Forum Discussion

Sergio000_19532's avatar
Sergio000_19532
Icon for Nimbostratus rankNimbostratus
Apr 03, 2018

Calling an ICALL from an IRULE

HI,

 

I am trying to call an Icall from an Irule but couldn't do it. I try this =

 

sys icall istats-trigger delete_entry_trigger_istats { event-name deletecon istats-key "wa policy string prueba_xxa" }

 

then in the irule I put this

 

when CLIENT_ACCEPTED { ISTATS::set "wa policy string prueba_xxa" 1 }

 

But the Icall won't triggered

 

ICALL SCRIPT

 

sys icall script delete_entry_conecction_script { app-service none definition { tmsh::delete sys connection cs-client-addr 192.168.1.97 exec istats remove "wa policy string prueba_xxa" } description none events none }

 

ICALL HANDLER

 

sys icall handler triggered delete_entry_conecction_handler { script delete_entry_conecction_script subscriptions { messages { event-name deletecon } } }

 

ICALL TRIGGER

 

sys icall istats-trigger delete_entry_trigger_istats { event-name deletecon istats-key "wa policy string prueba_xxa" }

 

For now the goal is to achieve the tmsh command delete sys connection cs-client-addr 192.168.1.97 via Icall

 

Thanks for your support.

 

  • Icall script/handler everything looks good to me, can you confirm if it did not delete the connection table ?

     

  • Happened to this using custom trap (/config/user_alert.conf), this does work though,

    alert testing "JAI" {
        exec command="tmsh generate sys icall event deletecon"
    }
    

    Checking the connection table cleared the entries.

  • irules are executed in data plane, icall are executed in control plane.

     

    you can't execute icall from irule. the only solution is to execute a sideband connection to icontrol API from irule.

     

  • Hi I make a change recently to try to achieve the final goal, which is to when a new connection comes the big IP closed the already established.

    when LB_QUEUED { ISTATS::set "wa policy string prueba_xxa" 1 }

    So I put a queue un depth 1 an at pool member level a connection limit of 1 an also put the CMP Mode of the virtual server in single-cpu mode.

    When I test this scenario I open two telnet session and just the first connection appears in

    show sys connection ss-server-addr
    then I force the Icall with
    generate sys icall event deletecon
    and the queue connection is established with the pool member. So I think that the Icall is working but I couldn't link the Irule with the Icall, so in the even of an LB_QUEUED drops the stablished connection a permit the queded.

    Thx all for your answers.

  • Hi please, how can I call this :

     

    alert testing "JAI" { exec command="tmsh generate sys icall event deletecon" }

     

    through the iRULE ?

     

  • Hi After all a write a log sentence and the Icall was called by the Irule!! THX for the help!!

     

  • yeah, writing a log local.0 will throw the log on the ltm file, the moment log comes, the trap gets triggered & ultimately your icall event will triggered.