F5 Programmability Training

Current Page

Contents:

Previous topic

Lab 1.2: API Authentication

Next topic

Module 2: Programmatic Control of Firewall Services

F5 Programmability Training > Class 3: Introduction to SecDevOps > Module 1: iControl REST API Refresher Source | Edit on

Lab 1.3: Building a Basic LTM Config

Overview

In this lab, the iControl REST API will be used to build a basic monitor, node, pool, and virtual server configuration on the BIG-IP.

Specific Instructions

Prior to performing the below steps, validate that the Hackazon web site is not accessible via the Windows jump box by clicking on the Hackazon bookmark in the Chrome toolbar.

Follow the below steps in order found in the Postman collection to complete this portion of the lab. The requests and responses have been included below for reference.

Attention

Some response content has been removed for brevity.

1. Create an HTTP Monitor

An HTTP POST to the /mgmt/tm/ltm/monitor/http endpoint with a body containing the monitor configuration creates a monitor.

Request

POST https://{{big_ip_a_mgmt}}/mgmt/tm/ltm/monitor/http

Headers

Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}

Body

{
    "name":"hackazon_monitor",
    "send":"GET /\r\n"
}

Example Response

{
    "kind": "tm:ltm:monitor:http:httpstate",
    "name": "hackazon_monitor",
    "partition": "Common",
    "fullPath": "/Common/hackazon_monitor",
    "generation": 0,
    "selfLink": "https://localhost/mgmt/tm/ltm/monitor/http/~Common~hackazon_monitor?ver=13.0.0",
    "adaptive": "disabled",
    "adaptiveDivergenceType": "relative",
    "adaptiveDivergenceValue": 25,
    "adaptiveLimit": 200,
    "adaptiveSamplingTimespan": 300,
    "defaultsFrom": "/Common/http",
    "destination": "*:*",
    "interval": 5,
    "ipDscp": 0,
    "manualResume": "disabled",
    "reverse": "disabled",
    "send": "GET / HTTP/\r\n",
    "timeUntilUp": 0,
    "timeout": 16,
    "transparent": "disabled",
    "upInterval": 0
}

2. Create a Pool

An HTTP POST to the /mgmt/tm/ltm/pool endpoint with a body containing the configuration creates a pool with a node(s).

Request

POST https://{{big_ip_a_mgmt}}/mgmt/tm/ltm/pool

Headers

Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}

Body

{
    "name":"hackazon_pool",
    "monitor":"/Common/hackazon_monitor",
    "members": ["10.1.20.10:80"]
}

Example Response

{
    "kind": "tm:ltm:pool:poolstate",
    "name": "hackazon_pool",
    "partition": "Common",
    "fullPath": "/Common/hackazon_pool",
    "generation": 10781,
    "selfLink": "https://localhost/mgmt/tm/ltm/pool/~Common~hackazon_pool?ver=13.0.0",
    "allowNat": "yes",
    "allowSnat": "yes",
    "ignorePersistedWeight": "disabled",
    "ipTosToClient": "pass-through",
    "ipTosToServer": "pass-through",
    "linkQosToClient": "pass-through",
    "linkQosToServer": "pass-through",
    "loadBalancingMode": "round-robin",
    "minActiveMembers": 0,
    "minUpMembers": 0,
    "minUpMembersAction": "failover",
    "minUpMembersChecking": "disabled",
    "monitor": "/Common/hackazon_monitor ",
    "queueDepthLimit": 0,
    "queueOnConnectionLimit": "disabled",
    "queueTimeLimit": 0,
    "reselectTries": 0,
    "serviceDownAction": "none",
    "slowRampTime": 10,
    "membersReference": {
        "link": "https://localhost/mgmt/tm/ltm/pool/~Common~hackazon_pool/members?ver=13.0.0",
        "isSubcollection": true
    }
}

3. Create a HTTP Profile

An HTTP POST to the /mgmt/tm/ltm/profile/http endpoint with a body containing the configuration creates a profile.

