Product Documentation

ns tcpProfile

Sep 12, 2016

The following operations can be performed on "ns tcpProfile":

add | rm | set | unset | show

add ns tcpProfile

Adds a TCP profile to the NetScaler appliance.

Synopsys

add ns tcpProfile <name> [-WS ( ENABLED | DISABLED )] [-SACK ( ENABLED | DISABLED )] [-WSVal <positive_integer>] [-nagle ( ENABLED | DISABLED )] [-ackOnPush ( ENABLED | DISABLED )] [-mss <positive_integer>] [-maxBurst <positive_integer>] [-initialCwnd <positive_integer>] [-delayedAck <positive_integer>] [-oooQSize <positive_integer>] [-maxPktPerMss <positive_integer>] [-pktPerRetx <positive_integer>] [-minRTO <positive_integer>] [-slowStartIncr <positive_integer>] [-bufferSize <positive_integer>] [-synCookie ( ENABLED | DISABLED )] [-KAprobeUpdateLastactivity ( ENABLED | DISABLED )] [-flavor <flavor>] [-dynamicReceiveBuffering ( ENABLED | DISABLED )] [-KA ( ENABLED | DISABLED )] [-KAconnIdleTime <positive_integer>] [-KAmaxProbes <positive_integer>] [-KAprobeInterval <positive_integer>] [-sendBuffsize <positive_integer>] [-mptcp ( ENABLED | DISABLED )] [-EstablishClientConn <EstablishClientConn>] [-tcpSegOffload ( AUTOMATIC | DISABLED )] [-rstWindowAttenuate ( ENABLED | DISABLED )] [-rstMaxAck ( ENABLED | DISABLED )] [-spoofSynDrop ( ENABLED | DISABLED )] [-ecn ( ENABLED | DISABLED )] [-mptcpDropDataOnPreEstSF ( ENABLED | DISABLED )] [-mptcpFastOpen ( ENABLED | DISABLED )] [-mptcpSessionTimeout <positive_integer>] [-TimeStamp ( ENABLED | DISABLED )] [-dsack ( ENABLED | DISABLED )] [-ackAggregation ( ENABLED | DISABLED )] [-frto ( ENABLED | DISABLED )] [-maxcwnd <positive_integer>] [-fack ( ENABLED | DISABLED )] [-tcpmode ( TRANSPARENT | ENDPOINT )] [-tcpFastOpen ( ENABLED | DISABLED )] [-Hystart ( ENABLED | DISABLED )] [-dupackthresh <positive_integer>]

Arguments

name

Name for a TCP profile. Must begin with a letter, number, or the underscore \\(_\\) character. Other characters allowed, after the first character, are the hyphen \\(-\\), period \\(.\\), hash \\(\\#\\), space \\( \\), at \\(@\\), colon \\(:\\), and equal \\(=\\) characters. The name of a TCP profile cannot be changed after it is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks \\(for example, "my tcp profile" or 'my tcp profile'\\).

WS

Enable or disable window scaling.

Possible values: ENABLED, DISABLED

Default value: DISABLED

SACK

Enable or disable Selective ACKnowledgement (SACK).

Possible values: ENABLED, DISABLED

Default value: DISABLED

WSVal

Factor used to calculate the new window size.

This argument is needed only when window scaling is enabled.

Default value: 4

Minimum value: 0

Maximum value: 14

nagle

Enable or disable the Nagle algorithm on TCP connections.

Possible values: ENABLED, DISABLED

Default value: DISABLED

ackOnPush

Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

Possible values: ENABLED, DISABLED

Default value: ENABLED

mss

Maximum number of octets to allow in a TCP data segment.

Minimum value: 0

Maximum value: 9176

maxBurst

Maximum number of TCP segments allowed in a burst.

Default value: 6

Minimum value: 1

Maximum value: 255

initialCwnd

Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.

Default value: 4

Minimum value: 1

Maximum value: 44

delayedAck

Timeout for TCP delayed ACK, in milliseconds.

Default value: 100

Minimum value: 10

Maximum value: 300

oooQSize

Maximum size of out-of-order packets queue. A value of 0 means no limit.

Default value: 64

Minimum value: 0

Maximum value: 65535

maxPktPerMss

Maximum number of TCP packets allowed per maximum segment size (MSS).

Minimum value: 0

Maximum value: 1460

pktPerRetx

Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK.

Default value: 1

Minimum value: 1

Maximum value: 512

minRTO

Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10).

Default value: 1000

Minimum value: 10

Maximum value: 64000

slowStartIncr

Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission.

Default value: 2

Minimum value: 1

Maximum value: 100

bufferSize

TCP buffering size, in bytes.

