i thought bridge mode you said is something like this.
4 Installing a BIG-IP System without Changing the IP Network
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementation/sol_vlans.html
as looking at your diagram, i think routed mode is more sense.
In routed mode, if VIP sits on the external VLAN range, i understand it but if its sits directly on internet IP which is not part of external VLAN range, then is it a normal deployment design suggested by F5? i am sorry i might not catch you. anyway, what i want to say is virtual server is able to be listening on any ip range on any vlan. definitely, you are able to enable virtual server on specific vlan.
e.g.
[root@B3600-R66-S41:Active] config tmsh list ltm virtual bar
ltm virtual bar {
destination 2.2.2.10:http
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
http { }
tcp { }
}
vlans {
external
}
vlans-enabled
}
if traffic is able to reach virtual server, it is fine. for example, you may have virtual server listening on 3.3.3.3:80 (which does not belong to any vlan) on internal vlan. if client on internal vlan sends request to 3.3.3.3:80 and it can reach bigip (for example, client's default gateway is bigip), bigip will load balance it.