Recently I received a question from a tenant regarding the HTTP buffer size when using the NSX edge load balancer capabilities. They were trying to POST a Kerberos token to a second identity store, but the token did not arrive in its entirety.

It is known that a Kerberos token can get to extreme lengths when a user account is member of an incredible amount of groups. Unfortunately for this tenant, these cases do occur and they need to be able to handle them with their service. In the past, they had used other load balancers and they needed to increase the HTTP buffer size (up to 48KB) to accept these large headers.

Now the NSX edge load balancer is largely based on HAproxy and from what I could find it uses a default HTTP buffer size of 8KB. Clearly, this was not enough, but how to fix this. Fortunately, Martijn Smit was able to provide us with an answer in the form of an API call.

The API call applies on the entire NSX Edge so before you apply the change, do consider what this could mean if it runs several load balancer services.

Use the following URL to PUT change the buffer size:
https://nsxmanager/api/4.0/edges/{edgeId}/systemcontrol/config
Enter the following in the body:
<systemControl>
  <enabled>true</enabled>
  <property>lb.global.tune.bufsize=65536</property>
</systemControl>

In the example above the buffer is increased to 64KB.

After we changed the value the tenant was able to receive the entire token within their service.