BIG IP F5 IRULE CONFIGURATION

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone my name is Vernon today we are going to discuss about f5 LTM I rose so let's have some basic discussion about iris what I rose are so if we if you talk about iris and I roll is a powerful and flexible feature for a break IP device based on f5 exclusive DMOS architecture iris provide you in control to directly manipulating and manage any application traffic so what I will do this is by using I rule you can manipulate the IP traffic what you can do you can like if you have to pose in a void and if you want a request coming to a virtual server should goes to two different pools you can do that let's say if you have virtual server a and you have to pull pull and pull me so the requests which is coming to what your server a can can go to pool a and some risk and go to pool B this can be achieved by I rule another most use cases HTTP redirect so if someone is accessing the web site that is supposed to be accessed using 4 4 3 port and if someone do HTTP to that website by using I rule we can redirect it to HTTPS so what are the components of I rules so the very first component of I roll is event so an event is something which triggers the I rules so whenever we create a I rule we have we set event on upon which the I rule will be applicable so event can be stdp request client SSL client cert RTSP response so we can say you know if there is an st TP request then we direct it to HTTP request so event is something which trigger the I rule operators Vani compared to value you will see an operator to duty comparison so operator is used to compare two values let's say if I say that you know if the IP of the client is X then the request should go to pool B so what I am doing is I am doing a comparison like equal to greater than that for that particular thing operators are used then statements a statement are the command that typically don't return a value so statements something if as in which you you put some conditions where is the last furnace commands with command you can do things like you array of HTTP requests means you can call the URI value of STP HTTP request using the commands so what template do we use for iris so the first thing to initiate the I rule you have to use vent like this is an when even means if I'll say you know if there is an HTTP request then redirect the traffic to sttt HTTP right so that when is think something that trigger the request and then if condition expression let's say if I say if HTTP request is from X host then redirect it to HTTP so that is the condition then the action action is Seri direction and if this condition is not met then else okay so we will be working on some of the IEEE rules okay let me just show you from where we can configure ti rules so this is my this is my lab environment okay so though you for checking the AI rules you have to go to local traffic under local traffic there is an option for AI rules so these are pre-configured eye rules which come with the f5 load balancer so where as you can also reduce you can also create our own AI rules so that see this is the system defined I rule for redirecting the HTTP traffic right or you can say redirecting the HTTP traffic to HTTPS okay similarly we will be doing two examples today first we will be creating a rule to redirect HTTP traffic though there is a you know system defined I rule but we will still creating a new one so in order to create a new AI rule just go to AI rule list click Add now I'll just name it as test underscore HTTP and HTTPS redirect okay now first thing is to define the event when this I wrote will be Tigger so defining an even start from when right then you have to write the event let's say I say when there is an HTTP request so as Rick I'll just write when HTTP so I am saying this I rule will be triggered when there will be an HTTP request then we have to open the we have to go inside bank statement right that when event now we have to either we can use if-else loop loop let us say we can say if there is an HTTP request from this person then do that otherwise if we want to redirect all the HTTP requests to HTTP we can simply write the action first we have written the event now we will write the action we can simply write that whenever there is a stupid request redirect to we can simply write HTTP so we can so this is the simple I'd rule to redirect all the HTTP traffic so what we have done we have first defined an event that this I rule will trigger when there will be an HTTP request right and though you know like by configuring the I rule you can also take help from here it gives the you know the idea about what exactly you need to done see like this is when used to specify an event so when we use when we have to specify an event there's also an example which but you might take help from so it is giving an example of when client accepted that means when the client establish the connection then this thing will trigger so we are using when HTTP request we are saying whenever there will be an HTTP request this I wrote will trigger now if we are not using if-else here because we are not putting any condition we are simply giving an action so either you can go first event then you can put if else condition then action but here as we have to read out all the traffic we are simply saying when HTTP requests again this redirect if you want to check what redirect does is just click over it and it will show you redirects and HTTP to a specific location and there is an also an example like when you see what we are doing when HTTP requests redirects to this thing now we are we have we have set redirect to HTTPS now we have written this because we are saying that you have to redirect this to this particular URL we are using these these this statement to just to say that whatever the you know the whatever the IP or the host was there in the HTTP request just the redirect is to HTTPS and we can simply save it now will check if this works or not so just to show you the environment that we are having so this is our environment we are having a virtual with big-ip and two web service so let me power on the other back server as well one is better server one another one is web server 2 these are hosting the web at port 80 they are listening at port 80 for web services so I'll just power it on this web server as well for our practical purpose now if we go back to the big IP configuration we have two pools configured here as we only have two service so for our practical purpose we have configured to pools one is web server pool that is and the pool member of this particular pool is so this is for this pool the pool member is where