Okay, so we are in the process of moving our Self IP's off the F5's to the Cisco Switches in attempts to remove all the ARP traffic happening on the F5's. Well this opens up a conversation about SNAT (Source Network Address Translation)

The SNAT Automap feature selects a translation address from the available self IP address in the following order of preference:

• Floating self IP addresses on the egress VLAN
  
• Floating self IP addresses on different VLANs
  
• Non-floating self IP addresses on the egress VLAN
  
• Non-floating self IP addresses on different VLANs

The selection of a floating self IP as translation address on a VLAN other than the egress VLAN is intended to avoid disruption in an HA failover scenario. However, depending on the network routing configuration, selection of a self IP other than the egress VLAN may cause traffic disruption. F5 recommends that you ensure that you have configured floating self IP addresses on all VLANs from which you expect SNAT traffic to egress. Alternatively, you can mitigate the issue by using a SNAT pool with an IP address on the egress subnet VLAN as a member for the SNAT pool.

Important: SNAT Automap does not use non-floating self IP addresses that have been re-configured as floating self IP addresses. To convert a non-floating self IP address to become a floating self IP address for use with SNAT Automap, delete the non-floating self IP address first and then re-add the same self IP address as a floating self IP address. To delete the non-floating address from that VLAN, you must configure at least one other non-floating IP address on the associated VLAN.

Note: In BIG-IP 10.x, a floating self IP address is designated by selecting the Floating IP check box on the self IP address properties page. In BIG-IP 11.x, a floating self IP address is designated by selecting a floating Traffic Group on the self IP address properties page.

Here is a screenshot for reference (this isn't accurate but a work in progress to reference)

[attachment=0]Dev_SelfIPs.jpg[/attachment]

SNAT Automap uses the egress vlan interface ip. Utilizing a SNAT Pool, and attaching, you can control what IP this translates to.

For the Client->F5->Server, consider these scenarios:

Routed

Client source address goes to the server. Routes necessary back through BIG-IP on servers or servers gw

SNAT Automap

Client source is managed on BIG-IP, source is translated to self IP on egress interface heading toward servers. For servers needing source IP for reporting or decision processes, must insert in an application header or possibly in tcp options.

The shortest explanation is that "SNAT Automap" NATs the source IP of serverside traffic to the floating address of the egress interface of the LTM. The most common use-case is to force return traffic from servers to traverse the originating F5.

SNAT Pool

Client source is still managed on BIG-IP, but source is translated to an IP you configure and attach to the virtual server. I like this option because I can map external IP -> internal IP by application so I know what flows belong to what application on the inside of the organization/dmz as appropriate. If traffic isn't necessary to come back through the BIG-IP, can also snat to the original client's source IP.

REF Configuring BIG-IP LTM Manual on SNATS