The Unpolished Gem of iRules

The F5 BIG-IP platform is widely considered the Swiss army knife of application delivery. Well, from experience I can tell you that the ‘Swiss’ in that is iRules. When you are trying to get something done and the in-built functionality cannot do it for you, it is iRules that can can get the job done – iRules courses in your location can be found here.

Many smaller customers I talk to are shy of using them, because they are afraid of what they don’t understand. Many large customers ask me how can I do ‘this’ with an iRule as they already have many, and use them extensively to provide functionality that is not otherwise possible. It is truly amazing the range of things people can do with a bit of code in just the right place. For just a moment, let’s visit a situation you could face:

There is a web server that has a serious flaw that needs to be patched immediately to protect it from being compromised. I know what the flaw is, and how it is exploited. I can write an iRule that looks for the malicious code in the traffic flow to that server and block it from ever reaching the server. Time to write, test and deploy that code, about two hours. Time to patch the flaw and test it in development, staging and then production? About a week. The power of iRules can make an organisation seriously agile when responding to threats.

So the flaw gets patched, the iRule is removed and the webserver is safe. Everything is going well until the client starts reporting a part of the website is no longer working. It seems the patch broke some functionality that was not tested when it was rolled out.

Essentially what the client is sending is no longer working, it needs to be in a different format. Again an iRule can be written to change data as it passes through the F5. The point here is that iRules gives you more options. You can live with the issue until you get an updated patch or rollback at a time that suits you.

On another site we have an application server that talks to a database through an F5 BIG-IP providing redundancy. The company is trying to reduce costs and every single time they update the version of the database they have to update the application. This is expensive as they don’t have the skills in the company. Their solution… create an iRule to map the application calls to the current version of the database. Now when they update the database, they just update the iRule.

That was just a short tour of some of things customers are doing with iRules. The best part about iRules is that they are free. It comes built in to every F5 BIG-IP that is sold. It has a customer base of over 200,000 users worldwide and a community site with nearly that many to help you with troubleshooting your issues.

I encourage customers to explore and develop their capability in this area. It’s an unpolished gem that sits quietly waiting to help you deliver solutions not only to yourself but to all of your customers.

Translate »