Can I use the SelfIP of an F5 device as a next hop for the switch for incoming traffic?
Basically from Client to F5, the traffic path would be Switch>F5 SelfIP>F5 VIP>F5 SelfIP>Backend.
This means that the point of entry and exit of request will be the F5 self IP 10.0.0.2
1. Switch to F5 (10.0.0.1>10.0.0.2)
2. SelfIP to VIP (10.0.0.1>203.x.x.x)
3. VIP to Backend via Gateway (203.x.x.x>10.0.0.1>Backend)
4. Reply of Backend (Backend>10.0.0.1>203.x.x.x)
5. Reply to client (10.0.0.2>10.0.0.1)
Is there any limitation to using this? Any feedback is greatly appreaciated
If I read this right, your deployment has "F5 on a stick" with a single network, correct?
In this case, I'd recommend a NAT translation on the VIP.
Speaking more in general terms, to achieve symmetric return you can either:
a - configure NAT on your Virtual Server (automap, for example, will use F5 selfIP on the outbound interface), or
b - you can configure your BE server to use F5 as its default Gateway. In this case, I'd recoommend using the Floating IP of your cluster so that it fails over to the currently active unit.
If your servers have F5 as a gateway, keep in mind that the F5 is a default deny device so any traffic in "outboud" direction must be explicitely allowed with a listener object. This means that you'd need to configure a forwarding-IP type Virtual Server with your "backend network" as explicit Source IP and 0.0.0.0/0:* (or anything more specific if it's better) as the destination network. For more control on this you should also enable VLANs on the VIP and only allow the BE VLAN as a source (this is best practice anyways).