Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

46.116.101.183 in BIG-IQ REST requests to BIG-IP

BIG-IQ CM 5.1 managing BIG-IP 11.6.1 makes several requests a minute to the BIG-IP REST API:

POST /mgmt/shared/inflate?em_server_ip=46.116.101.183&em_server_auth_token=[long token] HTTP/1.1

My questions are..

What is 46.116.101.183? It appears to belong to an ISP in Israel. It has nothing to do with our environment as far as I can tell.

Does everyone else's BIG-IQ CM do this too? You can check by running a capture like this on your BIG-IP for a few minutes, and loading it up in Wireshark:

tcpdump -i lo -s 0 -w /var/tmp/rest.pcap port 8100

And lastly, what is the /mgmt/shared/inflate REST endpoint? I can't find it documented.

0
Rate this Question
Comments on this Question
Comment made 19-Jun-2017 by Daniel Varela

same behaviour here. Hopefully someone can explain it

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I opened a case about this and was told the following:

Regarding the 'em_server_ip=46.116.101.183' question, this is just a method that BigIQ implements to hash device group names into ipv4 addresses. That IP address does not correspond to any real communication - it's just a numeric hash of a string. Nothing to worry about, per our Engineering.

0
Comments on this Answer
Comment made 19-Jun-2017 by Daniel Varela

Thanks for the info!

0
Comment made 21-Jun-2017 by pponte 135

Hello I have a Big-IQ cluster on a lab environment and only appears traffic to localhost. Image Text

0
Comment made 5 months ago by eey0re 265

Hashing device group names into IPv4 addresses .. that's quite oddball, but this is BIG-IQ so I'll believe it :)

I'm still wondering what the POST /mgmt/shared/inflate endpoint does, and why BIG-IQ CM hits it repeatedly all day on all appliances. The behaviour is the same in 5.2.0.

@pponte The traffic itself is localhost to localhost because this is after it's been received by the management HTTPS server, and before it arrives at the iControl REST daemon. The odd IPv4 address is only in the query string of POST /mgmt/shared/inflate requests.

0