SYS-CON MEDIA Authors: Zakia Bouachraoui, Liz McMillan, Yeshim Deniz, Elizabeth White, William Schmarzo

Blog Feed Post

20 Lines or Less #52: Handshakes, Dynamic IPs, and Destinations

 

What could you do with your code in 20 Lines or Less? That's the question I ask (sometimes?) every week for the DevCentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

This week nitass and hoolio deliver the 1-2-3 punch with 3 cool iRules to perform various tasks that I deem useful, or interesting, or...both. We get a look at dealing with destination servers with a dynamic IP, handling SSL and non SSL connections on the same VIP to proxy both seamlessly, and selecting a hostname based on destination. No, that isn't backwards, you heard that right. Hostname based on destination, not destination based on hostname. Just the kind of fun stuff I love looking at! So let's get to it.

 

CLIENTSSL_HANDSHAKE without a client SSL profile

http://bit.ly/yYqGcW

We've seen a similar take before, but this is a new look and a good one, courtesy of hoolio. If you're looking to process HTTP and HTTPS traffic on the same VIP, this iRule will get you there. Keep in mind that it's using a couple of tricks. One is hiding the SSL::cipher command within an eval, and the other is using the catch command to prevent the iRule from dumping the connection based on a TCL error in non SSL cases. While this works, it's good to know that this is using a bit of wizardry to achieve the goal. At some point in the future there may well be a more straight-forward way to do this.

   1: when HTTP_REQUEST {
   2:  
   3:    # Hide the SSL:: command from the iRule parser
   4:    # so the iRule can be used on a non-client SSL VS
   5:    set cipher_cmd "SSL::cipher version"
   6:  
   7:    # Check if the client used an SSL cipher and it's not "none"
   8:    if {not ([catch {eval $cipher_cmd} result]) && $result ne "none"}{
   9:       # Client did use a cipher
  10:       set proto "https"
  11:    } else {
  12:       # Client did not use a cipher
  13:       set proto "http"
  14:    }
  15: }

Node with dynamic IP

http://bit.ly/xisrlX

In this cool example nitass solves the problem of a destination server with a dynamic IP address, and how to route to it. Most people tend to think about dynamic addresses always being on the front end, with back-end resources being static and dependable. That is, of course, not always the case. Given iRules and the power therein however, that is hardly a problem. A quick RESOLV::lookup and you're able to route traffic easily to the appropriate resource. A cool look at using simple, built-in commands in inventive ways to solve problems that could be head scratchers otherwise.

   1: when HTTP_REQUEST {
   2:      set dest [RESOLV::lookup @8.8.8.8 -a "www.google.com"]
   3:      log local0. "\[RESOLV::lookup @8.8.8.8 -a \"www.google.com\"\]: $dest"
   4:      log local0. "\[getfield $dest \" \" 1\]: [getfield $dest " " 1]"
   5:      node [getfield $dest " " 1] 80
   6: }
   7:  
   8: when HTTP_RESPONSE {
   9:      log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::remote_addr]:[TCP::remote_port]"
  10: }

Destination based hostnames

http://bit.ly/ysuN4R

In another example that is actually quite simple and elegant in code, but made me stop and do a triple take because it just sounds so wrong, logically, nitass shows us destination based hostname modification. Hostname based destination modification is amazingly commonplace. We've seen and done that a thousand times. Perhaps it is because of that very prevalence that this feels so backwards, and took me a few seconds to allow my brain to logically process it. Regardless, this is a darn cool example and this would be extremely hard to do anywhere else without redirects and other tom-foolery. Fun stuff!

   1: when LB_SELECTED {
   2:        if {[HTTP::host] equals "xxx.com"} {
   3:                 switch [LB::server addr] {
   4:                         "200.200.200.101" { HTTP::header replace Host "yyy.com" }
   5:                         "200.200.200.102" { HTTP::header replace Host "zzz.com" }
   6:                 }
   7:         }
   8: }

There are your three iRules for the week that can go into the "in case of monotony, read me" bin. iRules, as a technology, continues to impress me, as does the community and the differing ways in which you all come up with to put this stuff to work. Keep it up, and we'll get this series to 100 in no time.

