This course provides networking professionals a functional understanding of iRules development. The course builds on the foundation of the Administering BIG-IP or Configuring LTM course, demonstrating how to logically plan and write iRules to help monitor and manage common tasks involved with processing traffic on the BIG-IP system. Extensive course labs consist of writing, applying and evaluating the effect of iRules on local traffic. This hands-on course includes lectures, labs, and discussions.
Prerequisites
Students must complete one of the following F5 prerequisites before attending this course:
- Administering BIG-IP instructor-led course
- Configuring BIG-IP LTM instructor-led course
- F5 Certified BIG-IP Administrator
The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:
- OSI model encapsulation
- Routing and switching
- Ethernet and ARP
- TCP/IP concepts
- IP addressing and subnetting
- NAT and private IP addressing
- Default gateway
- Network firewalls
- LAN vs. WAN
The following course-specific knowledge and experience is suggested before attending this course:
- HTTP protocol
- Any programming language
Objectives
- Describe the role of iRules in customizing application delivery on a BIG-IP system
- Describe best practices for using iRules
- Define event context, and differentiate between client-side and server-side contexts, request and response contexts, and local and remote contexts
- Trigger an iRule for both client-side and server-side request and response events
- Assign multiple iRules to a virtual server and control the order in which duplicate events trigger
- Describe and use a testing methodology for iRule development and troubleshooting
- Use local variables, static variables, lists, arrays, the session table, and data groups to store information needed for iRule execution
- Write iRules that are optimized for runtime and administrative efficiency
- Use control structures to conditionally branch or loop within an iRule
- Log from an iRule using Linux syslog-ng or TMOS high-speed logging (HSL)
- Incorporate coding best practices during iRule development
- Use analyzer tools to capture and view traffic flow on both client-side and server-side contexts
- Collect and use timing statistics to measure iRule runtime efficiency
- Write iRules to help mitigate and defend from some common HTTP attacks
- Differentiate between decimal, octal, hexadecimal, floating-point, and exponential notation
- Parse and manipulate strings using Tcl commands and iRule functions
- Write iRules to access and manipulate HTTP header information
- Write iRules to collect customized statistics
- Implement universal persistence via an iRule
- Modify payload content using an iRule with a stream profile
Agenda
- Setting up the BIG-IP system
- Getting started with iRules
- Leveraging DevCentral resources for iRule development
- Exploring iRule elements, including events, functions, commands, variables, and operators
- Using control structures for conditional branching and looping
- Mastering whitespace, grouping, and special symbols
- Measuring iRule efficiency using timing statistics
- Logging from an iRule using syslog-ng and high-speed logging (HSL)
- Optimizing iRules execution, including implementing efficiency best practices
- Modularizing iRules for administrative efficiency, including using procedures
- Securing web applications with iRules, including preventing common HTTP attacks, securing HTTP headers and cookies, and implementing HTTP strict transport security (HSTS)
- Working with strings, including using Tcl parsing commands and iRules parsing functions
- Accessing and manipulating HTTP traffic, including applying selective HTTP compression
- Working with iFiles and data groups
- Using iRules with universal persistence and stream profiles
- Gathering statistics using STATS and ISTATS
- Incorporating advanced variables, including arrays, static variables, and the session table
