HAProxy ALOHA Documentation 15.5

Active FTP

In active mode FTP, the FTP server responds to client requests by initiating a connection back to the client.

To load balance active FTP services, use a Linux Virtual Server (LVS) load balancer in NAT mode to perform the load balancing at layer 4. In this scenario, responses from servers flow through HAProxy ALOHA (that is, not Direct Server Return).

This configuration supports high availability.

Example network architecture

The procedures in this section are based on an example network architecture where clients access the FTP services at the load balancer IP address 192.168.0.100. The load balancer then directs traffic to FTP servers at 192.168.1.10 and 192.168.1.11.

https://cdn.haproxy.com/documentation/aloha/latest/assets/lb-ftp-architecture2-2ad4a44dd397fde5ce1420ed5ed47b50a4ae21305d5c348ea8cdfbd9d8c250af.png

Configure source NAT

Create a NAT rule to translate the client's source IP to the HAProxy ALOHA appliance's IP.

In the NAT tab, click Insert to add a new NAT rule.
The values you enter in the New Rule area depend on the number of network interfaces attached to HAProxy ALOHA.
- One network interface
```
--------+-------- 192.168.1.0/24, VIPs, backend servers
        |
        | eth0
   +---------+
   |         |
   |  ALOHA  |
   |         |
   +---------+
```
  In a deployment with one network interface, select the following values in the New Rule area.
  
  Field
  
  Description
  
  IN
  
  Inbound network interface
  
  OUT
  
  Outbound network interface, the same as the inbound interface
  
  Protocol
  
  TCP
- Two network interfaces
```
--------+-------- 192.168.1.0/24, VIPs
        |
        | eth0
   +---------+
   |         |
   |  ALOHA  |
   |         |
   +---------+
        | eth1
        |
--------+-------- 192.168.2.0/24, backend servers
```
  Note
  
  In configurations having two network interfaces, if you have failover configured on one VIP, configure a VIP with failover on the other interface as well.
  
  In a deployment with two network interfaces, select the following values in the New Rule area.
  
  Field
  
  Description
  
  IN
  
  Inbound network interface
  
  OUT
  
  Outbound network interface, different from the inbound interface
  
  Protocol
  
  TCP
Enter the following values in the Before area.

Field

Value

Example

Source

Blank

Source port

Blank

Destination

VIP address

192.168.0.100

Destination port

FTP port or range

20-21

Field	Description
IN	Inbound network interface
OUT	Outbound network interface, the same as the inbound interface
Protocol	TCP

Field	Description
IN	Inbound network interface
OUT	Outbound network interface, different from the inbound interface
Protocol	TCP

Field	Value	Example
Source	Blank
Source port	Blank
Destination	VIP address	192.168.0.100
Destination port	FTP port or range	20-21

Enter the following values in the After area.

Field	Value	Example
Source	VIP address Note If you enter a local IP address, it can not be shared between the members of a cluster.	192.168.0.100
Source port	Blank
Destination	Blank
Destination port	Blank

Check your configuration.

Rule for one network interface.
Click Add and Apply.
On the Setup tab, in the Configuration section, click Save.

Configure LVS load balancer and destination NAT

Define the LVS director d_ftp, which load balances the FTP traffic between the real FTP servers. LVS performs destination NAT.

Click the LB Layer4 tab.

Add this configuration:

director d_ftp
  mode nat
  balance source
  option icmpcheck interval 10
  server ftp1 <FTP real server 1 IP> weight 10 check
  server ftp2 <FTP real server 2 IP> weight 10 check

In the example, the FTP real servers are located at 192.168.1.10 and 192.168.1.11.

director d_ftp
   mode nat
   balance source
   option icmpcheck interval 10
   server ftp1 192.168.1.10 weight 10 check
   server ftp2 192.168.1.11 weight 10 check

Click OK and then Apply.
Click on the Setup tab. In the Configuration section, click Save.

Configure a flow

Configure a flow that captures traffic sent to the VIP and sends it to the LVS director d_ftp:

Click the Flows tab.

Add this flow definition:

flow f_ftp director d_ftp
  match proto tcp dst <VIP> dstport 20:21

The example IP address for FTP access is 192.168.0.100.

flow f_ftp director d_ftp
   match proto tcp dst 192.168.0.100 dstport 20:21

Click OK and then Apply.
Click on the Setup tab. In the Configuration section, click Save.

Configure the flow manager service

Configure the flow manager service for automatic startup:

On the Services tab, locate the flowmgr service and click Setup .
If the configuration contains the line no autostart, delete the line.
Click OK and then Close.
Locate the flowmgr service and click Restart .
Click on the Setup tab. In the Configuration section, click Save.

Configure the LVS service

Configure the LVS service for automatic startup and connection tracking. NAT relies on the connection tracking information so that it can translate all of the packets in a session in the same way.

On the Services tab, locate the lvs service and click Setup .
If the configuration contains the line no autostart, delete the line.

Enable connection tracking by adding the conntrack keyword.

service lvs
  ############ Linux Virtual Server, layer 3/4 load balancing
  conntrack

Click OK and then Close.
Locate the lvs service and click Restart .
On the Setup tab, in the Configuration section, click Save.

Next up

Passive FTP

More Versions

HAProxy Products Documentation