What is aFlex?
aFleX is a scripting tool that is built into the Thunder Series Server Load Balancers. aFleX is based on a standard scripting language, TCL, enabling the load balancer to perform Layer 7 deep-packet inspection (DPI). Information in the header or data portion of the packet can then be erased, changed or manipulated as needed, or the packet can be dropped or redirected based on the information.
- aFleX is a powerful and flexible AX Series feature that you can use to manage your traffic and provide enhanced benefits and services.
- aFleX uses industry-standard Tcl (Tools Command Language) based syntax.
- Standard Tcl commands
- Special set of extensions provided by the AX device
- aFleX allows:
- Content inspection (headers / data)
- Actions on traffic
- Block traffic
- Redirect traffic to a specific service group (pool) or server (node)
- Modify traffic content
Advantages of using aFleX
aFleX policies allow you to exercise more granular control of packet inspection and traffic load balancing. The benefits can be, but are not limited to:
- Higher Availability
- Provide an unavailable/sorry page when all servers or applications are not responding or are down.
- Redirect end-users to the backup data center if all servers or applications are not responding or are down.
- Higher Security
- Block specific end-users and/or specific client traffic.
- Higher Flexibility
- Transparently convert an HTTP web application to HTTPS
- Provide persistency for a specific application
- Forward specific end-users and/or specific client traffic to a specific pool of servers or specific server in a pool
- Transparently add a new hostname to an existing Web site
- Higher Performance
- Improve end-users’ browser cachability for web site static content
Elements of an aFleX script
aFleX scripts are made up of three basic elements
- aFleX commands
- aFleX scripts are event-driven, which means the aFleX script is triggerd when the specified event occurs.
HTTP_REQUESTevent occurs when an HTTP request is received.
CLIENT_ACCCEPTEDevent occurs when a client has established a connection.
- Standard Tcl operators Note: Tcl tutorial
- Relational operators:
- Logical operators:
- Used to query for data, manipulate data, or specify a traffic destination. These may be grouped into three main categories:
- Statement commands Example: pool directs traffic to the named load balancing pool.
- Commands that query or manipulate data Examples:
IP::remote_addrreturns the remote IP address of a connection.
HTTP::header removeremoves the last occurrence of the named header from a request or response.
- Utility commands - useful for parsing and manipulating content Example: decode_uridecodes the named string using HTTP URI encoding and returns the result.
aFleX configuration is done in 2 steps:
1. Place the aFleX script on the AX device.
- Using the CLI
- Use a computer with any text editor to write an aFleX script and save it as a file.
- Use the import aflex command to import the aFleX file from the computer to the AX device.
- aFleX CLI syntax check: aflex check
- Using the WebUI
- With the AX’s web interface, you can directly type in aFleX scripts and save them on the AX device. In the AX WebUI, navigate to Config Mode > Service > aFleX.
- Using the aFleX Editor
- The aFleX Editor is a separate PC application you can use to download/upload aFleX scripts from/to the AX device. Moreover, the aFleX Editor can do syntax checking. As an editor, it also has syntax highlighting, keyword auto-completion, etc.
2. Assign the aFleX script to VIP port.
- Using the WebUI: Config Mode > Service > SLB > Virtual Server > Port
AX(config)# slb virtual-server name [ipaddr] AX(config-slb vserver)# port N tcp AX(config-slb vserver-vport)# aflex script-name
aFleX statistics are available in the WebUI or CLI:
- WebUI: Monitor Mode > Service > aFleX
AX# show aflex script-name