iRules的工作流程详解iRules.ppt
- 文档编号:18851433
- 上传时间:2024-01-30
- 格式:PPT
- 页数:57
- 大小:137KB
iRules的工作流程详解iRules.ppt
《iRules的工作流程详解iRules.ppt》由会员分享,可在线阅读,更多相关《iRules的工作流程详解iRules.ppt(57页珍藏版)》请在冰点文库上搜索。
IntroducingiRules,2005.07.12徐超/Computer_xu/O,BasiciRuleelements,iRulesareevent-driven,whichmeansthattheLTMsystemtriggersaniRulebasedonaneventthatyouspecifyintheiRule.iRulesaremadeupofthesebasicelements:
EventdeclarationsOperatorsiRulecommands,BasiciRuleFormat,EventdeclarationsOperatorsiRulecommands,Eventdeclarations,Eventdeclarations=wheneventtypeAnexample:
whenCLIENT_ACCEPTEDifIP:
addrIP:
remote_addrequals10.1.1.80poolmy_pool1,Eventtypes,GlobaleventsHTTPeventsSSLeventsAuthenticationeventsReferrencetoLTM_config_guide.pdfpage302,303,table13.2,Eventtypes:
GlobalEvents,CLIENT_ACCEPTEDCLIENT_DATALB_SELECTED(beforesendtoserver)LB_FAILED(nonodeavailableforthisvs)SERVER_CONNECTEDSERVER_DATARULE_INITCLIENT_CLOSEDSERVER_CLOSED,CLIENT_ACCPTED,CLIENT_DATA,LB_SELECTED,LB_FAILED,SERVER_ACCPTED,SERVER_DATA,CLIENT_CLOSED,SERVER_CLOSED,RULE_INIT,START,Eventtypes:
HTTPEvents,HTTP_REQUESTHTTP_REQUEST_DATAHTTP_RESPONSEHTTP_RESPONSE_DATAHTTP_RESPONSE_CONTINUE,HTTP_REQUEST,HTTP_REQUEST_DATA,HTTP_RESPOND,HTTP_RESPOND_DATA,START,HTTP_RESPOND_CONTINUE,Eventtypes:
SSLEvents,CLIENTSSL_HANDSHAKECLIENTSSL_CLIENTCERTSERVERSSL_HANDSHAKE,Eventtypes:
AuthenticationEvents,AUTH_FAILUREAUTH_ERRORAUTH_WANTCREDENTIALAUTH_SUCCESS,Operators,Relationaloperatorscontainsmatches(=equals?
)equalsstarts_withends_withmatches_regex(参考常用简单正则表达式)Logicaloperatorsnotandor,iRulecommands,iRuleCommandsTypeStatementcommandsQueryandDatamanipulationcommandsUtilitycommands,iRulecommandsStatementcommands1,ifelseif,iRulecommandsStatementcommands2,clientsideserversidepeer,clientside&serverside,ForeveryeventthatyouspecifywithinaniRule,youcanalsospecifyacontext,denotedbythekeywordsclientsideorserverside.Becauseeacheventhasadefaultcontextassociatedwithit,youneedonlydeclareacontextifyouwanttochangethecontextfromthedefault.Anexample:
whenSERVER_CONNECTEDifIP:
addrIP:
addrclientsideIP:
remote_addrequals10.1.1.80discard,iRulecommandsStatementcommands3,eventdisable|disableallDiscontinuesevaluatingthespecifiediRuleevent,oralliRuleevents,onthisconnection.However,theiRulecontinuestorun.log.,iRulecommandsStatementcommands4,usepoolmemberusenodepersistuserateclassmatchclassusesnat|noneusesnatpool|none,iRulecommandsStatementcommands5,discardCausesthecurrentpacketorconnectiontobediscarded.Thisstatementmustbeconditionallyassociatedwithanifstatement.dropdiscardforwardSetstheconnectiontoforwardIPpacketsrejectCausestheconnectiontoberejectedReturnTerminatesexecutionoftheiRuleevent,iRulecommandsQueryandDatamanipulationcommands,QueryingheaderorcontentdataLinkLayerheadersIPheadersTCPheadersandcontentUDPheadersandcontentHTTPheadersandcontentSSLheadersinHTTPrequests*Authenticationdata*,iRulecommandsQueryandDatamanipulationcommands,LinkLayerheadersLINK:
vlan_idReturnstheVLANtagofthepacket.LINK:
vlan_qosReturnstheVLANQualityofService(QoS)valueofthepacket.SettheVLANQoSlevelthatyouwantthesystemtousewhentransmittingthepacket.,iRulecommandsQueryandDatamanipulationcommands,LinkLayerheaders(Cont1)Anexample:
