Click here to close now.

Welcome!

Java Authors: Pat Romanski, Elizabeth White, Carmen Gonzalez, Roger Strukhoff, Liz McMillan

Blog Feed Post

iRules Concepts: Tcl, The How and Why

F5 uses TCL as the interpreter for iRules. Many people often ask why that is. This questions is usually followed up by an immediate, "Why not Perl?" or "Why not Java" or "Why not <fill in my preferred language of choice>?". I understand the question, and frankly I'm a Perl guy from way back myself, so when I first landed at F5 and started devouring all things iRules, I was curious about the same thing. Since then I've discussed this topic with some of F5's best, in my opinion, and have come to understand that there are many solid reasons for choosing the runtime that we use.

When asked "Why TCL?" my standard response centers around varying degrees of discussing:

    • Speed

    • Embeddability

    • Usability

These all remain true today, and I will expand on each of them in hopes of illuminating our position with TCL and iRules, and why the Perl lover in me was, and is to this day, convinced that we made the right choice.

History

Before I delve into the above list, first let me give some history of how we originally got to TCL in the first place. Originally, back in the days of dinosaurs and BIG-IP v3.0, when iRules was introduced as a technology within F5, we used a custom syntax. We hand rolled commands and utility functions, and relied on no particular language to achieve this, other than C, which is the base for pretty much everything that runs on our box, and frankly darn near everywhere else. This was all well and good, but as any F5 historian knows, the world changed a lot for us in v9.

For version 9 we tore up pretty much everything on the drawing board. Heck, we tore up the drawing board and started fresh. Even still, the plan was to go forward with the same approach, I.E. custom roll commands to be used within iRules and rely on no outside language to achieve this. At this point, though, some testing was done and a shocking result surfaced. In testing TCL against the custom built commands, TCL was actually faster in many cases. (More about how and why in a bit.) This left us with a very interesting fact: TCL was both faster and more feature rich than our hand rolled commands. That made the choice pretty simple.

Now then, on to the reasons why TCL was and still is a solid choice for iRules. From the list above, let’s start with speed.

Speed

We talk about it all the time. iRules are fast. Think of the fastest thing you can think of, a speeding bullet perhaps. Now think faster. No, faster than that. Seriously, blazingly fast. Why so much emphasis on speed? Because it lies at the core of everything that we do.

I’m one of the first people to say that it’s not all about speeds and feeds, as it were, when talking about ADC solutions from a broad perspective. That is not to be confused with the concept that speed is not important. Speed, in fact, is absolutely paramount when speaking from a granular level. The faster the granular functions are; packet interrogation, re-writing, routing, forwarding, IP translation, the faster each atomic function is, the less resources are utilized on such things. This leaves more power available as overhead to build and complete complex logical functions. Building business logic into the network could be costly to a point of making it prohibitive if it weren’t for the fact that each minute operation being performed behind the scenes were streamlined to the nth degree. So when it comes to iRules or any programmable interface for the network, speed is absolutely paramount.

That’s all well and good, but how does TCL fit into that? In testing TCL against other, heavier languages such as Perl and Python, we deemed pretty quickly two things:

    1) TCL was far, far faster for our purposes than any of the other widely available options at the time, which is still the case with the exception of perhaps Lua.

    2) Other options had large amounts of commands that we would either not need, or explicitly did not want to include for either security or performance reasons.

So out of the box TCL is a faster choice for our needs. If that weren’t enough, however, we also have to take into account the fact that we need to heavily modify the functionality of the language. For our purposes we both add and rip out large chunks of commands and functionality. We need to make things network aware, event driven (which, by the way, TCL explicitly is, and most other languages are not), add the notion of suspending/parking commands, ensure that garbage collection doesn’t occur in the middle of processing network traffic, and generally twist the language into something that understands what we are doing. TCL is very easy to modify in all of these ways, compared to other options, so this one more way in which it is a good fit for our needs.

