F5 irules training_第1頁(yè)
F5 irules training_第2頁(yè)
F5 irules training_第3頁(yè)
F5 irules training_第4頁(yè)
F5 irules training_第5頁(yè)
已閱讀5頁(yè),還剩54頁(yè)未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

1、1IRULE “Training”2最最簡(jiǎn)單簡(jiǎn)單的例子的例子-盜版思路盜版思路when CLIENT_ACCEPTED set portodd expr TCP:remote_port & 1if $portodd log local0. port TCP:remote_port is odd else log local0. port TCP:remote_port is even3Things to know理解語(yǔ)法層7層的用法大應(yīng)用不能訪問(wèn)問(wèn)題Q&A4變變量量Set C 123Set C “abc123”數(shù)據(jù)數(shù)據(jù)類類型型Boolean型整型浮點(diǎn)型字符串型set a exp

2、r 43log local0. a:$a數(shù)組5運(yùn)算運(yùn)算類類型型算算術(shù)術(shù)運(yùn)算運(yùn)算set a expr 43expr 1 = 2 log local0. a:$a比比較較運(yùn)算運(yùn)算set a 3set a expr $a * 5 + 7set a 7set a expr $a%26條件條件語(yǔ)語(yǔ)句句If 觸發(fā)條件 觸發(fā)動(dòng)作elseif 觸發(fā)條件 觸發(fā)動(dòng)作else 觸發(fā)動(dòng)作 If 公司安排我出差 去買火車票elseif 用戶要求作方案 我做方案else 回家7條件條件語(yǔ)語(yǔ)句句 SWITCH 效率高效率高switchswitch string tolower HTTP:header User-Agent

3、*scooter* -*slurp* -*msnbot* -*fast-* -*teoma* -*googlebot* pool slow_webbot_pool default pool default_pool 8效率更高的呢效率更高的呢建 data group class bots scooterslurpmsnbotfast-teomagooglebotwhen HTTP_REQUEST if class match string tolower HTTP:header User-Agent contains $:bots pool slow_webbot_pool9Data grou

4、p里面不支持通配服里面不支持通配服when HTTP_REQUEST log local0. header :string tolower HTTP:header Host if class match string tolower HTTP:header Host eq class_domain log local0. is very good10怎么看效率怎么看效率tmsh reset-stats ltm rule rule_port tmsh show ltm rule rule_port raw 11循循環(huán)環(huán)While循環(huán)set a 1while $a 4 log local0. a

5、is :$aincr a breakset a 1while $a 5 break FOR循循環(huán)環(huán)預(yù)預(yù)制條件,比制條件,比較預(yù)較預(yù)算,循算,循環(huán)環(huán)條件,條件,for set a 1 $a 100ms set HTTP compression to level 5# RTT returns latency as 1/32 of a millisecond,# so 1600=50ms, 3200=100ms, etcwhen HTTP_REQUEST set rtt TCP:rttwhen HTTP_RESPONSE if $rtt 3200 COMPRESS:enable COMPRESS:g

6、zip level 5 elseif $rtt 1600 COMPRESS:enable COMPRESS:gzip level 1 27Things to know理解語(yǔ)法層7層的用法大應(yīng)用不能訪問(wèn)問(wèn)題Q&A28定制返回定制返回HTML頁(yè)頁(yè)面面when HTTP_REQUEST HTTP:respond 200 content F5 Networks iRles 我的第一個(gè)rules 讓我們一起進(jìn)入rules的奇妙世界! 29基于的基于的負(fù)載負(fù)載均衡均衡(1個(gè)個(gè)VS對(duì)應(yīng)對(duì)應(yīng)多個(gè)多個(gè)pool)when HTTP_REQUEST set my_uri string HTTP:uri if

7、 matchclass $my_uri starts_with /TBZAppWeb pool pool_TBZAppWeb elseif $my_uri starts_with /QueryVisa pool pool_QueryVisa elseif $my_uri starts_with /Card pool pool_Card elseif $my_uri starts_with /fbs pool pool_fbs else $my_uri starts_with /BZRJ_WS pool pool_BZRJ_WS 也可以matchclass HTTP:uri starts_wit

