Guide to IRules

F5 Networks Agility 2015:iRules 101 Lab Guide

Participant Hands-on Lab Guide

Last Updated: 6/1529/15

©2014 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.

Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5.

These training materials and documentation are F5 Confidential Information and are subject to the F5 Networks Reseller Agreement. You may not share these training materials and documentation with any third party without the express written permission of F5.

iRules 101

TABLE OF CONTENTSTable of Contents..................................................................................................................................................3

Lab 1 – Load Balance by Client Port......................................................................................................................5

TASK 1 – Create the iRule with F5 iRule Editor...................................................................................................................5

TASK 2 – Create the iRule with F5 Web Configuration Utility (the GUI).............................................................................8

TASK 3 – Add iRule to Virtual Server..................................................................................................................................9

TASK 4 – Test iRule...........................................................................................................................................................10

Lab 2 – Redirect HTTP traffic to HTTPS................................................................................................................12

TASK 1 – Create the iRule.................................................................................................................................................12

TASK 2 – Add iRule to Virtual Server................................................................................................................................13

TASK 3 – Test iRule...........................................................................................................................................................14

Lab 3 – Using String Tools....................................................................................................................................16

TASK 1 – Create the iRule for “contains”..........................................................................................................................16

TASK 2 – Add iRule to Virtual Server for “contains”.........................................................................................................17

TASK 3 – Test iRule for “contains”....................................................................................................................................18

TASK 4 – Create the iRule for “findstr”.............................................................................................................................19

TASK 5 – Add iRule to Virtual Server for “findstr”............................................................................................................20

TASK 6 – Test iRule for “findstr”.......................................................................................................................................20

Lab 4 – HTTP Headers..........................................................................................................................................22



TASK 3 – Test iRule...........................................................................................................................................................24

TASK 4 – Modify the iRule................................................................................................................................................25

TASK 5 – Test iRule with New Updates.............................................................................................................................26

Lab 5 – Stream Expression...................................................................................................................................28


TASK 2 – Test the Web Page Before Applying the iRule...................................................................................................30


TASK 4 – Test iRule...........................................................................................................................................................32

Lab 6 – Using The Virtual Command...................................................................................................................36


TASK 2 – Test the Web Page Before Applying the iRule...................................................................................................37


TASK 4 – Test iRule...........................................................................................................................................................40

Lab 7 – Maintenance Page..................................................................................................................................43

F5 2015 Agility: iRules 101 Lab Guide - of 50

iRules 101



TASK 3 – Test iRule...........................................................................................................................................................45


iRules 101

LAB 1 – LOAD BALANCE BY CLIENT PORTThis lab guide will require the student to create an iRule to check if the client source port is odd or even. If the client source port is odd then send the client traffic to a pool named odd. If the client source port is even then send the client traffic to a pool named even.

Objective: Identify client source port and make pool decision

Log results

Lab Requirements: One virtual server

Two server pools with: a pool named odd and a pool named even. The pool odd will only have pool members with an odd-numbered final octet (e.g., 10.128.20.11), while the pool even will only have pool members with an even-numbered final octet IPs (e.g. 10.128.20.11 = odd, 10.128.20.12 = even)

Estimated completion time: 15 minutes

TASK 1 – Create the iRule with the F5 iRule EditorYou can create iRules using the F5 iRule Editor (on your jump box desktop) or through the F5 web configuration utility. We will walk through both methods in order to become familiar with either both options. For future labs, pick your favorite method.

