FTP 控制信道如果断开了，那么正在传送的数据信道会断开麽？

 ftp与F5分析.docx

Client：cuteftp3.0

Server: server-u9.0

F5: v 9.3.1.HF4

一、FTP和forward VS(FASTL4)

使用一个全0的forwarding VS（fastl4 缺省值），FTP连接均通过该VS，发现：

FTP能够正常建立连接（pasv模式）和传输数据，控制连接的idle时间在不停的增大，数据传输连接的idle时间在自动刷新。但当控制连接超时后，数据连接也随之被F5删除：

[root@bigip:Active] config # b conn show all

VIRTUAL any:any <-> NODE 1.1.1.100:ftp

    CLIENTSIDE 10.0.0.100:3129 <-> 1.1.1.100:ftp

        (pkts,bits) in = (11, 5392), out = (9, 6568)

    SERVERSIDE 10.0.0.100:3129 <-> 1.1.1.100:ftp

        (pkts,bits) in = (9, 6568), out = (11, 5392)

    PROTOCOL tcp   UNIT 1   IDLE 285 (300)   LASTHOP 4093 00:17:a4:e4:86:39

VIRTUAL any:any <-> NODE 1.1.1.100:1665

    CLIENTSIDE 10.0.0.100:3131 <-> 1.1.1.100:1665

        (pkts,bits) in = (1550, 669664), out = (2813, 27.23M)

    SERVERSIDE 10.0.0.100:3131 <-> 1.1.1.100:1665

        (pkts,bits) in = (2813, 27.23M), out = (1550, 669664)

PROTOCOL tcp   UNIT 1   IDLE 0 (300)   LASTHOP 4093 00:17:a4:e4:86:39

接着再显示

[root@bigip:Active] config # b conn show all

No connections were found.

正常情况下，控制信道断开后，数据信道也应该继续传输数据，怀疑为fastl4的reset on idletimeout导致，关闭该功能，测试发现：

[root@bigip:Active] config # b conn show all

VIRTUAL any:any <-> NODE 1.1.1.100:ftp

    CLIENTSIDE 10.0.0.100:3253 <-> 1.1.1.100:ftp

        (pkts,bits) in = (10, 4912), out = (9, 6496)

    SERVERSIDE 10.0.0.100:3253 <-> 1.1.1.100:ftp

        (pkts,bits) in = (9, 6496), out = (10, 4912)

    PROTOCOL tcp   UNIT 1   IDLE 86 (120)   LASTHOP 4093 00:17:a4:e4:86:39

VIRTUAL any:any <-> NODE 1.1.1.100:2314

    CLIENTSIDE 10.0.0.100:3255 <-> 1.1.1.100:2314

        (pkts,bits) in = (489, 211312), out = (872, 8.548M)

    SERVERSIDE 10.0.0.100:3255 <-> 1.1.1.100:2314

        (pkts,bits) in = (872, 8.548M), out = (489, 211312)

PROTOCOL tcp   UNIT 1   IDLE 0 (120)   LASTHOP 4093 00:17:a4:e4:86:39

等待控制连接超时后

[root@bigip:Active] config # b conn show all

VIRTUAL any:any <-> NODE 1.1.1.100:2314

    CLIENTSIDE 10.0.0.100:3255 <-> 1.1.1.100:2314

        (pkts,bits) in = (747, 322768), out = (1327, 12.97M)

    SERVERSIDE 10.0.0.100:3255 <-> 1.1.1.100:2314

        (pkts,bits) in = (1327, 12.97M), out = (747, 322768)

PROTOCOL tcp   UNIT 1   IDLE 1 (120)   LASTHOP 4093 00:17:a4:e4:86:39

数据连接依然在传输。

分析：缺省fastl4情况下，F5在ftp控制连接超时后，自动发送RST包，该reset包导致了客户端程序和服务器主动关闭控制连接，而客户端或服务器如果关闭了控制则将不再传输数据。关闭了profile的RST功能后，F5只是默默删除F5上的控制连接，不影响客户端和服务器，因此Ftp传输能够继续。

(删除一个VS,该VS上当前活动的连接是不会被删除的！！)

