Beruflich Dokumente
Kultur Dokumente
2015:
iRules 101 Lab Guide
Last Updated:
6/1529/15
3 of 54
2014 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc.
in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners
with no endorsement or affiliation, express or implied, claimed by F5.
These training materials and documentation are F5 Confidential Information and are subject to the F5 Networks
Reseller Agreement. You may not share these training materials and documentation with any third party without the
express written permission of F5.
4 of 54
iRules 101
TABLE OF CONTENTS
Table of Contents................................................................................................................ 3
Lab 1 Load Balance by Client Port................................................................................... 5
TASK 1 Create the iRule with F5 iRule Editor.............................................................................5
TASK 2 Create the iRule with F5 Web Configuration Utility (the GUI).........................................8
TASK 3 Add iRule to Virtual Server............................................................................................9
TASK 4 Test iRule..................................................................................................................... 10
3 of 54
iRules 101
5 of 54
iRules 101
Objective:
Log results
Lab Requirements:
Two server pools with: a pool named odd and a pool named even. The pool odd will
only have pool members with an odd-numbered final octet (e.g., 10.128.20.11),
while the pool even will only have pool members with an even-numbered final octet
IPs (e.g. 10.128.20.11 = odd, 10.128.20.12 = even)
2. Choose File > Connect or hit the Connect icon (it looks like a sprocket) in the upper
left corner.
3. A connection dialogue is presented.
a. Hostname = bigip.f5demo.com
b. Username = admin
c. Password = admin
6 of 54
iRules 101
4. Once you are connected you will see the configuration screen below
7 of 54
iRules 101
One convenient thing about the iRule Editor is the syntax highlighting and line numbers. When
the above iRule is placed into the editor, it will look similar to this next picture.
8 of 54
iRules 101
[blank]
9 of 54
iRules 101
3.
4.
5.
6.
10 of 54
iRules 101
7. Hit Finished to complete and the iRule is now attached to the virtual server
11 of 54
iRules 101
Questions
If making repeated requests from the same browser, does the page change?
Close the browser and try again. Does anything change?
Does the log message change or stay the same?
Does the pool member IP end with an odd or even 4 th octet?
o Odd example = Pool member address/port: 10.128.20.11:80
o Even example = Pool member address/port: 10.128.20.12:80
12 of 54
iRules 101
Objective:
Lab Requirements:
Two virtual servers: one listening on port 80 and one listening on port 443
13 of 54
iRules 101
14 of 54
iRules 101
3.
4.
5.
6.
7. Hit Finished to complete and the iRule is now attached to the virtual server
15 of 54
iRules 101
5. Click a couple random links and examine the output of the ltm logs
16 of 54
iRules 101
Congratulations! You just wrote and tested an iRule that redirects all http traffic to https
17 of 54
iRules 101
Objective:
Search the HTTP URI for specific text and send to different poolsDirect the Request
message to a pool member based on the HTTP URI string
Lab Requirements:
Two server pools, each with a single pool member: http_pool1 = 10.128.20.11,
http_pool2 = 10.128.20.12
18 of 54
iRules 101
19 of 54
iRules 101
when HTTP_REQUEST {
if {[HTTP::uri] contains "login"} {
pool http_pool1
} else {
pool http_pool2
}
}
3.
4.
5.
6.
7. Hit Finished to complete and the iRule is now attached to the virtual server
20 of 54
iRules 101
2. Examine the output of the web page. Which pool was used?
Questions
21 of 54
iRules 101
#use the findstr command to search the URI for the string "me"
#if URI contains "me" 5 characters after "user=" then use pool 1, otherwise use pool 2
when HTTP_REQUEST {
if {[findstr [HTTP::uri] "user=" 5] equals "me"} {
pool http_pool1
} else {
pool http_pool2
}
}
22 of 54
iRules 101
2.
3.
4.
5.
7. Hit Finished to complete and the iRule is now attached to the virtual server
23 of 54
iRules 101
4. Examine the output of the web page. Which pool was used? Why?
Questions
Congratulations! You just wrote and tested two iRules that search the URI for various strings
and sends traffic based on the results.
24 of 54
iRules 101
Objective:
Lab Requirements:
25 of 54
iRules 101
26 of 54
iRules 101
3.
4.
5.
6.
7. Hit Finished to complete and the iRule is now attached to the virtual server
27 of 54
iRules 101
2. When the page loads, edit the iRule you just created ir_lab4_http_headers
3. Add additional content to the iRule (see below)
Edit the iRule so that it also fires on the HTTP_RESPONSE event. The code for this event
should log each of the HTTP Response headers.
28 of 54
iRules 101
In the definition screen lets add a new event to view the server response. We will use the
HTTP_RESPONSE event. Next, the event needs to do something when fired. Similar to the
previous HTTP_REQUEST event that logs all the client request headers, we now want to do the
same thing for server response headers. We'll need to create a loop to get each HTTP header
and log the value.
