v11: iRules Data Group Updates

Several months ago I wrote up the v10 formatting for internal and external datagroups: iRules Data Group Formatting Rules. In v11, however, there is a change to the format of the internal data group and the data group reference to external class files (the formatting in the external class file itself is unchanged). The formatting rules in v11 for data groups more closely resembles the tmsh commands necessary to build the class at the CLI (these command attributes are masked if you are using the GUI). I’ll follow the same format as the original write-up in showing the various data group types. The format is the same among internal data group types. If there is no value associated with the key, there is a curly bracket pair trailing the key on the same line. If there is an associated value with a key, the curly bracket opens the value, followed by a newline with the keyword data and the value, then another newline with the closing curly bracket. After the records are listed, the type is specified. For external data groups, the file name and the type are specified. If the filename is in /var/class, the path is omitted from the filename reference.

Address Data Groups

Internal Data Group

ltm data-group internal addr_testclass {
    records {
        192.168.1.1/32 { }
        192.168.1.2/32 {
            data "host 2"
        }
        192.168.2.0/24 { }
        192.168.3.0/24 {
            data "network 2"
        }
    }
    type ip
}

External Data Group

ltm data-group external addr_testclass_ext { external-file-name addr_testclass.class type ip }

Integer Data Groups

Internal Data Group

ltm data-group internal int_testclass {
    records {
        1 {
            data "test 1"
        }
        2 {
            data "test 2"
        }
    }
    type integer
}

External Data Group

ltm data-group external int_testclass_ext {
    external-file-name int_testclass
    type integer
}

String Data Groups

Internal Data Group

ltm data-group internal str_testclass {
    records {
        str1 {
            data "value 1"
        }
        str2 {
            data "value 2"
        }
    }
    type string
}

External Data Group

ltm data-group external str_testclass_ext {
    external-file-name str_testclass.class
    type string
}

External Datagroup File Management

Beginning in v11, external datagroups are imported into a local filestore rather than simply existing someplace on the file system (/config/filestore). However, this filestore is not meant to edited manually. Please follow the steps below for creating or modifying external datagroups. Thanks to hoolio for the steps in this external datagroup section.

Create a New External Datagroup from the CLI Non-Interactively

1. Create or copy over to LTM a temporary file containing the external data group contents. If copying, make sure the line terminators are \n only not \r\n.

# cat /var/tmp/string_name_value_external_dg.txt
"name1" := "value1",
"name2" := "value2",
"name3" := "value3",

2. Create the new external data group file

 

tmsh create /sys file data-group string_name_value_external_dg_file separator ":=" source-path file:/var/tmp/string_name_value_external_dg.txt type string

 

3. Create the external data group referencing the file

 

tmsh create /ltm data-group external string_name_value_external_dg external-file-name string_name_value_external_dg_file

 

Modify the External Datagroup File for Existing Datagroup

1. Create a new temporary file containing the updated external data group contents

# cat /var/tmp/string_name_value_external_v2_dg.txt
"name1" := "valueA",
"name2" := "valueB",
"name3" := "valueC",

2. Import the new data group file

 

tmsh create /sys file data-group string_name_value_external_v2_dg_file separator ":=" source-path file:/var/tmp/string_name_value_external_v2_dg.txt type string

 

3. Modify the data group definition to reference the new external data group file

 

tmsh modify /ltm data-group external string_name_value_external_dg external-file-name string_name_value_external_v2_dg_file

 

4. Delete the old data group file if it’s unneeded

 

tmsh delete sys file data-group string_name_value_external_dg_file

 

Handling Line Terminator Discrepencies

Whether imporing external datagroups in the GUI or from the CLI, the system does not accept files with \r\n line terminators, it only accepts \n. If you copy files over from windows, most likely you have the wrong terminator in your file format. To check, you can use the od command.

Datagroup Contents created in vi on LTM
[root@golgotha:Active] data_group_d # od -c /var/tmp/string_name_value_external_dg.txt
0000000   "   n   a   m   e   1   "       :   =       "   v   a   l   u
0000020   e   1   "   ,  \n   "   n   a   m   e   2   "       :   =
0000040   "   v   a   l   u   e   2   "   ,  \n   "   n   a   m   e   3
0000060   "       :   =       "   v   a   l   u   e   3   "   ,  \n
0000077
Datagroup Contents created in Notepad on Windows
[root@golgotha:Active] data_group_d # od -c /var/tmp/notepad_dg.txt
0000000   "   n   a   m   e   1   "       :   =       "   v   a   l   u
0000020   e   1   "   ,  \r  \n   "   n   a   m   e   2   "       :   =
0000040       "   v   a   l   u   e   2   "   ,  \r  \n   "   n   a   m
0000060   e   3   "       :   =       "   v   a   l   u   e   3   "   ,
0000100

If your line terminators are incorrect, you can use the tr command to remove the \r's.

