Accelerate FTP services - Global Accelerator - Alibaba Cloud Documentation Center

Global Accelerator (GA) can accelerate data transmission over Layer 4 and Layer 7 protocols, including File Transfer Protocol (FTP). This topic introduces FTP and uses vsftpd and FileZilla to describe how to use Global Accelerator to accelerate FTP services.

Background information

FTP is a protocol used to transfer files. This protocol is based on the client-server model and supports the following modes:

Active mode: The FTP client sends the FTP port information to the FTP server, and the FTP server initializes a connection to the FTP client over the port.
Passive mode: The FTP server opens a port and sends the port information to the FTP client. The FTP client initializes a connection to the FTP server over the port, and the FTP server accepts the connection.

The following figure and table describe how FTP works in active mode.

No.	Description
①	The FTP client sends a connection request to port 21 of the FTP server.
②	The FTP client informs port 21 that port 2100 of the client can be used to transfer data.
③	Port 20 of the FTP server connects to port 2100 of the FTP client. Then, data can be transferred between the server and the client.
④	After data is transferred, the FTP server closes the connection.

The following figure and table describe how FTP works in passive mode.

No.	Description
①	The FTP client sends a connection request to port 21 of the FTP server.
②	The FTP server informs the FTP client that port 2120 is used to transfer data.
③	The FTP client opens another port to connect to port 2120 of the FTP server to transfer data.
④	After data is transferred, the FTP server closes the connection.

Active mode is not supported by GA. Therefore, only passive mode can be used.

FTP supports the following authentication modes:

Anonymous user mode: In this mode, users can log on to the FTP server without a username or password. This is the least secure authentication mode. In most cases, this mode is used to save unimportant public files. We recommend that you do not use this mode to save files in a production environment.
Local user mode: In this mode, local Linux users must be created. This mode is more secure than the anonymous user mode.
Virtual user mode: Virtual users are dedicated users of the FTP server. Virtual users can access only the FTP service that the Linux system provides and cannot access other resources of the system. This enhances the security of the FTP server.

Prerequisites

Port 21 and ports 2100 to 2120 are allowed to receive traffic in the security group of the FTP server.
A public IP address is assigned to the FTP server.

Note

In this example, an Elastic Compute Service (ECS) instance is used as the FTP server. For more information about how to configure security groups and public IP addresses for ECS instances, see Manage security groups and Quick start.

Limits

If your Global Accelerator instance does not support FTP service acceleration, the instance may be using an earlier version. Contact your account manager to upgrade your GA instance.

Procedure

Note

This topic uses a pay-as-you-go standard Global Accelerator instance as an example to describe how to configure Global Accelerator to accelerate FTP services. Before you create a pay-as-you-go standard Global Accelerator instance, take note of the following information:

GA instances use the pay-by-data-transfer metering method. You do not need to associate a basic bandwidth plan with pay-as-you-go GA instances. The billing of data transfer over the GA network is managed by Cloud Data Transfer (CDT). For more information, see Pay-by-data-transfer.
The first time you use a pay-as-you-go Global Accelerator instance, go to the pay-as-you-go GA activation page and activate Global Accelerator as prompted.

Step 1: Install and configure vsftpd on the FTP server

The following section describes how to install and configure vsftpd on an ECS instance that runs the Alibaba Cloud Linux 3 operating system. If you use a different operating system or vsftpd version, change the commands and parameter settings accordingly.

Connect to the Linux instance.
For more information, see Connect to a Linux instance by using a password or key.
Run the following command to install vsftpd:
```
yum install -y vsftpd
```

Use the local user mode for authentication and create a user that is used to log on to the FTP server.

# Create a Linux user named ftpdemo.
adduser ftpdemo
# Change the password of ftpdemo.
passwd ftpdemo
# Create a directory for the FTP service.
mkdir /var/ftp/demo
# Transfer the ownership of the directory to ftpdemo.
chown -R ftpdemo:ftpdemo /var/ftp/demo

Configure vsftpd.
```
vim /etc/vsftpd/vsftpd.conf
```

Modify the configuration file of vsftpd based on the following information:

