iRules Data Group Formatting Rules

BIG-IP LTM supports internal and external classes (called Data Groups in the GUI) of address, string, and integer types. An internal class is stored in the bigip.conf file, whereas external classes are split between the bigip.conf and the file system (the class itself is defined in the bigip.conf file, but the values of the class are stored in the file system in a location of your choice, though /var/class is the location defined for synchronization in the cs.dat file) Which flavor? Depends on the requirements. External classes are generally best suited for very large datasets or for datasets that require frequent updates like blacklists. Formatting is slightly different depending on whether the class is internal or external, and is also different based on the class type: address, integer, or string. Below I’ll show the formatting requirements for each scenario. If you are using the GUI to create key/value pairs in a class (and therefore deciding on an internal class), the formatting is handled for you. Note that with internal classes, the dataset is defined with the class, but with external classes, the class is defined with type, separator, and the filename where the dataset is stored. If there is no value for the type (internal or external) it is omitted with no separator.

Update: The following information is for v10 only. For v11+, please reference the v11 Data Group Formatting Rules.

Address Classes

internal class

class addr_testclass {
   {
      host 192.168.1.1
      host 192.168.1.2 { "host 2" }
      network 192.168.2.0/24
      network 192.168.3.0/24 { "network 2" }
   }
}

external class

class addr_testclass_ext {
   type ip
   filename "/var/class/addr_testclass.class"
   separator ":="
   }

/var/class/addr_testclass.class

host 192.168.1.1,
host 192.168.1.2 := "host 2",
network 192.168.2.0/24,
network 192.168.3.0/24 := "network 2",

Note: You can also add network entries in the address type external file like shown immediately below, but when the class is updated, it will be converted to the CIDR format.

network 192.168.4.0 mask 255.255.255.0 := “network 3”,
network 192.168.5.0 prefixlen 24 := "network 4",

Integer Classes

internal class

class int_testclass {
   {
      1 { "test 1" }
      2 { "test 2" }
   }
}

external class

class int_testclass_ext {
   type value
   filename "/var/class/int_testclass.class"
   separator ":="
   }

/var/class/int_testclass.class

1 := "test 1",
2 := "test 2",

String Classes

With string classes, quotes are necessary on the types and values:

internal class

class str_testclass {
   {
      "str1" { "value 1" }
      "str2" { "value 2" }
   }
}

external class

class str_testclass_ext {
   type string
   filename "/var/class/str_testclass.class"
   separator ":="
   }

/var/class/str_class.class

"str1" := "value 1",
"str2" := "value 2",

Working With External Files Now that the formatting of the classes themselves are complete, I’d like to point out one more issue, and that’s file formatting. If you’re editing all the external classes by hand on the BIG-IP, you have nothing to worry about. However, if you edit them on an external system and copy them over, be careful on which editor you choose. The Unix/Linux line terminator is a line feed (0x0A) whereas Windows default is a carriage return/line feed (0x0D0A) and Mac typically employs just a carriage return (0x0D). The file needs to be formatted in unix-style. I use gVim on my windows laptop. By default, it uses the dos-style, as evidenced in my hex readout in gVim below:

0000000: 6865 6c6c 6f2c 2077 6f72 6c64 0d0a 7468  hello, world..th
0000010: 6973 2069 7320 6120 6c69 6e65 2074 6572  is is a line ter
0000020: 6d69 6e61 746f 7220 7465 7374 0d0a 0d0a  minator test....
0000030: 0d0a

.. Now, this is easily changed in gVim: “set fileformat=unix”. After this setting, now my linefeeds are correct:

0000000: 6865 6c6c 6f2c 2077 6f72 6c64 0a74 6869  hello, world.thi
0000010: 7320 6973 2061 206c 696e 6520 7465 726d  s is a line term
0000020: 696e 6174 6f72 2074 6573 740a 0a0a       inator test...

The guidance here is…use a good editor (hint..Notepad and Word are not on that list!)

Updated Oct 02, 2023
Version 2.0
application delivery
BIG-IP
dev
devops
iRules
news
tech tip
tutorial

Was this article helpful?

6 Comments

Sort By
  • Carl_Brothers's avatar
    Carl_Brothers
    Icon for Employee rankEmployee
    Mar 30, 2011
    This very topic should be covered in the LTM advanced class at least as an appendix if not directly in the training. I used an external class that was not stored in the proper directory and support gave me instructions on how to include the dir that I dropped it in, rather than just saying move it to the var/class dir. Is this new in V10+? I hit the wall with 9.4.3 and the external class not being replicated and causing config sync to fail.
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Mar 30, 2011
    this formatting is specific to v10+. Prior to v10, there was no type/value pair support, it only supported type.

     

     

    The cs.dat file is not new to v10, but what's turned on/off by default in the file might be. Support would be the best source for that information.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 12, 2011
    It would be great to update this for v11 as the datagroup format has changed (yet again...).

     

     

    Aaron
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Nov 15, 2011
    added a link near the top of this article to the updated formatting for v11. Also, you can go here: https://devcentral.f5.com/s/articles/v11-irules-data-group-updates
  • Ziaur_180015's avatar
    Ziaur_180015
    Icon for Nimbostratus rankNimbostratus
    Oct 30, 2015
    when we add 192.168.5.0/24 , is it going allow 256 Ip address or 254 Ip address? i mean is it allow network address and broadcast address?