Forum Discussion

Alex1's avatar
Alex1
Icon for Nimbostratus rankNimbostratus
Sep 15, 2022

iRule sideband using HTTP/2

All examples I have seen with iRules using 'connect' to generate a sideband connection use HTTP/1.0 or HTTP/1.1 I am wondering if anyone has examples of, or knows how iRule sideband connections can ...
  • Kevin_Stewart's avatar
    Sep 15, 2022

    You would indeed use a helper VIP here to do a sideband call. The trick is, the HTTP2 profiles require client and server SSL and client and server HTTP2 profiles. But you can get around that.

    • Configure your helper VIP accordingly
      • HTTP profile
      • Client SSL profile with Renegotiation disabled
      • Server SSL profile with Regenotiation disabled
      • HTTP2 client profile (under Acceleration)
      • HTTP2 server profile
      • VLAN: listening on none
      • Pool to resource
    • Add the following iRule to the help VIP:
    when CLIENT_ACCEPTED {
        SSL::disable clientside
        HTTP2::disable
    }

    So then traffic should come to the VIP unencrypted, the iRule will disable clientside SSL and HTTP2, then encrypt with HTTP2 to the server.