Default value: 8190

Minimum value: 8190

Maximum value: 20971520

synCookie

Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the NetScaler appliance.

Possible values: ENABLED, DISABLED

Default value: ENABLED

KAprobeUpdateLastactivity

Update last activity for the connection after receiving keep-alive (KA) probes.

Possible values: ENABLED, DISABLED

Default value: ENABLED

flavor

Set TCP congestion control algorithm.

Possible values: Default, Westwood, BIC, CUBIC, Nile

Default value: Default

dynamicReceiveBuffering

Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions.

Note: The buffer size argument must be set for dynamic adjustments to take place.

Possible values: ENABLED, DISABLED

Default value: ENABLED

KA

Send periodic TCP keep-alive (KA) probes to check if peer is still up.

Possible values: ENABLED, DISABLED

Default value: DISABLED

KAconnIdleTime

Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe.

Default value: NSTCP_KA_DEFAULT_CONN_IDLETIME

Minimum value: 1

Maximum value: 4095

KAmaxProbes

Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down.

Default value: NSTCP_KA_DEFAULT_PROBE_COUNT

Minimum value: 1

Maximum value: 254

KAprobeInterval

Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond.

Default value: NSTCP_KA_DEFAULT_INTERVAL

Minimum value: 1

Maximum value: 4095

sendBuffsize

TCP Send Buffer Size

Default value: 8190

Minimum value: 8190

Maximum value: 20971520

mptcp

Enable or disable Multipath TCP.

Possible values: ENABLED, DISABLED

Default value: DISABLED

EstablishClientConn

Establishing Client Client connection on First data/ Final-ACK / Automatic

Possible values: AUTOMATIC, CONN_ESTABLISHED, ON_FIRST_DATA

Default value: AUTOMATIC

tcpSegOffload

Offload TCP segmentation to the NIC. If set to AUTOMATIC, TCP segmentation will be offloaded to the NIC, if the NIC supports it.

Possible values: AUTOMATIC, DISABLED

Default value: AUTOMATIC

rstWindowAttenuate

Enable or disable RST window attenuation to protect against spoofing. When enabled, will reply with corrective ACK when a sequence number is invalid.

Possible values: ENABLED, DISABLED

Default value: DISABLED

rstMaxAck

Enable or disable acceptance of RST that is out of window yet echoes highest ACK sequence number. Useful only in proxy mode.

Possible values: ENABLED, DISABLED

Default value: DISABLED

spoofSynDrop

Enable or disable drop of invalid SYN packets to protect against spoofing. When disabled, established connections will be reset when a SYN packet is received.

Possible values: ENABLED, DISABLED

Default value: ENABLED

ecn

Enable or disable TCP Explicit Congestion Notification.

Possible values: ENABLED, DISABLED

Default value: DISABLED

mptcpDropDataOnPreEstSF

Enable or disable silently dropping the data on Pre-Established subflow. When enabled, DSS data packets are dropped silently instead of dropping the connection when data is received on pre established subflow.

Possible values: ENABLED, DISABLED

Default value: DISABLED

mptcpFastOpen

Enable or disable Multipath TCP fastopen. When enabled, DSS data packets are accepted before receiving the third ack of SYN handshake.

Possible values: ENABLED, DISABLED

Default value: DISABLED

mptcpSessionTimeout

MPTCP session timeout in seconds. If this value is not set, idle MPTCP sessions are flushed after vserver's client idle timeout.

Default value: 0

Minimum value: 0

Maximum value: 86400

TimeStamp

Enable or Disable TCP Timestamp option (RFC 1323)

Possible values: ENABLED, DISABLED

Default value: DISABLED

dsack

Enable or disable DSACK.

Possible values: ENABLED, DISABLED

Default value: ENABLED

ackAggregation

Enable or disable ACK Aggregation.

Possible values: ENABLED, DISABLED

Default value: DISABLED

frto

Enable or disable FRTO (Forward RTO-Recovery).

Possible values: ENABLED, DISABLED

Default value: DISABLED

maxcwnd

TCP Maximum Congestion Window.

Default value: 524288

Minimum value: 8190

Maximum value: 20971520

fack

Enable or disable FACK (Forward ACK).

Possible values: ENABLED, DISABLED

Default value: DISABLED

tcpmode

TCP Optimization modes TRANSPARENT / ENDPOINT.

Possible values: TRANSPARENT, ENDPOINT

Default value: TRANSPARENT

tcpFastOpen

Enable or disable TCP Fastopen. When enabled, NS can receive or send Data in SYN or SYN-ACK packets.

