iRule in F5 BIG-IP

“BIG-IP F5” has ability to function as full proxy. Full Proxy design of BIG-IP F5 is a wonderful tool through which one can manipulate client-side connections and server-side connections all the way through the application layer. All this is possible because of F5’s powerful feature set of BIG-IP “iRule”.

iRule can perform buffet of functions like –


  • making load balancing decisions
  • modifying packet content
  • directing traffic flow
  • collecting statistics

and plethora of others things upto layer seven. iRule gives great deal of power and control over your network, Traffic, Routing and application flow programmable. iRules are available in LTM/GTM/ASM Modules. iRules are created with the help of Tool command language (TCL) programs or script (Also called as Event handler) that are assigned to Virtual server and run by one or more user specified Events related to the Virtual server, such as HTTP get request or new TCP connections.

Some of common scenarios where iRule plays a pivotal role are –

Case 1

User sends an insecure http request to website (let’s say in this case it is www.ipwithease.com) but actual page which is opening is https.

Case 2

Sometimes whole URL gets changed, like in case a user tried opening www.abc.com , however resultant request is redirected to www.xyz.com.

The power of iRule makes both the above shared cases possible. As in case 1, the benefit is that we don’t need to broadcast every client that we have changed our security and have moved from insure (HTTP) to secure (HTTPS).

Lets further understand the iRule structure in more detail.

iRule Structures are composed of –

  • Event Declarations and
  • TCL Execution Code

When a certain event occurs, match the condition and then perform the action

Below is the format –

When EVENT {       

If { condition_expression } {                   

Action_when_condition_true

} else {

Action_when_condition_false

}

}

 

Let’s use CASE 1 example where where http to https redirection is required –

when HTTP_REQUEST {

switch [string tolower [HTTP::host]] {

ipwithease” { HTTP::redirect “https://ipwithease.com” }

}

} 

To summarize, we can confidently submit that iRules are pre-complied which provide us faster performance, it has a great influence on handling unique customer conditions and customizations, controlling and routing traffic contextually, implementing business policy and using client specific decision making .

Please follow and like us:

Related Post


Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency
USD United States (US) dollar

Check E-Store for New Addition "Top 100 LAN Interview Q & A" Dismiss