#Colin

 

Read the original blog entry...

More Stories By Colin Walker

Coming from a *Nix Software Engineering background, Colin is no stranger to long hours of coding, testing and deployment. His personal experiences such as on-stage performance and the like have helped to foster the evangelist in him. These days he splits his time between coding, technical writing and evangalism. He can be found on the road to just about anywhere to preach the good word about ADCs, Application Aware networking, Network Side Scripting and geekery in general to anyone that will listen.

Colin currently helps manage and maintain DevCentral (http://devcentral.f5.com). He is also a contributor in many ways, from Articles to Videos to numerous forum posts, to iRules coding and whatever else he can get his hands on that might benefit the community and allow it to continue to grow.

Latest Stories
The digital transformation is real! To adapt, IT professionals need to transform their own skillset to become more multi-dimensional by gaining both depth and breadth of a wide variety of knowledge and competencies. Historically, while IT has been built on a foundation of specialty (or "I" shaped) silos, the DevOps principle of "shifting left" is opening up opportunities for developers, operational staff, security and others to grow their skills portfolio, advance their careers and become "T"-sh...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Despite being the market leader, we recognized the need to transform and reinvent our business at Dynatrace, before someone else disrupted the market. Over the course of three years, we changed everything - our technology, our culture and our brand image. In this session we'll discuss how we navigated through our own innovator's dilemma, and share takeaways from our experience that you can apply to your own organization.
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services that are less expensive and much faster than previous generations of cloud storage. Cloud Storage 2.0 has also delivered new and faster methods for migrating your premises storage environment to the cloud and the concept of multi-cloud. This session will provide technical details on Cloud Storage 2.0 and the methods used to efficiently migrate from premises-to-cloud storage. This session will als...
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, softwar...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience while working on a wide range of projects. This experience has enabled the company to develop our amazing new product, which they are now excited to present! Among dHosting's greatest achievements, they can include the development of their own hosting panel, the building of their fully redundant server system, and the creation of dhHosting's unique product, Dynamic Edge.
The Transparent Cloud-computing Consortium (T-Cloud) is a neutral organization for researching new computing models and business opportunities in IoT era. In his session, Ikuo Nakagawa, Co-Founder and Board Member at Transparent Cloud Computing Consortium, will introduce the big change toward the "connected-economy" in the digital age. He'll introduce and describe some leading-edge business cases from his original points of view, and discuss models & strategies in the connected-economy. Nowad...
For far too long technology teams have lived in siloes. Not only physical siloes, but cultural siloes pushed by competing objectives. This includes informational siloes where business users require one set of data and tech teams require different data. DevOps intends to bridge these gaps to make tech driven operations more aligned and efficient.
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups build the future of digital. We offer mobile development and design for smartphones, tablets and wearables. Our projects cover the latest and most innovative technologies - voice assistants, AI, AR/VR and more. We excel at solutions for sports, fintech and retail industries.
The dream is universal: heuristic driven, global business operations without interruption so that nobody has to wake up at 4am to solve a problem. Building upon Nutanix Acropolis software defined storage, virtualization, and networking platform, Mark will demonstrate business lifecycle automation with freedom of choice and consumption models. Hybrid cloud applications and operations are controllable by the Nutanix Prism control plane with Calm automation, which can weave together the following: ...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikernels prevent server intrusions by isolating applications to one virtual machine with no users, no shells and no way to run other programs on them. Unikernels run faster and are lighter than even docker containers.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail. As ...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings...
Crosscode Panoptics Automated Enterprise Architecture Software. Application Discovery and Dependency Mapping. Automatically generate a powerful enterprise-wide map of your organization's IT assets down to the code level. Enterprise Impact Assessment. Automatically analyze the impact, to every asset in the enterprise down to the code level. Automated IT Governance Software. Create rules and alerts based on code level insights, including security issues, to automate governance. Enterpr...