Learn how to logically plan and write iRules to help monitor and manage common traffic processing tasks on the BIG-IP system. Explore events, functions, commands, variables, operators, and other elements for mastering iRule development. Gain practical experience through hands-on labs using control structures for conditional branching and looping, mastering spacing, grouping, special symbols, and implementing recommended practices for efficiency. Complete additional skill-building exercises incorporating advanced variables, including arrays, static variables, and session tables.

Reference real-world examples extensively, including securing web applications with iRules by preventing common attacks which can abuse HTTP, securing HTTP headers and cookies, and implementing HTTP strict transport security. Develop skills working with strings, including Tcl parsing commands and other parsing functions. Delve into advanced topics such as using iRules with universal persistence and stream profiles, gathering statistics using STATS and ISTATS, and different methods for accessing, manipulating, and selectively applying compression to HTTP traffic.

At the end of this course, the student will be able to:

• Describe the role of iRules in customizing application delivery on a BIG-IP system

• Describe best practices for using iRules

• Define event context, and differentiate between client-side and server-side contexts, request and response contexts, and local and remote contexts

• Trigger an iRule for both client-side and server-side request and response events

• Assign multiple iRules to a virtual server and control the order in which duplicate events trigger

• Describe and use a testing methodology for iRule development and troubleshooting

• Use local variables, static variables, lists, arrays, the session table, and data groups to store information needed for iRule execution

• Write iRules that are optimized for runtime and administrative efficiency

• Use control structures to conditionally branch or loop within an iRule

• Log from an iRule using Linux syslog-ng or TMOS high-speed logging (HSL)

• Incorporate coding best practices during iRule development

• Use analyzer tools to capture and view traffic flow on both client-side and server-side contexts

• Collect and use timing statistics to measure iRule runtime efficiency

• Write iRules to help mitigate and defend from some common HTTP attacks

• Differentiate between decimal, octal, hexadecimal, floating-point, and exponential notation

• Parse and manipulate strings using Tcl commands and iRule functions

• Write iRules to access and manipulate HTTP header information

• Write iRules to collect customized statistics

• Implement universal persistence via an iRule

• Modify payload content using an iRule with a stream profile

This course is intended for system administrators, network administrators and application developers responsible for the customization of traffic flow through a BIG-IP system using iRules.

Students must complete one of the following F5 prerequisites before attending this course:
• Administering BIG-IP (ILT)
• F5 Certified BIG-IP Administrator

Suggested Prework

The following free Self-Directed Training (SDT) courses, although optional, are helpful for any student with limited BIG-IP administration and configuration experience:
• Getting Started with BIG-IP
• Getting Started with Local Traffic Manager (LTM)
General network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course, including OSI model encapsulation, routing and switching, Ethernet and ARP, TCP/IP concepts, IP addressing and subnetting, NAT and private IP addressing, NAT and private IP addressing, default gateway, network firewalls, and LAN vs. WAN.
The following course-specific knowledge and experience is suggested before attending this course:
• HTTP protocol
• Any programming language

Chapter 1: Introducing the BIG-IP System
• Introducing the BIG-IP System
• Initially Setting Up the BIG-IP System
• Archiving the BIG-IP Configuration
• Leveraging F5 Support Resources and Tools
Chapter 2: Getting Started with iRules
• Customizing Application Delivery with iRules
• Triggering an iRule
• Leveraging the DevCentral Ecosystem
• Creating and Deploying iRules
Chapter 3: Exploring iRule Elements
• Introducing iRule Constructs
• Understanding iRule Events and Event Context
• Working with iRule Commands
• Logging from an iRule Using SYSLOG-NG (LOG Command)
• Working with User-Defined Variables
• Working with Operators and Data Types
• Working with Conditional Control Structures (IF and SWITCH)
• Incorporating Best Practices in iRules
Chapter 4: Developing and Troubleshooting iRules
• Mastering Whitespace and Special Symbols
• Grouping Strings
• Developing and Troubleshooting Tips
• Using Fiddler to Test and Troubleshoot iRules
Chapter 5: Optimizing iRule Execution
• Understanding the Need for Efficiency
• Measure iRule Runtime Efficiency Using Timing Statistics
• Modularizing iRules for Administrative Efficiency
• Using Procedures to Modularize Code
• Optimizing Logging
• Using High-Speed Logging Commands in an iRule
• Implementing Other Efficiencies
• Using Looping Control Structures (WHILE, FOR, FOREACH Commands)
Chapter 6: Securing Web Applications with iRules
• Integrating iRules into Web Application Defense
• Mitigating HTTP Version Attacks
• Mitigating Path Traversal Attacks
• Using iRules to Defends Against Cross-Site Request Forgery (CSRF)
• Mitigating HTTP Method Vulnerabilities
• Securing HTTP Cookies with iRules
• Adding HTTP Security Headers
• Removing Undesirable HTTP Headers
Chapter 7: Working with Numbers and Strings
• Understanding Number Forms and Notation
• Working with Strings (STRING and SCAN Commands)
• Combining Strings (Adjacent Variables, CONCAT and APPEND Commands)
• Using iRule String Parsing Functions (FINDSTR, GETFIELD, and SUBSTR Commands)
Chapter 8: Processing the HTTP Payload
• Reviewing HTTP Headers and Commands
• Introducing iRule HTTP Header Commands
• Accessing and Manipulating HTTP Headers (HTTP::header Commands)
• Other HTTP commands (HTTP::host, HTTP::status, HTTP::is_keepalive, HTTP::method, HTTP::version, HTTP::redirect, HTTP::respond, HTTP::uri)
• Parsing the HTTP URI (URI::path, URI::basename, URI::query)
• Parsing Cookies with HTTP::cookie
• Selectively Compressing HTTP Data (COMPRESS Command)

Chapter 9: Working with iFiles and Data Groups
• Working with iFiles
• Introducing Data Groups
• Working with New Format Data Groups (CLASS MATCH, CLASS SEARCH)
Chapter 10: Using iRules with Universal Persistence, Stream, and Statistics Profiles
• Implementing Universal Persistence (PERSIST UIE Command)
• Working with the Stream Profile (STREAM Command)
• Collecting Statistics Using a Statistics Profile (STATS Command)
• Collecting Statistics Using iStats (ISTATS Command)
Chapter 11: Incorporating Advanced Variables
• Reviewing the Local Variable Namespace
• Working with Arrays (ARRAY Command)
• Using Static and Global Variables
• Using the Session Table (TABLE Command)
• Processing Session Table Subtables
• Counting “Things” Using the Session Table

Other courses available:

F5N_BIG-LTM-CFG-3, Configuring BIG-IP LTM: Local Traffic Manager v.16.1
F5N_BIG-DNS-I, Configuring BIG-IP DNS (formerly GTM) v.16.1
F5N_BIG-AWF-CFG, Configuring F5 Advanced WAF (previously licensed as ASM) v.16.1
F5N_BIG-EGW-APM, Configuring BIG-IP APM: Access Policy Manager v.16.1
F5N_BIG-AFM, Configuring BIG-IP AFM: Advanced Firewall Manager v.16.1
F5N_BIG-TRBL-INT2, Troubleshooting BIG-IP v.16.1

Course Changes since v15

The Developing iRules for BIG-IP v16.1 course presents much of the same content as v15.1, with removal of deprecated Data Group MATCHCLASS and FINDCLASS topics being the primary change. Passwords are 8 digits in length i.e.. f5trn0XX.