Forum Discussion
mikegray_198028
Cirrus
CirrusFTPS Loadbalancing
Can we load balance ftps, i am using V11.5.1 , i have created one VS for port 21 and another wildcard(any) VIP. But the passive mode returning server ip. Please see error.
Code
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (192,168,68,206,231,188).
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
Response: 550 The network connection was aborted by the local system.
Error: Failed to retrieve directory listing
Error: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error: Disconnected from server: ECONNABORTED - Connection aborted
iamczar_12961You cannot currently configure the BIG-IP LTM to terminate FTPS connections and offload SSL processing, but you can configure the BIG-IP LTM to load balance FTPS traffic using passthrough encryption.
SOL9347: Configuring passthrough FTPS load balancing https://support.f5.com/kb/en-us/solutions/public/9000/300/sol9347.html
- iamczar_12961
You cannot currently configure the BIG-IP LTM to terminate FTPS connections and offload SSL processing, but you can configure the BIG-IP LTM to load balance FTPS traffic using passthrough encryption.
SOL9347: Configuring passthrough FTPS load balancing https://support.f5.com/kb/en-us/solutions/public/9000/300/sol9347.html
mikegray_198028I followed the same document only but passive mode notworking
- mikegray_198028
Any idea
tysonn_247085Nimbostratus
hello mike, this is tyson, i hope that the answer i gave to your previous query "unable to ping" was helpful.Either you could have disabled arp on that or enabled echo icmp. i lost my previous account so i created a fresh one with an extra one. Any ways let us come to the point .... If configuring a masquerade address is not possible, you may be able to configure the server to use the IP address of the virtual server by binding the virtual server address to a network interface. so use: ifconfig [nic]:0 [IP-Address] netmask [mask] up on the back-end ftps server.i,e adding one more ip address to the nic of backend server. But ensure that this new ip would be the "vip ip ".
- tysonn_247085
one thing i want to add that by using command"ifconfig [nic]:0 [IP-Address] netmask [mask] up" ip address will be temporarily added on back-end server.so just test using the above command and if it works, goto https://www.garron.me/en/linux/add-secondary-ip-linux.html to find how to add another ip to NIC permanently.
- mikegray_198028when i try to add interface on ftp server with the same ip of VIP , am facing address conflict :(
- mikegray_198028
enabled passive promiscuous in ftp server and the issue got resolved