Loadbalancing FTP servers

Unanswered Question
Dec 6th, 2007
User Badges:
  • Bronze, 100 points or more

Hello all,

I've been given the task of setting up new rules for load balancing FTP servers. These servers will be available internally as well as externally to our network. We do a great deal of business critical FTP transfers among our customers. So the plan is to place multiple (at least two for now) FTP servers with a backend shared storage resource. I've configured a simple L3 rule to do this:

content FTP_DMZ

protocol tcp

add service FTP_DMZ

advanced-balance sticky-srcip

vip address

port 21


But the FTP session does not reach the server. I can FTP to the real address of the server through the LB (a 11501 running I cannot to the VIP.

Any help? I have tried the APP FTP-CONTROL, but that does not change the situation.

Thanks in advance for any input.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jphilope@cswg.com_2 Thu, 12/06/2007 - 11:13
User Badges:
  • Bronze, 100 points or more


I am not new to Loadbalancers. I do have my services and group defined. And as I stated, I have tried the APP FTP-CONTROL and it had no affect. Along with enabling APPLICATION globally.

Thanks for the reply.


bob_olson Thu, 01/03/2008 - 07:44
User Badges:

Are you doing Passive transfers? The reason I ask is that I have a TAC case open for a similar problem. As far as I understand the CSS is supposed to intercept/rewrite the data returned to the client in response to the passive command. In my situation, tcpdumps show the real IP of the server coming back to the client which isn't accessible directly. I still don't have a solution from Cisco Tac. If they fix my issue, I'll post here.


jphilope@cswg.com_2 Thu, 01/03/2008 - 08:24
User Badges:
  • Bronze, 100 points or more


Thanks, yes they are passive mode. Anything you find out will be appreciated.



This Discussion