After a week of presentations throughout the Middle East and Europe by Joe & Jeff, I took my turn on the tour, beginning with a couple days in Johannesburg, South Africa, and finishing up the week with a few stops in Europe as well.  Today’s session in Antwerp, Belgium, also featured the iRules Contest grand prize winner in the partner division, Sake Blok, with a fine presentation on writing clean iRules and a walk through of his winning iRule.  Oh, and he delivered his presentation from his brand new 17” MacBook Pro—won in the content—just to rub in the fact that I do in fact not have one.  Just kidding, Sake.  It’s a really nice toy, by the way.

Anyway, I believe the presentations were well received (If I’m wrong about that, don’t tell Jeff!)  The agenda was fairly broad spread, covering in part:

• iRules & iControl basics
• Advanced iRules tips & tricks
• Case studies on iRules from some of this year’s iRules Contest winners
• Case study on a similarly functional iControl script written both in Powershell & Python for comparison
• New v10.1 features, including geolocation, tmsh scripting, the table command, etc.

Among Joe, Jeff, myself, and the hundreds of partners and end-users we met with these past two weeks, we have great feedback on product specific things as well as some constructive commentary on how DevCentral can be improved.  To that end, we’re working feverishly in the shadows on deliver some improvements and new functionality to the DevCentral community.  Stay tuned…

No, I’m not talking cars.  I’m not convinced (yet) that the total cost of ownership is lower, set aside the performance.  So what am I getting at?  Skill sets.  Jon Olstik wrote today that, well, he said it better than I could summarize, so I’ll quote him:

“IT needs new networking/application specialists. F5 financial results and the whole evolution of ADC functionality suggest the need for a new IT skill set. I believe there is a growing requirement for hybrid IT specialists who understand both networking and application requirements. These people will become architects and application performance gurus — and make a ton of dough. F5 should work with application vendors like Microsoft or Oracle to create a certification program in this area.”

When I first began managing BIG-IP duties back in 2002, I quickly recognized that my skill set was inadequate to do it, the infrastructure, or the applications justice.  Its purpose was only load balancing and SSL offload, but the impact to the applications, or really, the potentially positive impact to the applications, was not addressed in design meetings.  It just boiled down to make it work.  This boded well for me since I didn’t really know squat about anything above layer four (shush all you haters who will contend that’s still the case).  As I’ve moved from early exposure to BIG-IP’s full proxy arrival in v9, I’ve also taken interest in understanding the applications.  I’m no expert, but I think every network guy that uses application delivery technology owes it to their customer to not just put it on the network and call it good.  If you manage dozens of web applications on your BIG-IP, it will serve you well to understand the HTTP protocol.  Organizations can make this easier on employees by cross training disciplines.  It may make for a slipped deadline or a sluggish development cycle, but rotating your network guys through a month or so of application development shadowing, (and making your application developers field the calls from the users that “the network is slow" with the network guys showing the app developers the traces that prove its not) can only be good long term.  As for you, Jon is absolutely correct that if you can marry the wisdom of network and application, you will be well compensated for your services.  Get in the lab, get dirty, make mistakes (yes, that’s a Magic School Bus reference) and be humble enough to admit you don’t know it all and ask someone from another discipline to mentor you.  You won’t be sorry.

DevCentral as a community relies upon the talents and contributions of its users to help peers and those who are new to F5 products and technologies.  Without users who are willing to take a moment from their busy day and help resolve the problems of complete strangers, DevCentral would be far less community, resembling more of a corporate news site.  Due in large part to the contributions of a select few, the community continues to flourish.  They are in the trenches facing challenges daily, and it is their expertise the community craves.  Without their help, some of our members might still be struggling to get the most out of their F5 gear, or more likely, the core DevCentral members would be working much longer hours as we attempt to assist our ever-growing user base.  We recognize the time and effort put into the DevCentral community.  To that end, we have created the DevCentral MVP program to honor those who, without incentive, contribute to the greater good of our community.

The 2010 DevCentral MVP Class (by username)

• hoolio -  I have to quote Drago from Rocky 4 here: "He is not human, he is a piece of iron."  Mr. forums has more posts than Joe, Colin, and me--combined.
• bhattman - 2009 iRules contest winner and ever-present in the forums and wiki.
• hamish - Contributor in the iControl and monitoring/management forums.  Contributed several slick templates for the F5 host template.
• hwidjaja - Perl nut, which excites Colin.  Active in several forums.
• smp - He's gotta change his username.  I type snmp every time.  Really--every time.  Also an active contributor in several of the forums.
• naladar - Not only a member of our community, but carries the F5 love out to the world with his own TheF5Guy blog.  Interview guest on podcast 107.
• mikejo - Unashamed Firepass specialist.  Active contributor in said forum.

If you want to hear more about the MVPs, podcast 117 was a dedicated highlight show.  Also, make sure to check out the MVP profile pages.

