iRules 101 - #8 - Classes

When dealing with iRules there is sometimes a need to store static information in lists that you can search when your iRule is executed. Are you looking to check every incoming connection for a certain list of Client IPs? Perhaps you want to parse the incoming URI and direct to different pools based on what URI parts are found. To perform inspections/actions like this you need to have a defined list of data to search for, and that list needs to remain constant across multiple connections. This is exactly what classes are designed for.
 
 
在处理iRules的时候,有时候我们需要在iRules执行时查询一个静态数据的列表。您是否需要一些特定的客户端IP列表检查所有的传入连接请求?或许您想基于对请求的URI的不同部分的内容分配到不同的Pool中去?为了执行诸如此类的检查/动作,你就需要定义一个用来进行搜索的数据列表,而这个列表需要在不同的连接之间都可以持续存在,这就是设计Class的真正意义所在了。
 
We'll be going over some of the common questions that seem to crop up when talking to/with people about classes in iRules. Hopefully by the time we're through here you'll have a clear understanding of what classes are, how you can use them, and perhaps even when/why you would. ;)
 
我们将在这里覆盖一些看上去是突出的但实际上是很普遍的关于Class的常见问题。希望在阅读本文后,您可以清楚地明白什么是Class,怎样使用他们,甚至什么时候/为什么要使用class。
 
 
What is the difference between a "class" and a "Data Group" when dealing with F5 systems?
 
在F5系统中涉及到的“class”和“Data Group”有什么不同?
 
Nothing! These terms are interchangeable, which can sometimes throw people off. They are referred as "Data Groups" via the GUI, and "class"(es) via the configuration file. This can be a bit confusing, but I assure you they really mean the same thing. For the rest of this document, however, I will refer to them as classes.
 
其实没什么不同,这些概念是可相互替换的,甚至有时可以根据习惯混用 。具体说“Data Groups”是通过图形用户界面来标识,“class(es)”则是通过配置文件来标识。可能您现在有点混乱,但我向你保证,他们真的是相同的意思。在下面的文章里,我将会以classes作为他们的统称。。
 
Are there different types of classes?
 
classes是否有不同类型?
 
Yes. There are four kinds of classes that you can choose to make use of via iRules. Each of these, as you might imagine, can serve different purposes:
 
是的,在使用iRules的时候,你可以选择四种不同的Class类型,每一种类型,正如您想像的,可以服务于不同的目地:
 
String - The "string" type class is the most basic and general type of class provided for your use. This is the type of class that will likely be used most often as it allows you to store any type of data in string format to be used later by your iRules to perform tasks like the URI substitution we spoke about above.
 
string - class里最基本也是最普遍的类型就是“string”。这一类型这可能是最常用的,因为他们通常可以允许您存放任何类型的字符串数据,这些数据可以用于iRules执行一些诸如前面提到过的URI替换的工作。
 
Address - Address Classes allow you to store IP addresses and/or address ranges to be searched via matchclass or findclass which we'll talk about more later. This can be very useful when trying to search for multiple IP addresses that happen to be within a network range and can save a fair amount of hassle over adding each IP individually to, say, a string class.
 
Address - Address Class允许存放IP地址或者IP地址范围,并可以通过matchclass或findclass来进行查找,我们将在后面谈到这个部分。当您需要在一个网段范围内查询多个IP地址的时候Address Class将非常有用,它可以避免像字符串一样去配置大量的独立IP地址所带来的巨大的工作量。
 
Integer - Allowing you to store integer values for quick referencing and comparison, the integer class type can be useful and efficient when dealing with this specific type of data.
 
Integer – 允许您用来存放整型值,通常用于快速的应用和比较,整型值的Class是用来处理这中特殊数据类型最有用并且最有效的方式。
 
External File - This unique class type actually allows you to store your class information in an external file, as opposed to the bigip.conf with the rest of your iRules config data. This can be beneficial for administration clarity and automation.
 
External File - 这个独特的类型实际上是可以让您将您的class的内容存储在在一个外部文件,而不是在bigip.conf与其他的iRules配置文件中。这可以有利于明确和自动化管理。
 
How do I create a class?
 
怎样创建一个class?
 
Like most things you create in your F5 device configurations, there are a few main ways you can create classes for your iRule. You can create them via the GUI, CLI, or in this case, via the iRule Editor as well.
 
