What is aFlex?

aFleX is a scripting tool that is built into the Thunder Application Delivery Controller (ADC). aFleX is based on a standard scripting language, TCL, enabling the load balancer to perform Layer 7 deep-packet inspection (DPI). Information in the header or data portion of the packet can then be erased, changed or manipulated as needed, or the packet can be dropped or redirected based on the information.

• aFleX is a powerful and flexible Thunder feature that you can use to manage your traffic and provide enhanced benefits and services.
• aFleX uses industry-standard Tcl (Tools Command Language) based syntax.
  • Standard Tcl commands
  • Special set of extensions provided by the Thunder device
• aFleX allows:
  • Content inspection (headers / data)
  • Actions on traffic
    • Block traffic
    • Redirect traffic to a specific service group (pool) or server (node)
    • Modify traffic content

Introduction to aFlex Scripting

Advantages of using aFleX

aFleX policies allow you to exercise more granular control of packet inspection and traffic load balancing. The benefits can be, but are not limited to:

• Higher Availability
  • Provide an unavailable/sorry page when all servers or applications are not responding or are down.
  • Redirect end-users to the backup data center if all servers or applications are not responding or are down.
• Higher Security
  • Block specific end-users and/or specific client traffic.
• Higher Flexibility
  • Transparently convert an HTTP web application to HTTPS
  • Provide persistency  for a specific application
  • Forward specific end-users and/or specific client traffic to a specific pool of servers or specific server in a pool
  • Transparently add a new hostname to an existing Web site
• Higher Performance
  • Improve end-users’ browser cachability for web site static content

Elements of an aFleX script

• aFleX scripts are made up of three basic elements:
  • Events
  • Operators
  • aFleX commands

   

Events

• aFleX scripts are event-driven, which means the aFleX script is triggerd when the specified event occurs.
• Examples:
  • HTTP_REQUEST event occurs when an HTTP request is received.
  • CLIENT_ACCCEPTED event occurs when a client has established a connection.

Operators

• Standard Tcl operators Note: Tcl tutorial
• Relational operators:  contains, matches, equals, starts_with, ends_with, matches_regex
• Logical operators: not, and, or

aFleX commands

• Used to query for data, manipulate data, or specify a traffic destination. These may be grouped into three main categories:
  • Statement commands
    Example: pool directs traffic to the named load balancing pool.
  • Commands that query or manipulate data
    Examples:
    • IP::remote_addr returns the remote IP address of a connection.
    • HTTP::header remove removes the last occurrence of the named header from a request or response.
  • Utility commands – useful for parsing and manipulating content
    Example: decode_uridecodes the named string using HTTP URI encoding and returns the result.

Note: aFleX is extensible. In future Thunder software releases, additional aFleX events and aFleX commands will be added.

The list of supported Events, Operators, and Commands is available in the Thunder Series aFleX Reference.

aFleX configuration

aFleX configuration is done in 2 steps:

1. Place the aFleX script on the Thunder device.
   • Using the CLI
     • Use a computer with any text editor to write an aFleX script and save it as a file.
     • Use the import aflex command to import the aFleX file from the computer to the Thunder device.
     • aFleX CLI syntax check: aflex check script-name
   • Using the WebUI
     • With the Thunder’s web interface, you can directly type in aFleX scripts and save them on the Thunder device. In the Thunder WebUI, navigate to Config Mode > Service > aFleX.
   • Using the aFleX Editor
     • The aFleX Editor is a separate PC application you can use to download/upload aFleX scripts from/to the Thunder device. Moreover, the aFleX Editor can do syntax checking. As an editor, it also has syntax highlighting, keyword auto-completion, etc.
2. Assign the aFleX script to VIP port
   • Using the WebUI: Config Mode > Service > SLB > Virtual Server > Port
   • CLI:
     Thunder(config)# slb virtual-server name [ipaddr]
     Thunder(config-slb vserver)# port N tcp
     Thunder(config-slb vserver-vport)# aflex script-name

aFleX statistics are available in the WebUI or CLI:

• WebUI: Monitor Mode > Service > aFleX
• CLI: Thunder# show aflex script-name

Share

Tags:

Network Management

---

Paul Nicholson

|

June 14, 2018

About Paul Nicholson

Paul Nicholson brings 24 years of experience working with Internet and security companies in the U.S. and U.K. In his current position, Nicholson is responsible for global product marketing and strategy at San Jose, Calif.-based application networking and security leader A10 Networks. Prior to A10 Networks, Nicholson held various technical and management positions at Intel, Pandesic (the Internet company from Intel and SAP), Secure Computing, and various security start-ups. READ MORE