iRules Challenge #4 Results: Contemplating Context

In a shocking turn of events, the gracious sales readiness team invited me back to yet again present an iRules Challenge to the inbound FSEs during their multi-week grooming process here at F5 Seattle, lovingly known as "boot camp". It's a joy for me to be a part of these boot camps not only because I get to geek out about iRules and dream up challenges to get people more involved with DevCentral and iRules, two of my main squeezes in the tech world. But also because it's killer to see the talent rolling through, chat with some of them about how and why they ended up here at F5, and get a constant stream of reassurance about just how wicked powerful our engineers out in the world are, not that I had any doubts.

Why so fired up about the worldwide crew of Engineers? What's an FSE? To uphold tradition (and because I don't think I could write it better if I tried) I'll borrow from my first introduction of the iRules Challenge to depict what FSEs are, and why I'm such a fan of getting to work with them:

FSEs are the engineering lifeblood of the sales force here at F5.  They’re the ones out in the trenches dealing with customer requirements and issues, building real world solutions, and generally doing all the cool sh stuff that I get to talk about theoretically, but in the real world.  I’ve got mad respect for those FSEs that take their jobs seriously and learn how to build full fledged F5 solutions that leverage our crazy broad product set and, you guessed it, our out of the box tools like iControl and iRules.  Those that choose to flex those muscles garner a special place in my encrypted little heart.  Lucky for me (and F5) this is an increasingly large number, but that’s a different conversation.

As you can see, I'm a fan, and it's fun to get to help get them indoctrinated into the DevCentral and iRules cultures. Apparently I make some tasty Kool-Aid, and I'm more than happy to share. Speaking of which, on to the challenge!

Desired Solution:

If a user is making a request to one of a list of URIs (50+), and that request is bound for one of the 4 “secure servers” (4 servers, non-sequential IPs, in one pool) in the DMZ, the Client must originate from a particular subnet (, or from an IP resolving to one of the partners in a given list of hosts (20+).


     a) Identify the URI being requested

     b) Identify the IP address of the server the request is being sent to

     c) Identify the network and/or the PTR host the client is initiating the request from

     d) Drop any errant requests

     e) Log any “bad” requests, including: IP Address of Client, IP Address of Server, requested URI

Each individual part of this isn't necessarily difficult, but the combination presents some unique challenges. First and foremost, intentionally, is the concept of context. Being a full proxy system is a wonderful, powerful thing, but it means that any engineers working in-depth with F5 devices need to keep the different proxy states in mind, and understand what information is available on each side of the connection. Combine that with the need to access information that might not be immediately available in your current state, lists of info to manage, multiple tiers of conditionals and one of my favorites: Session vs. Request based conditionals, and there are plenty of traps to fall into for an unsuspecting iRuler. That's was kind of the point, after all. As it turns out, however, this new batch of FSEs was largely up to the task right out of the gates, which was plenty impressive.

3.) First up is the second runner up, coming in at third place, David Parez Aznarez.

David's iRule was well thought out and showed solid potential. It had a great logical flow and showed that he was adept at not only thinking through the problem, but also researching possible solutions on DevCentral, which I appropriate. In the end it was a bit more complex than necessary, but efficiency and coding elegance come with experience, so I have no doubts that David will be writing even more powerful iRules code in no time.

2.)  Next in second place, the first runner up Anurak Chuetanapinyo!

Anurak did a truly admirable job of keeping his code simple and efficient. He was at the opposite end of the spectrum from David, also with very solid logical flow and some good concepts such as RESOLV::lookup mixed in. In the end his simplification went slightly too far and earned him a respectable second place finish, due to a couple pieces of the challenge not being 100% in place, though he was close enough that a short chat later and he knew where he had left bits out, and I could see he was picking the concepts up mighty quick. He'll soon be an old hand at simple iRules like this, and be on to bigger, better coding tasks I'm sure.

1.)  Last, but certainly not least, is our Winner, Vince Tognaci!

Vince displayed a very solid understanding of not only contextual awareness and information availability, but also of connection vs. request based processing, two of the big "gotcha" concepts I was hoping to impart on these engineers with this challenge. That combined with his use of DevCentral scouring, solid coding concepts and practices and even some nice commenting earned him a well deserved first place finish. With a few minor tweaks this rule could solve all of the problems laid out and that, for someone with mere weeks as an F5 employee, is impressive indeed.

Overall another outstanding showing from all of the engineers that were in the training course and had to endure the challenge. Thank you all very much for your hard work and the code submissions. It was a blast, as always, to participate and get to share a little of my passion for this technology with all of you, and I look forward to doing so more in the future.

For those new hires out there that might be reading this, knowing you'll be in boot camp soon...get to reading, researching and learning the ins and outs of DevCentral & iRules. There's a Challenge heading your way, I'd bet on it.


Published Jun 20, 2011
Version 1.0

Was this article helpful?

No CommentsBe the first to comment