Product Documentation

ns tcpParam

Sep 12, 2016

The following operations can be performed on "ns tcpParam":

set ns tcpParam

Sets the TCP parameters for the NetScaler appliance.

Synopsys

set ns tcpParam [-WS ( ENABLED | DISABLED )] [-WSVal <positive_integer>] [-SACK ( ENABLED | DISABLED )] [-learnVsvrMSS ( ENABLED | DISABLED )] [-maxBurst <positive_integer>] [-initialCwnd <positive_integer>] [-delayedAck <positive_integer>] [-downStateRST ( ENABLED | DISABLED )] [-nagle ( ENABLED | DISABLED )] [-limitedPersist ( ENABLED | DISABLED )] [-oooQSize <positive_integer>] [-ackOnPush ( ENABLED | DISABLED )] [-maxPktPerMss <positive_integer>] [-pktPerRetx <integer>] [-minRTO <integer>] [-slowStartIncr <integer>] [-maxDynServerProbes <positive_integer>] [-synHoldFastGiveup <positive_integer>] [-maxSynholdPerprobe <positive_integer>] [-maxSynhold <positive_integer>] [-mssLearnInterval <positive_integer>] [-mssLearnDelay <positive_integer>] [-maxTimeWaitConn <positive_integer>] [-maxSynAckRetx <positive_integer>] [-synAttackDetection ( ENABLED | DISABLED )] [-connFlushIfNoMem <connFlushIfNoMem>] [-connFlushThres <positive_integer>] [-mptcpConCloseOnPassiveSF ( ENABLED | DISABLED )] [-mptcpChecksum ( ENABLED | DISABLED )] [-mptcpSFtimeout <secs>] [-mptcpSFReplaceTimeout <secs>] [-mptcpMaxSF <positive_integer>] [-mptcpMaxPendingSF <positive_integer>] [-mptcpPendingJoinThreshold <positive_integer>] [-mptcpRTOsToSwitchSF <positive_integer>] [-mptcpUseBackupOnDSS ( ENABLED | DISABLED )] [-TcpMaxRetries <positive_integer>] [-mptcpImmediateSFCloseOnFIN ( ENABLED | DISABLED )] [-mptcpCloseMptcpSessionOnLastSFClose ( ENABLED | DISABLED )] [-tcpFastOpenCookieTimeout <secs>]

Arguments

WS

Enable or disable window scaling.

Possible values: ENABLED, DISABLED

Default value: DISABLED

WSVal

Factor used to calculate the new window size.

This argument is needed only when the window scaling is enabled.

Default value: 4

Minimum value: 0

Maximum value: 14

SACK

Enable or disable Selective ACKnowledgement (SACK).

Possible values: ENABLED, DISABLED

Default value: DISABLED

learnVsvrMSS

Enable or disable maximum segment size (MSS) learning for virtual servers.

Possible values: ENABLED, DISABLED

Default value: DISABLED

maxBurst

Maximum number of TCP segments allowed in a burst.

Default value: 6

Minimum value: 1

Maximum value: 255

initialCwnd

Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.

Default value: 4

Minimum value: 1

Maximum value: 44

delayedAck

Timeout for TCP delayed ACK, in milliseconds.

Default value: 100

Minimum value: 10

Maximum value: 300

downStateRST

Flag to switch on RST on down services.

Possible values: ENABLED, DISABLED

Default value: DISABLED

nagle

Enable or disable the Nagle algorithm on TCP connections.

Possible values: ENABLED, DISABLED

Default value: DISABLED

limitedPersist

Limit the number of persist (zero window) probes.

Possible values: ENABLED, DISABLED

Default value: ENABLED

oooQSize

Maximum size of out-of-order packets queue. A value of 0 means no limit.

Default value: 64

Minimum value: 0

Maximum value: 65535

ackOnPush

Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

Possible values: ENABLED, DISABLED

Default value: ENABLED

maxPktPerMss

Maximum number of TCP packets allowed per maximum segment size (MSS).

Minimum value: 0

Maximum value: 1460

pktPerRetx

Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK.

Default value: 1

Minimum value: 1

Maximum value: 100

minRTO

Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10).