二、FTP和performance l4 VS（VS端口为0）

PASV模式无法建立连接，ftp client和VS建立控制信道正常，随后client从控制信道中得知client应该用自己的随机端口与实际的server（pool中的成员）随机端口连接，而此时F5是不容许直接访问后台的ftp服务器的：

[root@bigip:Active] config # tcpdump -ni 0.0 tcp

tcpdump: listening on 0.0

11:16:46.805107 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: S 988707591:988707591(0) win 65535 <mss 1260,nop,nop,sackOK> (DF)

11:16:46.805135 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: S 988707591:988707591(0) win 65535 <mss 1260,nop,nop,sackOK> (DF)

11:16:46.806044 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: S 3239389612:3239389612(0) ack 988707592 win 16384 <mss 1460,nop,nop,sackOK>

11:16:46.806048 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: S 3239389612:3239389612(0) ack 988707592 win 16384 <mss 1460,nop,nop,sackOK>

11:16:46.806425 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: . ack 1 win 65535 (DF)

11:16:46.806428 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: . ack 1 win 65535 (DF)

11:16:46.857245 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: P 1:38(37) ack 1 win 17640 (DF)

11:16:46.857247 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: P 1:38(37) ack 1 win 17640 (DF)

11:16:46.858942 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: P 1:12(11) ack 38 win 65498 (DF)

11:16:46.858944 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: P 1:12(11) ack 38 win 65498 (DF)

11:16:46.873190 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: P 38:74(36) ack 12 win 17629 (DF)

11:16:46.873193 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: P 38:74(36) ack 12 win 17629 (DF)

11:16:46.874450 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: P 12:23(11) ack 74 win 65462 (DF)

11:16:46.874452 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: P 12:23(11) ack 74 win 65462 (DF)

11:16:46.878751 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: P 74:104(30) ack 23 win 17618 (DF)

11:16:46.878753 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: P 74:104(30) ack 23 win 17618 (DF)

11:16:46.879571 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: P 23:28(5) ack 104 win 65432 (DF)

11:16:46.879573 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: P 23:28(5) ack 104 win 65432 (DF)

11:16:46.881240 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: P 104:135(31) ack 28 win 17613 (DF)

11:16:46.881241 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: P 104:135(31) ack 28 win 17613 (DF)

11:16:46.882498 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: P 28:34(6) ack 135 win 65401 (DF)

11:16:46.882500 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: P 28:34(6) ack 135 win 65401 (DF)

11:16:46.890896 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: P 135:708(573) ack 34 win 17607 (DF)

11:16:46.890899 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: P 135:708(573) ack 34 win 17607 (DF)

11:16:46.892301 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: P 34:42(8) ack 708 win 64828 (DF)

11:16:46.892303 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: P 34:42(8) ack 708 win 64828 (DF)

11

:16:46.893677 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: P 708:754(46) ack 42 win 17599 (DF)

11:16:46.893679 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: P 708:754(46) ack 42 win 17599 (DF)

11:16:46.894644 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: P 42:48(6) ack 754 win 64782 (DF)

11:16:46.894646 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: P 42:48(6) ack 754 win 64782 (DF)

11:16:46.912110 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: P 754:799(45) ack 48 win 17593 (DF)

11:16:46.912113 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: P 754:799(45) ack 48 win 17593 (DF)

11:16:46.912931 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: P 48:54(6) ack 799 win 64737 (DF)

11:16:46.912933 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: P 48:54(6) ack 799 win 64737 (DF)

11:16:46.916647 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3587: P 799:852(53) ack 54 win 17587 (DF)

11:16:46.916649 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3587: P 799:852(53) ack 54 win 17587 (DF)

11:16:46.925132 802.1Q vlan#4093 P0 10.0.0.99.3589 > 1.1.1.100.3635: S 1989479398:1989479398(0) win 65535 <mss 1260,nop,nop,sackOK> (DF)

11:16:47.154148 802.1Q vlan#4093 P0 10.0.0.99.3587 > 10.0.0.200.ftp: . ack 852 win 64684 (DF)

11:16:47.154150 802.1Q vlan#4094 P0 10.0.0.99.3587 > 1.1.1.100.ftp: . ack 852 win 64684 (DF)

