iControl (SOAP) Home


If you are interested in BIG-IP deployment automation via iControl/REST APIs, be sure to visit |as3| and |fast|.
AS3 is our next-generation customer-facing declarative API designed to accelerate BIG-IP application services deployments as well as simplify integrations with 3rd party orchestration systems and CI/CD toolchains.
FAST is our next-generation configuration templating technology built on AS3.

Welcome to the iControl (SOAP) section! iControl is the first open API that enables applications to work in concert with the underlying network based on true software integration. Utilizing SOAP/XML to ensure open communications between dissimilar systems, iControl helps F5 customers, leading independent software vendors ( ISVs ), and Solution Providers realize new levels of automation and configuration management efficiency. Whether monitoring network-level traffic statistics, automating network configuration and management, or facilitating next generation service-oriented architectures, iControl gives organizations the power and flexibility to ensure that applications and the network work together for increased reliability, security, and performance. Further, iControl has proven itself as a valuable technology that can help reduce the cost of managing complex environments.

Get Started with iControl

If you’re new to iControl, DevCentral, Wikis, or all three, and are looking for a good place to get started, here are a few recommendations.

  • iControl 101 - #05 - Exceptions
  • iControl 101 - #06 - File Transfer APIs
  • iControl 101 - #07 - User Management
  • iControl 101 - #08 - Partitions - Configuration Partitions allow you to control access to BIG-IP system resources by BIG-IP administrative users. This article will discuss how to manage Configuration Partitions with the iControl programming interfaces.
  • iControl 101 - #09 - iRules - iRules are the internal scripting language of the BIG-IP and can be used to attain full control of traffic flowing through your network. But, did you know that you can automate the management of iRules across your Virtual Servers with iControl? This article will discuss the iControl methods that can be used to query, create, delete iRules as well as how to apply them to Virtual Servers.
  • iControl 101 - #10 - System Inet - The little-known System Inet interface is used to access internal API functionality that you can use to test name resolutions as well as service mappings and time settings. This article will discuss the methods in and illustrate some example usages of the System Inet interface.
  • iControl 101 - #11 - Performance Graphs - The BIG-IP stores history of certain types of data for reporting purposes. The Performance item in the Overview tab shows the report graphs for this performance data. The management GUI gives you the options to customize the graph interval but it stops short of giving you access to the raw data behind the graphs. Never fear, the System.Statistics interface contains methods to query the report types and extract the CSV data behind them. You can even select the start and end times as well as the poll intervals. This article will discuss the performance graph methods and how you can query the data behind them and build a chart of your own.
  • iControl 101 - #12 - Database Variables - iControl exposes thousands of methods to get and set attributes associated with all of the core object types (Virtuals, Pools, etc). The API also covers non-core objects such as SNMP and Certificates. But, there are some settings that are stored in our internal database that are not directly exposed via the API, but that’s not to say that they are not “indirectly” exposed. This article will discuss how to use the Management::DBVariable interface to get at those hidden configuration settings.
  • iControl 101 - #13 - Data Groups - Data Groups can be useful when writing iRules. A data group is simply a group of related elements, such as a set of IP addresses, URI paths, or document extensions. When used in conjuction with the matchclass or findclass commands, you eliminate the need to list multiple values as arguments in an iRule expression. This article will discuss how to use the methods in the LocalLB Class interface to manage the Data Groups for use within iRules.
  • iControl 101 - #14 - License Administration - An important aspect of system management is maintaining the licenses on the devices you are responsible for. The BIG-IP includes a programmatic interface to allow you to query the current license information and upload and apply new licenses to the device allowing the automation of this management task. This article will discuss the Management.LicenseManagement interface in the iControl API and how you can use it to keep your BIG-IP’s license up to date.
  • iControl 101 - #15 - System Services - This installment of iControl 101, I’ll focus on the System Service interface where you can have full control of the running state of all the services on the system
  • iControl 101 - #16 - Self IPs - In this article, I will discuss the Networking.SelfIP interface in which you have control over the IP addresses owned by the BIG-IP system that you use to access the internal and external VLANs
  • iControl 101 - #17 - Port Mirror - Port mirroring, also known as Interface mirroring, is a feature that allows you to copy traffic from any port or set of ports to a single, separate port where a sniffing device is attached. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion-detection system (IDS). The BIG-IP allows for creating mirroring on network interfaces and this article will discuss how to create and manage those mirrors with the iControl API.