Option #1: F5 iRules Editor

1. Open the F5 iRules Editor on the desktop.

2. Choose File > Connect or hit the “Connect” icon (it looks like a sprocket) in the upper left corner.3. A connection dialogue is presented.

a. Hostname = bigip.f5demo.comb. Username = adminc. Password = admin


iRules 101

4. Once you are connected you will see the configuration screen below

[5.] Once connected, cChoose File > New to create a new iRule5.[6.] Supply a name of ir_lab1_client_port, choose the “Blank” template, and click OK


iRules 101

6.[7.] Add content to the iRule (see below)

In the right hand frame we you will create an iRule. We Your code starts with an event in this iRule called CLIENT_ACCEPTED. This event fires with every new connection. Now the event needs to do something when fired. Enter the following text:.

when CLIENT_ACCEPTED { set port_is_odd [expr [TCP::remote_port] & 1] if { $port_is_odd } { log local0. "Port [TCP::remote_port] is odd" pool odd } else { log local0. "Port [TCP::remote_port] is even" pool even }}

One convenient thing about the iRule Editor is the syntax highlighting and line numbers. When the above iRule is placed into the editor, it will look similar to this next picture.


iRules 101

7.[8.] Choose File > Save to write the config to the F5

→NOTE: [blank]

TASK 2 – Create the iRule with F5 Web Configuration Utility (the GUI)As mentioned previously, iRules can be created in the F5 iRule Editor or directly on the F5 web configuration utility. This task will give the steps to create an iRule on the F5 web configuration utility. For future labs, pick your favorite method. If you created the iRule already in Task 1 within the F5 iRule Editor, then skip to Task 3.

1. Open a web browser and login to the F5 (a favorite is already saved in Chrome and on desktop)a. Hostname = https://bigip.f5demo.com b. Username = adminc. Password = admin

2. Choose Local Traffic Manager > iRules


Vernon Wells, 06/26/15,

I don’t understand this. The stated objective above is to try both methods. I assume all students will do the first, so by this instruction, they will all skip this step.

https://bigip.f5demo.com/

iRules 101

3. When the page loads, hit “Create” on the right side4. Supply a name of ir_lab1_client_port5. Add content to the iRule (see below)

We start with an event in this iRule called CLIENT_ACCEPTED. This event fires with every new connection. Now the event needs to do something when fired. Enter the following text.

when CLIENT_ACCEPTED { set port_is_odd [expr [TCP::remote_port] & 1] if { $port_is_odd } { log local0. "Port [TCP::remote_port] is odd" pool odd } else { log local0. "Port [TCP::remote_port] is even" pool even }}

6. When done, hit “Finished”

TASK 3 – Add iRule to Virtual Server1. Open a web browser and login to the F5

a. Hostname = https://bigip.f5demo.com b. Username = adminc. Password = admin

2. Choose Local Traffic Manager > Virtual Servers

[3.] Select the virtual server named “lab1_vs”3.[4.] Choose the “Resources” tab4.[5.] In the iRules section, hit the “Manage” button to the right to display a list of iRules5.[6.] Select the newly created iRule named “ir_lab1_client_port” and add it to the “Enabled” section



iRules 101

6.[7.] Hit “Finished” to complete and the iRule is now attached to the virtual server

TASK 4 – Test the iRuleThis task will involve generating some traffic to test the iRule. We You will verify functionality by opening a web browser to the test site as well asand by reviewing the /var/log/ltm log files. Let’sFirst, prep thestart a following tail of /var/log/ltm file first.so that you may see log messages generated by the newly added iRule:

1. SSH into the unit by launching Putty from you jumpbox desktop (a saved session called f5 BIGIP already exists)

a. Host Name (or IP address) = bigip.f5demo.comb. Username = rootc. Password = default

2. Run the following command:

tail -f /var/log/ltm


iRules 101

3. Open a web browser and go to http://lab1.f5demo.com/httprequest.php [4.] Examine the output of the web page as well as the ltm logs

Questions

If making repeated requests from the same browser, does the page change? Close the browser and try again. Does anything change? Does the log message change or stay the same? Does the pool member IP end with an odd or even 4th octet?

o Odd example = “Pool member address/port: 10.128.20.11:80”o Even example = “Pool member address/port: 10.128.20.12:80”



Is the objective here to force them to retry first by hitting the “refresh” button (which will attempt to use cached items), then go to the same destination after a cache flush (from the browser close)? If so, the image above is slightly confusing because it implies that multiple attempts have already been made.

http://lab1.f5demo.com/httprequest.php

iRules 101

LAB 2 – REDIRECT HTTP TRAFFIC TO HTTPSThis lab guide will require the student to create an iRule to redirect HTTP traffic to HTTPS.

