Introduction to F5 BIG-IP

“F5 BIG-IP ” has ability to function as full proxy. Full Proxy design of F5 BIG-IP is a wonderful tool through which one can manipulate client-side connections and server-side connections all the way through the application layer. All this is possible because of F5’s powerful feature set of BIG-IP “iRule”.

Functions of iRule in F5 BIG-IP

iRule can perform buffet of functions like –

making load balancing decisions
modifying packet content
directing traffic flow
collecting statistics

and plethora of others things up to layer seven. iRule gives great deal of power and control over your network, Traffic, Routing and application flow programmable. iRules are available in LTM/GTM/ASM Modules. iRules are created with the help of Tool command language (TCL) programs or script (Also called as Event handler) that are assigned to Virtual server and run by one or more user specified Events related to the Virtual server, such as HTTP get request or new TCP connections.

Example Scenarios

Some of common scenarios where iRule plays a pivotal role are –

Case 1 –

User sends an insecure http request to website (let’s say in this case it is www.ipwithease.com) but actual page which is opening is https.

Case 2 –

Sometimes whole URL gets changed, like in case a user tried opening www.abc.com , however resultant request is redirected to www.xyz.com.

The power of iRule makes both the above shared cases possible. As in case 1, the benefit is that we don’t need to broadcast every client that we have changed our security and have moved from insure (HTTP) to secure (HTTPS).

Structure: iRule in F5 BIG-IP

Lets further understand the iRule structure in more detail.

iRule Structures are composed of –

Event Declarations and
TCL Execution Code

When a certain event occurs, match the condition and then perform the action

Below is the format –

When EVENT {

If { condition_expression } {

Action_when_condition_true

} else {

Action_when_condition_false

}

Let’s use CASE 1 example where where http to https redirection is required –

when HTTP_REQUEST {

switch [string tolower [HTTP::host]] {

“ipwithease” { HTTP::redirect “https://ipwithease.com” }

}

To summarize, we can confidently submit that iRules are pre-complied which provide us faster performance, it has a great influence on handling unique customer conditions and customizations, controlling and routing traffic contextually, implementing business policy and using client specific decision making .

Continue Reading:

BIG IP F5 High Availability Guide

F5 LTM Interview Questions

TMOS components of BIG-IP (Traffic Management Operating System)

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)