Default value: 1000

Minimum value: 10

Maximum value: 64000

slowStartIncr

Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission.

Default value: 2

Minimum value: 1

Maximum value: 100

maxDynServerProbes

Maximum number of probes that NetScaler can send out in 10 milliseconds, to dynamically learn a service. NetScaler probes for the existence of the origin in case of wildcard virtual server or services.

Default value: 7

Minimum value: 1

Maximum value: 65535

synHoldFastGiveup

Maximum threshold. After crossing this threshold number of outstanding probes for origin, the NetScaler reduces the number of connection retries for probe connections.

Default value: 1024

Minimum value: 256

Maximum value: 65535

maxSynholdPerprobe

Limit the number of client connections (SYN) waiting for status of single probe. Any new SYN packets will be dropped.

Default value: 128

Minimum value: 1

Maximum value: 255

maxSynhold

Limit the number of client connections (SYN) waiting for status of probe system wide. Any new SYN packets will be dropped.

Default value: 16384

Minimum value: 256

Maximum value: 65535

mssLearnInterval

Duration, in seconds, to sample the Maximum Segment Size (MSS) of the services. The NetScaler appliance determines the best MSS to set for the virtual server based on this sampling. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.

Default value: 180

Minimum value: 1

Maximum value: 1048576

mssLearnDelay

Frequency, in seconds, at which the virtual servers learn the Maximum segment size (MSS) from the services. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.

Default value: 3600

Minimum value: 1

Maximum value: 1048576

maxTimeWaitConn

Maximum number of connections to hold in the TCP TIME_WAIT state on a packet engine. New connections entering TIME_WAIT state are proactively cleaned up.

Default value: 7000

Minimum value: 1

maxSynAckRetx

When 'syncookie' is disabled in the TCP profile that is bound to the virtual server or service, and the number of TCP SYN+ACK retransmission by NetScaler for that virtual server or service crosses this threshold, the NetScaler appliance responds by using the TCP SYN-Cookie mechanism.

Default value: 100

Minimum value: 100

Maximum value: 1048576

synAttackDetection

Detect TCP SYN packet flood and send an SNMP trap.

Possible values: ENABLED, DISABLED

Default value: ENABLED

connFlushIfNoMem

Flush an existing connection if no memory can be obtained for new connection.

HALF_CLOSED_AND_IDLE: Flush a connection that is closed by us but not by peer, or failing that, a connection that is past configured idle time. New connection fails if no such connection can be found.

FIFO: If no half-closed or idle connection can be found, flush the oldest non-management connection, even if it is active. New connection fails if the oldest few connections are management connections.

Note: If you enable this setting, you should also consider lowering the zombie timeout and half-close timeout, while setting the NetScaler timeout.

See Also: connFlushThres argument below.

Possible values: NONE, HALFCLOSED_AND_IDLE, FIFO

Default value: 5

connFlushThres

Flush an existing connection (as configured through -connFlushIfNoMem FIFO) if the system has more than specified number of connections, and a new connection is to be established. Note: This value may be rounded down to be a whole multiple of the number of packet engines running.

Minimum value: 1

mptcpConCloseOnPassiveSF

Accept DATA_FIN/FAST_CLOSE on passive subflow

Possible values: ENABLED, DISABLED

Default value: ENABLED

mptcpChecksum

Use MPTCP DSS checksum

Possible values: ENABLED, DISABLED

Default value: ENABLED

mptcpSFtimeout

The timeout value in seconds for idle mptcp subflows. If this timeout is not set, idle subflows are cleared after cltTimeout of vserver

Default value: 0

Maximum value: 31536000

mptcpSFReplaceTimeout

The minimum idle time value in seconds for idle mptcp subflows after which the sublow is replaced by new incoming subflow if maximum subflow limit is reached. The priority for replacement is given to those subflow without any transaction

Default value: 10

Maximum value: 31536000

mptcpMaxSF

Maximum number of subflow connections supported in established state per mptcp connection.

Default value: 4

Minimum value: 2

Maximum value: 6

mptcpMaxPendingSF

Maximum number of subflow connections supported in pending join state per mptcp connection.

