Developing iRules for BIG-IP v.16.1

This course is intended for system administrators, network administrators and application developers responsible for the customization of traffic flow through a BIG-IP system using iRules.

At the end of this course, the student will be able to: 

• Describe the role of iRules in customizing application delivery on a BIG-IP system

• Describe best practices for using iRules

• Define event context, and differentiate between client-side and server-side contexts, request and response contexts, and local and remote contexts

• Trigger an iRule for both client-side and server-side request and response events

• Assign multiple iRules to a virtual server and control the order in which duplicate events trigger

• Describe and use a testing methodology for iRule development and troubleshooting

• Use local variables, static variables, lists, arrays, the session table, and data groups to store information needed for iRule execution

• Write iRules that are optimized for runtime and administrative efficiency

• Use control structures to conditionally branch or loop within an iRule

• Log from an iRule using Linux syslog-ng or TMOS high-speed logging (HSL)

• Incorporate coding best practices during iRule development

• Use analyzer tools to capture and view traffic flow on both client-side and server-side contexts

• Collect and use timing statistics to measure iRule runtime efficiency

• Write iRules to help mitigate and defend from some common HTTP attacks

• Differentiate between decimal, octal, hexadecimal, floating-point, and exponential notation

• Parse and manipulate strings using Tcl commands and iRule functions

• Write iRules to access and manipulate HTTP header information

• Write iRules to collect customized statistics

• Implement universal persistence via an iRule

• Modify payload content using an iRule with a stream profile

Chapter 1: Setting Up the BIG-IP System

• Introducing the BIG-IP System

• Initially Setting Up the BIG-IP System

• Archiving the BIG-IP System Configuration

• Leveraging F5 Support Resources and Tools

Chapter 2: Getting Started with iRules

• Customizing Application Delivery with iRules

• Triggering an iRule

• Leveraging the DevCentral Ecosystem

• Creating and Deploying iRules

Chapter 3: Exploring iRule Elements

• Introducing iRule Constructs

• Understanding iRule Events and Event Context

• Working with iRule Commands

• Logging from an iRule Using SYSLOG-NG (LOG Command)

• Working with User-Defined Variables

• Working with Operators and Data Types

• Working with Conditional Control Structures (IF and SWITCH)

• Incorporating Best Practices in iRules

Chapter 4: Developing and Troubleshooting iRules

• Mastering Whitespace and Special Symbols

• Grouping Strings

• Developing and Troubleshooting Tips

• Using Fiddler to Test and Troubleshoot iRules

Chapter 5: Optimizing iRule Execution

• Understanding the Need for Efficiency

• Measure iRule Runtime Efficiency Using Timing Statistics

• Modularizing iRules for Administrative Efficiency

• Using Procedures to Modularize Code

• Optimizing Logging

• Using High-Speed Logging Commands in an iRule

• Implementing Other Efficiencies

• Using Looping Control Structures (WHILE, FOR, FOREACH Commands)

Chapter 6: Securing Web Applications with iRules

• Integrating iRules into Web Application Defense

• Mitigating HTTP Version Attacks

• Mitigating Path Traversal Attacks

• Using iRules to Defends Against Cross-Site Request Forgery (CSRF)

• Mitigating HTTP Method Vulnerabilities

• Securing HTTP Cookies with iRules

• Adding HTTP Security Headers

• Removing Undesirable HTTP Headers

Chapter 7: Working with Numbers and Strings

• Understanding Number Forms and Notation

• Working with Strings (STRING and SCAN Commands)

• Combining Strings (Adjacent Variables, CONCAT and APPEND Commands)

• Using iRule String Parsing Functions (FINDSTR, GETFIELD, and SUBSTR Commands)

Chapter 8: Processing the HTTP Payload

• Reviewing HTTP Headers and Commands

• Introducing iRule HTTP Header Commands

• Accessing and Manipulating HTTP Headers (HTTP::header Commands)

• Other HTTP commands (HTTP::host, HTTP::status, HTTP::is_keepalive, HTTP::method, HTTP::version, HTTP::redirect, HTTP::respond, HTTP::uri)

• Parsing the HTTP URI (URI::path, URI::basename, URI::query)

• Parsing Cookies with HTTP::cookie

• Selectively Compressing HTTP Data (COMPRESS Command)

Chapter 9: Working with iFiles and Data Groups

• Working with iFiles

• Introducing Data Groups

• Working with New Format Data Groups (CLASS MATCH, CLASS SEARCH)

Chapter 10: Using iRules with Universal Persistence, Stream, and Statistics Profiles

• Implementing Universal Persistence (PERSIST UIE Command)

• Working with the Stream Profile (STREAM Command)

• Collecting Statistics Using a Statistics Profile (STATS Command)

• Collecting Statistics Using iStats (ISTATS Command)

Chapter 11: Incorporating Advanced Variables

• Reviewing the Local Variable Namespace

• Working with Arrays (ARRAY Command)

• Using Static and Global Variables

• Using the Session Table (TABLE Command)

• Processing Session Table Subtables

• Counting “Things” Using the Session Table

Course Changes since v15

The Developing iRules for BIG-IP v16.1 course presents much of the same content as v15.1, with removal of deprecated Data Group MATCHCLASS and FINDCLASS topics being the primary change. Passwords are 8 digits in length i.e.. f5trn0XX.

Students must complete one of the following F5 prerequisites before attending this course: 

▪ Administering BIG-IP instructor-led course -or- 

▪ Configuring BIG-IP LTM instructor-led course -or- 

▪ F5 Certified BIG-IP Administrator 

The following free web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience. 

These courses are available at LearnF5 (https://www.f5.com/services/training): 

▪ Getting Started with BIG-IP 

▪ Getting Started with BIG-IP Local Traffic Manager (LTM) 

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course: 

▪ OSI model encapsulation 

▪ Routing and switching 

▪ Ethernet and ARP 

▪ TCP/IP concepts 

▪ IP addressing and subnetting 

▪ NAT and private IP addressing 

▪ Default gateway 

▪ Network firewalls 

▪ LAN vs. WAN 

The following course-specific knowledge and experience is suggested before attending this course: 

▪ HTTP protocol 

▪ Any programming language

• Configuring BIG-IP LTM: Local Traffic Manager v.16.1
• Configuring BIG-IP DNS (formerly GTM) v.16.1
• Configuring F5 Advanced WAF (previously licensed as ASM) v16.1
• Configuring BIG-IP APM: Access Policy Manager v.16.1
• Configuring BIG-IP AFM: Advanced Firewall Manager v.16.1
• Troubleshooting BIG-IP v.16.1

Delegates will be provided with official F5 e-kit courseware approximately 1 week prior to the start of the course.