Objective: Create an iRule to redirect HTTP to HTTPS

Log the results

Lab Requirements: Two virtual servers: one listening on port 80 and one listening on port 443


TASK 1 – Create the iRuleAs mentioned previously, iRules can be created in the F5 iRule Editor or directly on the F5 web configuration utility. This task will give the steps to create an iRule on the F5 web configuration utility.





iRules 101

3. When the page loads, hit “Create” on the right side4. Supply a name of ir_lab2_https_redirect5. Add content to the iRule (see below)

In the definition screen let’s, create an iRule. First, you will define an event to fire the iRule. We will uUse the “HTTP_REQUEST” event. Next, the event needs to do something when firedtriggered. We wantYou want the BIG-IP to redirect all http traffic to https (keeping the same hostname and URI) when accessing a specific virtual server. For example, if a user accesses http://1.2.3.4/test, the we want touser’s browser should be redirected them to https://1.2.3.4/test.

Think about how you would approach this and write down the pseudo code. Now take a shot at writing the actual iRule. Enter the following textThe following code accomplishes this task, and is provided as a guide in case you need additional assistance:.

#redirect all traffic to HTTPS preserving hostname and URI

when HTTP_REQUEST { if { [TCP::local_port] == 80 } {

#log the redirect action and show the URL being redirected log local0. "Redirecting to https://[getfield [HTTP::host] ":" 1][HTTP::uri]"

#use the "getfield" command to extract the hostname and strip any trailing port number HTTP::respond 301 Location https://[getfield [HTTP::host] ":" 1][HTTP::uri] }}


TASK 2 – Add the iRule to the Virtual Server1. Open a web browser and login to the F5





This seems unnecessary (and somewhat confusing). Since the VS will presumably be listening on port 80, no other port is possible.


I changed this because the text invites the student to create code on his or her own, but then in the imperative, instructs the student to enter this code snippet.


iRules 101

3. Select the virtual server named “lab2_vs_80”4. Choose the “Resources” tab5. In the iRules section, hit the “Manage” button to the right to display a list of iRules6. Select the newly created iRule named “ir_lab2_https_redirect” and add it to the “Enabled” section

7. Hit “Finished” to complete and the iRule is now attached to the virtual server

TASK 3 – Test the iRuleThis task will involves generating some traffic to test the iRule. We You will verify functionality by opening a web browser to the test site as well as reviewing the /var/log/ltm log files. Let’s First, prep start a following tail of the /var/log/ltm file first:.

1. SSH into the unit by launching Putty (a saved session already exists)a. Host Name (or IP address) = bigip.f5demo.comb. Username = rootc. Password = default


iRules 101



3. Open a web browser and go to http://lab2.f5demo.com 4. Examine the output of the web page and notice it’s redirected to HTTPS

[5.] Click a couple random links and examine the output of the ltm logs


http://lab2.f5demo.com/

iRules 101

Congratulations! You just wrote and tested an iRule that redirects all http traffic to https


iRules 101

LAB 3 – USING STRING TOOLSThis lab guide will require the student to create an iRule to examine the URI with string tools “contains” and “findstr” , and then send the HTTP Request traffic to a specific pool based on the search results.

Objective: Search the HTTP URI for specific text and send to different poolsDirect the Request message to a pool

member based on the HTTP URI string


Two server pools, each with a single pool member: http_pool1 = 10.128.20.11, http_pool2 = 10.128.20.12


TASK 1 – Create the iRule for “contains”As mentioned previously, iRules can be created in the F5 iRule Editor or directly on the F5 web configuration utility. This task will give the steps to create an iRule on the F5 web configuration utility.




iRules 101


3. When the page loads, hit “Create” on the right side4. Supply a name of ir_lab3_search_contains5. Add content to the iRule (see below)

In the definition screen let’s create an iRule. First define an event to fire the iRule. We will use the Create an iRule that fires on the “HTTP_REQUEST” event. Next, the event needs to do something when fired. We want to In the body of the event, you will add code that searches the URI for the string “login”, and if it contains that string then we want to send traffic, it will direct the HTTP Request message to http_pool1. Otherwise, we want to send trafficit will direct the HTTP Request message to http_pool2.

