HTTP/2.0 Server-Side Traffic

Question

Hi,&nbsp;As I understand it now, the HTTP/2 profile is only for client-side traffic and that any traffic sent back to the server is sent using HTTP/1.1.  Does this still hold true?  If so, is anyone aware of when the F5 will be able to communicate over HTTP/2.0 to the pool members?  Is there a workaround?&nbsp;Our developers are starting to explore this as an option and right now they are ok with just client-side but I'm sure they would like to implement it on the server-side so thought I would throw this out there.

leonardo_souza · Accepted Answer

https://support.f5.com/csp/article/K04412053

"In BIG-IP 11.6.0, F5 introduces HTTP/2 protocol support as defined in RFC7540 for processing client-side HTTP/2 traffic. The support for server-side HTTP/2 traffic processing is introduced in BIG-IP 14.1.0; the webacceleration and OneConnect profiles are not supported in HTTP/2 full proxy mode in this version. In BIG-IP 15.0.0, F5 introduces the support for webacceleration profile in HTTP/2 full proxy mode."

bradhanson · Answer

Answer my own question after some testing. Yes, it will negotiate and connect to servers that aren't supporting HTTP/2. So I can have a mixed set of servers behind the virtual server some supporting HTTP/2 and others not and it connects successfully.

I have to note how simple and apparently 'transparent' this is.

justcoolpoole · Answer

Thanks @Leonardo Souza !

bradhanson · Answer

Question related to this. If server-side is set for HTTP/2 but it goes to a server that is HTTP/1,1.1 does it negotiate to the HTTP/1,1.1?

We have a virtual server that would have servers behind it with HTTP/2 but an iRule/Policy is in place for 'exceptions' where it changes the server pool to other servers that are not supporting HTTP/2.

Thanks!!

leonardo_souza · Answer

Think about HTTP/2 profile like any other profile, let's say severssl profile.

You could have servers doing SSL, but in a failed scenario send people to a static sorry page without SSL.

In that case, before redirecting to that new server, you remove the serverssl profile.

In theory, the same idea could be applied to HTTP/2, so in the iRule/LTM Policy you remove the HTTP/2 profile before sending traffic to the server.

I said in theory because I haven't tested it.

However, this bug proves it should work:

https://cdn.f5.com/product/bugtracker/ID869553.html

The bad news is the bug above, and that I could not find that opiton using LTM Policy.

You could open a ticket with F5 support to see if there is any engineering hotfix for that because it applies to all the latest versions.

Forum Discussion

HTTP/2.0 Server-Side Traffic

5 Replies

Recent Discussions

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Related Content

SSL Offload with HTTP/2.0

HTTP 2.0 changes everything

Client-side vs Server-side Load Balancing

Server Side Profile not show the certificate

Client side to server side SNI relay iRule