Employee
CirrocumulusWe have a multi-tenant setup. We keep /common and route domain 0 as empty as possible. That keeps us from having any issues where clients can talk to each other without being directed through their respective firewalls.
If you are doing large scale multi-tenancy be aware there is a limit to the number of objects you can create in an F5. While doing scale testing we found that we could only get about 10,000 total objects created ( each VIP, pool, node, Irule, profile etc is an object ) before the F5 went tango uniform. This number of objects varies based on the resources your F5 has. ( Memory essentially ).
Also, we went with a single partition for Customer domains ( we manage them so no reason to split the admin partitions ) and put each customer in their own route domain. When creating a separate admin partition for each customer the bigip will create separate files. This is not a problem, except that when you save/load a config, it opens a file handle for every single file at once and attempts to write to every single file at once. The result is that we get massive I/O load on the F5 that brings everything to a crawl and at about 800 ( again on our particular pieces of hardware ) total admin partitions the system failed to return from the I/O load.
Hope this helps, sorry it's so wordy.
Jason