Accelerate FTP services - Global Accelerator - Alibaba Cloud Documentation Center

Global Accelerator (GA) accelerates data transmission over Layer 4 and Layer 7 protocols, including File Transfer Protocol (FTP). This topic uses vsftpd and FileZilla to walk through a complete setup: installing an FTP server, configuring a GA instance, and verifying the acceleration results.

How it works

FTP uses a client-server model and supports two connection modes:

Active mode: The FTP client sends its port information to the FTP server. The server then initiates a connection back to the client.
Passive mode: The FTP server opens a port and sends that port information to the client. The client initiates the connection to the server.

GA supports passive mode only. In active mode, the server must connect back to the client, which is incompatible with how GA routes traffic.

The following diagrams show how each mode works.

Active mode

Step	Description
1	The FTP client sends a connection request to port 21 of the FTP server.
2	The FTP client informs port 21 that port 2100 of the client can be used to transfer data.
3	Port 20 of the FTP server connects to port 2100 of the FTP client. Data transfer begins.
4	After data is transferred, the FTP server closes the connection.

Passive mode

Step	Description
1	The FTP client sends a connection request to port 21 of the FTP server.
2	The FTP server informs the FTP client that port 2120 is used to transfer data.
3	The FTP client opens another port and connects to port 2120 of the FTP server to transfer data.
4	After data is transferred, the FTP server closes the connection.

FTP authentication modes

FTP supports three authentication modes:

Mode	Security level	Description
Anonymous user mode	Lowest	Users log on without a username or password. Suitable only for sharing non-sensitive public files. Avoid using this mode in production.
Local user mode	Medium	Requires a local Linux user account. More secure than anonymous mode.
Virtual user mode	Highest	Virtual users can access only the FTP service, not other system resources.

This topic uses local user mode.

Limitations

Passive mode only. Active mode is not supported by GA.
Dual-link IP mismatch. FTP establishes two links between the client and server: a control link for FTP commands and a data link for data transfer. GA may route these two links through different endpoint group IP addresses. If your FTP server requires both links to originate from the same client IP address, disable client IP address checks on the FTP server, or contact your account manager to enable the same-IP feature for control and data links.
Version requirement. If your GA instance does not support FTP acceleration, it may be running an older version. Contact your account manager to upgrade.

Prerequisites

Before you begin, make sure you have:

Port 21 and ports 2100 to 2120 allowed for inbound traffic in the security group of the FTP server
A public IP address assigned to the FTP server
Reviewed the billing model for pay-as-you-go GA instances: you are charged instance fees, Capacity Unit (CU) fees, and data transfer fees. Data transfer billing is managed by Cloud Data Transfer (CDT). For details, see Pay-by-data-transfer and Billing of pay-as-you-go GA instances

This topic uses an Elastic Compute Service (ECS) instance as the FTP server. For details on configuring security groups and public IP addresses for ECS instances, see Manage security groups and Quick start.

If this is your first time using a pay-as-you-go GA instance, activate Global Accelerator on the pay-as-you-go GA activation page before proceeding.

Procedure

The following diagram shows the end-to-end setup flow.

Step 1: Install and configure vsftpd on the FTP server

The following steps apply to an ECS instance running Alibaba Cloud Linux 3. Adjust the commands and parameters if you use a different operating system or vsftpd version.

Connect to the Linux instance. For details, see Connect to a Linux instance by using a password or key.
Install vsftpd:
```
yum install -y vsftpd
```

Create an FTP user and directory:

# Create a Linux user named ftpdemo.
adduser ftpdemo
# Set the password for ftpdemo.
passwd ftpdemo
# Create a directory for the FTP service.
mkdir /var/ftp/demo
# Assign ownership of the directory to ftpdemo.
chown -R ftpdemo:ftpdemo /var/ftp/demo

Open the vsftpd configuration file:
```
vim /etc/vsftpd/vsftpd.conf
```

Update the configuration file with the following settings. Keep all other parameters at their default values.

# Disable anonymous login.
anonymous_enable=NO
# Allow local users to log on.
local_enable=YES
# Listen on IPv4 sockets.
listen=YES
# Disable listening on IPv6 sockets.
# listen_ipv6=NO
# Uncomment or add the following parameters:
# Redirect local users to this directory after login.
local_root=/var/ftp/demo
# Enable passive mode.
pasv_enable=YES
# Disable source IP checks for passive connections.
# This must be set to YES — without it, the FTP client cannot upload files.
pasv_promiscuous=YES
# Set the passive mode port range. These ports must match the listener ports in GA.
pasv_min_port=2100
pasv_max_port=2120

Press Esc to exit edit mode, then type :wq and press Enter to save and close the file.

Restart vsftpd and verify the service is running:

# Restart vsftpd.
systemctl restart vsftpd.service
# Check the status of vsftpd.
systemctl status vsftpd

Step 2: Configure basic information about the GA instance

Log on to the GA console.
On the Instances page, click Create GA Instance. Select Subscription Standard Instance or Pay-as-you-go Standard Instance based on your requirements. This topic uses Pay-as-you-go Standard Instance.

