Hi,
for a detailled explanation of the the http/2 concept I would recommend to lookup the
RFC or
Wikipedia for a short summary.
F5 has implemented a proxy functionality for http/2 which comes with the LTM feature set. No add-on modules required.
The http/2 protocol runs via encrypted connections only. Using Perfect Forward Secrecy (PFS) based on EC-DHE or DHE is mandatory.
Your related client-ssl profile needs to have renegotiation disabled (it´s default in the "clientssl-secure" client-ssl profile to be used as a parent).
A virtual server in standard mode can handle both http/1.x and http/2 traffic. It´s required to have a proper client-ssl profile, a http profile and an http/2 (section "Acceleration") enabled. Now both types of clients may connect. Your virtual server statistics profile section will provide details on the usage of protocols.
Your BIG-IP device acts as a proxy in this case. Serverside connections will be established via http/1.x only. The concurrect http/2 streams on clientside will be demultiplexed into multiple serverside connections. That´s why divergent client- and serverside connection counts/rates can be expected. Due to current issues with Safari browsers it might be necessary to increase the number of streams to 100 in your customized http/2 profile.
Starting using http/2 may require to lookup your currently assigned iRules. It turned out, that variables initiated under CLIENT_ACCEPTED may not be available in upper layer events like HTTP_REQUEST. This results in TCL errors and connection resets and will require changing your iRule scripts.
That´s why it is highly recommended to test http/2 in a staging environment thoroughly with a range of clients (browsers) before activating it in production.
Cheers & good luck, Stephan