Forum Discussion

Jonathan_Scholi's avatar
Jonathan_Scholi
Icon for Cirrostratus rankCirrostratus
Oct 21, 2013

Local Traffic Policies and iControl

I've been looking for a way for use iControl to create the Local Traffic Policies introduced in 11.4, but I don't see anything about these in the API. Am I missing something, or does this functional...
deployment
devops
iControl
management
Jon_Bartlett_10's avatar
Jon_Bartlett_10
Historic F5 Account
Dec 02, 2013

This is only available in the REST API, please see the following:

 

Introducing a RESTful interface for iControl https://devcentral.f5.com/articles/introducing-a-restful-interface-for-icontrol.Up0Ywk2A2M9

 

REST User Guide https://devcentral.f5.com/d/icontrol-rest-user-guide

 

Below is an example:

 

This creates a new policy that redirects to a different pool "p1" based on URI containing "servers" in the uri-path

 

POST https://192.168.1.75/mgmt/tm/ltm/policy?$expand=* (remeber to use the syntax from the manual including auth and content-type)

 

{

 

"kind": "tm:ltm:policy:policystate",
"name": "mynewpolicy",
"generation": 0,
"lastUpdatedMicros": 0,
"partition": "/Common/",
"controls": [
    "forwarding"
],
"requires": [
    "http"
],
"strategy": "all-match",
"rules": [
    {
        "kind": "tm:ltm:policy:rules:rulesstate",
        "name": "mynewpolicy_rule",
        "generation": 0,
        "lastUpdatedMicros": 0,
        "selfLink": "https://localhost/mgmt/tm/ltm/policy/mynewpolicy/rules/mynewpolicy_rule",
        "ordinal": 1,
        "actions": [
            {
                "kind": "tm:ltm:policy:rules:actions:actionsstate",
                "name": "0",
                "generation": 0,
                "lastUpdatedMicros": 0,
                "selfLink": "https://localhost/mgmt/tm/ltm/policy/mynewpolicy/rules/mynewpolicy_rule/actions/0",
                "code": 0,
                "forward": null,
                "pool": "/Common/p1",
                "port": 0,
                "request": null,
                "select": null,
                "status": 0,
                "vlanId": 0
            }
        ],
        "conditions": [
            {
                "kind": "tm:ltm:policy:rules:conditions:conditionsstate",
                "name": "0",
                "generation": 0,
                "lastUpdatedMicros": 0,
                "selfLink": "https://localhost/mgmt/tm/ltm/policy/mynewpolicy/rules/mynewpolicy_rule/conditions/0",
                "caseInsensitive": null,
                "contains": null,
                "external": null,
                "httpUri": null,
                "index": 0,
                "path": null,
                "present": null,
                "remote": null,
                "request": null,
                "values": [
                    "servers"
                ]
            }
        ]
    }
]

}

 

GET https://192.168.1.75/mgmt/tm/ltm/virtual/vip_ssl

 

Get the output and add the line marked below to add the policy and send it back as a PUT to modify the VIP.

 

PUT https://192.168.1.75/mgmt/tm/ltm/virtual/vip_ssl

 

(vip_ssl is the name of the vip, to add the policiy to the VIP)

 

{

 

"kind": "tm:ltm:virtual:virtualstate",
"name": "vip_ssl",
"generation": 0,
"lastUpdatedMicros": 0,
"selfLink": "https://localhost/mgmt/tm/ltm/virtual/vip_ssl",
"partition": "/Common/",
"autoLasthop": "default",
"cmpEnabled": "yes",
"connectionLimit": 0,
"destination": "192.168.1.77:https",
"enabled": null,
"gtmScore": 0,
"ipProtocol": "tcp",
"mask": "255.255.255.255",
"mirror": "disabled",
"nat64": "disabled",
"pool": "p2",
"rateLimit": "disabled",
"rateLimitDstMask": 0,
"rateLimitMode": "object",
"rateLimitSrcMask": 0,
"policies": "mynewpolicy",                   <<<
"source": "0.0.0.0/0",
"sourceAddressTranslation": {
    "type": "automap"
},
"sourcePort": "preserve",
"synCookieStatus": "not-activated",
"translateAddress": "enabled",
"translatePort": "enabled",
"vlansDisabled": null,
"vsIndex": 2,
"profilesReference": {
    "link": "https://localhost/mgmt/tm/ltm/virtual/vip_ssl/profiles"
}

}