11:16:49.896926 802.1Q vlan#4093 P0 10.0.0.99.3589 > 1.1.1.100.3635: S 1989479398:1989479398(0) win 65535 <mss 1260,nop,nop,sackOK> (DF)

11:16:55.891851 802.1Q vlan#4093 P0 10.0.0.99.3589 > 1.1.1.100.3635: S 1989479398:1989479398(0) win 65535 <mss 1260,nop,nop,sackOK> (DF)

此时改用port模式，也是无法连接，FTP 实际的server用其20端口主动向client发起连接，而此时F5上是不可能让这个链接通过的，没有相关的VS。

[root@bigip:Active] config # tcpdump -ni 0.0 tcp

tcpdump: listening on 0.0

11:23:32.298007 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: S 1781995993:1781995993(0) win 65535 <mss 1260,nop,nop,sackOK> (DF)

11:23:32.298033 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: S 1781995993:1781995993(0) win 65535 <mss 1260,nop,nop,sackOK> (DF)

11:23:32.298716 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: S 1449994149:1449994149(0) ack 1781995994 win 16384 <mss 1460,nop,nop,sackOK>

11:23:32.298719 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: S 1449994149:1449994149(0) ack 1781995994 win 16384 <mss 1460,nop,nop,sackOK>

11:23:32.298886 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: . ack 1 win 65535 (DF)

11:23:32.298888 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: . ack 1 win 65535 (DF)

11:23:32.307934 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 1:38(37) ack 1 win 17640 (DF)

11:23:32.307937 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 1:38(37) ack 1 win 17640 (DF)

11:23:32.310590 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: P 1:12(11) ack 38 win 65498 (DF)

11:23:32.310592 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: P 1:12(11) ack 38 win 65498 (DF)

11:23:32.315542 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 38:74(36) ack 12 win 17629 (DF)

11:23:32.315543 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 38:74(36) ack 12 win 17629 (DF)

11:23:32.316150 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: P 12:23(11) ack 74 win 65462 (DF)

11:23:32.316152 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: P 12:23(11) ack 74 win 65462 (DF)

11:23:32.320077 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 74:104(30) ack 23 win 17618 (DF)

11:23:32.320080 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 74:104(30) ack 23 win 17618 (DF)

11:23:32.320687 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: P 23:28(5) ack 104 win 65432 (DF)

11:23:32.320689 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: P 23:28(5) ack 104 win 65432 (DF)

11:23:32.322126 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 104:135(31) ack 28 win 17613 (DF)

11:23:32.322128 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 104:135(31) ack 28 win 17613 (DF)

11:23:32.322737 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: P 28:34(6) ack 135 win 65401 (DF)

11:23:32.322739 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: P 28:34(6) ack 135 win 65401 (DF)

11:23:32.332513 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 135:708(573) ack 34 win 17607 (DF)

11:23:32.332516 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 135:708(573) ack 34 win 17607 (DF)

11:23:32.333563 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: P 34:42(8) ack 708 win 64828 (DF)

11:23:32.333565 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: P 34:42(8) ack 708 win 64828 (DF)

11:23:32.336463 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 708:754(46) ack 42 win 17599 (DF)

11:23:32.336465 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 708:754(46) ack 42 win 17599 (DF)

11:23:32.339270 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: P 42:64(22) ack 754 win 64782 (DF)

11:23:32.339272 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: P 42:64(22) ack 754 win 64782 (DF)

11:23:32.340706 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 754:784(30) ack 64 win 17577 (DF)

11:23:32.340709 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 754:784(30) ack 64 win 17577 (DF)

11:23:32.341174 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: P 64:70(6) ack 784 win 64752 (DF)

11:23:32.341175 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: P 64:70(6) ack 784 win 64752 (DF)

11:23:32.346119 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 784:837(53) ack 70 win 17571 (DF)

11:23:32.346121 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 784:837(53) ack 70 win 17571 (DF)

11:23:32.348753 802.1Q vlan#4094 P0 1.1.1.100.ftp-data > 10.0.0.99.3602: S 1621272327:1621272327(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)

11:23:32.461857 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: . ack 837 win 64699 (DF)

