ABOUT DEVCENTRAL

DevCentral News Technical Forum Technical Articles Technical CrowdSRC Community Guidelines DevCentral EULA Get a Developer Lab License Become a DevCentral MVP

RESOURCES

Product Documentation White Papers Glossary Customer Stories Webinars Free Online Courses F5 Certification LearnF5 Training

SUPPORT

Manage Subscriptions Professional Services Professional Services Create a Service Request Software Downloads Support Portal

PARTNERS

Find a Reseller Partner Technology Alliances Become an F5 Partner Login to Partner Central

---

©2024 F5, Inc. All rights reserved.

This cookbook lists selected ready-to-use iControl REST curl commands for virtual-server related resources. Each recipe consists of the curl command, it's tmsh equivalent, and sample output.

In this cookbook, the following curl options are used. 

   Option      Meaning\n______________________________________________________________________________________\n   -s          Suppress progress meter. Handy when you want to pipe the output.\n______________________________________________________________________________________\n   -k          Allows \"insecure\" SSL connections.\n______________________________________________________________________________________\n   -u          Specify user ID and password. For the start, you should use the \"admin\"\n               account that you normally use to access the Configuration Utility.\n               When you specify the password at the same time,\n               concatenate with \":\". e.g., admin:admin.\n______________________________________________________________________________________\n   -X <method> Specify the HTTP method. When omitted, the default is GET. In the REST\n               framework, POST means create (tmsh create), PATCH means overwriting the\n               existing resource with the data sent (tmsh modify), and PATCH is for \n               merging (ditto).\n______________________________________________________________________________________\n   -H <Header> Specify the request header. When you send (POST, PATCH, PUT) data, you\n               need to tell the server that the data is in JSON format.\n               i.e., -H \"Content-Type: application/json.\n______________________________________________________________________________________\n   -d 'data'   The JSON data to send. Note that you need to quote the entire json\n               blob, and each \"name\":\"value\" pairs must be quoted. When you have \n               nested quotes, make sure you escape (\\) them.\n

Get information of the virtual <vs>

tmsh list ltm <vs>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  fullPath: 'vs',\n  generation: 1109,\n  selfLink: 'https://localhost/mgmt/tm/ltm/virtual/vs?ver=12.1.0',\n  addressStatus: 'yes',\n  autoLasthop: 'default',\n  cmpEnabled: 'yes',\n  connectionLimit: 0,\n  description: 'TestData',\n  destination: '/Common/192.168.184.226:80',\n  enabled: true,\n  gtmScore: 0,\n  ipProtocol: 'tcp',\n  mask: '255.255.255.255',\n  mirror: 'disabled',\n  mobileAppTunnel: 'disabled',\n  nat64: 'disabled',\n  pool: '/Common/vs-pool',\n  poolReference: { link: 'https://localhost/mgmt/tm/ltm/pool/~Common~vs-pool?ver=12.1.0' },\n  rateLimit: 'disabled',\n  rateLimitDstMask: 0,\n  rateLimitMode: 'object',\n  rateLimitSrcMask: 0,\n  serviceDownImmediateAction: 'none',\n  source: '0.0.0.0/0',\n  sourceAddressTranslation: { type: 'automap' },\n  sourcePort: 'preserve',\n  synCookieStatus: 'not-activated',\n  translateAddress: 'enabled',\n  translatePort: 'enabled',\n  vlansDisabled: true,\n  vsIndex: 4,\n  rules: [ '/Common/irule' ],\n  rulesReference: [ { link: 'https://localhost/mgmt/tm/ltm/rule/~Common~iRuleTest?ver=12.1.0' } ],\n  policiesReference: {\n    link: 'https://localhost/mgmt/tm/ltm/virtual/~Common~vs/policies?ver=12.1.0',\n    isSubcollection: true\n  },\n  profilesReference: {\n    link: 'https://localhost/mgmt/tm/ltm/virtual/~Common~vs/profiles?ver=12.1.0',\n     isSubcollection: true\n  }\n}\n

Get only specfic field of the virtual <vs>

The naming convension for the parameters is slightly different from the ones on tmsh, so look for the familiar names in the GET response above. The example below queris the Default Pool (pool).

tmsh list ltm <vs> pool

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>?options=pool\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  fullPath: 'vs',\n  generation: 1,\n  selfLink: 'https://localhost/mgmt/tm/ltm/virtual/vs?options=pool&ver=12.1.1',\n  pool: '/Common/vs-pool',\n  poolReference: {\n    link: 'https://localhost/mgmt/tm/ltm/pool/~Common~vs-pool?ver=12.1.1'\n  }\n}\n

Get all the information of the virtual <vs>

Unlike the tmsh equivalent, iControl REST GET does not return the configuration information of the attached policies and profiles. To see them, use

expandSubcollections

tmsh list ltm <vs>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>?expandSubcollections=true\n

