Forum Discussion

Bryan_38320's avatar
Bryan_38320
Icon for Nimbostratus rankNimbostratus
Jul 16, 2010

class match instead of findclass

I recently did an upgrade from 9.x to 10.1. Under 9.x we were using a class data structure for several hundred redirects.

 

 

Example:

 

 

class noclass {

 

"/notthissite1 http://www.thissite1.com/"

 

"/notthissite2 http://www.thissite2.com/"

 

"/notthissite3 http://www.thissite3.com/"

 

}

 

 

rule classyrule {

 

when HTTP_REQUEST {

 

set uri [string tolower [HTTP::uri]]

 

set gohere [findclass $uri $::noclass " "]

 

if { $gohere ne "" } {

 

HTTP::redirect $gohere

 

}

 

}

 

}

 

 

 

 

In 10.1 that changed slightly, a few extra brackets in the class, but more importantly, the findclass command has a huge performance issue when multiple tmm are running. F5 says to use "class match" instead of findclass to fix that. After some research, it appears that this SHOULD work (but does not):

 

 

class noclass {

 

{

 

"/notthissite1 http://www.thissite1.com/"

 

"/notthissite2 http://www.thissite2.com/"

 

"/notthissite3 http://www.thissite3.com/"

 

}

 

}

 

 

rule classyrule {

 

when HTTP_REQUEST {

 

set uri [string tolower [HTTP::uri]]

 

set gohere [class match -value $uri equals noclass]

 

if { $gohere ne "" } {

 

HTTP::redirect $gohere

 

}

 

}

 

}

 

 

 

After some digging and adding some extra logs (removed for brevity) $gohere returns nothing and no redirect happens. Even if it did, the appropriate value isn't there to be redirected to.

 

 

I also looked into the format of the class. There appear to be several methods of defining the class. None of my efforts have been successful.

 

 

The most popular way seems to be something like this:

 

 

class noclass {

 

{

 

"/notthissite1" { "http://www.thissite1.com/" }

 

"/notthissite2" { "http://www.thissite2.com/" }

 

"/notthissite3" { "http://www.thissite3.com/" }

 

}

 

}

 

 

This behaves exactly the same way... $gohere does not return the value from the class.

 

 

I also tried an external file:

 

 

my file is noclass.class:

 

"/notthissite1" := "http://www.thissite1.com/",

 

"/notthissite2" := "http://www.thissite2.com/",

 

"/notthissite3" := "http://www.thissite3.com/",

 

 

 

 

bigip.conf:

 

 

class noclass {

 

type string

 

filename /config/noclass.class

 

}

 

 

rule classyrule {

 

when HTTP_REQUEST {

 

set uri [string tolower [HTTP::uri]]

 

set gohere [class match -value $uri equals noclass]

 

if { $gohere ne "" } {

 

HTTP::redirect $gohere

 

}

 

}

 

}

 

 

 

This one chokes on line 2 (I've tried several iterations of this as well, but above is my interpretation of the documentation).

 

 

 

I don't really care if it is an internal or external class, external might be a nice way to clean the config up a bit, I'm more concerned about getting the value back from my class lookup. I'm apparently going about something all wrong.

 

 

I thank you all for any constructive comments.

 

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jul 16, 2010
    Hi Bryan,

    Out of curiosity, what kind of performance hit did you see when testing findclass in 10.1 compared with the class commands? Did you compare matchclass with class as well? I haven't done any testing of this, so I'm wondering if it's a significant difference.

    The format for a (non-external) name/value pair string datagroup in 10.1 is: 

    
class my_string_datagroup {
   {
      "name1" { "value1" }
      "name2" { "value2" }
      "name3" { "value3" }
   }
}

    You can then use 'class search' to look up the value for a given name (URI, in your example):

    set match [class search -value my_string_datagroup eq [string tolower [HTTP::uri]]]

    'class match' just returns true or false (0 or 1 actually) based on whether the match of the token against the class is successful.

    Aaron
  • Bryan_38320's avatar
    Bryan_38320
    Icon for Nimbostratus rankNimbostratus
    Jul 16, 2010
    I did not test other options as this was kind of a break-fix scenario at the time and since F5 suggested class match -value, I didn't see the need to look at other options. That said, the performance impact of using findclass in 10.1 was quite significant. Under load, the vip would start timing out at just 2,000 connections per second. Under v9 with findclass or under v10 with class match, it could easily handle 350,000 connections.

     

     

    I thought that class match -value returned the value portion of the name/value pair, but I'll give class search a shot.

     

     

    Thanks!

     

  • Bryan_38320's avatar
    Bryan_38320
    Icon for Nimbostratus rankNimbostratus
    Jul 16, 2010
    I was able to test the changes suggested by hoolio and that appears to have resolved the issue. We are running load tests now.

     

     

    Thanks very much for your help!
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jul 19, 2010
    I thought that class match -value returned the value portion of the name/value pair, but I'll give class search a shot.

     

     

    A quick check of the class wiki page shows there isn't a -value flag for class match. Glad you got it working with class search instead.

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/class

     

     

    Aaron