if you run tcpdump, traffic flow should look like this.
192.168.204.8 is client
172.28.19.79 is virtual server
200.200.200.10 is selfip
200.200.200.101 is pool (server)
(1) client sends SYN to virtual server
(2) virtual server sends SYN+ACK to client
(3) client sends ACK to virtual server, so client-side's 3-ways handshake is completed.
(4) bigip (selfip) sends SYN to pool
(5) pool sends SYN+ACK to bigip
(6) bigip sends ACK to pool, so server-side's 3-ways handshake is completed.
[root@ve1023:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.19.79:80
ip protocol 6
}
[root@ve1023:Active] config b pool foo list
pool foo {
members 200.200.200.101:80 {}
}
[root@ve1023:Active] config b self 200.200.200.10 list
self 200.200.200.10 {
netmask 255.255.255.0
vlan internal
allow default
}
[root@ve1023:Active] config tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
(1) 01:05:56.745896 IP 192.168.204.8.49551 > 172.28.19.79.80: S 1485823336:1485823336(0) win 8192
(2) 01:05:56.745928 IP 172.28.19.79.80 > 192.168.204.8.49551: S 3652669928:3652669928(0) ack 1485823337 win 3780
(3) 01:05:56.749901 IP 192.168.204.8.49551 > 172.28.19.79.80: . ack 1 win 4410
(4) 01:05:56.749954 IP 200.200.200.10.49551 > 200.200.200.101.80: S 1586067383:1586067383(0) win 4380
(5) 01:05:56.750925 IP 200.200.200.101.80 > 200.200.200.10.49551: S 2303747747:2303747747(0) ack 1586067384 win 5840
(6) 01:05:56.750933 IP 200.200.200.10.49551 > 200.200.200.101.80: . ack 1 win 4380