From F5 iRules to WebAssembly: Programmability for All | Ep26 | WebAssembly Unleashed

Web Assembly Unleashed: F5, iRules, and the Future of Programmability

Key Concepts:

• WebAssembly (Wasm): A binary instruction format for a stack-based virtual machine, designed for high performance and portability.
• iRules: F5’s proprietary TCL-based scripting language for programmable data plane access within the BIG-IP application delivery controller.
• Programmability: The ability to customize and extend network and security devices through scripting or code.
• Data Plane: The part of a network device responsible for forwarding traffic.
• Dev Central: F5’s online community for developers and network professionals.
• TCL (Tool Command Language): An interpreted scripting language used in iRules.
• Layer 3/Layer 7: Referencing the OSI model layers, representing network and application layers respectively, indicating the scope of iRule access.

I. Introduction & F5’s Role in Programmability

The podcast episode introduces “Web Assembly Unleashed” and focuses on F5’s involvement in programmability, specifically through iRules and their transition towards WebAssembly. The hosts, Oscar Spencer and Matt Yakabuchi, welcome Jason Rom, leader of the F5 Dev Central community, to discuss F5’s history with programmable network devices. The episode is a prelude to live podcasting at F5’s AppWorld conference.

II. Understanding iRules: History and Functionality

Jason Rom explains that iRules are a programmable data plane access mechanism within F5’s BIG-IP load balancer. iRules are written in TCL (Tool Command Language), a language acknowledged as somewhat outdated but historically practical due to its prevalence in Cisco networking equipment. The initial choice of TCL was driven by practicality – it was a working interpreter available at the time of the decision.

iRules provide event-driven access to various network protocols, from Layer 3 (network layer) to Layer 7 (application layer), allowing manipulation of traffic flowing through the BIG-IP. Common use cases include routing based on IP addresses, HTTP header manipulation (swapping, blocking, inspection), and payload analysis. iRules enable proactive security mitigation, even before application teams release patches.

III. Impact and Real-World Applications of iRules

Jason shares personal experiences demonstrating the significant impact of iRules for customers. He recounts a Department of Defense (DoD) scenario where iRules resolved issues with random DNS lookups causing mission-critical data access problems. By inserting HTTP cookies, they redirected traffic to the correct data center, saving the program hundreds of thousands of dollars compared to a DNS fix requiring a lengthy contract modification.

Another example involved a rental car company where iRules prevented a terminal server issue causing session miscounts and load balancing problems. These examples highlight iRules’ ability to solve critical problems quickly and efficiently, often without requiring extensive development expertise. Customers frequently utilize iRules for tasks like SSL forwarding (HTTP to HTTPS redirection) and implementing custom security policies. Several F5 products, including AFM, SSL, and carrier-grade NAT, originated as iRules before being productized.

IV. Lessons Learned from iRules Development

F5 has learned valuable lessons from decades of iRules development. Key takeaways include:

• Debugging Challenges: iRules lack a robust debugging environment, relying heavily on print statements for troubleshooting. While profiling and tracing options exist, interpreting the data is difficult for non-developers. The hosts suggest AI tools could potentially address this limitation.
• Power and Responsibility: iRules are powerful but can cause system instability if misused (e.g., core dumping the box). Guardrails are necessary to prevent accidental damage. An example is given of logging transactions to disk, which drastically reduced performance.
• Simplicity is Key: Easier-to-use commands and abstractions are preferred over complex scripting. F5 has added commands to simplify common tasks and created profiles to handle lower-level protocol details.
• Feature Evolution: Recurring iRule solutions are often transformed into dedicated features or products, streamlining operations and configuration management.
• Community Feedback: The F5 Dev Central community has been instrumental in identifying pain points and driving iRule development. Early community members like Rapmaster C unruly and Dr. teeth were core developers who actively engaged with users.

V. The Future: WebAssembly and Non-Developer Engagement

The discussion shifts to WebAssembly (Wasm) and its potential to address some of the limitations of iRules. The hosts acknowledge Wasm’s complexity and the need to make it accessible to non-developers. Jason emphasizes the importance of demonstrating practical applications and providing easy-to-use scaffolding. He believes AI-powered tools could help translate existing configurations (like iRules) into Wasm equivalents.

A key advantage of Wasm is its portability – the ability to run the same code across different platforms. Jason highlights the potential for Wasm to provide a consistent programmability layer across various environments, reducing the need for developers to learn multiple toolsets. He expresses excitement about Wasm’s potential to unlock new problem-solving capabilities and reduce operational overhead.

VI. Guardrails vs. Power: A Philosophical Debate

The conversation touches on the balance between providing powerful programmability and implementing safety mechanisms. Jason expresses a preference for giving developers a full playground to experiment with, while acknowledging that others may prefer more restrictive environments. The hosts note that Wasm’s depth of stack access (ability to manipulate low-level network protocols) is a powerful feature but requires careful consideration.

VII. Dev Central and Community Engagement

Jason explains that F5’s Dev Central community thrives on presenting real-world challenges and encouraging users to find solutions using existing tools. The community fosters a culture of problem-solving and knowledge sharing, empowering non-developers to leverage programmability. He emphasizes the importance of framing solutions in terms of practical benefits rather than technical complexity.

VIII. Conclusion & Key Takeaways

The episode concludes with a discussion of Wasm’s potential to address the challenges of programmability and its promise of portability. The key takeaway is that successful adoption of Wasm requires a focus on accessibility for non-developers, demonstrating practical applications, and providing intuitive tools. F5’s experience with iRules provides valuable lessons for navigating the future of programmability and building a thriving community around WebAssembly. The hosts promote the upcoming live podcasting sessions at F5’s AppWorld conference.