Proper drain-stop of Passive FTPS


Consider the following configuration:

  • A pair of servers (named N1 and N2) hosting FTPS in passive mode
  • A Kemp VLM hosting a VS in L4 Transparency mode for the pair of FTPS server
  • Persistence is configured for the VS to ensure passive connections are sent to the same server as the active FTP session

Now consider the following situation:

  1. Client Bob connects via implicit FTPS port 990 to the VIP and is directed to server N1
  2. Client Bob lists directory contents opening a passive FTP and is returned the directory list
  3. A Kemp administrator Disables the Real Server N1
  4. Client Bob maintains his FTPS session to N1
  5. Client Bob starts a file transfer, because N1 was disabled in the load balancer, the passive session for the file transfer is sent to server N2
  6. The passive file transfer for Bob fails

Is there a good solution to this problem? Is there no method to ensure all TCP/UDP sessions for a specific IP are sent to the same real server even after it is disabled until all sessions end?

Any help is great. Thanks.