Hello,
We recently upgrade from istio 1.7.8 to istio 1.12.9
Migration succeeded pretty well but fews services are not working on HTTP2 whereas are working on HTTP1.1.
When I call endpoint I have this error :
upstream connect error or disconnect/reset before headers. reset reason: remote reset
On istio proxy log we have this without more information :
[2023-06-06T13:13:59.616Z] "GET /bidding/bsw/v1/win?recogroupid=31608c85-bc8e-4b08-b820-3a7b239ceea0&recoid=5f784d05-1494-4b0a-88c8-e68b2411edd0&impid=1&imptype=Native&winprice=1.0&wincurr=USD&supplierId=quantx&trueprice=1 HTTP/2" 503 UR upstream_reset_before_response_started{remote_reset} - "-" 0 85 24 - "176.141.135.100" "PostmanRuntime/7.29.3" "81ca9994-7404-45bd-ac49-3c52c192677b" "rtb-preprod.avads.net" "10.16.1.3:20003" inbound|20003|| 127.0.0.6:44311 10.16.1.3:20003 176.141.135.100:0 outbound_.20003_._.win-handler-service.preprod.svc.cluster.local default
[2023-06-06T13:14:05.219Z] "GET /bidding/bsw/v1/win?recogroupid=31608c85-bc8e-4b08-b820-3a7b239ceea0&recoid=5f784d05-1494-4b0a-88c8-e68b2411edd0&impid=1&imptype=Native&winprice=1.0&wincurr=USD&supplierId=quantx&trueprice=1 HTTP/2" 503 UR upstream_reset_before_response_started{remote_reset} - "-" 0 85 1 - "176.141.135.100" "PostmanRuntime/7.29.3" "42dc5e9c-01ba-4293-ab09-7cb408232999" "rtb-preprod.avads.net" "10.16.1.3:20003" inbound|20003|| 127.0.0.6:44311 10.16.1.3:20003 176.141.135.100:0 outbound_.20003_._.win-handler-service.preprod.svc.cluster.local default
[2023-06-06T13:14:05.933Z] "GET /bidding/bsw/v1/win?recogroupid=31608c85-bc8e-4b08-b820-3a7b239ceea0&recoid=5f784d05-1494-4b0a-88c8-e68b2411edd0&impid=1&imptype=Native&winprice=1.0&wincurr=USD&supplierId=quantx&trueprice=1 HTTP/2" 503 UR upstream_reset_before_response_started{remote_reset} - "-" 0 85 1 - "176.141.135.100" "PostmanRuntime/7.29.3" "bde09f0e-fac2-41e3-8415-a658fddd49af" "rtb-preprod.avads.net" "10.16.1.3:20003" inbound|20003|| 127.0.0.6:44311 10.16.1.3:20003 176.141.135.100:0 outbound_.20003_._.win-handler-service.preprod.svc.cluster.local default
When I update virtualServiceFile to target port 20001 (http on service), everything worked, except maybe the H2Upgrade from destinationRules.
[2023-06-06T13:24:14.540Z] "GET /bidding/bsw/v1/win?recogroupid=31608c85-bc8e-4b08-b820-3a7b239ceea0&recoid=5f784d05-1494-4b0a-88c8-e68b2411edd0&impid=1&imptype=Native&winprice=1.0&wincurr=USD&supplierId=quantx&trueprice=1 HTTP/1.1" 204 - via_upstream - "-" 0 0 472 471 "176.141.135.100" "PostmanRuntime/7.29.3" "cbb94f2b-009d-4796-8dd1-e7a744b4d9f2" "rtb-preprod.avads.net" "10.16.5.40:20001" inbound|20001|| 127.0.0.6:49477 10.16.5.40:20001 176.141.135.100:0 outbound_.20001_._.win-handler-service.preprod.svc.cluster.local default
[2023-06-06T13:24:43.672Z] "GET /bidding/bsw/v1/win?recogroupid=31608c85-bc8e-4b08-b820-3a7b239ceea0&recoid=5f784d05-1494-4b0a-88c8-e68b2411edd0&impid=1&imptype=Native&winprice=1.0&wincurr=USD&supplierId=quantx&trueprice=1 HTTP/1.1" 204 - via_upstream - "-" 0 0 6 5 "176.141.135.100" "PostmanRuntime/7.29.3" "59487707-7259-471b-ac7d-3bce334162dc" "rtb-preprod.avads.net" "10.16.5.40:20001" inbound|20001|| 127.0.0.6:49477 10.16.5.40:20001 176.141.135.100:0 outbound_.20001_._.win-handler-service.preprod.svc.cluster.local default
I tried to update or changed some configurations, but everything seems ok and I don’t have more ideas to resolve this issue.