Also keep in mind that the reality is, we’re only using a very small slice of what is available in whatever language iRules makes use of. This is because the vast majority of iRules commands are actually custom functions being performed within the TMM. Things like the HTTP:: commands, the table command, class, iStats, sideband connections … by far the lion’s share of what iRules users rely on for the functionality to understand, interpret and modify their traffic are actually calls to native C code. That is, those things don’t actually exist at all in the TCL world, beyond creating a TCL wrapper to call and handle the underlying functions.

This is for various reasons, not the least of which is – you guessed it – performance. The functions within TMM that perform these actions are far higher performance in their native state than they could be in any interpreted language running per connection, TCL or otherwise. So if a huge majority of our commands are actually just passing control back and forth between TCL and C, then a highly adept interface for doing so becomes paramount. TCL, again, pulls ahead of the pack in this arena. It just so happens that TCL has one of the more thorough C programming APIs available, compared to other similar language options. Given how often this happens and how important it is to what iRules does at its core, this is a big plus.

Last but not least, TCL supports the notion of compiling to byte-code. This is something we make extensive use of to boost performance at run time. Whenever an iRule is saved to the system it is compiled into byte code, which allows it to execute far faster than if it were in the native, human readable state. Most scripting languages combine the compilation and execution functions so that both occur effectively at the same time. With TCL we're able to use a different model that allows for the compilation, syntax checking etc. to occur at load time, which means that at run time, the byte code is processed instead of the original iRule, thus skipping a large amount of the overhead that would otherwise be involved. This allows a far smaller footprint at run time (meaning when the iRule has to execute), in exchange for a bit of extra work at load time (when a user saves an iRule), which is a very, very solid trade for us. Anything we can offload to happen once at load time rather than for each connection that comes through the system is an extremely solid performance improvement. 1 execution per save vs 100k executions per second (on a highly traffic laden box) is a pretty simple picture to understand, and bytecode allows us to achieve that at least somewhat.

Embeddability

TCL is not only extremely fast, but also supremely embeddable. It has a long history of being a go-to embedded interpreter in many fast paced, low level systems such as L2 switches. This is thanks to the fact that TCL is very, very small, when compared to other languages that offer similar functionality (or more functionality, like Perl and Java, but more on that later). Also, TCL is amazingly simple to integrate with C. So much so that it is considered near free in many cases, and anything written in C could easily be exposed via TCL with minimal effort. Keep in mind here that when I talk about things written in C, that list includes a massive array of programs and systems, including many modern kernels, such as Windows and Linux. TCL being friendly with kernels isn’t a bad thing when looking at integrating it with a custom micro-kernel, as is the case within TMM.

On top of the highly embeddable nature of TCL, you also have to factor in the absolutely minuscule footprint. The entirety of TCL is a few hundred kilobytes, including the parts we’re not using within iRules. That is tiny in comparison to its more feature rich cousins Perl and Java and <many others>. For instance the entire source download of TCL (as of the writing of this article) is 4.3M whereas Perl is 15M. The size of the environment becomes very important the more you understand the inner workings of the iRules world.

One of the things that most people don’t take into account or don’t realize is the fact that each connection to the BIG-IP that invokes an iRule receives a unique TCL context along with the accompanying state, variables, etc. This means that memory is allocated to every connection that uses an iRule to store that TCL structure, allow it to interface uniquely with TMM, and do what it needs for that particular connection and the iRules associated with it. Keep in mind that this can occur millions of times concurrently on a busy, high-end F5 device, and to me it becomes extremely impressive. The memory footprint difference between a couple hundred kilobytes for TCL and a couple megabytes for many other languages is large enough for a single instance. When you talk about a few hundred thousand or even a million concurrent instances, however, it becomes exponentially larger and more important, as you might imagine.

