GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: static route for port 21 [7:45682] posted 06/03/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


to the famous "what problem are you trying to solve? should we also add
Murphy's corollary: "what problem are you trying to create?" ???

we do see so many questions about "how do I load share?" and none at all
about "how does the law of unintended consequences apply?"

BTW, having worked in a situation where I had equal cost paths to each of my
branch offices, I don't ever recall having telnet issues, even when during a
telnet session I deliberately shut down one of the links to a remote. I
appreciate your very thorough and sequence based presentation of the FTP
process, because now it begins to make sense as to how, why, and where the
FTP problem described has occurred.

Chuck


""Priscilla Oppenheimer""  wrote in message
news:200206031731.NAA18345@xxxxxxxxxxxxxxxxx
> Although I can't answer your question, I can tell you how FTP works and
> maybe that will help. I can believe that it has problems in your
situation!
> ;-)
>
> FTP does not use both TCP and UDP. It does, however, open multiple TCP
> connections.
>
> Assuming you are using Active (non-passive, aka PORT mode), here's what
> happens:
>
> 1. The client sends a TCP SYN to the well-known FTP control port (port 21)
> on the server. The client uses an ephemeral (short-lived, not well-known,
> greater than 1024) port as its source port.
> 2. The server sends the client a SYN ACK from port 21 to the ephemeral
port
> on the client.
> 3. The client sends an ACK. The client uses this connection to send FTP
> commands and the server uses this connection to send FTP replies.
> 4. When the user requests a directory listing or initiates the sending or
> receiving of a file, the client software sends a PORT command that
includes
> an ephemeral port number that the client wishes the server to use when
> opening the data connection. The PORT command also includes an IP address,
> which is usually the client's own IP address, although FTP also supports a
> third-party mode where a client can tell a server to send a file to a
> different host. (Third-party mode is rarely used.)
> 5. The server sends a SYN from port 20 to the client's ephemeral port
> number, which was provided to the server in the client's PORT command.
> 6. The client sends a SYN ACK from its ephemeral port to port 20.
> 7. The server sends an ACK.
> 8. The host that is sending data uses this new connection to send the data
> in TCP segments, which the other host ACKs. (With some commands, such as
> STOR, the client sends data. With other commands, such as RETR, the server
> sends data.)
> 9. After the data transfer is complete, the host sending data closes the
> data connection with a FIN, which the other host ACKs. The other host also
> sends its own FIN, which the sending host ACKs.
> 10. The client can send more commands on the control connection, which may
> cause additional data connections to be opened and then closed. At some
> point, when the user is finished, the client closes the control connection
> with a FIN. The server ACKs the client's FIN. The server also sends its
own
> FIN, which the client ACKs.
>
> Notice that an additional command (DIR, in your example) opens another
data
> connection. (In Active mode, these data connections come from the server's
> port 20.)
>
> Now, if you're using Passive mode, the client opens the data connection,
> from an ephemeral port to an ephemeral port on the server. Here are the
> steps:
>
> 1. The client sends a TCP SYN to the well-known FTP control port (port 21)
> on the server. The client uses an ephemeral port as the source port.
> 2. The server sends the client a SYN ACK from port 21 to the ephemeral
port
> on the client.
> 3. The client sends an ACK. The client uses this connection to send FTP
> commands and the server uses the connection to send FTP replies.
> 4. When the user requests a directory listing or initiates the sending or
> receiving of a file, the client software sends a PASV command to the
server
> indicating the desire to enter passive mode.
> 5. The server replies. The reply includes the IP address of the server and
> an ephemeral port number that the client should use when opening the
> connection for data transfer.
> 6. The client sends a SYN from a client-selected ephemeral port to the
> server's ephemeral port number, which was provided to the client in the
> reply to the client's PASV command.
> 7. The server sends a SYN ACK from its ephemeral port to the client's
> ephemeral port.
> 8. The client sends an ACK.
> 9. The host that is sending data uses this new connection to send the data
> in TCP segments, which the other host ACKs. (With some commands, such as
> STOR, the client sends data. With other commands, such as RETR, the server
> sends data.)
> 10. After the data transfer is complete, the host sending data closes the
> data connection with a FIN, which the other host ACKs. The other host also
> sends its own FIN, which the sending host ACKs.
> 11. The client can send more commands on the control session, which may
> cause additional data connections to be opened and then closed. At some
> point, when the user is finished, the client closes the control connection
> with a FIN. The server ACKs the client's FIN. The server also sends its
own
> FIN, which the client ACKs.
>
>
> The gist of your problem is these multiple connections that happen. I
> assume that HTTP works fine. That's probably because it opens only one
> connection.
>
> So, is there some more advanced configuration you can do to make FTP work?
> That's the question.....
>
> As far as your idea of fixing the problem with a static route, I'm afraid
> that won't work because static routes don't let you specify a port number.
> Would policy routing work? It's going to be tricky, though, because of
> those ephemeral ports.
>
> Maybe you could just pull one of the connections when you do FTP! ;-)
>
> HTH
>
> Priscilla
>
>
> At 01:06 PM 6/3/02, question cisco wrote:
> >i have a question regarding static routing and ports.  i have a 2621
router
> >with two dsl lines going to two different dsl providers, and one line
going
> >into my network.  using the "extendable" feature of nating, i'm able to
use
> >both dsl line together to load balance traffic.  the problem i run into,
> >however, is when i try to ftp.  since the router is forwarding packets in
a
> >"per packet" fashion, ie one goes out dsl 1, the other dsl2, etc,
etc...when
> >i connect to an ftp server outside my network i often run into problems.
i
> >can connect to the ftp site, but usually the second command (such as dir)
> >responds saying that there is no ftp connection.  from what i gather, the
> >problem lies in the fact that ftp sends out both tcp and udp packets, and
> >since my router is forwarding on a per packet basis, they're going out
> >different dsl lines and causing the problem.
> >
> >how can i solve this?  i was wondering if there is a way that i can set a
> >static route, something like...ip static 0.0.0.0 :21 blah blah, where all
of
> >my port 21 (ftp) traffic goes out one dsl line.
> >
> >thanks.
> ________________________
>
> Priscilla Oppenheimer
> http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=45708&t=45682
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx