Applies To:

Show Versions Show Versions

Manual Chapter: Managing iRules
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

15 
As you work with the Global Traffic Manager, you might find that you want to incorporate additional customizations beyond the available features associated with load balancing, monitors, or other aspects of your traffic management. For example, you might want to have the system respond to a name resolution request with a specific CNAME record, but only when the request is for a particular wide IP and originates from Europe. In the Global Traffic Manager, these customizations are defined through iRules®. iRules are code snippets that are based on TCL 8.4. These snippets allow you a great deal of flexibility in managing your global network traffic.
If you are familiar with the Local Traffic Manager, you might already be aware of and use iRules to manage your network traffic on a local level. The iRules in the Global Traffic Manager share a similar syntax with their Local Traffic Manager counterparts, but support a different set of events and objects.
Due to the dynamic nature of iRules development, the following sections focus on providing an overview of iRule operations and describe the events and command specific to the Global Traffic Manager. For additional information on how to write iRules, visit the F5 DevCentral web site: http://devcentral.f5.com. At this site, you can learn more about iRules development, as well as discuss iRules functionality with others.
An iRule is a script that you write if you want individual connections to target a pool other than the default pool defined for a virtual server. iRules allow you to more directly specify the pools to which you want traffic to be directed. Using iRules, you can send traffic not only to pools, but also to individual pool members or hosts.
The iRules you create can be simple or sophisticated, depending on your content-switching needs. Figure 15.1 shows an example of a simple iRule.
Figure 15.1 Example of an iRule
This iRule is triggered when a DNS request has been detected, causing the Global Traffic Manager to send the packet to the pool my_pool, if the IP address of the local DNS making the request matches 10.10.10.10.
iRules can direct traffic not only to specific pools, but also to individual pool members, including port numbers and URI paths, either to implement persistence or to meet specific load balancing requirements.
The syntax that you use to write iRules is based on the Tool Command Language (Tcl) programming standard. Thus, you can use many of the standard Tcl commands, plus a set of extensions that the Global Traffic Manager provides to help you further increase load balancing efficiency.
1.
On the Main tab of the navigation pane, expand Global Traffic and click iRules.
The iRules screen opens.
2.
Click the Create button.
3.
In the Name box, type a 1- to 31-character name.
4.
In the Definition box, type the syntax for your iRule.
5.
If you want to expand the length of the Definition box, check Extend Text Area. Also, if you want the contents of the iRule to wrap within the box, check Wrap Text.
6.
Click the Finished button to save your changes.
1.
On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.
The main screen for wide IPs opens.
2.
3.
On the menu bar, click iRules.
The main iRules screen for the wide IP opens.
4.
Click the Manage button.
The Manage iRules screen opens.
5.
From the iRule list, select an appropriate iRule.
6.
Click the Add button.
The new rule appears in the list of assigned iRules.
7.
Click the Finished button to save your changes.
In a basic system configuration where no iRule exists, the Global Traffic Manager directs incoming traffic to the default pool assigned to the wide IP that receives that traffic based on the assigned load balancing modes. However, you might want the Global Traffic Manager to direct certain kinds of connections to other destinations. The way to do this is to write an iRule that directs traffic to that other destination, contingent on a certain type of event occurring. Otherwise, traffic continues to go to the default pool assigned to the wide IP.
iRules are therefore evaluated whenever an event occurs that you have specified in the iRule. For example, if an iRule includes the event declaration DNS_REQUEST, then the iRule is triggered whenever the Global Traffic Manager receives a name resolution request. The Global Traffic Manager then follows the directions in the remainder of the iRule to determine the destination of the packet.
The iRules feature includes several types of event declarations that you can make in an iRule. Specifying an event declaration determines when the Global Traffic Manager evaluates the iRule. The following sections list and describe these event types. Also described is the concept of iRule context and the use of the when keyword.
Triggered when a connection to the server was unable to complete. This might occur if the pool has no available members or a selected pool member is otherwise not available.
Triggered when an iRule that contains the RULE_INIT event is changed, or when the gtmd utility restarts.
Note that only the following commands are valid with this event: whoami, whereami, crc32, findstr, log, substr, and whereis.
You make an event declaration in an iRule by using the when keyword, followed by the event name. For example:
When you assign multiple iRules as resources for a wide IP, it is important to consider the order in which you list them on the wide IP. This is because the Global Traffic Manager processes duplicate iRule events in the order that the applicable iRules are listed. An iRule event can therefore terminate the triggering of events, thus preventing the Global Traffic Manager from triggering subsequent events.
1.
On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.
The main screen for wide IPs opens.
2.
3.
On the menu bar, click iRules.
The main iRules screen for the wide IP opens.
4.
Click the Manage button.
The Manage iRules screen opens.
5.
