Forum Discussion

s_p_92's avatar
s_p_92
Icon for Altostratus rankAltostratus
Mar 09, 2023

Settings when configuring http/2 for the client side only

We have used the http/2 settings at https://my.f5.com/manage/s/article/K04412053 and our flow is user mobile devices to BIG-IP is http/2. BIG-IP translates http/2 to http/1.1 then sends it to our back-end servers.

1. We have seen lot of Client connection closed error messages after turning on http/2 and trying to trace if any http/2 settings need to be changed from the default http/2 settings at https://my.f5.com/manage/s/article/K04412053 ?

2. How does BIG-IP translate http/2(received from user mobile devices) to http/1.1 and how can we check those settings to tweak them?

3. Anything else we should check for?

application delivery
http2

5 Replies

Sort By
    • s_p_92's avatar
      s_p_92
      Icon for Altostratus rankAltostratus
      Mar 09, 2023

      Thanks Paulius 

      I saw that but missing what else I need to check for the Client connection closed errors which spiked after turning on http/2 errors

  • Gajji's avatar
    Gajji
    Icon for Cirrostratus rankCirrostratus
    Mar 09, 2023

    In Virtual Server ->>  Under the "HTTP Profile" section, you should see an option for "HTTP/2 Profile." This setting determines the HTTP/2 configuration used by the virtual server.
    By default, BIG-IP uses the "http2-default" profile, which includes settings for HTTP/2 to HTTP/1.1 translation.

    IF you want to create a custom one please read the documetation properly and then only do.

    • s_p_92's avatar
      s_p_92
      Icon for Altostratus rankAltostratus
      Mar 12, 2023

      Thanks Gajji 

      In Virtual Server under the section for "HTTP profile", value of "HTTP/2 profile" has a custom value but that uses the default settings mentioned at https://my.f5.com/manage/s/article/K04412053 This was done by someone who has now left the company so we don't know the thinking behind creating a custom profile and then using the default settings

      What else can I check?

       

  • Rodrigo_Albuque's avatar
    Rodrigo_Albuque
    Icon for MVP rankMVP
    Apr 19, 2023

    BIG-IP translates by copying the HTTP generic headers that are common between HTTP/2 and HTTP/1.1 to the HTTP/1 side. There's nothing much special. If you're encountering an error in the connection, the best thing to do is to capture it using Wireshark. Here's an article I wrote on how to decrypt TCPdump/wireshark packet captures: https://community.f5.com/t5/technical-articles/decrypting-tls-traffic-on-big-ip/ta-p/280936

    Once you decrypt the HTTP/2 side and concurrently capture the HTTP/1.1 side, just look for the error message and maybe share it here.