How to: Manage data groups in iRules¶
About data groups in iRules¶
A data group is simply a group of related elements, such as a set of IP addresses for AOL clients. For more information, refer How to: Manage data groups for a BIG-IP Next instance using BIG-IP Next Central Manager.
Data groups are useful when writing iRules. To understand the usefulness of data groups in iRules, it is helpful to first understand the class command and the contains operator. For more information, refer iRule global command class.
When you specify a data group along with the class match
command or the contains
operator, you eliminate the need to list multiple values as arguments in an iRule expression. For example, class match [<options>] <item> <operator> <class-name>
.
The iRules must specify the complete path for the data group to access it. The iRules can access a data group from the application stack, global space, or any other application stack by specifying the complete path for the data group.
In iRules, data groups are read-only data structures, iRules cannot affect configuration objects directly. You can read, sort, or reference data groups from iRules but cannot modify them.
Manage data groups in iRules¶
Prerequisite
Create required data groups in application services. For more information, refer to How to: Manage data groups for a BIG-IP Next instance using BIG-IP Next Central Manager.
Use this task to manage data groups in iRules:
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Applications.
On the left, click iRules. The list of iRules displays. If no iRules are available, refer Create an iRule to add iRules.
Click on the iRule name. The iRule properties display.
Select Data Group on the left. The Data Groups panel displays the list of associated data groups. If no data group is available, then use the Add Data Group to select the required data groups.
Note: The selected data groups are deployed with every application that uses the iRule.
Click Save.
Example iRule with data group reference:
The iRule can access the data group from an application stack as a name
/app/{appName}/stack/{stackName}/datagroup/{dgName}
. A sample rule to create a DSSM and log entry associated with the HTTP/HTTPS transaction when the client IP matches with an IP in the data group can be specified as below. Here data group test_dg carries the specified client IP list and is created from application stack.
when HTTP_REQUEST {
if { \[class match \[IP::client\_addr\] equals /app/app-http/stack/httprevproxy/datagroup/test\_dg\] } { \\n set headers \[HTTP::header names\] \\n log local0. $headers \\n foreach header $headers { \\n set value \[HTTP::header $header\] \\n session add source_addr $header $value \\n log local0. \\"add session key $header $value\\" \\n } \\n }
}
For global space, the data group name can be referenced as
/datagroup/{dgName}
.
when HTTP_REQUEST {
if { \[class match \[IP::client\_addr\] equals /datagroup/test\_dg\] } { \\n set headers \[HTTP::header names\] \\n log local0. $headers \\n foreach header $headers { \\n set value \[HTTP::header $header\] \\n session add source_addr $header $value \\n log local0. \\"add session key $header $value\\" \\n } \\n }
}