Forum Discussion

Brian_69413's avatar
Icon for Nimbostratus rankNimbostratus
Sep 20, 2011

iControl Authentication in a race condition

Here is what the developers are using:



This is how we connect:


Interfaces _interface = new Interfaces();


_interface.initialize(vip, user, password);



This is how we query:



String[] pools = _interface.getLocalLBPool().get_list();


LocalLBPoolMemberPortType poolMember = _interface.getLocalLBPoolMember();


for (String pool : pools){


String list[] = new String[1];


list[0] = pool;


LocalLBPoolMemberMemberObjectStatus[][] status = poolMember.get_object_status(list);


for (int j = 0; j < status.length; j++) {


for (int k = 0; k < status[j].length; k++) {


LocalLBPoolMemberMemberObjectStatus objectStatus = status[j][k];


LocalLBObjectStatus statusObject = objectStatus.getObject_status();


CommonIPPortDefinition port = objectStatus.getMember();


LocalLBAvailabilityStatus avail = statusObject.getAvailability_status();


LocalLBEnabledStatus enabledStatus = statusObject.getEnabled_status();


String hostPort = port.getAddress();


String hostName = getHost(hostPort);


String availability = avail.getValue();


String description = statusObject.getStatus_description();


String actual_status = enabledStatus.toString();










We are seeing a spewing of auth attempts at our Radius server for this system. Has anyone seen anything like this before?


2 Replies

  • Each iControl request performs a completely separate HTTPS connection to the LTM. So, you should have 1 Auth request per iControl request.



    In looking at your code, I'm wondering why you are taking the list returned from LocalLBPool.get_list() and individually taking each element and building a 1-element list and making separate calls for each pool.



    I'd recommend just taking the value returned in the pools variable and passing that directly into the poolMember.get_object_status() call. That will make your code only 2 iControl calls instead of (1 + num_of_pools).



    BTW, this is exactly why we moved from scalar methods to array based in v9.



    Hope that helps...





  • Thanks for the reply, I will get this suggestion back to the developer.



    They run this query once a minute, so under normal circumstances, we see an auth request every minute. At some point, it spirals out of control and we see multiple requests a second...all successful. The developer has to stop/start the process to get it behave. They are blaming the BigIP because they are not changing anything in their code. I am just trying to do my due diligence to see if anything on the F5 could cause this race condition or if there is a way for me to look at logs on the BigIP to glean any information.