Professional Documents
Culture Documents
F5 Networks Agility 2015: Irules 101 Lab Guide
F5 Networks Agility 2015: Irules 101 Lab Guide
2015:
iRules 101 Lab Guide
Any other products, services, or company names referenced herein may be trademarks of their respective owners
with no endorsement or affiliation, express or implied, claimed by F5.
These training materials and documentation are F5 Confidential Information and are subject to the F5 Networks
Reseller Agreement. You may not share these training materials and documentation with any third party without the
express written permission of F5.
TABLE OF CONTENTS
Table of Contents................................................................................................................ 3
Lab 1 – Load Balance by Client Port................................................................................... 5
TASK 1 – Create the iRule with F5 iRule Editor.............................................................................5
TASK 2 – Create the iRule with F5 Web Configuration Utility (the GUI).........................................8
TASK 3 – Add iRule to Virtual Server............................................................................................9
TASK 4 – Test iRule..................................................................................................................... 10
Lab 2 – Redirect HTTP traffic to HTTPS.............................................................................12
TASK 1 – Create the iRule........................................................................................................... 12
TASK 2 – Add iRule to Virtual Server.......................................................................................... 13
TASK 3 – Test iRule..................................................................................................................... 14
Lab 3 – Using String Tools................................................................................................. 16
TASK 1 – Create the iRule for “contains”....................................................................................16
TASK 2 – Add iRule to Virtual Server for “contains”....................................................................17
TASK 3 – Test iRule for “contains”.............................................................................................. 18
TASK 4 – Create the iRule for “findstr”.......................................................................................19
TASK 5 – Add iRule to Virtual Server for “findstr”.......................................................................20
TASK 6 – Test iRule for “findstr”................................................................................................. 20
Lab 4 – HTTP Headers....................................................................................................... 22
TASK 1 – Create the iRule........................................................................................................... 22
TASK 2 – Add iRule to Virtual Server.......................................................................................... 23
TASK 3 – Test iRule..................................................................................................................... 24
TASK 4 – Modify the iRule........................................................................................................... 25
TASK 5 – Test iRule with New Updates.......................................................................................26
Lab 5 – Stream Expression............................................................................................... 28
TASK 1 – Create the iRule........................................................................................................... 28
TASK 2 – Test the Web Page Before Applying the iRule..............................................................30
TASK 3 – Add iRule to Virtual Server.......................................................................................... 32
TASK 4 – Test iRule..................................................................................................................... 32
Lab 6 – Using The Virtual Command.................................................................................36
TASK 1 – Create the iRule........................................................................................................... 36
TASK 2 – Test the Web Page Before Applying the iRule..............................................................37
TASK 3 – Add iRule to Virtual Server.......................................................................................... 39
TASK 4 – Test iRule..................................................................................................................... 40
Lab 7 – Maintenance Page................................................................................................ 43
Log results
Lab Requirements:
One virtual server
Two server pools with: a pool named odd and a pool named even. The pool odd will
only have pool members with an odd-numbered final octet (e.g., 10.128.20.11),
while the pool even will only have pool members with an even-numbered final octet
IPs (e.g. 10.128.20.11 = odd, 10.128.20.12 = even)
Estimated completion time: 15 minutes
2. Choose File > Connect or hit the “Connect” icon (it looks like a sprocket) in the upper
left corner.
3. A connection dialogue is presented.
a. Hostname = bigip.f5demo.com
b. Username = admin
c. Password = admin
4. Once you are connected you will see the configuration screen below
when CLIENT_ACCEPTED {
set port_is_odd [expr [TCP::remote_port] & 1]
if { $port_is_odd } {
log local0. "Port [TCP::remote_port] is odd"
pool odd
}
else {
log local0. "Port [TCP::remote_port] is even"
pool even
}
}
One convenient thing about the iRule Editor is the syntax highlighting and line numbers. When
the above iRule is placed into the editor, it will look similar to this next picture.
→NOTE: [blank]
when CLIENT_ACCEPTED {
set port_is_odd [expr [TCP::remote_port] & 1]
if { $port_is_odd } {
log local0. "Port [TCP::remote_port] is odd"
pool odd
}
else {
log local0. "Port [TCP::remote_port] is even"
pool even
}
}
7. Hit “Finished” to complete and the iRule is now attached to the virtual server
1. SSH into the unit by launching Putty from you jumpbox desktop (a saved session
called f5 BIGIP already exists)
a. Host Name (or IP address) = bigip.f5demo.com
b. Username = root
c. Password = default
Questions
If making repeated requests from the same browser, does the page change?
Close the browser and try again. Does anything change?
Does the log message change or stay the same?
