CF CLI intermittently fails to push an application.

If you enable the trace using the command bellow:

$ CF_TRACE=true cf push app

It shows a request and response similar to the following snippet:

REQUEST: [2020-06-04T10:48:45-05:00]
PUT /v2/apps/40d2a5c8-190a-476f-8d09-89f28e6bcf5e/bits?async=true HTTP/1.1
Host: api.sys.pivotal.io
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: multipart/form-data; boundary=0be8c268b339db8e26101b4cded54219ce3c011f002b541e3cfddb92bd3e
User-Agent: go-cli 6.49.0+d0dfa93bb.2020-01-07 / darwin

[MULTIPART/FORM-DATA CONTENT HIDDEN]

                             
Done uploading

RESPONSE: [2020-06-04T10:48:46-05:00]
HTTP/1.1 400 Bad Request
Connection: close
Content-Length: 166
Content-Type: text/html
Date: Thu, 04 Jun 2020 15:48:46 GMT
Server: nginx
X-Vcap-Request-Id: efd93b4a-311a-4551-7065-828be35283db

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx</center>
</body>
</html>

Product Version: 2.4

There is a known issue with NSX-V 6.4.x. In certain situation NSXV load balancer would corrupt HTTP requests. 

This issue was fixed in NSX-V 6.4.6b, and we advise you to upgrade if possible.

Workaround

If this is not an option, you can apply the following workaround. 

1. SSH into the NSX edge and elevate your privileges. For NSX edge in High Availability (HA) mode, this needs to be done on both VMs.

enable
 
# Enable debug engineering mode
debug engineeringmode enable
 
# Login as root
st e

2. Edit /opt/vmware/vshield/templates/haproxy.conf.tmp and add this to the defaults section `no option http-use-htx`. The file should look like this:

defaults
   no option http-use-htx

3. Change some part of the load balancer config in order to force NSX to regenerate the haproxy config from the template and apply the new change or restart the haproxy service manually.

service haproxy restart