Default value: 4

Minimum value: 0

Maximum value: 4

mptcpPendingJoinThreshold

Maximum system level pending join connections allowed.

Default value: 0

Minimum value: 0

Maximum value: 4294967294

mptcpRTOsToSwitchSF

Number of RTO's at subflow level, after which MPCTP should start using other subflow.

Default value: 2

Minimum value: 1

Maximum value: 6

mptcpUseBackupOnDSS

When enabled, if NS receives a DSS on a backup subflow, NS will start using that subflow to send data. And if disabled, NS will continue to transmit on current chosen subflow. In case there is some error on a subflow (like RTO's/RST etc.) then NS can choose a backup subflow irrespective of this tunable.

Possible values: ENABLED, DISABLED

Default value: ENABLED

TcpMaxRetries

Number of RTO's after which a connection should be freed.

Default value: 7

Minimum value: 1

Maximum value: 7

mptcpImmediateSFCloseOnFIN

Allow subflows to close immediately on FIN before the DATA_FIN exchange is completed at mptcp level.

Possible values: ENABLED, DISABLED

Default value: DISABLED

mptcpCloseMptcpSessionOnLastSFClose

Allow to send DATA FIN or FAST CLOSE on mptcp connection while sending FIN or RST on the last subflow.

Possible values: ENABLED, DISABLED

Default value: DISABLED

tcpFastOpenCookieTimeout

Timeout in seconds after which a new TFO Key is computed for generating TFO Cookie. If zero, the same key is used always. If timeout is less than 120seconds, NS defaults to 120seconds timeout.

Default value: 0

Minimum value: 0

Maximum value: 31536000

unset ns tcpParam

Use this command to remove ns tcpParam settings.Refer to the set ns tcpParam command for meanings of the arguments.

Synopsys

unset ns tcpParam [-WS] [-WSVal] [-SACK] [-learnVsvrMSS] [-maxBurst] [-initialCwnd] [-delayedAck] [-downStateRST] [-nagle] [-limitedPersist] [-oooQSize] [-ackOnPush] [-maxPktPerMss] [-pktPerRetx] [-minRTO] [-slowStartIncr] [-maxDynServerProbes] [-synHoldFastGiveup] [-maxSynholdPerprobe] [-maxSynhold] [-mssLearnInterval] [-mssLearnDelay] [-maxTimeWaitConn] [-maxSynAckRetx] [-synAttackDetection] [-connFlushIfNoMem] [-connFlushThres] [-mptcpConCloseOnPassiveSF] [-mptcpChecksum] [-mptcpSFtimeout] [-mptcpSFReplaceTimeout] [-mptcpMaxSF] [-mptcpMaxPendingSF] [-mptcpPendingJoinThreshold] [-mptcpRTOsToSwitchSF] [-mptcpUseBackupOnDSS] [-TcpMaxRetries] [-mptcpImmediateSFCloseOnFIN] [-mptcpCloseMptcpSessionOnLastSFClose] [-tcpFastOpenCookieTimeout]

show ns tcpParam

Displays the TCP parameters configured on the NetScaler appliance.

Synopsys

show ns tcpParam

Outputs

WS

Enable or disable window scaling.

WSVal

Factor used to calculate the new window size.

This argument is needed only when the window scaling is enabled.

SACK

Enable or disable Selective ACKnowledgement (SACK).

learnVsvrMSS

Enable or disable maximum segment size (MSS) learning for virtual servers.

maxBurst

Maximum number of TCP segments allowed in a burst.

initialCwnd

Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.

recvBuffSize

TCP Receive buffer size

delayedAck

Timeout for TCP delayed ACK, in milliseconds.

downStateRST

Flag to switch on RST on down services.

nagle

Enable or disable the Nagle algorithm on TCP connections.

limitedPersist

Limit the number of persist (zero window) probes.

oooQSize

Maximum size of out-of-order packets queue. A value of 0 means no limit.

ackOnPush

Immediate ACK on PUSH packet

maxPktPerMss

Maximum packets per MSS

pktPerRetx

Maximum packets per retransmission

minRTO

Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10).