Sample Output

{\n    \"addressStatus\": \"yes\",\n    \"autoLasthop\": \"default\",\n    \"cmpEnabled\": \"yes\",\n    \"connectionLimit\": 0,\n    \"destination\": \"/Common/192.168.184.240:80\",\n    \"enabled\": true,\n    \"fullPath\": \"vs\",\n    \"generation\": 291,\n    \"gtmScore\": 0,\n    \"ipProtocol\": \"tcp\",\n    \"kind\": \"tm:ltm:virtual:virtualstate\",\n    \"mask\": \"255.255.255.255\",\n    \"mirror\": \"disabled\",\n    \"mobileAppTunnel\": \"disabled\",\n    \"name\": \"vs\",\n    \"nat64\": \"disabled\",\n    \"policiesReference\": {\n        \"isSubcollection\": true,\n        \"link\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~vs/policies?ver=13.1.0\"\n    },\n    \"pool\": \"/Common/CentOS-all80\",\n    \"poolReference\": {\n        \"link\": \"https://localhost/mgmt/tm/ltm/pool/~Common~CentOS-all80?ver=13.1.0\"\n    },\n    \"profilesReference\": {\n        \"isSubcollection\": true,\n        \"items\": [\n            {\n                \"context\": \"all\",\n                \"fullPath\": \"/Common/http\",\n                \"generation\": 291,\n                \"kind\": \"tm:ltm:virtual:profiles:profilesstate\",\n                \"name\": \"http\",\n                \"nameReference\": {\n                    \"link\": \"https://localhost/mgmt/tm/ltm/profile/http/~Common~http?ver=13.1.0\"\n                },\n                \"partition\": \"Common\",\n                \"selfLink\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~vs/profiles/~Common~http?ver=13.1.0\"\n            },\n            {\n                \"context\": \"all\",\n                \"fullPath\": \"/Common/tcp\",\n                \"generation\": 287,\n                \"kind\": \"tm:ltm:virtual:profiles:profilesstate\",\n                \"name\": \"tcp\",\n                \"nameReference\": {\n                    \"link\": \"https://localhost/mgmt/tm/ltm/profile/tcp/~Common~tcp?ver=13.1.0\"\n                },\n                \"partition\": \"Common\",\n                \"selfLink\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~vs/profiles/~Common~tcp?ver=13.1.0\"\n            }\n        ],\n        \"link\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~vs/profiles?ver=13.1.0\"\n    },\n    \"rateLimit\": \"disabled\",\n    \"rateLimitDstMask\": 0,\n    \"rateLimitMode\": \"object\",\n    \"rateLimitSrcMask\": 0,\n    \"selfLink\": \"https://localhost/mgmt/tm/ltm/virtual/vs?expandSubcollections=true&ver=13.1.0\",\n    \"serviceDownImmediateAction\": \"none\",\n    \"source\": \"0.0.0.0/0\",\n    \"sourceAddressTranslation\": {\n        \"type\": \"automap\"\n    },\n    \"sourcePort\": \"preserve\",\n    \"synCookieStatus\": \"not-activated\",\n    \"translateAddress\": \"enabled\",\n    \"translatePort\": \"enabled\",\n    \"vlansDisabled\": true,\n    \"vsIndex\": 2\n}\n

Get stats of the virtual <vs>

tmsh show ltm <vs>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>/stats\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstats',\n  generation: 1109,\n  selfLink: 'https://localhost/mgmt/tm/ltm/virtual/vs/stats?ver=12.1.0',\n  entries:\n   { 'https://localhost/mgmt/tm/ltm/virtual/vs/~Common~vs/stats':\n      { nestedStats:\n         { kind: 'tm:ltm:virtual:virtualstats',\n           selfLink: 'https://localhost/mgmt/tm/ltm/virtual/vs/~Common~vs/stats?ver=12.1.0',\n           entries:\n            { 'clientside.bitsIn': { value: 12880 },\n              'clientside.bitsOut': { value: 34592 },\n              'clientside.curConns': { value: 0 },\n              'clientside.evictedConns': { value: 0 },\n              'clientside.maxConns': { value: 2 },\n              'clientside.pktsIn': { value: 26 },\n              'clientside.pktsOut': { value: 26 },\n              'clientside.slowKilled': { value: 0 },\n              'clientside.totConns': { value: 6 },\n              cmpEnableMode: { description: 'all-cpus' },\n              cmpEnabled: { description: 'enabled' },\n              csMaxConnDur: { value: 37 },\n              csMeanConnDur: { value: 29 },\n              csMinConnDur: { value: 17 },\n              destination: { description: '192.168.184.226:80' },\n              'ephemeral.bitsIn': { value: 0 },\n              'ephemeral.bitsOut': { value: 0 },\n              'ephemeral.curConns': { value: 0 },\n              'ephemeral.evictedConns': { value: 0 },\n              'ephemeral.maxConns': { value: 0 },\n              'ephemeral.pktsIn': { value: 0 },\n              'ephemeral.pktsOut': { value: 0 },\n              'ephemeral.slowKilled': { value: 0 },\n              'ephemeral.totConns': { value: 0 },\n              fiveMinAvgUsageRatio: { value: 0 },\n              fiveSecAvgUsageRatio: { value: 0 },\n              tmName: { description: '/Common/vs' },\n              oneMinAvgUsageRatio: { value: 0 },\n              'status.availabilityState': { description: 'available' },\n              'status.enabledState': { description: 'enabled' },\n              'status.statusReason': { description: 'The virtual server is available' },\n              syncookieStatus: { description: 'not-activated' },\n              'syncookie.accepts': { value: 0 },\n              'syncookie.hwAccepts': { value: 0 },\n              'syncookie.hwSyncookies': { value: 0 },\n              'syncookie.hwsyncookieInstance': { value: 0 },\n              'syncookie.rejects': { value: 0 },\n              'syncookie.swsyncookieInstance': { value: 0 },\n              'syncookie.syncacheCurr': { value: 0 },\n              'syncookie.syncacheOver': { value: 0 },\n              'syncookie.syncookies': { value: 0 },\n              totRequests: { value: 4 }\n            }\n         }\n      }\n   }\n}\n

