iRule Editor Updates
As you may have noticed today, when you fired up the iRule Editor, that a new version is available for download. I snuck in a couple of releases over the last couple of months and have been meaning on writing up some of the new features so looks like this is my chance. The version information, along with features/enhancements put into each release, is always available from within the F5 iRule Editor Help menu item from within the editor but for those of you to lazy to click the couple of links it takes to get to the "What's New" section of the help, I'll go over the major points here. Administrative Domains With BIG-IP v9.4, the concept of configuration "silos" was added to allow an administrator the ability to place sections of the configuration into "buckets" and assign control of those "buckets" to individual users. Basically allowing the admin to give each user control of only portions of the configuration. If you are running post v9.4, check out the new "Partition" file menu where you can view, and change if you are allowed, the current partition you are working in. Auto Indenting Thanks to one of our awesome DevCentral users for submitting the code changes to allow auto-indenting when the enter key is typed. This will save in a lot of wear-and-tear on your tab or space keys! Enhanced CPU Statistics Reporting This has been a long time coming. Way back, heck I can't even remember exactly how long, unRuleY posted a message to the forums indicating some calculations that can be done on the clock cycle statistics that are presented when the "timing" command is used within your iRule. Last week, Deb published a tech tip with an Excel spreadsheet that will do these calculations for you. I took this as the final kick-in-the-butt to get moving on Editor integration. Well, it's here. Right click on an iRule, select the "Statistics" tab, and you'll be presented with few new options. First, is the CPU Speed. Since this is not directly exposed via iControl, we had to make some assumptions based on the platform that iControl reports you are running on. Click on "Guess" for the Editor to get that info from the BIG-IP and present what the platform guides for your system states that the CPU is running at. For an exact value, you can run "cat /proc/cpuinfo" from the BIG-IP command prompt and search for the CPU speed in MHz. Once you get the clock speed correct, you can view the following metric types CPU Cycles/Request - This is the raw number of clock cycles that the LocalLB::Rule::get_statistics() method returns. So, you can see the smallest (Minimum), Average and Largest (Maximum) number of clock cycles each iRule Event takes to execute. Run Time (ms)/Request - This is the number of milliseconds (1/1000th of a second) that the events take to execute per request. Again, the smallest, average, and largest requests are displayed. Percent CPU Usage/Request - This is the percentage of the CPU that each request took up per request. Max Concurrent Requests - By taking the inverse of the Percent CPU Usage/Request we come up with the max number of requests until maxing out the CPU. Keep in mind that this value assumes that the CPU is 100% dedicated to iRule processing which isn't the case. You'll want to assume a number smaller that this. Enjoy these new features and make sure to let me know what you think of the Editor and any and all new feature requests you would like to see added in the future. -Joe Reading: Confessions of a Economic Hitman Listening To: 155 by +44
BIG-IP LTM VE: Transfer your iRules in style with the iRule Editor
The new LTM VE has opened up the possibilities for writing, testing and deploying iRules in a big way. It’s easier than ever to get a test environment set up in which you can break things develop to your heart’s content. This is fantastic news for us iRulers that want to be doing the newest, coolest stuff without having to worry about breaking a production system. That’s all well and good, but what the heck do you do to get all of your current stuff onto your test system? There are several options, ranging from copy and paste (shudder) to actual config copies and the like, which all work fine. Assuming all you’re looking for though is to transfer over your iRules, like me, the easiest way I’ve found is to use the iRule editor’s export and import features. It makes it literally a few clicks and super easy to get back up and running in the new environment. First, log into your existing LTM system with your iRule editor (you are using the editor, right? Of course you are…just making sure). You’ll see a screen something like this (right) with a list of a bagillionty iRules on the left and their cool, color coded awesomeness on the right. You can go through and select iRules and start moving them manually, but there’s really no need. All you need to do is go up to the File –> Archive –> Export option and let it do its magic. All it’s doing is saving text files to your local system to archive off all of your iRuley goodness. Once that’s done, you can then spin up your new LTM VE and get logged in via the iRule editor over there. Connect via the iRule editor, and go to