Sideband iRulesLX to another virtual server?

Question

Possibly a simple answer to this but not found any examples so far - I'm looking to intercept traffic to an existing virtual server, interrogate it and if needed send a sideband request with some of the header information off to a separate virtual server to validate it (JSON response).

If the response is acceptable then the traffic can proceed to the original virtual server, and if not then the connection can be rejected.

Seen a few examples with http POST to a http://example.com endpoint, but how would that be presented to POST to a VIP that's internal to the same F5/partition?

dario_garrido · Answer

Hello Dan.&nbsp;Everything depends on the specific details of your implementation, but reading your description I'm sure you can do it mostly using only iRules.&nbsp;HSSR Documentationhttps://clouddocs.f5.com/api/irules/HTTP-Super-SIDEBAND-Requestor-Client-Handles-Redirects-Cookies-Chunked-Transfer-APM-Access-etc.html&nbsp;A practical example of using it:https://clouddocs.f5.com/api/irules/Query-LDAP-From-An-iRule-And-Or-Use-APM-With-Non-HTTP-Services.html&nbsp;Base on the info above, you can check something in your incoming request and use HSSR to send the initial info to another VS.&nbsp;KR,Dario.

dan_bowman · Answer

Thanks Dario - We need to make some fairly complex calls including generating a signed JWT token before initiating the sideband connection, that JWT is then used to request an access token from API 1 - we then need to use that token to make a second sideband call to API 2 and use it to validate some of the header info from the initial HTTP request, hence me looking at using iLX! 😀 - I'm much more familiar with regular iRules so if the same could be achieved that way I'd be happier!

If anyone can shed any light on the iLX > Virtual server sideband methods I'd be appreciative.

Fallback position is to offload this work to a web service on an application server but that will add another tier of infrastructure to the process, so I'd like to try and explore the options of doing this on-box if we can.

Thanks,

Dan

dario_garrido · Answer

Then I recommend you to use iRulesLX better.

Here you have a good example.

https://devcentral.f5.com/s/articles/irules-lx-sideband-connection-1162

Also, some doc of how to start with iRulesLX

https://devcentral.f5.com/s/articles/getting-started-with-irules-lx-introduction-conceptual-overview-20409

https://devcentral.f5.com/s/articles/introducing-irules-lx-19888

KR,

Dario.

satoshi_toyosa1 · Answer

Regarding iRules LX sideband connection implementation, see also iRules LX Sideband Connection - Handling timeouts: It discusses techniques to avoid unpleasant ILX::call timeouts.

Forum Discussion

Sideband iRulesLX to another virtual server?

4 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Simple Sideband - iRule sideband the easy way

DevCentral 2024 - Share Another Day

Simple iRulesLX JSON rewrite

iRules LX Sideband Connection

Advanced iRules: Sideband Connections