iRules Data Group Formatting Rules

BIG-IP LTM supports internal and external classes (called Data Groups in the GUI) of address, string, and integer types. An internal class is stored in the bigip.conf file, whereas external classes are split between the bigip.conf and the file system (the class itself is defined in the bigip.conf file, but the values of the class are stored in the file system in a location of your choice, though /var/class is the location defined for synchronization in the cs.dat file) Which flavor? Depends on the requirements. External classes are generally best suited for very large datasets or for datasets that require frequent updates like blacklists. Formatting is slightly different depending on whether the class is internal or external, and is also different based on the class type: address, integer, or string. Below I’ll show the formatting requirements for each scenario. If you are using the GUI to create key/value pairs in a class (and therefore deciding on an internal class), the formatting is handled for you. Note that with internal classes, the dataset is defined with the class, but with external classes, the class is defined with type, separator, and the filename where the dataset is stored. If there is no value for the type (internal or external) it is omitted with no separator.

Update: The following information is for v10 only. For v11+, please reference the v11 Data Group Formatting Rules.

Address Classes

internal class

class addr_testclass {
   {
      host 192.168.1.1
      host 192.168.1.2 { "host 2" }
      network 192.168.2.0/24
      network 192.168.3.0/24 { "network 2" }
   }
}

external class

class addr_testclass_ext {
   type ip
   filename "/var/class/addr_testclass.class"
   separator ":="
   }

/var/class/addr_testclass.class

host 192.168.1.1,
host 192.168.1.2 := "host 2",
network 192.168.2.0/24,
network 192.168.3.0/24 := "network 2",

Note: You can also add network entries in the address type external file like shown immediately below, but when the class is updated, it will be converted to the CIDR format.

network 192.168.4.0 mask 255.255.255.0 := “network 3”,
network 192.168.5.0 prefixlen 24 := "network 4",

Integer Classes

internal class

class int_testclass {
   {
      1 { "test 1" }
      2 { "test 2" }
   }
}

external class

class int_testclass_ext {
   type value
   filename "/var/class/int_testclass.class"
   separator ":="
   }

/var/class/int_testclass.class

1 := "test 1",
2 := "test 2",

String Classes

With string classes, quotes are necessary on the types and values:

internal class

class str_testclass {
   {
      "str1" { "value 1" }
      "str2" { "value 2" }
   }
}

external class

class str_testclass_ext {
   type string
   filename "/var/class/str_testclass.class"
   separator ":="
   }

/var/class/str_class.class

"str1" := "value 1",
"str2" := "value 2",

Working With External Files Now that the formatting of the classes themselves are complete, I’d like to point out one more issue, and that’s file formatting. If you’re editing all the external classes by hand on the BIG-IP, you have nothing to worry about. However, if you edit them on an external system and copy them over, be careful on which editor you choose. The Unix/Linux line terminator is a line feed (0x0A) whereas Windows default is a carriage return/line feed (0x0D0A) and Mac typically employs just a carriage return (0x0D). The file needs to be formatted in unix-style. I use gVim on my windows laptop. By default, it uses the dos-style, as evidenced in my hex readout in gVim below:

0000000: 6865 6c6c 6f2c 2077 6f72 6c64 0d0a 7468  hello, world..th
0000010: 6973 2069 7320 6120 6c69 6e65 2074 6572  is is a line ter
0000020: 6d69 6e61 746f 7220 7465 7374 0d0a 0d0a  minator test....
0000030: 0d0a

.. Now, this is easily changed in gVim: “set fileformat=unix”. After this setting, now my linefeeds are correct:

0000000: 6865 6c6c 6f2c 2077 6f72 6c64 0a74 6869  hello, world.thi
0000010: 7320 6973 2061 206c 696e 6520 7465 726d  s is a line term
0000020: 696e 6174 6f72 2074 6573 740a 0a0a       inator test...

The guidance here is…use a good editor (hint..Notepad and Word are not on that list!)