Global Accelerator (GA) can accelerate Layer 4 and Layer 7 protocols, including File Transfer Protocol (FTP). This topic introduces FTP and uses vsftpd and FileZilla as an example to describe how to use GA to accelerate FTP services.

Prerequisites

  • Port 21 and ports from 2100 to 2120 are allowed to receive traffic in the security group of the FTP server.
  • A public IP address is assigned to the FTP server.
Note

In this example, an Elastic Compute Service (ECS) instance is used as the FTP server. For more information about how to configure security groups and public IP addresses for ECS instances, see Operations on security groups and EIP quick start.

Background information

FTP is a protocol used to transfer files. This protocol is based on the client-server model and supports the following modes:
  • Active mode: The client sends port information to the FTP server, and the server establishes a connection to the port.
  • Passive mode: The FTP server enables a port and sends the port information to the client. The client initiates a connection to the port, and the server accepts the connection.
The following figure and table describe the workflow in active mode.Active mode
No. Description
The FTP client sends a connection request to port 21 of the FTP server.
The FTP client informs port 21 that port 2100 of the client can be used to transfer data.
Port 20 of the FTP server connects to port 2100 of the FTP client. Then, data can be transferred between the server and the client.
After the data is transferred, the FTP server closes the connection.
The following figure and table describe the workflow in passive mode.Passive mode
No. Description
The FTP client sends a connection request to port 21 of the FTP server.
The FTP server informs the FTP client that port 2120 is used to transfer data.
The FTP client opens another port to connect to port 2120 of the FTP server to transfer data.
After the data is transferred, the FTP server closes the connection.

Active mode is not supported by GA. Therefore, only passive mode can be used.

FTP supports the following authentication modes:
  • Anonymous user mode: In this mode, users can log on to the FTP server without a username or password. This is the least secure authentication mode. In most cases, this mode is used to save unimportant public files. We recommend that you do not use this mode to save files in a production environment
  • Local user mode: This authentication mode requires users to have local Linux accounts. This mode is more secure than the anonymous user mode.
  • Virtual user mode: Virtual users are dedicated users of the FTP server. Virtual users can access only the FTP service that the Linux system provides. Virtual users cannot access other resources of the system. This way, the security of the FTP server is further enhanced.

Procedure

Procedure

Step 1: Install and configure vsftpd on the FTP server

The following operations describe how to install and configure vsftpd 3.0.2 on an ECS instance that runs the Linux 2.1903 64-bit operating system. The ECS instance is used as the FTP server. If you use different operating systems or different vsftpd versions, change the commands and parameter settings accordingly.

  1. Connect to the Linux instance.
    For more information about how to connect to a Linux instance, see Connection methods.
  2. Run the following command to install vsftpd:
    yum install -y vsftpd
  3. Use the local user mode for authentication and create a user that is used to log on to the FTP server.
    # Create a Linux user named ftpdemo.
    adduser ftpdemo
    # Change the password of the ftpdemo user.
    passwd ftpdemo
    # Create a directory for the FTP service.
    mkdir /var/ftp/demo
    # Transfer the ownership of the directory to the ftpdemo user.
    chown -R ftpdemo:ftpdemo /var/ftp/demo
  4. Configure vsftpd.
    vim /etc/vsftpd/vsftpd.conf
  5. Modify the configuration file of vsftpd based on the following information:
    # Keep the default values for all parameters except the following parameters.
    # Modify the values of the following parameters.
    # Disallow anonymous users to log on to the FTP server.
    anonymous_enable=NO
    # Allow local users to log on to the FTP server.
    local_enable=YES
    # Listen on IPv4 sockets.
    listen=YES
    # Disable the listening on IPv6 sockets.
    # listen_ipv6=NO
    # Add the following parameters.
    # Specify the directory to which local users are directed after they log on.
    local_root=/var/ftp/demo
    # Enable passive mode.
    pasv_enable=YES
    # Disable security checks. The value must be set to YES. Otherwise, the FTP client cannot upload files to the FTP server.
    pasv_promiscuous=YES
    # Set the starting port number of the port range that can be used to transfer data in passive mode.
    pasv_min_port=2100
    # Set the ending port number of the port range that can be used to transfer data in passive mode.
    pasv_max_port=2120
  6. Press the Esc key to exit the edit mode. Enter :wq and press the Enter key to save and close the file.
  7. Run the following commands to view or restart vsftpd:
    # Restart vsftpd.
    systemctl restart vsftpd.service
    # View the status of vsftpd.
    systemctl status vsftpd

Step 2: Purchase a GA service bundle

You can enter the information about the web service in the GA console. After you enter the information, the system generates a list of recommended services. The list includes a GA instance and a basic bandwidth plan.

