《F5-iRule命令详解》由会员分享,可在线阅读,更多相关《F5-iRule命令详解(87页珍藏版)》请在金锄头文库上搜索。
1、F5iRule介介绍F5Networks2L4和和L7交换的本质区别交换的本质区别L2PayloadL3L4L7HeaderFullPayload对不定址,不定长的特征码不定址,不定长的特征码进行的交换是L7交换的特征L2L3L4L7特征码MACIPPort?地址长度对L7交换特征的提取-iRuleF5Networks3WhatisaniRule?iRule是一种脚本语言工具它的语法是基于TCL语言的大部分TCL语言的功能都被支持同时还有很多iRule的扩展功能它能帮你实现许多扩展功能当你在CLI/GUI介面无法找到对应的命令/菜单请相信iRule!F5Networks4iRules的的组组成
2、元素成元素iRules是基于事件驱动事件驱动(Event-Driven)的由LTM系统触发你在iRules中指定/期望的事件iRules是由以下的基本元素构成:事件声明操作符iRules命令F5Networks5iRules的基本格式的基本格式事件声明表达式iRules命令whenCLIENT_ACCEPTEDifIP:addrIP:remote_addrequals“202.101.1.0/24”discardF5Networks6iRule的的创创建和管理(建和管理(1) )F5Networks7iRule的的创创建和管理(建和管理(2) )F5Networks8Datagroup的的创创
3、建(建(1) )F5Networks9Datagroup的的创创建(建(2) )F5Networks10iRuleEditorF5Networks11iRule的引用(的引用(1) )-新建新建virtualserverF5Networks12iRule的引用(的引用(2) )-已有已有virtualserverF5Networks13iRule案例(案例(1) )whenHTTP_REQUESTifHTTP:uristarts_with/csp/dwr/andHTTP:uriends_with.jspoolcsp6_cache_poolelseifHTTP:uristarts_with/cs
4、p/js/poolcsp6_cache_poolelseifHTTP:uristarts_with/csp/resources/poolcsp6_cache_poolelseifHTTP:uristarts_with/csp_help/poolcsp6_cache_poolelseifHTTP:uristarts_with/csp/esales/poolcsp6_esales_poolelsepoolcsp6_professional_poolF5Networks14iRule例子(例子(2) )whenHTTP_REQUESTifHTTP:headerexistsx-up-calling-l
5、ine-idpersistuieHTTP:headervaluesx-up-calling-line-id#loglocal0.thephonenumberis-HTTP:headervaluesx-up-calling-line-id-根据根据http数据包中的手机号数据包中的手机号码做会做会话保持保持F5Networks15iRule例子(例子(3) )whenHTTP_REQUESTifmatchclassHTTP:uriends_with$:class_endpoolpool_gatewayloglocal0.theuriis$HTTP:uri,matchuriclass“elseif
6、matchclassHTTP:hostcontains$:class_domainpoolpool_gatewayloglocal0.thedomainnameis$HTTP:host,matchclass_domain“elsepoolCSS-W3loglocal0.theuriis$HTTP:uri,usecache$: 全局全局变量,在量,在v10在不要再采用,而是直接把在不要再采用,而是直接把$:去掉去掉classclass_classclass_end.aspx.cfm.cgi.jsp.php.phtml.shtml“F5Networks16iRule案例(案例(4) )whenCL
7、IENT_ACCEPTEDloglocal0.theclientisIP:remote_addr,theserverisIP:local_addrif(IP:addrIP:local_addrequals10.64.238.0/23|IP:addrIP:local_addrequals10.64.69.0/23|IP:addrIP:local_addrequals10.64.208.0/23)&(IP:addrIP:remote_addrequals192.168.68.106|IP:addrIP:remote_addrequals192.168.68.109|IP:addrIP:remote
8、_addrequals192.168.68.113|IP:addrIP:remote_addrequals192.168.68.114)snat10.228.69.133loglocal0.snatto10.228.69.133elseif(IP:addrIP:local_addrequals10.64.238.0/23|IP:addrIP:local_addrequals10.64.69.0/23|IP:addrIP:local_addrequals10.64.208.0/23)&(IP:addrIP:remote_addrequals192.168.68.132|IP:addrIP:rem