Think about how you would approach this and write down the pseudo code. Now take a shot at writing the actual iRule. Enter the following text The following code accomplishes this task, and is provided as a guide in case you need additional assistance:.

#use the "contains" command to search the URI for the string "login"#if URI contains "login" then use pool 1, otherwise use pool 2

when HTTP_REQUEST { if {[HTTP::uri] contains "login"} { pool http_pool1 } else { pool http_pool2 }}


TASK 2 – Add the iRule to Virtual Server for “contains”1. Open a web browser and login to the F5





iRules 101

3. Select the virtual server named “lab3_vs”4. Choose the “Resources” tab5. In the iRules section, hit the “Manage” button to the right to display a list of iRules6. Select the newly created iRule named “ir_lab3_search_contains” and add it to the “Enabled” section


TASK 3 – Test the iRule for “contains”This task will involve generating some traffic to test the iRule. YouWe will verify functionality by opening a web browser to the test site with different text in the URI.

1. Open a web browser and go to http://lab3.f5demo.com/httprequest.php 2. Examine the output of the web page. Which pool was used?

3. Modify the URI by appending “login” like this http://lab3.f5demo.com/httprequest.php?login


http://lab3.f5demo.com/httprequest.php?login

http://lab3.f5demo.com/httprequest.php

iRules 101

4. Examine the output of the web page. Which pool was used?

Questions

When navigating to URIs without “login”, which server was hit? When navigating to URIs with “login”, was a different server hit?

TASK 4 – Create the iRule for “findstr”1. Choose Local Traffic Manager > iRules

2. When the page loads, hit “Create” on the right side3. Supply a name of ir_lab3_search_findstr4. Add content to the iRule (see below)

In the definition screen let’s create an iRule. First define an event to fire the iRule. We will use theCreate an iRule that fires on the “HTTP_REQUEST” event. Next, the event needs to do something when fired. We want toThe code for this event should search for the string “me” in the following URI: /?user=me. If that string is present, we want tothe code should send trafficdirect the HTTP Request message to http_pool1. Otherwise, we want to send trafficit should direct the HTTP Request message to http_pool2.

Think about how you would approach this and write down the pseudo code. Now take a shot at writing the actual iRule. The following code accomplishes this task, and is provided as a guide in case you need additional assistance:Enter the following text.


iRules 101

#use the findstr command to search the URI for the string "me"#if URI contains "me" 5 characters after "user=" then use pool 1, otherwise use pool 2

when HTTP_REQUEST { if {[findstr [HTTP::uri] "user=" 5] equals "me"} { pool http_pool1 } else { pool http_pool2 }}


TASK 5 – Add the iRule to the Virtual Server for “findstr”1. Choose Local Traffic Manager > Virtual Servers

2. Select the virtual server named “lab3_vs”3. Choose the “Resources” tab4. In the iRules section, hit the “Manage” button to the right to display a list of iRules5. Select the newly created iRule named “ir_lab3_search_findstr” and add it to the “Enabled” section6. Also remember to remove the previously added iRule “ir_lab3_search_contains”



iRules 101

TASK 6 – Test the iRule for “findstr”This task will involve generating some traffic to test the iRule. You We will verify functionality by opening a web browser to the test site with different text in the URI.

1. Open a web browser and go to http://lab3.f5demo.com/httprequest.php?user=me 2. Examine the output of the web page. Which pool was used?

3. Modify the URI like this http://lab3.f5demo.com/httprequest.php?user=you4. Examine the output of the web page. Which pool was used? Why?

Questions

When navigating to URIs with “user=me”, which server was hit? When navigating to URIs with “user=you”, was a different server hit?

Congratulations! You just wrote and tested two iRules that search the URI for various strings and sends traffic based on the results.



