Forum Discussion

Manuel_Arme_Netw's avatar
Manuel_Arme_Netw
Icon for Nimbostratus rankNimbostratus
Jun 13, 2024

Problem with big packets using http2

Hi workmates, an application that passes through my F5 BIG-IP, requires for large post request, increasing the maximum header size from the default of 32k to 65k, and everything works perfectly, but only if I use http1.1.If i also enable the http2 profile, the packets are dropped by F5.

Do you know if it is possible to use packets bigger than 32k using http2?

My F5 version is this BIG-IP 15.1.6 

 
  • The mix up here between header size and content length is puzzling here. When a client POSTs a large file, it's part of the HTTP body which is defined here:

    https://www.rfc-editor.org/rfc/rfc9112.html#name-message-body

    HTTP Headers are the other part of an HTTP message, and appear before the body.

    Do you have any sample content, or sample error messages from /var/log/ltm or /var/log/apm when these requests are unexpectedly denied by big-ip?

  • Hi Lucas, maybe I expressed myself wrong, and I didn't give correct information, I meant "large get request" the requests are get and not post, so they don't have body, we have a jwt token that by itself occupies 25 Kb, plus other data that adds up and exceeds 32 Kb, unfortunately I didn't find any logs of error in the Big IP.

    I have the client error which is this (when http2 is used):

    this is a curl that simulates the same size as the get


    Failed sending HTTP request: Header overflow
    * Failed sending HTTP request
    * Connection #0 to host "our.domain.com" left intact
    curl: (55) Failed sending HTTP request: Header overflow

     

    the fact is that, unlike the http profile, there isn't parameter for the "Maximum Header Size"

     

    I hope I have explained myself well now, and I hope you have a solution 😀

    • Lucas_Thompson's avatar
      Lucas_Thompson
      Icon for Employee rankEmployee

      OK great! Sounds like you have a good method to reproduce the error. Can you share precisely:

      1. What is the curl command you use to create this behavior
      2. What is the virtual's HTTP profile configuration? Use "tmsh list ltm virtual <your virtual>" to obtain the profile names, then use "tmsh list ltm profile http <your http profile name>".

      In this way, we can run a quick test in a lab to be more sure the solution is correct.