Table of Contents
In BIG-IP platform, Self IP term is associated with VLAN for each device. Each BIG-IP has a self-IP in a VLAN which is the IP defined on the interface. A self IP address represents an address space i.e. a range of IP addresses spanning the hosts in the VLAN and not only a single host address.
To simplify things, we can say that In Cisco terms, it is similar to SVI where we assign IP Address to VLAN.
Self IP Address in F5
Self IP Address in F5 LTM is used mainly for three purposes:
- F5 compares destination server IP address with VLAN self IP address to identify which VLAN it belongs to. Also, It is the source address when Automap SNATting.
- Self IP Address can also be used as the Default gateway for systems on an internal VLAN.
- Self IP Address is also used to send monitor probes to the group of servers in that VLAN.
For each VLAN where Self IP is created, the BIG-IP system automatically assigns a media access control (MAC) address. Another way is to globally configure the BIG-IP system to assign the same MAC address to all VLANs. This feature is useful if network includes a type of switch that does not keep a separate Layer 2 forwarding table for each VLAN on that switch.
Types of Self IP Addresses
There are 2 types of self IP addresses associated with F5 BIG-IP system:
“Static self IP address”
This IP address used BIG-IP system does not share with another BIG-IP system. IP address assigned to traffic group “traffic-group-local-only” is a static self IP address.
“Floating self IP address”
This IP address is shared between 2 BIG-IP systems. IP address assigned to traffic group “traffic-group-1” is a floating self IP address. floating selfip is like hsrp virtual ip. It will float to active unit when failover occurs.
Related- F5 LTM Interview Questions
FAQs
Q.1 What is the need of a Self IP?
It is needed for:
– The communication between the BIG-IP and servers or clients
– Load balancing traffic
– High Availability (HA) traffic between BIG-IP devices
– SNAT (Source NAT) operations like SNAT Auto Map
Q.2 What is the difference between a floating and static Self IP?
Floating Self IP is shared between active/standby devices in an HA pair. It moves to the active unit during failover and is used for traffic management.
Static Self IP on the other hand remains on a specific device. It is used for device-specific management or HA communication.
Q.3 Can I have multiple Self IPs on the same VLAN?
Yes, it is possible. Typically one floating Self IP and one/more static/non-floating Self IPs (e.g., for each device in a cluster).
Q.4 Can Self IPs be used as SNAT addresses?
Yes. When you use SNAT Auto Map, the BIG-IP uses a Self IP to perform source NAT.
Q.5 What happens if two devices in HA have the same Self IP?
Only static Self IPs should be identical per device (but on different physical units). Floating Self IPs must be unique per HA group, shared between them by the failover mechanism.
Q.6 Is it recommended to use Self IP for management access?
It’s better to use the Management IP (on the management interface) for admin access. However, you can use Self IPs for traffic-related and HA communication.
Q.7 Are Self IPs required for each VLAN?
Yes, to allow the BIG-IP to communicate over a VLAN, you need to assign a Self IP on that VLAN.
Q.8 What is Port Lockdown in Self IP configuration?
Port Lockdown determines which services (e.g., SSH, SNMP, HTTP) are accessible via the Self IP.
Allow All – Not recommended for security.
Allow Default – Allows common services (e.g., ping, SSH).
Allow None – Most secure; blocks all.
Custom – Manually specify allowed ports.
ABOUT THE AUTHOR
You can learn more about her on her linkedin profile – Rashmi Bhardwaj
