F5 LTM – iRule`s

What is an iRule ?

iRules are built using a TCL-based scripting language allowing arbitrary manipulation of traffic flowing through the BIG-IP, including real-time modification of defined data.

Components of an iRule

A typical iRule contains four main components.

These are :

rule NAME {
  when EVENT {
    if { conditional_statement } {
      action_when_condition_true
  }
    }
      }

• Name  – The name a) Must begin with a letter b) contain no special characters or spaces. A naming best practice is to capitalize first letter of trailing words.
• Event – Events define multiple points during a client session, the iRule is then triggered when the specified event occurs. There are more than 50 types of Events such as HTTP_REQUEST, CLIENT_ACCEPTED etc.
• Conditional Statement – If a particular condition exists A condition is built based on relational/logical operators (explained further within the Rule Operators section).  The following shows an example is the matching the string ‘txt’ at the end of an uri ; the condition would be if { [HTTP::uri] ends_with “txt” }.
• Perform an action – An action determines the response to a condition statement.

Rule Operators

There are 2 types of Rule operators. These are :

1. Logical Operators

There are 3 logical operators for use within an iRule. These are :

• and – performs a logical and comparison between 2 values
• not – performs a logical not on a value
• or – performs a logical or comparison between 2 values

2. Relational Operators

Below shows the various relational strings operators :

• contains – tests if one string contains another string.
• ends_with – tests if one strings ends with another string.
• equals – tests if one string equals another string.
• matches_glob – implements glob style matching within a comparison.
• matches_regex – tests if one string matches a regular expression.
• starts_with – tests if one string starts with another string.
• switch – evaluates one of several scripts, depending on a given value.

iRule Commands

Query commands

Query commands search for header and content data. An example is IP::remote_addr, which searches for and returns the remote IP address of a connection.

Action / Modification Commands

Action / Modification Commands perform actions such as inserting headers into HTTP requests. An example is HTTP::header remove <name>, which removes the last occurance of the named header from a request or response.

Statement Commands

Statement Commands specify traffic destinations such as Pools or URLs. Example pool <name>, which directs traffic to a named pool.

UIE Commands

UIE Commands are functions that perform deep packet inspection. The iRule can use the results to select a Pool or Pool member. An example decode_uri <string>, which decodes the names string using HTTP URI encoding and returns the result.

Syntax and Best Practice

When configuring an iRule there are 3 common “best” practice rules that should be followed.

1. Write iRules that cover all conditions.
2. Write small efficient iRules.
3. Know your network packet data that you are writing your iRule around.

Configuring iRules

Configuration Sequence

1. Create Pools
2. Create iRule
3. Map iRule to Virtual Server

Creating an iRule

1. Within the GUI goto ‘Local Traffic > iRules > Create’
2. Enter Name
3. Then add the iRules syntax into the definition text box.
4. Click Finished.
5. Within the Virtual Server go to the Resources section and click Manage.
6. Add the necessary iRule.

Example

This iRule is configured to pass traffic onto Pool1 if the HTTP request URI ends with txt. Otherwise traffic will be sent to Pool2.

rule rule_txt_end {
   when HTTP_REQUEST {
     if {[HTTP::uri] ends_with “txt”} {
       pool Pool1
   }
     else { pool Pool2 }
   }
}

Commands

b rule list – Lists current iRules.

References

http://en.wikipedia.org/wiki/F5_Networks

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become an F5 Loadbalancers expert?

Here is our hand-picked selection of the best courses you can find online:
F5 BIG-IP 101 Certification Exam – Complete Course
F5 BIG-IP 201 Certification Exam – Complete Course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial