In the last two topics in this series, I discussed a bit about what iControl is from a marketing perspective and how the various components of iControl fit together.  In this article, I will go over the taxonomy of the iControl API explaining the various categories (or Modules in dev speak), what their functions are, and what types of applications you could build using those interfaces.

The components in the iControl API fall into one of three types:

  • Module - A module is a logical container for a group of interfaces and object types.  These are typically segmented by products or major system categories.
  • Interface - A interface is a logcal container for a group of methods and object types.
  • Object - A object can be either a method, enumeration, constant or a structure.

An example would be the get_list() method in the Pool Interface in the LocalLB module: LocalLB::Pool::get_list().  Some objects are shared across interfaces and thus are contained within a Module.  An example of this would be the EnabledState enumeration in the Common module - Common::EnabledState.

The following list contains the high level classification of the iControl API as of version 9.4.2:

  • Common
  • ASM
    • Policy, WebApplication, & WebApplicationGroup
  • GlobalLB
    • Application, DataCenter, Globals, Link, Monitor, Pool, PoolMember, Region, Rule, Server, Topology, VirtualServer, & WideIP
  • LocalLB
    • Class, Monitor, NAT, NodeAddress, Pool, PoolMember, ProfileAuth, ProfileClientSSL, ProfileDNS, ProfileFTP, ProfileFastHttp, ProfileFastL4, ProfileHttp, ProfileHttpClass, ProfileIIOP, ProfileOneConnect, ProfilePersistence, ProfileRTSP, ProfileSCTP, ProfileServerSSL, ProfileStream, ProfileTCP, ProfileUDP, ProfileUserStatistic, ProfileXML, RAMCacheInformation, RateClass, Rule, SNAT, SNATPool, SNATPoolMember, SNATTranslationAddress, VirtualAddress, & VirtualServer
  • LTConfig
    • Class & Field
  • Management
    • CCLDAPConfiguration, CRLDPConfiguration, CRLDPServer, ChangeControl, DBVariable, EventNotification, EventSubscription, KeyCertificate, LDAPConfiguration, LicenseAdministration, Named, OCSPConfiguration, OCSPResponder, Partition, RADIUSConfiguration, RADIUSServer, ResourceRecord, SNMPConfiguration, TACACSConfiguration, UserManagement, View, Zone, & ZoneRunner
  • Networking
    • ARP, AdminIP, Interfaces, PacketFilter, PacketFilterGlobals, PortMirror, RouteTable, STPGlobals, STPInstance, SelfIP, SelfIPPortLockdown, Trunk, VLAN, and VLANGroup
  • System
    • ConfigSync, Connections, Failover, Inet, Internal, Services, SoftwareManagement, Statistics, & SystemInfo

Common - The Common module is a place for, well, Commonly shared things.  There are no interfaces here, just a bunch of shared structures, enumerations, aliases, and exceptions.

ASM - The ASM (or Application Security Module) module is new with BIG-IP v9.4.2.  In it you will find the interfaces dealing with Policy and Web Application management.

GlobalLB - The GlobalLB module (aka Global Traffic Manager, or just plain old GTM) is for management of multi-datacenter deployments.  Think of it as DNS on steroids.

LocalLB - Good old LocalLB (aka Local Traffic Manager, or LTM for short) has been around since the beginning of time in BIG-IP land.  Anything dealing with local traffic managment such as Server Pools, Virtual Servers, iRules, SNATs, NATs, and Data Groups can be configured and monitored with these interfaces.

LTConfig - Another newbee with BIG-IP v9.4.2 is the LTConfig module.  LTConfig, as if you didn't know, stands for Loosely Typed Configuration.  The LTConfig initiative is one in which we are going toward more consolidated configuration formats for internal data.  Historically BIG-IP has had several configuration files that are needed to backup and restore the entire device. LTConfig will help you manage everything that is Loosely Typed.

Management - The Management module contains interfaces dealing with system level management.  Want to setup users, defined system authencation options, database variables, or system events, this is your place to look.

Networking - The Networking module is for you hard core geeks out there who are not satisfied with merely setting up clientside ssl profiles, and banging out optimized iRules.  Here you can get "closer to the metal" and setup everything from ARP table entries, Packet Filters, the Routing Table, Spanning Tree Protocol, Trunks, and VLANs.  Beware, these interfaces are not for the faint of heart...

System - And last, but not least, the System module lets you deal with system level metrics and settings.  Look no further if you want to do things like loading and saving configurations, managing the failover state of a HA pair of device, start or stop running services, upload and install software updates, query system level statistics, or just looking at the product features and information about the platform the system is running on.

The Interfaces and objects:

Digging into what each interface does as well as all of the objects is WAY beyond the scope of this article.  Since there are over 2500 methods alone, not to mention all the structures and enums, you'd likely not be able to make it the whole way through at one sitting anyway. 

Don't worry, you won't be left completely in the dark.  This is where the iControl SDK fits in and we've make the SDK in several forms to suit your needs.  We have the API reference as a downloadable set of HTML documents for offline browsing and we have an online version of the API reference that is always up to date with the latest SDK release.


While the vast amount of coverage that the iControl SDK exposes may seem daunting at first glance, you can rest assured that no matter if your need is automating manual processes, providing segmented views of the configuration, or building monitoring applications, you will be able to build a solution that works.

Get the Flash Player to see this player.