# Use the default values for all parameters except the following parameters.
# Modify the values of the following parameters.
# Forbid anonymous users to log on to the FTP server.
anonymous_enable=NO
# Allow local users to log on to the FTP server.
local_enable=YES
# Listen on IPv4 sockets.
listen=YES
# Disable listening on IPv6 sockets.
# listen_ipv6=NO
# Add the following parameters.
# Specify the directory to which local users are directed after they log on.
local_root=/var/ftp/demo
# Enable the passive mode.
pasv_enable=YES
# Disable security checks. The value must be set to YES. Otherwise, the FTP client cannot upload files to the FTP server.
pasv_promiscuous=YES
# Set the first port of the port range that can be used to transfer data in passive mode.
pasv_min_port=2100
# Set the last port of the port range that can be used to transfer data in passive mode.
pasv_max_port=2120

Press the Esc key to exit the edit mode. Enter :wq and press the Enter key to save and close the file.

Run the following commands to view or restart vsftpd:

# Restart vsftpd.
systemctl restart vsftpd.service
# View the status of vsftpd.
systemctl status vsftpd

Step 2: Configure basic information about the GA instance

Log on to the GA console.
On the Instances page, click Create GA Instance. Select Subscription Standard Instance or Pay-as-you-go Standard Instance based on your business requirements.
In this example, Pay-as-you-go Standard Instance is selected.

In the Basic Instance Configuration step, configure the following parameters and click Next.

Parameter	Description
GA Instance Name	Enter a name for the GA instance.
Instance Billing Method	Pay-As-You-Go is selected by default. You are charged instance fees, Capacity Unit (CU) fees, and data transfer fees for pay-as-you-go standard GA instances. For more information about instance fees and CU fees, see Billing of pay-as-you-go GA instances. For more information about data transfer fees, see Pay-by-data-transfer.
Resource Group	Select the resource group to which the standard GA instance belongs. The resource group must be a resource group created in Resource Management by the current Alibaba Cloud account. For more information, see Create a resource group.

Step 3: Configure an acceleration area

By adding an acceleration area, you can specify the regions of the GA users and allocate bandwidth to the regions.

In the Configure acceleration areas step, configure the parameters and click Next. The following table describes the parameters.

Parameter	Description
Acceleration Area	Select one or more regions from the drop-down list and click Add. In this example, the China (Hong Kong) region is selected.
Assign Bandwidth
Maximum Bandwidth	Specify the maximum bandwidth for the acceleration region. Each acceleration region supports a bandwidth range of 2 to 10,000 Mbit/s. The maximum bandwidth is used for bandwidth throttling. The data transfer fees are managed by CDT. In this example, the default value 200 Mbit/s is used. Important If you specify a small value for the maximum bandwidth, throttling may occur and packets may be dropped. Specify the maximum bandwidth based on your business requirements.
IP Protocol	Select the IP version that is used to connect to Global Accelerator. In this example, the default value IPv4 is selected.
ISP Line Type	Select an ISP line type for the Global Accelerator instance. BGP (Multi-ISP) is selected in this example.

Step 4: Configure a listener

A listener listens for connection requests and distributes the requests to endpoints based on the port and the protocol that you specify. Each listener is associated with an endpoint group. You can associate an endpoint group with a listener by specifying the region to which you want to distribute network traffic. After you associate an endpoint group with a listener, network traffic is distributed to the optimal endpoint in the endpoint group.

In the Configure listener step, set the required parameters, and click Next.

The following table describes only the parameters that are relevant to this topic. Use the default values for other parameters. For more information, see Add and manage intelligent routing listeners.

Parameter	Description
Listener Name	Enter a name for the listener.
Routing Type	Select a routing type. In this example, Intelligent Routing is selected.
Protocol	Select a protocol for the listener. In this example, TCP is selected.
Port	Specify a port for the listener to receive and forward requests to endpoints. Valid values: 1 to 65499. In this example, `21,2100-2120` is entered. `2100-2120` is the port range specified by pasv_min_port and pasv_max_port in the vsftpd.conf file of the FTP server that is configured in Step 1: Install and configure vsftpd on the FTP server.
Client Affinity	Specify whether to enable client affinity. If client affinity is enabled, requests from the same client are forwarded to the same endpoint when the client connects to a stateful application. In this example, Source IP is selected.

Step 5: Configure an endpoint group and an endpoint

In the Configure an endpoint group step, configure the parameters and click Next. The following table describes the parameters.