Does the pool member IP end with an odd or even 4 th octet?
o Odd example = “Pool member address/port: 10.128.20.11:80”
o Even example = “Pool member address/port: 10.128.20.12:80”
Lab Requirements:
Two virtual servers: one listening on port 80 and one listening on port 443
Estimated completion time: 10 minutes
when HTTP_REQUEST {
if { [TCP::local_port] == 80 } {
#log the redirect action and show the URL being redirected
log local0. "Redirecting to https://[getfield [HTTP::host] ":" 1][HTTP::uri]"
#use the "getfield" command to extract the hostname and strip any trailing port number
HTTP::respond 301 Location https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
}
7. Hit “Finished” to complete and the iRule is now attached to the virtual server
1. SSH into the unit by launching Putty (a saved session already exists)
a. Host Name (or IP address) = bigip.f5demo.com
b. Username = root
c. Password = default
5. Click a couple random links and examine the output of the ltm logs
Congratulations! You just wrote and tested an iRule that redirects all http traffic to https
Lab Requirements:
One virtual server
Two server pools, each with a single pool member: http_pool1 = 10.128.20.11,
http_pool2 = 10.128.20.12
Estimated completion time: 15 minutes
#use the "contains" command to search the URI for the string "login"
#if URI contains "login" then use pool 1, otherwise use pool 2
when HTTP_REQUEST {
if {[HTTP::uri] contains "login"} {
pool http_pool1
} else {
pool http_pool2
}
}
7. Hit “Finished” to complete and the iRule is now attached to the virtual server
2. Examine the output of the web page. Which pool was used?
Questions
When navigating to URIs without “login”, which server was hit?
When navigating to URIs with “login”, was a different server hit?
#use the findstr command to search the URI for the string "me"
#if URI contains "me" 5 characters after "user=" then use pool 1, otherwise use pool 2
when HTTP_REQUEST {
if {[findstr [HTTP::uri] "user=" 5] equals "me"} {
pool http_pool1
} else {
pool http_pool2
}
}
7. Hit “Finished” to complete and the iRule is now attached to the virtual server
4. Examine the output of the web page. Which pool was used? Why?
Questions
When navigating to URIs with “user=me”, which server was hit?
When navigating to URIs with “user=you”, was a different server hit?
Congratulations! You just wrote and tested two iRules that search the URI for various strings
and sends traffic based on the results.
Lab Requirements:
One virtual server
Estimated completion time: 10 minutes
Create an iRule that fires on the HTTP_REQUEST event. The code for this event should log
each of the HTTP Request headers. You will need to use a loop in order to accomplish this.
In the definition screen let’s create an iRule. First define an event to fire the iRule. We will use
the “HTTP_REQUEST” event. Next, the event needs to do something when fired. When a
client comes into the LTM, let’s logs all the HTTP headers. We'll need to create a loop to get
each HTTP header and log the value.
Think about how you would approach this and write down the pseudo code. Now take a shot at
writing the actual iRule. The following code accomplishes this task, and is provided as a guide
in case you need additional assistance:Enter the following text.
when HTTP_REQUEST {
foreach aHeader [HTTP::header names] {
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
}
7. Hit “Finished” to complete and the iRule is now attached to the virtual server
1. SSH into the unit by launching Putty (a saved session already exists)
a. Host Name (or IP address) = bigip.f5demo.com
b. Username = root
c. Password = default
2. When the page loads, edit the iRule you just created ir_lab4_http_headers
3. Add additional content to the iRule (see below)
Edit the iRule so that it also fires on the HTTP_RESPONSE event. The code for this event
should log each of the HTTP Response headers.
In the definition screen let’s add a new event to view the server response. We will use the
“HTTP_RESPONSE” event. Next, the event needs to do something when fired. Similar to the
previous HTTP_REQUEST event that logs all the client request headers, we now want to do the
same thing for server response headers. We'll need to create a loop to get each HTTP header
and log the value.
Think about how you would approach this and write down the pseudo code. Now take a shot at
writing the actual iRule. Modify the existing iRule and add the new HTTP_RESPONSE event
code. The following code accomplishes this task, and is provided as a guide in case you need
additional assistance:
when HTTP_REQUEST {
foreach aHeader [HTTP::header names] {
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
}
when HTTP_RESPONSE {
HTTP::header insert X-Customize "F5 Networks"
foreach aHeader [HTTP::header names] {
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
}
Questions
What is the difference between this version of the iRule and the previous version?
Can you tell which headers are from the request and which ones are from the response?
Where did the “X-Customize” header come from?
Lab Requirements:
One virtual server
Estimated completion time: 10 minutes
when HTTP_REQUEST {
# Disable the stream filter for all requests
STREAM::disable
# Disable response encoding by removing any requests for it.
HTTP::header remove "Accept-Encoding"
}
We will fFollow this block with an HTTP_RESPONSE blockevent handler, which will do all the
important stream manipulation.
Find Example #1:
<TITLE>Welcome to Lorax Bank</TITLE>
Replace With:
<TITLE>Welcome to Agility Bank</TITLE>
Find Example #2:
<td width=70%><p><font face=Arial><br>Welcome to Lorax Bank!<br><br>
Replace With:
<td width=70%><p><font face=Arial><br>Welcome to Agility Bank!
