Use GA to accelerate FTP services - Global Accelerator - Alibaba Cloud Documentation Center

Global Accelerator (GA) can accelerate Layer 4 and Layer 7 protocols, including File Transfer Protocol (FTP). This topic introduces FTP and uses vsftpd and FileZilla to describe how to use GA to accelerate FTP services.

Prerequisites

Port 21 and ports 2100 to 2120 are allowed to receive traffic in the security group of the FTP server.
A public IP address is assigned to the FTP server.

Note

In this example, an Elastic Compute Service (ECS) instance is used as the FTP server. For more information about how to configure security groups and public IP addresses for ECS instances, see Manage security groups and Quick start.

Background information

FTP is a protocol used to transfer files. This protocol is based on the client-server model and supports the following modes:

Active mode: The client sends port information to the FTP server, and the server establishes a connection to the port.
Passive mode: The FTP server enables a port and sends the port information to the client. The client initiates a connection to the port, and the server accepts the connection.

The following figure and table describe the workflow in active mode. 主动模式

No.	Description
①	The FTP client sends a connection request to port 21 of the FTP server.
②	The FTP client informs port 21 that port 2100 of the client can be used to transfer data.
③	Port 20 of the FTP server connects to port 2100 of the FTP client. Then, data can be transferred between the server and the client.
④	After the data is transferred, the FTP server closes the connection.

The following figure and table describe the workflow in passive mode. 被动模式

No.	Description
①	The FTP client sends a connection request to port 21 of the FTP server.
②	The FTP server informs the FTP client that port 2120 is used to transfer data.
③	The FTP client opens another port to connect to port 2120 of the FTP server to transfer data.
④	After the data is transferred, the FTP server closes the connection.

Active mode is not supported by GA. Therefore, only passive mode can be used.

FTP supports the following authentication modes:

Anonymous user mode: In this mode, users can log on to the FTP server without the need for a username or password. This is the least secure authentication mode. In most cases, this mode is used to save unimportant public files. We recommend that you do not use this mode to save files in a production environment
Local user mode: In this mode, users must have local Linux accounts. This mode is more secure than the anonymous user mode.
Virtual user mode: Virtual users are dedicated users of the FTP server. Virtual users can access only the FTP service that the Linux system provides and cannot access other resources of the system. This enhances the security of the FTP server.

Procedure

Step 1: Install and configure vsftpd on the FTP server

The following section describes how to install and configure vsftpd 3.0.2 on an ECS instance that runs the Linux 2.1903 64-bit operating system. The ECS instance is used as the FTP server. If you use different operating systems or vsftpd versions, change the commands and parameter settings accordingly.

Connect to a Linux instance.
For more information, see Connection methods.
Run the following command to install vsftpd:
```
yum install -y vsftpd
```

Use the local user mode for authentication and create a user that is used to log on to the FTP server.

# Create a Linux user named ftpdemo.
adduser ftpdemo
# Change the password of ftpdemo.
passwd ftpdemo
# Create a directory for the FTP service.
mkdir /var/ftp/demo
# Transfer the ownership of the directory to ftpdemo.
chown -R ftpdemo:ftpdemo /var/ftp/demo

Configure vsftpd.
```
vim /etc/vsftpd/vsftpd.conf
```

Modify the configuration file of vsftpd based on the following information:

# Keep the default values for all parameters except the following parameters.
# Modify the values of the following parameters.
# Forbid anonymous users to log on to the FTP server.
anonymous_enable=NO
# Allow local users to log on to the FTP server.
local_enable=YES
# Listen on IPv4 sockets.
listen=YES
# Disable listening on IPv6 sockets.
# listen_ipv6=NO
# Add the following parameters.
# Specify the directory to which local users are directed after they log on.
local_root=/var/ftp/demo
# Enable passive mode.
pasv_enable=YES
# Disable security checks. The value must be set to YES. Otherwise, the FTP client cannot upload files to the FTP server.
pasv_promiscuous=YES
# Set the starting port number of the port range that can be used to transfer data in passive mode.
pasv_min_port=2100
# Set the ending port number of the port range that can be used to transfer data in passive mode.
pasv_max_port=2120

Press the Esc key to exit the edit mode. Enter :wq and press the Enter key to save and close the file.

