fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Brocade ADX - FTP

The Brocade ADX offers 2 methods in which to configure FTP SLB (Server Load Balancing). These methods are :

Layer 3 - Uses the sticky and concurrent connection settings to provide FTP SLB.
Layer 4-7 - Provides FTP SLB via the use of FTP application awareness (introduced in version 12.3.1d).

1. Layer 3

To Load-balance either Passive and Active FTP Layer 3 persistence is configured.
Below shows the required commands :

Commands

  • port ftp concurrent  – Sticky and Concurrent ensures that Active and Passive FTP will work
  • port ftp sticky – Sticky ensures that Active FTP will work

Note : The Round Robin predictor is configured as this provides the best level of equal distribution for FTP traffic.

Example

server virtual VIP-XX.XX.XX.1-FTP 192.168.100.1
 predictor round robin
 port ftp
 port ftp concurrent 
 port ftp sticky     
 bind ftp REALSERVER1 ftp
 bind ftp REALSERVER2 ftp

2. Layer 4-7

From version 12.3.1d (onwards) the ADX is able to inspect FTP traffic using the upper layers of the OSI stack (layers 4-7). Because of this the configuration of sticky and concurrent connections are no longer required.
Below details the required commands to balance both Active or Passive FTP.

Commands

  • server ftp-pasv-concurrent – This command ensure that unique control connections are load balanced to different servers. Data connections from the client are associated to the correct Control connection by the inspection of the PORT command from within the FTP traffic stream.
  • server no-reset-for-established-session – By default, the ADX sends a RST to the client if the FTP port fails on the server. If required this can be disabled.

Example

server ftp-pasv-concurrent
server no-reset-for-established-session

server virtual VIP-XX.XX.XX.1-FTP 192.168.100.1
 port ftp
 bind ftp REALSERVER1 ftp REALSERVER2 ftp

 

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001