Getting Started with iRules Development

iRules represent a revolutionary approach to how application traffic can be intercepted and routed based upon logical policies. iRules, exclusive to F5 Networks BIG-IP Local Traffic Manager, utilize a standard scripting language – Tool Command Language (Tcl) – to construct these policies that can apply to any IP applications. Thus, you can use many of the standard Tcl commands, plus a robust set of extensions that BIG-IP provides to help you further optimize secure traffic management to meet your specific requirements.

Relying upon BIG-IP’s Universal Inspection Engine (UIE), you can write an iRule that searches either a header of a packet, or actual packet content, and then direct the packet based on the result of that search. iRules can even direct application traffic based on the result of a client authentication attempt.

For instance, an iRule could enable you to look for a specific value somewhere within the HTTP header OR payload and then instruct BIG-IP to direct that request to a specific set of servers dedicated to fulfilling that request. Or, an iRule could enable you scour web server signatures of more secure information as an HTTP response is delivered to a client request.

What does an iRule look like?
An iRule is a script that you write if you want influence how requests or responses are are processed by BIG-IP. With iRules, you can send traffic to specific pools based upon a value identified in the header or payload. You can also send (or block) traffic to specific pool members, ports, or URIs. You can even sanitize traffic to strip out sensitive information. The iRules you create can be simple or sophisticated, depending on your content-switching needs. Here is an example of a simple iRule that triggered when a client-side SSL handshake has been completed. When completed, application traffic is sent to the pool named my_pool.

rule my_iRule {
        when CLIENTSSL_HANDSHAKE {
        if { [IP::local_addr] == 10.10.10.10 } { 
              use pool my_pool 
        } 
 }

Keep in mind that iRules work for virtually any IP protocol. Early adopters have embraced iRules to address not only HTTP application challenges but others utilizing SIP, FIX, and others. And, by providing a comprehensive resources via F5 DevCentral, we're here to help you get started.

Here are some helpful resources to help you begin taking advantage of iRules

Read the TechTips
The Tech Tips will provide key documentation about how iRules work as well as documented samples.

Check Out the Samples in Codeshare
There already a few iRules posted and we'll be posting more in the coming weeks. Have you developed something that might benefit other developers? Post it. The more everyone posts, the more everyone benefits.

Write Your Own and Utilize the DevCentral Forum
Like anything, sometimes you have to just dive in and give it a shot. If you're having difficulty, just use the iRules Forum area to post your questions. F5 experts and other community developers will do their best to help you out.

Additional Resources
For information about standard Tcl syntax, see http://tmml.sourceforge.net/doc/tcl/index.html.