Surely you could not allocate, store, and process millions of copies of Perl in the same resource footprint. This is directly due to the size and simplicity of TCL. Perl and other such languages have many, many more base capabilities than TCL. This is a fantastic thing when and if you need them, and when you aren’t worried about resource constraints in such a blisteringly fast paced environment. In our world, when the vast majority of that added functionality isn’t needed anyway, and every byte or cycle counts, the overhead isn’t nearly worth the luxury.

One of the best engineers here at F5, from whom I gleaned some fantastic insight and new information when asking questions to help inspire this conversation, said it quite well:

“The full Tcl syntax can be described by just a handful of rules.  In fact it's so simple you could write your own Tcl grammar parser in an afternoon. For contrast, only Perl can parse Perl.”

Don’t get me wrong, I’m a big Perl fan, and still use it to this day for writing utilities and such on the command line. There is a tool for every job and in our particular case, given the performance requirements we have, TCL just makes more sense.

Usability

Now that we understand the performance concerns and how TCL plays well in that arena, the next most prominent concern on our list would be usability. When considering usability in this case it is important to remember our target audience. The people generally managing these systems are not full time programmers. As such, making use of a simple, easily readable language that is quick to pick up and master, and easy to read and pass from one user to the next makes a lot of sense.

The simplicity of TCL plays into less overhead to the user when it comes to understanding the commands and tools available just as much as it plays into the system overhead required to load. It makes sense, I think, that a language with far greater capabilities and extended commands, memory structures, modules, etc. would take more time and effort to master. Given that doing so is often not the primary role of the individuals we hope to appeal to with iRules, the simpler approach makes more sense.

On top of that, most of that added functionality simply isn’t necessary. Keep in mind we’re not even exposing all of TCL. We intentionally and specifically limit some of the base functionality. If we are limiting the much simpler, less complex language because we don’t need or want that functionality, there is little argument for moving to a more complex, feature rich language, given that the majority of the functionality would likely be “nice to have” at best, and undue overhead at worst.

Is TCL still the right choice?

All of that being said, if we were starting from scratch today without thousands of iRules in the wild, a community built up to support the language, TMSH, iApps and many other technologies within the BIG-IP making use of TCL, etc. would we choose TCL again?

Given the needs iRules has for an interpreter: Fast, tightly embeddable, small footprint, fast, easily tied to native C and thus kernels, usability – yes, I think TCL would still be a strong contender for being the best fit for our needs. If I weren’t convinced of it before, I’ve spoken to some of the core architects responsible for iRules today, and they share the same opinion, that TCL is still as strong a choice today as it was in 2004. There are others that offer similar benefits today, Lua being chief among them, but there are drawbacks of those as well. To me, there is no clearly superior choice for our very specific needs even in today’s landscape. On top of that, we rarely get any complaints about iRules being TCL based. Sure we get questions as to why, but once we explain the benefits and people are clear on the reasons we went down the road we did, it almost always results in a happy iRules user.

Are there some ways in which allowing users access to other languages may be beneficial? Certainly, but keep in mind they are largely available. It is quite commonplace for Perl and bash to be used for monitors already. Perhaps a better way of addressing the question is: What is it you would like to do with other languages that you cannot via iRules currently? Once that is understood, the discussion could turn to whether or not that is possible, feasible and reasonable to implement within BIG-IP in some fashion. Would this be built directly into the TCL construct iRules is based on, or in some other fashion that may allow the use of a chosen language, or a subset thereof? Who knows, but it is a valuable conversation regardless of the outcome. The more we can understand what it is people would like to and are trying to do, the better we can continue expanding the already powerful tools that we offer to meet those needs.

Hopefully that paints the picture of why we chose and continue to use TCL to support our powerful iRules framework. I am not by any means a TCL zealot. Frankly I had far more experience in other languages before coming to F5, and rather enjoyed writing things in those languages. What I care about far more than writing in my favorite language, however, is using the right tool for the job. As I’ve learned more about iRules I have come to understand the reasons we use TCL to do what we do, and appreciate what it allows us.

