Load Balancing FTP Servers

Posted: Wed, 22 October 2008 | permalink | No comments

While it's a protocol we all love to hate, and wish it would go away and die a quiet death, sometimes someone has a good reason for supporting FTP. (In my case, it's usually because that reason has a lot of money to provide to my employer). But what if you want your FTP servers load balanced (because downtime is for suckers)?

Obviously, you need to have some sort of shared filesystem behind all your load balanced FTP servers, but that's a rant for another day (but let me just say: if you're running GFS, especially on a busy site, may $DEITY have mercy on your soul).

Because of the silly random port games that FTP likes to play, it's not a trivial job to load balance an FTP service amongst multiple hosts. You can't just throw a round-robin on port 21 and hope to get anything useful going.

Ironically, while "active" FTP is a pain in the arse for most people, it's a lot easier to load balance, because the initial connection comes in on a well-known port which can be load-balanced, while all the other "random" connections are server-initiated and your standard routing/NATing/whatever you're doing for outgoing connectivity should be able to handle it.

However, passive FTP is a bigger pain. The problem is pretty simple to understand -- the FTP client will want to connect to a high port on the "virtual" (load-balanced) IP, and without serious traffic sniffing, your load balancer won't be able to map that incoming connection on port 54321 to the real server that actually wanted the connection.

The solution, thankfully, is fairly straightforward. You allocate a range of high ports (maybe a thousand or so) to each real server, with a different port range for each real server. You then tell the load balancer to send all traffic for each range of ports to the corresponding real server, and then configure that real server to put all it's passive connections into that port range (I'm fairly sure most FTP servers can support that bit of config).

So, unfortunately, you can no longer disallow FTP support on the basis that you can't load balance it. No shortage of other reasons, though.

Post a comment

All comments are held for moderation; markdown formatting accepted.

This is a honeypot form. Do not use this form unless you want to get your IP address blacklisted. Use the second form below for comments.
Name: (required)
E-mail: (required, not published)
Website: (optional)
Name: (required)
E-mail: (required, not published)
Website: (optional)
 
« Gawd I Love Virtualisation
Porting debian-installer to the DNS-323 »