Basic IP COnfiguration

From my understanding, your SELF-IP has to be assigned to a given VLAN configured on the F5. The VLAN can either be comprised of a F5 created trunk or single interface. That should allow you to force all traffic out through a single interface.

Our typical configuration consists of the VIP and Application servers all existing on the same subnet so you should be good there. Basically the client would connect to 10.1.1.15, the F5 would SNAT to 10.1.1.10, then talk to one of the pool members (i.e. App Server A or App Server B).

Regarding your question "Is it possible or is it a terrible practice for the backend servers, self IPs and VIP IP to all be in the same subnet? For example; App Server A 10.1.1.1 App Server B 10.1.1.2 F5 Self IP 10.1.1.10 VIP 10.1.1.15"

Ans:
You will have to use SNAT

Regarding Question "If this is possible, since all traffic is on the same subnet could we use a single NIC on the F5 for both incoming and outgoing traffic?"

Ans:
You can use tagged interface

For information check out this Guide

Our network team will most likely be setting the VLAN at the switch so we won't need to tag anything. See any issues there?

Also, an other newb question. Is it possible to have our two 10GIG ports each pointed at a different leaf switch for redundancy without creating a spanning tree loop? At that point we could do VLAN tagging...

That's fine but you need to specify which interface you want that traffic to come in/out of. When you add a SELF-IP to your F5, one of the required fields is called VLAN/Tunnel. It contains a drop-down list of all the VLANs and Tunnels available to use. Your SELF-IP 10.0.1.10 will need one assigned to it. You can create those in Network -> VLANs and give it an interface. Don't use two interfaces as it will cause a bridging loop without using LACP. If you have a networking team that handles this aspect, they should be able to give you that information about which VLAN is tied to your SELF-IP and which interfaces are assigned to that VLAN.

Within the F5, you cannot have two single interfaces within a given VLAN (created on the F5). You will need to put them in a F5 trunk (not the Cisco term) and configure for LACP mode. Then assign that F5 trunk to the appropriate F5 VLAN. Not sure about the switch capability but we use FEXs that do not allow for LACP across two separate appliances.

Not sure if that helps any.

That's very helpful actually. We should be able to do LACP between our leaf switches that it will be connecting to.

To confirm, if we port channel the 10GIG NICS or just use 1 single copper NIC, traffic can flow both in and out a single NIC or a port-channeled pair? How does that play in with the internal/external interface thing?

Thanks in advance!!!

Our networking team sets up the port channel on the switch side and configures it for the VLAN that we want (i.e. say VLAN 10) so we don't need to do tagging on the F5 side. We basically pick two F5 interfaces and create a F5 trunk called internal_trunk. Then we create an F5 VLAN called internal and assign the internal_trunk to it. Then we we create a Virtual Server, we have the ability to "enable on" and select the F5 VLAN called "internal". By setting it up that way, we can determine that the traffic will come in and out on the interfaces we designated to be used with our Virtual Server.