Version control and provisioning of F5 iRules with git hooks

Hallo Zusammen 🙂

In Switzerland I started to work with the F5 BIG LTM Load Balancer. It is a great device to balance HTTP traffic, and TCP traffic in general, to a pool of servers.


F5 BigIP Load Balancer

These devices are highly programmable, the can intercept HTTP sessions and trigger code snippets when some event occurs. In the code you can hack many HTTP options, inject headers and cookies, and even more. With the vendor terminology these code snippets are called iRules.

The subject was completely new to me, so I started reading the very good book An Introduction to F5 Networks LTM iRules. The language used to program iRules is Tcl, I am not an expert but it is easy to learn, and everybody wrote a little bit in Tcl when playing with ns2 at the university.

Pretty soon I realized that this is not the typical Cisco/Juniper device where it is enough to keep a backup/history of the configuration with rancid. You will end up with a lot of code running in the device, and you need to version control this code. Moreover handling code writing to the web interface is terrible,  you will want to write the code with a proper editor.

One more nice to have feature, is to have a central repository for the code, and use an easy workflow to push the latest code version to all devices in your network automatically. It is really hard to manage the network cutting and pasting code on the web interface of the devices.

The good news is that the F5 BIGIP Load Balancer can be accessed with a SOAP API called iControl. There is also an official python library called bigsuds released from F5.

At my github page I published a collection of Git Hooks to update the F5 device as soon the new version of the code is pushed to a git repository.

Here is a nice ASCII art schema of the architecture:

|DevPC| <--- git+ssh ---> |GitBareRepository| <--- iControl SOAP API ---> |BIG-IP LTM|

The key idea is that the developer (or network administrator if you prefer) works on his PC. When the git commits are pushed to a remote git bare repository,  the pre-receive hook is triggered, and the changes are synced to the BIGIP devices using the SOAP API.

It is a couple of months now I am using these hooks in production, and I did not find anything similar on the web ready to use. If you try this stuff please comments are appreciated, and pull requests are even more welcome !

Cheers !


This entry was posted in Uncategorized and tagged , , , , , . Bookmark the permalink.