Forum Discussion

KaiTT's avatar
Icon for Nimbostratus rankNimbostratus
Apr 20, 2023

http/2 configuration

Hi All,

We are providing LTM service by configuring BIG-IP as below. (This is not a typical configuration)












BIG-IP creates two connections.

1) Client <--------------> BIG-IP <-------------> WAF

2) WAF <---------------> BIG-IP <-------------> Leaf


We are going to add http/2 configuration in these topologies.

But I found a problem here.

Client Hello for incoming traffic via WAF does not include ALPN.







From BIG-IP point of view, ALPN seems to be missing because Client is WAF.

In this case, even if I add http/2 profile, it is expected to fail due to topology issues.


Am I right in understanding?

Is there any other way to do http/2 successfully in this environment?


3 Replies

    • KaiTT's avatar
      Icon for Nimbostratus rankNimbostratus


      http/2 profile has not been applied yet.

      We found something unusual during the review before applying the configuration.


      2) WAF <---------------> BIG-IP <-------------> Leaf


      In this flow, the client is WAF.

      Client Hello does not include ALPN because it is not a typical web browser.

      Is it correct to not be able to use http/2 in an environment where ALPN is not included in Client Hello due to topology singularity?




      • I would say that you're correct. From what you describe, the WAF is acting as a reverse proxy. The limitation is on the WAF and not the BIG-IP.

        If the WAF cannot proxy the ALPN extension, then you are going to have HTTP/1.1 on connection 2). I'm not sure if there is any way around this. Maybe the WAF software can be upgraded to support this? I'm assuming the WAF is different vendor hardware?