Description
Describes what an iRule is, what default iRules are available and what combinations of Virtual Listener Type and Protocol each iRule is compatible with.
Content / Solution:
iRules are a component within MCP 2.0 VIPs. For details please refer to Introduction to Virtual Listeners / VIPs in MCP 2.0.
In general, iRules are “scripts” that allow a load-balancer to take specific actions on traffic based on an administrator-defined set of parameters. They can be used to manipulate data streams, redirect traffic, etc. They are powerful tools.
In the context of MCP 2.0, we provide several pre-configured iRules that allow you to do the following: Adjust session timeout values, Configure a Virtual Listener to mirror traffic to an IPS/IDS appliance for inspection and blocking, or redirect an HTTP request to HTTPS (keeping all other URL/URI information intact).
Default iRules:
- CCDEFAULT.IpProtocolTimers - This iRule extends the timeout values for TCP, UDP, ICMP, and all other connections to mimic the MCP 1.0 values and to ensure consistent performance in all MCP cloud platforms. Note that when creating a Virtual Listener, this iRule is selected by default.
- CCDEFAULT.HttpsRedirect - This simple iRule redirects traffic inbound on HTTP to HTTPS.
- CCDEFAULT.Ips - This iRule can be used only by specific Hosted Private CaaS or Private CaaS clients. It checks incoming packets against a blacklist provided by an intrusion protection device before allowing the traffic. This iRule is useful only in specific custom scenarios where the necessary infrastructure has been implemented.
- CCDEFAULT.IpsHttp - Same as Ips rule but is designed to provide an HTML response back to the end user.
iRules can be specified as part of Virtual Listener creation and management. Please refer to:
How to Create a Virtual Listener on a Network Domain
How to Manage Virtual Listeners on a Network Domain
The set of iRules which is compatible for a given Virtual Listener is determined by the combination of the Type and Protocol of the Virtual Listener. Initially, compatibility is as follows:
| Virtual Listener Type | Supported iRules |
|---|---|
| Standard/Any | CCDEFAULT.IpProtocolTimers |
| Standard/TCP | CCDEFAULT.IpProtocolTimers |
| Standard/UDP | CCDEFAULT.IpProtocolTimers |
| Standard/HTTP | CCDEFAULT.IpProtocolTimers |
| Standard/FTP | CCDEFAULT.IpProtocolTimers CCDEFAULT.Ips |
| Standard/SMTP | CCDEFAULT.IpProtocolTimers CCDEFAULT.Ips |
| Performance Layer 4/Any | CCDEFAULT.IpProtocolTimers |
| Performance Layer 4/TCP | CCDEFAULT.IpProtocolTimers |
| Performance Layer 4/UDP | CCDEFAULT.IpProtocolTimers CCDEFAULT.Ips |
| Performance Layer 4/HTTP | CCDEFAULT.IpProtocolTimers CCDEFAULT.Ips CCDEFAULT.IpsHttp |
Note for API integrators that the List Default iRules function described in the API 2.0 Documentation includes compatibility information for programmatic use. The information details the appropriate combinations of iRules in conjunction with the Type and Protocol of a given Virtual Listener. Note that the set of iRules is subject to change over time.
Related Articles