

You can assign one or more VLANs, VLAN groups, or tunnels to a route domain. The VLANs, VLAN groups, or tunnels that you assign to a route domain are those pertaining to the particular traffic that you want to isolate in that route domain. Each VLAN, VLAN group, or tunnel can be a member of one route domain only.

When you assign a VLAN group to a route domain, the BIG-IP system automatically assigns the VLAN group members to the route domain.

Please note the following facts:

  • If you delete a VLAN group from the system, the VLAN group members remain assigned to the route domain.
  • If a VLAN is assigned to a non-default route domain and you delete that route domain, the BIG-IP system automatically assigns the VLAN to the default route domain for that partition.
  • When you create VLANs, VLAN groups, and tunnels, the BIG-IP system automatically assigns them to the default route domain of the current partition. You can change this assignment when you create other route domains in the partition.

About advanced routing modules for a route domain

For each route domain that you configure, you can enable one or more dynamic routing protocols, as well as the network protocol Bidirectional Forwarding Detection (BFD). Use of dynamic routing and BFD for route domain 0 or any other route domain is optional.

About throughput limits on route domain traffic

When you configure more than one route domain on the BIG-IP system, the traffic from one particular route domain can potentially consume an inordinate amount of BIG-IP system resource. To prevent this, you can define the amount of BIG-IP system resource that traffic for each route domain can consume.

You do this by assigning a different throughput limit to each route domain. This throughput limit is defined in a bandwidth controller policy. For example, for route domain 1, you can assign a static bandwidth controller policy that specifies a throughput limit of 10 Gbps, while for route domain 2, you can assign a static bandwidth controller policy that specifies a throughput limit of 20 Gbps. When you assign a different bandwidth controller policy to each route domain, traffic for one route domain does not cross the boundary into another route domain on the system.

Important: The BIG-IP system applies a bandwidth controller policy to a route domain's egress traffic only, that is, the traffic that a server within a particular route domain sends back through the BIG-IP system on its way to the client on the public network. A bandwidth controller policy is not applied to traffic coming from the public network to the route domain on the internal network.

Creating a route domain on the BIG-IP system

Before you create a route domain:
  • Ensure that an external and an internal VLAN exist on the BIG-IP system.
  • If you intend to assign a static bandwidth controller policy to the route domain, you must first create the policy. You can do this using the BIG-IP Configuration utility.
  • Verify that you have set the current partition on the system to the partition in which you want the route domain to reside.
You can create a route domain on BIG-IP system to segment (isolate) traffic on your network. Route domains are useful for multi-tenant configurations.
  1. On the Main tab, click Network > Route Domains. The Route Domain List screen opens.
  2. Click Create. The New Route Domain screen opens.
  3. In the Name field, type a name for the route domain. This name must be unique within the administrative partition in which the route domain resides.
  4. In the ID field, type an ID number for the route domain. This ID must be unique on the BIG-IP system; that is, no other route domain on the system can have this ID.
  5. In the Description field, type a description of the route domain. For example: This route domain applies to traffic for application MyApp.
  6. For the Strict Isolation setting, select the Enabled check box to restrict traffic in this route domain from crossing into another route domain.
  7. For the Parent Name setting, retain the default value.
  8. For the VLANs setting, from the Available list, select a VLAN name and move it to the Members list. Select the VLAN that processes the application traffic relevant to this route domain. Configuring this setting ensures that the BIG-IP system immediately associates any self IP addresses pertaining to the selected VLANs with this route domain.
  9. For the Dynamic Routing Protocols setting, from the Available list, select one or more protocol names and move them to the Enabled list. You can enable any number of listed protocols for this route domain. This setting is optional.
  10. From the Bandwidth Controller list, select a static bandwidth control policy to enforce a throughput limit on traffic for this route domain.
  11. From the Partition Default Route Domain list, select either Another route domain (0) is the Partition Default Route Domain or Make this route domain the Partition Default Route Domain. This setting does not appear if the current administrative partition is partition Common. When you configure this setting, either route domain 0 or this route domain becomes the default route domain for the current administrative partition.
  12. Click Finished. The system displays a list of route domains on the BIG-IP system.
You now have another route domain on the BIG-IP system.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)