Forum Discussion

JustCooLpOOLe's avatar
JustCooLpOOLe
Icon for Cirrocumulus rankCirrocumulus
Jun 06, 2019

HTTP/2.0 Server-Side Traffic

Hi,

 

As I understand it now, the HTTP/2 profile is only for client-side traffic and that any traffic sent back to the server is sent using HTTP/1.1. Does this still hold true? If so, is anyone aware of when the F5 will be able to communicate over HTTP/2.0 to the pool members? Is there a workaround?

 

Our developers are starting to explore this as an option and right now they are ok with just client-side but I'm sure they would like to implement it on the server-side so thought I would throw this out there.

  • https://support.f5.com/csp/article/K04412053

    "In BIG-IP 11.6.0, F5 introduces HTTP/2 protocol support as defined in RFC7540 for processing client-side HTTP/2 traffic. The support for server-side HTTP/2 traffic processing is introduced in BIG-IP 14.1.0; the webacceleration and OneConnect profiles are not supported in HTTP/2 full proxy mode in this version. In BIG-IP 15.0.0, F5 introduces the support for webacceleration profile in HTTP/2 full proxy mode."

  • https://support.f5.com/csp/article/K04412053

    "In BIG-IP 11.6.0, F5 introduces HTTP/2 protocol support as defined in RFC7540 for processing client-side HTTP/2 traffic. The support for server-side HTTP/2 traffic processing is introduced in BIG-IP 14.1.0; the webacceleration and OneConnect profiles are not supported in HTTP/2 full proxy mode in this version. In BIG-IP 15.0.0, F5 introduces the support for webacceleration profile in HTTP/2 full proxy mode."

  • Question related to this. If server-side is set for HTTP/2 but it goes to a server that is HTTP/1,1.1 does it negotiate to the HTTP/1,1.1?

    We have a virtual server that would have servers behind it with HTTP/2 but an iRule/Policy is in place for 'exceptions' where it changes the server pool to other servers that are not supporting HTTP/2.

    Thanks!!

    • bradhanson's avatar
      bradhanson
      Icon for Altocumulus rankAltocumulus

      Answer my own question after some testing. Yes, it will negotiate and connect to servers that aren't supporting HTTP/2. So I can have a mixed set of servers behind the virtual server some supporting HTTP/2 and others not and it connects successfully.

      I have to note how simple and apparently 'transparent' this is.

  • Think about HTTP/2 profile like any other profile, let's say severssl profile.

    You could have servers doing SSL, but in a failed scenario send people to a static sorry page without SSL.

    In that case, before redirecting to that new server, you remove the serverssl profile.

     

    In theory, the same idea could be applied to HTTP/2, so in the iRule/LTM Policy you remove the HTTP/2 profile before sending traffic to the server.

    I said in theory because I haven't tested it.

    However, this bug proves it should work:

    https://cdn.f5.com/product/bugtracker/ID869553.html

     

    The bad news is the bug above, and that I could not find that opiton using LTM Policy.

    You could open a ticket with F5 support to see if there is any engineering hotfix for that because it applies to all the latest versions.