Operating System - OpenVMS
1748086 Members
4931 Online
108758 Solutions
New Discussion юеВ

Re: ftp large files fail, small files succeed

 
SOLVED
Go to solution
Ron Kaledas
Advisor

ftp large files fail, small files succeed

Okay, I've searched for this, found a few matches, but nothing newer than 2006...(!) Those fixes didn't help/apply to my issue.

I'm into a client via vpn, though I don't think that should matter. (though once I get connected via vpn, I can't putty directly to the test system, I have to putty to the prod system and then telnet to the test system.)

Anyway, trying to ftp a large file from prod to test (both vms). I can ftp smaller files. for larger ones, I get the output below. it connects enough to get the filesize, and allocates that space on the test system disk. but, the file size remains 0.

Does anyone still hang out here? :) any thoughts? some type of firewall/network switch setup issue that I'd have no access to? (I did ask them to verify fixed full on the ports.)

Thanks!
Ron


FTP> bin
200 TYPE set to IMAGE.
FTP> get openvms_alpha_8_3.zip
200 PORT command successful.
150 Opening data connection for SYS$COMMON:[SYSMGR.WEB.83]openvms_alpha_8_3.zip; (10.252.16.75,49183) (209548312 bytes)
HNATST::_TNA8: 14:39:12 TCPIP$FTP CPU=00:00:00.72 PF=1386 IO=2374 MEM=349
GET (VMS+) 0 bytes 00:00:04.98 elapsed (0.00 KB/S)
Local: LAB2:[000000]OPENVMS_ALPHA_8_3.ZIP;1
Remote: openvms_alpha_8_3.zip
HNATST::_TNA8: 14:39:22 TCPIP$FTP CPU=00:00:00.72 PF=1386 IO=2378 MEM=349
GET (VMS+) 0 bytes 00:00:15.14 elapsed (0.00 KB/S)
Local: LAB2:[000000]OPENVMS_ALPHA_8_3.ZIP;1
Remote: openvms_alpha_8_3.zip
HNATST::_TNA8: 14:45:59 TCPIP$FTP CPU=00:00:00.72 PF=1386 IO=2382 MEM=349
GET (VMS+) 0 bytes 00:06:51.61 elapsed (0.00 KB/S)
Local: LAB2:[000000]OPENVMS_ALPHA_8_3.ZIP;1
Remote: openvms_alpha_8_3.zip
%SYSTEM-F-CONNECFAIL, connect to network object timed-out or failed
43 REPLIES 43
Andy Bustamante
Honored Contributor
Solution

Re: ftp large files fail, small files succeed

Ron,

I'd start with looking at the network. Make sure both VMS systems and switches are set to agree on speed/duplex or auto negotiate.

What sort of VPN and is there an MTU recommendation to trim MTU? Are these Giga adaptors? If so, are jumbo frames enabled and over running the VPN?

Andy
If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
Robert Gezelter
Honored Contributor

Re: ftp large files fail, small files succeed

Ron,

As has been noted, duplex mismatches somewhere in the path will produce this type of symptom (I have seen it, they can be pernicious to track down -- I had it happen at a client a while back, someone in the network group had swapped a switch and mis-configured the replacement).

A LAN trace of the transfer can be illuminating. Wireshark is freely available, and runs on many standard personal platforms.

The small files may not hit the timing problem that is the actual problem.

- Bob Gezelter, http://www.rlgsc.com
John Gillings
Honored Contributor

Re: ftp large files fail, small files succeed

Ron,

As others said, this is almost certainly a duplex mismatch.

> (I did ask them to verify fixed full on the ports.)

Please ask "them" to set AUTO on all ports and switches. Hard setting network speeds is just setting yourself up for a failure like the one you're observing sometime in the future.

Remember to check all systems in the path between you and the FTP target.
A crucible of informative mistakes
Robert Brooks_1
Honored Contributor

Re: ftp large files fail, small files succeed

The frequent response to these problems by the
VMS Engineer who wrote ethernet drivers for a couple of decades is to set both ends of the connection to autonegotiate, assuming a modern version of VMS (in this case "modern" means V.3-2 and newer) and a properly-functioning switch. VMS should always get it right.


