difference between self-ip and internal-facing vip

A virtual server is an IP address plus port e.g. 80. A self IP is associated to a vlan/interface and how the traffic gets to the hosts on that vlan. Hope that's a useful explanation. N

Not necessarily, depends on where the f5 sits in your network. If using snat on the vs then that could be the case. This will explain better than I can:http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-4-0/13.htmlconceptid

Just to add, a VS can exist on multiple VLANs, a self-IP cannot.

There is a good solution on AskF5 on this subject. Please check SOL3475 for details.

A self IP is beeing used as:

• next hop to locally attached networks (local routing tables are automatically based on it),* source IP for healthchecks (both machines in a device group will use them to send out monitors),
• if defined as a floating self IP it may act as a next hop for incoming datagrams to get routed to destinations on or behind the BIG-IP,
• may be used for inband management and serves as reference point for heartbeat, mirroring and config sync (make sure to disable unnecessary services via PortLockDown),
• can be reached from associated ingress VLAN only,
• in case of 'self IP' will belong to traffic group 'traffic-group-local-only' and never be moved to another device in the group,
• in case of 'floating self IP' will belong to a traffic group i.e. 'traffic-group-1' along with some virtual addresses and can be moved between devices,
• will be stored in /config/bigip_base.conf or in /config//bigip_base.conf.

Instead a virtual server acts as a reference point to handle traffic:

• on all enabled / not disabled VLANs,* depending on assigned protocol, destination IP or network address, assigned profiles, iRules and pools,
• may get reached through a self IP which acts as next hop in case the virtual IP is not associated with the IP address range of the ingress VLAN,
• will be stored in /config/bigip.conf or in /config//bigip.conf