iRule editor transactions not atomic with Data Classes

Question

I was snooping on the iRules editor using Wireshark and I noticed something when I changed an address class. Rather than doing an add_address_class, the iRules editor deletes the class then does a create on a new class. There are several issues with this from a transactional integrity issue. If the editor faults before the list is added again, we just lost the class, but what about the time between the delete and create.  
&nbsp;  
&nbsp; If an iRule accesses a class that is not there, it faults and stops processing unless a catch is used. Should we be careful and not use the iRule editor to modify classes on a production box to avoid this? Granted the transactions are processed rapidly, but with 1000s of requests per second, I could see an issue in the time between the delete and the add. 
&nbsp;  
&nbsp; I hope I am wrong here, but I would be interested in knowing the reasoning for handling the classes this way. 
&nbsp;  
&nbsp; Thanks, 
&nbsp;  
&nbsp; Tom Schaefer 
&nbsp; Better Software Solutions, Inc.

joe_pruitt · Answer

The reason for this is that the time of writing the Editor there was a bug in the modify_address_class method and it was just easier to delete/add in much the same way the management GUI does (I could be wrong on that though).  I'm currently investigating the under-the-cover happenings when classes are modified while iRules are processed that access those classes.   
&nbsp;  
&nbsp; My thought is that the 1000's of folks who are using the iRule Editor with production environments would have reported this if it were an issue - but I could be wrong on that one as well. 
&nbsp;  
&nbsp; One could change the logic to remove the old entries and add new ones with the remove_*_class_member and add_*_class_member functions but that could cause you issues as well as you may find yourself in a state when you've added member 1 and then a request comes in an you haven't added member 2-n yet that you are expecting in the iRule.   
&nbsp;  
&nbsp; As I said, I'm exploring the possible side-effects right now and I'll post them when I do. 
&nbsp;  
&nbsp; -Joe

thomas_schaefer · Answer

I agree. Maybe a handy function would be for change_class_name so you could enter the new data, then change the name to an active one. 
&nbsp;  
&nbsp; You could also have the idea of change the data and then publish similar to the way the Web Accelerator works. Just a few ideas. 
&nbsp;  
&nbsp; Thanks for your efforts. 
&nbsp;  
&nbsp; Tom Schaefer

Forum Discussion

iRule editor transactions not atomic with Data Classes

2 Replies

Recent Discussions

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

Related Content

iRules Editor with Visual Studio Code

F5 Editor Eclipse Plugin v2

iRule Editor Features

Lightboard Lessons: SSL Transactions Per Second

Demystifying iControl REST Part 7 - Understanding Transactions