Calling a shell script from within an irule

Employee

Nov 07, 2012

While you can technically do this, it doesn't mean you should. Reaching into the management shell (management plane) from an iRule (data plane) has several performance AND security implications. The management shell consumes a very small subset of total system memory, and is not multi-processing, so it could never scale to handle traffic loads. Also, creating that "bridge" between the two planes potentially opens you up to vulnerabilities if you don't properly protect the mechanisms.

Your best option, in my opinion, would be to employ a sideband call to a remote service (https://devcentral.f5.com/wiki/iRules.SIDEBAND.ashx) and allow it to perform your shell script. You could technically expose some custom service on the BIG-IP (mini web server, netcat, etc.) and reach in from your sideband call, but I'd recommend against that for the aforementioned reasons. If using a remote service, point your sideband call at another virtual server and then load balance (and scale) multiple services.

That said, what is your shell script doing? Perhaps the entire process can be done natively in iRules.

Forum Discussion

Calling a shell script from within an irule

Recent Discussions

Citrix XenServer Big-IP Upgrade help

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

help irules for compatibilty

Related Content

AppWorld 2024 Call For Speakers open

Passing Arguments to iCall Scripts

Python script to proxy iControl REST calls

APM Optimisation Script

WorldTech IT - Who Ya Gonna Call? Scary Hack Story