ACNS and transparent FTP

Unanswered Question
Jun 2nd, 2010
User Badges:

Hey all,


I'm trying to understand one thing with regards to transparent FTP proxy (via WCCPv2) and passive-mode FTP.


I realize that ACNS and routers have a special service group "60", which is used for native-ftp. However their documentaion is suspiciously lacking any technical details with regards to what traffic is sent to the cache-engine.


What I was looking to find out is:


When WCCP negotiates what traffic to redirect, typically the cache-engine tells the router what ports to redirect. Knowing that passive-FTP uses dynamic ports, does "service-group 60" somehow force the WCCP router to send all TCP ports to the ACNS cache-engine? Or is WCCP somehow stateful enough to only send the dynamically negotiated passive ports (which is hard to believe)?


Thanks for any and all help!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Zach Seils Tue, 06/22/2010 - 12:44
User Badges:
  • Cisco Employee,

The WCCP ftp-native service in ACNS redirects TCP traffic destined to ports 21 and 40020.  Intercepting port 21 gives us the FTP control connection.  In the event that the client requests passive mode, ACNS tells the client (over the control connection) to establish a connection on tcp/40020.  Since this port is already defined as part of the ftp-native WCCP service, this gives us the data connection as well.


If you're interested in checking what protocol/port(s) are defined as part of a WCCP service group, you can use the commands:


show wccp services detail - Command on ACNS and WAAS devices

show ip wccp service - Hidden IOS command, where is the numeric service ID for the service


If you have any additional questions, please let us know.


Regards,

Zach

Actions

This Discussion