Read the original blog entry...

More Stories By Colin Walker

Coming from a *Nix Software Engineering background, Colin is no stranger to long hours of coding, testing and deployment. His personal experiences such as on-stage performance and the like have helped to foster the evangelist in him. These days he splits his time between coding, technical writing and evangalism. He can be found on the road to just about anywhere to preach the good word about ADCs, Application Aware networking, Network Side Scripting and geekery in general to anyone that will listen.

Colin currently helps manage and maintain DevCentral (http://devcentral.f5.com). He is also a contributor in many ways, from Articles to Videos to numerous forum posts, to iRules coding and whatever else he can get his hands on that might benefit the community and allow it to continue to grow.

@ThingsExpo Stories
SYS-CON Events announced today that Cloudian, Inc., the leading provider of hybrid cloud storage solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cloudian, Inc., is a Foster City, California - based software company specializing in cloud storage software. The main product is Cloudian, an Amazon S3-compliant cloud object storage platform, the bedrock of cloud computing systems, that enables cloud service providers and enterprises to build reliable, affordable and scalable cloud storage solu...
SYS-CON Events announced today that Gridstore™, the leader in hyper-converged infrastructure purpose-built to optimize Microsoft workloads, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Gridstore™ is the leader in hyper-converged infrastructure purpose-built for Microsoft workloads and designed to accelerate applications in virtualized environments. Gridstore’s hyper-converged infrastructure is the industry’s first all flash version of HyperConverged Appliances that include both compute and storag...
Temasys has announced senior management additions to its team. Joining are David Holloway as Vice President of Commercial and Nadine Yap as Vice President of Product. Over the past 12 months Temasys has doubled in size as it adds new customers and expands the development of its Skylink platform. Skylink leads the charge to move WebRTC, traditionally seen as a desktop, browser based technology, to become a ubiquitous web communications technology on web and mobile, as well as Internet of Things compatible devices.
SYS-CON Events announced today that IDenticard will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. IDenticard™ is the security division of Brady Corp (NYSE: BRC), a $1.5 billion manufacturer of identification products. We have small-company values with the strength and stability of a major corporation. IDenticard offers local sales, support and service to our customers across the United States and Canada. Our partner network encompasses some 300 of the world's leading systems integrators and security s...
“With easy-to-use SDKs for Atmel’s platforms, IoT developers can now reap the benefits of realtime communication, and bypass the security pitfalls and configuration complexities that put IoT deployments at risk,” said Todd Greene, founder & CEO of PubNub. PubNub will team with Atmel at CES 2015 to launch full SDK support for Atmel’s MCU, MPU, and Wireless SoC platforms. Atmel developers now have access to PubNub’s secure Publish/Subscribe messaging with guaranteed ¼ second latencies across PubNub’s 14 global points-of-presence. PubNub delivers secure communication through firewalls, proxy ser...
SYS-CON Events announced today that On the Avenue Marketing Group, a sales and marketing firm that utilizes events to market and sell products to consumers, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. On the Avenue Marketing Group (OTA) is a sales and marketing firm that utilizes events to market and sell products to consumers. On behalf of our clients, we attend thousands of fairs, festivals, expos, concerts, conferences, and sporting events annually, helping them reach millions of individuals ...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
“In the past year we've seen a lot of stabilization of WebRTC. You can now use it in production with a far greater degree of certainty. A lot of the real developments in the past year have been in things like the data channel, which will enable a whole new type of application," explained Peter Dunkley, Technical Director at Acision, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable older adults to live independent lives while staying connected to loved ones. M2M will continue to gr...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
