It's almost the end of summer. Kids are back in school, vacations are wrapping up, and everyone's hunkering down for the fall months. DevCentral is as active as ever, and it's only going to amplify as the team keeps on kicking out the jams. I'm hoping this means the Top5 is even more useful as I walk you through what's been going on this week in DCLand and show you some of the things I think are a "must-see". That said, here's your Top5:

The First VIPRION Review

http://devcentral.f5.com/weblogs/Joe/archive/2008/09/03/the-first-viprion-review.aspx

Faster than a speeding bullet and able to handle more traffic than I-5, VIPRION has finally been reviewed, officially. Joe brings us his blog summary of the review as well as the link to the ITPro article where you can read all about it. It's great to see that not only was the review positive, but it included some great sentiment about the future of the ADC and how we're leading the way. Take a look at the full review (link included in Joe's blog post) as it's definitely worth a read.

Google Chrome - Review

http://devcentral.f5.com/weblogs/Joe/archive/2008/09/02/google-chrome---review.aspx

Joe's second review of the week is a big one. The much anticipated Google Chrome has had quite a buzz in the IT community this week, and Joe's review has been right there at the top of the Google results garnering over 100 comments from visitors that want to share their feelings about the shiny, new, sleek browser. I'm not a user yet, personally, but Joe has taken it for a spin and shares his thoughts. Probably even more interesting (sorry Joe) is browsing through the slough of comments and seeing the reactions of the masses. It's fantastic to see this kind of turn-out on DC and I had to share. Not to mention a new browser could quite possibly affect the way people use and view web applications.

If Kernighan were a network architect he would say…

http://devcentral.f5.com/weblogs/macvittie/archive/2008/09/03/3585.aspx

Lori pontificates about network architectures and troubleshooting them, comparing and contrasting those thoughts to software development and the troubleshooting involved with that. This is a good illustration of some of the challenges our customers go through when dealing with their deployments, and is something to keep in mind when trying to think of ways that we can help them get where they're trying to go. It all got started by a great quote from Brian Kernighan - "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." I love it.

Agility or just Change?

http://devcentral.f5.com/weblogs/dmacvittie/archive/2008/09/02/3582.aspx

The other half of the Dynamic MacVittie Duo was hardly resting on his laurels this week. My offering to you, from Don, is his awesome look at IT agility or the lack thereof. As he mentions, we've been at it for over 20 years (IT agility, not F5 in particular) and it's interesting to pause and think about how far we've gotten, where we are, and where we're trying to go. Have we progressed? Has it been enough to warrant the time invested? Get Don's take in his Persistently Different blog. I did, and I don't regret it.

DevCentral Weekly Roundup Episode 53 - No Mercy

http://devcentral.f5.com/weblogs/dcpodcast/archive/2008/09/04/3591.aspx

Finally, this week, we had the entire team back on the Podcast. I can't recall how long that's been, but it's certainly been too long. For the fifty third episode of the weekly roundup the entire team discusses many things, including our distinct lack of mercy when it comes to dealing with each other. Listen in, as I recommend almost every week, to get a good recap of what's been going on, who's working on what, what to expect in coming weeks, the weather….wait…strike that last one. This week we also announce DevCentral's entry into Forrester's "Groundswell" competition. Listen in and follow the links to learn more about what that is and how you can help us take home the gold!

Thanks for tuning in. If you have any feedback or suggestions I'd love to hear them, as always.

#Colin

It's Beta software, it was inevitably going to have some bugs. This bug, however, is a little bit embarrassing for the good folks over at Google. RWW has an article that describes a potentially nasty security hole made possible by Chrome, a known Java bug, and an un-patched WebKit.

You can read the whole article here, but the gist of it is that users can be duped with relative ease into executing just about any Java program that an attacker wants. That's bad. Very, very bad, in case you weren't already sure.

"It's Beta software!" you say, "There's no embarrassment there!". I'd generally agree, but RWW goes on to mention the part where this is a known bug with an old version of Apple's WebKit, and could have been avoided had Google used a more recent version as a basis for Chrome.

Yes, it's Beta software, yes, it requires user interaction to execute, but this is still a pretty nasty bug, stemming from an easily avoided, well-known issue. That's bad, last I checked.

This isn't a horrendous issue as I'm sure Google will just update the version they're using before general release, but for the thousands (millions?) of people that are already using Chrome, you might want to be careful what you click on.

#Colin

I'm pretty sure everyone's heard the old adage, "When it rains, it pours".  It's the same pretty much everywhere, it seems.  Whether it's your personal life or in the business world, there isn't much of a difference as far as I can tell.  This is likely because most things are somehow coupled together to form a chain of events that, given proper analysis from an informed yet detached point of view, would become clear. I.E. The DB's index got corrupted because the third spindle has acted up because the AC is on the fritz and overheating things and even though you've been trying to get that addressed it's not done yet because the maintenance guy's truck overheated on the way to the appointment yesterday thanks to the same heat-wave that's causing your problems...etc.

That doesn't mean it's any easier to deal with any one of these events, let alone the whole lot at once. At the time it seems like there are gremlins  everywhere, plotting your slow and torturous demise, or maybe a broken mirror somewhere that you didn't realize you were responsible for. I've had some  experience with this many times over, I'm sorry to say. These things all seem to be happening at once and it can get pretty overwhelming. The thing to do, as far as I can tell, is to take things one at a time and prioritize them the best you can.  It's important to keep in mind that the universe is not conspiring against you and there is no evil death ray pointed at you from a far off space vessel, bent on the slow yet inevitable destruction of your frail human consciousness by way of aggravation overload. That's just silly...I hope.

Another way to help, as with all things, is to be prepared. This could easily translate to backup hard disks or maybe even entire servers, depending on your scale. This could also equate to putting mechanisms in place that allow you to more easily deal with such situations. I'm not sure I can draw any great examples in a personal setting, but things like a high-availability infrastructure, easily configurable application switching, global disaster recovery strategies, etc. could definitely help prevent some of the stress headaches in the IT world.

Now, if someone would just show me how to implement these same ideals in my personal life, I'd be much appreciative.  What, no ADC for the home? But my deck is failing and I want to fail over to the backup! I want to run the laundry machines in active-active so things will stop piling up and I can make some headway, then go back to active-standby with no extra cost. I want to have an ever updating security model that is aware of the attacks going on elsewhere in my area and protects me against them before they can get to me.  I want to write some custom code that changes the way my house interfaces with the world so that I don't have to mow the lawn or clean the windows anymore. No?  Well, nice to dream, anyway.

#Colin

Goodness it's been a while since we've had a Top5, hasn't it? The past couple months have been insane for vacations/medical leave/paternity leave, etc on the DC team. Hopefully things are settling down now, and we can get back to our normal routine. Regardless, here I am, your faithful guide through the oceans of content on DevCentral, committed to bringing you a weekly sampling of the Top5 coolest new things that showed up on DevCentral. Even with parts of the team out, there's been lots of content, so buckle up, here's your Top5:

Dear Data Center Guy

http://devcentral.f5.com/weblogs/macvittie/archive/2008/08/29/3572.aspx

Sometimes the things I pick for the Top5 are the most informative pieces I can find. Other times they're the most exciting and interesting because of some new announcement or content. This one is, well, just plain hawesome. Go check out Lori waxing away from the perspective of a lonely, forlorn BIG-IP. Follow this plea to the "Data Center Guy" and find out why it is that there's more than meets the eye to the BIG-IP, and why it's worth investing some more time getting to know yours.

Crack open the books, it's iRule time

http://devcentral.f5.com/weblogs/Joe/archive/2008/08/29/crack-open-the-books-its-irule-time.aspx

Exciting news from the training group! F5's stellar training team now officially offers and is booking iRules training! This is fantastic news. Up until now the aspiring iRuler had to rely only on their wits, their browser, and the ever-faithful DevCentral. Now there's an organized, formal way to get some hands-on, classroom instruction to get your iRuling experience jump started. This is something that's been a long-time request of the DC members, and I'm very, very pleased to be able to share this great news. Make sure you take a look and read the course description for more info.

iControl Apps - #08 - System IP Statistics

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=264

Check out Joe flexing those iControl muscles yet again in this continuation of the iControl Apps series. In this edition Joe will walk you through how to query yet more fun statistics type stuff (very technical term) from the BIG-IP via iControl. If you ever wondered how to get access to aggregate, IP based statistics in a programmatic fashion, well, then this is the one you've been waiting for. Even if that hasn't been your dream since high school, this post is definitely worth checking out for more firepower to add to your iControl arsenal.

20 Lines or Less #14

http://devcentral.f5.com/weblogs/cwalker/archive/2008/08/29/20-lines-or-less--14.aspx

In our second week back on track with the 20LoL I manage to find still more cool examples of iRules fu that are byte sized at most. In less than 21 lines you can learn how to distribute email to the appropriate pools based on IP address. If that's not enough, we're doing HTTP inspection without HTTP profiles, too. Confusing? It won't be if you click through and take a gander. Good ole' TCP commands to the rescue. Take a peek, send some comments, add a suggestion.