Think about how you would approach this and write down the pseudo code. Now take a shot at
writing the actual iRule. Modify the existing iRule and add the new HTTP_RESPONSE event
code. The following code accomplishes this task, and is provided as a guide in case you need
additional assistance:
when HTTP_REQUEST {
foreach aHeader [HTTP::header names] {
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
}
when HTTP_RESPONSE {
HTTP::header insert X-Customize "F5 Networks"
foreach aHeader [HTTP::header names] {
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
}
29 of 54
iRules 101
Questions
What is the difference between this version of the iRule and the previous version?
Can you tell which headers are from the request and which ones are from the response?
Where did the X-Customize header come from?
30 of 54
iRules 101
Objective:
Lab Requirements:
31 of 54
iRules 101
We will fFollow this block with an HTTP_RESPONSE blockevent handler, which will do all the
important stream manipulation.
Find Example #1:
<TITLE>Welcome to Lorax Bank</TITLE>
Replace With:
<TITLE>Welcome to Agility Bank</TITLE>
Find Example #2:
<td width=70%><p><font face=Arial><br>Welcome to Lorax Bank!<br><br>
Replace With:
<td width=70%><p><font face=Arial><br>Welcome to Agility Bank!
<br><br>
when HTTP_RESPONSE {
# Check if response is text (don't find & replace in other MIME types)
if {[HTTP::header value "Content-Type"] starts_with "text"}{
32 of 54
iRules 101
33 of 54
iRules 101
2. Review the page and notice all the Lorax references on the page.
3. Right click in the web page and View Page Source (or View Source depending on
browser)
34 of 54
iRules 101
3.
4.
5.
6.
7. Hit Finished to complete and the iRule is now attached to the virtual server
35 of 54
iRules 101
36 of 54
iRules 101
5. Review the page and notice all the Lorax references on the page have changed to
Agility
6. Right click in the web page and View Page Source (or View Source depending on
browser)
37 of 54
iRules 101
Questions
Did all references of Lorax get replaced with Agility? If not, why?
What if Lorax had a lowercase L like lorax? What iRule change is needed?
38 of 54
iRules 101
Objective:
Lab Requirements:
Two virtual servers with each VS containing a different server pool member
39 of 54
iRules 101
40 of 54
iRules 101
2. Review the page and notice the all references are for Node #1 and its pool member IP
of 10.128.20.11
3. Review the source code. Right click on the page and select View Page Source (or View
Source)
Read through the source code and find any href, and youll see image links similar to the
following:
<img src=images/TopBar.png >
F5 2015 Agility: iRules 101 Lab Guide - Page
41 of 54
iRules 101
The full link would look likeThe user-agent normally expands this to
http://lab6.f5demo.com/images/TopBar.png. This URL does not contain /welcome.php.
This is important to keep in mind once weyou apply the iRule to a virtual server. This will help
demonstrate that some content on the page will match the iRule and other content will not. As
a result, various content on the page will load with different servers.
4. Now lets tTest the v2v virtual server
5. Open a web browser and go to http://lab6-v2v.f5demo.com/welcome.php
6. Review the page and notice all references are for Node #2 and its pool member IP of
10.128.20.12
7. Close the web browser
We You have now verified that lab6.f5demo.com has a dedicated server Node #1, and lab6v2v.f5demo.com has a dedicated server Node #2. There currently is no mixing of server nodes
providing content.
42 of 54
iRules 101
3.
4.
5.
6.
7. Hit Finished to complete and the iRule is now attached to the virtual server
43 of 54
iRules 101
44 of 54
iRules 101
Questions
What was the before and after difference of the web page once the iRule was applied?
How many server nodes provided content?
Were the images served by Node #1 or Node #2?
What was the pool member IP listed in the textual page content?
45 of 54
iRules 101
Objective:
Create a maintenance page and that page serve to the client if the VS attached pool
is down
Lab Requirements:
46 of 54
iRules 101
47 of 54
iRules 101
3.
4.
5.
6.
7. Hit Finished to complete and the iRule is now attached to the virtual server
48 of 54
iRules 101
3. Click on the Welcome link or scroll down to the bottom and click on other random
links.
4. Close the web browser
Up to this point, we know the iRule is successfully checking active pool member count. Lets
see what happens when all the pool members are marked down.
5. Go back to the F5 web browser
6. Go to Local Traffic > Pools > Pool List
49 of 54
iRules 101
This will cause the pool members to be marked offline and look similar to the screenshot
below.
Now lets see ifverify that ourthe application behaves differently on the next attempt to open
the web page.
11.Open a web browser and go to http://lab7.f5demo.com
50 of 54
iRules 101
VLets verify the iRule one more time by activating at least one pool member.
12.Go back to Local Traffic > Pools > Pool List
13.Select the pool named lab7_pool
14.Choose the Members tab
15.Check the box for at least one or all pool members
16.Choose Enable to bring the server(s) online again
After a few seconds, they should go green and the web page will load successfully again!
51 of 54
iRules 101
52 of 54