HTTPS LB for VCD 10.4.x on NSX ALB 22.1.1: “Unable To Perform Query” – VCD UI Access Issue

This post will not show you how to configure the HTTPS load balancer for VMware Cloud Director (VCD). There are multiple public articles that cover the details for such LB configuration.

In this post, I will shed the light on a hidden feature that should be tuned on AVI so that you don’t experience the below issue “Unable to perform query” when accessing the VCD UI through the HTTPS load balancer virtual service configured on NSX ALB 22.1.1 and greater versions.

If you check the logs on the AVI load balancer you can see the below 502 error message highlighted in yellow:

Response Abnormal event: server exceeded total header count limit

As per the below article, Starting with VMware NSX Advanced Load Balancer 22.1.1, a new knob, max_header_count is introduced in the HTTP/HTTPS profile. This knob defines the total number of headers in the HTTP request and response. The default value of the max_header_count is 64, and the value range is 0-4096. If the number of headers exceeds the value specified, then NSX Advanced Load Balancer rejects the HTTP request with the significant application logs.

https://avinetworks.com/docs/latest/application-profile/

That being said, it seems that the root cause of the issue is the default value of the max_header_count=64 which is not enough for the VCD HTTPS load balancer virtual service.

The solution is to increase the value of the header count, which can be done from the AVI controller CLI or the UI.

Increasing Max Header Count via NSX ALB Controller CLI:

Login to the NSX Advanced Load Balancer Controller and use the System-HTTP application profile under the configure application profile mode to set the value of max header count as shown below:

[admin:ctrl]: > configure applicationprofile System-Secure-HTTP
[admin:ctrl]: applicationprofile> http_profile
[admin:ctrl]: applicationprofile:http_profile> max_header_count
[admin:ctrl]: applicationprofile:http_profile> max_header_count 256
Overwriting the previously entered value for max_header_count
[admin:ctrl]: applicationprofile:http_profile> save
[admin:ctrl]: applicationprofile> save

Increasing Max Header Count via NSX ALB Controller UI:

To enable the Max Header Count option from the NSX Advanced load balancer UI, navigate to Application Profile > HTTP > DDoS and enter the value for Client Max Header Count.

The issue will be solved after increasing the max header count from 64 to 256. After that you will be able to access the VCD UI via the HTTPS virtual service on NSX ALB 22.1.1.

Hope this post is informative,

Thanks for reading,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...