iRule queries in iCall scripts?

i recently heard that this is the best / only help out there (they also agreed documentation is quite lite still):

tmsh help sys icall

hopefully you will be able to find it, else just try and report back 🙂

what is the end goal? You might be able to make a restlike API with the vip where you could pass data from the iRule to an iCall script if the iCall script used exec to call the curl executable. Seems risky though, so perhaps if you can share what the goals are, we might be able to help with an alternative approach.

JRahm, The end goal is to take action on the content of a DNS Express zone. We have anycast listeners that are up no matter the zone content. The desired behaviour is for the listeners to remain down (no tmm route) until the zone has managed a successful XFR.

The problem with iRules is that I'd like the code to run periodically, instead of traffic based. Icall can run periodically. Rather than looking at exact DNS queries I've explored the possibility of retrieving the number of records in a zone via tmsh::get_field, this works reliably and removes external triggers.

For posterity sake. In TMOS 11.6.1 tmsh::get_field_value only shows specific resource record counts when the zone is populated, the total number of records is always shown via "db-rrs".

tmsh::get_field_value $obj "db-rrs"

Issuing show /ltm dns zone field-fmt shows the fields that are avaulable to get_field_value:

show /ltm dns zone  field-fmt
    ...
    db-rrs 18
    ...
    type-cnt.0.cnt 13
    type-cnt.0.type A
    type-cnt.1.cnt 7
    type-cnt.1.type NAPTR
    type-cnt.2.cnt 2
    type-cnt.2.type NS
    type-cnt.3.cnt 1
    type-cnt.3.type SOA
    type-cnt.4.cnt 1
    type-cnt.4.type SRV

The type-cnt fields vary per zone and thus in coding it's important to find the right field first. I initially rewrote my code to compare db-rrs to a threshold, on the principle that if a zone is populated it must have more than 2 records (the standard two name-servers). I know that there are other options but did not want to do sideband or add extra VIPs etc. This worked for me, ymmv.

I then added more in depth checking on record types, this is how I retrieve the counters:

 Clear index and counters
set idx 0; set num_a_rec 0; set num_naptr_rec 0; set num_ns_rec 0; set num_soa_rec 0; set num_srv_rec 0
 Find fields containing record counters
while {[catch {tmsh::get_field_value $obj "type-cnt.${idx}.type"} rtype] == 0} {
  if { $rtype == "A" } {
    set num_a_rec     [tmsh::get_field_value $obj "type-cnt.${idx}.cnt"]
  } elseif { $rtype == "NAPTR" } {
    set num_naptr_rec [tmsh::get_field_value $obj "type-cnt.${idx}.cnt"]
  } elseif { $rtype == "NS" } {
    set num_ns_rec    [tmsh::get_field_value $obj "type-cnt.${idx}.cnt"]
  } elseif { $rtype == "SOA" } {
    set num_soa_rec   [tmsh::get_field_value $obj "type-cnt.${idx}.cnt"]
  } elseif { $rtype == "SRV" } {
    set num_srv_rec   [tmsh::get_field_value $obj "type-cnt.${idx}.cnt"]
  }
  incr idx
}

Also I changed to iCall which is best suited to running a script at a regular interval. It's powerful but has it's own limitations. Not all things irule are supported (tables for one) and I encountered a bug (proc can't be used in an iCall script on 11.6.1 - fixed in 12.0 apparently).