whenCLIENT_ACCEPTEDifLINK:
qos2poolfast_poolelsepoolslow_pool,iRulecommandsQueryandDatamanipulationcommands,IPheadersIP:
remote_addrReturnstheremoteIPaddressofaconnection.IP:
local_addrReturnsthelocalIPaddressofaconnection.IP:
client_addrReturnstheclientIPaddressofaconnection.ThiscommandisequivalenttothecommandclientsideIP:
remote_addr.IP:
server_addrReturnstheserversIPaddress.ThiscommandisequivalenttothecommandserversideIP:
remote_addr.Willreturn0iftheload-balancingdecisionhasnotoccurred.,iRulecommandsQueryandDatamanipulationcommands,IPheaders(Cont1)IP:
protocolReturnstheIPprotocolvalue.IP:
tosReturnsthevalueoftheIPprotocolsTypeofService(ToS)field.SetstheIPToSlevelthatyouwantthesystemtousewhentransmittingthepacket.IP:
ttlReturnstheTTLforaninboundIPv4orIPv6packetfromthepeer.IP:
idle_timeoutReturnsorsetstheidletimeoutvalue.,iRulecommandsQueryandDatamanipulationcommands,IPheaders(Cont2)IP:
hopsFindsthenearest,next-highestpoweroftwointherange(suchas64,128,255)andsubtractsthevalueretrievedbytheIP:
ttlcommand.WiththeIP:
hopscommand,youcanpassivelyestimatethenumberofhopsbetweenasystemanditspeer.Ahopof0indicatesthattheclientisonthelocalnetwork.Forexample,iftheTTLvalueequals55,thenumberofestimatedhopsis9(64minus55).IftheTTLvalueequals127,thenumberofestimatedhopsis1(128minus127).,iRulecommandsQueryandDatamanipulationcommands,IPAddressMatchCommandIP:
addrequals/AnexamplewhenCLIENT_ACCEPTEDifIP:
addrIP:
remote_addrequals206.0.0.0/255.0.0.0poolclients_from_206elsepoolother_clients_pool,iRulecommandsQueryandDatamanipulationcommands,TCPheadersTCP:
remote_portReturnstheremoteTCPport/servicenumber.TCP:
local_portReturnsthelocalTCPport/servicenumber.TCP:
client_portReturnstheclientsTCPport/servicenumber.EquivalenttothecommandclientsideTCP:
remote_port.TCP:
server_portReturnstheserverTCPport/servicenumber.EquivalenttothecommandserversideTCP:
remote_port.,iRulecommandsQueryandDatamanipulationcommands,TCPheaders(Cont1)TCP:
rttReturnsthesmoothedround-triptimeestimateforaTCPconnection.TCP:
mssReturnstheon-wireMaximumSegmentSize(MSS)foraTCPconnection.TCP:
unused_portReturnsanunusedTCPportforthespecifiedIPtuple,usingthevalueofasastartingpoint.,iRulecommandsQueryandDatamanipulationcommands,TCPheaders(Cont2)TCP:
offsetReturnsthepositionintheTCPdatastreaminwhichthecollectedTCPdatastarts.TCP:
collectCausesTCPtostartcollectingthespecifiedamountofcontentdata.TCP:
payloadReturnstheaccumulatedTCPdatacontent.TCP:
payload_lengthReturnstheamountofaccumulatedTCPdatacontentinbytes.,iRulecommandsQueryandDatamanipulationcommands,TCPheaders(Cont3)TCP:
payloadreplaceReplacescollectedpayloadwiththegivendata.TCP:
releaseCausesTCPtoresumeprocessingtheconnectionandtoflushcollecteddata.TCP:
respondSendsthenameddatadirectlytothepeer.ThiscommandisusedtocompleteaprotocolhandshakewithaniRule.TCP:
closeClosestheconnection.,TCP_COLLECT,TCP_PAYLOAD,TCP_RELEASE,START,TCP_RESPOND,TCP_CLOSE,TCP_PAYLOAD_REPLACE,iRulecommandsQueryandDatamanipulationcommands,TCPheaders(Cont3)Anexample:
