load-balancing inbound sftp connections with ACE

Unanswered Question
Aug 26th, 2008

Hi,

Can anyone share experiences or any info relating to issues that might be encountered when load-balancing sftp protocol?

The goal is to distribute inbound file deposits evenly across SFTP servers.

High-level Overview

Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers

Many Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Syed Iftekhar Ahmed Tue, 08/26/2008 - 10:30

SFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.

So you are good.

On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.

FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.

HTH

Syed Iftekhar Ahmed

anghesomt Fri, 05/18/2012 - 15:12

I would greatly appreciate if you can provide the following documents or links leading to any of these. I have been trying to configure ACE load balancing for SFTP and FTPS protocol.

You sttaed that FTPS can not be load balanced using ACE. Any official doc for this from Cisco.

Really appreciate it!

Surya ARBY Fri, 05/18/2012 - 23:38

Use a L3 VIP with a sticky group based on source IP and use L4 load balancing; it may work only with FTPS in passive mode.

anghesomt Tue, 05/22/2012 - 12:05

How about FTPS in Active mode. That is what I am trying to achieve.

Actions

This Discussion