Phew! Having DC5 successfully out the door, I'm happy to resume my regularly scheduled programming. I'm back, bringing you my Top5 picks off of DevCentral every week. I'll help you sort through the content pouring across the (now new and improved!) site and offer you a few things that you should definitely check out. It's good to see that the content has still been chugging away even while the team was heads down working on the new site improvements. A big thanks to the awesome community and the extended DC team folks (Lori, Pete and co.) for keeping the lights on. Now that I'm back at it, though, allow me to offer you this week's DC Top5:
Network Optimization Won’t Fix Application Performance in the Cloud
http://devcentral.f5.com/weblogs/macvittie/archive/2010/05/20/network-optimization-wonrsquot-fix-application-performance-in-the-cloud.aspx
In her blog yesterday Lori pointed out some key differences between Network Acceleration/Optimization and Application Delivery Acceleration/Optimization that caught my eye and I thought were worth passing along. Her discussion really focuses on Application Performance and the idea that no amount of improving network performance can improve the performance of your application. You can do all the magic in the world to the network traffic while treating it like network traffic, buy the biggest pipes in the world, and still have a slow app. Why? Because changing the network speeds and feeds can't change your application or its behavior. Application Delivery, on the other hand, treats the application like an application and works with the application to try and better serve that application to the users trying to access it. As usual Lori goes into far more depth far better than I could, so just go read the post and thank me later.
Automated Gomez Performance Monitoring
http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084373/Automated-Gomez-Performance-Monitoring.aspx
Joe hit another solid one with his dive into Gomez and iRules working together to provide a detailed look at what your application is doing. First he talks a bit about how Gomez gives you a true look from the outside of what your users are actually seeing in regards to app performance and behavior, then he dives into how iRules can help you deploy the scripts necessary for Gomez to do that thing it does. iRules, as always it seems, make this task much easier and allows you to inject the required code in one place rather than across multiple servers, as well as giving you some other tweaks that you can perform, should you so desire. Take a look at the article for step by step walk through along with necessary code.
Multi-core Redux: Virtually Indistinguishable
http://devcentral.f5.com/weblogs/dmacvittie/archive/2010/05/19/multi-core-redux-virtually-indistinguishable.aspx
As sad as I was to see Don move on to another team within F5, I have to say I'm excited to see the kind of content he's been putting out since joining the TMM team. His delve into the multi-core world was of particular interest to me this week. In his spot-on commentary about how Multi-core, as amazing as it can be, tends to muddy the waters for developers as both individuals and as organizations thinking long-term, he talks about some personal experience he's had with that as well as a possible solution rapidly becoming more and more popular. Via virtualization you can all but ignore multi-core needs by simply supplying more instances of your application rather than a single instance making use of multiple cores. It's an interesting concept and one that I tend to agree is the path of least resistance and likely of most benefit as well. Take a read, I assure you it's worth your time.
20 Lines or Less #39 – Selective SSL, Port Stripping and Headers
http://devcentral.f5.com/weblogs/cwalker/archive/2010/05/21/20-lines-or-less-39-ndash-selective-ssl-port-stripping.aspx
Ahhh my beloved 20LoL. Long was it also neglected due to the steady march of impending deadlines which had to be met, but it too is back this week. I bring you three more examples of how awesome iRules can be in less than 21 lines of code. Take a look at how people in the community (not JUST hoolio, either!) are making use of network side scripting to selectively encrypt back-end SSL, strip port info from redirects, and deal with some interesting custom header needs.
Novell Shoots at the Cloud and Scores
http://devcentral.f5.com/weblogs/macvittie/archive/2010/05/18/novell-shoots-at-the-cloud-and-scores.aspx
This week I'll leave you with a quite humorous bit brought to you by the good folks at Novell, by way of Lori's blog. They've been running a series of adds in the style of dramatic poetry readings using interesting tech topics as content. Lori's "Get Your SaaS Off My Cloud" article was fodder for one such add and it had me spinning up the roflcopter, so I thought I'd share with you for a late Friday funny. Check out the source article as well, as it's definitely a good read.
That's it for my first week back post DC5 haze. I hope you've enjoyed it as I always do, and I'll be back next week with 5 more to keep your DC cravings fulfilled.
#Colin
What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.
With the onslaught of work required to get DC5 up and running it’s been a while since I’ve offered some cool iRule goodness to the community from the community. There have been plenty of examples cruising through the forums, that’s for sure, I just haven’t had the time to comb through all of them or write them up. Now that I can again see the light of day, allow me to share a some good ones with you.
Disabling SSL to one backend pool
We’ve looked at ways to selectively disable SSL before, but this example had an interesting twist that I thought was…well…interesting. The idea here is to selectively disable SSL only on the back end of the connection, not the entire thing. The client should always be encrypted but the server can, in some cases, be plain-text to try and cut down on overhead. Cool idea, and here’s a look at how to make it work, according to a good example by user Alok.
when HTTP_REQUEST {
set my_uri [string tolower [HTTP::uri]]
if { $my_uri starts_with "/secure" } {
pool ssl__pool
} else {
SSL::disable serverside
pool static_pool
}
}
Hash persistence based on true-client IP
Here’s a user that’s trying to work around a limitation in the content distribution service they’re using. They want to use an iRule to perform hash based persistence based on a header supplied giving the client’s IP address. Hoolio, as is often the case, springs into action and whips up a nifty little example making use of lindex and active_members –list that gets the job done.
# Check if the active_members command returns an entry which can be split on a space into two variables
if {[active_members app_http_pool]}{
if {[scan [lindex [active_members –list app_http_pool] [expr {[md5 $tcip_header] % [active_members app_http_pool]}]] {%s %s} ip port] == 2}{
# Select the pool member IP and port
pool app_http_pool member $ip $port
# Exit from this event in this rule
return
}
# Take some default action if the pool is down or scan didn't parse the output?
}
Removing port numbers from redirects
If you’re looking to strip port locations from your redirects, then boy do I have the rule for you. Well, it’s not my rule, really, but I get to share more of Aaron’s work with you, which is a regular and enjoyable part of my jobs these days, it seems. The one man juggernaut has knocked out a quick little header replacement rule using string map and the fun HTTP::is_redirect command to get this job done.
when HTTP_RESPONSE {
if { [HTTP::is_redirect] } {
if { [HTTP::header Location] contains "www.acme.com:10040" } {
log local0. "Original Location value: [HTTP::header Location]"
HTTP::header replace Location [string map -nocase {www.acme.com:10400 www.acme.com} [HTTP::header value Location]]
}
}
}
when HTTP_RESPONSE priority 501 {
if { [HTTP::is_redirect] } {
# Debug logging only. Remove this event once done testing
log local0. "Updated Location value: [HTTP::header Location]"
}
}
Check back next week for some more examples of awesome things you can do with iRules in only a few lines of code.
#Colin