  • iControl 101 - #18 - Stream Profile - One of the common uses for an iRule is to search for a string and replace it with another string. For advanced searches that involve complex string parsing or regular expressions, iRules are the way to go. But if you are just looking at modifying a hostname in a URI or maybe even just changing all returned URI’s from http to https for a ssl offloaded server farm, then the often overlooked Stream Profile is a highly optimized way to do this. This article will discuss how to programmatically create a Stream Profile to replace all occurances of “http://” with “https://”, apply it to a virtual server, query statistics, and undo the process
  • iControl 101 - #19 - Time Conversions - In the iControl API there are several methods that return time values. Some are in nicely packed structures with the year, month, day, hour, minute, and second extracted for you, but there are other methods that return just a single long integer for the time. This article will discuss how to work with the different time values and convert them to local time.
  • iControl 101 - #20 - Port Lockdown - Each self IP address has a feature known as port lockdown. Port lockdown is a security feature that allows you to specify particular UDP and TCP protocols and services from which the self IP address can accept traffic. This article will dicuss how to use the iControl API to manage Port Lockdown Access Lists.
  • iControl 101 - #21 - Rate Classes - The BIG-IP local traffic management system includes a feature called rate shaping which allows you to enforce a throughput policy on incoming traffic. Throughput policies are useful for prioritizing and restricting bandwidth on selected traffic patterns.
  • iControl 101 - #22 - GTM Data Centers - The components that make up the BIG-IP Global Traffic Manager can be divided into two categories: logical and physical components. Logical Components are abstractions of network resources, such as virtual servers. Physical components, on the other hand, have a direct correlation with one or more physical entities on the network. In this article, I will disucss Data Centers (one of the physical network components in the Global Traffic Manager) and illustrate how to programmatically manage them with the iControl API
  • iControl 101 - #23 - Module Resource Provisioning - A somewhat unknown feature on the BIG-IP is the ability to override the default resource allocations for core modules on the BIG-IP. This is available in the product GUI under the System’s “Resource Provisioning menu”. In this article, I’m going to walk you through the iControl Management.Provision interface and show you how to automate the configuration of the resources.
  • iControl Apps - #01 - Disabling Node Servers
  • iControl Apps - #02 - Local Traffic Summary - The BIG-IP Management GUI has a feature called the Network Map that includes a summary of the objects on the system and their current statuses. This tech tip will take that GUI component and break it down into the underlying iControl method calls and present an alternative implementation from within Windows PowerShell
  • iControl Apps - #03 - Local Traffic Map - The BIG-IP Management GUI has a feature called the Network Map that includes a hierarchical summary of the objects on the system and their current statuses. This tech tip follows on to my previous Local Traffic Summary article and will take that GUI component and break it down into the underlying iControl method calls and present an alternative implementation from within Windows PowerShell
  • iControl Apps - #04 - Graceful Server Shutdown - This question comes up quite often here on DevCentral: “How can I gracefully shut down my servers for maintenance without disrupting current user sessions?”. In fact, I answered this question just the other day again the iControl forum and figured I’d throw out an application that accomplished this. So I went about writing this application to allow for the graceful shutdown of a given pool member. Of course, the application wouldn’t be complete without listing the pools and members for a specified pool as well as allowing for enabling and disabling of the server so I went ahead and included those pieces as a bonus.
  • iControl Apps - #05 - Rate Based Statistics - One of the key features of iControl is the ability to monitor statistics of the various objects on the system. Whether it’s for capacity planning or auditing and billing purposes, the numbers behind how your applications are being utilized on the network are very important. The iControl API allows for querying of statistics for most of the major objects including Virtual Servers, Pools, Pool Members, and Node Addresses. This data is returned as counters but most often the desired presentation of this data is in the form of a rate such as bits or connections per second. This article will show how to query the counter values and calculate rate based statistics for a given virtual server.
  • iControl Apps - #06 - Configuration Archiving - Let’s face it, we like to believe that disaster will never happen, but how many times have you accidentally deleted a document you have been working on for a presentation without a working backup? Odds are more than once. If it can happen on your desktop, then it can happen on the network and imagine the situation where your network configuration is running the bread and butter for your company. Wouldn’t it be nice to have the knowledge that your network configuration is securely archived for easy recovery? Well, this article will illustrate an application that performs configuration archiving for a BIG-IP device by allowing for the creation of configuration restore points as well as remote file upload/download capabilities. Read this article, and fear no more!
