Real User Monitoring with ExtraHop -- Injection with F5 BIG-IP

bundles
triggers

#1

Injection using F5 BIG-IP of Real User Monitoring with ExtraHop and Boomerang.js

This post will cover how to install and set up Real User Monitoring with ExtraHop and Boomerang.js by injecting the code on the fly with an F5 BIG-IP. In this scenario, we will deploy an iRule to perform javascript code injection as HTTP responses from your web servers pass through the BIG-IP on their way back to the clients that requested them.

This the most advanced method of setting up Real User Monitoring (RUM), but is also the least invasive to your web servers and website code. If you are looking for alternative deployment scenarios, please see my Getting Started post.

Requirements

  1. A copy of Boomerang from github. Click the ‘Download ZIP’ link for simplicity sake.
  2. Full access to, and understanding of, an F5 BIG-IP. This is a very advanced Application Delivery Controller (i.e. a load balancer with full L7 proxy capabilities) and knowledge of how to utilize it is well beyond the scope of this document.
  3. A Virtual Server already set up and running properly on your BIG-IP. This Virtual Server should already be configured to load-balance requests across your web servers.
  4. Review the RUM page on our Solution Bundles Gallery, specifically the Installation Instructions section for information regarding installing the bundle.
  5. Review the documentation for Boomerang and understand how it works.

Install Boomerang on the BIG-IP with iFile

One of the main advantages of using the BIG-IP for deployment of RUM is that we won’t have to install any code or make any changes on any of your web servers. Instead, we will utilize a feature of the platform, called iFile, to host the Boomerang Javascript code.

Create iFile resources for the Boomerang Javascript code

After you download the Boomerang source code from the link listed in step #1 of the Requirements above, you should unzip it locally on your desktop. Inside the resulting folder, you should see boomerang.js in the top-level directory and a plugins/ directory that will contain the rest of the Javascript files we are interested in. For our deployment, we will be using:

  • boomerang.js
  • plugins/navtiming.js
  • plugins/rt.js
  • plugins/GUID.js

Within your BIG-IP Administration UI, navigate to System > File Management > iFile List. From here, we will upload each of the Boomerang Javascript files we will be using.

Click on the Import button.

Choose the boomerang.js file, select the Create New radio button, and specify the name rum_boomerang_js.

Click the Import button.

Repeat this step for each of the Boomerang plugins we need, naming them appropriately (e.g navtiming.js from the plugins/ folder should be named rum_boomerang_navtiming_js). After you are done, you should see a list similar to this:

Now, let’s navigate to Local Traffic > iRules > iFile List. From here, we will create an iFile resource for each of the Boomerang Javascript files we just uploaded.

Click on the Create button.

Pay special attention to the Name versus the File Name. When we imported the files, the replaced the original period (.) with and underscore(_). Now, we need to do that in reverse. The Name should put the period (.) in the file name back.

Repeat this step for each of the Boomerang plugins we need, naming them appropriately (e.g rum_navtiming_js should be named rum_boomerang_navtiming.js). After you are done, you should see a list similar to this:

Create the iRule to inject Boomerang in to your web pages

Now that we have the Boomerang Javascript files set up within iFile, we can create an iRule that will reference them and inject them in to the responses returning from your web servers.

Within your BIG-IP Administration UI, navigate to Local Traffic > iRules > iRule List. From here, we will create an iRule that we will later attach to your Virtual Server. This iRule will do two main things:

  1. Dynamically modify web server responses to contain the Boomerang Javascript code.
  2. Handle the beacon requests back from the Boomerang code so that you do not have to have a page on your web servers to do so (like we did in the Direct Deployment scenario).

Click on the Create button.