-- Rob
Ron Kaledas
Advisor

Re: ftp large files fail, small files succeed

Well, everyone (and hi to John and Andy!) seems to agree that it is a network configuration problem, so I will pursue that further. I haven't actually heard back from "them" yet.

I do find it interesting though, I'd always heard NOT to use auto, but that seems to be the opposite of what I'm hearing here. I will take that into consideration! It seems to me - though I can't remember details - that auto was to be avoided because "things" (cisco, nics, can't remember what) didn't always make the right choice, so that's why fixed was preferred. Of course, this may be outdated information...

So, thanks for your input, and I will report back if I find a definitive answer.
Richard Whalen
Honored Contributor

Re: ftp large files fail, small files succeed

Though I won't say don't investigate the network configuration, I think that there may be other things to consider as well.

Since small file transfer fine, but large files are allocated, but not transferred, I'd look for something that might be tearing down an "idle" connection. Does the path between the production system and test system involve some sort of firewall or NAT device?

The information above shows that you aren't operating in passive mode; have you tried passive mode?
Ron Kaledas
Advisor

Re: ftp large files fail, small files succeed

Guess I'm not sure (/don't remember) what passive mode is, could clarify how to use it?
Richard Whalen
Honored Contributor

Re: ftp large files fail, small files succeed

To enter passive mode, use the SET PASSIVE ON command before starting the transfer.
This will cause the FTP server to create the data port and pass information to the client as to how to connect to it.
Hoff
Honored Contributor

Re: ftp large files fail, small files succeed

Note: ACTIVE and PASSIVE are likely not involved here.

ACTIVE and PASSIVE are transfer modes. Check your ftp client command documentation for details. The command is often a toggle command "passive", but syntax varies. TCP/IP Services uses the SET PASSIVE (on|off) command.

ACTIVE: the ftp client tells the ftp server which port the server should connect back to. Can be blocked by the client or client network firewall.

PASSIVE: client asks server for the identity of a port to connect into. Can be blocked by the server or server network firewall.

Because of that second channel and its associated handling, the ftp protocol design is largely incompatible with modern IP networks; with (most) IP firewalls.

(Trivia: ftp is older than IP, and way older than IP firewalls.)

The "fun" is that ftp uses a second IP port from the ephemeral range, and in a way that is inherently blocked by the most prevalent designs for IP firewalls. This means that the port range specified for ftp will have to be coordinated with the firewall, and opened. (And yes, other network applications can also use the ephemeral port range, so various firewall administrators are loathe to open it.)

There are comparatively sophisticated IP firewalls that can deal with ftp, as they explicitly know the ftp protocol, sniff and remember the ftp traffic, and automatically open the correct port for the impending data connection. These firewalls aren't yet in common use.

All of which means that ftp goes off the rails fairly regularly, and folks try the so-called active and passive transfers, and can end up opening up vast ranges of IP ports.

ftp also spews your credentials in cleartext, so it's a poor choice for any applications where write access is required.

sftp is a far newer design and - though it shares three letters with and its basic purpose with ftp - shares little else. sftp is vastly easier to punch through a firewall, and you can also incorporate certificates to greatly reduce your exposure to brute-force server attacks.

Yes, I've been known to express a relative distaste for ftp. Here are some technical details behind that opinion and around why ftp is such utter "fun" to deal with:

http://labs.hoffmanlabs.com/node/530

ftp is best left to the task of anonymous reading of and copying of files from a server, and little else. If you even use that and not something like WebDAV.

A network that requires VPN to PuTTY to telnet (and particularly if that's three separate steps and two intermediate hops) would imply the potential for simplification there, and potentially elsewhere in the network design. That is not a typical sequence for a secure network, and not an access sequence that would be commonplace for a more "open" internal network. I'd probably install a better and VPN-capable firewall, or otherwise reconfigure the firewall(s) and that LAN to allow a connection onto the LAN with the VMS servers. Based in this description (and I've built and rebuilt these sorts of network configurations myself) the network design looks to need some assistance to better contend with the organic growth it has apparently undergone.

Again, Note: IP firewalls aren't a factor with VMS, as VMS doesn't (yet?) have one. This particular case likely does NOT involve firewalls, particularly given the transfer works with smaller files.