  1. Log on to the Global Accelerator console.
  2. In the upper-right corner of the Instances page, click Purchase Guide.
    Note If this is the first time that you use the GA service, skip this step.
    Purchase Guide
  3. In the Enter the required information to generate a list of recommended services section, enter the required information and click Generate Service List.
    Parameter Description
    Acceleration Area Select the region that requires acceleration.

    In this example, China (Hong Kong) is selected.

    Service Region Select the region where the destination server is deployed.

    In this example, US (Silicon Valley) is selected.

    ICP Filing Specify whether you have applied for an Internet Content Provider (ICP) number for the domain name of the FTP service.

    In this example, No is selected.

    Note All websites must obtain an ICP number before they are allowed to provide services to users in mainland China. For more information, see What is an ICP filing?.
    Server Area Specify whether the FTP service is deployed on Alibaba Cloud.

    In this example, On Alibaba Cloud is selected.

    Peak Bandwidth Range Enter the bandwidth required during peak hours. Unit: Mbit/s.

    In this example, 2 is entered.

    Maximum Concurrent Connections. The maximum number of concurrent connections that a GA instance supports. When the number of existing concurrent connections reaches the upper limit, new connection requests are dropped.

    In this example, 5 Thousand is selected.

  4. In the Recommended Service List section, click Generate Service List after you confirm the information.
    Generate Service List
  5. On the buy page, set the following parameters and click Buy Now to complete the payment.
    Parameter Description
    Term Select the subscription duration.
    Specification Select a specification for the GA instance.

    In this example, Small I (Specification Unit) is selected.

    Bandwidth Type Select a bandwidth type for the basic bandwidth plan.

    In this example, Premium is selected.

    Peak Bandwidth Select the bandwidth limit of the basic bandwidth plan.

    In this example, 2 Mbit/s is selected.

Step 3: Add an acceleration area

After you purchase a GA instance, you can add an acceleration area, specify the region where users are located, and then allocate bandwidth resources to the region.

  1. On the Instances page, find the GA instance and click its ID.
  2. Click the Acceleration Areas tab and then click Add Region on the Asia Pacific tab.
  3. In the Add Acceleration Area dialog box, set the following parameters and click OK.
    Parameter Description
    Regions Select the region where the users are located.

    In this example, China (Hong Kong) is selected.

    Bandwidth Specify a bandwidth value for the acceleration region.

    In this example, 2 Mbit/s is entered.

    Internet Protocol Select the IP address version used to access GA.

    In this example, IPv4 is selected.

    After you add the region, the system assigns an accelerated IP address to the region that is added to the GA instance. This accelerated IP address is used to accelerate data transfer from users in the specified region to the specified backend servers through GA. Accelerated IP address

Step 4: Add a listener and an endpoint group

A listener checks for connection requests and then distributes the requests to backend servers based on the specified protocol and ports. Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, traffic is distributed to the optimal endpoint in the associated endpoint group.

  1. On the instance details page, click the Listeners tab and then click Add Listener.
  2. On the Configure Listener & Protocol wizard page, set the following parameters and click Next.
    Listeners
    Parameter Description
    Listener Name Enter a name for the listener.

    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

    Protocol Select the protocol of the listener.

    In this example, TCP is selected.

    Port Number Specify a listener port. The port is used to receive and forward requests to endpoints. Valid values: 1 to 65499.

    In this example, 21, 2100 to 2120 is entered. 2100 to 2120 specifies pasv_min_port to pasv_max_port in the vsftpd.conf file of the FTP server that is configured in Step 1: Install and configure vsftpd on the FTP server.

