cancel
Showing results for 
Search instead for 
Did you mean: 

configuring HTTP/2 properly

am_gli
Altostratus
Altostratus

Hi,

 

I have an issue with activating a VS with HTTP/2.

 

Our requirement is following:

 

  • Backend server is capable of HTTP/2
  • F5 should offer HTTP/2 to the client
  • If client is capable of HTTP/2, then clientside connection should be HTTP/2 -> and serverside connection should be HTTP/2 too
  • If client uses HTTP 1.1, then serverside connection should be HTTP 1.1 too

 

I applied a ssl profile to a VS (CS & SS), removed the renegotiation checkbox and activated the default http2 profile for CS and SS, and enabled the HTTP MRF Router option like described in the guide.

 

With MRF checked, the connection fails in Chrome (ERR_HTTP2_PROTOCOL_ERROR) and with CURL ( HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)).

 

Without MRF, the CS connection is HTTP/2, but the SS connection is still HTTP1.1.

 

Is there a proper way to achieve the scenario described above by default GUI config, or would I have to trigger this somehow with irules?

And why does MRF break the connection?

 

3 REPLIES 3

Jim_M
Cirrus
Cirrus

I too would like to know this. Also, am.gli can you please post a link to the guide?

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/big-ip-http2-full-proxy-configuration-14-1-0/01.html

shsingh
F5 Employee
F5 Employee

Hi @am_gli 

When you say "if MRF is disabled" the serverside is HTTP 1.1 <- this is by design as the configuration is acting in "gateway mode" which means that clientside can serve H/2 to enable the benefits of the protocol while having servers remain on H/1.1

Would you be able to let us know the TMOS version you are using?

Also, do you have a request-logging profile? https://cdn.f5.com/product/bugtracker/ID1101181.html