Manual Chapter : Load Balancing Passive Mode FTP Traffic with Data Channel Optimization

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP APM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Analytics

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Link Controller

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP LTM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP PEM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP AFM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP DNS

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP ASM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Manual Chapter

Load Balancing Passive Mode FTP Traffic with Data Channel Optimization

Overview: FTP passive mode load balancing with data channel optimization

You can set up the BIG-IP system to load balance passive mode FTP traffic, with optimization of both the FTP control channel and the data channel.
By default, the BIG-IP system optimizes FTP traffic for the control channel, according to the configuration settings in the default client and server TCP profiles assigned to the virtual server. When you use this particular implementation, you also configure the system to take advantage of those same TCP profile settings for the FTP data channel. This provides useful optimization of the data channel payload.

Task summary for load balancing passive mode FTP traffic

You can perform these tasks to configure FTP passive mode load balancing that optimizes traffic on both the control channel and data channel.

Creating a custom FTP profile

You create a custom FTP profile when you want to fine-tune the way that the BIG-IPsystem manages FTP traffic. This procedure creates an FTP profile and optimizes the way that the BIG-IP system manages traffic for the FTP data channel.
  1. On the Main tab, click
    Local Traffic
    Profiles
    Services
    FTP
    .
    The FTP profile list screen opens.
  2. Click
    Create
    .
    The New FTP Profile screen opens.
  3. In the
    Name
    field, type a unique name for the profile.
  4. From the
    Parent Profile
    list, select the default
    ftp
    profile.
  5. Select the
    Custom
    check box.
  6. For the
    Inherit Parent Profile
    setting, select the check box.
    This optimizes data channel traffic.
  7. Click
    Finished
    .
The custom FTP profile now appears in the FTP profile list screen.

Creating a custom FTP monitor

An FTP monitor requires a user name and password, and the full path to the file to be downloaded.
The BIG-IP system does not save the downloaded file.
Create a custom FTP monitor to verify passive mode File Transfer Protocol (FTP) traffic. The monitor attempts to download a specified file to the
/var/tmp
directory. If the file is retrieved, the verification is successful.
The BIG-IP system does not save the downloaded file.
  1. On the Main tab, click
    Local Traffic
    Monitors
    .
    The Monitors List screen opens.
  2. Click
    Create
    .
    The New Monitor screen opens.
  3. In the
    Name
    field, type a name for the monitor.
  4. From the
    Type
    list, select
    FTP
    .
    The screen refreshes, and displays the configuration options for the
    FTP
    monitor type.
  5. From the
    Import Monitor
    list, select an existing monitor.
    The new monitor inherits initial configuration values from the existing monitor.
  6. In the
    Interval
    field, type a number that indicates, in seconds, how frequently the system issues the monitor check. The default is
    10
    seconds.
    The frequency of a monitor check must be greater than the value of the global-level
    Heartbeat Interval
    setting. Otherwise, the monitor can acquire out-of-date data.
  7. In the
    Timeout
    field, type a number that indicates, in seconds, how much time the target has to respond to the monitor check. The default is
    31
    seconds.
    If the target responds within the allotted time period, it is considered up. If the target does not respond within the time period, it is considered down.
  8. Type a name in the
    User Name
    field.
  9. Type a password in the
    Password
    field.
  10. In the
    Path/Filename
    field, type the full path and file name of the file that the system attempts to download.
    The health check is successful if the system can download the file.
  11. For the
    Mode
    setting, select one of the following data transfer process (DTP) modes.
    Passive
    The monitor sends a data transfer request to the FTP server. When the FTP server receives the request, the FTP server initiates and establishes the data connection.
    Port
    The monitor initiates and establishes the data connection with the FTP server.
  12. From the
    Configuration
    list, select
    Advanced
    .
    This selection makes it possible for you to modify additional default settings.
  13. For the
    Up Interval
    setting, specify whether to use the up interval:
    • If you do not want to use the up interval, Retain the default,
      Disabled
      .
    • To use the up interval, select
      Enabled
      , and specify how often you want the system to verify the health of a resource that is up.
  14. In the
    Time Until Up
    field, type a number that indicates the number of seconds to wait after a resource first responds correctly to the monitor before setting the resource to up.
    The default value is
    0
    (zero), which disables this option.
  15. For
    Manual Resume
    , specify whether the system automatically enables the monitored resource when the monitor check is successful.
    This setting applies only when the monitored resource has failed to respond to a monitor check.
    Yes
    The system does nothing when the monitor check succeeds, and you must manually enable the monitored resource.
    No
    The system automatically re-enables the monitored resource after the next successful monitor check.
  16. For the
    Alias Address
    setting, specify an alias IP address:
    • Retain the
      *All Addresses
      default option.
    • Type an alias IP address for the monitor to verify, on behalf of the pools or pool members with which the monitor is associated.
    If the health check for the alias address is successful, the system marks all associated objects
    up
    . If the health check for the alias address is not successful, then the system marks all associated objects
    down
    .
  17. For the
    Alias Service Port
    setting, specify an alias port or service for the monitor to check:
    • Accept the
      *All Ports
      default option.
    • Select an alias port or service for the monitor to check, on behalf of the pools or pool members with which the monitor is associated.
    If the health check for the alias port or service is successful, the system marks all associated objects up. If the health check for the alias port or service is not successful, then the system marks all associated objects down.
  18. For the
    Debug
    setting, specify whether you want the system to collect and publish additional information and error messages for this monitor.
    You can use the log information to help diagnose and troubleshoot unsuccessful health checks. To view the log entries, see the
    System
    Logs
    screens.
    Yes
    The system redirects error messages and other information to a log file created specifically for this monitor.
    No
    The system does not collect additional information or error messages related to this monitor. This is the default setting.
  19. Click
    Finished
    .
You can associate the new custom monitor with the pool that contains the FTP resources.

