Settings when configuring http/2 for the client side only

Question

We have used the http/2 settings at https://my.f5.com/manage/s/article/K04412053 and our flow is user mobile devices to BIG-IP is http/2. BIG-IP translates http/2 to http/1.1 then sends it to our back-end servers.

1. We have seen lot of Client connection closed error messages after turning on http/2 and trying to trace if any http/2 settings need to be changed from the default http/2 settings at https://my.f5.com/manage/s/article/K04412053 ?

2. How does BIG-IP translate http/2(received from user mobile devices) to http/1.1 and how can we check those settings to tweak them?

3. Anything else we should check for?

paulius · Answer

s_p_92 The following link might be of some assistance.
https://community.f5.com/t5/technical-forum/http-2-0-server-side-traffic/td-p/247153

gajji · Answer

In Virtual Server -&gt;&gt;&nbsp;&nbsp;Under the "HTTP Profile" section, you should see an option for "HTTP/2 Profile." This setting determines the HTTP/2 configuration used by the virtual server.By default, BIG-IP uses the "http2-default" profile, which includes settings for HTTP/2 to HTTP/1.1 translation.IF you want to create a custom one please read the documetation properly and then only do.

s_p_92 · Answer

Thanks Paulius&nbsp;I saw that but missing what else I need to check for the Client connection closed errors which spiked after turning on http/2 errors

s_p_92 · Answer

Thanks Gajji&nbsp;In Virtual Server under the section for "HTTP profile", value of "HTTP/2 profile" has a custom value but that uses the default settings mentioned at https://my.f5.com/manage/s/article/K04412053 This was done by someone who has now left the company so we don't know the thinking behind creating a custom profile and then using the default settingsWhat else can I check?&nbsp;

rodrigo_albuque · Answer

BIG-IP translates by copying the HTTP generic headers that are common between HTTP/2 and HTTP/1.1 to the HTTP/1 side. There's nothing much special. If you're encountering an error in the connection, the best thing to do is to capture it using Wireshark. Here's an article I wrote on how to decrypt TCPdump/wireshark packet captures: https://community.f5.com/t5/technical-articles/decrypting-tls-traffic-on-big-ip/ta-p/280936

Once you decrypt the HTTP/2 side and concurrently capture the HTTP/1.1 side, just look for the error message and maybe share it here.

Forum Discussion

Settings when configuring http/2 for the client side only

Recent Discussions

INFORM: Entrust CA will be untrusted in Chrome after Oct 31, 2024

Can BIG-IP DNS recursion only my domain?

CPU data, control and analytics plane utilization

Can import iSeries 4000 config (OS ver 1.3.x) to rSeries 5000 (f5os-a 1.5.2)?

Datagroup with address and value

Related Content

What is HTTP Part X - HTTP/2

Manage F5 BIG-IP FAST with Terraform (Part 2 - Create HTTPS application)

Microservices and HTTP/2

iRule sideband using HTTP/2

Lightboard Lessons: HTTP/2

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS