Documente Academic
Documente Profesional
Documente Cultură
Amit Waghmale
VIP, Node, Pools and Pool members
Node
A node is any destination IP to which you would like to direct traffic
Pool
A pool is a collection of one or more servers
Pool Members
A member is one of the servers associated with a given pool
VIP, Node, Pools and Pool members
What is iRule
iRules can route, re-route, redirect, inspect, modify, delay, discard or reject,
log or do just about anything else with network traffic passing through a
BIG-IP
The ideal time to use an iRule is when you’re looking to add some form of
functionality to your application or app deployment, at the network layer,
and that functionality is not already readily available via the built in
configuration options in your BIG-IP
Components of an iRule
when HTTP_REQUEST {
if { [string tolower [HTTP::path]] starts_with "/path/" } {
persist none
set pm [lsearch -inline [active_members -list <Google>] 172.16.20.2]
catch { pool <Google> member [lindex $pm 0] [lindex $pm 1] }
}
}
Layer 3 Use case
This example shows how to block connections that originate from a certain set of
countries (blacklist model)
when CLIENT_ACCEPTED {
set CC [whereis [IP::client_addr] country]
### Allow from the US, Spain, France)
if { !($CC equals "US" or $CC equals "ES" or $CC equals "FR") }
{ drop
### Disable or use High Speed Logging if actually under attack
log "Dropped connection from client: [IP::client_addr], country code: [whereis [IP::client_addr]
country]" }
}
Layer 7 Use case
when CLIENT_ACCEPTED {
### Set an initial false value for $rtimer
set rtimer 0
### Execute this block after 1 second after 1000
{
### If $rtimer hasn't been set to true then drop the connection
if {not $rtimer}
{
drop
} }}
when HTTP_REQUEST {
### Set $rtimer to true to indicate that
### we have received a HTTP complete request
set rtimer 1 }
Pros and cons