I wanted to ask this question since I hadn't seen a definitive answer for v11.x.
In a Data Group List of IP's, when route domains are in use, is it required to denote the route domain suffix (%x) for each IP/network? Should I leave it off?
Looks like in v10.x this did not work. See: https://devcentral.f5.com/questions/ip-address-based-classes-support-routing-domains-in-v101.
Well, after posting my question, I realized I could test this. I set up a lab config, and here's what I found out:
v11 will take both with and without the route domain suffix. I suspect that WITH the Route domain the entry is more specific. Some environments utilize route domains to allow for duplicate address spaces and prevent IP conflicts. In that kind of situation, I can see where supplying the rd suffix would be helpful.
FWIW, I'm running Big-IP v11.4.1 HF2
in TMOS v11.5.5 (base; no hotfix) the route domain suffix may be added to the datagroup entry (address%rd-suffix).
With a class match using "equals" comparison the route domain information seems to be ignored.
It seems to match the IP address and mask information only.
This may cause problems with overlapping IP ranges.
This behaviour is documented here: https://support.f5.com/csp/article/K12301
K12301: The 'class' iRules command does not honor route domain specifications within an IP class