F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

AP's avatar
AP
Icon for Nimbostratus rankNimbostratus
Oct 09, 2016

F5 as an ICAP proxy/broker

Hi,   I'm looking into what is possible using iRules when dealing with ICAP traffic as a Reverse Proxy. In other words, the F5 would not originate or terminate ICAP traffic, but intelligently stee...
application delivery
iRules
LTM
security
Simon_Conway-Sm's avatar
Simon_Conway-Sm
Icon for Nimbostratus rankNimbostratus
Mar 13, 2018

I've been through the attempt to create an ICAP load balancer with the F5 LTM with a mobile network customer that has LTMs in their network.

 

Our need was to distribute the ICAP REQMOD requests across 2 ICAP server pools based on the "Host:" field contained in the HTTP message encapculated in the ICAP request body (as there's 2 distinct ICAP services running).

 

It didn't work! Fundamentally, LTM expects the incoming messages to be HTTP, not ICAP. We also tried to work at L3, but there's no guarantee every ICAP message will be contained in a single packet. We had to fall back to having the F5 distribute TCP connection requests.

 

AP's avatar
AP
Icon for Nimbostratus rankNimbostratus
Mar 22, 2018

Hi Simon,

 

Thanks for reporting back here with your findings. Your final result is basically what I expected to be the case. I didn't pursue this any further following this post.

 

I briefly mentioned doing it at a lower level (binary tcp level) however now that iRulesLX is available there may be a node module out there for parsing ICAP requests/responses. Might be worth looking into.

 

Regards,

 

Andrew