[root@golgotha:Active] tmp # cat /var/tmp/notepad_dg.txt | tr -d '\r' > /var/tmp/notepad_dg_update.txt
[root@golgotha:Active] tmp # od -c /var/tmp/notepad_dg_update.txt
0000000   "   n   a   m   e   1   "       :   =       "   v   a   l   u
0000020   e   1   "   ,  \n   "   n   a   m   e   2   "       :   =
0000040   "   v   a   l   u   e   2   "   ,  \n   "   n   a   m   e   3
0000060   "       :   =       "   v   a   l   u   e   3   "   ,
0000076

 

Updated Oct 02, 2023
Version 3.0
application delivery
BIG-IP
dev
devops
iRules
news
tech tip

Was this article helpful?

18 Comments

Sort By
Show More
  • Joe_H's avatar
    Joe_H
    Icon for Nimbostratus rankNimbostratus
    Nov 13, 2013
    Just answering my own question. :-)

     

     

    In external file, I need to add keyword like network host in front of IP/netmask. i.e

     

     

    network 10.0.0.0/8,

     

    network 172.16.0.0/16,

     

     

    Hope that will help other people.
  • Hem_66900's avatar
    Hem_66900
    Icon for Cirrus rankCirrus
    Sep 03, 2014
    Please advise how to cover * wild cards entries using data group. /abc/12*/xyz -> https://coke.com/mno
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Mar 16, 2016
    In case you want to work with network address type external datagroups you may want to use the following structures: Key definition options for host addresses (no quotes used in key definition): host 10.21.21.21 network 10.22.22.22 prefixlen 32 network 10.23.23.23 mask 255.255.255.255 Key definition options for network addresses (no quotes used in key definition): network 10.24.24.0 prefixlen 24 network 10.25.25.0 mask 255.255.255.0 To add a value to a key the following syntax applies (double quotes used for argument definition): host 10.21.21.21 := "host 21", network 10.22.22.22 prefixlen 32 := "network 22", Further notes: - trailing comma in last line is optional - line feed between records is optional (all records can be put in a single line as the comma is used as record separator)
  • StephanManthey's avatar
    StephanManthey
    Icon for MVP rankMVP
    Mar 16, 2016
    Sorry for missing formatting in my comment. Unfortunately the frontend does not let me change it.
  • Gullapudi_Venka's avatar
    Gullapudi_Venka
    Icon for Nimbostratus rankNimbostratus
    Jul 01, 2016
    Thank you so much for the detailed explanation of the data group updates. I have a question. I am trying to save a data group file with some similar cookie elements. Using this data group i would like to reject the HTTP REQUEST. I mean if the HTTP::cookie has any one of the cookies in the data group i created. The HTTP request should be rejected. I will be adding new cookies to the data group on regular basis. So, Can you please giving me an idea of , how to approach or what might be the best way to put an iRule satisfying this situation. Here is my iRule when HTTP_REQUEST { if { class match -value [HTTP::cookie $aam_uuid] contains Cookie_Rejects } {reject} } Data group name is Cookie_Rejects and its internal with one string value. Consider i updated the data group with one more cookie value today, if a http request come with the updated cookie value it must be rejected with out changing any iRule. Thanks in advance
  • The-messenger's avatar
    The-messenger
    Icon for Cirrostratus rankCirrostratus
    Nov 29, 2016

    I've read through this thread, get to thinking I understand it but still no success. I've read older threads with script suggestions - I figured this would be a pretty simple process. I'm running 12.1.1. I have an existing Address type data group, I need to add about 250 IP addresses to the group.

     

    Can I add/import into my existing Address type data group? Can I use the File Management function to do so?

     

  • JeffG's avatar
    JeffG
    Icon for Nimbostratus rankNimbostratus
    Jun 10, 2019

    Can you give an example of loading an external datagroup file non-interactively with the type "ip" please? All of the combinations I've tried thus far give me the error, "0107169a:3: The data group external file (/config/filestore/.stage_d/...) has an invalid format, line: 1.". Thank you.

  • JeffG's avatar
    JeffG
    Icon for Nimbostratus rankNimbostratus
    Jun 10, 2019

    Ok - turns out the format is similar to the V10 rules. The following worked - note that if you give the CIDR you have to use "network" and not "host" even if it's a 32-bit netmask.

    network 192.168.1.1/32,
network 192.168.1.2/32,