Manual Chapter :
Model Context Protocol on BIG-IP
Applies To:
Show Versions
BIG-IP APM
- 21.0.0
BIG-IP Analytics
- 21.0.0
BIG-IP LTM
- 21.0.0
BIG-IP PEM
- 21.0.0
BIG-IP AFM
- 21.0.0
BIG-IP DNS
- 21.0.0
BIG-IP ASM
- 21.0.0
Model Context Protocol on BIG-IP
Overview: MCP in BIG-IP
The
Model Context Protocol (MCP)
is a communication protocol designed to support AI
applications that use large language models (LLMs) by managing and delivering relevant context
and by enabling integration with external tools and data sources, thereby managing conversational
context effectively. Since LLMs do not have built-in memory or real-time awareness, MCP acts as a
structured bridge between the model and external systems, ensuring that the right context is
available when needed. It helps manage and deliver relevant context, enables integration with
external tools, and allows AI systems to perform real-time tasks effectively.Managing MCP Traffic with BIG-IP
BIG-IP helps ensure MCP traffic is handled efficiently and reliably. It does the following:
- Distributes MCP traffic across multiple servers to balance the load and prevent overload on any single server.
- Persists sessions to same MCP server, which efficiently maintains 'locality' and minimizes any context maintained in the backend.
- Ensures MCP service continuity by detecting server failures and redirecting new requests to healthy servers. However, active sessions may require a client-initiated reconnection to resume communication.
- Monitors server health using HTTP and TCP checks to make sure everything is running smoothly.
- Ensures well-formed JSON-RPC in MCP requests.
- Enables inspection, modification, deletion, and iRule programmability of live protocol traffic.
- Detects and reports errors in MCP requests and responses, helping with quick troubleshooting.
- Improves performance using OneConnect (to reuse connections) and Compression profiles (to reduce payload sizes).
BIG-IP essentially acts as a smart traffic manager in front of your MCP servers—keeping things
fast, stable, and easier to monitor.
Understanding the Role of JSON and SSE Profiles in MCP Traffic
MCP uses JSON-RPC 2.0 to format messages and supports two ways of transporting them:
Streamable HTTP and, for compatibility, HTTP SSE. To handle these properly, BIG-IP needs JSON
and
Server-Sent Events (SSE)
profiles along with an HTTP profile. These profiles let
BIG-IP understand the structure and flow of MCP traffic, ensuring that messages are correctly
parsed, connections are handled properly, and protocol-level optimizations or inspections can be
applied. Without them, BIG-IP would not be able to fully support or manage MCP traffic
effectively. For information on SSE, refer to https://developer.mozilla.org/en-US/docs/Web/API/Server-sent_events/Using_server-sent_eventsNew iRules are introduced to support JSON and SSE configurations, allowing for more granular
traffic management and customization. For more information, see F5's
Master List of iRule Commands.
Configuring MCP using WebUI
To configure MCP on BIG-IP, you’ll need to create two profiles: one for
Server-Sent Events
(SSE)
and another for JSON processing
. Once both profiles are created, they should be
attached to the Virtual Server that handles MCP traffic.Creating JSON Profile
- On the Main tab, click .
- ClickCreate. The new JSON Profile screen opens.
- In theNamefield, provide a name for the JSON profile.
- To change the default settings, select theCustomcheckbox and modify the values as required.
- maximum bytes: Specifies the maximum number of bytes that can be processed in a JSON document. The default value is 65536 and the maximum value supported is 10 MB.
- maximum entries: Specifies the maximum number of entries allowed in the JSON body. The default value is 2048.
- maximum non-JSON bytes: Specifies the maximum number of non-JSON bytes that can be buffered per message while waiting for the complete JSON payload. The default value is 32768.
- ClickFinished.
- In the profiles list, if you select the check box for a JSON profile, you can either delete, update, or view details about the profile in the list.
Creating SSE Profile
- On the Main tab, click .
- ClickCreate. The new SSE Profile screen opens
- In theNamefield, provide a name for the SSE profile
- Provide the values for:
- max field name size: the default value is 1024.
- max buffered msg bytes: This limit is only relevant when an SSE_RESPONSE irule event is configured. The max buffered msg bytes can be configured upto 10 MB. The default value is 65 KB.
- ClickUpdateto save the changes.
Configuring MCP using TMSH
- Before creating a new SSE profile, you can review the default settings.(tmos)# list ltm profile sse all-properties ltm profile sse sse { app-service none defaults-from none description none max-buffered-msg-bytes 65536 max-field-name-size 1024 partition Common }
- Create a custom SSE profile with specific buffer and field size limits.(tmos)# create ltm profile sse sse_new max-buffered-msg-bytes 1000 max-field-name-size 500
- You can also view the default settings of the built-in JSON profile.(tmos)# list ltm profile json all-properties ltm profile json json { app-service none defaults-from none description none maximum-bytes 65536 maximum-entries 2048 maximum-non-json-bytes 32768 partition Common }
- Define a custom JSON profile with limits tailored for your application’s needs.(tmos)# create ltm profile json json_new maximum-bytes 3000 maximum-entries 1000 maximum-non-json-bytes 2000
- Create a virtual server and attach the JSON, and SSE profiles to it.(tmos)# create ltm virtual vs1 profiles add {json sse http}
Ensuring Persistence for MCP Sessions
MCP traffic is session-based, so each client session must remain pinned to the same server for the duration of its lifetime.
To maintain session integrity, you must configure persistence. This requires an iRule that:
- Detects MCP endpoints.
- Routes requests based on session tokens.
- Inserts persistence tokens into responses.
- Maintains session affinity across requests.
For more information of persistence irule, refer to https://clouddocs.f5.com/api/irules/persist.html.
You can use the following iRule to ensure session persistence for MCP traffic:
# for sse (we may need to adjust it to use SSE event, not SERVER_DATA when HTTP_REQUEST { if { [HTTP::uri] eq "/sse" } { return; #lb to server; } set lb [table lookup endpoint_[HTTP::uri]] pool [lindex $lb 0] member [lindex $lb 1] [lindex $lb 2] } when SERVER_CONNECTED { TCP::collect } when SERVER_DATA { set event [string trim [findstr [TCP::payload] "event:" 6 "\n"]] set data [string trim [findstr [TCP::payload] "data:" 5 "\n"]] if { $event eq "endpoint" } { table set ${event}_${data} [LB::server] 86400 } TCP::release TCP::collect } # for http stream when HTTP_REQUEST { set sid [HTTP::header Mcp-Session-Id] if {$sid ne "" } { persist uie $sid 86400 } else { persist none } } when HTTP_RESPONSE { set sid [HTTP::header Mcp-Session-Id] if {$sid ne "" } { persist add uie $sid 86400 } }
Enabling Logging for Troubleshooting
To help monitor or debug how BIG-IP is handling MCP traffic through JSON and SSE profiles, you can enable debug logging using the following tmsh commands:
- (tmos)# modify sys db log.sse.level value debug
- (tmos)# modify sys db log.json.level value debug
Statistics for SSE
Following are the new stats added for SSE:
Field Name |
Description |
|---|---|
sse_response_msgs |
Total number of sse response message handled by SSE hudfilter |
sse_response_irule_invocations |
Total number of irule invocations for SSE response message. |
sse_response_err_irule_invocations |
Total number of irule invocations error during handling of SSE response message. |
aborts_initiated |
Total number of aborts initiated by SSE hudfilter for various error conditions. |
max_queued_ingress_bytes |
Max queued ingress bytes for SSE. |
