There are two types of self IP.
Static Self-IP: This is an address that the BIG-IP uses to identify itself on a given network/vlan. A vlan is then attached to one or more interfaces for connectivity.
Floating IP: This is a shared IP between two or more BIG-IP's to use in fail over scenarios. Each BIG-IP will still have it's own self-ip for presence on the network and then share a 3rd IP address that floats between active and passive systems.
More on that can be found on AskF5 here.
Now that you have BIG-IP talking on your network, you can create virtual servers that will be associated with the vlan you already created. The virtual server will use it's own IP and port assignment (or use a wild card * for all ports on an IP). Here is a link for the order of precedence that virtual servers will process traffic.
Now, here's where the self IP comes into play. IF you are proxying the connection, the virtual server will need a secure NAT (SNAT). This can be a single address or a pool of addresses that will reside on the destination network. If you chose Auto-snat it will use the self-ip of the BIG-IP on that particular vlan. Here's some documentation on how SNAT works.
Here's an example:
- BIG-IP Self IP - 10.1.10.10
- Virtual server - 10.1.10.20:443
- Pool Member - 10.1.10.25 - 30
- SNAT - Automap
- VLAN10 is defined
Traffic flow => incoming hits 10.1.10.20:443 > Uses Automap-SNAT on VLAN10 => BIG-IP Sends traffic out of 10.1.10.10 to pool member 10.1.10.25
This process allows you to have incoming and outgoing traffic on different vlans, networks, and interfaces. If I had two trunks defined I could have this scenario (which is common).
- External Network - VLAN10 (192.168.1.0 net) assigned to interface 1.1
- Internal Network - VLAN20 (10.1.0.0 net) assigned to interface 1.2
- BIG-IP Self IP 192.168.1.10 on VLAN10 (that self IP becomes BIG-IP's
address for that network)
- BIG-IP Self IP 10.1.0.10 on VLAN20 (BIG-IP now has 2 self-ips. One for each vlan)
- SNAT Pool Defined on VLAN20 (10.1.0.11,12,13)
- Virtual Server named sweetapp1 and listens on 192.168.1.100:443
- Web server pool - 10.1.0.50,51,52 (named webpool1)
- Virtual server sweetapp1 has VLAN10 and VLAN20 defined and uses the SNAT POOL for VLAN20. This way instead of using the self-ip on VLAN20, it will use address 11,12,13 for outbound traffic.
Here's the flow in this case (a very common two armed configuration):
Incoming Traffic => 192.168.1.100:443 => SNAT POOL => Oubound on 10.1.0.11 => web server 10.1.0.50.
Return traffic would be defined by your web servers gateway.
Here's some training related to standard virtual server setups that you could follow along to: F5 Application Delivery Controller Solutions
Here's also a quicker doc I wrote on setting up a basic two network lab in VMWare Fusion. The settings can be applied to any virtual environment though and you'll get the same outcome. I validated this on the current version of Fusion and it still applies. I keep it updated. Deploying F5 BIG-IP Virtual Edition On VMWare Fusion
Your last resource besides serverfault would be F5's DevCentral Community that will have BIG-IP related Q&A and articles.
This should get you started and if you have any questions lemme know.
Happy admining!
