FTP establishes 2 TCP connections, one for control connection and one for data connection.
First control connection is established. It is established from client to server, usually to 21 port.
Then data connection is established using another port which is decided by PASV command or PORT command.
In passive FTP, the client issues PASV command and the server responds with its IP address / port. The client establishes the data connection accordingly.
In active FTP, the client issues PORT comannd to specify the IP address / port and the server establishes the data connection accordingly.
Files are transferred on the data connection.
LB must understand PASV and PORT commands and handle the data connection properly.
This feature is called FTP ALG.
For example, LB must do the following to handle passive FTP.
1. Catch the response to PASV command.
2. Replace the IP address / port in the response.
It is originally the IP address / port of the backend server, but LB replaces it with its own IP address / port so that clients can establish the data connection to the VIP of LB.
3. Apply dynamic NAT rules to forward the data connection to the appropriate backend server / port as the control connection.
Edge LB utilizes IPVS to support FTP ALG.
IPVS is a load balancer that is built in Linux kernel.
If FTP is over IPv6, FTP uses extended commands defined in RFC 2428, EPSV and EPRT, instead of PASV and PORT commands.
They are required for FTP to support IPv6 addresses because PASV and PORT commands support only IPv4 addresses.
- Support for FTP over IPv6
Currently Linux kernel of NSX Edge does not recognize the extended commands and FTP ALG can not be applied.
As a result, NSX Edge does not support load balancing of FTP over IPv6.