  • iControl Apps - #07 - System HTTP Statistics - I was digging through the iControl interfaces the other day and it’s still amazing to me, after being around since the beginning of the API, to find new and cool stuff hiding in there. Today’s find was lurking within the System.Statistics interface. There are literally dozens of method calls to pull out all sorts of useful statistics and the one I picked for today is the System HTTP Statistics which are a rollup of all HTTP Profiles’ statistics. This application will build a report on everything you wanted to know from an HTTP level such as how many 5xx responses have been served to the number of bytes of compressed video and the RAM cache hits and misses.
  • iControl Apps - #08 - System IP Statistics - A question came across recently about how to query aggregate IP based statistics for the entire BIG-IP. My previous tech tip covered reporting on System HTTP statistics so I thought this was a great chance to continue on that thread with another PowerShell
  • iControl Apps - #09 - System TMM Statistics - Continuing on with my series of applications on system level statistics, this application will look into the insides of the TMOS processes on the system and dump out the available statistics exposed in the System.Statistics.get_tmm_statistics() method.
  • iControl Apps - #10 - Bigpipe List - A question came across the forums a while ago around how to get a human readable version of the configuration on the BIG-IP LTM from the iControl APIs
  • iControl Apps - #11 - Global GTM Statistics - Continuing on with my series of applications on system level statistics, this application will look into the insides of the GTM processes on the system and dump out the available statistics exposed in the System.Statistics.get_gtm_global_statistics() method.
  • iControl Apps - #12 - Global SSL Statistics - Continuing on with my series of applications on system level statistics, this application will look into the insides of the SSL subsystem and dump out the available statistics for client and server based SSL processing.
  • iControl Apps - #13 - System PVA Statistics - Continuing on with my series of applications on system level statistics, this application will look into the insides of the Packet Velocity ASIC (PVA) subsystem and dump out the available statistics for client and server based hardware offloaded processing.
  • iControl Apps - #14 - Global Statistics - Continuing on with my series of applications on system level statistics, this application will look into the insides of the global system level statistics for the device. The global statistics containformation on Auth, Bytes, Connections, CPU, Denials, Errors, Hardware, HTTP, Memory, Packets, and the TMM.
  • iControl Apps - #18 - Virtual Server Reverse Lookup - Virtual Servers are accessed by user friendly name. In some cases you will want to know which Virtual Servers are using a given address. This script takes as input a wildcard spec for the address:port of a virtual server and lists the address:port and name for all matches.
  • iControl Apps - #19 - Pool Membership Reverse Lookup - Pool’s are collections of pool members which are IP address and ports for a specific back end application server. Currently through the iControl API there is no direct way to do a reverse lookup of which pools a specified application server is a member of. This application will, given a pool member specification, do a reverse lookup and list all the associated pools that member is included in.
  • iControl Apps - #20 - Server Control - The issue of server state continues to come up in the DevCentral
  • Creating An iControl Monitoring Dashboard With Google Charts - PowerShell is a very extensible scripting language and the fact that it integrates so nicely with iControl means you can do all sorts of fun things with it. In this tech tip, I’ll illustrate how to use just a couple of iControl method calls (3 to be exact) to create a load distribution dashboard for you desktop (with a little help from the Google Chart API).
  • Concurrent iControl Programming Explained - iControl is a set of web services methods that can be called in any order by any number of clients. Typically an application is written with the plan that it is the only one accessing your devices. In some cases though, you may require the ability to have programs making configuration changes concurrently. In this article, I’ll discuss the iControl lock methods that allow for each application to play well with each other.
  • Managing the System Boot Location with iControl
  • Full list of iControl Tech Tips

Reference Topics

Here’s a list of some reference information that you can use to help you with all of your iControl needs. Note that these are available from most Wiki pages in the navigation pane to the left of the screen.

Advanced Topics

Are you looking to delve deeper into iControl? Would you like to find some more complex examples and commands? Well then this is what you’re looking for, here’s a list of the more Advanced iControl topics. Be sure to check out the CodeShare too, for some great examples of putting iControl to work.

  • Perl - A list of Perl related resources here on DevCentral.
  • PowerShell - A list of PowerShell related resources here on DevCentral.

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.