Technical data
62 ServerIron ADX Advanced Server Load Balancing Guide
53-1002435-03
Other transparent cache switching options
2
Traffic flow of passive FTP
Using normal or passive FTP, a client begins a session by sending a request to communicate
through TCP port 21, the port that is conventionally assigned for this use at the FTP server. This
communication is known as the Control Channel connection.
Figure 12 shows passive FTP packet flow. Using passive FTP, a PASV command is sent instead of a
PORT command. Instead of specifying a port that the server can send to, the PASV command asks
the server to specify a port it wishes to use for the Data Channel connection. The server replies on
the Control Channel with the port number which the client then uses to initiate an exchange on the
Data Channel. The server will thus always be responding to client-initiated requests on the Data
Channel and the firewall can correlate these.
FIGURE 12 Traffic flow for passive FTP
Topologies supported
The following topologies are supported by passive FTP for TCS on the ServerIron ADX:
• Basic TCS
• TCS with spoofing
Basic TCS
Figure 13 shows the packet flow in a basic TCS configuration. In this example, Flows 1 and 2 are
the Control Channel and Data Channel between the client and cache servers. Both flows are
opened by the client. If the cache server does not have the information, it establishes Flows 3 and
4, which are the Control Channel and Data Channel between the cache server and the real server.
SYN
SYN ACK
Port X
Port X
Port X
Port 21
Port 21
Port 21
ACK
Port X
Port X
Port 21
Port 21
PASV
PASV OK, IP address, Port Y
SYN
SYN ACK
ACK
Port Z
Port Z
Port Z
Port Y
Port Y
Port Y
Port Z Port 21
LIST, RETR, or STOR
Data segments and ACKs
Port Z
Port Y
FTP Client
User lists directory or gets or puts a le
FTP Server