Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

iCall and external call

Hi,

I wonder if anyone used iCall to trigger external call to another device - I guess that is right tool for the job, or maybe there is some better solution.

Scenario:

  • ASM or DoS Protection is reporting violation (hope there is a way to extract IP of violation or IP from XFF)
  • iCall is triggered (via log entry?)
  • SSH or REST API call (via wget) is launched to report this IP to another device
  • Another device is adding IP to black list and blocking traffic from this IP (this is of course outside F5 realm)

Piotr

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I think I would use a sideband connection in an iRule for this, I think it would be easy enough. The iRule can trigger on a violation event and send a request of your own design to the device.

1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

Thanks for pointing to sideband. I wonder what is more performance friendly assuming thousands (20k+) TCP connections per second?

Piotr

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hard to say, but I would guess sideband connections since iRules are handled by the TMM:s. I don't know exactly how iCall is implemented but since it's part of the management side of the BIG-IP and all management processes run outside of the TMM:s and thus have limited resources compared to TMM.

0
Comments on this Answer
Comment made 02-Nov-2015 by Piotr Lewandowski 1162
Sound logical, so will concentrate on sideband connection path. Thanks again for help. Do you know some examples of sideband similar to what I described? Are you using sideband in production? Piotr
0
Comment made 03-Nov-2015 by Henrik Gyllkrans 596
I've been playing around with it on behalf of a customer, they haven't implemented it yet but they will. I haven't seen an iRule with sideband used in that scenario, but that's the beauty of iRules - they can be adapted to pretty much anything. I think Aaron Hooley's example iRule is a great introduction to sideband: https://devcentral.f5.com/codeshare/sideband-connection-http-example
1
Comment made 06-Nov-2015 by Piotr Lewandowski 1162
Thanks Piotr
0