This 3-day course provides networking professionals a functional understanding of iRules development.
The course builds on the foundation of the Administering BIG-IP or Configuring LTM course, demonstrating how to logically plan and write iRules to help monitor and manage common tasks involved with processing traffic on the BIG-IP system.
Extensive course labs consist of writing, applying and evaluating the effect of iRules on local traffic.
This hands-on course includes lectures, labs, and discussions.
Course Topics
โข Setting up the BIG-IP system
โข Getting started with iRules
โข Leveraging DevCentral resources for iRule development
โข Exploring iRule elements, including events, functions, commands, variables, and operators
โข Using control structures for conditional branching and looping
โข Mastering whitespace, grouping, and special symbols
โข Measuring iRule efficiency using timing statistics
โข Logging from an iRule using syslog-ng and high-speed logging (HSL)
โข Optimizing iRules execution, including implementing efficiency best practices
โข Modularizing iRules for administrative efficiency, including using procedures
โข Securing web applications with iRules, including preventing common HTTP attacks, securing HTTP headers and cookies, and implementing HTTP strict transport security (HSTS)
โข Working with strings, including using Tcl parsing commands and iRules parsing functions
โข Accessing and manipulating HTTP traffic, including applying selective HTTP compression
โข Working with iFiles and data groups
โข Using iRules with universal persistence and stream profiles
โข Gathering statistics using STATS and ISTATS
โข Incorporating advanced variables, including arrays, static variables, and the session table
At the end of this course, the student will be able to:
โข Describe the role of iRules in customizing application delivery on a BIG-IP system
โข Describe best practices for using iRules
โข Define event context, and differentiate between client-side and server-side contexts, request and response contexts, and local and remote contexts
โข Trigger an iRule for both client-side and server-side request and response events
โข Assign multiple iRules to a virtual server and control the order in which duplicate events trigger
โข Describe and use a testing methodology for iRule development and troubleshooting
โข Use local variables, static variables, lists, arrays, the session table, and data groups to store information needed for iRule execution
โข Write iRules that are optimized for runtime and administrative efficiency
โข Use control structures to conditionally branch or loop within an iRule
โข Log from an iRule using Linux syslog-ng or TMOS high-speed logging (HSL)
โข Incorporate coding best practices during iRule development
โข Use analyzer tools to capture and view traffic flow on both client-side and server-side contexts
โข Collect and use timing statistics to measure iRule runtime efficiency
โข Write iRules to help mitigate and defend from some common HTTP attacks
โข Differentiate between decimal, octal, hexadecimal, floating-point, and exponential notation
โข Parse and manipulate strings using Tcl commands and iRule functions
โข Write iRules to access and manipulate HTTP header information
โข Write iRules to collect customized statistics
โข Implement universal persistence via an iRule
โข Modify payload content using an iRule with a stream profile
Chapter 1: Setting Up the BIG-IP System
โข Introducing the BIG-IP System
โข Initially Setting Up the BIG-IP System
โข Archiving the BIG-IP System Configuration
โข Leveraging F5 Support Resources and Tools
Chapter 2: Getting Started with iRules
โข Customizing Application Delivery with iRules
โข Triggering an iRule
โข Leveraging the DevCentral Ecosystem
โข Creating and Deploying iRules
Chapter 3: Exploring iRule Elements
โข Introducing iRule Constructs
โข Understanding iRule Events and Event Context
โข Working with iRule Commands
โข Logging from an iRule Using SYSLOG-NG (LOG Command)
โข Working with User-Defined Variables
โข Working with Operators and Data Types
โข Working with Conditional Control Structures (IF and SWITCH)
โข Incorporating Best Practices in iRules
Chapter 4: Developing and Troubleshooting iRules
โข Mastering Whitespace and Special Symbols
โข Grouping Strings
โข Developing and Troubleshooting Tips
โข Using Fiddler to Test and Troubleshoot iRules
Chapter 5: Optimizing iRule Execution
โข Understanding the Need for Efficiency
โข Measure iRule Runtime Efficiency Using Timing Statistics
โข Modularizing iRules for Administrative Efficiency
โข Using Procedures to Modularize Code
โข Optimizing Logging
โข Using High-Speed Logging Commands in an iRule
โข Implementing Other Efficiencies
โข Using Looping Control Structures (WHILE, FOR, FOREACH Commands)
Chapter 6: Securing Web Applications with iRules
โข Integrating iRules into Web Application Defense
โข Mitigating HTTP Version Attacks
โข Mitigating Path Traversal Attacks
โข Using iRules to Defends Against Cross-Site Request Forgery (CSRF)
โข Mitigating HTTP Method Vulnerabilities
โข Securing HTTP Cookies with iRules
โข Adding HTTP Security Headers
โข Removing Undesirable HTTP Headers
Chapter 7: Working with Numbers and Strings
โข Understanding Number Forms and Notation
โข Working with Strings (STRING and SCAN Commands)
โข Combining Strings (Adjacent Variables, CONCAT and APPEND Commands)
โข Using iRule String Parsing Functions (FINDSTR, GETFIELD, and SUBSTR Commands)
Chapter 8: Processing the HTTP Payload
โข Reviewing HTTP Headers and Commands
โข Introducing iRule HTTP Header Commands
โข Accessing and Manipulating HTTP Headers (HTTP::header Commands)
โข Other HTTP commands (HTTP::host, HTTP::status, HTTP::is_keepalive, HTTP::method, HTTP::version, HTTP::redirect, HTTP::respond, HTTP::uri)
โข Parsing the HTTP URI (URI::path, URI::basename, URI::query)
โข Parsing Cookies with HTTP::cookie
โข Selectively Compressing HTTP Data (COMPRESS Command)
Chapter 9: Working with iFiles and Data Groups
โข Working with iFiles
โข Introducing Data Groups
โข Working with New Format Data Groups (CLASS MATCH, CLASS SEARCH)
Chapter 10: Using iRules with Universal Persistence, Stream, and Statistics Profiles
โข Implementing Universal Persistence (PERSIST UIE Command)
โข Working with the Stream Profile (STREAM Command)
โข Collecting Statistics Using a Statistics Profile (STATS Command)
โข Collecting Statistics Using iStats (ISTATS Command)
Chapter 11: Incorporating Advanced Variables
โข Reviewing the Local Variable Namespace
โข Working with Arrays (ARRAY Command)
โข Using Static and Global Variables
โข Using the Session Table (TABLE Command)
โข Processing Session Table Subtables
โข Counting โThingsโ Using the Session Table
Course Changes since v15
The Developing iRules for BIG-IP v16.1 course presents much of the same content as v15.1, with removal of deprecated Data Group MATCHCLASS and FINDCLASS topics being the primary change. Passwords are 8 digits in length i.e.. f5trn0XX.
Students must complete one of the following F5 prerequisites before attending this course:
? Administering BIG-IP instructor-led course -or-
? Configuring BIG-IP LTM instructor-led course -or-
? F5 Certified BIG-IP Administrator
The following free web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience.
These courses are available at LearnF5 (https://www.f5.com/services/training):
? Getting Started with BIG-IP
? Getting Started with BIG-IP Local Traffic Manager (LTM)
The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:
? OSI model encapsulation
? Routing and switching
? Ethernet and ARP
? TCP/IP concepts
? IP addressing and subnetting
? NAT and private IP addressing
? Default gateway
? Network firewalls
? LAN vs. WAN
The following course-specific knowledge and experience is suggested before attending this course:
? HTTP protocol
? Any programming language
This course is intended for system administrators, network administrators and application developers responsible for the customization of traffic flow through a BIG-IP system using iRules.
