configuring HTTP/2 properly

am_gli · ‎28-Sep-2021

Hi,

I have an issue with activating a VS with HTTP/2.

Our requirement is following:

Backend server is capable of HTTP/2
F5 should offer HTTP/2 to the client
If client is capable of HTTP/2, then clientside connection should be HTTP/2 -> and serverside connection should be HTTP/2 too
If client uses HTTP 1.1, then serverside connection should be HTTP 1.1 too

I applied a ssl profile to a VS (CS & SS), removed the renegotiation checkbox and activated the default http2 profile for CS and SS, and enabled the HTTP MRF Router option like described in the guide.

With MRF checked, the connection fails in Chrome (ERR_HTTP2_PROTOCOL_ERROR) and with CURL ( HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)).

Without MRF, the CS connection is HTTP/2, but the SS connection is still HTTP1.1.

Is there a proper way to achieve the scenario described above by default GUI config, or would I have to trigger this somehow with irules?

And why does MRF break the connection?

Jim_M · ‎28-Sep-2021

I too would like to know this. Also, am.gli can you please post a link to the guide?

am_gli · ‎29-Sep-2021

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/big-ip-http2-full-proxy-configuration-14-1-0/01.html

shsingh · ‎10-May-2022

Hi @am_gli

When you say "if MRF is disabled" the serverside is HTTP 1.1 <- this is by design as the configuration is acting in "gateway mode" which means that clientside can serve H/2 to enable the benefits of the protocol while having servers remain on H/1.1

Would you be able to let us know the TMOS version you are using?

Also, do you have a request-logging profile? https://cdn.f5.com/product/bugtracker/ID1101181.html

DevCentral

configuring HTTP/2 properly

Khoros Kudos Award 2022