the back server one and the IP is 192 168 31.5 this pool is down because we have just power on that back server one so it will be up the service monitor will come up and this server will come up this pool again we have a second pool which is having the web server - and whose IP is 192 168 31.6 we have configured one virtual server which is this one which we will be using now this is our virtual server that we will be using see this virtual server is listen it is listening a quad 80 and in order to apply the I rule we have to go to resources this server is using the best server pool one and we have to define our I rule here so I want to define an idle that I have created now so I go to manage and I'll just take this one out and put this one in and finish now we have applied the I rule on this virtual server so this is the virtual server which is whose IP is 192 168 100 10.2 still it is down I believe the server is not yet let me just strata services of the server once the server will come up my virtual server will come up automatically once the service monitor is up now this server is a let me check the virtual server is up or not I'm just refresh it so once this ever come up my load balances also up so so this is the IP of the load balances so before testing the I rule let me just remove that I rule first and see what would what is the result now and what would be the result after the applying the I rule okay so what I'm going to do is I'm just going to remove this I rule for now okay now if I try to access this virtual server now when I try to access this virtual server I will be redirected to the I will be I will be you know I will be transferred to the pool member that is listening at port 80 that is our web server one so when we access the virtual IP now we are getting into the web server 192 168 31.5 okay now let us apply the idle idle that we have configured now let's again try to access this web server now this virtual IP see now it is redirected to an ST TPS now why we are getting this big IP because the virtual server IP that I am using here is same as the external IP so as soon as you know we as soon as that I dual worked the HTTP request on this IP is redirected to the HTTP request and we come into this page as the virtual server IP is same as the external IP of the f5 load balancer so so our idle I rule works so let me just again brief you what we have done in the I rule so in this in this example number one we have written very simple I rule what we have said that whenever there will be an HTTP request means whenever an st to period when ever someone access the HTTP whenever virtual server receives the HTTP request what we have to do is this is our event or you can say this is our condition right and what would with the action if this condition is met is redirect to HTTPS and this IP so what we have done is okay so so what we have done over here is we have sent redirect to HTTPS and in this inverted comma we have to write where we have to redirect so we have to give some particular value right so what I have written I have done in in the example is I have said that they request to be redirected to the HTTP host so what we have to do is whatever the IP that is coming in the initial HTTP request same to be redirected to the HTTP so this is the I rule one which we have configured now we will be doing one more example as we have to virtual server so we have created two different pools one is best-ever pool pool one and other one is vegetable pool - right now what we will be doing that the request that is going to us virtual server for a particular traffic will be gone we'll go to other pool to non-default pool member so again let me show you so as of now the default pool for this pool member is wet server pool for this virtual server is web server pool now what we will be doing is we will configure non I rule such that the requests coming to this virtual server will not go to this default pool instead it will go to instated it will go to web server pool - okay so in this case again when we are going to trigger the I role then there is an HTTP request because we the big is the person who will be accessing this virtual server will be accessing it over HTTP which is our web servers are listening on port 80 not on port 443 okay now we have to put now condition if this is an if loop right if client address this is our object client address equals this is our operator and this is what we are comparing we are saying if our client address equals to 192 168 100 10.1 that is our this system IP from where we are accessing it then you have to take the request to pool web server to pull whose name is web server pool - so let us try to configure it so if I go to iris again so if you configure I rule you know it itself give some explanation and it is very helpful like say if I say pool underscore i okay so first I have to say Bend and if you want to check what renders you can simply click on it right it shows what is the use of vent now as we are saying that we are doing it for HTTP request there is a syntax with it so if you want if you want to say if you want to introduce an HTTP request then you can use it this in a small letters but for HTTP you have to use it in capital letter because if I use HTTP in a small letter I will not get an option for HTTP request so it itself gives us the possible options which are here so HTTP request is not here so that means I have to use the capital letters okay now I get the option for HTTP request so now I am saying whenever there is there there is an HTTP request now I have to open the loop now I am putting a flew I have to match a condition right at during at what condition there will be did this even built bigger right this I rule sorry this I rule will be effective so I again open a loop and I write if for something we are comparing write for something we are comparing for a by a particular value we have to use these bracket okay what I write here I write client address so what I am comparing that whenever a request come for a particular client the the request the virtual server should forgot the request to non-default pool so our default polarized web server pool our non-default pool is web server pool too so for this particular client address we will be sending the request of a best server pool to and for all other web server stealing your guests will still go to best server pool so I just put client address now there should be an operator as we discussed they are these are the possible operators but which we so what we have we will be saying that whenever the client IP equals to this system IP so we will be using the operator equals or we can either use contain as well