Forum Discussion

2 Replies

Sort By
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Aug 13, 2013

    An iRules is a piece of code you can write that is processed as data is flowed through the BIG-IP from a client to the server application and back to the client. It's very flexible in the fact that you can make logic decisions about many aspects of what the BIG-IP does with the connection data. An example could be if you want to inspect the URI's going into a HTTP application. For all requests that go to a URI starting with /test, direct those connections to a specific test server. That would look something like this

     

    when HTTP_REQUEST {
  if { [string tolower [HTTP::uri]] starts_with "/test" } {
    node 10.10.10.10 80
  }
}

    I wrote a series on the basics of iRules a while back. You can find the first article here:

     

    https://devcentral.f5.com/articles/irules-101-01-introduction-to-irules

     

    Colin revamped the series last year with this article to start with

     

    https://devcentral.f5.com/articles/-the101-irules-101-introduction-to-programming-amp-tcl

     

    You can also look in the iRules wiki for more links to documentation and sample iRules

     

    https://devcentral.f5.com/wiki/iRules.HomePage.ashx

     

    Hopefully this is enough to get you going...

     

    -Joe

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 13, 2013

    I'll take it right from the iRules wiki page:

     

    An iRule is a powerful and flexible feature within the BIG-IP® local traffic management (LTM) system that you can use to manage your network traffic. The iRulesTM feature not only allows you to select pools based on header data, but also allows you to direct traffic by searching on any type of content data that you define. Thus, the iRules feature significantly enhances your ability to customize your content switching to suit your exact needs.

     

    In other words, an iRule is a packet-level programming API that allows you to control every aspect of client-server communications, and at wire-speed. An iRule can see and touch every bit between OSI layers 4 and 7 (and to some degree layer 3 as well), in any direction, and within any layer 4+ protocol. This capability allows the BIG-IP to not only route traffic (requests and responses) based on environmental criteria (request context, response data), but also re-route, rewrite, add, and remove protocol data in some very intelligent ways.

     

    You can, for instance, route requests to different servers based on the URI or a cookie value. You can, for example, retry a different server if the chosen server returns a bad response, or completely rewrite the response. You can, for instance, request a client certificate, validate it, and then send formatted x509 data to a server as part of a more elaborate authentication mechanism. And you can, for example, create an entire web server with iRules, complete with images, JavaScript, and server side processing. There are many more examples of these capabilities, as this forum illustrates, and the possibilities are practically limitless.