Change one of the configuration options of the virtual <vs>

The command below changes the Description field of the virtual (\"description\" in tmsh and iControl REST).

tmsh modify ltm virtual <vs> description \"Hello World!\"

curl -sku admin:admin  https://<host>/mgmt/tm/ltm/virtual/<vs> \\\n  -X PATCH -H \"Content-Type: application/json\" \\\n  -d '{\"description\": \"Hello World!\"}'  \n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  ... \n  description: 'Hello World!',       <==== Changed.\n  ...\n}\n

Disable the virtual <vs>

The command syntax is same as above: To change the state of a virtual from \"enabled\" to \"disabled\", send \"disabled\":true. For enabling the virtual, use \"enabled\":true. Note that the Boolean type true/false does not require quotations.

tmsh modify ltm virtual <vs> disabled

curl -sku admin:admin  https://<host>/mgmt/tm/ltm/virtual/<vs> \\\n  -X PATCH -H \"Content-Type: application/json\" \\\n  -d '{\"disabled\": true}' \\\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  fullPath: 'vs',\n  ...\n  disabled: true,  <== Changed\n  ...\n}\n

Add another iRule to <vs>

When the virtual has iRules already attached, you need to send the existing ones too along with the additional one. For example, to add /Common/testRule1 to the virtual with /Common/testRule1, specify both in an array (square brackets). Note that the /Common/testRule2 iRule object should be already created.

tmsh modify ltm virtual <vs> rules {testRule1 testRule2}

curl -sku admin:admin  https://<host>/mgmt/tm/ltm/virtual/<vs> \\\n  -X PATCH -H \"Content-Type: application/json\" \\\n  -d '{\"rules\": [\"/Common/testRule1\", \"/Common/testRule2\"] }' \n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  fullPath: 'vs',\n  ...\n  rules: [ '/Common/test1', '/Common/test2' ],  <== Changed\n  rulesReference:\n   [ { link: 'https://localhost/mgmt/tm/ltm/rule/~Common~test1?ver=12.1.1' },\n     { link: 'https://localhost/mgmt/tm/ltm/rule/~Common~test2?ver=12.1.1' } ],\n  ...\n}\n

Create a new virtual <vs>

You can create a skeleton virtual by specifying only Destination Address and Mask. The remaining parameters such as profiles are set to default. You can later modify the parameters by PATCH-ing.

tmsh create ltm virtual <vs> destination <ip:port> mask <ip>

curl -sku admin:admin -X POST -H \"Content-Type: application/json\" \\\n  -d '{\"name\": \"vs\", \"destination\":\"192.168.184.230:80\", \"mask\":\"255.255.255.255\"}' \\\n  https://<host>/mgmt/tm/ltm/virtual\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  partition: 'Common',\n  fullPath: '/Common/vs',\n  ...\n  destination: '/Common/192.168.184.230:80',  <== Created\n  ...\n  mask: '255.255.255.255',                    <== Created\n  ...\n}\n

Create a new virtual <vs> with a lot of parameters

You can specify all the essential parameters upon creation. This example creates a new virtual with pool, default persistence profile, profiles, iRule, and source address translation. The call fails if any of the parameters conflicts. For example, you cannot specify \"Cookie Persistence\" without specifying appropriate profiles. If you do not specify any profile, it falls back to the default

fastL4

, which is not compatible with Cookie Persistence.

tmsh create ltm virtual <vs> destination <ip:port> mask <ip> pool <pool> persist replace-all-with { cookie } profiles add { tcp http clientssl } rules { <rule> } source-address-translation { type automap }

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual -H \"Content-Type: application/json\" -X POST\n  -d '{\"name\": \"vs\", \\\n        \"destination\": \"10.10.10.10:10\", \\\n        \"mask\": \"255.255.255.255\", \\\n        \"pool\": \"CentOS-all80\", \\\n        \"persist\": [ {\"name\": \"cookie\"} ], \\\n       \"profilesReference\": {\"items\": [ {\"context\": \"all\", \"name\": \"http\"}, {\"context\": \"all\", \"name\": \"tcp\"}, {\"context\": \"clientside\", \"name\": \"clientssl\"}] }, \\\n       \"rules\": [ \"ShowVersion\" ], \\\n       \"sourceAddressTranslation\": {\"type\": \"automap\"} }'\n