File –> Archive –> Import, shown below. Once you choose the import option you’ll start seeing your iRules popping up in the left-hand column, just like you’re used to. This will take a minute depending on how many iRules you have archived (okay, so I may have more than a few iRules in my collection…) but it’s generally pretty snappy. One important thing to note at his point, however, is that all of your iRules are bolded with an asterisk next to them. This means they are not saved in their current state on the LTM. If you exit at this point, you’ll still be iRuleless, and no one wants that. Luckily Joe thought of that when building the iRule editor, so all you need to do is select File –> Save All, and you’ll be most of the way home. I say most of the way because there will undoubtedly be some errors that you’ll need to clean up. These will be config based errors, like pools that used to exist on your old system and don’t now, etc. You can either go create the pools in the config or comment out those lines. I tend to try and keep my iRules as config agnostic as possible while testing things, so there aren’t a ton of these but some of them always crop up. The editor makes these easy to spot and fix though. The name of the iRule that’s having a problem will stay bolded and any errors in that particular code will be called out (assuming you have that feature turned on) so you can pretty quickly spot them and fix them. This entire process took me about 15 minutes, including cleaning up the code in certain iRules to at least save properly on the new system, and I have a bunch of iRules, so that’s a pretty generous estimate. It really is quick, easy and painless to get your code onto an LTM VE and get hacking coding. An added side benefit, but a cool one, is that you now have your iRules backed up locally. Not only does this mean you’re double plus sure that they won’t be lost, but it means the next time you want to deploy them somewhere, all you have to do is import from the editor. So if you haven’t yet, go download your BIG-IP LTM VE and get started. I can’t recommend it enough. Also make sure to check out some of the really handy DC content that shows you how to tweak it for more interfaces or Joe’s supremely helpful guide on how to use a single VM to run an entire client/LTM/server setup. Wicked cool stuff. Happy iRuling. #ColinThe Wait is Over: Edit Your iRules on Linux!
DevCentral has many rock star contributors. Most are not affiliated officially with F5 Networks, or DevCentral for that matter, but there are several F5ers who believe in the community, and really believe in the F5 story. One of those F5ers is Matt Cauthorn, or as you know him in the community, L4L7. You may recognize Matt as the author of pyControl. Well, not only did he provide this entrance to a better iControl experience, he has also delivered in a major way with his Vim plugin for editing iRules (utilizing pyControl of course to make those calls to BIG-IP). I had toyed around with a few different editors, (ecoder and Eric for example) but never made it to a point it was solid enough to release. Vim never occurred to me--that’s ten negative cool points for me. I asked Matt why he went down the Vim path: Vim is so extensible and common that it was a no brainer. I knew about the python extensions and figured it was possible.” Turns out he was absolutely right, and now, thanks to his great efforts, the Linux and Mac communities get a gift. If you’re a windows user and would prefer to edit your iRules in Vim, hope is not lost, it’s just going to be a little more work to compile Vim to support python. Current features include: Syntax highlighting Command completion Create/retrieve/modify/delete iRules for LTM & GTM. Partition switching Apply iRules to virtual servers Auto-close is also an option, but it’s commented out in the vimrc file as some (me included) find this more annoying than helpful. Matt’s screencast below covers some of the customizations you can make in your Vim iRule Editor. This screencast and a couple more are available on the Video page under the Vim iRule Editor tab. Happy coding!DevCentral Top5 01/22/2010
Wow! What a whirlwind it's been the past few weeks. Between holidays and vacation and people traveling out of town, it's been an absolute zoo around here. Though I've been out the past week or so there has been an avalanche of content. I've hemmed and hawed and finally managed to slim my picks down to just five, though there are at least a dozen awesome things worth checking out on DevCentral in the past week or so. So don't be shy, get out there and poke around for yourself. For now, though, here are my top 5 picks for the week: v10.1 - The table Command - The Basics http://devcentral.f5.com/s/Default.aspx?tabid=63&articleType=ArticleView&articleId=2375 The new table command introduced in 10.1 is so hawesome and powerful it's hard for me to decide where to even begin describing the grandeur that is the table command. I've decided to begin at the beginning, and point you to the basics first. There are nine (yes, 9) tech tips published in the past week or so having to do with the new table command. They range from