Solved: FTP stop after HSRP failover

fsteininger · ‎03-30-2004

Hi, this question is looking like the one from Tan, submitted Jul 2, 2002, 11:17am PST. I have some new question and comments concerning this problem:

I have configure two routers on a network with HSRP.

I did a FTP from a client behind the 2 routers to a server sitting at a remote location. I also did a continue PING from the same client to the ftp server.

When the active router goes down and the standby took over, the FTP process stop but my PING can still continue after about 3 seconds (standby timer 1 3).

WHY did the FTP not carry on?

I put a sniffer in the network and I noticed that quite immediately the FTP client issues a connection reset (it is not looking like a timeout)

Further in my investigation I notice that the only difference in the FTP session (after the failover) is the source MAC adrress of the packets that the FTP client receives.

Is it possible that FTP is looking at the source MAC address of the packet and does not accept that this address changes during the file transfer ?

poggs · ‎04-01-2004

Do you have anything doing stateful inspection somewhere along the line? This would cause the ICMP echo-request packets to get through fine but the already established FTP session to be terminated.

View solution in original post

Kevin Dorrell · ‎03-30-2004

If you are running HSRP, the MAC address perceived by the client should not change - it should always be the virtual shared MAC address of the routers, and not the individual address of either of them.

It sounds like you are running HSRP on the server side, Are you sure your client is using the shared IP address as its gateway, and not the individual address of one of the routers? Is the gateway address configured in the FTP client software, or does it take the system default?

Also, there may be some issue if you are using proxy ARP, i.e. if the mask on your client is wider than that on your router ... is that the case by any chance?

Kevin Dorrell (CCNP)

Luxembourg

poggs · ‎04-01-2004

Do you have anything doing stateful inspection somewhere along the line? This would cause the ICMP echo-request packets to get through fine but the already established FTP session to be terminated.

fsteininger · ‎04-02-2004

Hi,

thank you for the idea.

I have a FWSM in the 6500 chassis. My FTP transfert is not crossing the FW module but for any reason as soon as I removed the "fixup protocol ftp 21" in the FW configuration, my FTP session was working fine.

Now I will go back to Cisco and open a Case concerning this strange behaviour.

Best regards

François

Report Inappropriate Content · ‎04-01-2004

The client is on the local subnet with HSRP router. And the Server connectivity do you have more detail? The client is sending(put) or receiving(get) data from the server?

Here's a couple ideas. Traffic from the server to the client isn't getting delivered. Is the subnet still being advertised on the "down" router? Is the router powered off or is connectivity off on that subnet? What I'm getting at is there a core router that's still load balancing to the two routers and traffic for every other packet is getting delivered? During the failover do you see retransmissions from the server or client? Do either systems time out connections after a certain number of retries? Then when one system tries to communication on a connection that it still has as established the other sends back a reset?