Zip Component, Email Component, Encryption Component ActiveX Control for Zip Compression .NET Components for ASP.NET
ActiveX and .NET Components for Zip Compression, Encryption, Email, XML, S/MIME, HTML Email, Character Encoding, Digital Certificates, FTP, and more ASP Email ActiveX Component


Index of Chilkat Blog Posts

November 27, 2007

Running out of Ports for FTP Data Transfers

This blog post describes how it is possible for an FTP server to run out of ports for data transfers. One "feature" of the FTP protocol is that each data transfer occurs on a separate TCP/IP connection. (Note: This is a feature of the FTP protocol, and is not a limitation of the Chilkat FTP2 component. It applies to all FTP components and FTP client software.)

FTP data transfers include uploads, downloads, and directory listings.

When using Passive mode, a data connection is established by the FTP server choosing a port number and listening for the client connection. (The port number is sent to the client over the control connection.) The client connects to the server, the data transmission happens, and the TCP/IP connection is shutdown on both sides. The socket then enters a TIME WAIT state on the server, and the port is not usable until the TIME WAIT expires.

Here are some links to information about TIME WAIT:
http://www.isi.edu/touch/pubs/infocomm99/infocomm99-web/
http://msdn2.microsoft.com/en-us/library/ms819739.aspx
http://support.microsoft.com/kb/149532

The TIME WAIT delay is typically a few minutes in length. When an FTP server chooses a port for the data connection, the default is to choose from the ephemeral port range. On Windows systems, the port range is 1024 to 4999.

For a rough calculation — if the TIME WAIT is 2 minutes, and you have approx 4000 ports available, it means you can have a max of about 33 connections per second before running out of ports.

Some FTP servers can be configured to use a custom port range. An FTP server administrator might be tempted to use a small number of ports. After all, it’s probably more secure, right? It’s common to see FTP servers configured with as few as 20 ports, perhaps from 10,000 to 10,019. The problem here is that you’re limited to 20 data connections per TIME WAIT delay. That’s not very good — what if you want to upload 50 files?

Finally, if you’re FTP server is behind a deep-inspection firewall, it’s reasonable to use the ephemeral port range. The firewall inspects the PASV reply sent by the FTP server and knows that a connection request is coming from the FTP client’s IP address for a specific port. That connection is allowed to pass, whereas all other incoming connections in the ephemeral range will be blocked.

I’m not exactly sure what error message you’ll see if your FTP server runs out of ports. The error message that prompted this post was:

StorResponse: 425 Try later, data connection in use.

The theory is that the FTP server (which was akamai in this case) ran out of ports…


Privacy Statement. Copyright 2000-2011 Chilkat Software, Inc. All rights reserved.
Send feedback to support@chilkatsoft.com
Components for Microsoft Windows XP, 2000, 2003 Server, Vista, Windows 7, and Windows 95/98/NT4.