This is an interesting subject, and I'd also love to hear other peoples answers.
If we're talking real-time checks you might be better off with SNMP.
Reason being that giving people access through iControl basically gives them access to the GUI of the F5, as they have to be able to access it via https to query via iControl. REST is even worse at the moment as it needs full admin access on top of that.
I did see one company use a combination or REST and an XML gateway. They then could filter which REST methods that was allowed through the XML gateway and they could also use the Active directory to grant permissions.
Generally I'd recommend against letting people do polling against the F5s since it really does not take much to bring them down with a simple configuration mistake in ie. "SoapUI". I saw this happen during a demonstration once and it was pretty scary.
With SNMP you could let the chosen monitoring software, ie Zabbix poll the pool members while the clients poll Zabbix via SOAP.
OR you can use a virtual server and let them poll that instead. I wrote this iRule to add status information from Office clients (some of the information actually includes pool member statuses). Maybe you can rewrite it to your liking? Please note that I'm not sure how TMOS gets the pool member statuses and the performance impact in doing so may times. We've had no performance issues at all though.
when CLIENT_ACCEPTED {
set originaluri ""
set urisenttoserver ""
set originalhost ""
set hostsenttoserver ""
set chosenpool ""
set memberstatus ""
if { [class match [IP::remote_addr] equals OurOffices] || [IP::addr [IP::remote_addr] equals "192.168.0.0/16"] } {
set internal 1
} else {
set internal 0
}
}
when HTTP_REQUEST {
if { $internal eq 1 } {
set httpreqstarttime [clock clicks -milliseconds]
set originaluri [HTTP::uri]
set originalhost [HTTP::host]
}
}
when LB_SELECTED {
if { $internal eq 1 } {
set selectedpool [LB::server pool]
set selectedserver [LB::server addr]
set selectedport [LB::server port]
Get the members of the currently selected pool
set mbrs [members -list $selectedpool]
Get the status for each member
foreach mbr $mbrs {
set mbrlist [split $mbr " "]
set memberip [lindex $mbrlist 0]
set memberport [lindex $mbrlist 1]
set status [LB::status pool $selectedpool member $memberip $memberport]
set memberstatus "$memberstatus$mbr $status;"
}
}
}
when HTTP_REQUEST_RELEASE {
if { $internal eq 1 } {
set urisenttoserver [HTTP::uri]
set hostsenttoserver [HTTP::host]
}
}
when HTTP_REQUEST_SEND {
if { $internal eq 1 } {
set httpreqsenttime [clock clicks -milliseconds]
}
}
when HTTP_RESPONSE {
if { $internal eq 1 } {
set timetakenserver [expr {[clock clicks -milliseconds] - $httpreqsenttime}]
HTTP::header insert X-TimeTaken-Server "$timetakenserver"
HTTP::header insert X-Original-URI $originaluri
HTTP::header insert X-URI-Sent-To-Server $urisenttoserver
HTTP::header insert X-Virtual-Server-Name [virtual name]
if { $selectedpool eq "" } {
HTTP::header insert X-Selected-Pool "No pool selected"
} else {
HTTP::header insert X-Selected-Pool $selectedpool
HTTP::header insert X-Active-Members [active_members $selectedpool]
}
if { $selectedserver eq "" } {
HTTP::header insert X-Selected-Server "No server selected"
} else {
HTTP::header insert X-Selected-Server $selectedserver
}
if { $selectedport eq "" } {
HTTP::header insert X-Selected-Port "No port selected"
} else {
HTTP::header insert X-Selected-Port $selectedport
}
if { $memberstatus eq "" } {
HTTP::header insert X-Member-Status "No members"
} else {
HTTP::header insert X-Member-Status $memberstatus
}
HTTP::header insert X-Original-Host $originalhost
HTTP::header insert X-Host-Sent-To-Server $hostsenttoserver
}
}
when HTTP_RESPONSE_RELEASE {
if { $internal eq 1 } {
set timetakenbigip [expr {[clock clicks -milliseconds] - $httpreqstarttime - $timetakenserver}]
HTTP::header insert X-TimeTaken-BigIP "$timetakenbigip"
}
}
Hope that helps. If you did not ask for real-time information there is already pre-made tools to generate a report of the current configuration in the code share. 🙂
/Patrik