NetScaler Behaviour When Load Balancing Passive FTP

NetScaler Behaviour When Load Balancing Passive FTP

book

Article ID: CTX202820

calendar_today

Updated On:

Description

This article describes the NetScaler behavior when load balancing passive FTP.

When NetScaler receives port information from the FTP server with ports to be used in passive mode, the NetScaler does not pass the same ports to the client. Instead, NetScaler uses its own range and it can be modified in Global Settings > FTP Port.

Before the change NetScaler advertises ports >= 60000 to the client and client uses this range:
Client: 192.168.2.1 
NetScaler: 192.168.2.112 

09:04:06.216186 IP 192.168.2.1.57357 > 192.168.2.112.60001: S 3502908648:3502908648(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> 
09:04:06.257237 IP 192.168.2.112.21 > 192.168.2.1.57356: . ack 104 win 8087 
09:04:09.222582 IP 192.168.2.1.57357 > 192.168.2.112.60001: S 3502908648:3502908648(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> 
09:04:15.216874 IP 192.168.2.1.57357 > 192.168.2.112.60001: S 3502908648:3502908648(0) win 8192 <mss 1460,nop,nop,sackOK> 

The following command is used to change the port range:
set ns param -ftpPortRange 10000-10009 

After the change:
09:11:49.705375 IP 192.168.2.1.57457 > 192.168.2.112.10000: S 3096374843:3096374843(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> 
09:11:49.745929 IP 192.168.2.112.21 > 192.168.2.1.57455: . ack 83 win 5840 
09:11:52.699761 IP 192.168.2.1.57457 > 192.168.2.112.10000: S 3096374843:3096374843(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> 
09:11:58.705559 IP 192.168.2.1.57457 > 192.168.2.112.10000: S 3096374843:3096374843(0) win 8192 <mss 1460,nop,nop,sackOK> 

Now client uses ports >= 10000.

In the following capture you can see in the FTP packet sent from NetScaler to client, NetScaler uses the range that is configured in global settings: 

1293    63.814218169    192.168.2.112    192.168.2.1    FTP    151    Response: 227 Entering Passive Mode (192,168,2,112,39,18) 
... 
File Transfer Protocol (FTP) 
227 Entering Passive Mode (192,168,2,112,39,18)\r\n 
Response code: Entering Passive Mode (227) 
Response arg: Entering Passive Mode (192,168,2,112,39,18) 
Passive IP address: 192.168.2.112 (192.168.2.112) 
Passive port: 10002 

Once port range is modified it doesn't affect FTP ports 20 & 21, FTP vserver uses the same ports 20/21 for FTP protocol: 

1989    79.170445373    192.168.3.100    192.168.3.249    FTP-DATA    1562    FTP Data: 1448 bytes 
... 
Transmission Control Protocol, Src Port: 20 (20), Dst Port: 10004 (10004), Seq: 5793, Ack: 1, Len: 1448

Issue/Introduction

This article describes the NetScaler behavior when load balancing passive FTP.
Powered by Wolken Software