Forum Discussion

PT2012's avatar
PT2012
Icon for Nimbostratus rankNimbostratus
May 18, 2020

Icall routing path

Hi,

 

We currently have an icall for crl. When it makes the call to a url, that url has a host entryon the F5 which is a Virtual server on the same F5. The virtual server then forwards to its pool member which is a proxy server.

What i can't seem to confirm is the direction the icall traffic takes. It originates from the F5 self but will it go direct to the vs because of the "host" entry or will it use the default route? The routing table suggests that as the vs is not one of the usual vlans on the F5 it will go out via the default gateway. However the behaviour suggests its going direct from the F5self to the vs and out to the proxy.

 

If the traffic is going internally how will i prove this as it won't show on the tcpdump. Its got me scratching my head.

 

Thanks

iCall
LTM
security

1 Reply

Sort By
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    May 21, 2020

    Hello,

    The BIG-IP device hosts configuration sets the Linux /etc/host file, so it should covers your destination on iCall.

    To confirm that, you can generate and check this on a stderr file output.

    By the way, I think is better to force the entry on curl command to explicit read the destination what you want to reach:

    e.g.

    sys icall script mytest_script {
    app-service none
    definition {
        exec curl -v --resolve www.mytest.net:80:10.10.10.10 http://www.mytest.net -io /var/tmp/mytest.content --stderr /var/tmp/mytest.out
    }
    description none
    events none
}
    [root@bigipdelta:Active:Standalone] config # cat /var/tmp/mytest.content
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Type: text/html
Location: /default.asp
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDCCRBADCC=JGANCIGDDJDPPPJCGEEABGIF; path=/
Date: Thu, 21 May 2020 19:25:13 GMT
Content-Length: 133
 
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/default.asp">here</a>.</body>
    [root@bigipdelta:Active:Standalone] config # cat /var/tmp/mytest.out
* Rebuilt URL to: http://www.mytest.net/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.10.10.10...
* Connected to www.mytest.net (10.10.10.10) port 80 (#0)
> GET / HTTP/1.1
> Host: www.mytest.net
> User-Agent: curl/7.47.1
> Accept: */*
>
< HTTP/1.1 302 Object moved
< Cache-Control: private
< Content-Type: text/html
< Location: /default.asp
< Server: Microsoft-IIS/10.0
< Set-Cookie: ASPSESSIONIDCCRBADCC=JGANCIGDDJDPPPJCGEEABGIF; path=/
< Date: Thu, 21 May 2020 19:25:13 GMT
< Content-Length: 133
<
{ [133 bytes data]
100   133  100   133    0     0  15414      0 --:--:-- --:--:-- --:--:-- 16625
* Connection #0 to host www.mytest.net left intact

    I hope it helps.