https://community.cisco.com/t5/application-networking/load-balancing-ftp-server-thru-csm-using-a-single-client-ip/m-p/734507#M14062 <P>Hello,</P><P>We have a need to load balance 3 FTP servers. These servers are reached only from a single client IP which is a database server. The FTP method that is being used is currently passive. Our configuration is currently unidirectional, ie, the FTP client (the one database server) sends to the VIP and the FTP Servers then talk directly back to the FTP client and the traffic does not go back through the CSM. The problem is that because FTP negotiates another port to talk on, we have to use sticky so that the connection is sent back to the original FTP server that sent the FTP data port to talk on. But, since we only have a single client IP that is ever used we are not load balancing appropriately across the FTP servers.</P><P></P><P>Traffic flow goes something like this, tcp port followed after colon as an example</P><P>1. FTP Client ----&gt; VIP:21</P><P>2. CSM ---------&gt; FTP Server:21</P><P>3. FTP Server --------&gt; FTP Client(FTP server says come talk to me on port 1700)</P><P>4. FTP Client ---------&gt; VIP:1700</P><P>5. CSM ---------&gt; FTP Server:1700</P><P>6. FTP Server:1700 ---------&gt; FTP Client</P><P>repeat steps 4 thru 6</P><P></P><P>Here's our hardware and software:</P><P>WS-X6066-SLB-APC running 4.2(2)</P><P></P><P>Config is as follows</P><P>module ContentSwitchingModule 9</P><P> ft group 101 vlan 9</P><P> priority 10</P><P>!</P><P> vlan 216 client</P><P> ip address 10.209.16.31 255.255.252.0</P><P> gateway 10.209.16.1</P><P>!</P><P> vlan 20 server</P><P> ip address 10.209.0.31 255.255.252.0</P><P> alias 10.209.0.11 255.255.252.0</P><P></P><P>probe ICMP1 icmp</P><P> interval 3</P><P> failed 3</P><P> receive 3</P><P></P><P>serverfarm FHEPRT</P><P> no nat server</P><P> no nat client</P><P> real 10.209.0.72</P><P> inservice</P><P> real 10.209.0.73</P><P> inservice</P><P> real 10.209.0.71</P><P> inservice</P><P> probe ICMP1</P><P></P><P> sticky 106 netmask 255.255.255.255 address source timeout 3</P><P></P><P> policy FHEPRT_POL1</P><P> sticky-group 106</P><P> serverfarm FHEPRT</P><P></P><P> vserver FHEPRT1</P><P> virtual 10.209.16.71 any</P><P> vlan 216</P><P> unidirectional</P><P> serverfarm FHEPRT</P><P> replicate csrp connection</P><P> no persistent rebalance</P><P> slb-policy FHEPRT_POL1</P><P> inservice</P><P>!</P><P></P> Tue, 27 Mar 2007 01:33:04 GMT hoelpf1 2007-03-27T01:33:04Z https://community.cisco.com/t5/application-networking/load-balancing-ftp-server-thru-csm-using-a-single-client-ip/m-p/734507#M14062 <P>Hello,</P><P>We have a need to load balance 3 FTP servers. These servers are reached only from a single client IP which is a database server. The FTP method that is being used is currently passive. Our configuration is currently unidirectional, ie, the FTP client (the one database server) sends to the VIP and the FTP Servers then talk directly back to the FTP client and the traffic does not go back through the CSM. The problem is that because FTP negotiates another port to talk on, we have to use sticky so that the connection is sent back to the original FTP server that sent the FTP data port to talk on. But, since we only have a single client IP that is ever used we are not load balancing appropriately across the FTP servers.</P><P></P><P>Traffic flow goes something like this, tcp port followed after colon as an example</P><P>1. FTP Client ----&gt; VIP:21</P><P>2. CSM ---------&gt; FTP Server:21</P><P>3. FTP Server --------&gt; FTP Client(FTP server says come talk to me on port 1700)</P><P>4. FTP Client ---------&gt; VIP:1700</P><P>5. CSM ---------&gt; FTP Server:1700</P><P>6. FTP Server:1700 ---------&gt; FTP Client</P><P>repeat steps 4 thru 6</P><P></P><P>Here's our hardware and software:</P><P>WS-X6066-SLB-APC running 4.2(2)</P><P></P><P>Config is as follows</P><P>module ContentSwitchingModule 9</P><P> ft group 101 vlan 9</P><P> priority 10</P><P>!</P><P> vlan 216 client</P><P> ip address 10.209.16.31 255.255.252.0</P><P> gateway 10.209.16.1</P><P>!</P><P> vlan 20 server</P><P> ip address 10.209.0.31 255.255.252.0</P><P> alias 10.209.0.11 255.255.252.0</P><P></P><P>probe ICMP1 icmp</P><P> interval 3</P><P> failed 3</P><P> receive 3</P><P></P><P>serverfarm FHEPRT</P><P> no nat server</P><P> no nat client</P><P> real 10.209.0.72</P><P> inservice</P><P> real 10.209.0.73</P><P> inservice</P><P> real 10.209.0.71</P><P> inservice</P><P> probe ICMP1</P><P></P><P> sticky 106 netmask 255.255.255.255 address source timeout 3</P><P></P><P> policy FHEPRT_POL1</P><P> sticky-group 106</P><P> serverfarm FHEPRT</P><P></P><P> vserver FHEPRT1</P><P> virtual 10.209.16.71 any</P><P> vlan 216</P><P> unidirectional</P><P> serverfarm FHEPRT</P><P> replicate csrp connection</P><P> no persistent rebalance</P><P> slb-policy FHEPRT_POL1</P><P> inservice</P><P>!</P><P></P> Tue, 27 Mar 2007 01:33:04 GMT https://community.cisco.com/t5/application-networking/load-balancing-ftp-server-thru-csm-using-a-single-client-ip/m-p/734507#M14062 hoelpf1 2007-03-27T01:33:04Z https://community.cisco.com/t5/application-networking/load-balancing-ftp-server-thru-csm-using-a-single-client-ip/m-p/734508#M14063 <HTML><HEAD></HEAD><BODY><P></P><P>You are missing "service ftp" config in the Vip definition. Try the following</P><P></P><P>vserver FHEPRT1</P><P>virtual 10.209.16.71 tcp ftp service ftp</P><P> </P><P></P><P>Syed Iftekhar Ahmed</P></BODY></HTML> Tue, 27 Mar 2007 08:59:40 GMT https://community.cisco.com/t5/application-networking/load-balancing-ftp-server-thru-csm-using-a-single-client-ip/m-p/734508#M14063 Syed Iftekhar Ahmed 2007-03-27T08:59:40Z https://community.cisco.com/t5/application-networking/load-balancing-ftp-server-thru-csm-using-a-single-client-ip/m-p/734509#M14064 <HTML><HEAD></HEAD><BODY><P>Thanks. That will work, but we have to take out of dispatch mode or make it non unidirectional. The traffic has to go back through the CSM for this to function and we are looking at that.</P></BODY></HTML> Tue, 27 Mar 2007 16:11:34 GMT https://community.cisco.com/t5/application-networking/load-balancing-ftp-server-thru-csm-using-a-single-client-ip/m-p/734509#M14064 hoelpf1 2007-03-27T16:11:34Z