Course Overview
This 3-day course provides networking professionals a functional understanding of iRules development.
The course builds on the foundation of the Administering BIG-IP or Configuring LTM course, demonstrating how to logically plan and write iRules to help monitor and manage common tasks involved with processing traffic on the BIG-IP system.
Extensive course labs consist of writing, applying and evaluating the effect of iRules on local traffic.
This hands-on course includes lectures, labs, and discussions.
Course Topics
• Setting up the BIG-IP system
• Getting started with iRules
• Leveraging DevCentral resources for iRule development
• Exploring iRule elements, including events, functions, commands, variables, and operators
• Using control structures for conditional branching and looping
• Mastering whitespace, grouping, and special symbols
• Measuring iRule efficiency using timing statistics
• Logging from an iRule using syslog-ng and high-speed logging (HSL)
• Optimizing iRules execution, including implementing efficiency best practices
• Modularizing iRules for administrative efficiency, including using procedures
• Securing web applications with iRules, including preventing common HTTP attacks, securing HTTP headers and cookies, and implementing HTTP strict transport security (HSTS)
• Working with strings, including using Tcl parsing commands and iRules parsing functions
• Accessing and manipulating HTTP traffic, including applying selective HTTP compression
• Working with iFiles and data groups
• Using iRules with universal persistence and stream profiles
• Gathering statistics using STATS and ISTATS
• Incorporating advanced variables, including arrays, static variables, and the session table
Course Objectives
At the end of this course, the student will be able to:
• Describe the role of iRules in customizing application delivery on a BIG-IP system
• Describe best practices for using iRules
• Define event context, and differentiate between client-side and server-side contexts, request and response contexts, and local and remote contexts
• Trigger an iRule for both client-side and server-side request and response events
• Assign multiple iRules to a virtual server and control the order in which duplicate events trigger
• Describe and use a testing methodology for iRule development and troubleshooting
• Use local variables, static variables, lists, arrays, the session table, and data groups to store information needed for iRule execution
• Write iRules that are optimized for runtime and administrative efficiency
• Use control structures to conditionally branch or loop within an iRule
• Log from an iRule using Linux syslog-ng or TMOS high-speed logging (HSL)
• Incorporate coding best practices during iRule development
• Use analyzer tools to capture and view traffic flow on both client-side and server-side contexts
• Collect and use timing statistics to measure iRule runtime efficiency
• Write iRules to help mitigate and defend from some common HTTP attacks
• Differentiate between decimal, octal, hexadecimal, floating-point, and exponential notation
• Parse and manipulate strings using Tcl commands and iRule functions
• Write iRules to access and manipulate HTTP header information
• Write iRules to collect customized statistics
• Implement universal persistence via an iRule
• Modify payload content using an iRule with a stream profile
Course Content
Chapter 1: Setting Up the BIG-IP System
• Introducing the BIG-IP System
• Initially Setting Up the BIG-IP System
• Archiving the BIG-IP System Configuration
• Leveraging F5 Support Resources and Tools
Chapter 2: Getting Started with iRules
• Customizing Application Delivery with iRules
• Triggering an iRule
• Leveraging the DevCentral Ecosystem
• Creating and Deploying iRules
Chapter 3: Exploring iRule Elements
• Introducing iRule Constructs
• Understanding iRule Events and Event Context
• Working with iRule Commands
• Logging from an iRule Using SYSLOG-NG (LOG Command)
• Working with User-Defined Variables
• Working with Operators and Data Types
• Working with Conditional Control Structures (IF and SWITCH)
• Incorporating Best Practices in iRules
Chapter 4: Developing and Troubleshooting iRules
• Mastering Whitespace and Special Symbols
• Grouping Strings
• Developing and Troubleshooting Tips
• Using Fiddler to Test and Troubleshoot iRules
Chapter 5: Optimizing iRule Execution
• Understanding the Need for Efficiency
• Measure iRule Runtime Efficiency Using Timing Statistics
• Modularizing iRules for Administrative Efficiency
• Using Procedures to Modularize Code
• Optimizing Logging
• Using High-Speed Logging Commands in an iRule
• Implementing Other Efficiencies
• Using Looping Control Structures (WHILE, FOR, FOREACH Commands)
Chapter 6: Securing Web Applications with iRules
• Integrating iRules into Web Application Defense
• Mitigating HTTP Version Attacks
• Mitigating Path Traversal Attacks
• Using iRules to Defends Against Cross-Site Request Forgery (CSRF)
• Mitigating HTTP Method Vulnerabilities
• Securing HTTP Cookies with iRules
• Adding HTTP Security Headers
• Removing Undesirable HTTP Headers
Chapter 7: Working with Numbers and Strings
• Understanding Number Forms and Notation
• Working with Strings (STRING and SCAN Commands)
• Combining Strings (Adjacent Variables, CONCAT and APPEND Commands)
• Using iRule String Parsing Functions (FINDSTR, GETFIELD, and SUBSTR Commands)
Chapter 8: Processing the HTTP Payload
• Reviewing HTTP Headers and Commands
• Introducing iRule HTTP Header Commands
• Accessing and Manipulating HTTP Headers (HTTP::header Commands)
• Other HTTP commands (HTTP::host, HTTP::status, HTTP::is_keepalive, HTTP::method, HTTP::version, HTTP::redirect, HTTP::respond, HTTP::uri)
• Parsing the HTTP URI (URI::path, URI::basename, URI::query)
• Parsing Cookies with HTTP::cookie
• Selectively Compressing HTTP Data (COMPRESS Command)
Chapter 9: Working with iFiles and Data Groups
• Working with iFiles
• Introducing Data Groups
• Working with New Format Data Groups (CLASS MATCH, CLASS SEARCH)
Chapter 10: Using iRules with Universal Persistence, Stream, and Statistics Profiles
• Implementing Universal Persistence (PERSIST UIE Command)
• Working with the Stream Profile (STREAM Command)
• Collecting Statistics Using a Statistics Profile (STATS Command)
• Collecting Statistics Using iStats (ISTATS Command)
Chapter 11: Incorporating Advanced Variables
• Reviewing the Local Variable Namespace
• Working with Arrays (ARRAY Command)
• Using Static and Global Variables
• Using the Session Table (TABLE Command)
• Processing Session Table Subtables
• Counting “Things” Using the Session Table
Course Changes since v15
The Developing iRules for BIG-IP v16.1 course presents much of the same content as v15.1, with removal of deprecated Data Group MATCHCLASS and FINDCLASS topics being the primary change. Passwords are 8 digits in length i.e.. f5trn0XX.