SYS-CON MEDIA Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan, Courtney Abud

Blog Feed Post

20 Lines or Less #52: Handshakes, Dynamic IPs, and Destinations

 

What could you do with your code in 20 Lines or Less? That's the question I ask (sometimes?) every week for the DevCentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

This week nitass and hoolio deliver the 1-2-3 punch with 3 cool iRules to perform various tasks that I deem useful, or interesting, or...both. We get a look at dealing with destination servers with a dynamic IP, handling SSL and non SSL connections on the same VIP to proxy both seamlessly, and selecting a hostname based on destination. No, that isn't backwards, you heard that right. Hostname based on destination, not destination based on hostname. Just the kind of fun stuff I love looking at! So let's get to it.

 

CLIENTSSL_HANDSHAKE without a client SSL profile

http://bit.ly/yYqGcW

We've seen a similar take before, but this is a new look and a good one, courtesy of hoolio. If you're looking to process HTTP and HTTPS traffic on the same VIP, this iRule will get you there. Keep in mind that it's using a couple of tricks. One is hiding the SSL::cipher command within an eval, and the other is using the catch command to prevent the iRule from dumping the connection based on a TCL error in non SSL cases. While this works, it's good to know that this is using a bit of wizardry to achieve the goal. At some point in the future there may well be a more straight-forward way to do this.

   1: when HTTP_REQUEST {
   2:  
   3:    # Hide the SSL:: command from the iRule parser
   4:    # so the iRule can be used on a non-client SSL VS
   5:    set cipher_cmd "SSL::cipher version"
   6:  
   7:    # Check if the client used an SSL cipher and it's not "none"
   8:    if {not ([catch {eval $cipher_cmd} result]) && $result ne "none"}{
   9:       # Client did use a cipher
  10:       set proto "https"
  11:    } else {
  12:       # Client did not use a cipher
  13:       set proto "http"
  14:    }
  15: }

Node with dynamic IP

http://bit.ly/xisrlX

In this cool example nitass solves the problem of a destination server with a dynamic IP address, and how to route to it. Most people tend to think about dynamic addresses always being on the front end, with back-end resources being static and dependable. That is, of course, not always the case. Given iRules and the power therein however, that is hardly a problem. A quick RESOLV::lookup and you're able to route traffic easily to the appropriate resource. A cool look at using simple, built-in commands in inventive ways to solve problems that could be head scratchers otherwise.

   1: when HTTP_REQUEST {
   2:      set dest [RESOLV::lookup @8.8.8.8 -a "www.google.com"]
   3:      log local0. "\[RESOLV::lookup @8.8.8.8 -a \"www.google.com\"\]: $dest"
   4:      log local0. "\[getfield $dest \" \" 1\]: [getfield $dest " " 1]"
   5:      node [getfield $dest " " 1] 80
   6: }
   7:  
   8: when HTTP_RESPONSE {
   9:      log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::remote_addr]:[TCP::remote_port]"
  10: }

Destination based hostnames

http://bit.ly/ysuN4R

In another example that is actually quite simple and elegant in code, but made me stop and do a triple take because it just sounds so wrong, logically, nitass shows us destination based hostname modification. Hostname based destination modification is amazingly commonplace. We've seen and done that a thousand times. Perhaps it is because of that very prevalence that this feels so backwards, and took me a few seconds to allow my brain to logically process it. Regardless, this is a darn cool example and this would be extremely hard to do anywhere else without redirects and other tom-foolery. Fun stuff!

   1: when LB_SELECTED {
   2:        if {[HTTP::host] equals "xxx.com"} {
   3:                 switch [LB::server addr] {
   4:                         "200.200.200.101" { HTTP::header replace Host "yyy.com" }
   5:                         "200.200.200.102" { HTTP::header replace Host "zzz.com" }
   6:                 }
   7:         }
   8: }

There are your three iRules for the week that can go into the "in case of monotony, read me" bin. iRules, as a technology, continues to impress me, as does the community and the differing ways in which you all come up with to put this stuff to work. Keep it up, and we'll get this series to 100 in no time.

#Colin

 

Read the original blog entry...

More Stories By Colin Walker

Coming from a *Nix Software Engineering background, Colin is no stranger to long hours of coding, testing and deployment. His personal experiences such as on-stage performance and the like have helped to foster the evangelist in him. These days he splits his time between coding, technical writing and evangalism. He can be found on the road to just about anywhere to preach the good word about ADCs, Application Aware networking, Network Side Scripting and geekery in general to anyone that will listen.

Colin currently helps manage and maintain DevCentral (http://devcentral.f5.com). He is also a contributor in many ways, from Articles to Videos to numerous forum posts, to iRules coding and whatever else he can get his hands on that might benefit the community and allow it to continue to grow.

Latest Stories
Take advantage of autoscaling, and high availability for Kubernetes with no worry about infrastructure. Be the Rockstar and avoid all the hurdles of deploying Kubernetes. So Why not take Heat and automate the setup of your Kubernetes cluster? Why not give project owners a Heat Stack to deploy Kubernetes whenever they want to? Hoping to share how anyone can use Heat to deploy Kubernetes on OpenStack and customize to their liking. This is a tried and true method that I've used on my OpenSta...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, will discuss how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galer...
10ZiG Technology is a leading provider of endpoints for a Virtual Desktop Infrastructure environment. Our fast and reliable hardware is VMware, Citrix and Microsoft ready and designed to handle all ranges of usage - from task-based to sophisticated CAD/CAM users. 10ZiG prides itself in being one of the only companies whose sole focus is in Thin Clients and Zero Clients for VDI. This focus allows us to provide a truly unique level of personal service and customization that is a rare find in th...
Emil Sayegh is an early pioneer of cloud computing and is recognized as one of the industry's true veterans. A cloud visionary, he is credited with launching and leading the cloud computing and hosting businesses for HP, Rackspace, and Codero. Emil built the Rackspace cloud business while serving as the company's GM of the Cloud Computing Division. Earlier at Rackspace he served as VP of the Product Group and launched the company's private cloud and hosted exchange services. He later moved o...
92% of enterprises are using the public cloud today. As a result, simply being in the cloud is no longer enough to remain competitive. The benefit of reduced costs has normalized while the market forces are demanding more innovation at faster release cycles. Enter Cloud Native! Cloud Native enables a microservices driven architecture. The shift from monolithic to microservices yields a lot of benefits - but if not done right - can quickly outweigh the benefits. The effort required in monitoring,...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
Signs of a shift in the usage of public clouds are everywhere. Previously, as organizations outgrew old IT methods, the natural answer was to try the public cloud approach; however, the public platform alone is not a complete solution. Complaints include unpredictable/escalating costs and mounting security concerns in the public cloud. Ultimately, public cloud adoption can ultimately mean a shift of IT pains instead of a resolution. That's why the move to hybrid, custom, and multi-cloud will ...
The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored market studies; and more.
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
The KCSP program is a pre-qualified tier of vetted service providers that offer Kubernetes support, consulting, professional services and training for organizations embarking on their Kubernetes journey. The KCSP program ensures that enterprises get the support they're looking for to roll out new applications more quickly and more efficiently than before, while feeling secure that there's a trusted and vetted partner that's available to support their production and operational needs.
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It's clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Th...
xMatters helps enterprises prevent, manage and resolve IT incidents. xMatters industry-leading Service Availability platform prevents IT issues from becoming big business problems. Large enterprises, small workgroups, and innovative DevOps teams rely on its proactive issue resolution service to maintain operational visibility and control in today's highly-fragmented IT environment. xMatters provides toolchain integrations to hundreds of IT management, security and DevOps tools. xMatters is the ...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...