Nimbostratus
Employee
On Option 1, you would need to SNAT to deal with the routing (whether iRule based, SNATs configured on each virtual, or just a global SNAT). Whether this is a drawback depends on how critical it is that your servers "see" the original client source IP instead of the SNAT address. If it's all HTTP traffic, it's pretty easy to insert an X-Forwarded-For header and configure the servers to log that. For other traffic it's more difficult to get the original client IP into server logs. Again, you may or may not consider this an issue.
Option 2 is less than ideal due to the need to configure loopback interfaces on every application server, so it can become quite difficult to scale with large numbers of servers. It can also make it very difficult to troubleshoot issues since you can only "see" the inbound traffic via tcpdump on the F5.
Option 3 is, as you say, the "classic" way to do it, but you are correct that having backup traffic, mgmt traffic, etc (non-lb stuff) traverse the F5 tends to add load with not much benefit.
I would probably recommend option 1 unless you have real heartburn about losing visibility to the client IP in server logs.
Denny