Run the following commands to view or restart vsftpd:

# Restart vsftpd.
systemctl restart vsftpd.service
# View the status of vsftpd.
systemctl status vsftpd

Step 2: Purchase a GA service bundle

You can enter the information about the web service in the GA console. After you enter the information, the system generates a list of recommended services. The list includes a GA instance and a basic bandwidth plan.

Log on to the GA console.
In the upper-right corner of the Instances page, click Purchase Guide.
Note
If this is the first time that you use the GA service, skip this step.

In the Enter the required information to generate a list of recommended services section, enter the required information and click Generate Service List.

Parameter	Description
Acceleration Area	Select the region in which acceleration is required. In this example, China (Hong Kong) is selected.
Service Region	Select the region where the destination server is deployed. In this example, US (Silicon Valley) is selected.
ICP Filing	Specify whether you have applied for an Internet Content Provider (ICP) number for the domain name of the FTP service. In this example, No is selected. Note If the accelerated service is deployed in the Chinese mainland or the acceleration region is in the Chinese mainland, you must obtain an ICP number before you can provide the service. For more information, see What is an ICP filing?
Server Area	Specify whether the FTP service is deployed on Alibaba Cloud. In this example, On Alibaba Cloud is selected.
Peak Bandwidth Range	Enter the bandwidth required during peak hours. Unit: Mbit/s. In this example, `2` is entered.
Maximum Concurrent Connections	The maximum number of concurrent connections that a GA instance supports. When the number of concurrent connections reaches the upper limit, new connection requests are dropped. In this example, 5 Thousand is selected.

In the Recommended Service List section, click Generate Service List after you confirm the information.

On the buy page, set the following parameters and click Buy Now to complete the payment.

Parameter	Description
Term	Select a subscription duration.
Type	Select a type of GA instance. In this example, Standard is selected.
Specification	Select a specification for the GA instance. In this example, Small I (Specifications Unit) is selected.
Instance	By default, Instance is selected.
Bandwidth Type	Select a bandwidth type for the basic bandwidth plan. In this example, Premium is selected.
Peak Bandwidth	Specify the bandwidth limit of the bandwidth plan. In this example, 2 Mbit/s is specified.

Step 3: Add an acceleration area

After you purchase a GA instance, you can add an acceleration area, specify the region where users are located, and then allocate bandwidth to the region.

On the Instances page, find the GA instance and click its ID.
Click the Acceleration Areas tab and then click Add Region on the Asia Pacific tab.

In the Add Acceleration Area dialog box, set the following parameters and click OK.

Parameter	Description
Region	Select the region where the users that require the acceleration service are located. In this example, China (Hong Kong) is selected.
Bandwidth	Allocate bandwidth to the region. In this example, `2` Mbit/s of bandwidth is allocated.
Internet Protocol	Select the protocol that is used by the users to connect to GA. In this example, IPv4 is selected.

After you add a region, the system assigns an accelerated IP address to the region that is added to the GA instance. This accelerated IP address is used to accelerate content delivery from users in the specified region to the specified backend servers through GA. Accelerated IP addresses

Step 4: Add a listener and an endpoint group

A listener listens for connection requests and distributes the requests to endpoints based on the port and protocol that you specify. Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, network traffic is distributed to the optimal endpoints in the endpoint group.

On the instance details page, click the Listeners tab and then click Add Listener.

In the Configure Listener & Protocol step, configure the parameters and click Next. The following table describes the parameters.

Parameter	Description
Listener Name	Enter a name for the listener. The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.
Protocol	Select a protocol for the listener. In this example, TCP is selected.
Port Number	Specify a listener port. The port is used to receive and forward requests to endpoints. Valid values: 1 to 65499. In this example, `21,2100~2120` is entered. `2100~2120` is the port range specified by pasv_min_port and pasv_max_port in the vsftpd.conf file of the FTP server that is configured in Step 1: Install and configure vsftpd on the FTP server.
Client Affinity	Specify whether to enable client affinity. If client affinity is enabled, requests from the same client are forwarded to the same endpoint when the client connects to a stateful application. In this example, Source IP Address is selected.

In the Configure Endpoint Group step, configure the parameters and click Next. The following table describes the parameters.

