iRule Efficiency Global vs Local variable
We have a pair of clustered (active/standby) F5s running 10.2.0 HF1 LTM module. Our systems are CMP enabled ( two processors ). Currently one processor stays at 99-100% CPU 24/7. The second processor sits in the 50-60% utilization range.
We've found that we have ~ 74-75 VIPs that are CMP enabled but set to use a single-CPU. While the remaining 300+ VIPs are CMP enabled and enabled on all CPUs. We suspect the CPU imbalance may be caused by the large number of single-cpu VIPs all being stuck on the one high utilization CPU. They are all using iRules with global variables declared or referenced in those iRules.
Our old HTTP->HTTPS redirect has some security built into it from an old iRule found in Devcentral.
rule RULE_HTTP_TO_HTTPS {
when RULE_INIT {
set deny_methods [list "CONNECT" "DELETE" "OPTIONS" "TRACK" "TRACE"]
}
when HTTP_REQUEST {
if { [matchclass [HTTP::method] equals $::deny_methods] } {
reject
} else {
HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
}
}
}
We have tested and gotten the same functionality from a new iRule that uses locally defined variables.
rule RULE_HTTP_TO_HTTPS_REDUX {
when HTTP_REQUEST {
set deny_methods [list "CONNECT" "DELETE" "OPTIONS" "TRACK" "TRACE"]
if { [matchclass [HTTP::method] equals $deny_methods] } {
reject
} else {
HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
}
}
}
This does gain us flexibility with allowing all VIPs to now float across TMM instances and make full use of both CPUs and the CMP. Does anyone have any idea if the expense of declaring the variables locally is exceedingly expensive per iteration of if it is relatively inexpensive?
I'm working on timing tests, but I'm not certain if this will take into account efficiencies gained by referencing the global variable.
Thanks,
Jason