9、ote_addrequals192.168.68.135|IP:addrIP:remote_addrequals192.168.68.139)snat192.168.68.219loglocal0.snatto192.168.68.219elsesnat172.16.0.130loglocal0.snatto172.16.0.130F5Networks17iRule调试调试log命令命令Log的输出会放在/var/log/ltm中,/var/log/ltmiRule本身如果有错误,也会放在/var/log/ltm可以增加一些debug语句,来验证iRule的运行loglocal0.“Start
10、oftheruleloglocal0.“Middleoftheruleloglocal0.“EndoftheruleF5Networks18Log命令的命令的输输出出TheargumentforthelogstatementisthefacilitydotlevelFacilitiesare:local0is/var/log/ltmlocal1is/var/log/emlocal2is/var/log/gtmlocal3is/var/log/asmlocal4is/var/log/ltmlocal5is/var/log/pktfilterlocal6is/var/log/httpd/httpd
11、_errorslocal7is/var/log/boot.log注意注意log命令会消耗命令会消耗资源,源,请在正式生在正式生产上,一定要注上,一定要注释掉掉F5Networks19iRule的的资资源源http:/ 小于、大于、小于等于、大于等于。返回布尔型。适用于数值与字符串。大小写敏感。=!=等于、不等于。返回布尔型。适用于所有类型。eqne等于、不等于。返回布尔型。仅适用于字符串&按位与。仅适用于整数型变量。按位异或。仅适用于整数型变量。|按位或。仅适用于整数型变量。&逻辑与。返回布尔型。仅适用于布尔、数值运算。|逻辑或。返回布尔型。仅适用于布尔、数值运算。x?y:zIfxthenre
12、turnyelsereturnzF5Networks29表达式与操作符表达式与操作符:iRulesExtended关联操作符containsmatches(参考Tcl“stringmatch”,*,?)equalsstarts_withends_withmatches_regex(参考常用简单正则表达式)逻辑操作符not!and&or|F5Networks31FlowControlifthenelseifthenelseNotice:thenandelseareoptional注意:注意:请采用尽量少的采用尽量少的elseif/elseifF5Networks32FlowControlswit
13、choption-#dosomethingelse.default#dontdoanything.*尽可能多的使用switch,而不是ifF5Networks33FlowControl:SwitchOptionsOption Description-exact严格的字符串比较。缺省参数。-nocase忽略大小写-glob对于字符串使用glob类型比较。(参考matches).-regexp对于字符串使用正则表达式类型比较。(参考re_syntax).-标记参数结尾.当String是以”-”开头时使用此参数。F5Networks34ConvertIftoSwitchIFSWITCHIfaorbd
14、ocSwitchMa-bdocIfaandbdocSwitchMaswitchNbdocF5Networks35FlowControl:Forforforseti3$i12incriputsIinsidesecondloop:$i“F5Networks36iRuleFoundational1全局命令全局命令功能函数功能函数功能命令功能命令事件事件F5Networks37iRules命令命令iRule命令类型数据流控制命令(Statement)数据流的目的地选择是否进行SNAT没有返回值数据提取命令(Query)获取数据流中指定的内容数据操作命令(Datamanipulation)修改数据流中指
15、定的内容实用工具命令(Utility)一组功能函数,提供常用的数据解析功能F5Networks38iRules命令命令:全局命令全局命令1CommandDescriptiondiscard/drop丢弃当前的数据包或连接,必须与if结构结合使用。forward使此连接转发IP包。请求会严格的根据路由设置进行转发,不会有任何的地址翻译操作,同时忽略此VS上的pool等相关设定。reject拒绝连接,并且根据情况返回RESETreturn立即从当前事件中返回F5Networks39iRules命令命令:全局命令全局命令2CommandDescriptionclientside由于每个事件都关联一个
16、缺省的环境,你可以通过关键字peer或或clientside或或serverside为每一个在iRule中指定的事件重新指定它们的环境。serversidepeerwhenSERVER_CONNECTEDifIP:addrclientsideIP:remote_addrequals10.1.1.80discardF5Networks40iRules命令命令:全局命令全局命令3CommandDescriptionpoolpoolmember分配流量到指定的pool或者member,忽略monitor的状态。node分配流量到指定的nodeserver。clonepoolclonepoolmemb