Sample Output

{\n    \"addressStatus\": \"yes\",\n    \"autoLasthop\": \"default\",\n    \"cmpEnabled\": \"yes\",\n    \"connectionLimit\": 0,\n    \"destination\": \"/Common/10.10.10.10:10\",\n    \"enabled\": true,\n    \"fullPath\": \"/Common/test\",\n    \"generation\": 592,\n    \"gtmScore\": 0,\n    \"ipProtocol\": \"tcp\",\n    \"kind\": \"tm:ltm:virtual:virtualstate\",\n    \"mask\": \"255.255.255.255\",\n    \"mirror\": \"disabled\",\n    \"mobileAppTunnel\": \"disabled\",\n    \"name\": \"vs\",\n    \"nat64\": \"disabled\",\n    \"partition\": \"Common\",\n    \"persist\": [\n        {\n            \"name\": \"cookie\",\n            \"nameReference\": {\n                \"link\": \"https://localhost/mgmt/tm/ltm/persistence/cookie/~Common~cookie?ver=13.1.0\"\n            },\n            \"partition\": \"Common\",\n            \"tmDefault\": \"yes\"\n        }\n    ],\n    \"policiesReference\": {\n        \"isSubcollection\": true,\n        \"link\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~test/policies?ver=13.1.0\"\n    },\n    \"pool\": \"/Common/CentOS-all80\",\n    \"poolReference\": {\n        \"link\": \"https://localhost/mgmt/tm/ltm/pool/~Common~CentOS-all80?ver=13.1.0\"\n    },\n    \"profilesReference\": {\n        \"isSubcollection\": true,\n        \"link\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~test/profiles?ver=13.1.0\"\n    },\n    \"rateLimit\": \"disabled\",\n    \"rateLimitDstMask\": 0,\n    \"rateLimitMode\": \"object\",\n    \"rateLimitSrcMask\": 0,\n    \"rules\": [\n        \"/Common/ShowVersion\"\n    ],\n    \"rulesReference\": [\n        {\n            \"link\": \"https://localhost/mgmt/tm/ltm/rule/~Common~ShowVersion?ver=13.1.0\"\n        }\n    ],\n    \"selfLink\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~test?ver=13.1.0\",\n    \"serviceDownImmediateAction\": \"none\",\n    \"source\": \"0.0.0.0/0\",\n    \"sourceAddressTranslation\": {\n        \"type\": \"automap\"\n    },\n    \"sourcePort\": \"preserve\",\n    \"synCookieStatus\": \"not-activated\",\n    \"translateAddress\": \"enabled\",\n    \"translatePort\": \"enabled\",\n    \"vlansDisabled\": true,\n    \"vsIndex\": 52\n}\n

Delete a virtual <vs>

tmsh delete ltm virtual <vs>

curl -sku admin:admin https://192.168.226.55/mgmt/tm/ltm/virtual/<vs> -X DELETE\n

Sample Output

No output (just 200 OK and no response body)\n

References

\n
• curl.1 the man page
\n
• curl Releases and Downloads ... including the port for Windows
\n
• Jason Rahm's \"Demystifying iControl REST\" series (DevCentral) -- This is Part I of 7 at the time of this article.
\n
• iControl REST API reference (DevCentral) 
\n
• iControl® REST API User Guide (DevCentral) -- Link is for 12.1. Search for the older versions.
\n

This cookbook lists selected ready-to-use iControl REST curl commands for virtual-server related resources. Each recipe consists of the curl command, it's tmsh equivalent, and sample output.

In this cookbook, the following curl options are used. 

   Option      Meaning\n______________________________________________________________________________________\n   -s          Suppress progress meter. Handy when you want to pipe the output.\n______________________________________________________________________________________\n   -k          Allows \"insecure\" SSL connections.\n______________________________________________________________________________________\n   -u          Specify user ID and password. For the start, you should use the \"admin\"\n               account that you normally use to access the Configuration Utility.\n               When you specify the password at the same time,\n               concatenate with \":\". e.g., admin:admin.\n______________________________________________________________________________________\n   -X <method> Specify the HTTP method. When omitted, the default is GET. In the REST\n               framework, POST means create (tmsh create), PATCH means overwriting the\n               existing resource with the data sent (tmsh modify), and PATCH is for \n               merging (ditto).\n______________________________________________________________________________________\n   -H <Header> Specify the request header. When you send (POST, PATCH, PUT) data, you\n               need to tell the server that the data is in JSON format.\n               i.e., -H \"Content-Type: application/json.\n______________________________________________________________________________________\n   -d 'data'   The JSON data to send. Note that you need to quote the entire json\n               blob, and each \"name\":\"value\" pairs must be quoted. When you have \n               nested quotes, make sure you escape (\\) them.\n