Request

POST https://{{big_ip_a_mgmt}}/mgmt/tm/ltm/profile/http

Headers

Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}

Body

{
    "name":"hackazon_http_profile",
    "insertXforwardedFor":"enabled",
    "serverAgentName":"hackazon"
}

Example Response

{
    "kind": "tm:ltm:profile:http:httpstate",
    "name": "hackazon_http_profile",
    "partition": "Common",
    "fullPath": "/Common/hackazon_http_profile",
    "generation": 10783,
    "selfLink": "https://localhost/mgmt/tm/ltm/profile/http/~Common~hackazon_http_profile?ver=13.0.0",
    "acceptXff": "disabled",
    "appService": "none",
    "basicAuthRealm": "none",
    "defaultsFrom": "/Common/http",
    "defaultsFromReference": {
        "link": "https://localhost/mgmt/tm/ltm/profile/http/~Common~http?ver=13.0.0"
    },
    "description": "none",
    "encryptCookies": [],
    "insertXforwardedFor": "enabled",
    "serverAgentName": "hackazon"
}

4. Create a TCP profile

An HTTP POST to the /mgmt/tm/ltm/profile/tcp endpoint with a body containing the configuration creates a TCP profile.

Request

POST https://{{big_ip_a_mgmt}}/mgmt/tm/ltm/profile/tcp

Headers

Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}

Body

{
    "name":"hackazon_tcp_clientside_profile",
    "nagle":"disabled",
    "sendBufferSize":"16000"
}

Example Response

{
    "kind": "tm:ltm:profile:tcp:tcpstate",
    "name": "hackazon_tcp_clientside_profile",
    "partition": "Common",
    "fullPath": "/Common/hackazon_tcp_clientside_profile",
    "generation": 10784,
    "selfLink": "https://localhost/mgmt/tm/ltm/profile/tcp/~Common~hackazon_tcp_clientside_profile?ver=13.0.0",
    "abc": "enabled",
    "ackOnPush": "enabled",
    "appService": "none",
    "autoProxyBufferSize": "disabled",
    "autoReceiveWindowSize": "disabled",
    "autoSendBufferSize": "disabled",
    "closeWaitTimeout": 5,
    "cmetricsCache": "enabled",
    "cmetricsCacheTimeout": 0,
    "congestionControl": "high-speed",
    "defaultsFrom": "/Common/tcp",
    "defaultsFromReference": {
        "link": "https://localhost/mgmt/tm/ltm/profile/tcp/~Common~tcp?ver=13.0.0"
    },
    "keepAliveInterval": 1800,
    "nagle": "disabled",
    "sendBufferSize": 16000
}

5. Create a Virtual Server

An HTTP POST to the /mgmt/tm/ltm/virtual endpoint with a body containing the configuration creates a virtual server.

Request

POST https://{{big_ip_a_mgmt}}/mgmt/tm/ltm/virtual

Headers

Content-Type: application/json
X-F5-Auth-Token: {{big_ip_a_auth_token}}

Body

{
    "name":"hackazon_vs",
    "destination":"10.1.10.10:80",
    "ipProtocol":"tcp",
    "pool":"hackazon_pool",
    "sourceAddressTranslation": { "type":"automap" },
    "profiles": [
        { "name":"/Common/hackazon_tcp_clientside_profile", "context":"clientside" },
        { "name":"/Common/tcp-wan-optimized", "context":"serverside" },
        "/Common/hackazon_http_profile"
    ]
}

Example Response

Note

The profiles for this virtual server is a subcollection. This collection can be access by performing a GET on the profiles endpoint for this specific virtual server https://{{big_ip_a_mgmt}}/mgmt/tm/ltm/virtual/~Common~hackazon_vs/profiles.

