Shulou(Shulou.com)06/01 Report--

Basic introduction

IRules is mainly used in F5 load balancing equipment GTM, LTM and LC. It uses TCL language and consists of three parts: event, command and logic. It can work in the 3-7 layers of the OSI model and implement different functions according to different protocols.

Functions of IRules:

1. The functions of packet analysis and information extraction for all TCP and UDP applications are realized.

2. Shunt according to data information

3. Bidirectional data flow rewriting function

4. Selective address Translation (iSNAT)

5. Content-based session persistence.

IRules can split the data according to the extracted information (such as ip, http header, http uri, etc.), so that different request types can be allocated to different server farms. For example, different servers are selected according to file types, different servers are selected according to different browsers, and different servers are selected according to different user types.

The Full Proxy structure of F5 device makes it have the ability of two-way data rewriting. Unlike other traditional network switches, BIGIP can rewrite any content, such as TCP Content,UDP Content,HTTP Request,HTTP Response and so on. Such as rewriting uri, inserting certificate information in header, selective address translation, content-based session persistence and so on.

Programming basis

TCL is an interpretive scripting language and a scripting language that embeds commands.

The command structure of iRules:

Command parameter 1, parameter 2, parameter 3. Parameter n # this is a note

TCL language and command structure:

If {trigger condition} {trigger Action}

Elseif {trigger condition} {trigger Action}

Else {trigger Action}

Events are an important part of the composition of iRules, and different events represent the logical position of data in the whole access process. It usually starts with when.

A command is a direct function that operates on data in irules, such as: [HTTP::uri]. In this command, HTTP represents the HTTP protocol, and uri represents the uri in the http access. They are connected with "::" to represent dependencies. Uri belongs to the command system of HTTP, and similar to: [IP::addr], [TCP::payload], [SSL::handshake] and so on.

Logical operator:

Contains contains

Matches matching

Equals (= =) equals

Starts_with starts with

Ends_with to end with

Matches_regex regular expression matching

Not (!) Non

And (&) and

Or (|) or

Start writing iRules

1. The first irules

When HTTP_REQUEST {

Log local0.info "Hello World!"

}

2. DNS parsing

When DNS_REQUEST {

If {IP::addr [IP::remote_addr] / 24 equals 10.1.1.0/24} {

Host 192.168.10.11

}

Else {

Host 10.10.10.10

}

}

3. Different request sources distribute different pool

When DNS_REQUEST {

If {IP::addr [IP::client_addr] equals 10.1.1.100} {

Pool my_pool_A

}

Else {

Pool my_pool_B

}

}

4. Multiple different request sources are connected to different pool

Class private_net {

Network 10.0.0.0/8

Network 172.16.0.0/12

Network 192.168.0.0/16

}

When HTTP_REQUEST {

If {[matchclass [IP::client_addr] equals:: private_net]} {

Pool internal_pool

} else {

Pool default_pool

}

}

5. HTTP Jump

When HTTP_REQUEST {

If {[HTTP::uri] contains "a"} {

HTTP::redirect http://a.com

} else {

HTTP:redirect http://b.com

}

}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.