8、h $:mc30基于的基于的負(fù)載負(fù)載均衡均衡when HTTP_REQUEST set f5 findstr http_uri “user=“ 5 “&” if $f5 != #這里的http_uri可能是http:uripool abc_servers else pool web_servers#抓取http_uri里包含“user=”字符,并且找到這個(gè)字符后,(user=正好是0-4位,從第五位開(kāi)始抓?。倪@個(gè)字符user=后的字母開(kāi)始到“&”之間抓取字符。31日志打出所有日志打出所有http headerwhen HTTP_REQUEST foreach ppp HTTP

9、:header names log local0. $ppp: HTTP:header value $pppwhen HTTP_RESPONSE HTTP:header insert PIALALA F5 Networksforeach aHeader HTTP:header names log local0. $aHeader: HTTP:header value $aHeader32實(shí)驗(yàn)實(shí)驗(yàn):日志打出所有:日志打出所有header這這些些header什么意思什么意思-請(qǐng)請(qǐng)事先準(zhǔn)事先準(zhǔn)備備33基于基于http header的的irule(1) 基于,根據(jù)不同內(nèi)容給不同when HTTP_RE

10、QUEST if HTTP:header exists ZONECODE switch HTTP:header ZONECODE A pool pool_public_web_A B pool pool_public_web_B C pool pool_public_web_C D pool pool_public_web_D E pool pool_public_web_E F pool pool_public_web_F else pool pool_public_web_ALL (2)#刪除指定的頭,以空格為分隔,刪除了很多的header頭when HTTP_RESPONSE HTTP:

11、header remove ETag Server Date X-Powered-By Last-Modified #刪除類里的指定頭when HTTP_RESPONSE HTTP:header remove haha34基于基于http header的的irule3發(fā)現(xiàn)有http:header為server的頭的時(shí)候,將server的詳細(xì)內(nèi)容替換為123when HTTP_RESPONSE if HTTP:header exists Server HTTP:header replace Server “123 4插入一個(gè)haha的header,haha的內(nèi)容為服務(wù)器member的Ip地址。再

12、找到一個(gè)叫做server的header,將其內(nèi)容全部刪掉,替換為服務(wù)器member的Ip地址 when HTTP_RESPONSE if HTTP:header exists Server HTTP:header insert haha IP:server_addr HTTP:header replace Server IP:server_addr 35我的我的ip: :9substrset substr getfield IP:client_addr . 4 0 substr的意思是抓取字符(findstr的意思是發(fā)現(xiàn)字符)。抓取最后分隔符的字段從第一位開(kāi)始取,取到最后。se

13、t f5 substr getfield IP:client_addr “.” 4 0 1。從頭取,取1個(gè)位字符,那么返回值就是2.假設(shè)是set f5 substr getfield IP:client_addr . 4 0 2的話,從頭取,取2個(gè)位字符,取得值就是29.string indexset f5 string index getfield IP:client_addr “.” 4 end-1 的話,取得值就是2。% string index 29 02% string index 29 19% string index 2 9 1中間空位string range set f5 st

14、ring range abc771899 0 5抓取字符串第一位到第6位字符:“abc771”36實(shí)驗(yàn)實(shí)驗(yàn): :findstr substrsubstrset substr getfield IP:client_addr . 4 0 substr的意思是抓取字符(findstr的意思是發(fā)現(xiàn)字符)。抓取最后分隔符的字段從第一位開(kāi)始取,取到最后。set f5 substr getfield IP:client_addr “.” 4 0 1。從頭取,取1個(gè)位字符,那么返回值就是2.假設(shè)是set f5 substr getfield IP:client_addr . 4 0 2的話,從頭取,取2個(gè)位字

15、符,取得值就是29.findstr37基于基于http header的的irule when HTTP_REQUEST set f5 string index getfield IP:client_addr . 4 end if matchclass $f5 equals $:jishu log local0.warning 99999999 elseif $f5 5 log local0.warning 11111111111 when HTTP_REQUEST if HTTP:header exists Host log local0. Location:444444444set myLo

