Applies To:Show Versions
BIG-IP Link Controller
Overview: Use of route domains to host multiple web customers on the BIG-IP system
Using the route domains feature of the BIG-IP system, you can provide hosting service for multiple customers by isolating each type of application traffic within a defined address space on the network. This enhances security and dedicates BIG-IP resources to each application.
Using route domains, you can also use duplicate IP addresses on the network, provided that each of the duplicate addresses resides in a separate route domain and is isolated on the network through a separate VLAN. For example, if you are processing traffic for two different customers, you can create two separate route domains. The same node address (such as 10.0.10.1) can reside in each route domain, in the same pool or in different pools, and you can assign a different monitor to each of the two corresponding pool members.
A good example of the use of traffic isolation on a network is an ISP that services multiple customers, where each customer deploys a different application. The first illustration shows two route domain objects on a BIG-IP system, where each route domain corresponds to a separate customer, and thus, resides in its own partition. Within each partition, the ISP created the network objects and local traffic objects required for that customer's application (AppA or AppB).
The sample configuration results in the BIG-IP system segmenting traffic for two different applications into two separate route domains. The routes for each application's traffic cannot cross route domain boundaries because cross-routing restrictions are enabled on the BIG-IP system by default. The second illustration shows the resulting route isolation for AppA and AppB application traffic.
Illustration of sample BIG-IP configuration using route domains
Perform these tasks to host multiple web customers using route domains.
Creating an administrative partition
- On the Main tab, expand System and click Users. The Users List screen opens.
- On the menu bar, click Partition List.
- Click Create. The New Partition screen opens.
- In the Name field, type a unique name for the partition. An example of a partition name is app1_partition.
- Type a description of the partition in the Description field. This field is optional.
For the Device Group setting, choose an action:
Action Result Retain the default value. Choose this option if you want the folder corresponding to this partition to inherit the value of the device group attribute from folder root. Clear the check box and select the name of a device group. Choose this option if you do not want the folder corresponding to this partition to inherit the value of the device group attribute from folder root.
For the Traffic Group setting, choose an action:
Action Result Retain the default value. Choose this option if you want the folder corresponding to this partition to inherit the value of the traffic group attribute from folder root. Clear the check box and select the name of a traffic group. Choose this option if you do not want the folder corresponding to this partition to inherit the value of the traffic group attribute from folder root.
- Click Finished.
Creating a VLAN with a tagged interface
- On the Main tab, click The VLAN List screen opens. .
- Click Create. The New VLAN screen opens.
- In the Name field, type a unique name for the VLAN.
- In the Tag field, type a numeric tag, from 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag. The VLAN tag identifies the traffic from hosts in the associated VLAN.
- For the Interfaces setting, click an interface number or trunk name from the Available list, and use the Move button to add the selected interface or trunk to the Tagged list. Repeat this step as necessary. You can use the same interface for other VLANs later, if you always assign the interface as a tagged interface.
- If you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated, select the Source Check check box.
- In the MTU field, retain the default number of bytes (1500).
- From the Configuration list, select Advanced.
- If you want to base redundant-system failover on VLAN-related events, select the Fail-safe box.
- From the Auto Last Hop list, select a value.
- From the CMP Hash list, select a value.
- To enable the DAG Round Robin setting, select the check box.
- Click Finished. The screen refreshes, and displays the new VLAN from the list.
Creating a self IP address for a default route domain in an administrative partition
- On the Main tab, click The Self IPs screen opens. .
- Click Create. The New Self IP screen opens.
- In the IP Address field, type an IP address. This IP address should represent the address space of the VLAN that you specify with the VLAN setting. Because the route domain that you previously created is the default route domain for the administrative partition, you do not need to append the route domain ID to this IP address. The system accepts IP addresses in both the IPv4 and IPv6 formats.
- In the Netmask field, type the network mask for the specified IP address.
From the VLAN/Tunnel list, select the VLAN to associate
with this self IP address.
- On the internal network, select the VLAN that is associated with an internal interface or trunk.
- On the external network, select the VLAN that is associated with an external interface or trunk.
- Click Finished. The screen refreshes, and displays the new self IP address.
Creating a route domain on the BIG-IP system
- Ensure that an external and an internal VLAN exist on the BIG-IP system.
- If you intend to assign a static bandwidth controller policy to the route domain, you must first create the policy. You can do this using the BIG-IP Configuration utility.
- Verify that you have set the current partition on the system to the partition in which you want the route domain to reside.