17、er克隆流量到指定的pool或者member,忽略monitor的状态。virtualReturnthenameoftheassociatedvirtualserverorselectsanothervirtualserver.listenprototimeoutbindserverallowSetsuparelatedephemerallistenertoallowanincomingrelatedconnectiontobeestablished.F5Networks41iRules命令命令:全局命令全局命令4CommandDescriptionnexthopnexthopSetsthen
18、exthopofanIPconnection.lasthoplasthopSetsthelasthopofanIPconnection.rateclassCausesthesystemtoselectthespecifiedrateclasstousewhentransmittingpackets.F5Networks42iRules命令命令:全局命令全局命令5CommandDescriptionsnat|none|automap 指定snat地址snatpoolmember制定snat地址池whenCLIENT_ACCEPTEDifTCP:local_portequals531snatpoo
19、lchat_snatpoolelseifTCP:local_portequals25snatpoolsmtp_snatpoolmember10.20.30.40F5Networks43iRules命令命令:全局命令全局命令6CommandDescriptionlog-noname:.将信息输出到Syslog-ng可能产生大量的数据,导致磁盘空间耗尽。每条log记录的最大长度为1024字节,超长的部分将被忽略。eventenable|disableeventenableall|disableall对于某一个连接允许/禁止TMOS对指定/全部时间的响应。iRules仍然继续运行直至结束。F5Net
20、works44iRules命令命令:全局命令全局命令7CommandDescriptioncpuusage1sec|5secs|15secs|1min|5mins|15mins|all_seconds|all_minutesThecpuusagecommandreturnstheaverageTMMcpuloadforthegiveninterval.Allaveragesareexponentialweightedmovingaveragesovertheinterval.whenHTTP_REQUESTifcpuusage5sec=1poolwwwelseHTTP:redirecthttp
21、:/F5Networks45iRules命令命令:全局命令全局命令8CommandDescriptionpersistCausesthesystemtousethenamedpersistenceprofiletopersisttheconnection.sessionUtilizesthepersistencetabletostorearbitraryinformationbasedonthesamekeysaspersistence.*将在会将在会话保持保持专题中介中介绍F5Networks46iRules命令命令:功能函数功能函数FunctionDescriptionactive_mem
22、bers-list列出pool内活动的member,或返回其数量active_nodesReturnsthealiasforactivemembersofthespecifiedpool(forBIG-IPversion4.Xcompatibility).rmd160ReturnstheRIPEMD-160messagedigestofthespecifiedstring.htonl转换无符号整型数主机字节顺序到网络字节顺序htons转换无符号短整型数主机字节顺序到网络字节顺序ntohl转换无符号整型数网络字节顺序到主机字节顺序ntohs转换无符号短整型数网络字节顺序到主机字节顺序F5Netw
23、orks47iRules命令命令:功能函数功能函数FunctionDescriptiondomain以“点”分割字符串,返回最后的n个部分getfieldSplitsastringonacharacterorstring,andreturnsthestringcorrespondingtothespecificfield.idxfrom1tonfindclass(separator)Searchesadatagrouplistforamemberthatstartswithaspecifiedstringandreturnsthedata-groupmemberstring.matchclas
24、smatchclassPerformscomparisonagainstaclassF5Networks48iRules命令命令:功能函数功能函数FunctionDescriptionfindstrFindsastringwithinanotherstringandreturnsthestringstartingattheoffsetspecifiedfromthematch.substrReturnsasub-stringnamed,basedonthevaluesoftheandarguments.从0开始,表示跳过前n个字符如果为数值,可以认为是substr的长度如果为字符串,可以认为是
25、substr的终结字符如果此字符串未能检索到,则为的结尾FindstrHTTP:payload“fid=“4“&”http:/ 将在将在iRuleFoundational2中介中介绍F5Networks52TMOSCommands祥解祥解LB/OneConnect相关命令TCP/IP相关命令HTTP/Cache/DNS相关命令F5Networks53TMOSCMD:LBCommandDescriptionLB:statusReturnsthestatusofanodeaddressorpoolmember.LB:serverReturnsinformationaboutthecurrently
