We have used the http/2 settings at https://my.f5.com/manage/s/article/K04412053 and our flow is user mobile devices to BIG-IP is http/2. BIG-IP translates http/2 to http/1.1 then sends it to our back-end servers.
1. We have seen lot of Client connection closed error messages after turning on http/2 and trying to trace if any http/2 settings need to be changed from the default http/2 settings at https://my.f5.com/manage/s/article/K04412053 ?
2. How does BIG-IP translate http/2(received from user mobile devices) to http/1.1 and how can we check those settings to tweak them?
3. Anything else we should check for?
@s_p_92 The following link might be of some assistance.
I saw that but missing what else I need to check for the Client connection closed errors which spiked after turning on http/2 errors
In Virtual Server ->> Under the "HTTP Profile" section, you should see an option for "HTTP/2 Profile." This setting determines the HTTP/2 configuration used by the virtual server.
By default, BIG-IP uses the "http2-default" profile, which includes settings for HTTP/2 to HTTP/1.1 translation.
IF you want to create a custom one please read the documetation properly and then only do.
In Virtual Server under the section for "HTTP profile", value of "HTTP/2 profile" has a custom value but that uses the default settings mentioned at https://my.f5.com/manage/s/article/K04412053 This was done by someone who has now left the company so we don't know the thinking behind creating a custom profile and then using the default settings
What else can I check?
BIG-IP translates by copying the HTTP generic headers that are common between HTTP/2 and HTTP/1.1 to the HTTP/1 side. There's nothing much special. If you're encountering an error in the connection, the best thing to do is to capture it using Wireshark. Here's an article I wrote on how to decrypt TCPdump/wireshark packet captures: https://community.f5.com/t5/technical-articles/decrypting-tls-traffic-on-big-ip/ta-p/280936
Once you decrypt the HTTP/2 side and concurrently capture the HTTP/1.1 side, just look for the error message and maybe share it here.