  1. Name the iRule: RUM_extrahop-boomerang
  2. Paste in the following contents:

``

when HTTP_REQUEST {
    STREAM::disable

    # Don't allow response data to be chunked
    if { [HTTP::version] eq "1.1" } {
        # Force downgrade to HTTP 1.0, but still allow keep-alive connections.
        # Since HTTP 1.1 is keep-alive by default, and 1.0 isn't,
        # we need to make sure the headers reflect the keep-alive status.
        if { [HTTP::header is_keepalive] } {
            HTTP::header replace "Connection" "Keep-Alive"
        }
    }

    # Serve Boomerang content out of iFile
    if { [HTTP::uri] eq "/ifile/rum_boomerang.js" } {
        HTTP::respond 200 content [ifile get rum_boomerang.js]
    }
    if { [HTTP::uri] eq "/ifile/rum_boomerang_rt.js" } {
        HTTP::respond 200 content [ifile get rum_boomerang_rt.js]
    }
    if { [HTTP::uri] eq "/ifile/rum_boomerang_navtiming.js" } {
        HTTP::respond 200 content [ifile get rum_boomerang_navtiming.js]
    }
    if { [HTTP::uri] eq "/ifile/rum_boomerang_GUID.js" } {
        HTTP::respond 200 content [ifile get rum_boomerang_GUID.js]
    }

    # Catch the beacon here
    if { [HTTP::uri] starts_with "/boomerang-beacon.html" } {
        HTTP::respond 200 "X-EHRUM-Beacon" "true"
    }
}

when HTTP_RESPONSE {
    if { [HTTP::header "Content-Type"] starts_with "text/" } {
        set boomerang_js_inject "<script src='/ifile/rum_boomerang.js' type='text/javascript'></script>
            <script src='/ifile/rum_boomerang_navtiming.js' type='text/javascript'></script>
            <script src='/ifile/rum_boomerang_rt.js' type='text/javascript'></script>
            <script src='/ifile/rum_boomerang_GUID.js' type='text/javascript'></script>
            <script type='text/javascript'>
                BOOMR.init({
                    beacon_url: '/boomerang-beacon.html',
                    RT: {
                        cookie: 'EH-RUM-RT'
                    }
                });
            </script>"

        # Replace closing </body> tag with <script> tags for boomerang and the
        # closing </body> tag
        STREAM::expression "@</body>@$boomerang_js_inject\n</body>@"
        STREAM::enable
    }
}

when STREAM_MATCHED {
    STREAM::disable
}

Click the Finished button.

Attach the new iRule to your Virtual Server

Now, let’s navigate to Local Traffic > Virtual Servers > Virtual Server List. From here, locate the Virtual Server that is the front-end of your web servers and click on it’s name. Next, click on the Resources tab. You will notice a section labeled ‘iRules’.

Click on the Manage button.

Within the list on the right, locate the iRule we just created (RUM_extrahop-boomerang), select it, and then click on the << button to move it from the Available to Enabled column.

Click the Finished button.

The page should refresh and you should see the new RUM iRule is listed and essentially “attached” to your Virtual Server.

Test the Javascript insertion

The easiest way to confirm whether or not you were successful in injecting the Boomerang Javascript is to browse directly to your website Once we’ve done that, use your browser to view the source code, scroll down to the bottom, and you should see that the Boomerang Javascript is there.

At this point, if you DO SEE IT, good job. That was a pretty advanced thing you just did. Now prepare yourself to bask in the glory of RUM bits.

At this point, if you DO NOT SEE IT, we need to make sure the injection is happening where we expect it to before continuing. Most likely, the issue lies in either A) the page we are browsing to is not being fronted by the BIG-IP, or there was an issue associating the iRule with the Virtual Server.

Wrapping it all up

If you have made it this far, good job. The last thing to do is to make sure you have the ExtraHop side of the equation set up. For that, head on over to the Real User Monitoring Solution Bundle page for how to finish your configuration. Pay particular attention to the Installation steps that document a potential change in the ExtraHop trigger code to match your installion.

Cheers and good luck!
ryanc


Real User Monitoring with ExtraHop -- Injection with nginx
#2

Love it, thanks Ryan! Nice write-up, and some seriously cool tech.