Click the name of an assigned iRule and then use either the Up button to move the iRule up one position, or the Down button to move the iRule down one position.
6.
Click the Finished button to save your changes.
Some of the commands available for use within iRules are known as statement commands. Statement commands enable the Global Traffic Manager to perform a variety of different actions. For example, some of these commands specify the pools or servers to which you want the Global Traffic Manager to direct traffic.
Table 15.2 lists and describes statement commands that you can use within iRules.
Causes the current packet or connection (depending on the context of the event) to be discarded. This statement must be conditionally associated with an if statement.
Same as the discard command.
if { <expression> } {
<statement_command>
}
elseif { <expression> } {
<statement_command>
}
Note that the maximum number of if statements that you can nest in an iRule is 100.
[use] host <addr> [<port>]
Causes the server host, as identified by IP address and, optionally, port number, to be used directly, thus bypassing any load balancing.
[use] pool <pool_name> [member <addr> [<port>]]
Causes the Global Traffic Manager to load balance traffic to the named pool. This statement must be conditionally associated with an if statement. Optionally, you can specify a specific pool member to which you want to direct the traffic.
The Global Traffic Manager supports several iRule commands that are unique to its global traffic management capabilities. These commands can specify a specific CNAME or wide IP name, or determine the geographic origin of the request.
Table 15.3 lists and describes wide IP commands that you can use within iRules.
Returns the persistence state value, when enabled. If you specify arguments, returns the previous state value.
Returns the number of pools or a list of pools in the wide IP that are in the specified state. If you do not specify a state, returns all pools.
Overrides the default time-to-live value. If this command is used for a CNAME, the value overrides the default of 0. If this command is used for a pool, the value overrides the time-to-live value for that pool.
whereis <ip_addr> [ [continent] | [country] | [state] | [abbrev] | [city] | [zip] | [area_code] | [latitude] | [longitude] | [isp] | [org] | [country_cf] | [state_cf] | [city_cf] | [proxy_type] ]
Returns the geographic location of the specified IP address. The default geolocation database (GeoPoint by Quova®), includes data for IPv4 addresses at the continent, country, state, ISP, and organization levels, and for IPv6 addresses at the continent and country levels. Note that you can access the ISP and organization-level geolocation data for IPv4 addresses only using the iRules whereis command.
If you do not specify keywords, the command returns continent, country, state, and city data with curly braces in place of the value of any of these parameters for which data is not available.
abbrev
The abbreviation of the name of a state or region.
org
The name of an organization.
country_cf, state_cf, and city_cf
The confidence level, as a percentage, for the accuracy of the country, state, and city data.
proxy_type
The type of connection.
The options are unknown, anonymizer, aoldialup, aolpop, aolproxy, cache proxy, fixed, international proxy, mobile gateway, none, pop, regional proxy, satellite, and superpop.
The Global Traffic Manager includes a number of utility commands that you can use within iRules. You can use these commands to parse and retrieve content, verify data integrity, and retrieve information about active pools and pool members.
Table 15.4 lists and describes the commands that return a string that you specify. The pages following the table provide detail and examples of the commands.
Finds the member of a data group that contains the result of the specified expression, and returns that data group member or the portion following the separator, if a separator was provided.
Some of the commands available for use within iRules allow you to check the integrity of data. Table 15.5 lists and describes these commands.
Utility Command
Returns the crc32 checksum for the provided string, or if an error occurs, an empty string. Used to ensure data integrity.
Returns the RSA Data Security, Inc. MD5 Message Digest Algorithm (md5) message digest of the provided string, or if an error occurs, an empty string. Used to ensure data integrity.
The iRules commands listed in Table 15.6 allow you to retrieve data about the Global Traffic Manager, data centers, servers, pools, and pool members.
LB::status [<up | down | session enabled | session disabled>]
LB::status pool <name> member <address> [<port> <up | down | session enabled | session disabled>]
LB::status vs <ip> <port> [<up | down | session enabled | session disabled>]
member_priority <pool name> member <ip> [<port>]
members [-list] <pool name>
[blue | green | yellow | red | gray]
Returns the number or list of pool members in the specified pool that are in the specified state. If you do not specify a state, returns all pool members.
Returns the number of up nodes behind a virtual server.
Local Traffic Manager virtual servers can have a pool with multiple nodes. If there is not a monitor on the Local Traffic Manager side, the server is blue. However, the Global Traffic Manager interprets this blue virtual server as green, and the nodes_up value is 1.
The Global Traffic Manager includes a number of protocol commands that you can use within iRules. You can use these commands to identify IP addresses and ports of both the clients and servers for a given name resolution transaction.
1.
On the Main tab of the navigation pane, expand Global Traffic and then click Wide IPs.
The main screen for wide IPs opens.
2.
3.
On the menu bar, click iRules.
The main iRules screen for the wide IP opens.
4.
Click the Manage button
The Manage iRules screen opens.
6.
Click the Finished button to save your changes.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)