After upgrading a Netscaler from a Classic (single CPU Core) to nCore (multi-core) version, FTP VServers utilizing the Active form of FTP randomly fail during the data transfer phase of the connection.  The failure can be in the form of a generic failure to establish the data connection during the PORT command or reception of the FTP error messages EADDRINUSE or WSAETIMEDOUT.

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Issue IDs 507908, 477507

• Upgrade to Netscaler 10.1 / Build 134.1 or newer.
• Depending on the environment, you may also need to enable the following:  (see http://docs.citrix.com/en-us/netscaler/10-1/ns-reference-con/netscaler-command-reference/ns/ns-param.html)

---

Problem Cause

Background:  With an Active FTP file transfer request, the client (Netscaler) uses the control port (usually port 21) to send a PORT command to the server, specifying which port the server should use to transfer the data.  The server then initiates a new connection to the client (Netscaler), with the destination port as defined in the previous PORT command.  (unlike Passive FTP, where all connections are initiated by the client/Netscaler).  

A good description of the Active FTP communication flow can be found here: http://www.slacksite.com/other/ftp.html

Issue:  When utilizing an Active FTP VServer on Netscaler, if the Control Port connection (Initiated by Netscaler) and Data port connection (initiated by Server) are not processed by the same CPU core, the CPU core responding to the data connection may be improperly notified of the proper port number, leading to the data connection failing.