Urgent: L2 deployment

Are 1.1 and 1.2 attached to the same VLAN, as defined on the BIG-IP? If they are not, then the BIG-IP should not switch traffic between them. Even if they are on a common VLAN, if there is a matching Virtual Server bound to the VLAN, that should handle the traffic (that is, the traffic should not be simply switched between interfaces).

In your diagram, you list a switch connected to 1.1 and a switch connected to 1.2. Naturally, if they are in fact the same switch (or are interconnected switches) and the client-side and server-side are on a common VLAN, then the traffic will never traverse the BIG-IP. I mean a topology like this:

    CLIENT      BIG-IP
      |           |
    SWITCH ---- SWITCH ---- PROXIES
                  |
                  + ---- FW

(where each "line" is a segment on the same VLAN as all other "lines").

If you want to ensure that the traffic is flowing through the BIG-IP at all, you can

tcpdump

• SOL6546: Recommended methods and limitations for running tcpdump on a BIG-IP system

You will naturally see any broadcast traffic (particularly ARP) and any flooded traffic (from switches that do not have a mac-forwarding entry), but should see unflooded unicast traffic on both 1.1 and 1.2 only if the BIG-IP is switching or forwarding.

Incidentally, what is your configuration for handling the client traffic? I would anticipate that you have a wildcard Virtual Server (0.0.0.0:80) listening on the client-side VLAN associated with a pool containing the proxies. I would further anticipate that it is a Standard Virtual Server and that it has address-translation enabled (by this I mean destination translation rather than source/SNAT translation).