Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

http/2 configuration


Hi All,

We are providing LTM service by configuring BIG-IP as below. (This is not a typical configuration)













BIG-IP creates two connections.

1) Client <--------------> BIG-IP <-------------> WAF

2) WAF <---------------> BIG-IP <-------------> Leaf


We are going to add http/2 configuration in these topologies.

But I found a problem here.

Client Hello for incoming traffic via WAF does not include ALPN.








From BIG-IP point of view, ALPN seems to be missing because Client is WAF.

In this case, even if I add http/2 profile, it is expected to fail due to topology issues.


Am I right in understanding?

Is there any other way to do http/2 successfully in this environment?





which profile have you attached to your virtual server? Do they both contain a HTTP/2 Client and Server-Profile? Have they enabled HTTP MRF?

From my point of view the setup should work fine if you follow this guide on both VS:



http/2 profile has not been applied yet.

We found something unusual during the review before applying the configuration.


2) WAF <---------------> BIG-IP <-------------> Leaf


In this flow, the client is WAF.

Client Hello does not include ALPN because it is not a typical web browser.

Is it correct to not be able to use http/2 in an environment where ALPN is not included in Client Hello due to topology singularity?




I would say that you're correct. From what you describe, the WAF is acting as a reverse proxy. The limitation is on the WAF and not the BIG-IP.

If the WAF cannot proxy the ALPN extension, then you are going to have HTTP/1.1 on connection 2). I'm not sure if there is any way around this. Maybe the WAF software can be upgraded to support this? I'm assuming the WAF is different vendor hardware?