iRule editor transactions not atomic with Data Classes

Question

I was snooping on the iRules editor using Wireshark and I noticed something when I changed an address class. Rather than doing an add_address_class, the iRules editor deletes the class then does a create on a new class. There are several issues with this from a transactional integrity issue. If the editor faults before the list is added again, we just lost the class, but what about the time between the delete and create.  
&nbsp;  
&nbsp; If an iRule accesses a class that is not there, it faults and stops processing unless a catch is used. Should we be careful and not use the iRule editor to modify classes on a production box to avoid this? Granted the transactions are processed rapidly, but with 1000s of requests per second, I could see an issue in the time between the delete and the add. 
&nbsp;  
&nbsp; I hope I am wrong here, but I would be interested in knowing the reasoning for handling the classes this way. 
&nbsp;  
&nbsp; Thanks, 
&nbsp;  
&nbsp; Tom Schaefer 
&nbsp; Better Software Solutions, Inc.

joe_pruitt · Answer

The reason for this is that the time of writing the Editor there was a bug in the modify_address_class method and it was just easier to delete/add in much the same way the management GUI does (I could be wrong on that though).  I'm currently investigating the under-the-cover happenings when classes are modified while iRules are processed that access those classes.   
&nbsp;  
&nbsp; My thought is that the 1000's of folks who are using the iRule Editor with production environments would have reported this if it were an issue - but I could be wrong on that one as well. 
&nbsp;  
&nbsp; One could change the logic to remove the old entries and add new ones with the remove_*_class_member and add_*_class_member functions but that could cause you issues as well as you may find yourself in a state when you've added member 1 and then a request comes in an you haven't added member 2-n yet that you are expecting in the iRule.   
&nbsp;  
&nbsp; As I said, I'm exploring the possible side-effects right now and I'll post them when I do. 
&nbsp;  
&nbsp; -Joe

thomas_schaefer · Answer

I agree. Maybe a handy function would be for change_class_name so you could enter the new data, then change the name to an active one. 
&nbsp;  
&nbsp; You could also have the idea of change the data and then publish similar to the way the Web Accelerator works. Just a few ideas. 
&nbsp;  
&nbsp; Thanks for your efforts. 
&nbsp;  
&nbsp; Tom Schaefer

Forum Discussion

iRule editor transactions not atomic with Data Classes

Recent Discussions

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Big IP DNS Failover

Related Content

Re: iRules Editor with Visual Studio Code

Irules Editor

F5 Editor Eclipse Plugin v2

iRule Editor Features

Demystifying iControl REST Part 7 - Understanding Transactions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS