sample irule for redirect / rewrite

I'll assume that this is for incoming HTTP requests and that you're running at least BIG-IP version 10 or higher. The old find/matchclass commands have been deprecated. Also, for simplicity sake I'll assume you want an "internal" data group.

1. Create a data group. In the management GUI, go to iRules and then the Data Group tab. Create a data group of type String and start entering values. The first block is the "key" and the second block is the corresponding "value". So for example, let's say you want to do a simple redirect based on the incoming URI. Here's what the data group might look like:

A sample data group called "my_test_datagroup":

"/foo" := "foo.example.com"

"/bar" := "bar.example.com"

"/test" := "blah.example.com"

2. With the data group built, you're iRule might look something like this:

when HTTP_REQUEST {
    if { [class match [string tolower [HTTP::uri]] starts_with my_test_datagroup] } {
        HTTP::redirect "http://[class match -value [string tolower [HTTP::uri]] starts_with my_test_datagroup]"
    }
}

Using the above iRule, if a user makes an initial request to, for example, "http://www.example.com/foo", he'll get an immediate redirect to "http://foo.example.com". The first class match command checks to see if the key (in this case the requested URI) is in the data group (URI starts_with "/foo"). The operator could be anything from "starts_with", "ends_with", "contains", "equals", and others encompassing any number of conditions. Also notice that the data group does not have to be in quotes. The second class match command then takes the value from the record that contains the matching key and inserts that into the redirect string ("foo.example.com").

This is obviously an over simplistic example because I don't know your exact requirements. Take a look at the class command wiki page for more detailed information on what's possible.

Thanks for the response Kevin.

 

 

What are my options if my data-group has a very large number of key-value pairs ( thousands ) ?

 

 

I understand that I can create a class/data-group that points to an external file which just lists the key-value pairs in the format you've indicated ( key := value ).

 

 

But how will this impact performance ? I assume f5 loads the data-file into memory ? But when does this happen ? On f5 startup ? Or the first time an iRule references the class/data-group ?

 

 

Thanks again.

 

 

Thanks for the response Kevin.

 

 

What are my options if my data-group has a very large number of key-value pairs ( thousands ) ? This amount of data would seem to be unwieldy to manage via the web-admin interface or the CLI.

 

 

I can point my class/data-group to an external-data-file which contains the key-value pairs.

 

But what is the performance impact of storing data in a file ? I assume f5 must load the data into memory and store it as a hash ( or performance would be hopeless ) but when does this happen ? On f5 startup ( at the time bigip.conf is loaded ) ? Or does the load occur the first time an iRule needs to match against the associated class/data-group ?

 

 

Thanks again.

 

 

What are my options if my data-group has a very large number of key-value pairs ( thousands ) ?i understand thousands is fine.

 

 

I assume f5 loads the data-file into memory , but when does this happen ? On f5 startup ? Or the first time an iRule references the class/data-group ?if i am not wrong, in 10.x it is when irule is changed. in 11.x, it happens when external file is updated (through gui or tmsh).

 

 

Forcing a reload of External Data Groups within an iRule by Joe Pruitt

 

https://devcentral.f5.com/tech-tips/articles/forcing-a-reload-of-external-data-groups-within-an-irule.UfyiMm0-YdU

 

 

just my 2 cents.

In the comments to this article :

 

 

https://devcentral.f5.com/tech-tips/articles/irules-101-08-classes

 

 

one poster says they encountered a 100k limit for an external-data-file.

 

 

Does anyone know if such a limit exists in v10.2.4 ?

Does anyone know if such a limit exists in v10.2.4 ?i understand it is limited by system resource (i.e. it is not hard limited).

 

 

anyway, there is bug which is fixed in 11.4.0.

 

 

ID284893 - large external class causes a hang and reboot

The limitation is in fact resource-based, and up to v11.4 (v10 - v11.3) the practical limit is about 100k records in an external data group. I'd need to check, but I believe 11.4 introduces support for millions of records in a data group. If you need to support more than 100k records now, you could conceivably load all of the data into the session table using a "services VIP".

 

 

 

But what is the performance impact of storing data in a file ? I assume f5 must load the data into memory and store it as a hash ( or performance would be hopeless ) but when does this happen ? On f5 startup ( at the time bigip.conf is loaded ) ? Or does the load occur the first time an iRule needs to match against the associated class/data-group ?

 

 

 

The answer to this is "on update", and that there is no appreciable difference in performance between an internal and external data group, both hashed and consumed into memory when loaded.

Interesting stuff.

 

 

In the redirect iRule , is it necessary to change the host headers ?

 

 

Also, what would an sample iRule for a rewrite look like ? Again, need to change the host headers ?

Well, in a redirect iRule, and especially the one above, the client (browser) would change the host header for you. In fact the host header might only ever need to be changed en route to the server if the server expects (and requires) a different host header than what the client is providing. It's a little difficult to give you any sort of solid example without knowing what you're trying to achieve. In any case, think of a data group as a set of key-value pairs, where the key is usually something the client is providing (host name, URI part, cookie, anything really), and the value is what you want to translate that to. The above example took the request URI and translated that into a host name for a physical (302) redirect. It could as easily have been a translation to a different URI, both explicitly through a redirect, or by simply changing the URI (or part of it) in line, without the user's knowledge.

What capabilities does f5 BIG-IP offer for performance testing of iRules ?

 

 

In my case, my iRule must ultimately handle thousands of redirects/rewrites, but that that server backend infrastructure is not yet present. So, I need more of a proof-of-concept that f5 BIG-IP can handle this level of traffic.

 

 

MODS: Please note that I attempted to post to the Design and Configuration > Performance Testing forum , but I can't even go to that forum -- I get an error infinite redirect loop ( so ironic that perf test forum has an infinite redirect loop error ! )