Note

FTP establishes two links between the client and the server. One link is used to control the communication and the other is used to transfer data. The control link is used to send and receive FTP commands during the FTP session. The data link is used to transfer data.

A GA instance has multiple endpoint group IP addresses in the region where the service is deployed. The region is also where the endpoint group belongs. However, connection checks are configured for some FTP servers. The connection checks require that the control link and the data link have the same client IP address. In this case, you must disable the connection checks of the client IP addresses for the FTP servers. You can also contact your account manager to enable the feature that ensures that the control link and the data link have the same client IP address.

Parameter	Description
Endpoint Group Name	Enter a name for the endpoint group. The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.
Region	Select the region to which the endpoint group (destination servers) belongs. In this example, US (Silicon Valley) is selected.
Traffic Distribution Ratio	Specify a traffic distribution ratio for the endpoint group. Valid values: 0 to 100. Unit: percent (%). In this example, the value is set to `100`.
Backend Service	Specify whether the FTP service is deployed on Alibaba Cloud. In this example, Alibaba Cloud is selected.
Preserve Client IP	Specify whether to preserve client IP addresses. After you enable this feature, backend servers can retrieve client IP addresses. In this example, client IP address preservation is disabled.
Endpoint	Endpoints are destinations of client requests. To add an endpoint, set the following parameters: Backend Service Type: Select Alibaba Cloud Public IP Address. Backend Service: Enter the IP address of the backend service that you want to accelerate. In this example, enter the public IP address of the FTP server. Weight: Enter the weight of the endpoint. Valid values: 0 to 255. GA distributes network traffic to endpoints based on their weights. In this example, set the weight of the FTP server to `100`. Warning When you set the weight of an endpoint to 0, Global Accelerator stops distributing network traffic to the endpoint. Proceed with caution.

On the Confirm wizard page, confirm the configurations of the listener and endpoint, and then click Submit.

Step 5: Verify the acceleration performance

In this example, a host that runs the Windows Server 2019 64-bit operating system is used as the FTP client. FileZilla is installed on the client to transfer data.

Remotely connect to the Windows instance.
For more information, see Connect to a Windows instance by using a password.
Start FileZilla.
You can visit the official website of FileZilla to download FileZilla.
In the top navigation bar, choose File> Site Manager.
In the Site Manager dialog box, click New Site. Then, specify the name of your website in the Select Entry section. In this example, the name is set to GA Acceleration.

In the General section, configure the following parameters.

Parameter	Description
Protocol	Select FTP - File Transfer Protocol from the drop-down list.
Host	Enter the IP address used to log on to the FTP server. The IP address is the accelerated IP address allocated by GA.
User	Enter the username of the FTP server, which is `ftpdemo`.
Password	Enter the password used to log on to the FTP server.

Keep the default values for parameters that are not included in the preceding table.

Click Connect to connect to the FTP server.

After you connect to the FTP server, you can upload, download, create, and delete website files. The FileZilla interface is shown in the following figure. 上传文件

The following table describes different sections on the FileZilla interface.

No.	Description
①	Commands, the connection status of the FTP server, and task execution results are shown.
②	The section of local disks.
③	The section of the remote site. You can double-click a directory to access the directory.
④	The section that displays records, including the queues and logs of the FTP task.

Open the CLI and run the following command to check the latency of data transmission:
```
curl
-o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer:
%{time_starttransfer}\ntime_total: %{time_total}\n" ftp://<Accelerated IP address allocated by GA>/<File path> --user <username>:<password>
```
Parameter descriptions:
- time_connect: the period of time that it takes to establish a TCP connection. Unit: seconds.
- time_starttransfer: the start time of data transfer. The start time refers to the amount of time from when the client sends a request to the backend server to when the first byte is sent to the client. Unit: seconds.
- time_total: the total connection time. The total connection time refers to the amount of time from when the client sends a request to when the client receives the last byte from the backend server. Unit: seconds.
The test result indicates that GA reduces network latency when the FTP client in the China (Hong Kong) region accesses the FTP server in the US (Silicon Valley) region.
Figure 1. Network latency before acceleration
Figure 2. Network latency after acceleration
Note
When you use GA to accelerate FTP services, the actual acceleration performance varies based on your workloads.