What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

This week I’m happy to bring you some very cool iRules dealing with client access to admin sections of an application, strict RR Load Balancing, and client connection limiting.  Moreover, I’m even more pleased that two of the examples in this episode are from spark himself, one of the core Developers responsible for making iRules do the magic that it does.  It’s always fun getting to see what kind of kung fu he comes up with in the forums, and he certainly didn’t disappoint this week.

 

Strict Round Robin LB

http://bit.ly/bsNsPV

In this first example, spark chimes in to help user AppleBee set up some strict round robin load balancing via iRules and the table command.  This is a great example of how to build more rigid, precise controls when your application calls for them.  In this manner, AppleBee is able to have exact control over where the requests are trying to go so that even if CMP is enabled the load balancing rotation doesn’t change.

when CLIENT_ACCEPTED {
set poolname "test-pool"

if { [active_members $poolname] < 1 } {
  # No active pool members; reset client
  reject
  return
}

set count [members $poolname]
set attempt 0
while { $attempt < $count } {
  set num [expr {[table incr "round-robin:$poolname"] % $count}]
  set mbr [lindex [members -list $poolname] $num]
  set mbr_ip [lindex $mbr 0]
  set mbr_port [lindex $mbr 1]
  if { [LB::status pool $poolname member $mbr_ip $mbr_port up] } {
   pool $poolname member $mbr_ip $mbr_port
   return
  }
  incr attempt
}
}

 

Request filtering based on URL

http://bit.ly/cGEaob

Next, Chris Miller helps out another user by showing them a quick and easy way to restrict access to specific URLs by IP address.  This is a simple way to make sure no unwanted guests are trying to visit the admin section of your site, viewing sensitive data, etc. 

when HTTP_REQUEST {
  if { [HTTP::host] eq "www.admin.mysite.com" and ![IP::addr [IP::client_addr]/24 eq 192.168.1.0] } {
    discard
  }
}

 

CMP Compatible Connection Limiting per Pool Member

http://bit.ly/b3Lb0k

Last but certainly not least is another sparkism (hmm, I think I just coined a new term) that shows off yet another use for the wonderfully powerful and handy table command. This time spark is wielding its power to show a way to limit the number of requests to each pool member.  It’s surprisingly easy thanks to the table command and a little help from an after –periodic to help with matching the timer to the connection. Very cool stuff.

when CLIENT_ACCEPTED {
  set key "[IP::client_addr]:[TCP::client_port]"
}

when LB_SELECTED {
  set tbl "connlimit:[LB::server]"

  table set -subtable $tbl $key "ignored" 180   
  if { [table keys -subtable $tbl -count] > 5 } {
    table delete -subtable $tbl $key
    event CLIENT_CLOSED disable
    reject
  } else {
    set timer [after 60000 -periodic { table lookup -subtable $tbl $key }]
  }
}

when CLIENT_CLOSED {
  after cancel $timer
  table delete -subtable $tbl $key
}

There we go, three more awesome iRules to put in your quiver that are less than 21 lines each.  Thanks much to all those contributing in the forums, keep that goodness coming.

#Colin