26、selectedserverLB:LB:nodeLB:poolmemberSetsthestatusofanodeorpoolmemberasbeingup/down.Ifyouspecifynoarguments,thestatusofthecurrently-selectednodeismodified.LB:detachDisconnectstheserversideconnectionLB:modeSetstheloadbalancingmodeLB:reselectAdvancetheloadbalancingpointerLB:persistLB:snatF5Networks54T
27、MOSCMD:OneConnectCommandDescriptionONECONNECT:detachenable|disableDetachesserver-sideOneConnectconnectionswhenenableONECONNECT:reusedisableclosesserver-sideconnectionafterserverresponse.(server-sideconnectionwillnotbere-used.)ONECONNECT:reuseenableallowsserver-sideconnectiontobereusedaccordingtothes
28、ettingsoftheOneConnectprofile.F5Networks55TMOSCMD:LINKCommandDescriptionLINK:lasthopReturnstheMACaddressofthelasthop.LINK:nexthopReturnstheMACaddressofthenexthop.LINK:qosReturnstheQoSlevelsetonthepacket.LINK:vlan_idReturnstheVLANtagofthepacket.F5Networks56TMOSCMD:IPCommandDescriptionIP:remote_addr返回
29、远端IP地址IP:local_addr返回本地IP地址(通常为VSIP,SelfIP)IP:client_addr返回客户端IPIP:server_addr返回服务端IPIP:addr/equals/比较两个IPwhenCLIENT_ACCEPTEDifIP:addrIP:client_addrequals10.10.10.10poolmy_poolF5Networks57TMOSCMD:TCPCommandDescriptionTCP:remote_portReturnstheremoteTCPport/servicenumberofaTCPconnection.TCP:local_port
30、ReturnsthelocalTCPport/servicenumberofaTCPconnection.TCP:client_portReturnstheremoteTCPport/servicenumberoftheclientsideTCPconnection.TCP:server_portReturnstheremoteTCPport/servicenumberoftheserversideTCPconnection.TCP:unused_portReturnsanunusedTCPportforthespecifiedIPtuple,usingthevalueofasastartin
31、gpointifitissupplied.Ifnoappropriateunusedlocalportcouldbefound,0isreturned.F5Networks58TMOSCMD:TCPCommandDescriptionTCP:collect收集TCPpayload数据,每次收到packet都触发CLIENT_DATA事件.TCP:collect收集指定长度的TCPpayload数据,完成后触发CLIENT_DATA事件.TCP:collect跳过部分数据之后,再收集指定长度的TCPpayload数据,完成后触发CLIENTA事件.*DelayConnecting当当skip_b
32、ytes存在,即使存在,即使为0,将,将导致致DelayConnecting失效失效建建议如果要有用,如果要有用,请充分充分测试F5Networks59TMOSCMD:TCPCommandDescriptionTCP:payload返回全部或指定长度的payload内容TCP:payloadreplace使用替换payload中自偏移量开始,长度为的内容TCP:payloadlength返回payload内功的长度TCP:offsetReturnsthenumberofbytescurrentlyheldinmemoryviaTCP:collect.TCP:releaseReleasesand
33、flushescollecteddata,andresumesprocessing.Returnsthenumberofbytesactuallyreleased.F5Networks60TMOSCMD:TCPCommandDescriptionTCP:respondSendsthespecifieddatadirectlytothepeer.TCP:closeClosestheTCPconnection.whenSERVER_CONNECTEDpeerTCP:collect4whenCLIENT_DATAifTCP:payloadstarts_withEHLOTCP:respond5005.