11:23:32.461859 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: . ack 837 win 64699 (DF)

11:23:34.186597 802.1Q vlan#4094 P0 1.1.1.100.ftp-data > 10.0.0.99.3602: S 1621272327:1621272327(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)

11:23:38.995204 802.1Q vlan#4094 P0 1.1.1.100.ftp-data > 10.0.0.99.3602: S 1621272327:1621272327(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)

11:23:48.862992 802.1Q vlan#4094 P0 1.1.1.100.ftp > 10.0.0.99.3601: P 837:871(34) ack 70 win 17571 (DF)

11:23:48.862999 802.1Q vlan#4093 P0 10.0.0.200.ftp > 10.0.0.99.3601: P 837:871(34) ack 70 win 17571 (DF)

11:23:49.019578 802.1Q vlan#4093 P0 10.0.0.99.3601 > 10.0.0.200.ftp: . ack 871 win 64665 (DF)

11:23:49.019582 802.1Q vlan#4094 P0 10.0.0.99.3601 > 1.1.1.100.ftp: . ack 871 win 64665 (DF)

 

 

三、FTP和标准VS（使用ftp profile，VS端口21）

PASV模式，传输过程中，控制连接和数据连接，都能不断刷新：

[root@bigip:Active] config # b conn show all

VIRTUAL 10.0.0.200:ftp <-> NODE 1.1.1.100:ftp

    CLIENTSIDE 10.0.0.99:3653 <-> 10.0.0.200:ftp

        (pkts,bits) in = (10, 4912), out = (9, 6520)

    SERVERSIDE 10.0.0.99:3653 <-> 1.1.1.100:ftp

        (pkts,bits) in = (9, 6544), out = (10, 4944)

    PROTOCOL tcp   UNIT 1   IDLE 1 (300)   LASTHOP 4093 00:17:a4:e4:86:39

VIRTUAL 10.0.0.200:4461 <-> NODE 1.1.1.100:4461

    CLIENTSIDE 10.0.0.99:3655 <-> 10.0.0.200:4461

        (pkts,bits) in = (536, 231616), out = (974, 9.515M)

    SERVERSIDE 10.0.0.99:3655 <-> 1.1.1.100:4461

        (pkts,bits) in = (974, 9.515M), out = (536, 231616)

    PROTOCOL tcp   UNIT 1   IDLE 1 (300)   LASTHOP 4093 00:17:a4:e4:86:39

[root@bigip:Active] config #

[root@bigip:Active] config #

[root@bigip:Active] config # b conn show all

VIRTUAL 10.0.0.200:ftp <-> NODE 1.1.1.100:ftp

    CLIENTSIDE 10.0.0.99:3653 <-> 10.0.0.200:ftp

        (pkts,bits) in = (10, 4912), out = (9, 6520)

    SERVERSIDE 10.0.0.99:3653 <-> 1.1.1.100:ftp

        (pkts,bits) in = (9, 6544), out = (10, 4944)

    PROTOCOL tcp   UNIT 1   IDLE 0 (300)   LASTHOP 4093 00:17:a4:e4:86:39

VIRTUAL 10.0.0.200:4461 <-> NODE 1.1.1.100:4461

    CLIENTSIDE 10.0.0.99:3655 <-> 10.0.0.200:4461

        (pkts,bits) in = (1072, 463168), out = (1936, 18.83M)

    SERVERSIDE 10.0.0.99:3655 <-> 1.1.1.100:4461

        (pkts,bits) in = (1936, 18.83M), out = (1072, 463168)

PROTOCOL tcp   UNIT 1   IDLE 0 (300)   LASTHOP 4093 00:17:a4:e4:86:39

 

Port模式，控制连接和数据连接也都能正常刷新空闲计时器：

[root@bigip:Active] config # b conn show all

VIRTUAL 10.0.0.200:ftp <-> NODE 1.1.1.100:ftp

    CLIENTSIDE 10.0.0.99:3942 <-> 10.0.0.200:ftp

        (pkts,bits) in = (17, 8264), out = (14, 14792)

