The issue commonly occurs under the following conditions:

• A recent upgrade from NSX-T Data Center 2.5.x to 3.x has been performed on the system
• The network configuration uses load balancer rules for traffic routing based on destination port
• After the upgrade, the load balancer VIP produces a 502 bad gateway error, whereas this functionality worked correctly prior to the upgrade
• Testing reveals that connections function properly when bypassing the load balancer, indicating the issue is specific to the load balancer configuration

VMware NSX-T Data Center 2.5.x

VMware NSX-T Data Center 3.x

Prior to NSX-T 3.x, the IP address and port were evaluated. When this issue occurs in 3.x, this evaluation fails to consider the destination port, therefore it can not make a match on the rule and the connection fails.

This issue is resolved in VMware NSX-T Data Center 3.1.2

Workaround:
Upgrade to NSX-T 3.1.2 where the correct evaluation of the header occurs for the load balancer rule.