34、3.3UnrecognizedcommandrnTCP:payloadreplace0TCP:payloadlengthTCP:releaseF5Networks61TMOSCMD:HTTPCommandDescriptionHTTP:method返回HTTPrequestmethodHTTP:uri返回或设置URIHTTP:path返回或设置pathHTTP:query返回queryHTTP:version返回或设置HTTPversion(请求/响应)HTTP:host返回HTTPHostheader.HTTP:username返回username(HTTPbasicauthenticati
35、on)HTTP:password返回password(HTTPbasicauthentication)HTTP:status返回responsestatuscodeF5Networks62TMOSCMD:HTTP:HeaderCommandDescriptionHTTP:headernamesReturnsalistofalltheheaderspresentintherequestorresponse.HTTP:headercountnameReturnsthenumberofHTTPheaderspresentintherequestorresponsewiththatname.HTTP:
36、headeratReturnstheHTTPheadernamethatthesystemfindsatthezero-basedindexvalue.HTTP:headerexistsReturnstrueifthenamedheaderispresentontherequestorresponse.HTTP:headervalueReturnsthevalueoftheHTTPheadernamed.Notethatthecommandwilloperateonthevalueofthelastheaderiftherearemultipleheaderswiththesamename.H
37、TTP:headervaluesReturnsvalue(s)oftheHTTPheadernamed.F5Networks63TMOSCMD:HTTP:HeaderCommandDescriptionHTTP:headerinsertlws+InsertsthenamedHTTPheader(s)andvalue(s)ontotheendoftheHTTPrequestorresponse.HTTP:headerreplaceReplacesthevalueofthelastoccurrenceofthenamedheaderwiththestring.Thiscommandperforms
38、aheaderinsertioniftheheaderwasnotpresent.HTTP:headerremoveRemovesallheadersnameswiththename.HTTP:headersanitizeheadername+Removesallheadersexcepttheonesyouspecifyandthefollowing:Connection,Content-Encoding,Content-Length,Content-Type,Proxy-Connection,Set-Cookie,Set-Cookie2,andTransfer-Encoding.F5Net
39、works64TMOSCMD:HTTP:HeaderCommandDescriptionHTTP:headeris_keepaliveAsynonymforHTTP:is_keepalive.HTTP:headeris_redirectAsynonymforHTTP:is_redirect.HTTP:headerinsert_modssl_fieldsaddrservice|portNotethatthiscommandisonlyforHTTPrequestsHTTP:headerlwsReturns1ifaheaderwasencounteredthathadlinearwhitespac
40、e,and0otherwise.SeeRFC2616formoreinformationonlwsandHTTPheaders.F5Networks65TMOSCMD:HTTP:CookieCommandDescriptionHTTP:cookienamesReturnsaTCLlistcontainingthenamesofallthecookiespresentintheHTTPheaders.HTTP:cookiecountReturnsthenumberofcookiespresentintheHTTPheaders.HTTP:cookieexistsReturnsatruevalue
41、ifthecookieexists.HTTP:cookievalueSetsorgetsthevalueofanexistingcookiewiththegivenname.HTTP:cookieinsertnamevaluepathdomainversionAddsacookietotheHTTPCookieheaderinrequestsorSet-Cookieresponseheader.Thedefaultvaluefortheversionis0.Ifthecookiealreadyexists,asecondcookiewillbeinserted(testedin9.2.4).H