DevCentral Weekly Roundup Episode 52 - The Road to 100

http://devcentral.f5.com/weblogs/dcpodcast/archive/2008/08/29/3575.aspx

Last, but never least, is this week's DevCentral Roundup. This is a special edition of the podcast this week, because this week we wrapped up our 52^nd chat about DCLand, IT in general, and all sorts of other wacky stuff. With a year's worth of podcasts behind us, it's time to set our sights on 100 and keep on trucking, because there's plenty to talk about every week, that's for sure. This week listen to Don and Joe talk about all sorts of cool iControl applications and twitter and the like, and Colin try to keep up and explain that he's almost caught up from being out for 3+ weeks….honest. The Roundup is always a great way to get a dose of what we've been up to in a short amount of time, without even having to do any of that reading stuff. Have a listen and let us know what you think.

There you have it, your Top5 for this week from DevCentral. It's good to be back, and hopefully you faithful readers out there have been eager for this to get fired back up. If you've got questions or comments please feel free to drop me a line, as always. See you next week.

#Colin

What could you do with your code in 20 Lines or Less? That's the question I ask every week, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

This week we've got three more fun examples of iRules goodness for you, thanks to the awesome community driving the forums and the CodeShare.  As always the goal is to show off some of the things that you can do with iRules in less than 21 lines of code. Let's dig in:

Distribute Email by Source IP

http://devcentral.f5.com/wiki/default.aspx/iRules/DistributeEmailBySourceIP.html

From the wiki comes this handy showcase of pool switching based on IP address. Putting this to good use by distributing info to different mail pools is an even cooler idea, which is just  what this iRule does.

when CLIENT_ACCEPTED {
   if { [IP::addr [IP::remote_addr] equals 10.2.0.0/255.255.0.0 ] }  {
     log local0. "Node IP address is: [IP::remote_addr] and sent to SMTP_clients_from_10.2"
     pool smtp_clients_from_10.2
   } else {
     log local0. "Node IP address is: [IP::remote_addr] and sent to SMTP_clients_from_elsewhere"
     pool SMTP_clients_from_elsewhere
   }

}

String Based HTTPS Redirect

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=26517&view=topic

Yet another cool twist on the simple HTTP redirect iRules we've talked about before, this one uses a Location header in the response as well as a class of URIs to pick from. Even though it's a variation on a theme, it's cool to see the ways people are doing things, and remind us all that we have LOTS of options when it comes to iRuling.

 when HTTP_REQUEST {  
    switch -glob [string tolower [HTTP::uri]] {  
      "*alumni/giving/gift/" -  
      "*alumni/giving/pledge/" -  
      "*alumni/directory/search.aspx" -  
      "*alumni/directory/update.aspx" {  
      # don't do anything... 
      }  
    default { 
       HTTP::respond 301 Location "http://[getfield [HTTP::host] : 1][HTTP::uri]"   
      } 
    }  
  }

HTTP Routing without HTTP Profile

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=26569&view=topic

This one is super cool (assuming it works..note that it's untested, but I like it anyway!). The issue here was that the user needed to inspect some HTTP information in a session without applying an HTTP profile to the Virtual Server. That means no HTTP:: commands. Oh no! Never fear, TCP::collect to the rescue!

 when CLIENT_ACCEPTED { 
   TCP::collect 
 } 
 when CLIENT_DATA { 
   set idx [string first " HTTP/1." [TCP::payload]] 
   if { $idx < 0 } { 
     if { [TCP::payload length] > 2048 } { 
        log local0. "ERROR! Could not find HTTP request in 2K! dropping..." 
        reject 
     } else { 
       # Not enough data yet; collect more 
       TCP::collect 
     } 
     return 
   } 
   set request [string tolower [TCP::payload $idx]] 
   log local0. "Got request: $request" 
   if { $request contains " /XXXXX" } { 
     log local0. "Sending to Pool_XXXXX" 
     pool Pool_XXXXX 
   } else { 
     log local0. "Sending to Pool_WWWWW" 
     pool Pool_WWWWW 
   } 
 } 

Hot off the presses, that's this week's 20LoL. Tune in again next week for even more iRule endeavors.

#Colin

What could you do with your code in 20 Lines or Less? That's the question I ask every week, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

After a couple of weeks out of the office, I'm back at it with your weekly dose of iRules goodness in under 20 lines. This week's 20LoL comes from the forums as well as the codeshare. We've got some great examples here, including one iRule that can be used to help augment an already existing LTM module and give it some extra functionality...cool stuff!

