Forum Discussion

Darren_374116's avatar
Darren_374116
Icon for Nimbostratus rankNimbostratus
Oct 10, 2018

Restricting User Access per Route Domain

Hi All, I have done some reading and see you can restrict user access per partition but we have an established LTM with Route Domains all in the 1 partition and now have been asked if we can restrict certain users access to certain Route Domains. Has anyone had to do something similar to this before?

 

Many Thanks Darren

 

1 Reply

  • Hi Daren,

     

    Did you see this post:

     

    https://devcentral.f5.com/questions/use-cases-of-routing-domain-and-partition-57935

     

    response by surgeon:

     

    Partitions used to separate ans delegate administrative permissions. It has nothing common with route domains.

     

    E.g. You have 2 admins and you have 2 vips. You want admin 1 to manage vip1 and has no access to vip2. Admin 2 need to manage vip2 and should not has access to manage vip1.

     

    In that case you create 2 partitions and assigned deferent privileges for admins. Admin1 has full access to objects in partition1 and has no access to partition2 Asmin2 has full access to objects in partition2 and has no access to partition1 You create VIP1 under P1 and VIP2 under P2. Now you achieved your initial goals

     

    Route domains are designed to create separate network segment where you can you same IP subnet as in other domains. Route domains has more common with VRF from routing point of view.

     

    Let say due to some reason you have 2 customers/departments who uses the same IP subnet and you want big-ip to server requests coming from these subnets but you do not want customer1 access resources in subnet of customer2 and vice versa. In that case you create two route domains. You still can use the same subnet to create VIPs but traffic from subnet of customer1 will not be mixed with traffic from subnet of customer2

     

    Partitions designed for administration purposes Route domains for routing purposes.

     

    addtionnal information that can help you:

     

    https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-ip-routing-administration-11-2-0/2.html

     

    let me know if you need more details.

     

    regards