Guest

Cisco Services Modules

Configuring FTP Server Load Balancing Using IOS SLB

Cisco - Configuring FTP Server Load Balancing Using IOS SLB

Document ID: 12577

Updated: May 04, 2004

   Print

Introduction

This document provides a sample configuration for FTP server load balancing with the help of Cisco IOS Server Load Balancing (SLB).

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Catalyst 6000 family Supervisor Cisco IOS® Software Release 12.1(8)E for Supervisor Engine 1 with MSFC1 (c6sup11-jsv-mz.121-8a.E)

  • Microsoft Windows 2000/IIS FTP Servers

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Information

The Cisco IOS SLB feature is a Cisco IOS-based solution that provides server load balancing. This feature allows you to define a virtual server that represents a cluster of real servers, known as a server farm. When a client initiates a connection to the virtual server, the IOS SLB load balances the connection to a chosen real server, depending on the configured load balance algorithm or predictor.

When you use IOS SLB, you must configure FTP Server load balancing to operate in Dispatch mode. In this mode, the virtual address is known to the FTP servers. You must configure each of the FTP servers with loopback addresses for their unique loopback interface. This step is necessary to give each machine in the FTP server in the farm the same IP address as the virtual address. The FTP server can then respond directly to clients with the loopback address, just as the server would respond for its own IP address. IOS SLB redirects packets to the real server at Layer 2 at the media access control (MAC) layer. The virtual server IP address is not modified in dispatched mode. Therefore, the real servers must be Layer 2-adjacent to IOS SLB. Otherwise, intermediate routers cannot route to the chosen real server.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

config_ftpserver_lb.gif

Configurations

This document uses this configuration:

  • IOS SLB FTP Configuration Using Catalyst 5509

IOS SLB FTP Configuration Using Catalyst 5509
Current configuration: 
! 
version 12.1 
service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
! 
hostname cat 
! 
boot buffersize 126968 
boot system flash slot0:c6sup11-jsv-mz.121-8a.E.bin 
! 
redundancy 
 main-cpu 
  auto-sync standard 
ip subnet-zero 
! 

!--- FTP Serverfarm configuration.
 
ip slb serverfarm FTPFARM 
 real 10.1.1.3 
  inservice 
 !  
 real 10.1.1.4 
  inservice 
! 

!--- FTP Virtual configuration. 
!--- Important: Config Loopback address on FTP Server's with Virtual address.
 
ip slb vserver FTPSERVER 
 virtual 172.17.63.241 tcp ftp service ftp 
 serverfarm FTPFARM 
 inservice 
! 
interface GigabitEthernet1/1 
 no ip address 
 shutdown 
! 
interface GigabitEthernet1/2 
 no ip address 
 shutdown 
! 
interface FastEthernet2/1 
 description "Uplink to the Default Gateway" 
 no ip address 
 switchport 
 switchport access vlan 100 
! 
interface FastEthernet2/2 
 no ip address 
 shutdown 
! 
interface FastEthernet2/3 
 description "Connection to FTP server" 
 no ip address 
 switchport 
 switchport access vlan 200 
! 
interface FastEthernet2/4 
 description "Connection to FTP server" 
 no ip address 
 switchport 
 switchport access vlan 200 
! 
interface FastEthernet2/5 
 no ip address 
 shutdown 
! 
interface FastEthernet2/48 
 no ip address 
 shutdown 
! 
interface Vlan1 
 no ip address 
 shutdown 
! 

!--- Client Side Vlan. 

interface Vlan100 
 ip address 172.17.63.240 255.255.255.192 
! 

!--- FTP Server Vlan. 
!--- Important: Configure the default gateway of the FTP Server to this address.

interface Vlan200 
 ip address 10.1.1.250 255.255.255.0 
! 
ip classless 
ip route 0.0.0.0 0.0.0.0 172.17.63.193 
no ip http server 
! 
line con 0 
line vty 0 4 
 login 
! 
end

Note: In addition to IOS SLB, the Content Switching module is also available for the Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Router. This module provides high-performance connections between network devices server farms on the basis of information packets of Layer 4 through 7. For further details, refer to Cisco Content Switching Module.

Verify

Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

  • show ip slb vserver—Displays the virtual server information. Here is an example that displays the state of the virtual server and the number of connections:

    cat#show ip slb vserver 
    
    slb vserver    protocal   virtual                 state         conns 
    ----------------------------------------------------------------------
    FTPSERVER      TCP        172.17.63.241/32:21     OPERATIONAL    4
  • show ip slb reals—Displays the server farm information. This command shows the predictor used for load balancing. This example uses round robin (default). "None" appears under NAT because the device is in dispatched mode.

    cat#show ip slb serverfarm 
    
    server farm     predictor       nat        reals        bind id 
    ----------------------------------------------------------------- 
    FTPFARM         ROUNDROBIN      none          2           0

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

caution Caution: Debug output is assigned high priority in the CPU process. Therefore, debugging can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Cisco recommends that you use debug commands during periods of lower network flows and fewer users. Debugging during these periods reduces the effect of these commands on other users on the system.