42、TTP:cookieremoveRemovesacookie.HTTP:cookiesanitizeattribute+Removesallbutthespecifiedattributesfromthecookie.F5Networks66TMOSCMD:HTTP:CookieCommandDescriptionHTTP:cookieversionversionSetsorgetstheversionofthecookie.HTTP:cookiepathpathSetsorgetsthecookiepath.HTTP:cookiedomaindomainSetsorgetsthecookie
43、domain.HTTP:cookieexpiressecondsabsolute|relativeSetsorgetstheexpiresattribute.AppliestoVersion0cookiesonlyHTTP:cookiesecureenable|disableSetsorgetsthevalueofthesecureattribute.F5Networks67TMOSCMD:HTTP:CookieCommandDescriptionHTTP:cookiemaxagesecondsSetsorgetsthemax-age.AppliestoVersion1and2cookieso
44、nlyHTTP:cookieportsportlistSetsorgetsthecookieportlistsforVersion2cookies.HTTP:cookiecommentcommentSetsorgetsthecookiecomment.AppliestoVersion1and2cookiesonlyHTTP:cookiecommenturlcommenturlSetsorgetsthecommentURL.AppliesonlytoVersion2cookiesHTTP:cookieencrypt128|192|256Encrypts/decryptsthevalueforth
45、egivencookieusingakeygeneratedfromthepassphrase.Thedefaultkeylengthis128.TheencryptionmethodisAES.HTTP:cookiedecrypt128|192|256F5Networks68TMOSCMD:HTTPCommandDescriptionHTTP:collect收集指定长度的内容(小心形成死锁)HTTP:payload返回全部或指定长度的payload内容HTTP:payloadlength返回collect的总字节数HTTP:payloadrechunk使payloadchunkedHTTP:
46、payloadunchunk使payloadunchunkedHTTP:payloadreplace替换指定内容,并修正Content-LengthheaderF5Networks69TMOSCMD:HTTPCommandDescriptionHTTP:respondcontent+直接返回内容给ClientwhenHTTP_REQUESTsetcknameappsetckvalue893setcookieformat%s=%s;path=/;domain=%s$ckname$ckvalue.domain.orgHTTP:respond302Locationhttp:/www.domain.o
47、rgSet-Cookie$cookiewhenHTTP_RESPONSEifHTTP:status=302foreachaCookieNameHTTP:cookienamessetcurrentCookie$aCookieName=HTTP:cookievalue$aCookieNamesetcookies$cookiesrnSet-Cookie:$currentCookieHTTP:respond200contentForbiddenRedirectFromremoteServerTheserveristryingtoredirecttheclienttoanexternalsite,but
48、itisforbiddenSet-Cookie$cookiesF5Networks70TMOSCMD:HTTPCommandDescriptionHTTP:release释放HTTP:collect获取的内容HTTP:close关闭HTTP连接HTTP:redirect立即发送HTTP302重定向HTTP:fallback指定或者修改fallbackhostHTTP:is_keepaliveReturnsatruevalueifthisisaKeep-Aliveconnection.HTTP:is_redirectReturnsatruevalueiftheresponseisaredirec
49、t.HTTP:request_num返回此连接上已经完成的HTTP请求数量(Keep-alive)HTTP:request返回完整的HTTPrequest内容F5Networks71iRules事件事件如何声明事件whenbodyAnexample:whenCLIENT_ACCEPTEDifIP:addrIP:remote_addrequals10.1.1.80poolmy_pool1F5Networks72iRules事件事件事件类型GlobalEventsIPEventsTCP/UDPEventsHTTP/SSL/DNS/Auth/CacheEventsOthers(F5还在不断扩充支持的
50、事件类型)SIP/XML/RTSP,etcF5Networks73TMOSEvents祥解祥解1第一部分全局事件TCP/IP事件HTTPF5Networks74事件清事件清单单1EventClassEventsListCACHECACHE_REQUEST,CACHE_RESPONSE,DNSDNS_REQUEST,DNS_RESPONSE,NAME_RESOLVED,GLOBALLB_FAILED,LB_SELECTED,NAME_RESOLVED,PERSIST_DOWN,RULE_INIT,HTTPHTTP_CLASS_FAILED,HTTP_CLASS_SELECTED,HTTP_REQ
51、UEST,HTTP_REQUEST_DATA,HTTP_REQUEST_SEND,HTTP_RESPONSE,HTTP_RESPONSE_CONTINUE,HTTP_RESPONSE_DATA,IPCLIENT_ACCEPTED,CLIENT_CLOSED,CLIENT_DATA,SERVER_CLOSED,SERVER_CONNECTED,SERVER_DATA,TCPCLIENT_ACCEPTED,CLIENT_CLOSED,CLIENT_DATA,SERVER_CLOSED,SERVER_CONNECTED,SERVER_DATA,USER_REQUEST,USER_RESPONSE,F
52、5Networks75事件清事件清单单2EventClassEventsListAUTHAUTH_ERROR,AUTH_FAILURE,AUTH_RESULT,AUTH_SUCCESS,AUTH_WANTCREDENTIAL,CLIENTSSLCLIENTSSL_CLIENTCERT,CLIENTSSL_HANDSHAKE,LINECLIENT_LINE,SERVER_LINE,RTSPRTSP_REQUEST,RTSP_REQUEST_DATA,RTSP_RESPONSE,RTSP_RESPONSE_DATA,SCTPCLIENT_ACCEPTED,CLIENT_CLOSED,CLIENT_
53、DATA,SERVER_CLOSED,SERVER_CONNECTED,SERVER_DATA,SIPSIP_REQUEST,SIP_REQUEST_SEND,SIP_RESPONSE,SERVERSSLSERVERSSL_HANDSHAKE,STREAMSTREAM_MATCHED,UDPCLIENT_ACCEPTED,CLIENT_CLOSED,CLIENT_DATA,SERVER_CLOSED,SERVER_CONNECTED,SERVER_DATA,XMLXML_BEGIN_DOCUMENT,XML_BEGIN_ELEMENT,XML_CDATA,XML_END_DOCUMENT,XM
54、L_END_ELEMENT,XML_EVENT,F5Networks76事件:事件:GlobalEventsTriggeredRULE_INITwhenaniRuleisaddedorismodifiedLB_SELECTEDwhenthesystemselectsapoolmemberLB_FAILEDwhenthesystemfailstoselectapoolorapoolmember,orwhenaselectedpoolmemberornodefailstorespondtoaconnectionrequestorisunreachablePERSIST_DOWNwhenpersis
55、tencedictatesthataconnectionwouldbesenttoapoolorapoolmemberornodewhichhasbeenmarkeddown*PERSIST_DOWNdoesnotfireifcookiepersistenceorMSRDPpersistenceisused.NAME_RESOLVEDafteraNAME:lookupcommandhasbeenissuedandaresponsehasbeenreceivedF5Networks77事件:事件:Global:LB_FAILEDEventsTriggeredLB_FAILEDwhenthesys
56、temfailstoselectapoolorapoolmember,orwhenaselectedpoolmemberornodefailstorespondtoaconnectionrequestorisunreachableLTMsdefaulttcpprofilesetsMaximumSynRetransmissionsto4,sowiththedefaultsetting,LB_FAILEDwouldbetriggeredifserverdidntrespondin45seconds:1stSYN:02ndSYN:+3seconds3rdSYN:+6seconds4thSYN:+12
57、seconds5thSYN:+24seconds=LB_FAILED:45secondsReducingMaximumSynRetransmissionsto2willresultinthetriggeroftheLB_FAILEDeventin9seconds,whichmakesrecoverylogicintheLB_FAILEDeventmuchmoreusefulasabackuptomonitoring.(Healthmonitorsonlyretrytwice.)F5Networks78事件:事件:IP/TCPEventsTriggeredCLIENT_ACCEPTEDwhena
58、clienthasestablishedaconnectionCLIENT_DATAwhennewdataisreceivedfromtheclientwhiletheconnectionisin“collect”stateCLIENT_CLOSEDattheendofanyclientconnection,regardlessofprotocolSERVER_CONNECTEDwhenaconnectionhasbeenestablishedwiththetargetnodeSERVER_DATAwhennewdataisreceivedfromthetargetnodeafterTCP:c
