04-03-2009 01:04 PM
Has anyone load balanced FTP on the ACE? If so can you please leave a configuration example?
Thank you,
John...
Solved! Go to Solution.
04-03-2009 03:09 PM
class-map match-any FTP
2 match virtual-address 10.10.10.100 tcp eq ftp
policy-map type loadbalance first-match FTP-POLICY
class class-default
serverfarm FTP-SFarm
policy-map multi-match VIPS
class FTP
loadbalance vip inservice
loadbalance policy FTP-POLICY
loadbalance vip icmp-reply
inspect ftp
Syed
04-04-2009 09:08 AM
Hi,
If you want FTP passive mode to work then in addition to the above configuration also add
class-map match-any FTP
match virtual-address 10.10.10.100 tcp range 1023 65535
Regards
04-08-2009 03:48 PM
Kindly find these two examples for FTP load balance method in cisco ACE:
1. FTP serverfarm on Cisco ACE
http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html
2. FTP Load Balancing on ACE in Routed Mode Configuration Example
http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_Routed_Mode_Configuration_Example
3. FTP Load Balancing on ACE in One-Arm Mode Configuration Example
http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_One-Arm_Mode_Configuration_Example
Sachin
04-03-2009 03:09 PM
class-map match-any FTP
2 match virtual-address 10.10.10.100 tcp eq ftp
policy-map type loadbalance first-match FTP-POLICY
class class-default
serverfarm FTP-SFarm
policy-map multi-match VIPS
class FTP
loadbalance vip inservice
loadbalance policy FTP-POLICY
loadbalance vip icmp-reply
inspect ftp
Syed
04-04-2009 09:08 AM
Hi,
If you want FTP passive mode to work then in addition to the above configuration also add
class-map match-any FTP
match virtual-address 10.10.10.100 tcp range 1023 65535
Regards
04-06-2009 05:38 AM
Thank you Guys.
04-08-2009 08:58 AM
James
Wouldn't the ACE Ftp inspect also open the ports on the vip for the traffic to be loadbalanced? What you described raises security concerns. You could possibly have a firewall in front of the ACE doing the filtering (and ftp inspect)
04-08-2009 03:48 PM
Kindly find these two examples for FTP load balance method in cisco ACE:
1. FTP serverfarm on Cisco ACE
http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html
2. FTP Load Balancing on ACE in Routed Mode Configuration Example
http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_Routed_Mode_Configuration_Example
3. FTP Load Balancing on ACE in One-Arm Mode Configuration Example
http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_One-Arm_Mode_Configuration_Example
Sachin
04-08-2009 11:01 PM
I think this commands were only needed as a workaround for an old defect.
With the latest versions, I don't think this is required anymore.
FTP inspection should take care of everything.
Gilles
04-27-2009 11:58 AM
Well Gilles
I went ahead and tried it in the labs. If you don't open the range of ports, ftp pasv does not work. Inspect ftp doesn't seem to resolv the issue.
04-29-2009 05:34 AM
you don't need to modify the FTP class.
However, if you do client-nat, you need to create a new class and a new policy to perform client nat on the data connection.
Unfortunately, inspect FTP can't do that alone.
So you should have
class ftp
match virt x.x.x.x tcp eq 21
class ftp-data-nat
match virt x.x.x.x tcp range ...
policy multi FTP
class ftp
load ...
nat dynamic ...
inspect ftp
class ftp-data-nat
nat dynamic ...
Without client nat, the class ftp-data-nat is not required for passive ftp to work.
Gilles.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide