load-balancing inbound sftp connections with ACE

Unanswered Question
Aug 26th, 2008
User Badges:


Can anyone share experiences or any info relating to issues that might be encountered when load-balancing sftp protocol?

The goal is to distribute inbound file deposits evenly across SFTP servers.

High-level Overview

Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers

Many Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Syed Iftekhar Ahmed Tue, 08/26/2008 - 10:30
User Badges:
  • Blue, 1500 points or more

SFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.

So you are good.

On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.

FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.


Syed Iftekhar Ahmed

anghesomt Fri, 05/18/2012 - 15:12
User Badges:

I would greatly appreciate if you can provide the following documents or links leading to any of these. I have been trying to configure ACE load balancing for SFTP and FTPS protocol.

You sttaed that FTPS can not be load balanced using ACE. Any official doc for this from Cisco.

Really appreciate it!

Surya ARBY Fri, 05/18/2012 - 23:38
User Badges:
  • Silver, 250 points or more

Use a L3 VIP with a sticky group based on source IP and use L4 load balancing; it may work only with FTPS in passive mode.

anghesomt Tue, 05/22/2012 - 12:05
User Badges:

How about FTPS in Active mode. That is what I am trying to achieve.


This Discussion