Forum Discussion

Dylan_McCurry_1's avatar
Dylan_McCurry_1
Icon for Nimbostratus rankNimbostratus
May 14, 2014

Asynchronously hit an external web service from an iRule?

I'm trying to create an irule which captures traffic to various URLs. What I need to do is have the irule issue an async'd HTTP request to a web service I've created on every HTTP 200 response that flows through my BigIP. This will allow me to effectively audit the pages my users navigate to.

 

I was looking at HTTP::retry but I don't think that will solve the problem. How do I issue a request (and ignore the response) from an iRule without interrupting the current traffic? Should I attempt to do this in separate threads?

 

application delivery
asynchronous
design
devops
iRules
LTM
request

5 Replies

Sort By
  • Nojan_Moshiri_4's avatar
    Nojan_Moshiri_4
    Historic F5 Account
    May 14, 2014

    An iRule SideBand connection could solve your problem, if I understand your request properly: https://devcentral.f5.com/wiki/irules.SIDEBAND.ashx

     

    There are other good examples of side band on DevCentral as well.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 17, 2014

    If I may add, just be advised that making a sideband call on each request, for each user, may 1) create latency, 2) drive CPU a bit higher than you'd want it, and 3) require the extra effort of creating the sideband content itself. If, however, you absolutely wanted to do a sideband call and you don't care about a response, you could just use the connect and send commands, and set timeout and idle values for each to some very low numbers.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 19, 2014

    Any chance you can reconsider the web service approach and maybe do something like a syslog server or a transparent IDS-like service? You can very easily dump as much or as little as you want into a syslog message. If either side of the proxy is decrypted (non-SSL), then you could use a clone pool to basically mirror all traffic flowing across that interface (for that VIP) to a remote device. In either case you wouldn't get a response, so you wouldn't have to ignore one.