Blocking Content with iRules

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=26722&view=topic

This is a good example of a robust, logified way to block certain URI parameters from being allowed through to the back-end servers. Aaron's gone to the trouble to both document the code and the output heavily. That might not be the fastest possible solution in production, but it sure is nice for testing.

 when HTTP_REQUEST { 
  
    # Log a debug message with client IP:port and the class contents 
    log local0. "[IP::client_addr]:[TCP::client_port]: class \$::badStrings: $::badStrings" 
  
    # Check if the client IP is part of the hosts datagroup 
    if { [matchclass [IP::server_addr] equals $::Hosts]}{ 
  
       # Log a debug message indicating the client IP matched the Hosts class 
       log local0. "[IP::client_addr]:[TCP::client_port]: matched Hosts class \$::Hosts: $::Hosts" 
  
       # Check if the requested URI contains any known bad strings 
       if { [matchclass [string tolower [HTTP::uri]] contains $::badStrings]}{  
  
          # Log a debug message indicating the client matched the Host class and had a bad string in the URI 
          log local0. "Matched server IP and found bad string in [HTTP::uri]: \
entry# [matchclass [string tolower [HTTP::uri]] contains $::badStrings]"  
  
 	 # Drop the TCP connection	  
 	 drop  
       } 
    } 
 } 

MSM Whitelisting

http://devcentral.f5.com/wiki/default.aspx/iRules/MSMBypass.html

This codeshare entry shows how you can use an iRule to get even more out of MSM on your LTM. Oh how I love TLAs.  By creating a whitelist of known good IP addresses in this iRule, you can skip MSM processing and wring even more performance out of your BIG-IP...nice!

  priority 1
  when CLIENT_ACCEPTED {  
    if { [matchclass [IP::client_addr] equals $::white_list] } {  
            log local0. "client: [IP::client_addr] found in white_list directed to http_test_pool"  
          pool http_test_pool  
          event disable all  
    }  
    elseif { [matchclass [IP::client_addr] equals $::black_list] } {  
              log local0. " client: [IP::client_addr] found in black_list directed to http_test_pool_2"  
          pool http_test_pool_2   
                     # or discard  
          event disable all  
    }  
  } 

Search and Replace via iRule

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=27079&view=topic

This example shows some of the things that can be done via the stream profile and selectively enabling replacements via iRules. The stream profile gives you plenty of ability to do data swapping in-line with even more speed than writing out the logic by hand in an iRule. Definitely good stuff.

when HTTP_REQUEST {   
  set replace_content 0  
  if {[HTTP::uri] contains "/atoz/"} {   
    set replace_content 1   
  }   
}   
when HTTP_RESPONSE {  
  if {$replace_content equals "1"} {  
    # Disable the stream filter by default  
    STREAM::disable  
    # Check if response type is text  
    if {[HTTP::header value Content-Type] contains "text" and [HTTP::header "User-Agent"] contains "***"}{  
      # Replace  
      STREAM::expression "@123@xyz@ @456@xyz@"  
      # Enable the stream filter for this response only  
      STREAM::enable  
    }  
  }  
}   

There you have it, three more examples of iRules goodness in less than 20 lines each. See you next week.

#Colin

After a couple of long weeks out for recovery (yay hernia repair!), it feels good to be back at it again here in DCLand.

It's crazy, though, how things stack up.  I was just chatting with the guys on the podcast yesterday about how much there is to catch up on. It's not just email anymore.  What's that, girl? The RSS feeds filled up the well? My god!

1300+ emails, 50+ voicemails, a slough of RSS feeds, tweets, Myspace messages and IMs to respond to...uh, yeah, I'll be done around New Years.  Emails and Feeds and IMs, oh my!

Anywho, just wanted to drop a note saying I'm back in action and you can start looking for those regular weekly drops from me again (Tech Tips, 20LoL, etc.) as well as the normal forum crawling I can't seem to stay away from. I can't figure out how to fit another cliche in there...oh well.

#Colin

It's been a while since I've been in the South. It's funny how some things came back almost immediately as fond memories. Even the heat and humidity felt comfortable from my years spent in Atlanta, so when I found myself in the midday New Orleans sun, it wasn't as bad as it would be for perhaps the average Seattle-ite with gills.

Today I arrived in The Big Easy to help put on the iRules course at our annual Partner Summit. This is my first trip to New Orleans, and as an avid jazz/blues fan I have to say I'm excited for more reasons than just getting to share the good word about iRules/iControl/DevCentral. I'm really hoping I get the chance to get out and check out some awesome music while I'm here. If I get to have some awesome food while doing it, all the better.

I'm even more excited because I get to be a co-presenter of some killer content (duh, it's about iRules, how could it be anything less?) with some really bright fellow F5ers, which should prove to be a truly hawesome experience. It's nice to feel so excited after having a little trepidation before coming down here.

It's not that I don't like to travel, I love it, I don't even mind the flying or the airports, it's just that when I get back I get to go under the knife for a minor surgery, and I couldn't quite seem to get that out of my head. Low and behold, though, this trip is proving to be just the thing for it. I'm having fun so far, even though I just got here, catching up with the other iRulers that I'll be presenting with, and generally relaxing and getting out of my head. That's a good thing, so yeah....awesome.