    SERVERSIDE 10.0.0.99:3942 <-> 1.1.1.100:ftp

        (pkts,bits) in = (14, 14824), out = (17, 8296)

    PROTOCOL tcp   UNIT 1   IDLE 19 (300)   LASTHOP 4093 00:17:a4:e4:86:39

VIRTUAL 10.0.0.200:ftp <-> NODE 1.1.1.100:ftp

    CLIENTSIDE 10.0.0.99:3947 <-> 10.0.0.200:ftp

        (pkts,bits) in = (11, 5480), out = (9, 6384)

    SERVERSIDE 10.0.0.99:3947 <-> 1.1.1.100:ftp

        (pkts,bits) in = (9, 6416), out = (11, 5512)

    PROTOCOL tcp   UNIT 1   IDLE 5 (300)   LASTHOP 4093 00:17:a4:e4:86:39

VIRTUAL 10.0.0.200:ftp <-> NODE 10.0.0.99:3948

    CLIENTSIDE 1.1.1.100:ftp-data <-> 10.0.0.99:3948

        (pkts,bits) in = (169, 1.716M), out = (86, 37216)

    SERVERSIDE 10.0.0.200:ftp-data <-> 10.0.0.99:3948

        (pkts,bits) in = (86, 37216), out = (169, 1.716M)

    PROTOCOL tcp   UNIT 1   IDLE 5 (300)   LASTHOP 4094 00:0c:29:1d:4a:37

[root@bigip:Active] config #

[root@bigip:Active] config #

[root@bigip:Active] config # b conn show all

VIRTUAL 10.0.0.200:ftp <-> NODE 1.1.1.100:ftp

    CLIENTSIDE 10.0.0.99:3942 <-> 10.0.0.200:ftp

        (pkts,bits) in = (19, 9168), out = (15, 15472)

    SERVERSIDE 10.0.0.99:3942 <-> 1.1.1.100:ftp

        (pkts,bits) in = (15, 15504), out = (19, 9200)

    PROTOCOL tcp   UNIT 1   IDLE 2 (300)   LASTHOP 4093 00:17:a4:e4:86:39

VIRTUAL 10.0.0.200:ftp <-> NODE 1.1.1.100:ftp

    CLIENTSIDE 10.0.0.99:3947 <-> 10.0.0.200:ftp

        (pkts,bits) in = (11, 5480), out = (9, 6384)

    SERVERSIDE 10.0.0.99:3947 <-> 1.1.1.100:ftp

        (pkts,bits) in = (9, 6416), out = (11, 5512)

    PROTOCOL tcp   UNIT 1   IDLE 0 (300)   LASTHOP 4093 00:17:a4:e4:86:39

VIRTUAL 10.0.0.200:ftp <-> NODE 10.0.0.99:3948

    CLIENTSIDE 1.1.1.100:ftp-data <-> 10.0.0.99:3948

        (pkts,bits) in = (250, 2.492M), out = (130, 56224)

    SERVERSIDE 10.0.0.200:ftp-data <-> 10.0.0.99:3948

        (pkts,bits) in = (130, 56224), out = (250, 2.492M)

    PROTOCOL tcp   UNIT 1   IDLE 0 (300)   LASTHOP 4094 00:0c:29:1d:4a:37

注：windows FTP 客户端效果同上。

 

另：ftp客户端传输期间，自己是不会主动关闭控制连接的，除非收到外部的关闭指示。当客户端上的控制连接被关闭时，客户端也会主动关闭数据连接。理论上，传输过程中，如果中间设备是默默关闭连接的（中间设备不主动发RST包给客户端或者服务器）应不影响数据连接的传输。但当F5使用了ftp profile后，如果强制delete掉控制连接，则数据连接也会被F5删除，如果不使用ftp profile（例如forward VS）则强制删除控制连接时候F5不会主动删除数据连接（此时如果F5向客户端或服务器发送RST包，则客户端或服务器又会主动关闭数据连接，从而导致F5上的数据连接也会被清除）

相关文章

• 注意：2019/2/1即将实施的DNS Flag Day带来的影响
• 支持 edns client subnet dig下载
• HTTP2 explained
• OSPF grace-restart
• 林夏写的DNS DOS防范文档，比较落地哦