16、cation substr getfield IP:client_addr . 4 0 1 when HTTP_RESPONSE if HTTP:header exists Server HTTP:header replace Server $myLocation log local0. Location:6666666 38重定向的重定向的1直接重定向直接重定向when HTTP_REQUEST HTTP:redirect http:/或者when HTTP_REQUEST if HTTP:uri contains secure HTTP:redirect https:/HTTP:hostH

17、TTP:uri 2根據(jù)狀根據(jù)狀態(tài)碼態(tài)碼條件條件when HTTP_RESPONSE if HTTP:status ends_with404 HTTP:redirect http:/l else Pool web_Pool#當(dāng)然也可以寫成 if HTTP:status = 404或者HTTP:status contains 40439實(shí)驗(yàn)實(shí)驗(yàn):重定向:重定向when HTTP_RESPONSE if HTTP:status ends_with404 HTTP:redirect http:/l else Pool web_Pool#當(dāng)然也可以寫成 if HTTP:status = 404或者HTT

18、P:status contains 40440重定向的重定向的根據(jù)根據(jù)when HTTP_REQUEST if class match HTTP:host equals host_list and class match HTTP:uri equals path_list HTTP:redirect 0/MWWebSite/else HTTP:redirect HTTP:hostHTTP:uri根據(jù)目的端口重定向根據(jù)目的端口重定向不匹配類:when HTTP_REQUEST set port TCP:local_port if $port = 8001 HT

19、TP:redirect http:/getfield HTTP:host : 1HTTP:uri 匹配類:when HTTP_REQUEST set port TCP:local_port if matchclass $port equals $:mc HTTP:redirect http:/getfield HTTP:host : 1HTTP:uri 41會(huì)會(huì)話話保持的保持的 when HTTP_REQUEST if HTTP:header exists mc_add persist uie HTTP:header mc_add 1800 when HTTP_REQUEST set resp

20、_insert_ip HTTP:header mc_add if $resp_insert_ip != persist uie $resp_insert_ip set resp_cookie HTTP:header cookie if $resp_cookie != persist uie $resp_cookie 42會(huì)會(huì)話話保持的保持的 when HTTP_REQUEST if HTTP:header x-up-calling-line-id!= persist uie HTTP:header x-up-calling-line-id else persist source_addr #

21、if HTTP:header x-up-calling-line-id!=“和if HTTP:header exists mc_add 作用是一樣的。43會(huì)會(huì)話話保持的保持的根據(jù)返回的respons中的cookie中的sessionid的號(hào)碼進(jìn)行會(huì)話保持when CLIENT_ACCEPTED set add_persist 1 when HTTP_RESPONSE if HTTP:cookie exists SESSIONID and $add_persist log local0. response set cookie HTTP:cookie SESSIONID persist add

22、uie HTTP:cookie SESSIONID set add_persist 0 when HTTP_REQUEST if HTTP:cookie exists SESSIONID persist uie HTTP:cookie SESSIONID else set jsess findstr HTTP:uri SESSIONID 10 8 if $jsess != log local0. request include $jsess persist uie $jsess 根據(jù)頭中的字符特征進(jìn)行會(huì)話保持when HTTP_REQUEST set jsess findstr HTTP:he

23、ader User-Agent M 0 5 if $jsess != log local0. request include $jsess persist uie $jsess 44實(shí)驗(yàn)實(shí)驗(yàn): :根據(jù)返回的respons中的cookie中的sessionid的號(hào)碼進(jìn)行會(huì)話保持when CLIENT_ACCEPTED set add_persist 1 when HTTP_RESPONSE if HTTP:cookie exists SESSIONID and $add_persist log local0. response set cookie HTTP:cookie SESSIONID p

24、ersist add uie HTTP:cookie SESSIONID set add_persist 0 when HTTP_REQUEST if HTTP:cookie exists SESSIONID persist uie HTTP:cookie SESSIONID else set jsess findstr HTTP:uri SESSIONID 10 8 if $jsess != log local0. request include $jsess persist uie $jsess 45Things to know理解語(yǔ)法層7層的用法大應(yīng)用不能訪問(wèn)問(wèn)題Q&A46日志的