Possible values: ENABLED, DISABLED

Default value: DISABLED

Hystart

Enable or disable CUBIC Hystart

Possible values: ENABLED, DISABLED

Default value: DISABLED

dupackthresh

TCP dupack threshold.

Default value: 3

Minimum value: 1

Maximum value: 15

Example

add tcpprofile <profile name> -WS ENABLED -WSVAL 4

rm ns tcpProfile

Removes a TCP profile from the appliance.

Synopsys

rm ns tcpProfile <name>

Arguments

name

Name of the TCP profile to be removed.

Example

rm tcpprofile <profile name>

set ns tcpProfile

Modifies the attributes of a TCP profile.

Synopsys

set ns tcpProfile <name> [-WS ( ENABLED | DISABLED )] [-SACK ( ENABLED | DISABLED )] [-WSVal <positive_integer>] [-nagle ( ENABLED | DISABLED )] [-ackOnPush ( ENABLED | DISABLED )] [-mss <positive_integer>] [-maxBurst <positive_integer>] [-initialCwnd <positive_integer>] [-delayedAck <positive_integer>] [-oooQSize <positive_integer>] [-maxPktPerMss <positive_integer>] [-pktPerRetx <positive_integer>] [-minRTO <positive_integer>] [-slowStartIncr <positive_integer>] [-bufferSize <positive_integer>] [-synCookie ( ENABLED | DISABLED )] [-KAprobeUpdateLastactivity ( ENABLED | DISABLED )] [-flavor <flavor>] [-dynamicReceiveBuffering ( ENABLED | DISABLED )] [-KA ( ENABLED | DISABLED )] [-KAconnIdleTime <positive_integer>] [-KAmaxProbes <positive_integer>] [-KAprobeInterval <positive_integer>] [-sendBuffsize <positive_integer>] [-mptcp ( ENABLED | DISABLED )] [-EstablishClientConn <EstablishClientConn>] [-tcpSegOffload ( AUTOMATIC | DISABLED )] [-rstWindowAttenuate ( ENABLED | DISABLED )] [-rstMaxAck ( ENABLED | DISABLED )] [-spoofSynDrop ( ENABLED | DISABLED )] [-ecn ( ENABLED | DISABLED )] [-mptcpDropDataOnPreEstSF ( ENABLED | DISABLED )] [-mptcpFastOpen ( ENABLED | DISABLED )] [-mptcpSessionTimeout <positive_integer>] [-TimeStamp ( ENABLED | DISABLED )] [-dsack ( ENABLED | DISABLED )] [-ackAggregation ( ENABLED | DISABLED )] [-frto ( ENABLED | DISABLED )] [-maxcwnd <positive_integer>] [-fack ( ENABLED | DISABLED )] [-tcpmode ( TRANSPARENT | ENDPOINT )] [-tcpFastOpen ( ENABLED | DISABLED )] [-Hystart ( ENABLED | DISABLED )] [-dupackthresh <positive_integer>]

Arguments

name

Name of the TCP profile to be modified.

WS

Enable or disable window scaling.

Possible values: ENABLED, DISABLED

Default value: DISABLED

SACK

Enable or disable Selective ACKnowledgement (SACK).

Possible values: ENABLED, DISABLED

Default value: DISABLED

WSVal

Factor used to calculate the new window size.

This argument is needed only when window scaling is enabled.

Default value: 4

Minimum value: 0

Maximum value: 14

nagle

Enable or disable the Nagle algorithm on TCP connections.

Possible values: ENABLED, DISABLED

Default value: DISABLED

ackOnPush

Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

Possible values: ENABLED, DISABLED

Default value: ENABLED

mss

Set Maximum Segment Size(MSS) to use for TCP Connection(0 forces use of global setting)

Minimum value: 0

Maximum value: 9176

maxBurst

Maximum number of TCP segments allowed in a burst.

Default value: 6

Minimum value: 1

Maximum value: 255

initialCwnd

Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.

Default value: 4

Minimum value: 1

Maximum value: 44

delayedAck

Timeout for TCP delayed ACK, in milliseconds.

Default value: 100

Minimum value: 10

Maximum value: 300

oooQSize

Maximum size of out-of-order packets queue. A value of 0 means no limit.

Default value: 64

Minimum value: 0

Maximum value: 65535

maxPktPerMss

Maximum number of TCP packets allowed per maximum segment size (MSS).

Minimum value: 0

Maximum value: 1460

pktPerRetx

Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK.

Default value: 1

Minimum value: 1

Maximum value: 512

minRTO

Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10).

Default value: 1000

Minimum value: 10

Maximum value: 64000

slowStartIncr

Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission.