For any of you that might be attending, hope to see ya here! For those that aren't, I'll surely post more later.

#Colin

I'm back with another week's worth of DevCentral goodness for you. The DC team just keeps rocking along and putting out all sorts of awesome content. That is of course in my completely neutral, un-biased opinion. This week I'll take you through five more great reasons to visit DevCentral, ranging from an exclusive interview with Joyent's CTO and co-founder, to real-world examples of PowerShell coding in the wild, making use of the BIG-IP and iControl. That said, let's get to it. Here is your Top5 for this week:

Scaling in the Cloud with Joyent's Jason Hoffman

http://devcentral.f5.com/weblogs/interviews/archive/2008/07/23/scaling-in-the-cloud-with-joyents-jason-hoffman.aspx

You may have seen Joe's blog post last week about Joyent, a shared cloud provider, scaling LinkedIn's BumperSticker application to over a billion page views per month. That's an impressive number regardless of the platform. What made this even more compelling is that BumperSticker is a Ruby on Rails application. For those of you that haven't been keeping tabs, Ruby on Rails is one of the fastest growing languages/platforms out there on the web, but it's historically been accused of being unable to scale to handle enterprise traffic levels. Joe and I got the chance to chat with Joyent's CTO, Jason Hoffman, to get the skinny on the cloud over at Joyent. Listen in to hear about what they're doing, why it's so powerful and unique, how F5 is an integral part of that process, and where you can show up to get some tasty tacos.

4 Reasons not to use mod_security

http://devcentral.f5.com/weblogs/macvittie/archive/2008/07/23/3477.aspx

Well, Lori's done it again. With her recent blog post detailing some of the possible scenarios and reasons that mod_security isn't for everyone, she's managed to stir up another fantastic and lively discussion. Check it out to see what the community has to say about Lori's position on application security firewalls and mod_security. She even managed to get Ivan Ristic, the creator of mod_security to chime in not once but twice. Way to go Lori! Aside from all the chatter and comments, it's an interesting read in its own right, so take a look.

Custom SNMP Traps

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=256

SNMP has long been the standard for server monitoring. Despite the fact that we offer iControl for monitoring these days, there will likely always be a relatively strong contingent of SNMP lovers who either use it extensively in house anyway, or don't want to learn how to use iControl. That's why articles like this one are important. Deb walks through how to define, create and test custom SNMP traps to allow for customizable actions based on certain log content. This can be extremely useful to notify administrators, alert a group of an outage, or even trigger other custom processes to perform some action behind the scenes. Network and server admins alike will love this one, if they're SNMP folks.

iControl Apps - #05 - Rate Based Statistics

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=257

In the continuation of the iControl Apps series, Joe walks through how to put together yet another keen PowerShell application, this time one that can use iControl to do Rate Based Statistics monitoring for your LTM. Not only does he walk you through the application setup and utilization, but he includes a bonus this time through as well. Included is a cool look at a way to include some .Net code in-line in your PowerShell application which, while arguably overkill for this particular example, could be very valuable in general and as such is a darn cool look at some fancy PowerShell footwork. This one's definitely worth a read, as well.

20 Lines or Less #12

http://devcentral.f5.com/weblogs/cwalker/archive/2008/07/24/20-lines-or-less-12.aspx

Yet another edition of 20 Lines or Less is available for your perusal on DevCentral. This week's edition was especially packed with iRules foo and all kinds of BIG-IP goodness, if I do say so myself. Inside you'll learn how to use SSL commands in an iRule on a non-SSL VIP, extract DHCP info directly from a UDP stream, and re-write the URI based on the load balancing decision. No, I didn't say that wrong…the URI changes based on the server chosen for load balancing. All of these, of course, are less than 21 lines, as always, and are great examples of the kind of power you can get from iRules without having to invest much time at all in the coding process.

There are five more for you from the Top. Hopefully you'll find at least a couple that pique your interest and get you cruising around on DevCentral, looking for more. As always, let me know if you've got any questions or comments.