In the Basic Instance Configuration step, set the following parameters and click Next.

Parameter	Description
GA Instance Name	Enter a name for the GA instance.
Instance Billing Method	Pay-As-You-Go is selected by default. You are charged instance fees, CU fees, and data transfer fees.
Resource Group	Select the resource group for this GA instance. The resource group must belong to the current Alibaba Cloud account. For details, see Create a resource group.

Step 3: Configure an acceleration area

An acceleration area defines the regions where GA users are located and allocates bandwidth to those regions.

In the Configure acceleration areas step, set the following parameters and click Next.

Parameter	Description
Acceleration Area	Select one or more regions and click Add. This example uses China (Hong Kong).
Maximum Bandwidth	Specify the maximum bandwidth for the acceleration region. Valid range: 2 to 10,000 Mbit/s. This example uses the default value of 200 Mbit/s. If the value is too low, throttling may occur and packets may be dropped. Set this based on your actual traffic requirements.
IP Protocol	Select the IP version for connecting to GA. This example uses the default value IPv4.
ISP Line Type	Select an ISP line type. This example uses BGP (Multi-ISP).

Step 4: Configure a listener

A listener monitors incoming connection requests and routes them to endpoints based on the port and protocol you specify. Each listener is associated with one endpoint group, and GA routes traffic to the optimal endpoint in that group.

In the Configure listener step, set the following parameters and click Next. For parameters not listed here, use the default values. For details, see Add and manage intelligent routing listeners.

Parameter	Description
Listener Name	Enter a name for the listener.
Routing Type	Select Intelligent Routing.
Protocol	Select TCP.
Port	Enter `21,2100-2120`. Port 21 handles FTP control connections. Ports 2100-2120 are the passive mode data ports configured in Step 1. Valid values: 1 to 65499.
Client Affinity	Select Source IP to ensure that requests from the same client are always forwarded to the same endpoint. This is required for stateful FTP connections.

Step 5: Configure an endpoint group and an endpoint

In the Configure an endpoint group step, set the following parameters and click Next. For details, see Add and manage endpoint groups of intelligent routing listeners.

Parameter	Description
Region	Select the region where the endpoint group is deployed. This example uses US (Silicon Valley).
Backend Service Type	Select Alibaba Cloud Public IP.
Backend Service	Enter the public IP address of the FTP server.
Weight	Enter a weight for the endpoint. Valid values: 0 to 255. This example uses the default value 255. If the weight is set to 0, GA stops routing traffic to this endpoint.
Preserve Client IP	This example uses the default value Do Not Preserve. For details, see Preserve client IP addresses.

In the Configuration Review step, verify the settings and click Submit.
It takes 3 to 5 minutes for the GA instance to be created.
(Optional) After the instance is created, click the instance ID on the Instances page to view the configuration. Use the Instance Information, Listeners, and Acceleration Areas tabs to see more details.

Step 6: Verify the acceleration

This example uses a host running Windows Server 2022 as the FTP client, with FileZilla installed for file transfers. Download FileZilla from the FileZilla official website.

Connect to the Windows instance. For details, see Connect to a Windows instance by using a password.
Open FileZilla. In the top navigation bar, choose File > Site Manager.
In the Site Manager dialog box, click New site and name the site in the Select entry section. In the General section, configure the following parameters. This example uses the site name GA Acceleration. Leave all other parameters at their default values.
Parameter Description
Protocol Select FTP - File Transfer Protocol.
Host Enter the accelerated IP address allocated by GA.
User Enter ftpdemo.
Password Enter the password you set for ftpdemo.
Click Connect. After connecting, you can upload, download, create, and delete files. The FileZilla interface is divided into four sections:
Section Description
1 Command output, connection status, and task results.
2 Local disk files.
3 Remote site files. Double-click a directory to navigate into it.
4 Transfer queue and logs.

Parameter	Description
Protocol	Select FTP - File Transfer Protocol.
Host	Enter the accelerated IP address allocated by GA.
User	Enter `ftpdemo`.
Password	Enter the password you set for `ftpdemo`.

Section	Description
1	Command output, connection status, and task results.
2	Local disk files.
3	Remote site files. Double-click a directory to navigate into it.
4	Transfer queue and logs.

To measure latency, open a command-line interface and run:

Actual acceleration results vary depending on your workloads and network conditions.

Metric	Description
`time_connect`	Time to establish the TCP connection, in seconds.
`time_starttransfer`	Time from when the client sends the request to when the first byte is received, in seconds.
`time_total`	Total time from request to the last byte received, in seconds.

curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" ftp://<GA accelerated IP address>/<file path> --user <username>:<password>

The output includes three metrics: The test results show that GA reduces network latency when the FTP client in China (Hong Kong) connects to the FTP server in US (Silicon Valley). Figure 1. Network latency before acceleration Figure 2. Network latency after acceleration

FTP服务加速前.png

FTP服务加速后.png