Get information of the virtual <vs>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  fullPath: 'vs',\n  generation: 1109,\n  selfLink: 'https://localhost/mgmt/tm/ltm/virtual/vs?ver=12.1.0',\n  addressStatus: 'yes',\n  autoLasthop: 'default',\n  cmpEnabled: 'yes',\n  connectionLimit: 0,\n  description: 'TestData',\n  destination: '/Common/192.168.184.226:80',\n  enabled: true,\n  gtmScore: 0,\n  ipProtocol: 'tcp',\n  mask: '255.255.255.255',\n  mirror: 'disabled',\n  mobileAppTunnel: 'disabled',\n  nat64: 'disabled',\n  pool: '/Common/vs-pool',\n  poolReference: { link: 'https://localhost/mgmt/tm/ltm/pool/~Common~vs-pool?ver=12.1.0' },\n  rateLimit: 'disabled',\n  rateLimitDstMask: 0,\n  rateLimitMode: 'object',\n  rateLimitSrcMask: 0,\n  serviceDownImmediateAction: 'none',\n  source: '0.0.0.0/0',\n  sourceAddressTranslation: { type: 'automap' },\n  sourcePort: 'preserve',\n  synCookieStatus: 'not-activated',\n  translateAddress: 'enabled',\n  translatePort: 'enabled',\n  vlansDisabled: true,\n  vsIndex: 4,\n  rules: [ '/Common/irule' ],\n  rulesReference: [ { link: 'https://localhost/mgmt/tm/ltm/rule/~Common~iRuleTest?ver=12.1.0' } ],\n  policiesReference: {\n    link: 'https://localhost/mgmt/tm/ltm/virtual/~Common~vs/policies?ver=12.1.0',\n    isSubcollection: true\n  },\n  profilesReference: {\n    link: 'https://localhost/mgmt/tm/ltm/virtual/~Common~vs/profiles?ver=12.1.0',\n     isSubcollection: true\n  }\n}\n

Get only specfic field of the virtual <vs>

The naming convension for the parameters is slightly different from the ones on tmsh, so look for the familiar names in the GET response above. The example below queris the Default Pool (pool).

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>?options=pool\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  fullPath: 'vs',\n  generation: 1,\n  selfLink: 'https://localhost/mgmt/tm/ltm/virtual/vs?options=pool&ver=12.1.1',\n  pool: '/Common/vs-pool',\n  poolReference: {\n    link: 'https://localhost/mgmt/tm/ltm/pool/~Common~vs-pool?ver=12.1.1'\n  }\n}\n

Get all the information of the virtual <vs>

Unlike the tmsh equivalent, iControl REST GET does not return the configuration information of the attached policies and profiles. To see them, use

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>?expandSubcollections=true\n

Sample Output

{\n    \"addressStatus\": \"yes\",\n    \"autoLasthop\": \"default\",\n    \"cmpEnabled\": \"yes\",\n    \"connectionLimit\": 0,\n    \"destination\": \"/Common/192.168.184.240:80\",\n    \"enabled\": true,\n    \"fullPath\": \"vs\",\n    \"generation\": 291,\n    \"gtmScore\": 0,\n    \"ipProtocol\": \"tcp\",\n    \"kind\": \"tm:ltm:virtual:virtualstate\",\n    \"mask\": \"255.255.255.255\",\n    \"mirror\": \"disabled\",\n    \"mobileAppTunnel\": \"disabled\",\n    \"name\": \"vs\",\n    \"nat64\": \"disabled\",\n    \"policiesReference\": {\n        \"isSubcollection\": true,\n        \"link\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~vs/policies?ver=13.1.0\"\n    },\n    \"pool\": \"/Common/CentOS-all80\",\n    \"poolReference\": {\n        \"link\": \"https://localhost/mgmt/tm/ltm/pool/~Common~CentOS-all80?ver=13.1.0\"\n    },\n    \"profilesReference\": {\n        \"isSubcollection\": true,\n        \"items\": [\n            {\n                \"context\": \"all\",\n                \"fullPath\": \"/Common/http\",\n                \"generation\": 291,\n                \"kind\": \"tm:ltm:virtual:profiles:profilesstate\",\n                \"name\": \"http\",\n                \"nameReference\": {\n                    \"link\": \"https://localhost/mgmt/tm/ltm/profile/http/~Common~http?ver=13.1.0\"\n                },\n                \"partition\": \"Common\",\n                \"selfLink\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~vs/profiles/~Common~http?ver=13.1.0\"\n            },\n            {\n                \"context\": \"all\",\n                \"fullPath\": \"/Common/tcp\",\n                \"generation\": 287,\n                \"kind\": \"tm:ltm:virtual:profiles:profilesstate\",\n                \"name\": \"tcp\",\n                \"nameReference\": {\n                    \"link\": \"https://localhost/mgmt/tm/ltm/profile/tcp/~Common~tcp?ver=13.1.0\"\n                },\n                \"partition\": \"Common\",\n                \"selfLink\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~vs/profiles/~Common~tcp?ver=13.1.0\"\n            }\n        ],\n        \"link\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~vs/profiles?ver=13.1.0\"\n    },\n    \"rateLimit\": \"disabled\",\n    \"rateLimitDstMask\": 0,\n    \"rateLimitMode\": \"object\",\n    \"rateLimitSrcMask\": 0,\n    \"selfLink\": \"https://localhost/mgmt/tm/ltm/virtual/vs?expandSubcollections=true&ver=13.1.0\",\n    \"serviceDownImmediateAction\": \"none\",\n    \"source\": \"0.0.0.0/0\",\n    \"sourceAddressTranslation\": {\n        \"type\": \"automap\"\n    },\n    \"sourcePort\": \"preserve\",\n    \"synCookieStatus\": \"not-activated\",\n    \"translateAddress\": \"enabled\",\n    \"translatePort\": \"enabled\",\n    \"vlansDisabled\": true,\n    \"vsIndex\": 2\n}\n

