NSX ESG Load Balancer fails to forward responses from the backend server.
An error message similar to the following is observed:
2017-02-22T15:58:36+00:00 ESG-799-EXT-LB-1 loadbalancer[14599]: [default]: [local0.info] 172.16.62.5 - - [22/Feb/2017:15:58:36 +0000] "POST /PublicCaseAccess/Traffic/Search HTTP/1.1" 502 8964 "" "" 60605 585 " services-webserver~" " services-webserver
" "webp01" 5 0 0 -1 398 PHEN 0 0 0 0 0 0 0 "" ""
2017-02-22T16:43:52+00:00 ESG-799-EXT-LB-1 loadbalancer[14599]: [default]: [local0.info] 172.16.62.5 - - [22/Feb/2017:16:43:52 +0000] "POST /PublicCaseAccess/Traffic/Search HTTP/1.1" 502 8964 "" "" 60974 395 " services-webserver~" " services-webserver
" "webp01" 86 0 1 -1 374 PHEN 0 0 0 0 0 0 0 "" ""
NSX for vSphere 6.2.4
NSX for vSphere 6.3.x
This is a known issue with the HAProxy application used, whereby it only allows up to 101 headers in the response.
https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#tune.http.maxhdr
NSX for vSphere 6.4.0 has exposed a REST API to edit these values and allows you to increase them.
The syntax is a follows:
PUT https://<nsx-ip>/api/4.0/edges/<edgeId>/systemcontrol/config
<systemControl>
<property>lb.global.tune.http.maxhdr=1024</property>
</systemControl>
Return 204
GET https://<nsx-ip>/api/4.0/edges/<edgeId>/systemcontrol/config
Status Code: 200 OK
Cache-Control: private, no-cache
Content-Type: application/xhtml+xml
Date: Fri, 03 Mar 2017 15:03:58 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
<?xml version="1.0" encoding="UTF-8"?>
<systemControl>
<property>lb.global.tune.http.maxhdr=1024</property>
</systemControl>
If an upgrade is not possible, please log a call with GSS and mention the KB article.