和大部分创建的F5设备配置一样,iRule有几个主要的方式去创建classes 。您可以通过图形用户界面,命令行创建,或通过iRule Editor创建。
 
GUI - To see/create a class via the GUI, navigate to Local Traffic -> iRules -> Data Group List. Here you can see your current classes to edit them, or create a new one to use.
GUI - 通过图形用户界面去看或者创建一个class,在配置导航local Traffic -> iRules -> Data Group List。在这里可以看到您当前的classes进行,并且可以进行编辑,或创建一个新的Class。
 
CLI - Via the bigpipe class command and the permutations therin, you can add, modify and delete the classes on your BIG-IP as desired. To learn more about this type bigpipe class help from the command line of your system.
 
通过bigpipe class命令,您可以根据您的需求在BIG-IP进行添加,修改和删除Class。若要了解更多关于bigpipe class,您可以在系统的命令行下输入bigpipe class help。
 
iRule Editor - If you happen to have the handy iRule editor installed (available on DevCentral - Here) you can create and manage your classes directly from the editor while writing/modifying your iRules. Just go to the "Tools" menu, and select "Data Group Editor". Here you'll be able to add, remove or modify classes as needed.
 
iRule Editor - 如果您的手边正好安装了iRule Editor(可以在DevCentral -这里下载),您可以在iRules Editor里编写或修改iRules的时候直接管理Class。只需进入“tools”菜单,并选择“Data Group Editor”, 您就可以在这里根据您的需要去添加,删除或修改classes了。
 
How can I search through classes?
 
如何搜索classes?
 
The two main ways to search through a class are with the matchclass and findclass commands. These commands have similar syntax and functionality, but accomplish different tasks.
 
搜索class有两个主要的方式,matchclass和findclass命令。这两个命令有类似的语法和功能,但它们完成不同的任务。
 
matchclass - The matchclass command searches a data group list for a member that matches exactly a specified search parameter and returns a true/false value (0/1) indicating the success of the match. This can be very useful when building logic checks, such as:
 

matchclass - matchclass命令是搜索数据表里的一个member与否指定搜索的参数完全匹配幷返回一个真/假值( 0 / 1 ) ,来表明是否是一个成功的匹配。这在当需要构建一个逻辑检查的时候非常有用, 如: 

when HTTP_REQUEST {
  if { matchclass [HTTP::uri] equals $::uri_list } {
    ...
  }
}
findclass - The findclass command searches a data group list for a member that starts with a specified search parameter and returns the matching class member. This is similar to the matchclass command, except that the member is not required to be equal; instead, the member is only required to start with the string and the command returns the entire member value. Also, this command can be used to return a matching portion of a class member. For instance, if your class member looks like "192.168.5.42 pool1", you can use the findclass command to return the second portion of the class member, after the space separator, thereby making findclass very useful for matching key/value pairs in your iRule class. It would look something like:
 

findclass - findclass命令是搜索数据组的一个某一个以指定参数开始的成员,并且返回这个匹配的Class成员。类似于matchclass命令,除了member不必须与查询参数完全相等外;相反,Class成员只需要以查询参数作为起始,并且命令返回的是整个成员的值。此外,这个命令可以用来返回一个Class成员匹配的部分。 例如,如果您的class成员是“ 192.168.5.42 pool1 ,您可以使用findclass命令返回这个成员在空格分隔符后的第二部分,这样,Findclass在iRules Class中一个非常有用的用来比较Key/值组合的一个工具。它看上去像是这样的: 

when HTTP_REQUEST {
  if { matchclass [HTTP::uri] starts_with $::uri_list } {
    set myPool [findclass [HTTP::uri] starts_with $::uri_list " "]
    pool $myPool
    ...
  }
}
Can I modify a class real-time with my iRule?
 
我可以在iRules中对class做实时的修改吗?
 
Technically, yes. Once the configuration is loaded into memory, you can technically modify a class with TCL's list commands. Doing so, however, not only converts the data in the class from an efficient, hashed format into a simple list format, thereby slowing down queries; but the changes made are also not permanent, as they cannot be written back to the file that stores the class data. This makes the changes effective only until TMM is restarted. In general, there is usually another way of structuring your code to avoid this that would be preferred.
 
技术上的回答是,是的。 一旦配置加载到内存中,从技术上,您可以用TCL的list命令对class进行修改该。但是,这样做,不仅是将数据从一个高效的,哈希格式的列表转换成一个简单的列表格式,并且极大的降低了查询的速度;但是,这些改动也不是永久性的,因为他们不能被重新写回到存放Class数据的文件中区。这样,改动将会一直有效直到TMM重启。在通常情况下,需要有一些其他的手段去构建您的代码来避免这种情况的发生。
Published Feb 02, 2009
Version 1.0
No CommentsBe the first to comment