Get stats of the virtual <vs>

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs>/stats\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstats',\n  generation: 1109,\n  selfLink: 'https://localhost/mgmt/tm/ltm/virtual/vs/stats?ver=12.1.0',\n  entries:\n   { 'https://localhost/mgmt/tm/ltm/virtual/vs/~Common~vs/stats':\n      { nestedStats:\n         { kind: 'tm:ltm:virtual:virtualstats',\n           selfLink: 'https://localhost/mgmt/tm/ltm/virtual/vs/~Common~vs/stats?ver=12.1.0',\n           entries:\n            { 'clientside.bitsIn': { value: 12880 },\n              'clientside.bitsOut': { value: 34592 },\n              'clientside.curConns': { value: 0 },\n              'clientside.evictedConns': { value: 0 },\n              'clientside.maxConns': { value: 2 },\n              'clientside.pktsIn': { value: 26 },\n              'clientside.pktsOut': { value: 26 },\n              'clientside.slowKilled': { value: 0 },\n              'clientside.totConns': { value: 6 },\n              cmpEnableMode: { description: 'all-cpus' },\n              cmpEnabled: { description: 'enabled' },\n              csMaxConnDur: { value: 37 },\n              csMeanConnDur: { value: 29 },\n              csMinConnDur: { value: 17 },\n              destination: { description: '192.168.184.226:80' },\n              'ephemeral.bitsIn': { value: 0 },\n              'ephemeral.bitsOut': { value: 0 },\n              'ephemeral.curConns': { value: 0 },\n              'ephemeral.evictedConns': { value: 0 },\n              'ephemeral.maxConns': { value: 0 },\n              'ephemeral.pktsIn': { value: 0 },\n              'ephemeral.pktsOut': { value: 0 },\n              'ephemeral.slowKilled': { value: 0 },\n              'ephemeral.totConns': { value: 0 },\n              fiveMinAvgUsageRatio: { value: 0 },\n              fiveSecAvgUsageRatio: { value: 0 },\n              tmName: { description: '/Common/vs' },\n              oneMinAvgUsageRatio: { value: 0 },\n              'status.availabilityState': { description: 'available' },\n              'status.enabledState': { description: 'enabled' },\n              'status.statusReason': { description: 'The virtual server is available' },\n              syncookieStatus: { description: 'not-activated' },\n              'syncookie.accepts': { value: 0 },\n              'syncookie.hwAccepts': { value: 0 },\n              'syncookie.hwSyncookies': { value: 0 },\n              'syncookie.hwsyncookieInstance': { value: 0 },\n              'syncookie.rejects': { value: 0 },\n              'syncookie.swsyncookieInstance': { value: 0 },\n              'syncookie.syncacheCurr': { value: 0 },\n              'syncookie.syncacheOver': { value: 0 },\n              'syncookie.syncookies': { value: 0 },\n              totRequests: { value: 4 }\n            }\n         }\n      }\n   }\n}\n

Change one of the configuration options of the virtual <vs>

The command below changes the Description field of the virtual (\"description\" in tmsh and iControl REST).

curl -sku admin:admin  https://<host>/mgmt/tm/ltm/virtual/<vs> \\\n  -X PATCH -H \"Content-Type: application/json\" \\\n  -d '{\"description\": \"Hello World!\"}'  \n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  ... \n  description: 'Hello World!',       <==== Changed.\n  ...\n}\n

Disable the virtual <vs>

The command syntax is same as above: To change the state of a virtual from \"enabled\" to \"disabled\", send \"disabled\":true. For enabling the virtual, use \"enabled\":true. Note that the Boolean type true/false does not require quotations.

curl -sku admin:admin  https://<host>/mgmt/tm/ltm/virtual/<vs> \\\n  -X PATCH -H \"Content-Type: application/json\" \\\n  -d '{\"disabled\": true}' \\\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  fullPath: 'vs',\n  ...\n  disabled: true,  <== Changed\n  ...\n}\n

Add another iRule to <vs>

When the virtual has iRules already attached, you need to send the existing ones too along with the additional one. For example, to add /Common/testRule1 to the virtual with /Common/testRule1, specify both in an array (square brackets). Note that the /Common/testRule2 iRule object should be already created.

