Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
14.0.0, 13.1.0, 12.1.3.4
Opened: Mar 29, 2017 Severity: 3-Major Related Article:
K18323013
HTTP2 can vary frame size between 16K bytes (included) and 16 Mbytes (not included). When a client sends a data frame spawning more than one TCP segment, the BIG-IP system incorrectly decrements the frame size twice from the receive window. If the proxy flow control is disabled, this just creates an additional window update frame. If the proxy is in flow control, this causes a flow control error.
HTTP2 resets the stream with FLOW_CONTROL_ERROR.
-- HTTP2 profile is configured on a virtual server. -- Client sends a data frame larger than 16384 bytes, violating RFC. Note: The receiving maximum frame size of the BIG-IP is permanently set at 16384 bytes.
There is no workaround at this time.
When a client sends HTTP2 a data frame exceeding a negotiated maximum frame size, the BIG-IP system correctly resets the stream.