In other task, the steps were imperative and the questions were deferred until this section. In this task, the questions are intermixed with the steps and repeated here. I recommend removing the questions from the steps.

http://lab3.f5demo.com/httprequest.php?user=you

http://lab3.f5demo.com/httprequest.php?user=me

iRules 101

LAB 4 – HTTP HEADERSThis lab guide will require the student to create an iRule to read and modify HTTP headers on the HTTP requests and the HTTP responses.

Objective: Parse Read and modify HTTP headers, read and modify

Log the results








iRules 101

3. When the page loads, hit “Create” on the right side4. Supply a name of ir_lab4_http_headers5. Add content to the iRule (see below)

Create an iRule that fires on the HTTP_REQUEST event. The code for this event should log each of the HTTP Request headers. You will need to use a loop in order to accomplish this.

In the definition screen let’s create an iRule. First define an event to fire the iRule. We will use the “HTTP_REQUEST” event. Next, the event needs to do something when fired. When a client comes into the LTM, let’s logs all the HTTP headers. We'll need to create a loop to get each HTTP header and log the value.


when HTTP_REQUEST { foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" }}


TASK 2 – Add the iRule to the Virtual Server 1. Open a web browser and login to the F5





iRules 101

3. Select the virtual server named “lab4_vs”4. Choose the “Resources” tab5. In the iRules section, hit the “Manage” button to the right to display a list of iRules6. Select the newly created iRule named “ir_lab4_http_headers” and add it to the “Enabled” section


TASK 3 – Test the iRuleThis task will involve generating some traffic to test the iRule. We You will verify functionality by opening a web browser to the test site as well asand by reviewing the /var/log/ltm log files. Let’s prep the /var/log/ltm file first. Start a following tail of /var/log/ltm:

1. SSH into the unit by launching Putty (a saved session already exists)a. Host Name (or IP address) = bigip.f5demo.comb. Username = rootc. Password = default


iRules 101



3. Open a web browser and go to http://lab4.f5demo.com [4.] Examine the output of the ltm logs. It should look similar to the following:

TASK 4 – Modify the iRule 1. Choose Local Traffic Manager > iRules

2. When the page loads, edit the iRule you just created ir_lab4_http_headers3. Add additional content to the iRule (see below)

Edit the iRule so that it also fires on the HTTP_RESPONSE event. The code for this event should log each of the HTTP Response headers.



iRules 101

In the definition screen let’s add a new event to view the server response. We will use the “HTTP_RESPONSE” event. Next, the event needs to do something when fired. Similar to the previous HTTP_REQUEST event that logs all the client request headers, we now want to do the same thing for server response headers. We'll need to create a loop to get each HTTP header and log the value.

Think about how you would approach this and write down the pseudo code. Now take a shot at writing the actual iRule. Modify the existing iRule and add the new HTTP_RESPONSE event code. The following code accomplishes this task, and is provided as a guide in case you need additional assistance:

when HTTP_REQUEST { foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" }}

when HTTP_RESPONSE { HTTP::header insert X-Customize "F5 Networks" foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" }}


TASK 5 – Test iRule with New UpdatesThis task will involve generating some traffic to test the iRule. We You will verify functionality by opening a web browser to the test site as well as reviewing the /var/log/ltm log files.

1. Go back to the SSH console and run the following command (if the tail is already running, hit the Enter key a few times to set the newly logged lines apart from previous logged lines):


2. Open a web browser and go to http://lab4.f5demo.com [3.] Examine the output of the ltm logs. It should look similar to the following:



iRules 101

Questions

What is the difference between this version of the iRule and the previous version? Can you tell which headers are from the request and which ones are from the response? Where did the “X-Customize” header come from?


iRules 101

LAB 5 – STREAM EXPRESSIONThis lab guide will require the student to create an iRule to find and replace text within HTML content using a stream:: expression.

Objective: Modify the server response to dynamically update HTML content

Log the results








iRules 101

3. When the page loads, hit “Create” on the right side4. Supply a name of ir_lab5_stream5. Add content to the iRule (see below)

Create an iRule that fires on the HTTP_REQUEST event and the HTTP_RESPONSE event. The code for this event should disable the stream profile when processing HTTP Request messages, and also instruct the server to not use compression on the HTTP Response. This is necessary so that the code can perform stream substitutions on the HTTP Response message.