whenCLIENT_ACCEPTEDTCP:
collect15whenCLIENT_DATAifTCP:
payload15containsXYZpoolxyz_serverselsepoolweb_servers,iRulecommandsQueryandDatamanipulationcommands,UDPheadersUDP:
remote_portReturnstheremotesUDPport/servicenumber.UDP:
local_portReturnsthelocalUDPport/servicenumber.UDP:
client_portReturnstheclientsUDPport/servicenumber.EquivalenttothecommandclientsideUDP:
remote_port.UDP:
server_portReturnstheserverUDPport/servicenumber.EquivalenttothecommandserversideUDP:
remote_port.UDP:
payloadReturnsthecurrentUDPpayloadcontent.UDP:
payloadlengthReturnstheamountofUDPpayloadcontentinbytes.,iRulecommandsQueryandDatamanipulationcommands,HTTPHeaderHTTP:
headernamesReturnsalistofalltheheaderspresentontherequestorresponse.HTTP:
headercountReturnsthenumberofHTTPheaderspresentontherequestorresponse.HTTP:
headeratReturnstheHTTPheaderthatthesystemfindsatthezero-basedindexvalue.HTTP:
headerexistsReturnstrueifthenamedheaderispresentontherequestorresponse.,iRulecommandsQueryandDatamanipulationcommands,HTTPHeader(Cont1)HTTP:
headervalueReturnsvalueoftheHTTPheadernamed.Youcanomittheargumentiftheheadernamedoesnotcollidewithanyofthesubcommands.HTTP:
headerinsertlwsInsertsthenamedHTTPheaderanditsvalueintotheendoftheHTTPrequestorresponse.Ifyouspecifylws,thesystemaddslinearwhitespacetolongheadervalues.HTTP:
headerinsertlwsn1,v1,n2,v2,n3,v3,PassesaTcllisttoinsertintoaheader.Insuchcases,thesystemtreatsthelistasalistofname/valuepairs.Ifyouspecifylws,thesystemaddslinearwhitespacetolongheadervalues.,iRulecommandsQueryandDatamanipulationcommands,HTTPHeader(Cont2)HTTP:
headervalueSetsthevalueofthenamedheader.Iftheheaderispresent,thecommandreplacestheheader;otherwise,thecommandaddstheheader.Youcanomittheargumentiftheheadernamedoesnotcollidewithanyothervalues.HTTP:
headerreplaceReplacesthelastoccurrenceofthenamedheaderwiththestring.Thiscommandperformsaheaderinsertioniftheheaderwasnotpresent.HTTP:
headerremoveRemovesthelastoccurrenceofthenamedheaderfromtherequestorresponse.,iRulecommandsQueryandDatamanipulationcommands,HTTPHeader(Cont3)HTTP:
headerinsert_modssl_fieldsoptionsInsertsHTTPheaderfieldsneededtoduplicateModSSLbehavior.Notethattousethiscommand,youmustalsoenabletheModSSLMethodssettingwithinanSSLprofile.FormoreinformationonModSSLoptions,seeChapter7,ManagingSSLTraffic.HTTP:
headersanitize+Removesallbuttheheadersyouspecify.TheexceptiontothisissomeessentialHTTPheaders.,iRulecommandsQueryandDatamanipulationcommands,HTTPHeader(Cont4)HTTP:
methodReturnsthetypeofHTTPrequestmethod.HTTP:
statusReturnstheresponsestatuscode.HTTP:
version0.9|1.0|1.1ReturnsorsetstheHTTPversionoftherequestorresponse.HTTP:
usernameReturnstheusernamepartoftheHTTPbasicauthorization.HTTP:
passwordReturnsthepasswordpartoftheHTTPbasicauthorization.,iRulecommandsQueryandDatamanipulationcommands,HTTPHeader(Cont5)HTTP:
pathReturnsthepathpartoftheHTTPrequest.HTTP:
uriReturnsthecompleteURIoftherequest.HTTP:
queryReturnsthequerypartoftheHTTPrequest.HTTP:
is_keepaliveReturnsatruevalueifthisisaKeep-Aliveconn
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- iRules 工作 流程 详解