Thanks,

#Colin

What could you do with your code in 20 Lines or Less? That's the question I ask every week, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

Here we go again, three more examples of the powerful and interesting things you can do with iRules in less than 21 lines. Dipping again into the forums, with a few tweaks here and there (don't worry, I stayed honest to the rule, just took out comments and extra case comparisons, that kind of thing), we've got an action packed 20LoL this week.  Here we go:

SSL iRule on a non-SSL VIP

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=26299&view=topic

This is a great example of using a single iRule for both HTTP and HTTPS traffic. In the forum post Deb shows a cool trick to allow us to sneak SSL commands past the iRule interpreter so that they are there when we need them, if a cert is found, but aren't used when the connection turns out to be straight HTTP.  Pretty cool stuff.

when HTTP_REQUEST {
  HTTP::header replace ClientIP [IP::remote_addr]
  if {[PROFILE::exists clientssl] == 1} {
    set cname "SSL::cipher name"  
    set cbits "SSL::cipher bits"  
    set cver "SSL::cipher version"  
    HTTP::header replace SSLCipher [eval $cname]:[eval $cbits]-[eval $cver]  
    if { [SSL::cert count] > 0} {
      HTTP::header replace SSLSubject [b64encode [X509::subject [SSL::cert 0]]]
      HTTP::header replace SSLClientCert [b64encode [SSL::cert 0]]
      HTTP::header replace WebProtocol "HTTPS-auth"
    } else {
      HTTP::header replace WebProtocol "HTTPS"
    }
  } else {
    HTTP::header replace WebProtocol "HTTP"
  }
}

 

Extracting DHCP Info

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=25727&view=topic

This example for extracting DHCP info is very specific. It's looking for option 82 (Support for Routed Bridge Encapsulation) which may not be particularly useful to everyone out there, but the example stands as a great display of how iRules can help you tear into almost any kind of data, even DHCP data, and make intelligent decisions or actions based on that. Sure, it might take some re-working for your purposes, but what a cool example to get started with!

when CLIENT_DATA {
  binary scan [UDP::payload] x240H* dhcp_option_payload
  set option 0
  set option_length [expr {([UDP::payload length] -240) * 2 }]
  for {set i 0} {$option != 52 && $i < $option_length} {incr i [expr { $length * 2 +2 }]} {
    binary scan $dhcp_option_payload x[expr $i]a2 option
    incr i 2
    binary scan $dhcp_option_payload x[expr $i]a2 length_hex
    set length [expr 0x$length_hex]
  }
  if { $i < $option_length } {
    incr i -[expr { $length * 2 -2 }]
    binary scan $dhcp_option_payload x[expr $i]a2 length_hex
    set length [expr 0x$length_hex]
    incr i 2
    binary scan $dhcp_option_payload x[expr $i]a[expr { $length * 2 }] circuit_id
  } else {
    drop
  }
}

 

URI re-writing based on Load Balancing decision

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=25791&view=topic

Talk about a chicken and egg demonstration. Hearing the title, you might think I have it backwards. When making this kind of decision in an iRule, the URI is often used to help make the load balancing decision. In this case, it's just the opposite. In this example we're letting the BIG-IP make a load balancing decision, then going back and updating the URI based on that decision, before the request is sent to the servers.  Very cool stuff!

when HTTP_REQUEST_SEND {
  set uri [string tolower [clientside {HTTP::uri}]]
  log local0. "[IP::client_addr]:[TCP::client_port]: selected server details: [LB::server] - \$uri: $uri"
  if {[IP::addr [LB::server addr] equals 10.207.225.101] or [IP::addr [LB::server addr] equals 10.207.225.102] or [IP::addr [LB::server addr] equals 10.207.225.103] }{
    log local0. "[IP::client_addr]:[TCP::client_port]: matched server check for .3 or .4"
    switch -glob [HTTP::uri] {
      "*/gsfo/gsfopub*" {
        clientside {HTTP::uri "/Async/CMReceive.ashx"}
        log local0. "[IP::client_addr]:[TCP::client_port]: updated URI to /Async/CMReceive.ashx"
      }
      "*/era/erapub*" {
        clientside {HTTP::uri "/Async/ERAReceive.ashx"}
        log local0. "[IP::client_addr]:[TCP::client_port]: updated URI to /Async/ERAReceive.ashx"
      }
      default {
        log local0. "[IP::client_addr]:[TCP::client_port]: didn't match URI checks"
      }
    }
  }
}

 

There you have it, the forums deliver yet again. I have to say I love checking out all these cool, new, compact examples of iRules goodness. Many thanks to the awesome DevCentral community for their continued contributions. I'll see you next week for another 20 Lines or Less.

#Colin

So it looks like Joe and I are going to have to take a trip down to San Fran to check out Nick's Crispy Tacos with Jason Hoffman, CTO and co-founder of Joyent. Jason puts on a "Taco Tuesday" on the third Tuesday of just about every month.  We've been invited down to check it out and geek out over the hawesome iRules/iControl/Ruby/*Nix/geeky stuff they're doing. Yeah...I'm not completely geeking out and excited, honest. Don't worry though, we'll try to make the best of it.