Creating a pool to manage FTP traffic

To load balance passive mode FTP traffic, you create a load balancing pool. When you create the pool, you assign the custom FTP monitor that you created in the previous task.
  1. On the Main tab, click
    Local Traffic
    Pools
    .
    The Pool List screen opens.
  2. Click
    Create
    .
    The New Pool screen opens.
  3. In the
    Name
    field, type a unique name for the pool.
  4. For the
    Health Monitors
    setting, in the
    Available
    list, select a monitor type, and click
    <<
    to move the monitor to the
    Active
    list.
    Hold the Shift or Ctrl key to select more than one monitor at a time.
  5. From the
    Priority Group Activation
    list, select
    Disabled
    .
  6. Add each resource that you want to include in the pool using the
    New Members
    setting:
    1. Type an IP address in the
      Address
      field.
    2. Type
      21
      in the
      Service Port
      field, or select
      FTP
      from the list.
    3. (Optional) Type a priority number in the
      Priority
      field.
    4. Click
      Add
      .
  7. Click
    Finished
    .
The pool to manage FTP traffic appears in the Pools list.

Creating a virtual server for FTP traffic

You can define a virtual server that references the FTP profile and the FTP pool.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
    field, type a unique name for the virtual server.
  4. For the
    Destination Address/Mask
    setting, confirm that the
    Host
    button is selected, and type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is
    10.0.0.1
    or
    10.0.0.0/24
    , and an IPv6 address/prefix is
    ffe1::0020/64
    or
    2001:ed8:77b5:2:10:10:100:42/64
    . When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
    /32
    prefix.
    The IP address you type must be available and not in the loopback network.
  5. In the
    Service Port
    field, type
    21
    or select
    FTP
    from the list.
  6. From the
    FTP Profile
    list, select the custom profile that you created earlier.
  7. Locate the Resources area of the screen; for the
    Related iRules
    setting, from the
    Available
    list, select the name of the iRule that you want to assign and move the name to the
    Enabled
    list.
    This setting applies to virtual servers that reference a profile for a data channel protocol, such as FTP or RTSP.
  8. In the Resources area of the screen, from the
    Default Pool
    list, select the relevant pool name.
  9. Click
    Finished
    .
The custom FTP virtual server appears in the Virtual Servers list.

Implementation result

A BIG-IP system with this configuration can process FTP traffic in passive mode, in a way that optimizes the traffic on both the control channel and the data channel. This optimization is based on the settings of the default client-side and server-side TCP profiles.