- On the Main tab, click The Route Domain List screen opens. .
- Click Create. The New Route Domain screen opens.
- In the Name field, type a name for the route domain. This name must be unique within the administrative partition in which the route domain resides.
- In the ID field, type an ID number for the route domain. This ID must be unique on the BIG-IP system; that is, no other route domain on the system can have this ID.
- In the Description field, type a description of the route domain. For example: This route domain applies to traffic for application MyApp.
- For the Strict Isolation setting, select the Enabled check box to restrict traffic in this route domain from crossing into another route domain.
- For the Parent Name setting, retain the default value.
- For the VLANs setting, from the Available list, select a VLAN name and move it to the Members list. Select the VLAN that processes the application traffic relevant to this route domain. Configuring this setting ensures that the BIG-IP system immediately associates any self IP addresses pertaining to the selected VLANs with this route domain.
- For the Dynamic Routing Protocols setting, from the Available list, select one or more protocol names and move them to the Enabled list. You can enable any number of listed protocols for this route domain. This setting is optional.
- From the Bandwidth Controller list, select a static bandwidth control policy to enforce a throughput limit on traffic for this route domain.
- From the Partition Default Route Domain list, select either Another route domain (0) is the Partition Default Route Domain or Make this route domain the Partition Default Route Domain. This setting does not appear if the current administrative partition is partition Common. When you configure this setting, either route domain 0 or this route domain becomes the default route domain for the current administrative partition.
- Click Finished. The system displays a list of route domains on the BIG-IP system.
Creating a load balancing pool
- On the Main tab, click The Pool List screen opens. .
- Click Create. The New Pool screen opens.
- In the Name field, type a unique name for the pool.
For the Health Monitors setting, in the
Available list, select a monitor type, and click
<< to move the monitor to the
Tip: Hold the Shift or Ctrl key to select more than one monitor at a time.
- From the Load Balancing Method list, select how the system distributes traffic to members of this pool. The default is Round Robin.
For the Priority Group Activation setting, specify how
to handle priority groups:
- Select Disabled to disable priority groups. This is the default option.
- Select Less than, and in the Available Members field type the minimum number of members that must remain available in each priority group in order for traffic to remain confined to that group.
Using the New Members setting, add each resource that
you want to include in the pool:
- Type an IP address in the Address field.
- Type a port number in the Service Port field, or select a service name from the list.
- To specify a priority group, type a priority number in the Priority Group Activation field.
- Click Add.
- Click Finished.
Creating a virtual server
- On the Main tab, click The Virtual Server List screen opens. .
- Click the Create button. The New Virtual Server screen opens.
- In the Name field, type a unique name for the virtual server.
- For the Destination setting, in the Address field, type the IP address you want to use for the virtual server. The IP address you type must be available and not in the loopback network.
- In the Service Port field, type a port number or select a service name from the Service Port list.
- In the Resources area of the screen, from the Default Pool list, select a pool name.
Configuring route advertisement for a virtual address
- On the Main tab, click The Virtual Address List screen opens. .
- In the Name column, click the virtual address for which you want to advertise a route. This displays the properties of that virtual address.
- Verify that the ARP field is selected.
From the Advertise Route list, choose one of these options:
Option Description When any virtual server is available Specifies that the system advertises a route for this virtual IP address whenever any virtual server associated with this virtual IP address is available. When all virtual servers(s) are available Specifies that the system advertises a route for this virtual IP address whenever all virtual servers associated with this virtual IP address is available. Always Specifies that the system always advertises a route for this virtual IP address.
- For the Route Advertisement setting, select the box. This makes it possible for the BIG-IP system to advertise this virtual IP address when you have enabled any dynamic routing protocols.
- Click Update.
- Repeat this task for each virtual address for which you want to advertise a route.
Adding routes that specify VLAN internal as the resource
- On the Main tab, click .
- Click Add. The New Route screen opens.
- In the Name field, type a unique user name. This name can be any combination of alphanumeric characters, including an IP address.
- In the Destination field, type either the destination IP address for the route, or IP address 0.0.0.0 for the default route. This address can represent either a host or a network. Also, if you are using the route domains and the relevant route domain is the partition default route domain, you do not need to append a route domain ID to this address.
- In the Netmask field, type the network mask for the destination IP address.
- From the Resource list, select Use VLAN/Tunnel. A VLAN represents the VLAN through which the packets flow to reach the specified destination.
- From the VLAN list, select Internal.
- At the bottom of the screen, click Finished.