slowStartIncr

TCP slowstart increment factor

maxDynServerProbes

Maximum number of probes that NetScaler can send out in 10 milliseconds, to dynamically learn a service. NetScaler probes for the existence of the origin in case of wildcard virtual server or services.

synHoldFastGiveup

Maximum threshold. After crossing this threshold number of outstanding probes for origin, the NetScaler reduces the number of connection retries for probe connections.

maxSynholdPerprobe

Limit the number of client connections (SYN) waiting for status of single probe. Any new SYN packets will be dropped.

maxSynhold

Limit the number of client connections (SYN) waiting for status of probe system wide. Any new SYN packets will be dropped.

mssLearnInterval

Duration, in seconds, to sample the Maximum Segment Size (MSS) of the services. The NetScaler appliance determines the best MSS to set for the virtual server based on this sampling. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.

mssLearnDelay

Frequency, in seconds, at which the virtual servers learn the Maximum segment size (MSS) from the services. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.

maxTimeWaitConn

Maximum number of connections to hold in the TCP TIME_WAIT state on a packet engine. New connections entering TIME_WAIT state are proactively cleaned up.

KAprobeUpdateLastactivity

Update last activity for KA probes

maxSynAckRetx

When 'syncookie' is disabled in the TCP profile that is bound to the virtual server or service, and the number of TCP SYN+ACK retransmission by NetScaler for that virtual server or service crosses this threshold, the NetScaler appliance responds by using the TCP SYN-Cookie mechanism.

synAttackDetection

Detect TCP SYN packet flood and send an SNMP trap.

connFlushIfNoMem

Flush an existing connection if no memory can be obtained for new connection.

HALF_CLOSED_AND_IDLE: Flush a connection that is closed by us but not by peer, or failing that, a connection that is past configured idle time. New connection fails if no such connection can be found.

FIFO: If no half-closed or idle connection can be found, flush the oldest non-management connection, even if it is active. New connection fails if the oldest few connections are management connections.

Note: If you enable this setting, you should also consider lowering the zombie timeout and half-close timeout, while setting the NetScaler timeout.

See Also: connFlushThres argument below.

connFlushThres

Flush an existing connection (as configured through -connFlushIfNoMem FIFO) if the system has more than specified number of connections, and a new connection is to be established. Note: This value may be rounded down to be a whole multiple of the number of packet engines running.

mptcpConCloseOnPassiveSF

Accept DATA_FIN/FAST_CLOSE on passive subflow

mptcpChecksum

Use MPTCP DSS checksum

mptcpSFtimeout

The timeout value in seconds for idle mptcp subflows. If this timeout is not set, idle subflows are cleared after cltTimeout of vserver

mptcpSFReplaceTimeout

The minimum idle time value in seconds for idle mptcp subflows after which the sublow is replaced by new incoming subflow if maximum subflow limit is reached. The priority for replacement is given to those subflow without any transaction

mptcpMaxSF

Maximum number of subflow connections supported in established state per mptcp connection.

mptcpMaxPendingSF

Maximum number of subflow connections supported in pending join state per mptcp connection.

mptcpPendingJoinThreshold

Maximum system level pending join connections allowed.

mptcpRTOsToSwitchSF

Number of RTO's at subflow level, after which MPCTP should start using other subflow.

mptcpUseBackupOnDSS

When enabled, if NS receives a DSS on a backup subflow, NS will start using that subflow to send data. And if disabled, NS will continue to transmit on current chosen subflow. In case there is some error on a subflow (like RTO's/RST etc.) then NS can choose a backup subflow irrespective of this tunable.

TcpMaxRetries

Number of RTO's after which a connection should be freed.

mptcpImmediateSFCloseOnFIN

Allow subflows to close immediately on FIN before the DATA_FIN exchange is completed at mptcp level.

mptcpCloseMptcpSessionOnLastSFClose

Allow to send DATA FIN or FAST CLOSE on mptcp connection while sending FIN or RST on the last subflow.

tcpFastOpenCookieTimeout

Timeout in seconds after which a new TFO Key is computed for generating TFO Cookie. If zero, the same key is used always. If timeout is less than 120seconds, NS defaults to 120seconds timeout.

builtin

Flag to determine if the tcp param is built-in or not