Arrow Electronics, Inc.

Developing iRules for BIG-IP v15.1

CODE: F5N_BIG-IRULE-CFG

LENGTH: 3 days

PRICE: €2 995,00

Description

This course provides networking professionals a functional understanding of iRules development. The course builds on the foundation of the Administering BIG-IP or Configuring LTM course, demonstrating how to logically plan and write iRules to help monitor and manage common tasks involved with processing traffic on the BIG-IP system. Extensive course labs consist of writing, applying and evaluating the effect of iRules on local traffic. This hands-on course includes lectures, labs, and discussions.

Objectives

  • Describe the role of iRules in customizing application delivery on a BIG-IP system
  • Describe best practices for using iRules
  • Define event context, and differentiate between client-side and server-side contexts, request and response contexts, and local and remote contexts
  • Trigger an iRule for both client-side and server-side request and response events
  • Assign multiple iRules to a virtual server and control the order in which duplicate events trigger
  • Describe and use a testing methodology for iRule development and troubleshooting
  • Use local variables, static variables, lists, arrays, the session table, and data groups to store information needed for iRule execution
  • Write iRules that are optimized for runtime and administrative efficiency
  • Use control structures to conditionally branch or loop within an iRule
  • Log from an iRule using Linux syslog-ng or TMOS high-speed logging (HSL)
  • Incorporate coding best practices during iRule development
  • Use analyzer tools to capture and view traffic flow on both client-side and server-side contexts
  • Collect and use timing statistics to measure iRule runtime efficiency
  • Write iRules to help mitigate and defend from some common HTTP attacks
  • Differentiate between decimal, octal, hexadecimal, floating-point, and exponential notation
  • Parse and manipulate strings using Tcl commands and iRule functions
  • Write iRules to access and manipulate HTTP header information
  • Write iRules to collect customized statistics
  • Implement universal persistence via an iRule
  • Modify payload content using an iRule with a stream profile

Audience

This course is intended for system administrators, network administrators and application developers responsible for the customization of traffic flow through a BIG-IP system.

Prerequisites

Students must complete one of the following F5 prerequisites before attending this course:

Administering BIG-IP instructor-led course

Configuring BIG-IP LTM instructor-led course

F5 Certified BIG-IP Administrator

The following free web-based training courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience. These courses are available at F5 University:

Getting Started with BIG-IP web-based training

Getting Started with BIG-IP Local Traffic Manager (LTM) web-based training

Programme

Chapter 1: Setting Up the BIG-IP System

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Archiving the BIG-IP System Configuration

Leveraging F5 Support Resources and Tools

Chapter 2: Getting Started with iRules

Customizing Application Delivery with iRules

Triggering an iRule

Leveraging the DevCentral Ecosystem

Creating and Deploying iRules

Chapter 3: Exploring iRule Elements

Introducing iRule Constructs

Understanding iRule Events and Event Context

Working with iRule Commands

Logging from an iRule Using SYSLOG-NG (LOG Command)

Working with User-Defined Variables

Working with Operators and Data Types

Working with Conditional Control Structures (IF and SWITCH)

Incorporating Best Practices in iRules

Chapter 4: Developing and Troubleshooting iRules

Mastering Whitespace and Special Symbols

Grouping Strings

Developing and Troubleshooting Tips

Using Fiddler to Test and Troubleshoot iRules

Chapter 5: Optimizing iRule Execution

Understanding the Need for Efficiency

Measure iRule Runtime Efficiency Using Timing Statistics

Modularizing iRules for Administrative Efficiency

Using Procedures to Modularize Code

Optimizing Logging

Using High-Speed Logging Commands in an iRule

Implementing Other Efficiencies

Using Looping Control Structures (WHILE, FOR, FOREACH Commands)

Chapter 6: Securing Web Applications with iRules

Integrating iRules into Web Application Defense

Mitigating HTTP Version Attacks

Mitigating Path Traversal Attacks

Using iRules to Defends Against Cross-Site Request Forgery (CSRF)

Mitigating HTTP Method Vulnerabilities

Securing HTTP Cookies with iRules

Adding HTTP Security Headers

Removing Undesirable HTTP Headers

Chapter 7: Working with Numbers and Strings

Understanding Number Forms and Notation

Working with Strings (STRING and SCAN Commands)

Combining Strings (Adjacent Variables, CONCAT and APPEND Commands)

Using iRule String Parsing Functions (FINDSTR, GETFIELD, and SUBSTR Commands)

Chapter 8: Processing the HTTP Payload

Reviewing HTTP Headers and Commands

Accessing and Manipulating HTTP Headers (HTTP::header Commands)

Other HTTP commands (HTTP::host, HTTP::status, HTTP::is_keepalive, HTTP::method, HTTP::version, HTTP::redirect, HTTP::respond, HTTP::uri)

Parsing the HTTP URI (URI::path, URI::basename, URI::query)

Parsing Cookies with HTTP::cookie

Selectively Compressing HTTP Data (COMPRESS Command)

Chapter 9: Working with iFiles and Data Groups

Working with iFiles

Introducing Data Groups

Working with Old Format Data Groups (MATCHCLASS, FINDCLASS)

Working with New Format Data Groups (CLASS MATCH, CLASS SEARCH)

Chapter 10: Using iRules with Universal Persistence, Stream, and Statistics Profiles

Implementing Universal Persistence (PERSIST UIE Command)

Working with the Stream Profile (STREAM Command)

Collecting Statistics Using a Statistics Profile (STATS Command)

Collecting Statistics Using iStats (ISTATS Command)

Chapter 11: Incorporating Advanced Variables

Reviewing the Local Variable Namespace

Working with Arrays (ARRAY Command)

Using Static and Global Variables

Using the Session Table (TABLE Command)

Processing Session Table Subtables

Counting “Things” Using the Session Table

Session Dates