25、排日志的排錯(cuò)錯(cuò)( (/log/ltm) )when HTTP_REQUEST log local0.warning log start.if HTTP:header exists cookie log local0.warning if statement is correct:HTTP:header cookiepersist uie HTTP:header cookielog local0.warning after persist statement else log local0.warning else is ok 輸入命令: tail -f /var/log/ltmMay 20 2

26、2:01:31 local/tmm warning tmm2499: Rule haha : log start.May 20 22:01:31 local/tmm warning tmm2499: Rule haha : if statement is correct:SESSIONID=00002372May 20 22:01:31 local/tmm warning tmm2499: Rule haha : after persist statementMay 20 22:01:31 local/tmm1 warning tmm12500: Rule haha : log start.M

27、ay 20 22:01:31 local/tmm1 warning tmm12500: Rule haha : if statement is correct:SESSIONID=00002372May 20 22:01:31 local/tmm1 warning tmm12500: Rule haha : after persist statement47檢查訪問(wèn)檢查訪問(wèn)VS的的 整個(gè)流程整個(gè)流程 when SERVER_CONNECTED set info client IP:client_addr:TCP:client_port - clientside IP:local_addr:cl

28、ientside TCP:local_port append info server IP:local_addr:TCP:local_port - IP:server_addr:TCP:server_port log local0. $info48請(qǐng)請(qǐng)求求 時(shí)時(shí)候的候的 延延遲遲when HTTP_REQUEST set info client IP:client_addr:TCP:client_port - clientside IP:local_addr:clientside TCP:local_port catch append info server serverside IP:loc

29、al_addr:serverside TCP:local_port - IP:server_addr:TCP:server_port append info ethernet string range LINK:lasthop 0 16 - string range LINK:nexthop 0 16 tag LINK:vlan_id qos LINK:qos append info - HTTP:method HTTP:uri HTTP:version append info *TCP MSS TCP:mss, BW TCP:bandwidth, RTT TCP:rtt, OFFSET TC

30、P:offset append info *IP TOS IP:tos, HOPS IP:hops, TTL IP:ttl, PKTS_IN IP:stats pkts in, PKTS_OUT IP:stats pkts out, BYTES_IN IP:stats bytes in, BYTES_OUT IP:stats bytes out append info *HTTP HOST HTTP:host, KEEPALIVE HTTP:is_keepalive, REQ_NUM HTTP:request_num append info *HTTP PATH HTTP:path, QUER

31、Y HTTP:query log local0. $info Catch什么意思Append info什么意思# RTT returns latency as 1/32 of a millisecond, so 1600=50ms, 3200=100ms, etc49Tail /var/log/ltmFeb 9 16:05:06 tmm tmm1854: Rule ff : client 22:15538 - :80 ethernet 00:26:9e:79:2c:77 - ff:ff:ff:ff:ff:ff tag 4092 qos 0 - GET /

32、1.1 *TCP MSS 1460, BW 0, RTT 64, OFFSET 0 *IP TOS 0, HOPS 0, TTL 64, PKTS_IN 3, PKTS_OUT 1, BYTES_IN 582, BYTES_OUT 78 *HTTP HOST , KEEPALIVE 1, REQ_NUM 1 *HTTP PATH /, QUERY 50回回應(yīng)時(shí)應(yīng)時(shí)候的候的 延延遲遲when HTTP_REQUEST set info client IP:client_addr:TCP:client_port - clientside IP:local_addr:clien

33、tside TCP:local_port catch append info server serverside IP:local_addr:serverside TCP:local_port - IP:server_addr:TCP:server_port append info ethernet string range LINK:lasthop 0 16 - string range LINK:nexthop 0 16 tag LINK:vlan_id qos LINK:qos append info - HTTP:method HTTP:uri HTTP:version append