but here we will be using an operator equals so we can use either contained we can use start with okay we can use equal so here I will be using equals now if I again click over it it will show me for okay it will not show for operator that what it can does but it shows worried enough for this van or if loop if you again click on if it will show you what what all you can do with if okay so I am saying if my client address equals to the system IV which is 192 168 1 1 10.1 ok now I have to close this if loop now again what would be the action action would be pool so I am saying if this particular condition is met then I have this action that is pool so see if I want to you see what this particular actually does this particular pool action can does is causes the system to lower balanced traffic to a specific pool so using this pool keyboard I can cause the system to load balanced traffic to a specific pool or pool member so now I have to define the pool name so the other pool name that I have is is web server pool too okay so I just write their server this is again anything which is which is user-defined or which I am defining I have to write it in inverted column comma sorry so I will just write web server but this is again so you know we have we need not to use inverted column comma here because this is this this pool is not defined by us it is all configured in the big IP so we will just remove this one from here okay and we have to first close the if loop then we have to close the ven loop now let's save this I do so there is some error with this I Ruth okay see here what we are doing here is the error showing that the error is with this statement so what we are saying if the client address so we are comparing comparing something from this particular object that is client address that is why we have used we have used this you can say this bracket right so whatever thing is user-defined it should be under inverted comma so as we are saying that this thing should be compared with client address and this is something which I am defining I have to always use an inverted comma now if I save it it will get safe it's not saved right now let us go back to our virtual server first I will remove the previous I rule that I have configured here so for that I have to go to watch your server then to resources and I simply remove this from here okay now again I'll just try to access the web server so now once we have removed the behaviors HTTP redirect I rule we are still we are stil forwarded to 192 168 31.5 that is the part of our webserver pool that is a default pool in the virtual server now once we hit reply Urban's will apply our new I rule we will be we will be forwarded to put a second pool and the IP will be 192 168 31.6 so let us see so now I go to again to the resources and I go to manage and I say that I want to use this I do so in this I rule what I have I have told the f5 to redirect me to this web server pool and the IP and in this web server pool is 192 168 31.6 so now once this I rule is applied I will be read I will be forwarded to 192 168 31.6 so let's refresh it let's close it and reopen it so I hear 192 168 1 return-1 to maintain try to access it ok the eye roll is not working let me just try to disable and re-enable the virtual server again I'm just first check whether the eye rule is applied or not let's check whether the ID rule is applied or not so I roll is applied so what I will do I will just disable and enable this virtual server for the changes to take place let me be an able to virtual server now my virtual service enabled so I'm going to again access this IP let me check whether we have given the correct pool name in the I rule or not so we can go directly from here this is our I rule okay so we have you know we have still given back server pool which is the default pool that is where it is again taking us to the same server so we have to define where server pool to here okay now I'll update this thing because I have given the incorrect name of the best server that it was not working now the idol is corrected just to recheck we have let me cross-check the name of the back pool okay so this is the right pool okay now it should work see now we have been forwarded to 192 168 31.6 which is part of this web server pool and it is not a default pool for that virtual server but using the I rule we have instructed the virtual server not to forward the acquiesce to the default pool instead to forward the request to the second pool so this is how I will work so we have to again this week there you we have what we have done first of all we have given an event when that when this particular I will trigger when there will be an HTTP request okay then we started we start out you know our bracket our loop then they we put an if loop in a flew what we have said that if the client address then an operator that is equals to 192 168 100 10.1 then you have to take us to the pool where server pool to so anything that that is user-defined of we are saying that you know this thing should be equal then we have to write it in inverted cop inverted commas and anything which we are comparing should be in this cause in this bracket so this is how it work so we have another example that is I rule to perform as net for a particular traffic so in this I roll what we will be doing we will be doing the source net for a particular traffic that is for the traffic which is coming from our system so this I will be discussing in my next class meanwhile if you know the solution please post in the comment section and we can have further discussion on it and if you like this video please do subscribe to my channel thank you
Info
Channel: Varun Agrawal
Views: 3,319
Rating: 4.9272728 out of 5
Keywords: F5 LTM, F5 IRULE CONFIGURATION, HTTP REDIRECT IRULE, USING TWO POOL'S IN F5 VIRTUAL SERVER, F5 I RULE, irule, f5 virtual server request to two pool, redirect f5 virtual server request to non default pool, https redirect, http redirect, I rule, F5 training
Id: g0tVkpbfKwc
Channel Id: undefined
Length: 28min 39sec (1719 seconds)
Published: Sun Apr 12 2020
Related Videos
F5 ISE Integration using TACACS+
F5 Trainer
1.7K
VRF LITE BGP CONFIGURATION
Varun Agrawal
1.2K
Basic iRule Anatomy
F5 DevCentral
26K
Bye Bye iRules? || Introducing Local Traffic Policies || irule vs LTM policy || GetField-TCL
NetMinion Solutions
1.5K
How To Configure BIG-IP-F5-LTM- HA/Active/Standby Mode
MSKTechMate
830
F5 deployment mode (One Arm, Two Arm and DSR)
Varun Agrawal
3.9K
F5 BIG IP High Availability/Failover in EVE
Need Only Network
8.7K
UniNets : F5 LTM i-Rules (Online Training) | What is iRule?
UniNets
16K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.