This topic describes only the key parameters. For more information, see Add and manage endpoint groups of intelligent routing listeners.

Note

FTP establishes two links between the client and the server. One link is used to control the communication and the other is used to transfer data. The control link is used to send and receive FTP commands during the FTP session. The data link is used to transfer data.

A GA instance has multiple endpoint group IP addresses in the region where the service is deployed. The region is also where the endpoint group belongs. However, connection checks are configured for some FTP servers. The connection checks require that the control link and the data link have the same client IP address. In this case, you must disable the connection checks of the client IP addresses for the FTP servers. You can also contact your account manager to enable the feature that ensures that the control link and the data link have the same client IP address.

Parameter	Description
Region	Select the region where the endpoint group is deployed. In this example, US (Silicon Valley) is selected.
Endpoint Configuration	Client requests are routed to endpoints. To add an endpoint, set the following parameters: Backend Service Type: Select Alibaba Cloud Public IP. Backend Service: Enter the IP address of the backend service that you want to accelerate. In this example, enter the public IP address of the FTP server. Weight: Enter a weight for the endpoint. Valid values: 0 to 255. Global Accelerator routes network traffic to endpoints based on the weights of the endpoints. In this example, the default value 255 is used. Warning If you set the weight of an endpoint to 0, Global Accelerator stops distributing network traffic to the endpoint. Proceed with caution.
Preserve Client IP	Specify whether to preserve client IP addresses. If you enable this feature, the backend server can obtain client IP addresses. For more information, see Preserve client IP addresses. In this example, the default value Do Not Preserve is used.

In the Configuration Review step, check the configurations and click Submit.
Note
It takes 3 to 5 minutes to create a Global Accelerator instance.
(Optional) After you create a GA instance, you can click the instance ID on the Instances page to view the configurations of the instance. On the instance details page, you can click tabs such as Instance Information, Listeners, and Acceleration Areas to view more details.

Step 6: Verify the acceleration performance

In this example, a host that runs the Windows Server 2022 operating system is used as the FTP client. FileZilla is installed on the client to transfer data.

Remotely connect to the Windows instance.
For more information, see Connect to a Windows instance by using a password.
Start FileZilla.
You can visit the official website of FileZilla to download FileZilla.
In the top navigation bar, choose File > Site Manager.

In the Site Manager dialog box, click New site. Then, specify the name of your website in the Select entry section. Configure the parameters in the General section.

In this example, the site name is set to GA Acceleration.

FTP管理软件 zh.png

Parameter	Description
Protocol	Select FTP - File Transfer Protocol from the drop-down list.
Host	Enter the IP address used to log on to the FTP server. The IP address is the accelerated IP address allocated by GA.
User	Enter the username of the FTP server, which is `ftpdemo`.
Password	Enter the password used to log on to the FTP server.

Use the default values for parameters that are not included in the preceding table.

Click Connect to connect to the FTP server.

After you connect to the FTP server, you can upload, download, create, and delete website files. The FileZilla interface is shown in the following figure.

FTP服务上传文件 zh.png

The following table describes different sections on the FileZilla interface.

No.	Description
①	Commands, the connection status of the FTP server, and task execution results are shown.
②	The section of local disks.
③	The section of the remote site. You can double-click a directory to access the directory.
④	The section that displays records, including the queues and logs of the FTP task.

Open the CLI and run the following command to check the latency of data transmission:
```
curl -o /dev/null -s -w "time_connect: %{time_connect}\ntime_starttransfer: %{time_starttransfer}\ntime_total: %{time_total}\n" ftp://<GA accelerated IP address>/<File path> --user <username >:< password>
```
The following section describes the parameters:
- time_connect: The period of time that is required to establish a TCP connection. Unit: seconds.
- time_starttransfer: The start time of data transfer. The start time refers to the period of time from when the client sends a request to the backend server to when the first byte is sent to the client. Unit: seconds.
- time_total: The total connection time. The total connection time refers to the period of time from when the client sends a request to when the client receives the last byte from the backend server. Unit: seconds.
The test result shows that GA reduces network latency when the FTP client in the China (Hong Kong) region accesses the FTP server in the US (Silicon Valley) region.
Figure 1. Network latency before acceleration
Figure 2. Network latency after acceleration
Note
When you use GA to accelerate FTP services, the actual acceleration performance varies based on your workloads.