Troubleshooting Commands

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

Note: Refer to Important Information on Debug Commands before you use debug commands.

  • debug ip slb {conns | reals | vservers | all}—Displays debug messages. Use the no form of this command in order to disable debugging. Here is the syntax description:

    Syntax Description
    conn Displays debug messages for all connections that IOS SLB currently handles.
    vservers Displays debug messages for all virtual servers defined to IOS SLB.
    reals Displays debug messages for all real servers defined to IOS SLB.
    all Displays all debug messages for IOS SLB.

    FTP sessions consist of two connections between the FTP Client and the FTP Server, namely, Control and Data.

  • debug ip slb connections

    Here is an example that uses Passive FTP. In simplest terms, this is how Passive FTP works:

    • One connection for the initial FTP control connection, which the client initiates to the server:

      2d22h: SLB_CONN_DEBUG: TCP event= SYN_CLIENT,
       state= INIT -> SYNCLIENT 
      2d22h:  v_ip= 172.17.63.241:21 (  5), real= 10.1.1.4 
      2d22h:  client= 171.70.24.233:35006 
      2d22h: SLB_CONN_DEBUG: TCP event= SYNACK_SERVER,
       state= SYNCLIENT -> ESTAB 
      2d22h:  v_ip= 172.17.63.241:21 (  5), real= 10.1.1.4 
      2d22h:  client= 171.70.24.233:35006 
    • The other connection for the FTP data connection, which is initiated from the client to the server:

      2d21h: SLB_CONN_DEBUG: TCP event= DATA_CLIENT,
       state= ESTAB -> ESTAB 
      2d21h:  v_ip= 172.17.63.241:21 (  5), real= 10.1.1.4 
      2d21h:  client= 171.70.24.233:34999 
      2d21h: SLB_CONN_DEBUG: TCP event= DATA_SERVER,
       state= ESTAB -> ESTAB 
      2d21h:  v_ip= 172.17.63.241:21 (  5), real= 10.1.1.4 
      2d21h:  client= 171.70.24.233:34999

Notice that in passive FTP, the client initiates both the control connection and the data connection. Passive mode refers to the Servers state, in that the server passively accepts both connections. In passive mode, both destination and source ports are 'ephemeral' ports (greater than 1023). The client drives the modes, as in each case the client must issue either the passive command, or the port command, to initiate the setup of the data connection. In each case the recipient of the data connection (server for passive mode, client for active mode) must supply the port number on which they listen for this specific connection. It is not ALWAYS port 20 for the data connection, even in active mode FTP. Nothing in the RFCs specifies that the ports to be used are 20 and 21, it is just convention. Many servers use ephemeral ports for the data connection.

% Cannot enable server nat because vserver [chars] has FTP enabled

This error message is displayed because the IOS SLB does not support FTP in NAT mode. The workaround is to use the Dispatch mode and loopbacks on the servers. For more information, see the Dispatched Mode Loopback section.

Dispatched Mode Loopback

After you have configured the FTP Serverfarm and Vserver feature on the Catalyst 6500, you must configure each real server with a loopback device or interface. Configure the IP address of the virtual server as the loopback IP address, with a netmask of 255.0.0.0.

Route Table 
     =========================================================================== 
     Interface List 
     0x1 ........................... MS TCP Loopback interface 
     0x2 ...00 60 b0 87 dc 1a ...... AMD PCNET Family Ethernet Adapter 
     0x1000004 ...02 00 4c 4f 4f 50 ...... MS LoopBack Driver 
     =========================================================================== 
     Active Routes: 
        Network         Destination     Netmask       Gateway   Interface Metric 
        0.0.0.0         0.0.0.0         10.1.1.250    10.1.1.3      1 
        10.1.1.0        255.255.255.0   10.1.1.3      10.1.1.3      1 
        10.1.1.3        255.255.255.255 127.0.0.1     127.0.0.1     1 
        10.255.255.255  255.255.255.255 10.1.1.3      10.1.1.3      1 
        127.0.0.0       255.0.0.0       127.0.0.1     127.0.0.1     1 
        172.17.63.241   255.255.255.255 127.0.0.1     127.0.0.1     1 
        224.0.0.0       224.0.0.0       10.1.1.3      10.1.1.3      1 
        224.0.0.0       224.0.0.0       172.17.63.241 172.17.63.241 1 
        255.255.255.255 255.255.255.255 10.1.1.3      10.1.1.3      1 
     ===========================================================================

Examine the network address in each row of the table, where you see the loopback address appears. For the servers to communicate properly, you need a reference to a well-known multicast network address. This is in the eighth row in the example, so you need to delete the extra default-route. This is the one whose network address begins with the same first digit as the cluster address, and is followed by three zeroes. In this example, the extra route is in the second row.

These are well-known multicast network addresses:

224.0.0.0      224.0.0.0    172.17.63.241      172.17.63.241       1

Here are automatically-installed default routes removed from the table in the example:

0.0.0.0          0.0.0.0    172.17.63.193   172.17.63.241          1

You must delete the extra route to allow proper communication with the SLB virtual server.

Related Information

Updated: May 04, 2004
Document ID: 12577