In the definition screen let’s create an iRule. First define an event to fire the iRule. We will use the “HTTP_REQUEST” event. The event HTTP_REQUEST will be used to disable the stream profile on all inbound requests and to turn off HTTP compression requests from clients so that the iRule can find and replace data.


when HTTP_REQUEST { # Disable the stream filter for all requests STREAM::disable # Disable response encoding by removing any requests for it. HTTP::header remove "Accept-Encoding"}

We will fFollow this block with an HTTP_RESPONSE blockevent handler, which will do all the important stream manipulation.

Find Example #1:<TITLE>Welcome to Lorax Bank</TITLE>

Replace With:<TITLE>Welcome to Agility Bank</TITLE>

Find Example #2:<td width=70%> Welcome to Lorax Bank! 

Replace With:<td width=70%> Welcome to Agility Bank! 

when HTTP_RESPONSE { # Check if response is text (don't find & replace in other MIME types) if {[HTTP::header value "Content-Type"] starts_with "text"}{

iRules 101

log local0. "Replacing references from Lorax to Agility" STREAM::expression {@Lorax@Agility@} STREAM::enable }}

Note: The STREAM::expression syntax is defined as:

<delimiter><search><delimiter>[<replace>]<delimiter>

The [<replace>] option is variable and can be left empty to find and remove the value. The first character is the delimiter and may be any one of the following characters: .*/-:_?=@& (period, asterisk, forward slash, dash, colon, underscore, question mark, equals, at sign, ampersand) but the @ character is most often used.

Other working examples:

{*http://oldserver/*/files/*}{?http://oldserver/?/files/?}

6. BONUS STEP (optional) -- To diagnose/validate successful stream expression matches, add the following third event to the iRule.

when STREAM_MATCHED { log local0. "[IP::client_addr]:[TCP::client_port]: Matched [STREAM::match]"}


**The full iRule will look like this**when HTTP_REQUEST { # Disable the stream filter for all requests STREAM::disable # Disable response encoding by removing any requests for it. HTTP::header remove "Accept-Encoding"}

when HTTP_RESPONSE { # Check if response is text (don't find & replace in other MIME types) if {[HTTP::header value "Content-Type"] starts_with "text"}{ log local0. "Replacing references from Lorax to Agility" STREAM::expression {@Lorax@Agility@} STREAM::enable }}

when STREAM_MATCHED { log local0. "[IP::client_addr]:[TCP::client_port]: Matched [STREAM::match]"}

TASK 2 – Test the Web Page Before Applying the iRuleBefore adding the iRule to a virtual server, let’s test the original web page first.

1. Open a web browser and go to http://lab5.f5demo.com/lorax.php


http://lab5.f5demo.com/lorax.php

iRules 101

2. Review the page and notice all the “Lorax” references on the page.3. Right click in the web page and “View Page Source” (or “View Source” depending on browser)


iRules 101

4. Close the web browser

TASK 3 – Add the iRule to the Virtual Server1. Open a web browser and login to the F5



3. Select the virtual server named “lab5_vs”4. Choose the “Resources” tab5. In the iRules section, hit the “Manage” button to the right to display a list of iRules6. Select the newly created iRule named “ir_lab5_stream” and add it to the “Enabled” section


TASK 4 – Test the iRuleThis task will involve generating some traffic to test the iRule. We You will verify functionality by opening a web browser to the test site as well asand by reviewing the /var/log/ltm log files. Let’s prep theStart a following tail of /var/log/ltm file first.:

1. SSH into the unit by launching Putty (a saved session already exists)d. Host Name (or IP address) = bigip.f5demo.come. Username = rootf. Password = default



iRules 101



3. Open a web browser and go to http://lab5.f5demo.com/lorax.php[4.] Examine the output of the web page as well as the ltm logs


http://lab5.f5demo.com/lorax.php

iRules 101

4.[5.] Review the page and notice all the “Lorax” references on the page have changed to “Agility”5.[6.] Right click in the web page and “View Page Source” (or “View Source” depending on browser)


iRules 101

Questions

Did all references of “Lorax” get replaced with “Agility”? If not, why? What if “Lorax” had a lowercase “L” like “lorax”? What iRule change is needed?


iRules 101

LAB 6 – USING THE VIRTUAL COMMANDThis lab guide will require the student to create an iRule with the “virtual” command to re-route traffic from one virtual server to another.

