Forum Discussion

MAbbas's avatar
Icon for Cirrus rankCirrus
Feb 05, 2022

Grpc Keepalive and F5 full proxy

Hi - my F5 is running v16.1 - and is a full gRPC proxy - the problem i am having i s

clinet sends gRPC ping to keep session open - to the F5 .but F5 cannot keep the session alive as there is no traffic that goes to the server - because -F5 being a proxy responds to teh ping .

How can i keep the server side connection open - other than increasing the the timeout.



4 Replies

  • Hello you mean HTTP/2? If so because this is new thing that F5 support better check with the TAC if there is new bug:


    Also maybe test if the servers can also send keep-alives as it seems that the client keep alive is not forwarded to the servers by the F5 device because of a bug or on purpose and maybe test if removing the web compression or web acceleration profiles (web cache) as there are some known bugs with those profiles and HTTP/2.



    Also you may test enabling the TCP keep alives under the TCP profiles:


    • MAbbas's avatar
      Icon for Cirrus rankCirrus

      thanks for the reply . F5 is working fine as a gRPC -http2 proxy .

      the problem i have is - client sends GRPC pings - that teh F5 responds being a proxy - hence no traffic goes to the backend server . hence the question - i sthere a way to send those pings to the backend server - other than keeping the socket open with a timeout value on teh server side.




  • Hi MAbbas 

    I also did a bit of reading on this subject, this is my opinion:
    When proxying the HTTP/2 protocol, the same connection to a pool member can be used for multiple requests coming from multiple clients at the same time.
    Very much similiar to OneConnect in HTTP/1.1. Sending pings from a pariticular client over a reverse proxy would be somewhat inconsistent with whole idea of multiplexing.

    From my understanding gRPC keepalive is ment for peer-to-peer but not for proxied connections. If there is a requirement that clients keep a connection with the backend, TCP keepalive might be an option.
    Or extending the the TCP timeout value.