MVPs – we salute and thank you, and we know the community at large thanks you as well!

At long last, we’re happy to announce pycontrol, version 2! This version is a complete re-write of the original, with many improvements. Over the next several weeks keep an eye out for more samples posted to code share as well as tutorials, both in tech-tip and screen cast form.  Here are a few feature highlights:

• Attribute-driven for easy introspection of iControl methods.
• Optional single-file install. No longer requires root access. Just drop pycontrol.py somewhere you'll remember and add it to sys.path, or drop it onto sys.path itself.
• On-box WSDL or remote-fetch. This means you can have *multiple* WSDL versions available and it's easy to point pycontrol either to a BigIP or a local WSDL file.
• Support for concurrent calls via the suds clone() method. For example, clone() multiple pycontrol objects, then use threads to call multiple systems concurrently and fetch results (See the samples dir for a toy example of this).
• Semi backward-compatible with pyControl version 1.x (most 'getter' methods).
• Sane exception handling.
• Easy debug logging via standard syslog facilities. Set "debug=True" on instantiation for trace logging.
• Support for in-object endpoint changes. This allows you to create one object for, say, LocalLB.Pool and point it to different BigIP systems.
• "Pythonic" type objects with attributes. For example, you create a 'Common.IPPortMember' object, then set its 'address' and 'port' attributes.
• Exposure of the underlying SOAP API, Suds. This will allow for power-users to get at all of the underlying API for 100% flexibility. Suds is an excellent, fast-moving project. See https://fedorahosted.org/suds/ for more information on this excellent library.

See the README file inside the bundle for other information – Installation, Quickstart, and a list of known issues.

**PLEASE NOTE**: given that this is a total rewrite, your old code will not work with pycontrol v2.  We’ve tried to minimize the amount of changes you’ll have to make, but the underlying Python API is totally new, and as you’d expect, different from our old one. You’ll need to port your old pycontrol 1.x code over to take advantage of pycontrol v2.

Videos and code samples will follow as the day/week progresses.  Many thanks to the long hours and dedication of F5's own Matt Cauthorn for this excellent effort.  Happy coding!

There have been several questions over the past month in the iControl forum as to whether or not pyControl works on linux.  In the pyControl labs information, there are instructions for install on Microsoft Windows based systems, but not for linux, so maybe this is the source of confusion.  This is not so much that pyControl isn't linux compatible as it is that the installation instructions on the many flavors of linux vary.  In reality, the only step that should be different between the distributions is the first step: installing python.  Now, on my flavor of choice, Ubuntu, python 2.6 is the default version, which doesn't work so well with the ZSI soap library utilized by pyControl.  So I installed python 2.5 alongside 2.6.  This works fine as long as you keep in mind that running python from the command line will actually run the python2.6 binary.  So when you install the python packages necessary for pyControl to work, just remember to either update the symlink (/usr/bin/python on my Ubuntu 9.10 system) or call the python2.5 binary.  Here's the steps I took to get pyControl prepared on my system.

1. Install python2.5 - sudo apt-get install python2.5
2. Download the necessary packages (I threw them in /var/tmp/)
1. Easy Setup - http://peak.telecommunity.com/dist/ez_setup.py
2. ZSI - http://sourceforge.net/projects/pywebsvcs/files/ZSI/ZSI-2.1_a1/ZSI-2.1_a1-py2.5.egg/download
3. pyControl - http://devcentral.f5.com/LinkClick.aspx?link=http%3a%2f%2fdevcentral.f5.com%2flabs%2fpyControl%2fpyControl-1.3.0_beta-py2.5.egg&tabid=73&mid=433
3. Install the packages
1. sudo python2.5 /var/tmp/ez_setup.py
2. sudo easy_install-2.5 /var/tmp/ZSI-2.1_a1-py2.5.egg
3. sudo easy_install-2.5 /var/tmp/pyControl-1.3.0_beta-py2.5.egg

Hey Community!  Just a gentle nudge that we are still accepting entries for the iRules Contest through 5pm pacific on the 30th of September.  Yes, that's only 15 days from now!  I see several iRules flying by in the forums each week that are no brainers for consideration.  Take this nice example from the forums:

 when HTTP_REQUEST {
    set downtimepool "Downtime-NonSSL"
    set downtimemember "10.21.67.103"
    set downtimeport "16080"
    set downtime 0
    if { ([LB::status pool $downtimepool member $downtimemember $downtimeport] eq "up") \
         and (![IP::addr [IP::client_addr]/16 equals 10.21.0.0]) } {
      pool $downtimepool
      log local0. "Sending request to pool $downtimepool"
      set downtime 1
    }
  }
  when SERVER_CONNECTED {
    if { $downtime == 1 and [PROFILE::exists serverssl] == 1 } {
      set disable "SSL::disable serverside"
      catch {eval $disable}
      log local0. "Disabled server side SSL"
    }
  }

User UZimmerman was looking for a way to allow for downtime without having to touch each virtual before and after.  This iRule is a great example of function, though if submitted for the contest, would benefit from some optimization.