SYS-CON Events announced today that Ciqada will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Ciqada™ makes it easy to connect your products to the Internet. By integrating key components - hardware, servers, dashboards, and mobile apps - into an easy-to-use, configurable system, your products can quickly and securely join the internet of things. With remote monitoring, control, and alert messaging capability, you will meet your customers' needs of tomorrow - today! Ciqada. Let your products take flight. For more inform...
SYS-CON Events announced today that GENBAND, a leading developer of real time communications software solutions, has been named “Silver Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. The GENBAND team will be on hand to demonstrate their newest product, Kandy. Kandy is a communications Platform-as-a-Service (PaaS) that enables companies to seamlessly integrate more human communications into their Web and mobile applications - creating more engaging experiences for their customers and boosting collaboration and productiv...
Dave will share his insights on how Internet of Things for Enterprises are transforming and making more productive and efficient operations and maintenance (O&M) procedures in the cleantech industry and beyond. Speaker Bio: Dave Landa is chief operating officer of Cybozu Corp (kintone US). Based in the San Francisco Bay Area, Dave has been on the forefront of the Cloud revolution driving strategic business development on the executive teams of multiple leading Software as a Services (SaaS) application providers dating back to 2004. Cybozu's kintone.com is a leading global BYOA (Build Your O...
The best mobile applications are augmented by dedicated servers, the Internet and Cloud services. Mobile developers should focus on one thing: writing the next socially disruptive viral app. Thanks to the cloud, they can focus on the overall solution, not the underlying plumbing. From iOS to Android and Windows, developers can leverage cloud services to create a common cross-platform backend to persist user settings, app data, broadcast notifications, run jobs, etc. This session provides a high level technical overview of many cloud services available to mobile app developers, includi...
SYS-CON Events announced today that BroadSoft, the leading global provider of Unified Communications and Collaboration (UCC) services to operators worldwide, has been named “Gold Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BroadSoft is the leading provider of software and services that enable mobile, fixed-line and cable service providers to offer Unified Communications over their Internet Protocol networks. The Company’s core communications platform enables the delivery of a range of enterprise and consumer calling...
While not quite mainstream yet, WebRTC is starting to gain ground with Carriers, Enterprises and Independent Software Vendors (ISV’s) alike. WebRTC makes it easy for developers to add audio and video communications into their applications by using Web browsers as their platform. But like any market, every customer engagement has unique requirements, as well as constraints. And of course, one size does not fit all. In her session at WebRTC Summit, Dr. Natasha Tamaskar, Vice President, Head of Cloud and Mobile Strategy at GENBAND, will explore what is needed to take a real time communications ...
What exactly is a cognitive application? In her session at 16th Cloud Expo, Ashley Hathaway, Product Manager at IBM Watson, will look at the services being offered by the IBM Watson Developer Cloud and what that means for developers and Big Data. She'll explore how IBM Watson and its partnerships will continue to grow and help define what it means to be a cognitive service, as well as take a look at the offerings on Bluemix. She will also check out how Watson and the Alchemy API team up to offer disruptive APIs to developers.
The IoT Bootcamp is coming to Cloud Expo | @ThingsExpo on June 9-10 at the Javits Center in New York. Instructor. Registration is now available at http://iotbootcamp.sys-con.com/ Instructor Janakiram MSV previously taught the famously successful Multi-Cloud Bootcamp at Cloud Expo | @ThingsExpo in November in Santa Clara. Now he is expanding the focus to Janakiram is the founder and CTO of Get Cloud Ready Consulting, a niche Cloud Migration and Cloud Operations firm that recently got acquired by Aditi Technologies. He is a Microsoft Regional Director for Hyderabad, India, and one of the f...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
WebRTC is an up-and-coming standard that enables real-time voice and video to be directly embedded into browsers making the browser a primary user interface for communications and collaboration. WebRTC runs in a number of browsers today and is currently supported in over a billion installed browsers globally, across a range of platform OS and devices. Today, organizations that choose to deploy WebRTC applications and use a host machine that supports audio through USB or Bluetooth can use Plantronics products to connect and transit or receive the audio associated with the WebRTC session.