I’m calling to your help 
Next, all files we used.
gateway.yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
annotations:
meta.helm.sh/release-name: dsp-gateway-prod
meta.helm.sh/release-namespace: prod
creationTimestamp: "2022-04-15T11:53:30Z"
generation: 1
labels:
app.kubernetes.io/managed-by: Helm
name: dsp-gateway-lb-prod
namespace: prod
resourceVersion: "1068104398"
uid: 293b2576-e9f5-4113-adcb-9151b8b733e5
spec:
selector:
istio: dsp-gateway
servers:
- hosts:
- rtb.avads.net
- rtb-eu.avads.net
port:
name: http
number: 80
protocol: HTTP2
- hosts:
- rtb.avads.net
- rtb-eu.avads.net
port:
name: https-prod
number: 443
protocol: HTTPS
tls:
mode: SIMPLE
privateKey: /etc/istio/dsp-gateway-cert/tls.key
serverCertificate: /etc/istio/dsp-gateway-cert/tls.crt
virtualservice.yaml
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: win-handler-prod
meta.helm.sh/release-namespace: prod
creationTimestamp: "2022-04-15T12:28:41Z"
generation: 1
labels:
app.kubernetes.io/managed-by: Helm
name: win-handler-vs
namespace: prod
resourceVersion: "1068128945"
uid: 751e68c2-141f-4609-81b5-9666b26f50af
spec:
gateways:
- dsp-gateway-lb-prod
hosts:
- rtb.avads.net
http:
- match:
- uri:
prefix: /bidding/bsw/v1/win
route:
- destination:
host: win-handler-service
port:
number: 20003
subset: v1
destinationRule.yaml
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
annotations:
meta.helm.sh/release-name: win-handler-prod
meta.helm.sh/release-namespace: prod
creationTimestamp: "2022-04-15T12:28:41Z"
generation: 1
labels:
app.kubernetes.io/managed-by: Helm
name: win-handler-circuit-breaker
namespace: prod
resourceVersion: "1068128938"
uid: a4fbc9ea-6e63-4358-9f20-c072013572ec
spec:
host: win-handler-service
subsets:
- labels:
version: v1
name: v1
trafficPolicy:
connectionPool:
http:
h2UpgradePolicy: UPGRADE
http2MaxRequests: 200
loadBalancer:
simple: ROUND_ROBIN
service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
meta.helm.sh/release-name: win-handler-prod
meta.helm.sh/release-namespace: prod
creationTimestamp: "2021-02-09T14:31:38Z"
labels:
app: win-handler
app.kubernetes.io/managed-by: Helm
name: win-handler-service
namespace: prod
resourceVersion: "1063780177"
uid: 35b118a5-fd03-4645-9e2f-df21b8dbe00b
spec:
clusterIP: 10.10.15.11
clusterIPs:
- 10.10.15.11
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- name: http
port: 20001
protocol: TCP
targetPort: 20001
- name: http2
port: 20003
protocol: TCP
targetPort: 20003
- name: prom-bidder
port: 12144
protocol: TCP
targetPort: 12144
selector:
app: win-handler
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
Thx