This tech tip is the second in a series on how the Statistics Profile and iRules, when working together, can save time, productivity, and your sleep! Imagine yourself, Mr. IT Manager, working for a company that's business relies on updated content on it's back-end web servers. Your company has a web team that has decided that it's test cycle will always end at AM your time on Saturday morning. So, here you are, arriving at home after a night of wild karaoke and one too many drinks with cheap umbrellas and you get a call from the dev team that they need the site taken off line so they can push out the new content.

After an emergency restore of the software you vowed to never give that department direct access to your servers - ever So, now you are stuck with being on call whenever they deem updates are needed. If only, you could provide your dev team access to control taking their application offline while they are doing updates.

Oh, and they should also be able to view the current status as well as being able to bring it back online. Never fear, help is on the way! There are a couple of handy features within iRules that make this problem a thing of the past. To get things going, you'll need a Virtual Server setup fronting your web application.

Since your application is up and running, that step is already taken care of. Next, you'll need to create a Statistics Profile, assign it to your Virtual Server and write an iRule.

So, first we'll create the statistics profile Now that the virtual server is setup with the statistics profile, you'll need to create an iRule to to add the controlling functions as well as the maintenance window enforcement. Apply the statistics profile to your virtual server. The statistics profile doesn't do much until you apply it to your virtual server properties.

The iRule Now for the fun, here's the iRule that will give you peace, tranquility and a good nights sleep. If not there, return an error message. I've changed it to string concatenation. Sort by:. Search this feed Skip Feed View This Post. May 23, at PM. More comments 1 of In this series of tech tips, we'll talk about the TCL language, its usage and control structures, as well as iRule extensions to the TCL language.

Other articles in the series:. Returns a list created by splitting string at each character that is in the splitChars argument. Each element of the result list will consist of the characters from string that lie between instances of the characters in splitChars. Empty list elements will be generated if string contains adjacent characters in splitCharsor if the first or last character of string is in splitChars. If splitChars is an empty string then each character of string becomes a separate element of the result list.

SplitChars defaults to the standard white-space characters. The list argument must be a valid Tcl list. This command returns the string formed by joining all of the elements of list together with joinString separating each adjacent pair of elements. The joinString argument defaults to a space character. This command joins each of its arguments together with spaces after trimming leading and trailing white-space from each of them.

If all the arguments are lists, this has the same effect as concatenating them into a single list. It permits any number of arguments; if no arg s are supplied, the result is an empty string. The lindex command accepts a parameter, listwhich it treats as a Tcl list.

It also accepts zero or more indices into the list. The indices may be presented either consecutively on the command line, or grouped in a Tcl list and presented as a single argument.

Contact us - Feedback and Help. Become an MVP. Follow Us.In the first part of this series, we discussed the various components of an iRule and specifically how we have implemented the concept of events in the TCL language. The "when" command is used to define a block of code associated with a given event and in this article I'll go over the commands usage and optional arguments.

Other articles in the series:. We refer to these "states" as "events". An iRule must consist of one or more when commands. The list of available events can be found in the Event reference section of the iRules documentation.

The priority is an optional attribute associated with any iRule event.

When the iRules one more multiple are loaded into the internal iRules engine for a given virtual server, they are stored in a table with the event name and a priority with a default of When a situation occurs that will trigger an event, the engine will pass control to each of the event blocks for that given event in the order of lowest to highest priority.

Multiple events with the same priority will be executed in the order they are inserted into the table. The valid values for the priority are 0 to inclusive. The main feature for segmenting your logic into multiple "like" event blocks is to allow code reuse across multiple virtual servers. The default value for the priority attribute is The timing command can be used to enable iRule timing statistics. This will then collect timing information as specified each time the rule is evaluated.

You'll likely only want to look at the average and min numbers as max is often way, way out there due to the optimizations being performed on the first run of the rule. Additionally, enabling timing does have some overhead, though it should be negligible. The default value for the timing attribute is "off".

The timing argument is also a special command that can be placed at the start of an iRule before all when commands. The usage is the same as the argument, but in the case where it is specified at the top, it changes the default to either "on" or "off", depending on what is specified. For a reference of all available commands, see the command reference in the iRules wiki. With knowledge of how multiple "like" event blocks can be prioritized allows for modular development of your iRules and understanding how timing works, will allow you to more easily profile your iRules when you want to squeeze every bit of performance out of them.

That may sound odd, but there has been some important foundational work to do before diving too deep into the technology behind iRules themselves. Don't worry, we'll wait! Back for more? An iRule, in its most simple terminology, is a script that executes against network traffic passing through an F5 device.

The idea is pretty straightforward; iRules gives you the capability to write simple, network aware pieces of code that will influence your network traffic in a variety of ways.

As such, rather than forcing them to submit requests for us to modify our core architecture every time they wanted to be able to use their F5 devices in a manner that slightly diverged from the collection of check boxes and drop downs available in the standard UI, we offered them iRules, and thereby a way to do what they need, when they need it.

At the end of the day iRules is a network aware, customized language with which a user can add business and application logic to their deployment at the network layer. You can see a basic example iRule below, this is what iRules look like, and we will explore the different parts of an iRule in far more depth in coming parts of this series.

If you're not fully comfortable with the code yet, don't let that scare you, we'll dig into each part of what you'll need to build iRules as the series continues.

For now the idea is to start making iRules look and feel more familiar. To start at the beginning, as it were, an iRule is first and foremost a configuration object, in F5 terms. This means that it is a part of your general bigip.

Unlike most configuration objects, though, an iRule is completely user generated and customizable. An iRule is a script, at its core after all. Regardless of how an iRule gets there, be it UI, CLI or Editor, once an iRule is part of your config, it is then compiled as soon as that configuration is saved.

One of the gross misconceptions about iRules is that, as with most interpreted scripting languages such as TCL, and interpreter must be instantiated every time an iRule is executed to parse the code and process it. Byte code is mostly compiled and has the vast majority of the interpreter tasks already performed, so that TMM can directly interpret the remaining object.

This makes for far higher performance and as such, increase scalability. Now that the iRule is saved and pre-compiled, it must then be applied to a virtual server before it can affect any traffic. An iRule that is not applied to a virtual is effectively disabled, for all intents and purposes. Keep in mind though, that this does not necessarily mean that all traffic passing through the virtual in question will be affected. IRules are most often very selective in which traffic they affect, be it to modify, re-route or otherwise.

This is done through both logical constructs within the iRules, but also through the use of events within the iRule itself. Events are one of the ways in which iRules have been made to be network aware, as a language.

If I only want to execute a section of code once for each new connection to the virtual server to which my iRule is applied, I could easily do so by writing some simple code in the appropriate event. Events are also important because they indicate at which point in the proxy chain sometimes referred to as a hud chain an iRule executes.

Given that BIG-IP is a bi-directional proxy, it is important for iRules to execute on not only the right side of the proxy, but at the right moment in the network flow.

So now you have an iRule added to your configuration, it has been automatically pre-compiled to byte code when the configuration was saved, you have it applied to the appropriate virtual server, and the code within the iRule calls out the desired event in which you want your code to execute; now is when the magic happens, as it were. This is where the massive collection of iRules commands comes into play.

From header modification to full on payload replacement to creating a socket connection to an outside system and making a request before processing traffic for your virtual, there are very few limitations to what can be achieved when combining the appropriate series of iRules commands.

