BigIP LTM port translation - port selection process
Hey folks, We have a load-balanced FTP server system that formerly resided behind an F5 3400 running BigIP LTM 10.0.1. We have recently moved it to a new F5, a 3900 running version 10.2.4. On both load balancers, the F5 was/is doing port translation on some of the active mode FTP connections from clients connecting to the FTP pool (I believe the pool was set to "Preserve" but not "Preserve Strict", so sometimes it would pass through the client-supplied port number and sometimes it would translate it). On the 3400/10.0.1 system, the ports being assigned when port translation was in effect were assigned sequentially (sometimes skipping a few numbers here and there, but always incrementing in sequence). However, on the new 3900/10.2.4 system, the ports being assigned for translation appear to be completely random. This is causing an issue with a couple of clients who perform a large number of active mode FTP data connections (dozens or hundreds) in one command session; the F5 is regularly attempting to reuse one of the randomly selected port numbers that it already used for a previous (now closed) active mode data connection for the same client a few seconds before. The problem is that the prior connection that was using that port is still in TIME_WAIT on the server (which lasts for 60 seconds, the OS default), so when the server tries to open a new connection to the same IP using the same port, it fails. This causes the entire FTP job on the connecting client to fail. Is there any way to control the behavior of the port selection process on the 3900/10.2.4 F5 when doing port translation, e.g. make it assign ports in sequence like the old 3400/10.0.1 instead of randomly, or somehow prevent it from attempting to reuse the same randomly selected port number until a certain amount of time has passed (or even prevent it from reusing a port at all for data connections established by the same FTP command session)? Thanks, Dennis K645Views0likes6CommentsActive FTP VIP with port translation
Using SOL6557, I have successfully setup an FTP vserver, which works with active-mode FTP. It is working great. They key to this was an FTP profile with the data port configured as 0, which is essentially a wildcard and allows for the dynamic port selection of active-mode FTP. http://support.f5.com/kb/en-us/solutions/public/6000/500/sol6557.html?sr=33746306 However, I have an additional requirement, which is to have an Active-mode FTP vserver with port-translation. The port translation is where it breaks. I want the VIP to listen on port 21, however FTP is running on the servers on port 9021. I have searched for a solution with this scenario but have yet to find any guidance on DevCentral or F5.com. Please help, any suggestions?432Views0likes4Comments