Objective: Identify specific URIs and direct traffic to another virtual server

Log the results

Lab Requirements: Two virtual servers with each VS containing a different server pool member







iRules 101

3. When the page loads, hit “Create” on the right side4. Supply a name of ir_lab6_v2v5. Add content to the iRule (see below)

Create an iRule that fires on the HTTP_REQUEST. The code for this event should check the request URI, and if it matches /welcome.php, it should proxy the Request to the lab6_v2v virtual server. The code should also generate a log message to validate that the code is working as expected.

In the definition screen let’s create an iRule. First define an event to fire the iRule. We will use the “HTTP_REQUEST” event. Next, the event needs to do something when fired. When a request comes into the virtual server, let’s test to see if the requested URI matches “/welcome.php”. If there is a match, we’ll send the request to the lab6_v2v virtual server.

We will create a simple “if then else” logical branch within our HTTP_REQUEST block and call the virtual command only for one URI match. To validate it is working, we’ll also add a log message so we know the iRule triggered as expected.


when HTTP_REQUEST { if { [HTTP::uri] starts_with "/welcome.php" } { log local0. "internally routing from [virtual name] to lab6_vs_v2v" virtual lab6_vs_v2v }}


TASK 2 – Test the Web Page Before Applying the iRuleBefore adding the iRule to a virtual server, let’s test the web pages first.

1. Open a web browser and go to http://lab6.f5demo.com/welcome.php


http://lab6.f5demo.com/welcome.php

iRules 101

2. Review the page and notice the all references are for “Node #1” and its pool member IP of 10.128.20.113. Review the source code. Right click on the page and select “View Page Source” (or View Source)

Read through the source code and find any “href”, and you’ll see image links similar to the following:

<img src=”images/TopBar.png” …>

The full link would look likeThe user-agent normally expands this to http://lab6.f5demo.com/images/TopBar.png. This URL does not contain “/welcome.php”. This is important to keep in mind once weyou apply the iRule to a virtual server. This will help demonstrate that some


http://lab6.f5demo.com/images/TopBar.png

iRules 101

content on the page will match the iRule and other content will not. As a result, various content on the page will load with different servers.

[4.] Now let’s tTest the “v2v” virtual server…4.[5.] Open a web browser and go to http://lab6-v2v.f5demo.com/welcome.php

5.[6.] Review the page and notice all references are for “Node #2” and its pool member IP of 10.128.20.126.[7.] Close the web browser

We You have now verified that lab6.f5demo.com has a dedicated server Node #1, and lab6-v2v.f5demo.com has a dedicated server Node #2. There currently is no mixing of server nodes providing content.

TASK 3 – Add iRule to Virtual Server1. Open a web browser and login to the F5





http://lab6-v2v.f5demo.com/welcome.php

iRules 101

3. Select the virtual server named “lab6_vs”4. Choose the “Resources” tab5. In the iRules section, hit the “Manage” button to the right to display a list of iRules6. Select the newly created iRule named “ir_lab6_v2v” and add it to the “Enabled” section


TASK 4 – Test iRuleThis task will involve generating some traffic to test the iRule. We will vVerify functionality by opening a web browser to the test site as well as and by reviewing the /var/log/ltm log files. Let’s prep the /var/log/ltm file firstStart a following tail of /var/log/ltm.:

6.[7.] SSH into the unit by launching Putty (a saved session already exists)g. Host Name (or IP address) = bigip.f5demo.comh. Username = rooti. Password = default


iRules 101

7.[8.] Run the following command:


