Manual Chapter : Common Elements for route domain tasks

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

Common Elements for route domain tasks

Ensure that you have at least one VLAN configured before you create a route domain.
If you have a BIG-IP DNS on your network, and your network has multiple route domains, ensure that virtual server discovery (autoconf) is disabled on the server you are configuring, because virtual server discovery does not discover translation IP addresses.
You can create a route domain on a BIG-IP system to segment (isolate) network traffic on your network.
  1. On the Main tab, click
    Network
    Route Domains
    .
    The Route Domain List screen opens.
  2. In the Name column, click the name of the relevant route domain.
  3. In the Name column, click
    0
    .
  4. Click
    Create
    .
    The New Route Domain screen opens.
  5. In the
    Name
    field, type a name for the route domain.
    This name must be unique within the administrative partition in which the route domain resides.
  6. In the
    ID
    field, type an ID number for the route domain.
    This ID must be unique on the BIG-IP system; that is, no other route domain on the system can have this ID.
    An example of a route domain ID is
    1
    .
  7. In the
    Description
    field, type a description of the route domain.
    For example:
    This route domain applies to application traffic for Customer A.
  8. For the
    Strict Isolation
    setting, select the
    Enabled
    check box to restrict traffic in this route domain from crossing into another route domain.
  9. From the
    Parent ID
    list, select a parent ID.
  10. For the
    Parent Name
    setting, retain the default value.
  11. For the
    VLANs
    setting, from the
    Available
    list, select a VLAN name and move it to the
    Members
    list.
    Select the VLAN that processes the application traffic relevant to this route domain.
    Configuring this setting ensures that the BIG-IP system immediately associates any self IP addresses pertaining to the selected VLANs with this route domain.
  12. For the
    VLANs
    setting, from the
    Available
    list, select a VLAN name and move it to the
    Members
    list.
    The VLANs you select should be those pertaining to the customer for which you are creating this route domain.
    For example, you can select VLANs
    ext_custA
    and
    int_custA
    .
  13. For the
    VLANs
    setting, from the
    Available
    list, select
    external
    and move it to the
    Members
    list.
  14. For the
    VLANs
    setting, move the
    external
    and
    internal
    VLANs from the
    Available
    list, to the
    Members
    list.
    Configuring this setting ensures that the BIG-IP system immediately associates any self IP addresses pertaining to the selected VLANs with this route domain.
  15. For the
    Dynamic Routing Protocols
    setting, from the
    Available
    list, select one or more protocol names and move them to the
    Enabled
    list.
    You can enable any number of listed protocols for this route domain.
  16. From the
    Bandwidth Controller
    list, select a static bandwidth control policy to enforce a throughput limit on traffic for this route domain.
  17. From the
    IP Intelligence Policy
    list, select an IP Intelligence policy to enforce on this route domain.
  18. In the
    Connection Limit
    field, type the maximum number of concurrent connections allowed for the route domain. Setting this to
    0
    turns off connection limits. The default is
    0
    .
  19. From the
    Eviction Policy
    list, select an eviction policy to apply to this route domain.
  20. From the
    Partition Default Route Domain
    list, retain the default value,
    Another route domain (0) is the Partition Default Route Domain
    .
    Retaining the default value designates route domain
    0
    as the default route domain for the current administrative partition.
  21. From the
    Partition Default Route Domain
    list, select
    Make this route domain the Partition Default Route Domain
    .
    With this setting, you can designate this route domain to be the default route domain for the current administrative partition.
  22. From the
    Partition Default Route Domain
    list, select
    Make this route domain the Partition Default Route Domain
    .
    This value designates this route domain to be the default route domain for the current administrative partition.
    The
    Partition Default Route Domain
    setting appears only when the current partition is set to a partition other than
    Common
    .
    After choosing this value, you are not required to append the route domain ID to any self IP or virtual IP address that you create later for this route domain. Instead, the BIG-IP system automatically associates an IP address with the default route domain in the partition, as long as you set this partition to be the current partition when you create the address.
  23. From the
    Partition Default Route Domain
    list, select either
    Another route domain (0) is the Partition Default Route Domain
    or
    Make this route domain the Partition Default Route Domain
    .
    This setting does not appear if the current administrative partition is partition
    Common
    .
    When you configure this setting, either route domain
    0
    or this route domain becomes the default route domain for the current administrative partition.
  24. To enforce rules from a firewall policy on the route domain: in the Network Firewall area: from the
    Enforcement
    list, select
    Enabled
    and then select the firewall policy to enforce from the
    Policy
    list.
  25. To enforce any inline rules that apply to the route domain, and not apply a firewall policy: in the Network Firewall area, from the
    Enforcement
    list, select
    Inline Rules
    .
  26. To stage rules from a firewall policy on the route domain: in the Network Firewall area, from the
    Staging
    list, select
    Enabled
    and then select the firewall policy to stage from the
    Policy
    list.
  27. On the Main tab, click
    Security
    .
    The Route Domain Security screen opens.
  28. From the Network Address Translation list, select the NAT policy to apply to route domain traffic.
    When a NAT policy is specified on a more specific context, that policy is applied. For example, a NAT policy on a route domain takes precedence over a global policy, and a policy on a virtual server takes precedence over a route domain policy.
  29. Click
    Finished
    .
    The system displays a list of route domains on the BIG-IP system.
  30. Click
    Finished
    .
    The system displays a list of route domains on the BIG-IP system, including the new route domain.
  31. Click the
    Repeat
    button.
    The Configuration utility saves the new route domain, and you can now create another route domain.
  32. Click
    Update
    .
    The system displays the list of route domains on the BIG-IP system.
  33. Locate the
    Partition
    list in the upper right area of the BIG-IP Configuration utility screen, to the left of the
    Log out
    button.
  34. From the
    Partition
    list, select the partition in which you want to create local traffic objects.
  35. From the
    Partition
    list, confirm or select partition
    Common
    .
The BIG-IP system has one or more route domains for isolating traffic on the network.