Forum Discussion
Brian_69413
Nimbostratus
NimbostratusiControl Authentication in a race condition
Here is what the developers are using:
This is how we connect:
Interfaces _interface = new Interfaces();
_interface.initialize(vip, user, password);
This is how we query:
String[] pools = _interface.getLocalLBPool().get_list();
LocalLBPoolMemberPortType poolMember = _interface.getLocalLBPoolMember();
for (String pool : pools){
String list[] = new String[1];
list[0] = pool;
LocalLBPoolMemberMemberObjectStatus[][] status = poolMember.get_object_status(list);
for (int j = 0; j < status.length; j++) {
for (int k = 0; k < status[j].length; k++) {
LocalLBPoolMemberMemberObjectStatus objectStatus = status[j][k];
LocalLBObjectStatus statusObject = objectStatus.getObject_status();
CommonIPPortDefinition port = objectStatus.getMember();
LocalLBAvailabilityStatus avail = statusObject.getAvailability_status();
LocalLBEnabledStatus enabledStatus = statusObject.getEnabled_status();
String hostPort = port.getAddress();
String hostName = getHost(hostPort);
String availability = avail.getValue();
String description = statusObject.getStatus_description();
String actual_status = enabledStatus.toString();
}
}
}
We are seeing a spewing of auth attempts at our Radius server for this system. Has anyone seen anything like this before?
- Each iControl request performs a completely separate HTTPS connection to the LTM. So, you should have 1 Auth request per iControl request.
In looking at your code, I'm wondering why you are taking the list returned from LocalLBPool.get_list() and individually taking each element and building a 1-element list and making separate calls for each pool.
I'd recommend just taking the value returned in the pools variable and passing that directly into the poolMember.get_object_status() call. That will make your code only 2 iControl calls instead of (1 + num_of_pools).
BTW, this is exactly why we moved from scalar methods to array based in v9.
Hope that helps...
-Joe 
Brian_69413Thanks for the reply, I will get this suggestion back to the developer.
They run this query once a minute, so under normal circumstances, we see an auth request every minute. At some point, it spirals out of control and we see multiple requests a second...all successful. The developer has to stop/start the process to get it behave. They are blaming the BigIP because they are not changing anything in their code. I am just trying to do my due diligence to see if anything on the F5 could cause this race condition or if there is a way for me to look at logs on the BigIP to glean any information.