Default value: 2

Minimum value: 1

Maximum value: 100

bufferSize

TCP buffering size, in bytes.

Default value: 8190

Minimum value: 8190

Maximum value: 20971520

synCookie

Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the NetScaler appliance.

Possible values: ENABLED, DISABLED

Default value: ENABLED

KAprobeUpdateLastactivity

Update last activity for the connection after receiving keep-alive (KA) probes.

Possible values: ENABLED, DISABLED

Default value: ENABLED

flavor

Set TCP congestion control algorithm.

Possible values: Default, Westwood, BIC, CUBIC, Nile

Default value: Default

dynamicReceiveBuffering

Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions.

Note: The buffer size argument must be set for dynamic adjustments to take place.

Possible values: ENABLED, DISABLED

Default value: ENABLED

KA

Send periodic TCP keep-alive (KA) probes to check if peer is still up.

Possible values: ENABLED, DISABLED

Default value: DISABLED

KAconnIdleTime

Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe.

Default value: NSTCP_KA_DEFAULT_CONN_IDLETIME

Minimum value: 1

Maximum value: 4095

KAmaxProbes

Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down.

Default value: NSTCP_KA_DEFAULT_PROBE_COUNT

Minimum value: 1

Maximum value: 254

KAprobeInterval

Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond.

Default value: NSTCP_KA_DEFAULT_INTERVAL

Minimum value: 1

Maximum value: 4095

sendBuffsize

TCP Send Buffer Size

Default value: 8190

Minimum value: 8190

Maximum value: 20971520

mptcp

Enable or disable Multipath TCP.

Possible values: ENABLED, DISABLED

Default value: DISABLED

EstablishClientConn

Establishing Client Client connection on First data/ Final-ACK / Automatic

Possible values: AUTOMATIC, CONN_ESTABLISHED, ON_FIRST_DATA

Default value: AUTOMATIC

tcpSegOffload

Offload TCP segmentation to the NIC. If set to AUTOMATIC, TCP segmentation will be offloaded to the NIC, if the NIC supports it.

Possible values: AUTOMATIC, DISABLED

Default value: AUTOMATIC

rstWindowAttenuate

Enable or disable RST window attenuation to protect against spoofing. When enabled, will reply with corrective ACK when a sequence number is invalid.

Possible values: ENABLED, DISABLED

Default value: DISABLED

rstMaxAck

Enable or disable acceptance of RST that is out of window yet echoes highest ACK sequence number. Useful only in proxy mode.

Possible values: ENABLED, DISABLED

Default value: DISABLED

spoofSynDrop

Enable or disable drop of invalid SYN packets to protect against spoofing. When disabled, established connections will be reset when a SYN packet is received.

Possible values: ENABLED, DISABLED

Default value: ENABLED

ecn

Enable or disable TCP Explicit Congestion Notification.

Possible values: ENABLED, DISABLED

Default value: DISABLED

mptcpDropDataOnPreEstSF

Enable or disable silently dropping the data on Pre-Established subflow. When enabled, DSS data packets are dropped silently instead of dropping the connection when data is received on pre established subflow.

Possible values: ENABLED, DISABLED

Default value: DISABLED

mptcpFastOpen

Enable or disable Multipath TCP fastopen. When enabled, DSS data packets are accepted before receiving the third ack of SYN handshake.

Possible values: ENABLED, DISABLED

Default value: DISABLED

mptcpSessionTimeout

MPTCP session timeout in seconds. If this value is not set, idle MPTCP sessions are flushed after vserver's client idle timeout.

Default value: 0

Minimum value: 0

Maximum value: 86400

TimeStamp

Enable or Disable TCP Timestamp option (RFC 1323)

Possible values: ENABLED, DISABLED

Default value: DISABLED

dsack

Enable or disable DSACK.

Possible values: ENABLED, DISABLED

Default value: ENABLED

ackAggregation

Enable or disable ACK Aggregation.

Possible values: ENABLED, DISABLED

Default value: DISABLED

frto

Enable or disable FRTO (Forward RTO-Recovery).

Possible values: ENABLED, DISABLED

Default value: DISABLED

maxcwnd

TCP Maximum Congestion Window.

Default value: 524288

Minimum value: 8190

Maximum value: 20971520

fack

Enable or disable FACK (Forward ACK).

Possible values: ENABLED, DISABLED

Default value: DISABLED

tcpmode

TCP Optimization modes TRANSPARENT / ENDPOINT.

Possible values: TRANSPARENT, ENDPOINT

Default value: TRANSPARENT

tcpFastOpen

Enable or disable TCP Fastopen. When enabled, NS can receive or send Data in SYN or SYN-ACK packets.

