iRules Event Order

iRules is an event driven language. This has been discussed before, but to recap briefly, here’s what “Event Driven” means in iRules terms:

iRules code is written inside event blocks. Those event blocks translate to times within the life-cycle of a connection to your LTM. By putting your code inside a given event block you are ensuring that it executes at a particular point in that transaction. I.E. HTTP_REQUEST code is executed once a request has been received, not before, so you’re safe to look for HTTP header info. SERVER_CONNECTED however isn’t fired until all the client side processing has been done and a load balancing decision is made, but before the actual data is sent to the chosen system.

In this way we ensure granularity in the control of when and how your code is executed to allow you the absolute most control possible. It also allows for things to be highly efficient as we only have to execute the needed code each time, not the entire script.

So now that we know what “Event Driven” means and how to use events to execute code precisely where we want to within the context of a connection, that leaves two burning questions.

What events can I choose from? That is answered handily by the “Events” page in the iRules wiki. The other is: When does each event fire? I.E – what’s the overall order of events for a given connection?

This has been something that’s a little harder to nail down as it takes a little bit of disclaimer work since not all events fire for every connection because some are based on given profiles, not to mention iRules is constantly changing. Keeping that in mind, though, I’ve put together a list of events in the order that they execute, checked it twice…then sent it off for PD approval (hey, I’m not an idiot). The below list has gotten the stamp of approval and I’m quite happy to finally get a documented order online as there have been many requests for this.

Events are processed in a linear fashion so all CLIENT_ACCEPTED events in all iRules finish processing before the first HTTP_REQUEST event can fire. The linear order of this list is representative of that. Each event will not fire until all events above it have completed. Also, all events within one line, separated by slashes (/) execute at effectively the same time as far as the context of a connection is concerned. Please note that some of the events below are only executed under certain circumstances. For instance the AUTH_RESULT event only occurs if an AUTH command (such as AUTH::authenticate) completes to return results.

iRules Event Order:

 

RULE_INIT

This is a global iRule event. It occurs once when the iRule is loaded into memory and does not continue to be processed for each subsequent request.

Client Request Events - These events occur between the time the client connects to the LTM and the time the LTM makes a load balancing decision. At this point it has finished client data processing and is ready to connect to the chosen server but has not yet sent the data. These events are executed in a client-side context, meaning they behave as if you've used the clientside command with each of them. This means that local_addr type commands behave with the client in mind. This is where you have the opportunity to change the information a user is sending in before it makes it to the server for processing. URI re-writing, authentication and encryption offloading or inspection, server impersonation (acting like you’re a server to dig deeper into the transaction) – it all happens here.

CLIENT_ACCEPTED
CLIENTSSL_HANDSHAKE
CLIENTSSL_CLIENTCERT
HTTP_REQUEST / CACHE_REQUEST / RTSP_REQUEST / SIP_REQUEST / HTTP_CLASS_FAILED / HTTP_CLASS_SELECTED
STREAM_MATCHED
CACHE_UPDATE
CLIENT_DATA / RTSP_REQUEST_DATA / HTTP_REQUEST_DATA – Only occur when collected data arrives
AUTH_RESULT / AUTH_WANTCREDENTIAL – Only occur when authentication commands return
LB_SELECTED / LB_FAILED / PERSIST_DOWN

Server Request Events - These events take place after client request processing has finished, a destination has been chosen by the LTM, and the connection to the server is initiated. They happen before the client request is actually sent to the server. This is the end of the request process, which is followed by the first Server Response event. These events are executed in a server-side context. Much like the opposite of the above client-side events, these behave as if you’ve used the serverside command with each of them.

SERVER_CONNECTED
SERVER_SSL_HANDSHAKE
HTTP_REQUEST_SEND / SIP_REQUEST_SEND

Server Response Events - These events are triggered after the request has been sent to the server, the server has processed the request and the LTM receives a response from the server. These events are where you can access content generated by the server before it gets sent back to the client. Scrubbing out credit card information, server response manipulation, etc. – this is the place for it.

CACHE_RESPONSE
HTTP_RESPONSE / RTSP_RESPONSE / SIP_RESPONSE
STREAM_MATCHED
HTTP_RESPONSE_CONTINUE
HTTP_RESPONSE_DATA / SERVER_DATA / RTSP_RESPONSE_DATA – Only occur when collected data arrives

Disconnect Events - These are the events that represent the termination of a connection after all processing is completed.

SERVER_CLOSED
CLIENT_CLOSED

This list is representative of iRules as they sit today. Keep in mind that the iRules language is continually evolving and changing, which may impact this list as well. I’ll do my best to keep it updated, because I think it’s a useful resource.

Published Mar 30, 2009
Version 1.0
application delivery
BIG-IP
dev
devops
iRules
news
tech tip

Was this article helpful?

7 Comments

Sort By
  • dc_18986's avatar
    dc_18986
    Historic F5 Account
    Apr 07, 2009
    This is good information. I may have liked the "Captain Kirk" like narration more than the iRules order info. :) Thanks for posting this. It'll be useful.
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Apr 07, 2009
    Hah! I don't think I've ever bee called Captain Kirk like. That's awesome. Thanks!

     

     

    Colin
  • dave_seddon_201's avatar
    dave_seddon_201
    Icon for Nimbostratus rankNimbostratus
    Dec 13, 2011
    Greetings,

     

     

    This is a great list, but I think it's not quite clear about the cert stuff.

     

     

    Order here says:

     

    CLIENTSSL_HANDSHAKE

     

    CLIENTSSL_CLIENTCERT

     

     

    However the event description for CLIENTSSL_HANDSHAKE says

     

     

    "If LTM requests a certificate from the client this event would be triggered after the CLIENTSSL_CLIENTCERT event."

     

     

    So order if a cert is presented by the client, the order is:

     

     

    CLIENTSSL_CLIENTCERT

     

    CLIENTSSL_HANDSHAKE

     

     

    Regards,

     

    Dave Seddon
  • gowenfawr's avatar
    gowenfawr
    Icon for Nimbostratus rankNimbostratus
    Jun 28, 2012
    The newer XML_CONTENT_BASED_ROUTING event is not covered here (...as it postdates this article, naturally). Any idea where that fits in the hierarchy? Any pointers to newer sources of information that would cover it?

     

     

    Any help appreciated!
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jul 09, 2012
    https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementation/sol_xml_cbr.html?sr=102037931060876
  • draco's avatar
    draco
    Icon for Nimbostratus rankNimbostratus
    Mar 13, 2017

    Hey All..The mp3 link isn't working.Is it possible to update it ?