Intermittently Active FTP fails. From the logs and trace files we see that when it fails NetScaler is sending the SYN packet of Data-flow to the client on wrong interface and wrong core.

Workaround is to Disable -aftpAllowRandomSourcePort as shown below and then have the ftp server source the data connection from port 20 

> set ns param -aftpAllowRandomSourcePort DISABLED

After disabling when you will run "show ns param" it will show below:

Random source port selection for Active FTP: DISABLED

Below is the nstrace analysis for the reference:

From Working nstrace we see below behaviour:
==

PORT command is successful and client sends the PORT number its listening FOR Data traffic:


 

Then the TCP handshake happens from backend server to client for Data traffic successfully:

Packet 31 is from backend to Client:



Somehow we are not seeing the SYN packet from VIP to client but there is SYN-ACK from client to VIP in Packet 32:




In non-working case we see below behaviour:
===
Everything is fine till PORT command successful and client send the Port on which its listening:



Then Backend initiates the data-flow SYN to client on the Port given by client in Packet#32:



 

But the issue is below:

The SYN sent by VIP to Client for data is sent on wrong Core and wrong VLAN:



From the sh connectiontable output we see the below issue:
 
When the problem is present:
 
10..x.x.x    20      10.x.x.x     1045    NAT          12      NA           3               C     
10.x.x.x    20      10.x.x.x     64149   NAT          12      NA           0               S     
 
When vserver works correctly:
 
10..x.x.x    20      10..x.x.x     1039    NAT          18      NA           3               C     
10..x.x.x    20      10..x.x.x     64152   NAT          18      NA           3               S  

---

Problem Cause

The times it works correctly the Data connection and Control connection owner cores are the same while when it doesn’t work it sends it on different core.