8.[9.] Open a web browser and go to http://lab6.f5demo.com/welcome.php [10.] Examine the output of the web page as well as the ltm logs


http://lab6.f5demo.com/welcome.php

iRules 101

Questions

What was the before and after difference of the web page once the iRule was applied? How many server nodes provided content? Were the images served by Node #1 or Node #2? What was the pool member IP listed in the textual page content?


iRules 101

LAB 7 – MAINTENANCE PAGEThis lab guide will require the student to create an iRule to display a maintenance page to users when the site is down. This allows you to control the user experience even if the site is down.

Objective: Create a maintenance page and that page serve to the client if the VS attached pool is down








iRules 101

3. When the page loads, hit “Create” on the right side4. Supply a name of ir_lab7_maintenance5. Add content to the iRule (see below)

Create an iRule that fires on the HTTP_REQUEST. The code for this event must first determine whether any pool members for the VS attached pool are active. If no members are active, the BIG-IP should directly respond to the client with an HTTP Response message, and proxy nothing to the server-side.

In the definition screen let’s create an iRule. First define an event to fire the iRule. We will use the “HTTP_REQUEST” event. Next, the event needs to do something when fired. The goal is to provide a maintenance page only if all the pool members are down. This means we first have to determine if any members are active.


when HTTP_REQUEST { if { [active_members lab7_pool] < 1 } { set stime 10 HTTP::respond 501 content \ "<html><head><title>Sorry Folks</title></head><body><meta http-equiv='REFRESH' \ content=$stime;url=HTTP:://[HTTP::host]></HEAD> \ <h2>Sorry folks! We're closed to clean and repair America's favorite family fun site.\ Sorry, uh-huh, uh-huh, uh-huh!</h2></body></html>" "Content-Type" "text/html" }}


TASK 2 – Add the iRule to a Virtual Server1. Open a web browser and login to the F5





Does it make sense to utilize a global (static:: namespace) variable here in order to cover that useful and important element of iRules?

iRules 101

3. Select the virtual server named “lab7_vs”4. Choose the “Resources” tab5. In the iRules section, hit the “Manage” button to the right to display a list of iRules6. Select the newly created iRule named “ir_lab7_maintenance” and add it to the “Enabled” section


TASK 3 – Test the iRuleThis task will involve generating some traffic to test the iRule. We will v You will verify functionality by opening a web browser when there is at least one active pool member. The page should load fine. You will then mark all All pool members will then be marked “down”, and . After this, testing the site a second time should causea page request should cause the maintenance page to render.

1. Open a web browser and go to http://lab7.f5demo.com 2. Examine the output of the web page. There are multiple images, links, and content served by various

pool members



iRules 101

3. Click on the “Welcome” link or scroll down to the bottom and click on other random links.4. Close the web browser

Up to this point, we know the iRule is successfully checking active pool member count. Let’s see what happens when all the pool members are marked down.

5. Go back to the F5 web browser6. Go to Local Traffic > Pools > Pool List

7. Select the pool named “lab7_pool”8. Choose the “Members” tab9. Check the box next to each of the four pool members10. Select “Force Offline”


iRules 101

This will cause the pool members to be marked offline and look similar to the screenshot below.

Now let’s see ifverify that ourthe application behaves differently on the next attempt to open the web page.

11. Open a web browser and go to http://lab7.f5demo.com



iRules 101

VLet’s verify the iRule one more time by activating at least one pool member.

12. Go back to Local Traffic > Pools > Pool List13. Select the pool named “lab7_pool”14. Choose the “Members” tab15. Check the box for at least one or all pool members16. Choose “Enable” to bring the server(s) online again

After a few seconds, they should go green and the web page will load successfully again!


iRules 101

Congratulations! You just completed the “Maintenance Page” lab.

Questions

Try marking only some pool members down. What happens? Edit the iRule so it checks for at least 2 active members? Edit the iRule again to log the active member count. Does it show in /var/log/ltm?


Guide to IRules

Documents

Transcript of Guide to IRules