nikhil_raj_2965
Nimbostratus
Nimbostratusirule vs LTM policy
If I have an irule & an LTM policy configured on the same virtual server, which will be processed first Regards Nikhil
Forum Discussion
6 Replies
Samir_Jha_52506Noctilucent
As per my understanding F5 validate the VIP setting as per defined configuration (Top to Bottom). In that iRule comes prior then policies. So, I will go with iRule first.
But both has unique feature...
- Local Traffic Policies are faster if performance is an issue
- iRules are more flexible and you can get help from DC people
Jhaunu_GuptaAs per our setup LTM policy is getting executed first than irule getting executed
- Samir_Jha_52506
In your setup could be traffic match per policy condition.
For support events such as HTTP_REQUEST & HTTP_RESPONSE; LTM policy evaluation occour before iRule. This means that's possible to write iRule to override an LTM policy decisions.
Cheers...
nikhil_raj_2965Thank you all for the replies
Andy_McGrathCumulonimbus
Policies and profiles always execute before iRules for the same network layer.
For example we have policy to ensure iRules events are enabled as we have several iRules that do an
during select errors, to ensure we re-enable all the iRule event for the next HTTP request (multiplexed clientside connections) we use policies to run the TCL commend toevent disable all
. We can only do this as the Policies execute before our iRules.event enable allHowever, your
iRule event will execute before your HTTP profile or any Policy looking at the HTTP request as this is simply the order of events based on the F5 processing through the network layers.CLIENT_ACCEPTED- JRahm
Admin
AMG is mostly correct in that policies are evaluated before iRules, but a policy client accepted action will also happen before the similar iRule event. I wrote up an article on doing verification testing of stuff like this just now, and you can get the definitive details in the knowledge article K16590.
