Manual Chapter : Managing iRules

Applies To:

BIG-IQ Centralized Management

  • 8.4.0
  • 8.3.0
  • 8.2.0
  • 8.1.0
  • 8.0.0
  • 7.1.0
back-action BIG-IQ Centralized Management: Local Traffic and Network Implementations

Managing iRules

The workflows for creating a new object, or for changing the settings for objects that already reside on a managed device, are very similar. In each case, there are four tasks to perform.

This figure illustrates the workflow to manage the objects on BIG-IP devices. Changing the settings or creating the object is the second step in this process.

Change managed object workflow

You can use the BIG-IQ Local Traffic interface to add a new iRule to a managed device.

Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.

Important: iRules are different from most other Local Traffic objects in that they associate with virtual servers instead of devices. So to deploy a new iRule to a device, you attach the iRule to a virtual server associated with the target device, and then deploy that change.

Note: This is a shared object. Shared objects do not deploy to a device unless they are attached to a device-specific object. The table lists device-specific and shared objects. When you create a shared object, remember that you must associate it with a device-specific object before you can deploy it to a device.

Device Specific Objects Shared Objects
Node Certificates and Keys
Pool Eviction Policies
SNAT Pool iRules
Virtual Server Monitors
  Profiles

  1. At the top of the screen, click Configuration, then, on the left, click LOCAL TRAFFIC > iRules.

    The screen displays the list of iRules defined on this device.

    Note: If you select the check box for an iRule, you can either delete or view statistics for it. You can also view details about other configuration objects to which this iRule relates.

  2. Click Create.

    The New iRule screen opens.

  3. Type a Name, for the iRule you are creating.

  4. If the device for which you are creating this iRule is in a silo as part of a conflict resolution work flow, select that Silo here; otherwise, leave the default setting.

    Note: For detailed work flows explaining how you can use a silo to resolve configuration object conflicts, refer to BIG-IQ: Resolving Device Object Conflicts on support.f5.com.

  5. For Partition, type the name of the BIG-IP device partition on which you want to create the iRule.

    Note: In the AS3 user interface, the BIG-IP device partition to which services deploy is referred to as the tenant. Do not deploy any objects to a partition that has been used to deploy AS3 application services using the Configuration tab. For additional detail about partitions and tenants, refer to AS3 tenant name details in the Managing BIG-IQ AS3 templates article on support.f5.com

  6. For the Body, compose the script sequence that defines the iRule.

    For guidance on creating an iRule, consult (support.f5.com). You can search the site for iRules documentation that provides an overview of iRules, lists the basic elements that make up an iRule, and shows some examples of how to use iRules.

  7. Click Save & Close.

    The system creates the new iRule with the settings you specified.

To deploy this iRule to a device, attach the iRule to a virtual server associated with the target device and then deploy that change.

You can use the BIG-IQ Local Traffic interface to attach iRules to a set of virtual servers. Adding an iRule sequence to a group of servers all at once can save time and help you cut down on errors that result from performing repetitive tasks.

  1. At the top of the screen, click Configuration, then, on the left, click LOCAL TRAFFIC > Virtual Servers.

    The screen displays the list of virtual servers defined on this device.

    Note: If you select the check box for a virtual server, you can delete it, clone it, attach iRules to it, view statistics for it, or deploy it. You can also view details about other configuration objects to which this virtual server relates.

  2. Select the check boxes associated with the virtual servers to which you want to attach iRules.

  3. Click Attach iRules, and then click Attach iRules again to confirm.

    The Bulk Attach iRules screen opens.

  4. To specify which iRules to attach to the selected virtual servers, select them in the Available iRules list, and move them to the iRules to be Attached list.

  5. Specify the order in which you want the iRules to attach using the up and down arrows .

  6. For Location, specify the list position to attach these iRules.

    • To add the rules to the beginning of the existing list, click Attach to top of each virtual server’s iRules list.
    • To add the rules to the end of the existing list, click Attach to bottom of each virtual server’s iRules list.

  7. Use the Duplicate Policy setting to specify whether to keep the iRule list order for iRules that are already attached to the virtual servers.

    • To keep the existing list order, click Keep virtual servers’ existing rules list order.
    • To change the existing list order to what you specified previously, click Reorder virtual servers’ existing rules to preserve selected rules order.

  8. Click Save & Close.

Once you have finished revising the settings for this virtual server, you must evaluate and then deploy your changes to the target device. Until you deploy these changes, objects on the managed device are not changed.