Load Balancing FTP Server thru CSM using a single Client IP

Unanswered Question
Mar 26th, 2007

Hello,

We have a need to load balance 3 FTP servers. These servers are reached only from a single client IP which is a database server. The FTP method that is being used is currently passive. Our configuration is currently unidirectional, ie, the FTP client (the one database server) sends to the VIP and the FTP Servers then talk directly back to the FTP client and the traffic does not go back through the CSM. The problem is that because FTP negotiates another port to talk on, we have to use sticky so that the connection is sent back to the original FTP server that sent the FTP data port to talk on. But, since we only have a single client IP that is ever used we are not load balancing appropriately across the FTP servers.

Traffic flow goes something like this, tcp port followed after colon as an example

1. FTP Client ----> VIP:21

2. CSM ---------> FTP Server:21

3. FTP Server --------> FTP Client(FTP server says come talk to me on port 1700)

4. FTP Client ---------> VIP:1700

5. CSM ---------> FTP Server:1700

6. FTP Server:1700 ---------> FTP Client

repeat steps 4 thru 6

Here's our hardware and software:

WS-X6066-SLB-APC running 4.2(2)

Config is as follows

module ContentSwitchingModule 9

ft group 101 vlan 9

priority 10

!

vlan 216 client

ip address 10.209.16.31 255.255.252.0

gateway 10.209.16.1

!

vlan 20 server

ip address 10.209.0.31 255.255.252.0

alias 10.209.0.11 255.255.252.0

probe ICMP1 icmp

interval 3

failed 3

receive 3

serverfarm FHEPRT

no nat server

no nat client

real 10.209.0.72

inservice

real 10.209.0.73

inservice

real 10.209.0.71

inservice

probe ICMP1

sticky 106 netmask 255.255.255.255 address source timeout 3

policy FHEPRT_POL1

sticky-group 106

serverfarm FHEPRT

vserver FHEPRT1

virtual 10.209.16.71 any

vlan 216

unidirectional

serverfarm FHEPRT

replicate csrp connection

no persistent rebalance

slb-policy FHEPRT_POL1

inservice

!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Tue, 03/27/2007 - 01:59

You are missing "service ftp" config in the Vip definition. Try the following

vserver FHEPRT1

virtual 10.209.16.71 tcp ftp service ftp

Syed Iftekhar Ahmed

hoelpf1 Tue, 03/27/2007 - 09:11

Thanks. That will work, but we have to take out of dispatch mode or make it non unidirectional. The traffic has to go back through the CSM for this to function and we are looking at that.

Actions

This Discussion