curl -sku admin:admin  https://<host>/mgmt/tm/ltm/virtual/<vs> \\\n  -X PATCH -H \"Content-Type: application/json\" \\\n  -d '{\"rules\": [\"/Common/testRule1\", \"/Common/testRule2\"] }' \n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  fullPath: 'vs',\n  ...\n  rules: [ '/Common/test1', '/Common/test2' ],  <== Changed\n  rulesReference:\n   [ { link: 'https://localhost/mgmt/tm/ltm/rule/~Common~test1?ver=12.1.1' },\n     { link: 'https://localhost/mgmt/tm/ltm/rule/~Common~test2?ver=12.1.1' } ],\n  ...\n}\n

Create a new virtual <vs>

You can create a skeleton virtual by specifying only Destination Address and Mask. The remaining parameters such as profiles are set to default. You can later modify the parameters by PATCH-ing.

curl -sku admin:admin -X POST -H \"Content-Type: application/json\" \\\n  -d '{\"name\": \"vs\", \"destination\":\"192.168.184.230:80\", \"mask\":\"255.255.255.255\"}' \\\n  https://<host>/mgmt/tm/ltm/virtual\n

Sample Output

{\n  kind: 'tm:ltm:virtual:virtualstate',\n  name: 'vs',\n  partition: 'Common',\n  fullPath: '/Common/vs',\n  ...\n  destination: '/Common/192.168.184.230:80',  <== Created\n  ...\n  mask: '255.255.255.255',                    <== Created\n  ...\n}\n

Create a new virtual <vs> with a lot of parameters

You can specify all the essential parameters upon creation. This example creates a new virtual with pool, default persistence profile, profiles, iRule, and source address translation. The call fails if any of the parameters conflicts. For example, you cannot specify \"Cookie Persistence\" without specifying appropriate profiles. If you do not specify any profile, it falls back to the default

, which is not compatible with Cookie Persistence.

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual -H \"Content-Type: application/json\" -X POST\n  -d '{\"name\": \"vs\", \\\n        \"destination\": \"10.10.10.10:10\", \\\n        \"mask\": \"255.255.255.255\", \\\n        \"pool\": \"CentOS-all80\", \\\n        \"persist\": [ {\"name\": \"cookie\"} ], \\\n       \"profilesReference\": {\"items\": [ {\"context\": \"all\", \"name\": \"http\"}, {\"context\": \"all\", \"name\": \"tcp\"}, {\"context\": \"clientside\", \"name\": \"clientssl\"}] }, \\\n       \"rules\": [ \"ShowVersion\" ], \\\n       \"sourceAddressTranslation\": {\"type\": \"automap\"} }'\n

Sample Output

{\n    \"addressStatus\": \"yes\",\n    \"autoLasthop\": \"default\",\n    \"cmpEnabled\": \"yes\",\n    \"connectionLimit\": 0,\n    \"destination\": \"/Common/10.10.10.10:10\",\n    \"enabled\": true,\n    \"fullPath\": \"/Common/test\",\n    \"generation\": 592,\n    \"gtmScore\": 0,\n    \"ipProtocol\": \"tcp\",\n    \"kind\": \"tm:ltm:virtual:virtualstate\",\n    \"mask\": \"255.255.255.255\",\n    \"mirror\": \"disabled\",\n    \"mobileAppTunnel\": \"disabled\",\n    \"name\": \"vs\",\n    \"nat64\": \"disabled\",\n    \"partition\": \"Common\",\n    \"persist\": [\n        {\n            \"name\": \"cookie\",\n            \"nameReference\": {\n                \"link\": \"https://localhost/mgmt/tm/ltm/persistence/cookie/~Common~cookie?ver=13.1.0\"\n            },\n            \"partition\": \"Common\",\n            \"tmDefault\": \"yes\"\n        }\n    ],\n    \"policiesReference\": {\n        \"isSubcollection\": true,\n        \"link\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~test/policies?ver=13.1.0\"\n    },\n    \"pool\": \"/Common/CentOS-all80\",\n    \"poolReference\": {\n        \"link\": \"https://localhost/mgmt/tm/ltm/pool/~Common~CentOS-all80?ver=13.1.0\"\n    },\n    \"profilesReference\": {\n        \"isSubcollection\": true,\n        \"link\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~test/profiles?ver=13.1.0\"\n    },\n    \"rateLimit\": \"disabled\",\n    \"rateLimitDstMask\": 0,\n    \"rateLimitMode\": \"object\",\n    \"rateLimitSrcMask\": 0,\n    \"rules\": [\n        \"/Common/ShowVersion\"\n    ],\n    \"rulesReference\": [\n        {\n            \"link\": \"https://localhost/mgmt/tm/ltm/rule/~Common~ShowVersion?ver=13.1.0\"\n        }\n    ],\n    \"selfLink\": \"https://localhost/mgmt/tm/ltm/virtual/~Common~test?ver=13.1.0\",\n    \"serviceDownImmediateAction\": \"none\",\n    \"source\": \"0.0.0.0/0\",\n    \"sourceAddressTranslation\": {\n        \"type\": \"automap\"\n    },\n    \"sourcePort\": \"preserve\",\n    \"synCookieStatus\": \"not-activated\",\n    \"translateAddress\": \"enabled\",\n    \"translatePort\": \"enabled\",\n    \"vlansDisabled\": true,\n    \"vsIndex\": 52\n}\n

