Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2
Fixed In:
15.0.0, 14.1.2.3
Opened: Apr 09, 2019
Severity: 2-Critical
If HTTP2 is used in a 'gateway' configuration on a virtual server, without the use of an MRF http_router profile, HTTP connections are used to connect to the back-end servers. The HTTP connections are pooled, and may be reused between streams. In rare situations, an HTTP connection is reused whilst it is in the process of shutting down. This may cause the corresponding HTTP2 stream to get into an unexpected state, and get 'stuck'. The stuck streams persist until the client closes the HTTP2 connection. If a client keeps opening new streams on the affected connection, it may eventually run out of the total allowed streams limited by the HTTP2 profile. The client may then deadlock, waiting for streams to close.
The impact depends on client behavior. Some clients will open new connections for stuck streams, so the impact will be minimal. Others will show loss of performance or hang waiting for resources that will never be delivered.
An HTTP2 profile is used on a virtual server without an MRF http_router profile.
None.
HTTP2 streams no longer get stuck in rare situations.