59、ollectcommandhasbeenissuedSERVER_CLOSEDwhentheServersideconnectionclosesF5Networks79事件:事件:TCPEventsTriggeredUSER_REQUESTbycommandTCP:notifyrequestItexecutesinaserver-sidecontext.USER_RESPONSEbycommandTCP:notifyresponseItexecutesinaclient-sidecontext.whenSERVER_DATATCP:releaseTCP:collectloglocal0.inS
60、ERVER_DATA,callingTCP:notifyresponsetotriggerUSER_RESPONSEeventTCP:notifyresponsewhenUSER_RESPONSEloglocal0.inUSER_RESPONSEF5Networks80事件:事件:HTTPEventsTriggeredHTTP_REQUESTwhenthesystemfullyparsesacompleteclientrequestheaderHTTP_REQUEST_DATAwhenanHTTP:collectcommandhascollectedthespecifiedamountofre
61、questdataHTTP_REQUEST_SENDimmediatelybeforeanHTTPrequestissenttotheserver-sideTCPstackHTTP_RESPONSEwhenthesystemparsesalloftheresponsestatusandheaderlinesfromtheserverresponseHTTP_RESPONSE_CONTINUEwheneverthesystemreceivesa100ContinueresponsefromtheserverHTTP_RESPONSE_DATAwhenanHTTP:collectcommandha
62、scollectedthespecifiedamountofresponsedataF5Networks81AdvancedPersistencewithiRulesUIE-UniversalInspectionEngineHashF5Networks82iRules命令命令:Global:persistCommandDescriptionpersistsimplepersistsource_addrpersiststickypersistdest_addrpersistsslpersistmsrdppersistuiepersisthashpersistnoneF5Networks83iRu
63、les命令命令:Global:persistCommandDescriptionpersistcookieinsert|rewrite|passive|hashF5Networks84iRules命令命令:Global:persistCommandDescriptionpersistaddpersistlookupall|node|port|poolallornospecificationreturnsalistcontainingthenode,portandpoolname.persistdelete=simple|source_addr|sticky|dest_addr|ssl|uie|
64、hash=anypool根据相关条件访问/删除persisttable内的项目=ThetimeoutinsecondsF5Networks85iRules命令命令:Global:sessionCommandDescriptionsessionaddStoresusersdataunderthespecifiedkeyforthespecifiedpersistencemodesessionlookupReturnsuserdatapreviouslystoredusingsessionaddsessiondeleteRemovesuserdatapreviouslystoredusingses
65、sionadd=simple|source_addr|sticky|dest_addr|ssl|uie|hash|sip=anypool根据相关条件删除persisttable内的项目=ThetimeoutinsecondsF5Networks86iRules命令命令:persist&sessionwhenHTTP_REQUESTsetlookuplistIP:client_addranyvirtualsetvaluepersistlookupuie$lookupwhenHTTP_REQUESTsetvaluepersistlookupuieIP:client_addranypoolF5Net
66、works87iRules命令命令:UIEPersistenceCommandDescriptionpersistuieThekeyvalueisthepersistencedataforwhichapersistencerecordismaintained.Thekeycanbeanydatathatisreliablyfoundineachrequest,preferablyintheheadersandwithasimplecommand.Theactionisoptional,andwhenspecifiedcanbelookup,add,ordelete.Wheninvokedwithnoactionspecified,performsbothpersistaddandpersistlookup,andfollowsanyexistingpersistencerecord.
