Slow FTP connection behind F5

Network_center1 · ‎04-Nov-2019

Hello there,

I have an issue I don't understand.

Some customers connect on one of our FTP server behind the F5.

Public IP of the virtual server on port 21 > default pool > one server port 21

No irule nothing.

It lasts nearly 30 secondes between the login and the listing of the FTP content.

But if I try to connect on the FTP server with it's private IP it's instant.

I am not on the same vlan as the FTP so it goes through several switchs and firewalls in private and public.

Any idea? Thank you !

PeteWhite · ‎04-Nov-2019

Sounds like a problem with the DNS on the FTP server. Do a tcpdump and see what's happening, that is the place to start troubleshooting.

Network_center1 · ‎04-Nov-2019

Thanks for the answer.

I don't understand, why would it be linked to a DNS problem?

I did a tcpdump and there was not any error, only some 6sec blank between the login and the password request, an other blank between the password and message, and a last one before the directory listing.

boneyard · ‎10-Nov-2019

the idea about the DNS is because you say you connect internally on an IP and from the outside it is assumed DNS is used.

is that the case, do customers use DNS or IP?

the delay is odd, do you use a FTP profile on the virtual server?

is the delay the same for all customers?

Vijay_E · ‎11-Nov-2019

When you are connecting to the VS, are you using the public IP or the domain ? If domain, check to see the DNS resolution time and try and use the public IP instead of the domain to check if there is any difference in performance.

Network_center1 · ‎12-Nov-2019

Sorry I forgot that people indeed use the DNS name for this public IP, but I realized all my tests with the public IP directly and had the same issue.

I made some intensive tests and the issue seems to be related to the server behind because everyone always have these delays when connecting to this specific FTP service.

Our windows team is now investigating, therefore this topic can be forgotten and offered to Chtulhu 😄

Thanks for your suggestions 🙂

boneyard · ‎16-Nov-2019

thanks for reporting back, always good to see it ends up to be something different.

Network_center1 · ‎17-Nov-2019

Actually they didn't find anything, so there I am back to my issue :s

PeteWhite · ‎18-Nov-2019

You do have an ftp profile assigned to the virtual server, right?

Network_center1 · ‎19-Nov-2019

Yes the simple default "ftp".

Vijay_E · ‎17-Nov-2019

Tough to answer without seeing the packet capture. Are you seeing still seeing the same issue directly to the server and via F5 ? Try disabling Nagle's algorithm on F5 (or server) and see if it makes any difference.

Network_center1 · ‎17-Nov-2019

The issue is only via F5 ^^

I opened your link and don't understand much '^^

PeteWhite · ‎18-Nov-2019

Take a tcpdump to see where the issue is, there is no point guessing. Then you can define the problem better and target your investigation. I mentioned DNS before because the server often uses DNS to resolve the name of the incoming IP address. If it can’t do that eg SNAT then it can cause a delay on the server

Network_center1 · ‎19-Nov-2019

Did the tcpdump on the lan side, nothing to see here.

F5 > ftp request : USER usertest

ftp > F5 ACK

****

5second blank

****

ftp > F5 response : 331 password required for usetest

F5 > ftp ACK

The same when the password is sent, and when the directory is required.

boneyard · ‎30-Nov-2019

it would be useful to check both sides, is there anything coming from the FTP server which the BIG-IP doesn't pass through or does the BIG-IP wait on sending something.

this is way easier to trouble shoot for f5 support, if you haven't already open a support ticket.

Network_center1 · ‎18-Nov-2019

Yep, the basic ftp one.

I tried without it, no change.

Network_center1 · ‎01-Dec-2019

F5 support don't have a single clue on my issue, for them it's either server side or LAN side.

It's logical concidering that we only have this issue with this particular VS.

But it's doesn't help me much 😄

boneyard · ‎08-Dec-2019

so the delay starts at the FTP server? have you done a packet capture on the server to see if the delay of 5 seconds is actually there?

is there another FTP server to test wit

if you run the ftp command from the BIG-IP CLI does the same happen?

Network_center1 · ‎08-Dec-2019

Hello I found out the culprit in my problem....

There was an IP/account on internet spamming connection tries with a good ID but bad password, all the time, night and day....

It mays have overloaded the FTP server ( but only through the F5 strange ) and it slowed down any other connection from internet...

I deleted the account and banned the IP on the F5 > no more high latency....

I hate to spend weeks on stupid problems like that xD

PeteWhite · ‎08-Dec-2019

How did they not notice that on the FTP server? As you say, frustrating but good that you have found it. Thanks for updating us.

Network_center1 · ‎08-Dec-2019

Our windows team didn't notice anything, I requested a full access to investigate myself and find out there was a permanent connection with bad password....

neeeewbie · ‎28-Mar-2022

hi

did you configured nagle algorithm ?

I experience same thing, and I solved that after enabled nagle algorithm

DevCentral

Slow FTP connection behind F5