this intro doc to some pretty powerful, in depth, well explained examples. They are all penned by the creator of the command and go into amazing detail. This series has instantly become a contender for one of my favorite batches of content ever released on DevCentral, which is saying something. If you're looking for a way to store data, store data in a structured format, perform counting operations or about a bagillion other things dealing with data storage and manipulation in iRules, you must read about the table command. Huge thanks to spark for the work on the command and going above and beyond on the documentation. TMSH Scripting in v10.1 http://devcentral.f5.com/s/Default.aspx?tabid=63&articleType=ArticleView&articleId=2374 This week's Top5 has not one, but two awesome docs regarding scripting on your BIG-IP. While iRules are near and dear to my heart, TMSH is quickly catching my interest as well. The new shell along with the powerful new scripting capabilities are wicked cool and have the potential to do some pretty amazing things. TMSH crams a huge amount of utility into an easily approachable package. This great doc Jason wrote up gets you started in style with an excellent description of where to begin, then takes you quite a bit further giving you examples of just how to build your own script. The possibilities seem rather limitless so I'm excited to see what people start doing once they get the hang of it. Check this one out for sure, and if you like what you see I'd recommend taking a look at the TMSH wiki and maybe giving this week's podcast where we spoke with Mark Crosland in depth about TMSH a listen. ARX Config, Day One http://devcentral.f5.com/s/weblogs/dmacvittie/archive/2010/01/18/arx-config-day-one.aspx In the first installment of what I'm hoping proves to be a long, detailed series describing his experiences with his ARX, Don dishes out a great intro post about getting his ARX out of the box and working. He's honest and gives plenty of details about both what he loved and what he…didn't, which I appreciate. It sounds like he also plans to go into detail about any troubles he's having or things that he finds that stand out to him and the users should know about. With his vast experience in the storage world, getting to see an ARX through his eyes is just about the next best thing to getting to fiddle with one yourself. So if you have any interest in learning what it's like to set up and start using an ARX device, I recommend keeping a keen eye on this series. Having no ARX experience myself I'm quite interested to get his impressions, so I'll be one of the subscribed readers too. iRule Editor - Offline Editing http://devcentral.f5.com/s/Default.aspx?tabid=63&articleType=ArticleView&articleId=2385 Joe's amazing creation, the iRule Editor, just got better. He's released a couple new features for it recently but the one that caught my attention the most is something that people have been asking about for quite some time now: offline editing. The iRule Editor has previously been a 100% online tool. You'd fire it up, connect to your device and start editing away. But what if you're on a plane or just don't have a device to connect to? Well, you were out of luck. Even though you could save the iRules themselves to your on disk archive, the editor wouldn't allow you to edit them offline before. But now, you can. Keep in mind that you won't be able to use any syntax checking because that uses tmm on the BIG-IP to test compile the code, but you can edit to your heart's content along with all the handy features of the iRule Editor you've grown to love. Joe even took the time to go through a walkthrough of how this works and show you how to use the cool new feature in this video. This is a very cool improvement…thanks Joe! Following Google's Lead on Security? Don't Forget to Encrypt Cookies http://devcentral.f5.com/s/weblogs/macvittie/archive/2010/01/15/google-gmail-ssl-cookie-encryption.aspx Last but certainly not least is Lori's post talking about SSL and why it isn't the only thing you need to think about when working on securing an application. Yes, SSL is an excellent and pretty standard first step to securing an online application these days. I, just like Lori, completely agree that you should be using SSL encryption as a security measure if you're at all concerned about your users or their data. Something Lori mentions though is spot on, "it’s not a panacea, especially where cookies are involved". Just because something is being encrypted across the wire doesn't mean that you can necessarily assume that it's going to be 100% safe once it gets where it's going. Data being stored on a client system, such as cookies that carry auth information, are a prime target for many malicious attacks trying to pry at user info. Cooke Encryption can be a powerful agent in stopping this and stepping up your security one more level. Have a look for yourself for a more detailed description of how this works. There you have this week's DevCentral Top5. As always, feedback is welcomed and you can check out previous versions of the Top5 here - http://devcentral.f5.com/s/Default.aspx?tabid=101 #Colin
