Forum Discussion
Incosistent forwarding of HTTP/2 connections with layered virtual
Woah...that's completely new for me and seems to break my layered virtual concept, based on SNI forwarding. In my case a wildcard certificate is in place. Not sure if this will result in the same behavior, but from the description and my observations, I would assume that the behavior is identical - generally every CN is also in the SAN list these days.
Unfortunately, I wasn't able to find specific information, related to the BIG-IP. From my understanding I won't be able to disable this behavior in the BIG-IP, i.e. via HTTP/2 profile or LTM policy or even via iRule, right?
The only solution I cloud think of is to get rid of the wildcard certificate and make sure, that each "app", for which a dedicated tier2 virtual exists, uses only domain-specific certificates, without any additional SANs, that should be handled by other tier2 virtuals. Did I get this right?
the coalescing in controlled by client.
in your case, the wildcard certificate basically causes client to coalesce the connections.
the solution is simply do ssl offload/termination in tier1 vserver (assign client(side) ssl profile with the wildcard cert in it)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com