Forum Discussion

genseek_32178's avatar
genseek_32178
Icon for Nimbostratus rankNimbostratus
Nov 30, 2012

iRule Code

Hi,

 

Just trying to under stand how irules work. Got some couple of basic doubts, 1st one is as below,

 

 

 

 

 

 

 

In the above sample irule,

 

 

a)- "server_connected" this is a event triggered for connection from external client To LTM or from LTM to pool member server?

 

 

b) IP:addr is mentioned twice in the 2nd line condition. What is the meaning of 1st instance and then the 2nd one?

 

 

c) what is the meaning of " clientside " word? And what is its significance in being used after ?

 

 

d) - remote_addr here points to the external client or the pool member server?

 

 

thanks- gseek

 

basic
getting started
new to f5

10 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 30, 2012
    is the irule correct? number of open and close bracket is not equal. also, ip::addr seems not in correct syntax.

    IP::addr

    https://devcentral.f5.com/wiki/irules.ip__addr.ashx 

    [root@ve10:Active] config  cat genseek.txt
rule genseek {
when SERVER_CONNECTED {
  if { [IP::addr [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80] } {
    discard
  }
}
}
[root@ve10:Active] config  b merge genseek.txt
Reading configuration from genseek.txt.
Loading the configuration ...
BIGpipe rule creation error:
   01070151:3: Rule [genseek] error:
line 2: [parse error: PARSE missingBracket 31 {missing close-bracket}] [{ [IP::addr [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80] }]
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 30, 2012
    a) LTM to Pool Member

     

    b) I don't understand why it's there twice

     

    c) Clientside refers to the context the IP::remote_addr command is used in, in this case the client side of the proxy (client to F5) not serverside (F5 to real server)

     

    d) External client

     

     

    The rule can be must improved, I'll post an example shortly.
  • genseek_32178's avatar
    genseek_32178
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2012
    I don't get it.

     

     

    If the connection is accepted between LTM to the pool member server, by this time or at this time, LTM already knows the client side IP and

     

    if it matches the IP mentioned in the rule, then LTM shud discard the pkt from the client right?

     

     

    Can't LTM identify that client needs to be discarded before making a connection with the pool member?

     

     

     

    I picked up the irule from the below link

     

     

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_rules.html ( Figure 17.9 )

     

     

    what does the command " cat genseek.txt" and "b merge genseek.txt" do? Merging with what? They look very interesting, would like to know how i can make use of them?

     

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 30, 2012
    Regarding the rule you first posted about, this would be much better and sends a TCP RST to the client; 

    
when CLIENT_ACCEPTED {
 if { [IP::addr [IP::client_addr] equals 10.1.1.80] } {
  reject
 }
}
  • genseek_32178's avatar
    genseek_32178
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2012

     

    What does - [IP::addr [IP::client_addr] syntax mean ? How does LTM understands it?

     

     

    gseek
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Nov 30, 2012
    genseek,

     

     

    "I picked up the irule from the below link

     

     

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_rules.html ( Figure 17.9 )"

     

     

    Looks like there's a documentation typo - they've got the same (correct) example here:

     

     

    https://devcentral.f5.com/wiki/iRules.clientside.ashx

     

     

    It's all about the context: https://devcentral.f5.com/tutorials/tech-tips/irules-concepts-considering-context-part-1

     

     

    Please forgive my two-pence worth.

     

     

    N
  • genseek_32178's avatar
    genseek_32178
    Icon for Nimbostratus rankNimbostratus
    Nov 30, 2012
    thank you nathan and steve.

     

     

    Can any one please help in understanding,

     

     

    what does the command " cat genseek.txt" and "b merge genseek.txt" do? Merging with what? They look very interesting, would like to know how i can make use of them?

     

     

    gsk
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Nov 30, 2012
    cat is a Linux command for display files and way more, type 'man cat' at the command prompt/CLI for more information.

     

     

    b merge merges the configuration from the specified file into the device's running configuration.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 30, 2012
    thanks, Steve.

     

     

    Michael has written nice article about b merge here.

     

     

    BIG-IP and Merge File Configuration Changes by Michael

     

    https://devcentral.f5.com/tutorials/tech-tips/big-ip-and-merge-file-configuration-changes