Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

David_Murphy_22's avatar
David_Murphy_22
Icon for Nimbostratus rankNimbostratus
Jul 30, 2007

UIE, Event processing, request vs. response

Q1: Is this a correct statement - When one applies an iRule to a Virtual Server then all of the packets for those connections are processed by the Universal Inspection Engine?     Q2: I have not...
application delivery
dev
devops
irules
Joe_Pruitt's avatar
Joe_Pruitt
Jul 30, 2007

Q1: Is this a correct statement - When one applies an iRule to a Virtual Server then all of the packets for those connections are processed by the Universal Inspection Engine?

 

 

It is true that all packets will be processed by at least "part" of the UIE. Depending on which profiles are applied, different components are added to the processing chain. The addition of iRules to a Virtual Server, doesn't alter the way the packets flow though the engine, it's really depends on which profiles are applied. For the events that are within the given profiles support area, execution of the iRule will occur. Maybe if you could be a bit more specific on why you ask this question or what you are getting at, I can give you a more detailed answer.

 

 

Q2: I have noticed the term Layer-7 inspection; does this imply there are different levels of packet inspection (i.e. different levels of inspection that are associated with the different OSI layers)?

 

 

There are definitely different layers of inspection. A Virtual Server has several types for L2, L4, and L7 each disallowing features in the types higher in the stack to allow for higher performance.

 

 

Q3: If a given Virtual Server was configured for a HTTP application and there were HTTP_Request and HTTP_Response events that were logically unrelated; would it be more LTM-process efficient to use two separate iRules, one for request and one for response (i.e. my assumption here is that browser-initiated packets would execute only the "request" iRule and server-initiated packets would execute only the "response" iRule)?

 

 

 

It is totally irrelveant whether you have your events defined in one or multiple iRules. Well, it's not "totally" irrelevant as sometimes multiple iRules make sharing features across Virtuals much easier.

 

 

At initialization all events across all iRules are loaded into a resource bucket attached to the Virtual Server and processed accordingly by event and then by priority (for multiple of the same events). So, in other words, iRules are not processed serially. Think of the different event blocks as functions that are called when needed.

 

 

-Joe