We got a fantastic opportunity today to talk with Jason about Joyent, what they're doing, their architecture, their background, etc. and how they're heavily leveraging F5 technology to make it all happen.  For those of you that don't know, Joyent is a long-time F5 customer that provides a wickedly cool, scalable, flexible cloud infrastructure to users ranging anywhere from the Mom and Pop size to truly robust Enterprise level applications. You may have seen Joe's blog post about Joyent hosting LinkedIn's BumperSticker Facebook app that recently surpassed a billion page views per month. That spurred an offer to chat, and Jason was more than happy to oblige.

It was absolutely fantastic to talk to Jason who himself is an avid engineer that's got a long history with Unix and many of the flavors of coding that go along with it. As one of the first major adopters of Ruby and, in fact, the very first person to check in source to the Rails source control system, he definitely knows what he's talking about when it comes to *Nix programming, Ruby, and RoR. It turns out we even share a common love for and history with FreeBSD, go figure.

Over the course of our discussion we got to chat with Jason about his role at Joyent, what they're delivering to users, why it's unique and powerful, obstacles they faced along they way, how they got around them which, I'm happy to say, largely included F5 technology and specifically iRules and iControl, and many other such things impressively full of win. From many of their security policies relying on iRules instead of FireWalls, to iControl being an integral part of their provisioning system, to building iRules as solutions to countless customer problems or requirements, these guys are definitely power users and avid DevCentral members, I'm happy to say.

We also got to talk about the modern application, how it's architected, how the old school ways of thinking don't apply anymore and the massive benefits that can come from allowing yourself to see the possibilities with a modern, flexible, layered architecture. This architecture with powerful caches, application aware network devices serving large portions of the application functionality, and scalable, interchangeable back ends thanks to the load balancing that also occurs at that tier is hugely powerful and really more and more of a "must have" as things continue to progress in the application and application delivery world. Pretty darn cool stuff to hear from a PhD helping to run a hugely popular and successful hosting company. How's that for real world application?

This is the exact message I (we) have been pushing for a long time. Every time I talk about "preaching the good word", this is what I'm talking about. Times have changed, technology has improved, and F5 can be a big part of building a powerful, flexible, scalable, reliable architecture if you just let yourself think about things in the new, more modern world that Jason and Joyent have fully embraced. It's allowing them to be as powerful and usable as they are at extremely reasonable costs with incredible scalability as needed.

Check out the podcast to get more of the details. Obviously I'm excited, and am currently trying to refrain from a big squeeeee of geekitude, but that's just how I get when I get to riff about awesome technology with even more awesome people.

Stay tuned for the follow up where Joe and I tear into some tacos, margaritas and hopefully some iControl/Ruby/iRules with Jason down in his neck of the woods. Not that it's been approved yet or anything, but hey, I can hope, right?

Thanks again Jason for the great chat, and keep up the killer work.

#Colin

This week's Top5 takes you from Application Health Monitoring to queues formed by CS students. The team has been hard at it, as always, and there's plenty to dig through on DevCentral this week. Choosing just five things to talk about seems to be an increasingly difficult task thanks to the mounds of content out there every week, but that's a good problem to have. Here are this week's Top picks:

Scaling Ruby on Rails to 1 Billion Page Views a Month

http://devcentral.f5.com/weblogs/Joe/archive/2008/07/15/scaling-ruby-on-rails-to-1-billion-page-views-a.aspx

Joe talks about Joyent's successful scaling of their Ruby on Rails deployment for Linkedin's "BumperSticker" Facebook app to a billion page views a month. That's some pretty serious traffic, and an awesome accomplishment to be able to tout. It's doubly important due to the naysayers out there that would have you believe that Ruby on Rails doesn't scale for high traffic situations. Joe talks about some of the finer details of this recently announced achievement as well as inviting them to jump on a DC podcast with us, which I'm pleased to say they agreed to. Definitely keep an eye out for that chat!

Storage - Where do we go from here?

http://devcentral.f5.com/weblogs/dmacvittie/archive/2008/07/14/3449.aspx

It's no surprise to anyone that's been around computers even a short while that data storage is growing at an amazing rate, as is the demand for storage space due to increased use of media and more and more users of resources already in place. Don shows off some of his in-depth experience in the storage arena by delving into a discussion of different issues facing the storage community these days. He talks about stale data, data tiering, high-speed filers and more. Discussing about different methods of using and dealing with each, this post is definitely worth a read.

20 Lines or Less #11

http://devcentral.f5.com/weblogs/cwalker/archive/2008/07/16/20-lines-or-less-11.aspx

Back on track with three examples each weighing in under 21 lines, this week's 20LoL continues to demonstrate the power you can pack into easily written and managed, short iRules. Feel free to drop in a request for an iRule you need written to solve a certain problem or requirement and who knows, your solution might just be featured in the next 20 Lines or Less. Take a peek and tune in every week as we continue on our exploration of the possibilities that iRules offers to deliver compact yet powerful solutions.

DC Post of the Week - Application Health Monitors: Alternate Ports

http://devcentral.f5.com/weblogs/dctv/archive/2008/07/17/3461.aspx

Deb dives into the Post of the Week yet again to highlight a question asked in the forums, giving an in-depth answer and example to go with it. This week she's addressing Health Monitors and trying to monitor a member of a pool on a port not configured for the pool. Tune in for a walk-through and discussion of how this can be done, benefits, caveats and more.

A queue is a (a) line (b) a pony tail (c) a data structure

http://devcentral.f5.com/weblogs/macvittie/archive/2008/07/14/3448.aspx

In our only multiple choice blog post of the week Lori agrees with a fellow blogger's assertion that "The most agile developers, however, are those who approach programming with a firm grounding in computer science." I suppose that means I'm off that list, but I won't hold that against her. This insightful and interesting post discusses the way that programming has evolved and works in today's world, and why those computer science degrees that actually focus on, well, computer science, might be more valuable than some people think. Take a look inside to see why.

Safely through another five awesome topics from DevCentral, here we are, at the end of this week's Top5. I'll be back next week with more DC goodness. Until then, feel free to drop me any feedback you might have.

#Colin

What could you do with your code in 20 Lines or Less? That's the question I ask every week, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

This week's 20LoL comes care of both the codeshare and the forums alike.  I got to deal with a couple of particularly cool forum posts this week, one of which made the list, as did an iRule from the infamous hoolio himself. Dealing with HTTP and ranging from spiders to working around a work-week, these examples are yet more ways you can leverage iRules in less than 21 lines. Here we go:

Rate Limiting Search Spiders

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=26064&view=topic

Spiders on the web aren't the same pests as spiders in your house, but they can certainly have adverse effects if they're making an inordinate number of requests to your web-servers, and driving the load up.  Here's a cool example of how to avoid just that scenario. We've seen something similar a long time ago on DevCentral for Network Computing, but this is a good refresher.

when RULE_INIT {
  array set ::active_crawlers { }
  set ::min_interval 1
}

when HTTP_REQUEST {
  set user_agent [string tolower [HTTP::header "User-Agent"]]
  # Logic only relevant for crawler user agents
  if { [matchclass $user_agent contains $::Crawlers] } {
    # Throttle crawlers.
    set curr_time [clock seconds]
    if { [info exists ::active_crawlers($user_agent)] } {
      if { [ $::active_crawlers($user_agent) < $curr_time ] } {
        set ::active_crawlers($user_agent) [expr {$curr_time + $::min_interval}]
      } else {
        reject
      }
    } else {
      set ::active_crawlers($user_agent) [expr {$curr_time + $::min_interval}]
    }
  }
}

Compression During the Work Week

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&view=topic&postid=25992

Coming through with a great example of how to have compression enabled only from 8AM-5PM, otherwise known as the normal US Workday, citizen_elah shows of his iRules kung fooery to help a fellow community member out. This same logic could be applied to almost anything else, besides compression, making this a great iRule to keep around in your back pocket.

when CLIENT_ACCEPTED {    
  set time_r [split [clock format [clock seconds] -format {%k:%M} ] " "]  
  set time_f [expr {[expr {[lindex $time_r 0]*100}] + [lindex $time_r 1]}]     
  if { not(($time_f >= 800) && ($time_f <= 1700)) } {     
    set compression "off"    
  }    
}    
        
when HTTP_RESPONSE {     
  if { $compression eq "off" } {    
    COMPRESS::disable     
  }     
}     
   

I then came through and offered some optional optimization, so I guess this could be considered your bonus-rule for the week.  It's easy when someone like elah does the legwork up front. ;) Check the link to see the extra example.

Fully Decode URI

http://devcentral.f5.com/wiki/default.aspx/iRules/FullyDecodeURI.html

Representing the last leg of this HTTP tri-ath-a-post is an entry from our illustrious iRules CodeShare. This example shows how to be sure you're FULLY decoding your URI before processing. It correctly points out that sometimes encoded characters can contain encoded characters can contain encoded characters can contain....well, you get the point. See how one person decided to work around such issues in a scant 11 lines of code.

when HTTP_REQUEST {
  # decode original URI.
  set tmpUri [HTTP::uri]
  set uri [URI::decode $tmpUri]

  # repeat decoding until the decoded version equals the previous value.
  while { $uri ne $tmpUri } {
    set tmpUri $uri
    set uri [URI::decode $tmpUri]
  }
  HTTP::uri $uri

  log local0. "Original URI: [HTTP::uri]"
  log local0. "Fully decoded URI: $uri"
}

There you have it, three more choice examples of iRules goodness in 20 Lines or Less. Tune in again next week!

#Colin