Forum Discussion

Cory_Blankenshi's avatar
Cory_Blankenshi
Icon for Altostratus rankAltostratus
May 24, 2019

Is there a limit for iControl Rest API POST requests per minute?

I am writing a script to migrate all of our LTM objects - VIPs, pools, monitors, etc. - from one v.13.1.1.4 BIG-IP to another using the iControlRest API. During my testing, I was able to send the configurations for 80 HTTP monitors before getting the following error: "Failed to establish a new connection: [Errno 61] Connection refused'".

 

I don't know if there is a setting that can be tweaked to avoid the issue and/or another approach I can take to sending all of the configurations via the rest API. I was hoping that I could send multiple objects in a single payload, but I think that only works with AS3. Any help would be greatly appreciated. :]

 

Thanks!

application delivery
BIG-IP
devops
iControlREST

7 Replies

Sort By
  • Satoshi_Toyosa1's avatar
    Satoshi_Toyosa1
    Icon for Employee rankEmployee
    May 29, 2019

    The iControl REST framework does not impose a rate restriction, however, you may saturate the underlying system such as mcpd if you send too many requests too soon. You may need to consider throttling your requests. For configuring the entire box with full of objects, yes, AS3 would be a good choice (it's becoming popular).

     

    Please also note that there is a restriction on a number of tokens per user. If you are not reusing the token (assuming you are using the Token Based Authentication) but generating one for each object, then you may get the token error (looks like this is not the case from your error message). The current limit is 100. This limit is not applicable to the 'admin'.

  • Cory_Blankenshi's avatar
    Cory_Blankenshi
    Icon for Altostratus rankAltostratus
    Jun 04, 2019

    Thanks for the reply. I started using transactions with token auth, however I'm hitting a weird issue: when I try to commit the transaction, I get an error stating that the transaction ID failed. This is what my request looks like:

     

    Method: PATCH

    URL: https://my.bigip.com/mgmt/tm/transaction/1234567890

    Body: { "state": "VALIDATING" }

     

    ...which is what the documentation shows to do. However, I get the following error...

     

    {

      "code": 404,

      "message": "Missing transaction ID for this call.",

      "errorStack": [],

      "apiError": 2

    }

     

    Have you ever hit this issue before?

  • Satoshi_Toyosa1's avatar
    Satoshi_Toyosa1
    Icon for Employee rankEmployee
    Jun 05, 2019

    I first thought that was an timeout issue. A transaction's lifespan is 120s by default. If you haven't issued the VALIDATING command within the time, it will disappear. However, querying or VALIDATING the deleted transaction would result in 404 error but with a different message.

     

    {

      "apiError": 1,

      "code": 404,

      "errorStack": [],

      "message": "Task not found - ID: 1559714233007109 user: admin"

    }

     

    Will you be able to provide more data? How have you created the transaction, added the task(s) and committed. If that's too much to share in the public space, I suggest you to contact F5 support.

    • Cory_Blankenshi's avatar
      Cory_Blankenshi
      Icon for Altostratus rankAltostratus
      Jun 05, 2019

      Hi Satoshi,

       

      I performed the following operations in Postman, and below is the HTTP code generated for each request and response:

       

      1) Get a new transaction

       

      Request

      POST /mgmt/tm/transaction?= HTTP/1.1

      Host: my.f5.com

      Content-Type: application/json

      Authorization: Basic YWRtaW46YWRtaW4=

      User-Agent: PostmanRuntime/7.13.0

      Accept: */*

      Host: my.f5.com

      cookie: BIGIPAuthCookie=1234A123B12341CDE123F1G12H12I1J1KL12345M; BIGIPAuthUsernameCookie=admin; OAMAuthnHintCookie=0@0123456789

      accept-encoding: gzip, deflate

      content-length: 2

      Connection: keep-alive

       

      {}

      ** I sent an empty payload in the body

       

      Response

      {

        "transId": 1559746101292603,

        "state": "STARTED",

        "timeoutSeconds": 120,

        "asyncExecution": false,

        "validateOnly": false,

        "executionTimeout": 300,

        "executionTime": 0,

        "failureReason": "",

        "kind": "tm:transactionstate",

        "selfLink": "https://localhost/mgmt/tm/transaction/1559746101292603?ver=13.1.1"

