I'm looking into what is possible using iRules when dealing with ICAP traffic as a Reverse Proxy. In other words, the F5 would not originate or terminate ICAP traffic, but intelligently steer traffic based on ICAP headers as well as rewrite ICAP headers in requests/responses.
I've worked with ICAP using both LTM and ASM, so I'm aware of what is possible where the F5 is the ICAP Client and so I hypothesize that the events and commands that allow ICAP fluency in iRules are for this use-case only, particularly since they are tied to ICAP profiles which can only be applied to internal virtual servers.
Having said that, I'm entertaining this idea and would like to know if this is even remotely feasible (without having to do this binary is preferable) before spending time in the lab with it.
I've been through the attempt to create an ICAP load balancer with the F5 LTM with a mobile network customer that has LTMs in their network.
Our need was to distribute the ICAP REQMOD requests across 2 ICAP server pools based on the "Host:" field contained in the HTTP message encapculated in the ICAP request body (as there's 2 distinct ICAP services running).
It didn't work! Fundamentally, LTM expects the incoming messages to be HTTP, not ICAP. We also tried to work at L3, but there's no guarantee every ICAP message will be contained in a single packet. We had to fall back to having the F5 distribute TCP connection requests.
Thanks for reporting back here with your findings. Your final result is basically what I expected to be the case. I didn't pursue this any further following this post.
I briefly mentioned doing it at a lower level (binary tcp level) however now that iRulesLX is available there may be a node module out there for parsing ICAP requests/responses. Might be worth looking into.