cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Transfer failed when file using vsftpd is 0 byte

Ponta
Nimbostratus
Nimbostratus

My BIG-IP system has the following configuration.

 

FireWall (Juniper) is the top of BIG-IP4600 (ver 13.1.1.4). From there, a number of VPN tunnels to the remote VPN router are set up.

The remote VPN router has multiple FTP servers (NW cameras) and constantly sends data to vsftpd under the BIG-IP system in active FTP mode.

The FTP server timeout is very short. About 10 seconds?

 

====================================================================

In my BIG-IP system, multiple virtual servers are set as FTP destinations for an FTP server (NW camera).

 

ltm virtual FTP_VIP01 {

  address-status yes

  app-service none

  auth none

  auto-lasthop default

  bwc-policy none

  clone-pools none

  cmp-enabled yes

  connection-limit 0

  description none

  destination "FTP DST address":ftp

  enabled

  fallback-persistence none

  flow-eviction-policy none

  gtm-score 0

  ip-protocol tcp

  last-hop-pool none

  mask 255.255.255.255

  metadata none

  mirror disabled

  mobile-app-tunnel disabled

  nat64 disabled

  partition Common

  per-flow-request-access-policy none

  persist none

  policies none

  pool "POOL of vsftpd client"

  profiles {

    tcp {

      context all

    }

    ftp {

      context all

    }

  }

  rate-class none

  rate-limit disabled

  rate-limit-dst-mask 0

  rate-limit-mode object

  rate-limit-src-mask 0

  related-rules none

  rules none

  security-log-profiles none

  service-down-immediate-action none

  service-policy none

  source 0.0.0.0/0

  source-address-translation {

    pool none

    type automap

  }

  source-port preserve

  syn-cookie-status not-activated

  traffic-classes none

  translate-address enabled

  translate-port enabled

  transparent-nexthop none

  urldb-feed-policy none

  vlans none

  vlans-disabled

  vs-index 428

}

 

========================================================================

 

I am facing a problem now.

Occurs when the line between the FTP server (NW camera) and the BIG-IP system is unstable.

The FTP server (NW camera) notifies vsftpd of the file name via the BIG-IP system on the connection on port 21. The FTP server (NW camera) does not try to retrieve files via the BIG-IP system.

The strange thing is that the file is 0 bytes and only the name exists in the destination directory.

 

I have investigated a lot about this phenomenon. When executing tcpdump with vsftpd, "Response: 426 Failure reading reading network stream" was sent from vsftpd to the BIG-IP system.

Then, if the corresponding file name was deleted from the destination directory, the file was successfully received. (Not 0 byte)

However, if the FTP server (NW camera) and BIG-IP system line become unstable, this phenomenon will reoccur.

 

Is this related to the configuration of the ftp profile on the BIG-IP system?

I want to hear your opinion.

 

By the way, this phenomenon does not occur with BIG-IP3900 (ver 10.2.2).why?

0 REPLIES 0