{
    "kind": "tm:ltm:virtual:virtualstate",
    "name": "hackazon_vs",
    "partition": "Common",
    "fullPath": "/Common/hackazon_vs",
    "generation": 10785,
    "selfLink": "https://localhost/mgmt/tm/ltm/virtual/~Common~hackazon_vs?ver=13.0.0",
    "addressStatus": "yes",
    "autoLasthop": "default",
    "cmpEnabled": "yes",
    "connectionLimit": 0,
    "destination": "/Common/10.1.10.20:80",
    "enabled": true,
    "gtmScore": 0,
    "ipProtocol": "tcp",
    "mask": "255.255.255.255",
    "mirror": "disabled",
    "mobileAppTunnel": "disabled",
    "nat64": "disabled",
    "pool": "/Common/hackazon_pool",
    "poolReference": {
        "link": "https://localhost/mgmt/tm/ltm/pool/~Common~hackazon_pool?ver=13.0.0"
    },
    "rateLimit": "disabled",
    "rateLimitDstMask": 0,
    "rateLimitMode": "object",
    "rateLimitSrcMask": 0,
    "serviceDownImmediateAction": "none",
    "source": "0.0.0.0/0",
    "sourceAddressTranslation": {
        "type": "automap"
    },
    "sourcePort": "preserve",
    "synCookieStatus": "not-activated",
    "translateAddress": "enabled",
    "translatePort": "enabled",
    "vlansDisabled": true,
    "vsIndex": 9,
    "policiesReference": {
        "link": "https://localhost/mgmt/tm/ltm/virtual/~Common~hackazon_vs/policies?ver=13.0.0",
        "isSubcollection": true
    },
    "profilesReference": {
        "link": "https://localhost/mgmt/tm/ltm/virtual/~Common~hackazon_vs/profiles?ver=13.0.0",
        "isSubcollection": true
    }
}

6. Retrieve VS information

Request

GET https://{{big_ip_a_mgmt}}/mgmt/tm/ltm/virtual/~Common~hackazon_vs/

Headers

X-F5-Auth-Token: {{big_ip_a_auth_token}}

Example Response

{
    "kind": "tm:ltm:virtual:virtualstate",
    "name": "hackazon_vs",
    "partition": "Common",
    "fullPath": "/Common/hackazon_vs",
    "generation": 10785,
    "selfLink": "https://localhost/mgmt/tm/ltm/virtual/~Common~hackazon_vs?ver=13.0.0",
    "addressStatus": "yes",
    "autoLasthop": "default",
    "cmpEnabled": "yes",
    "connectionLimit": 0,
    "destination": "/Common/10.1.10.20:80",
    "enabled": true,
    "gtmScore": 0,
    "ipProtocol": "tcp",
    "mask": "255.255.255.255",
    "mirror": "disabled",
    "mobileAppTunnel": "disabled",
    "nat64": "disabled",
    "pool": "/Common/hackazon_pool",
    "poolReference": {
        "link": "https://localhost/mgmt/tm/ltm/pool/~Common~hackazon_pool?ver=13.0.0"
    },
    "rateLimit": "disabled",
    "rateLimitDstMask": 0,
    "rateLimitMode": "object",
    "rateLimitSrcMask": 0,
    "serviceDownImmediateAction": "none",
    "source": "0.0.0.0/0",
    "sourceAddressTranslation": {
        "type": "automap"
    },
    "sourcePort": "preserve",
    "synCookieStatus": "not-activated",
    "translateAddress": "enabled",
    "translatePort": "enabled",
    "vlansDisabled": true,
    "vsIndex": 9,
    "policiesReference": {
        "link": "https://localhost/mgmt/tm/ltm/virtual/~Common~hackazon_vs/policies?ver=13.0.0",
        "isSubcollection": true
    },
    "profilesReference": {
        "link": "https://localhost/mgmt/tm/ltm/virtual/~Common~hackazon_vs/profiles?ver=13.0.0",
        "isSubcollection": true
    }
}

7. Validate the virtual server

Click on the Hackazon bookmark in the Chrome toolbar and validate that the Hackazon web site is now accessible.

Previous Next

Support Programs

Regionally located support centers enable F5 to provide support in a number of languages through native-speaking support engineers.

See more

Contact Support

North America: 1-888-882-7535
Outside North America: 800-11-275-435

Local Support Numbers

Feedback and Help

Have questions, suggestions, or just want to get something off your chest? Let us know.

Leave feedback

About F5

Education

F5 sites

Support Tasks

Connect with us

© Copyright 2017 by F5 Networks, Inc. | Policies | Trademarks