Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Multi Tenant

Hi experts!

Is there any way to connect different tenants, via F5, to a shared common services network without put in communication the tenants each other?

The idea is in the picture below:

Image Text

Thanks in advance!

Ciao!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

you could create a route domain for each VRF and put the shared zone in the default (parent) domain. Keeping the "strict isolation" enabled avoids a VRF-VRF communication.

About strict isolation

You can control the forwarding of traffic across route domain boundaries by configuring the strict isolation feature of a route domain:

  • If strict isolation is enabled, the BIG-IP system allows traffic forwarding from that route domain to the specified parent route domain only. This is the default behavior. Note that for successful isolation, you must enable the strict isolation feature on both the child and the parent route domains.

  • If strict isolation is disabled, the BIG-IP system allows traffic forwarding from that route domain to any route domain on the system, without the need to define a parent-child relationship between route domains. Note that in this case, for successful forwarding, you must disable the strict isolation feature on both the forwarding route domain and the target route domain (that is, the route domain to which the traffic is being forwarded).

1