CSM not passing ACK in FTP port 1985?

Unanswered Question
Oct 19th, 2007

We have a pair of CSM 4.1.6 in bridge mode and we have a VIP for passive ftp set. We are seeing consistent errors with FTP port 1985. We took several captures and notice that conns show ESTAB on CSM but the client sends the SYN receives the SYNACK then sends the ACK but the ack never gets to the server and this only happens on port 1985. I also looked at the capture on the server and see that the ACK never gets to the server. We try TCP ports 1984 and 1986 everything works perfectly. Has anyone seen anything like this before?

vserver PSCO_FTP---21

virtual 10.x.2.100 tcp ftp service ftp

vlan 690

serverfarm PSCO_FTP---0000

persistent rebalance



serverfarm PSCO_FTP---0000

nat server

no nat client

predictor leastconns

real 10.x.5.100


real 10.x.6.100


probe PROD-FTP


EdSw02#sh mod csm 4 conns vserver PSCO_FTP---21 det

prot vlan source destination state


In TCP 690 172.x.2.57:1985 10.x.2.100:21 ESTAB

Out TCP 691 10.x.6.100:21 172.x.2.57:1985 ESTAB

vs = PSCO_FTP---21, ftp = Control, csrp = False

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Thu, 10/25/2007 - 10:51

The problem is particularly seen with an FTP client inititating the FIN.The CSM closes the connection and stops transmiting the ACK's ( sent in response to server's FIN) to the real.

This is inherent in CSM and no workaround available.

jcmattos1 Thu, 10/25/2007 - 12:28

Thx sadbulali, I see...but according to the tcp dumps on client and server you never see a FIN in either direction. What you do see is the client sending SYN the real gets the SYN it sends a SYN/ACK and the client then receives the SYN/ACK then the client proceeds to send the ACK which never reaches the real server...And it seems to be stopping at the CSM.


This Discussion