    Client Affinity Specify whether to enable client affinity. If client affinity is enabled, requests from the same client are forwarded to the same endpoint when the client connects to a stateful application.

    In this example, Source IP Address is selected.

  3. On the Configure Endpoint Group wizard page, set the following parameters and click OK.
    Note

    FTP establishes two links between the client and server. One link is used to control the communication and the other is used to transfer data. The control link is used to send and receive FTP commands during the FTP session. The data link is used to transfer data.

    A GA instance has multiple endpoint group IP addresses in the region where the service is deployed. The region is also where the endpoint group belongs. However, some FTP servers are configured with connection checks, which requires that the client IP addresses of the control link and the data link must be the same. In this case, you must disable the connection check of client IP addresses for the FTP server. You can also submit a ticket to request technical support.

    Parameter Description
    Endpoint Group Name Enter a name for the endpoint group.

    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

    Region Select the region to which the endpoint group (destination servers) belongs.

    In this example, US (Silicon Valley) is selected.

    Backend Service Specify whether the backend service is deployed on Alibaba Cloud.

    On Alibaba Cloud is selected in this example.

    Preserve Client IP Specify whether to preserve client IP addresses. After the feature is enabled, backend servers can retrieve client IP addresses.

    In this example, this feature is disabled.

    Endpoint Endpoints are destinations of client requests. Set the following parameters to configure an endpoint:
    • Backend Service Type: Select Alibaba Cloud Public IP Address.
    • Backend Service: Enter the IP address of the backend service that you want to accelerate. In this example, enter the public IP address of the FTP server.
    • Weight: Specify a weight for the endpoint. Valid values: 0 to 255. GA routes network traffic to the endpoints based on their weights. In this example, set the weight of the FTP server to 100.
  4. On the Confirm wizard page, confirm the configurations of the listener and endpoint, and then click Submit.

Step 5: Verify the acceleration performance

In this example, a host that runs the Windows Server 2019 64-bit operating system is used as the FTP client. FileZilla is installed on the client to transfer data.

  1. Connect to the Windows instance.
  2. Start FileZilla.
    You can visit the official website of FileZilla to download FileZilla.
  3. In the top navigation bar, choose File > Site Manager.
  4. In the Site Manager dialog box, click New Site. Then, specify the name of your website in the Select Entry section. In this example, the name is set to GA Acceleration.
    Site Manager
  5. On the General tab, set the following parameters.
    Parameter Description
    Protocol Select FTP - File Transfer Protocol from the drop-down list.
    Host Enter the IP address used to log on to the FTP server. The IP address is the accelerated IP address allocated by GA.
    User Enter the username of the FTP server, which is ftpdemo.
    Password Enter the password used to log on to the FTP server.

    Keep the default values for parameters that are not included in the preceding table.

  6. Click Connect to connect to the FTP server.
    After you connect to the FTP server, you can upload, download, create, and delete website files. The FileZilla interface is shown in the following figure. Upload files

    The following table describes different sections on the FileZilla interface.

  7. Open the CLI and run the following command to check the latency of data transmission:
    curl
    -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer:
    %{time_starttransfer}\ntime_total: %{time_total}\n" ftp://<Accelerated IP address allocated by GA>/<File path> --user <username>:<password>
    In the command:
    • time_connect: the period of time that it takes to establish a TCP connection. Unit: seconds.
    • time_starttransfer: the start time of data transfer. The start time refers to the amount of time from when the client sends a request to the backend server to when the first byte is sent to the client. Unit: seconds.
    • time_total: the total connection time. The total connection time refers to the amount of time from when the client sends a request to when the client receives the last byte from the backend server. Unit: seconds.
    The test result indicates that GA reduces network latency when the FTP client in the China (Hong Kong) region accesses the FTP server in the US (Silicon Valley) region.
    Figure 1. Network latency of data transmission before GA is used
    Network latency of data transmission before GA is used
    Figure 2. Network latency of data transmission after GA is used
    Network latency of data transmission after GA is used
    Note When you use GA to accelerate FTP services, the actual acceleration performance varies based on your workloads.