Forum Discussion

Sergio000_19532's avatar
Sergio000_19532
Icon for Nimbostratus rankNimbostratus
Apr 03, 2018

Calling an ICALL from an IRULE

HI,

 

I am trying to call an Icall from an Irule but couldn't do it. I try this =

 

sys icall istats-trigger delete_entry_trigger_istats { event-name deletecon istats-key "wa policy string prueba_xxa" }

 

then in the irule I put this

 

when CLIENT_ACCEPTED { ISTATS::set "wa policy string prueba_xxa" 1 }

 

But the Icall won't triggered

 

ICALL SCRIPT

 

sys icall script delete_entry_conecction_script { app-service none definition { tmsh::delete sys connection cs-client-addr 192.168.1.97 exec istats remove "wa policy string prueba_xxa" } description none events none }

 

ICALL HANDLER

 

sys icall handler triggered delete_entry_conecction_handler { script delete_entry_conecction_script subscriptions { messages { event-name deletecon } } }

 

ICALL TRIGGER

 

sys icall istats-trigger delete_entry_trigger_istats { event-name deletecon istats-key "wa policy string prueba_xxa" }

 

For now the goal is to achieve the tmsh command delete sys connection cs-client-addr 192.168.1.97 via Icall

 

Thanks for your support.

 

application delivery
iCall
iRules
  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Apr 04, 2018

    Icall script/handler everything looks good to me, can you confirm if it did not delete the connection table ?

     

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Apr 04, 2018

    Happened to this using custom trap (/config/user_alert.conf), this does work though, 

    alert testing "JAI" {
    exec command="tmsh generate sys icall event deletecon"
}

    Checking the connection table cleared the entries.

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Apr 04, 2018

    irules are executed in data plane, icall are executed in control plane.

     

    you can't execute icall from irule. the only solution is to execute a sideband connection to icontrol API from irule.

     

  • Sergio000_19532's avatar
    Sergio000_19532
    Icon for Nimbostratus rankNimbostratus
    Apr 04, 2018

    Hi I make a change recently to try to achieve the final goal, which is to when a new connection comes the big IP closed the already established.

    when LB_QUEUED { ISTATS::set "wa policy string prueba_xxa" 1 }

    So I put a queue un depth 1 an at pool member level a connection limit of 1 an also put the CMP Mode of the virtual server in single-cpu mode.

    When I test this scenario I open two telnet session and just the first connection appears in 

    show sys connection ss-server-addr
    then I force the Icall with 
    generate sys icall event deletecon
    and the queue connection is established with the pool member. So I think that the Icall is working but I couldn't link the Irule with the Icall, so in the even of an LB_QUEUED drops the stablished connection a permit the queded.

    Thx all for your answers.

  • Sergio000_19532's avatar
    Sergio000_19532
    Icon for Nimbostratus rankNimbostratus
    Apr 04, 2018

    Hi please, how can I call this :

     

    alert testing "JAI" { exec command="tmsh generate sys icall event deletecon" }

     

    through the iRULE ?

     

  • Sergio000_19532's avatar
    Sergio000_19532
    Icon for Nimbostratus rankNimbostratus
    Apr 04, 2018

    Hi After all a write a log sentence and the Icall was called by the Irule!! THX for the help!!

     

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Apr 04, 2018

    yeah, writing a log local.0 will throw the log on the ltm file, the moment log comes, the trap gets triggered & ultimately your icall event will triggered.