For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Takuya_Kishimot's avatar
Takuya_Kishimot
Historic F5 Account
Mar 20, 2014

Can iControl REST delete a connection?

Hi,

 

Can iControl REST delete a connection? I'd like to do like "delete sys connection ss-server-addr 10.1.1.1" by iControl REST. Can it do that?

 

application delivery
devops
iControl
LTM

4 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Mar 21, 2014
    I can't seem to find a current method in the REST api, I'm consulting with a peer.
  • TechNTactical_1's avatar
    TechNTactical_1
    Historic F5 Account
    Apr 25, 2014

    I'm pretty sure an SE demonstrated this using POSTMAN for Chrome and the ability to delete pools, node, virtual servers, etc.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 27, 2014

    Creating/deleting pools and nodes is pretty straight forward, but I don't believe there's a way with the DELETE command to delete connections. It would seem the semantics of the command are intended just for objects, and not for states. I did find another way, albeit a little wacky.

    1. Create a TMSH script (from within TMSH):

      create cli script delconn

    2. Edit this script to do your dirty work:

      modify script delconn {
    proc script::run {} {
        tmsh::delete sys connection ss-server-addr [lindex $tmsh::argv 1]
    }
}

    3. Trigger a cli run command from REST:

      curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/tm/mgmt/cli/script -d '{"command":"run","utilCmdArgs":"delconn 127.0.0.1"}'
  • tatmotiv's avatar
    tatmotiv
    Icon for Cirrostratus rankCirrostratus
    Aug 27, 2015

    Sorry for digging this out, but I just stumbled upon it and want to make use of something very similar. We have a self service web tool allowing our customers to modify their farms (enable/disable servers etc). What we are currently missing is a possibility to "clear" connections to a single pool member after disabling that one. Even when setting the member to forced offline, active connections will still be maintained. In certain circumstances, customers nevertheless want to get rid of them, especially when they are quite long living connections. We also want to trigger this through the web portal using iControl REST. Since servers can be part of several pools with the same IP/Port combination, and also be part of the same pool with several different ports, I thought about using the following command:

    delete sys connection cs-server-addr [virtual IP] cs-server-port [virtual port] ss-server-addr [pool member IP] ss-server-port [pool member port]

    Can anybody advise if this is sufficient to any get of rid of all connections running to a single pool member of a single virtual (and more importantly ONLY those ones)?

    Furthermore, we have all boxes running route domains, so I guess I will need to include the route-domain suffix in both IP addresses (virtual and pool member)?