iCall Triggers - Invalidating Cache from iRules

iCall is BIG-IP's all new (as of BIG-IP version 11.4) event-based automation system for the control plane. Previously, I wrote up the iCall system overview, as well as an article on the use of a periodic handler for automating backups. This article will feature the use of the triggered iCall handler to allow a user to submit a http request to invalidate the cache served up for an application managed by the Application Acceleration Manager.

Starting at the End

Before we get to the solution, I'd like to address the use case for invalidating cache. In many cases, the team responsible for an application's health is not the network services team which is the typical point of access to the BIG-IP. For large organizations with process overhead in generating tickets, invalidating cache can take time. A lot of time. So the request has come in quite frequently..."How can I invalidate cache remotely?" Or even more often, "Can I invalidate cache from an iRule?" Others have approached this via script, and it has been absolutely possible previously with iRules, albeit through very ugly and very-not-recommended ways. In the end, you just need to issue one TMSH command to invalidate the cache for a particular application:

tmsh::modify wam application content-expiration-time now

So how do we get signal from iRules to instruct BIG-IP to run a TMSH command? This is where iCall trigger handlers come in. Before we hope back to the beginning and discuss the iRule, the process looks like this:

Back to the Beginning

The iStats interface was introduced in BIG-IP version 11 as a way to make data accessible to both the control and data planes. I'll use this to pass the data to the control plane. In this case, the only data I need to pass is to set a key. To set an iStats key, you need to specify :

  • Class
  • Object
  • Measure type (counter, gauge, or string)
  • Measure name

I'm not measuring anything, so I'll use a string starting with "WA policy string" and followed by the name of the policy. You can be explicit or allow the users to pass it in a query parameter as I'm doing in this iRule below:

when HTTP_REQUEST {
  if { [HTTP::path] eq "/invalidate" } {
    set wa_policy [URI::query [HTTP::uri] policy]
    if { $wa_policy ne "" } {
      ISTATS::set "WA policy string $wa_policy" 1
      HTTP::respond 200 content "App $wa_policy cache invalidated."
    } else { HTTP::respond 200 content "Please specify a policy /invalidate?policy=policy_name" }
  }
}

Setting the key this way will allow you to create as many triggers as you have policies. I'll leave it as an exercise for the reader to make that step more dynamic.

Setting the Trigger

With iStats-based triggers, you need linkage to bind the iStats key to an event-name, wacache in my case. You can also set thresholds and durations, but again since I am not measuring anything, that isn't necessary.

sys icall istats-trigger wacache_trigger_istats {
    event-name wacache
    istats-key "WA policy string wa_policy_name"
}

Creating the Script

The script is very simple. Clear the cache with the TMSH command, then remove the iStats key.

sys icall script wacache_script {
    app-service none
    definition {
      tmsh::modify wam application dc.wa_hero content-expiration-time now
      exec istats remove "WA policy string wa_policy_name"
    }
    description none
    events none
}

Creating the Handler

The handler is the glue that binds the event I created in the iStats trigger. When the handler sees an event named wacache, it'll execute the wacache_script iCall script.

sys icall handler triggered wacache_trigger_handler {
    script wacache_script
    subscriptions {
        messages {
            event-name wacache
        }
    }
}

Notes on Testing

  1. Add this command to your arsenal - tmsh generate sys icall event <event-name> context none</event-name> where event-name in my case is wacache. This allows you to troubleshoot the handler and script without worrying about the trigger.
  2. And this one - tmsh modify sys db log.evrouted.level value Debug. Just note that the default is Notice when you're all done troubleshooting.
Published Aug 27, 2013
Version 1.0
acceleration
application delivery
code
dev
devops
iCall
iRules
tech tip
TMSH
  • DRP's avatar
    DRP
    Icon for Nimbostratus rankNimbostratus
    Jul 14, 2020

    From tmsh

    type create sys icall and hit question mark.

  • Darren_Walker_2's avatar
    Darren_Walker_2
    Icon for Cirrus rankCirrus
    Sep 29, 2017

    Step one: Make an irule-I can do that.

     

    Step two: Setting the trigger-I don't understand where this is created/how it is created. And same issues with the other steps, as well. Can you guide me on those details? We're on 12.1.2.

     

  • Hyder_141209's avatar
    Hyder_141209
    Icon for Altostratus rankAltostratus
    Sep 13, 2016

    Hi, thanks for your wonderful explanations on this. In a case, for example, if would like to pass the variable of $wa_policy_name to the script, how can I implement this?

     

    ~ tmsh::modify wam application $wa_policy_name content-expiration-time now

     

    Cheers.

     

  • Infra_179046's avatar
    Infra_179046
    Icon for Nimbostratus rankNimbostratus
    Aug 17, 2016

    Ok I've tried, but how would you make it more dynamic? How do you pass the policy to the trigger and onwards?

     

  • Daren_Kline_184's avatar
    Daren_Kline_184
    Icon for Nimbostratus rankNimbostratus
    Apr 18, 2016
    Hi Jason, If I wanted to set options like "duration", "range-min", "range-max", or "repeat" on my istats-trigger like you mentioned, how would I do that? It appears that TMSH accepts my "modify" command but does not actually update the istats-trigger. Thank you very much for your help! -D