Possible values: ENABLED, DISABLED

Default value: DISABLED

Hystart

Enable or disable CUBIC Hystart

Possible values: ENABLED, DISABLED

Default value: DISABLED

dupackthresh

TCP dupack threshold.

Default value: 3

Minimum value: 1

Maximum value: 15

Example

set tcpprofile <profile name> -WS ENABLED -WSVAL 4

unset ns tcpProfile

Removes the attributes of the TCP profile. Attributes for which a default value is available revert to their default values. Refer to the 'set ns tcpProfile' command for a description of the parameters..Refer to the set ns tcpProfile command for meanings of the arguments.

Synopsys

unset ns tcpProfile <name> [-WS] [-SACK] [-WSVal] [-nagle] [-ackOnPush] [-mss] [-maxBurst] [-initialCwnd] [-delayedAck] [-oooQSize] [-maxPktPerMss] [-pktPerRetx] [-minRTO] [-slowStartIncr] [-bufferSize] [-synCookie] [-KAprobeUpdateLastactivity] [-flavor] [-dynamicReceiveBuffering] [-KA] [-KAmaxProbes] [-KAconnIdleTime] [-KAprobeInterval] [-sendBuffsize] [-mptcp] [-EstablishClientConn] [-tcpSegOffload] [-rstWindowAttenuate] [-rstMaxAck] [-spoofSynDrop] [-ecn] [-mptcpDropDataOnPreEstSF] [-mptcpFastOpen] [-mptcpSessionTimeout] [-TimeStamp] [-dsack] [-ackAggregation] [-frto] [-maxcwnd] [-fack] [-tcpmode] [-tcpFastOpen] [-Hystart] [-dupackthresh]

show ns tcpProfile

Displays information about TCP profiles configured on the appliance.

Synopsys

show ns tcpProfile [<name>]

Arguments

name

Name of the TCP profile to be displayed. If a name is not provided, information about all TCP profiles is shown.

Outputs

WS

Enable or disable window scaling.

SACK

Enable or disable Selective ACKnowledgement (SACK).

WSVal

Factor used to calculate the new window size.

This argument is needed only when window scaling is enabled.

nagle

Enable or disable the Nagle algorithm on TCP connections.

ackOnPush

Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

mss

Maximum Segment Size(MSS) to use for TCP Connection(0 forces use of global setting)

maxBurst

Maximum number of TCP segments allowed in a burst.

initialCwnd

Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.

delayedAck

Timeout for TCP delayed ACK, in milliseconds.

oooQSize

Maximum size of out-of-order packets queue. A value of 0 means no limit.

maxPktPerMss

Maximum packet per MSS value

pktPerRetx

Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK.

minRTO

TCP minimum RTO (in millisec)

slowStartIncr

TCP slowstart increment factor

bufferSize

TCP Buffer size

flavor

TCP algorithm

refCnt

Number of entities using this profile

synCookie

Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the NetScaler appliance.

KAprobeUpdateLastactivity

Update last activity for the connection after receiving keep-alive (KA) probes.

dynamicReceiveBuffering

Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions.

Note: The buffer size argument must be set for dynamic adjustments to take place.

KA

Send periodic TCP keep-alive (KA) probes to check if peer is still up.

KAconnIdleTime

Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe.

KAmaxProbes

Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down.

KAprobeInterval

Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond.

sendBuffsize

TCP Send Buffer size

mptcp

Enable/Disable Multi-Path TCP

EstablishClientConn

Allocating Client Conn on

tcpSegOffload

TCP Segmentation Offload

rstWindowAttenuate

RST Window Attenuation

rstMaxAck

accept RST with max ACK

TimeStamp

TCP Timestamp Option

spoofSynDrop

drop invalid SYN packets

ecn

Explicit Congestion Notification

mptcpDropDataOnPreEstSF

Enable or disable dropping data on pre established subflow.

mptcpFastOpen

Enable or disable MPTCP fastopen.

mptcpSessionTimeout

MPTCP session timeout.

dsack

Enable or disable DSACK.

ackAggregation

Enable or disable ACK Aggregation.

frto

Enable or disable FRTO (Forward RTO-Recovery).

maxcwnd

TCP Maximum Congestion Window.

fack

Forward Acknowlegement

tcpmode

TCP Optimization mode

tcpFastOpen

Enable or disable TCP fastopen.

Hystart

TCP CUBIC Hystart

dupackthresh

TCP Dupack Threshold

stateflag

State flag

builtin

Flag to determine if tcp profile is built-in or not

devno

count

Example

show tcp profile [profile name]