Delete a virtual <vs>

curl -sku admin:admin https://192.168.226.55/mgmt/tm/ltm/virtual/<vs> -X DELETE\n

Sample Output

No output (just 200 OK and no response body)\n

References

\n
• curl.1 the man page
\n
• curl Releases and Downloads ... including the port for Windows
\n
• Jason Rahm's \"Demystifying iControl REST\" series (DevCentral) -- This is Part I of 7 at the time of this article.
\n
• iControl REST API reference (DevCentral) 
\n
• iControl® REST API User Guide (DevCentral) -- Link is for 12.1. Search for the older versions.
\n

{\"name\":\"virtual_test.bit\",\"destination\":\"10.100.100.155:443\",\"pool\":\"pool_test.bit\",\"persist\":[{\"name\":\"persist_cookie\"}],\"fallbackPersistence\":\"source_addr\",\"profilesReference\":{\"items\":[{\"name\":\"tcp\",\"context\":\"all\"},{\"name\":\"profile_clientssl_test.bit\",\"context\":\"clientside\"},{\"name\":\"profile_http\"}]},\"rules\":[\"rule_test.bit\"]}

| json-format

Added (sorry for being late).

The section about disabling VIPs seems to be incorrect.

curl -sku admin:admin  https://<host>/mgmt/tm/ltm/<vs> \\\n  -X PATCH -H \"Content-Type: application/json\" \\\n  -d '{\"enabled\": false}' \\

Results in HTTP 400 Bad Request.

{\n    \"code\": 400,\n    \"message\": \"one or more properties must be specified\",\n    \"errorStack\": [],\n    \"apiError\": 26214401\n}

Changing the JSON to the following does the trick:

{\n    \"disabled\": true\n}

Subsequently, the JSON response is:

{\n    \"kind\": \"tm:ltm:virtual:virtualstate\",\n    \"name\": \"TestVIP\",\n    [...]\n    \"disabled\": true,\n    [...]\n}

For comparison, an enabled VIP looks like this:

{\n    \"kind\": \"tm:ltm:virtual:virtualstate\",\n    \"name\": \"TestVIP\",\n    [...]\n    \"enabled\": true,\n    [...]\n}

Version: 12.1.2

Why is the value true without quotes?

\"disabled\": true

\"enabled\": true

Shouldn't the value in JSON data be inside double quotes? 

some fields are ints or booleans, not strings

{\n    \"description\": \"Description here\",\n    \"enabled\": false\n}

Thank you, Arie. You are right. It has to be \"disabled:true\" for disabling and \"enabled:true\" for enabling. I have updated the doc.

curl -sk -u admin: -H 'Content-Type: application/json' \\\n-X PATCH -d '{\"arp\": \"disabled\", \"enabled\": \"no\", \"icmpEcho\": \"disabled\"}' \\\nhttps://localhost/mgmt/tm/ltm/virtual-address/10.131.131.101 | python -m json.tool

curl -sk -u admin: -H 'Content-Type: application/json' \\\n-X PATCH -d '{\"arp\": \"enabled\", \"enabled\": \"yes\", \"icmpEcho\": \"enabled\"}' \\\nhttps://localhost/mgmt/tm/ltm/virtual-address/10.131.131.101 | python -m json.tool

modify ltm virtual-address 10.131.131.101 enabled no arp disabled icmp-echo disabled\nmodify ltm virtual-address 10.131.131.101 enabled yes arp enabled icmp-echo enabled

POST '{}' to path ./mgmt/tm/transaction with header \"Content-Type: application/json\"

DELETE to path ./mgmt/tm/ltm/virtual/~<partition-name>~<virtual-name>/profiles/<profile-name> with header \"X-F5-REST-Coordination-Id: <transId>\"

POST '{\"name\":\"<profile-name>\",\"partition\":\"<partition-name>\",\"context\":\"<context>\"}' to path ./mgmt/tm/ltm/virtual/~<partition-name>~<virtual-name>/profiles with headers \"X-F5-REST-Coordination-Id: <transId>\" and \"Content-Type: application/json\"

PUT or PATCH '{\"state\": \"VALIDATING\"}' to path ./mgmt/tm/transaction/<transId> with header \"Content-Type: application/json\"

GET to path ./mgmt/tm/transaction/<transId>

The command to change the Description field on the virtual is missing \"virtual/\" in the URI.

Here is the correct syntax.

curl -sku admin:admin  https://<host>/mgmt/tm/ltm/virtual/<vs> \\
  -X PATCH -H \"Content-Type: application/json\" \\
  -d '{\"description\": \"Hello World!\"}' 

Similarly, the correct syntax to disable the virtual server is as below:

curl -sku admin:admin https://<host>/mgmt/tm/ltm/virtual/<vs> \\   -X PATCH -H \"Content-Type: application/json\" \\ -d '{\"disabled\": true}' \\

nice find! Fixed...