What problems can you solve by sitting down and cranking out code?  There are several really cool prizes waiting for you.

I'm a visual learner.  You know this about me.  I've said as much in earlier posts (Me Caveman, Need Picture).  So it should come as no surprise that I'll be highlighting a picture here.  A picture is worth a thous...yada yada yada, you get it.  I see many drawings, all of which are purposed to convey some type of information.  This, however, is a visual treasure chest building on the event ordering goodness discussed by Colin a while back that hones in on the flow of data through the iRules events specific to the HTTP protocol.  If you develop iRules for HTTP traffic, you need this diagram in your toolbox.  Major thanks to F5er John Alam for putting this gem together!

It's iRules Contest time again, community!  I wasn't new to F5 products for the first contest, as I was a version 4.5 user for a couple years, but I was relatively new to the v9 TCL-based iRules.  I was working on a couple different projects at the time, one with terminal server and one with some multi-site SSL redirection challenges, that brought me full force into the DevCentral experience.  F5ers Joe, Colin, Deb & unRuleY nurtured me along, taking time out of their schedules to assist in my learning curve.  This community that I now get to share in serving really blew me away with the willingness to reach out and help.  It was unRuleY's guidance and insight that led to my winning iRule in the first contest.  It was Jeff's kind request that I join the judging panel for the second contest.  Really, the whole experience with DevCentral, before and since joining F5, feels like family.  And not the family you avoid at holidays.  I'm talking about the family you can't wait to hang out with.  Who knew something as simple as a TCL script and a project could shape my career path the way it has.  So, now that I'm done being sappy...what projects are you working on that makes for a killer iRule?  Not just the technicalities, but the impact it has on your organization?  Submit your iRules entry form, and maybe you'll be booting up a MacBook Pro, or snapping some shots with a Canon EOS 5D Mark II DSLR soon enough!  Click here for contest details.  Happy iRuling!

I was having some windows trouble yesterday so I started cleaning up some utilities I didn't think I was using and subsequently broke my python installation.  As I was contemplating what I needed to do to "fix the glitch" (one of my favorite Office Space quotes) it occurred to me as I've been walking through pyControl in a series of tech tips that I have not been testing my code on platforms other than windows.  So today, I'm making the break.  Here on out, if it's not Visual Studio or Powershell, it will not be done in a windows environment.  I may test it on windows to give it a thumbs up, but all non .NET development will be on Linux going forward.

Now that I have that off my chest...what do you recommend?  I was using Eric4 on windows before breaking it.  I've heard good things about SPE, Geany, & Gedit.  I would like to setup an environment with syntax highlighting, versioning, console, and a GUI designer.

BTW, wanted to give Tux an opportunity to show off one of my childhood homes.  OK, I didn't live in the tower (how could you sleep), but I lived in a town down the road called Livorno.  Good times.

For various reason's, one might wish not to advertise to the world the version of BIND running on the GTM.  The fix action is to add two lines to the options section of the named.conf file (See Below).  This can be done at the command line by editing /var/named/config/named.conf, or by editing said file via the GUI.  If done in the GUI, named is restarted for you, if done at the command line, you'll need restart manually (bigstart restart named).  Anway, the lines you'll need to obfuscate the version are:

     query-source address * port 53;
     version "x.y.z";

You can just leave it blank with "", or you can place a message in there.  Whatever text floats your boat.  I did a couple queries around the net and got some "I don't think so!" messages, as well several "Contact <x> for version information".  Quite a few sites I checked returned BIND version information.  This is a standard BIND configuration, so this configuration is not specific to GTM.  For this test, I'll start with a query prior to configuring named.  Then, I'll set the version name to "Not today, my friend..." and re-query.  Results are below.

Before:

user@ubuntu:~$ dig @10.10.20.5 version.bind chaos txt

; <<>> DiG 9.5.0-P2 <<>> @10.10.20.5 version.bind chaos txt
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54141
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "9.5.1-P2"

;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.

;; Query time: 10 msec
;; SERVER: 10.10.20.5#53(10.10.20.5)
;; WHEN: Sun May 10 12:59:20 2009
;; MSG SIZE  rcvd: 65

After:

user@ubuntu:~$ dig @10.10.20.5 version.bind chaos txt

; <<>> DiG 9.5.0-P2 <<>> @10.10.20.5 version.bind chaos txt
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25000
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "Not today, my friend..."

;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.

;; Query time: 8 msec
;; SERVER: 10.10.20.5#53(10.10.20.5)
;; WHEN: Sun May 10 12:40:43 2009
;; MSG SIZE  rcvd: 61

For information on which version of BIND exists on the GTM releases (as well as the other 3rd party software), please reference Solution 9445.