<br><br>
when HTTP_RESPONSE {
# Check if response is text (don't find & replace in other MIME types)
if {[HTTP::header value "Content-Type"] starts_with "text"}{
The [<replace>] option is variable and can be left empty to find and remove the value. The first
character is the delimiter and may be any one of the following characters: .*/-:_?=@& (period,
asterisk, forward slash, dash, colon, underscore, question mark, equals, at sign, ampersand) but
the @ character is most often used.
when STREAM_MATCHED {
log local0. "[IP::client_addr]:[TCP::client_port]: Matched [STREAM::match]"
}
when HTTP_RESPONSE {
# Check if response is text (don't find & replace in other MIME types)
if {[HTTP::header value "Content-Type"] starts_with "text"}{
log local0. "Replacing references from Lorax to Agility"
STREAM::expression {@Lorax@Agility@}
STREAM::enable
}
}
when STREAM_MATCHED {
log local0. "[IP::client_addr]:[TCP::client_port]: Matched [STREAM::match]"
}
2. Review the page and notice all the “Lorax” references on the page.
3. Right click in the web page and “View Page Source” (or “View Source” depending on
browser)
7. Hit “Finished” to complete and the iRule is now attached to the virtual server
1. SSH into the unit by launching Putty (a saved session already exists)
d. Host Name (or IP address) = bigip.f5demo.com
e. Username = root
f. Password = default
5. Review the page and notice all the “Lorax” references on the page have changed to
“Agility”
6. Right click in the web page and “View Page Source” (or “View Source” depending on
browser)
Questions
Did all references of “Lorax” get replaced with “Agility”? If not, why?
What if “Lorax” had a lowercase “L” like “lorax”? What iRule change is needed?
Lab Requirements:
Two virtual servers with each VS containing a different server pool member
Estimated completion time: 10 minutes
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/welcome.php" } {
log local0. "internally routing from [virtual name] to lab6_vs_v2v"
virtual lab6_vs_v2v
}
}
2. Review the page and notice the all references are for “Node #1” and its pool member IP
of 10.128.20.11
3. Review the source code. Right click on the page and select “View Page Source” (or View
Source)
Read through the source code and find any “href”, and you’ll see image links similar to the
following:
<img src=”images/TopBar.png” …>
The full link would look likeThe user-agent normally expands this to
http://lab6.f5demo.com/images/TopBar.png. This URL does not contain “/welcome.php”.
This is important to keep in mind once weyou apply the iRule to a virtual server. This will help
demonstrate that some content on the page will match the iRule and other content will not. As
a result, various content on the page will load with different servers.
4. Now let’s tTest the “v2v” virtual server…
5. Open a web browser and go to http://lab6-v2v.f5demo.com/welcome.php
6. Review the page and notice all references are for “Node #2” and its pool member IP of
10.128.20.12
7. Close the web browser
We You have now verified that lab6.f5demo.com has a dedicated server Node #1, and lab6-
v2v.f5demo.com has a dedicated server Node #2. There currently is no mixing of server nodes
providing content.
7. Hit “Finished” to complete and the iRule is now attached to the virtual server
7. SSH into the unit by launching Putty (a saved session already exists)
g. Host Name (or IP address) = bigip.f5demo.com
h. Username = root
i. Password = default
Questions
What was the before and after difference of the web page once the iRule was applied?
How many server nodes provided content?
Were the images served by Node #1 or Node #2?
What was the pool member IP listed in the textual page content?
Lab Requirements:
One virtual server
Estimated completion time: 15 minutes
when HTTP_REQUEST {
if { [active_members lab7_pool] < 1 } {
set stime 10
HTTP::respond 501 content \
"<html><head><title>Sorry Folks</title></head><body><meta http-equiv='REFRESH' \
content=$stime;url=HTTP:://[HTTP::host]></HEAD> \
<p><h2>Sorry folks! We're closed to clean and repair America's favorite family fun site.\
<p><p>Sorry, uh-huh, uh-huh, uh-huh!</h2></p></body></html>" "Content-Type" "text/html"
}
}
7. Hit “Finished” to complete and the iRule is now attached to the virtual server
3. Click on the “Welcome” link or scroll down to the bottom and click on other random
links.
4. Close the web browser
Up to this point, we know the iRule is successfully checking active pool member count. Let’s
see what happens when all the pool members are marked down.
5. Go back to the F5 web browser
6. Go to Local Traffic > Pools > Pool List
This will cause the pool members to be marked offline and look similar to the screenshot
below.
Now let’s see ifverify that ourthe application behaves differently on the next attempt to open
the web page.
11.Open a web browser and go to http://lab7.f5demo.com
VLet’s verify the iRule one more time by activating at least one pool member.
12.Go back to Local Traffic > Pools > Pool List
13.Select the pool named “lab7_pool”
14.Choose the “Members” tab
15.Check the box for at least one or all pool members
16.Choose “Enable” to bring the server(s) online again
After a few seconds, they should go green and the web page will load successfully again!