Forum Discussion
nov1ce_120072
Nimbostratus
NimbostratusIssues with the FTP health monitor
Hello,
We're experiencing some strange issue with the FTP health monitor and I'd appreciate any hints.
We have a pair of two BIG-IP appliances (10.2.2 build 763.3 Final) in active/standby mode with the simple FTP health monitor:
Type: FTP
Interval: 300 sec
Up Interval: Disabled
Time Until Up: 0 sec
Timeout: 600 sec
Manual Resume: No
Mode: Passive
Alias Address: * All Addresses
The problem is that occasionally (once or twice per day) the FTP health monitor on both F5 nodes fails to access the FTP server. Here is the debug info:
********** Debugging session beginning at: Wed Aug 21 21:02:45 2013
Arguments 1-2:
::ffff:10.9.36.165
21
Environment variables:
DEBUG=yes
GET=/test.txt
MODE=passive
MON_TMPL_NAME=TEST-FTP
NODE_IP=::ffff:10.9.36.165
NODE_PORT=21
PASSWORD=xxxxx
USERNAME=test
--
Recvd: '220 Serv-U FTP Server v15.0 ready...
'
Recvd: '331 User name okay, need password.
'
Failed to login...
**********
The snippet from the FTP server log:
[02] Wed 21Aug13 21:02:45 - (002818) Connected to 10.9.36.172 (local address 10.9.36.165, port 21)
[21] Wed 21Aug13 21:02:45 - (002818) 220 Serv-U FTP Server v15.0 ready...
[20] Wed 21Aug13 21:02:45 - (002818) USER test
[21] Wed 21Aug13 21:02:45 - (002818) 331 User name okay, need password.
[20] Wed 21Aug13 21:02:45 - (002818) PASS **********
[20] Wed 21Aug13 21:02:53 - (002818) QUIT
[21] Wed 21Aug13 21:02:53 - (002818) 221 Goodbye, closing session.
[02] Wed 21Aug13 21:02:53 - (002818) Closed session
It fails on a random basis, the only common thing that I noticed is that there is 10-15 sec delay between PASS and QUIT. The self/cluster IP of F5's and the IP of FTP server are in the same network segment hence no firewall in between.
I initially blamed the FTP server, so I setup five clients simultaneously accessing it every minute (using bat scripts) and none of them experienced any issues with the login.
Could it be related to the F5 software version we're using or I miss some timeout settings in the configuration?
Thank you in advance.
boneyardMVP
no those 8 seconds should be only monitor related.
nov1ce_120072Thank you very much! I think you're absolutely right.
Does this 8 second limit affect FTP monitor only or the whole FTP flow?
I mean, let's assume my external users access the virtual FTP server (containing one FTP node) and experience occasional timeouts:
-
Either the monitor "falsely" mark the FTP node down (because of the 8 second limit)
-
Or the FTP node is up (according to the FTP monitor) so F5 passes traffic to the FTP server -- will the 8 second limit be introduced as well?
Thanks again!
-
- boneyard
well i believe you have hit the 8 second limit (which you can't change) in which the FTP server has to reply: http://support.f5.com/kb/en-us/solutions/public/14000/500/sol14509.html
so probably thats why the monitor gives up and quits, in my opinion it is a ftp server issue, the server should reply on the PASS ********* command but doesn't. the monitor marks the server up only on a succeful transfer and that doesn't happen here.
http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13612.html