Bug ID 654086: Incorrect handling of HTTP2 data frames larger than minimal frame size

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3,,,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
14.0.0, 13.1.0,

Opened: Mar 29, 2017

Severity: 3-Major

Related Article: K18323013


HTTP2 can vary frame size between 16K bytes (included) and 16 Mbytes (not included). When a client sends a data frame spawning more than one TCP segment, the BIG-IP system incorrectly decrements the frame size twice from the receive window. If the proxy flow control is disabled, this just creates an additional window update frame. If the proxy is in flow control, this causes a flow control error.


HTTP2 resets the stream with FLOW_CONTROL_ERROR.


-- HTTP2 profile is configured on a virtual server. -- Client sends a data frame larger than 16384 bytes, violating RFC. Note: The receiving maximum frame size of the BIG-IP is permanently set at 16384 bytes.


There is no workaround at this time.

Fix Information

When a client sends HTTP2 a data frame exceeding a negotiated maximum frame size, the BIG-IP system correctly resets the stream.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips