CSM not passing ACK in FTP port 1985?

jcmattos1 · ‎10-19-2007

We have a pair of CSM 4.1.6 in bridge mode and we have a VIP for passive ftp set. We are seeing consistent errors with FTP port 1985. We took several captures and notice that conns show ESTAB on CSM but the client sends the SYN receives the SYNACK then sends the ACK but the ack never gets to the server and this only happens on port 1985. I also looked at the capture on the server and see that the ACK never gets to the server. We try TCP ports 1984 and 1986 everything works perfectly. Has anyone seen anything like this before?

vserver PSCO_FTP---21

virtual 10.x.2.100 tcp ftp service ftp

vlan 690

serverfarm PSCO_FTP---0000

persistent rebalance

inservice

!

serverfarm PSCO_FTP---0000

nat server

no nat client

predictor leastconns

real 10.x.5.100

inservice

real 10.x.6.100

inservice

probe PROD-FTP

!

EdSw02#sh mod csm 4 conns vserver PSCO_FTP---21 det

prot vlan source destination state

----------------------------------------------------------------------

In TCP 690 172.x.2.57:1985 10.x.2.100:21 ESTAB

Out TCP 691 10.x.6.100:21 172.x.2.57:1985 ESTAB

vs = PSCO_FTP---21, ftp = Control, csrp = False

sadbulali · ‎10-25-2007

The problem is particularly seen with an FTP client inititating the FIN.The CSM closes the connection and stops transmiting the ACK's ( sent in response to server's FIN) to the real.

This is inherent in CSM and no workaround available.

jcmattos1 · ‎10-25-2007

Thx sadbulali, I see...but according to the tcp dumps on client and server you never see a FIN in either direction. What you do see is the client sending SYN the real gets the SYN it sends a SYN/ACK and the client then receives the SYN/ACK then the client proceeds to send the ACK which never reaches the real server...And it seems to be stopping at the CSM.