      }

       

      2) Check to see if the transaction was created

       

      Request

      GET /mgmt/tm/transaction HTTP/1.1

      Host: my.f5.com

      Authorization: Basic YWRtaW46YWRtaW4=

      User-Agent: PostmanRuntime/7.13.0

      Accept: */*

      Host: my.f5.com

      cookie: BIGIPAuthCookie=1234A123B12341CDE123F1G12H12I1J1KL12345M; BIGIPAuthUsernameCookie=admin; OAMAuthnHintCookie=0@0123456789

      accept-encoding: gzip, deflate

      Connection: keep-alive

       

      Response

      {

        "items": [

          {

            "transId": 1559746101292603,

            "state": "STARTED",

            "timeoutSeconds": 120,

            "asyncExecution": false,

            "validateOnly": false,

            "executionTimeout": 300,

            "executionTime": 0,

            "failureReason": "",

            "kind": "tm:transactionstate",

            "selfLink": "https://localhost/mgmt/tm/transaction/1559746101292603?ver=13.1.1"

          }

        ],

        "kind": "tm:transactioncollectionstate",

        "selfLink": "https://localhost/mgmt/tm/transaction?ver=13.1.1"

      }

       

      3) Test transaction by getting some pool information

       

      Request

      GET /mgmt/tm/ltm/pool/~Common~splunk_syslog?$select=name,partition HTTP/1.1

      Host: my.f5.com

      X-F5-REST-Coordination-Id: 1559746101292603

      Authorization: Basic YWRtaW46YWRtaW4=

      User-Agent: PostmanRuntime/7.13.0

      Accept: */*

      Host: my.f5.com

      cookie: BIGIPAuthCookie=1234A123B12341CDE123F1G12H12I1J1KL12345M; BIGIPAuthUsernameCookie=admin; OAMAuthnHintCookie=0@0123456789

      accept-encoding: gzip, deflate

      Connection: keep-alive

       

      Response

      {

        "name": "splunk_syslog",

        "partition": "Common"

      }

       

      4) Commit the transaction by setting the status to "Validating"

       

      Request

      PATCH /mgmt/tm/transaction/1559744293160010 HTTP/1.1

      Host: my.f5.com

      Content-Type: application/json

      Authorization: Basic YWRtaW46YWRtaW4=

      User-Agent: PostmanRuntime/7.13.0

      Accept: */*

      Host: my.f5.com

      cookie: BIGIPAuthCookie=1234A123B12341CDE123F1G12H12I1J1KL12345M; BIGIPAuthUsernameCookie=admin; OAMAuthnHintCookie=0@0123456789

      accept-encoding: gzip, deflate

      content-length: 29

      Connection: keep-alive

       

      {

        "state": "VALIDATING"

      }

       

      Response

      {

        "code": 404,

        "message": "Missing transaction ID for this call.",

        "errorStack": [],

        "apiError": 2

      }

       

      All of these operations were performed within a few seconds of each other. I'm at a loss...

  • Cory_Blankenshi's avatar
    Cory_Blankenshi
    Icon for Altostratus rankAltostratus
    Jun 05, 2019

    So I figured out the cause...

     

    The error occurs when you attempt to commit a transaction that doesn't include any commands that create, modify, or delete an object on the F5, and GET requests don't count towards the transaction command list.

     

    There wasn't anything I remember seeing in the documentation about this and the error message had nothing at all to do with the issue, hence my confusion. Once I threw a few POST requests into the mix, the transaction went through.

     

    Thanks for your help on this!

  • Satoshi_Toyosa1's avatar
    Satoshi_Toyosa1
    Icon for Employee rankEmployee
    Jun 05, 2019

    I am glad to know that you found the root cause. I have tested the scenario in my environment and reproduced the error.

     

    With regard to the somewhat misleading error message, I will raise a request for enhancement to our product development team. The change may not come soon, but F5 is now aware of the issue.

     

    • Cory_Blankenshi's avatar
      Cory_Blankenshi
      Icon for Altostratus rankAltostratus
      Jun 05, 2019

      Thanks Satoshi! I really appreciate your help on this, and thanks also for letting the product development team know. :]