Forum Discussion

rade5_74503's avatar
rade5_74503
Icon for Nimbostratus rankNimbostratus
Aug 10, 2015

Cisco ACE Contexts

Hi

 

We have a Cisco ACE blade environment that consists of various contexts i.e prod, dev, uat. We are thinking or moving to F5.

 

Is it possible to recreate these contexts in an F5 environment, and how?

 

Thank you

 

cisco

3 Replies

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Aug 10, 2015

    Hi,

     

    The Cisco context is done by multiple features in F5:

     

    • Route Domains to define a independent routing table (with assigned VLANs)
    • Partitions to allow administrators to manage only some parts of configuration.

    In your configuration, you can define following configuration

     

    • Prod Route domain defined as default route domain of Prod Partition and assigned Prod VLANs
    • Dev Route domain defined as default route domain of Dev Partition and assigned Dev VLANs
    • UAT Route domain defined as default route domain of UAT Partition and assigned UAT VLANs
  • Vsevolod_Petrov's avatar
    Vsevolod_Petrov
    Icon for Cirrostratus rankCirrostratus
    Aug 10, 2015

    Hi,

     

    As described by Stanislas you can have logical administrative Partitions and route domains. This allows to have different routing tables and access.

     

    But there's another feature called VCMP.

     

    In case you want to completely isolate your environments you should take a look at the higher models starting BIG-IP 5250v.

     

    With VCMP if you have a ddos in Prod environment it wouldn't affect other environments because each VCMP instance (guest) has its own dedicated resources (from host system).

     

    • gaspol33_275602's avatar
      gaspol33_275602
      Icon for Nimbostratus rankNimbostratus
      Jun 30, 2016
      Hi, I'm still trying to understand route domains. If the goal is to segregate networks/traffic, how is creating route domains different from creating vlans within different partitions? Wouldn't this achieve the same thing - vlan A can only be used by partition A users, vlan B can only be used by partition B users, etc.?