34、info *TCP MSS TCP:mss, BW TCP:bandwidth, RTT TCP:rtt, OFFSET TCP:offset append info *IP TOS IP:tos, HOPS IP:hops, TTL IP:ttl, PKTS_IN IP:stats pkts in, PKTS_OUT IP:stats pkts out, BYTES_IN IP:stats bytes in, BYTES_OUT IP:stats bytes out append info *HTTP HOST HTTP:host, KEEPALIVE HTTP:is_keepalive,

35、REQ_NUM HTTP:request_num append info *HTTP PATH HTTP:path, QUERY HTTP:query log local0. $info # RTT returns latency as 1/32 of a millisecond, so 1600=50ms, 3200=100ms, etc51Tail /var/log/ltmFeb 9 16:07:07 tmm tmm1854: Rule zz : client 22:15602 - :80 server :15602 - 10.0.0.

36、10:80 ethernet 00:0c:29:85:57:30 - 00:26:9e:79:2c:77 tag 4092 qos 0 - 200 1.1 - REDIR 0, Content-Length 514, Transfer-Encoding *TCP MSS(1460) BW(0) RTT(36) OFFSET(0) *IP TOS 0, HOPS 0, TTL 128, PKTS_IN 2, PKTS_OUT 3, BYTES_IN 912, BYTES_OUT 446 *HTTP HOST , KEEPALIVE 1, REQ_NUM 152Things to know理解語(yǔ)法

37、層7層的用法大應(yīng)用不能訪問(wèn)問(wèn)題Q&A53四大四大問(wèn)題問(wèn)題 應(yīng)應(yīng)用服用服務(wù)務(wù)器端器端創(chuàng)創(chuàng)建建應(yīng)應(yīng)用用時(shí)時(shí),限定其接受的,限定其接受的請(qǐng)請(qǐng)求求Host只能是本機(jī)真只能是本機(jī)真實(shí)實(shí)的的IP和端口和端口應(yīng)應(yīng)用內(nèi)部寫死了用內(nèi)部寫死了url為為poolmember的的ip和和Port防盜鏈限制重定向到的IP和54重定向到的重定向到的IP和和 when HTTP_RESPONSE if HTTP:status = 302 if HTTP:header exists Location set myLocation HTTP:header Location set idx string first :9

38、08 $myLocation 0 if $idx 0 set mLocation string replace $myLocation $idx expr $idx + 4 HTTP:header replace Location $mLocation log local0. Location: $myLocation set idx string first https $myLocation 0 if $idx = 0 set mLocation string replace $myLocation $idx expr $idx + 5 http: log local0. mLocatio

39、n: $mLocation HTTP:header replace Location $mLocation 首先判斷response 如果是302狀態(tài),則開(kāi)始做2個(gè)工作1,將:908替換成空白2,如果302返回的location是https開(kāi)頭的則換成http $IDX就是 “ :908xxxxxxx”tring replace $myLocation $idx expr $idx + 4 $idx + 0 為取1位,$idx + 4為取5位將location中從idx值開(kāi)始,替換5位因?yàn)?908X是5位從idx開(kāi)始到idx+5之間的 替換為空 https expr $idx + 5 http

40、: 就是說(shuō)把https:刪掉(正好6位),然后變成http: set idx string first :908 $myLocation 00是偏移量,0表示從開(kāi)始算起從location的開(kāi)始位置找 :908set idx string first :908 $myLocation 就是從第8位算起55的用法的用法字符串定位字符串定位% string first i microsoft 01% string first i microsoft 11% string first i microsoft 2-1% string first i microsift 26字符串替字符串替換換% str

41、ing replace abcde 2 1abcde% string replace abcde 2 2abde% string replace abcde 2 3abe% string replace abcde 2 4ab% string replace abcde 2 4 mabm56應(yīng)應(yīng)用內(nèi)部寫死了用內(nèi)部寫死了url為為poolmember的的ip和和Portwhen HTTP_RESPONSE #默認(rèn)情況下關(guān)閉STREAM Profile 因?yàn)镾TREAM Profile非常占用F5 CPU資源STREAM:disable#檢查返回的數(shù)據(jù)中時(shí)候是否包含txt,如果包含執(zhí)行下面的命令if HTTP:header va

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論