-
-
-
-
-
-
-
ns-tcpParam
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
ns-tcpParam
The following operations can be performed on “ns-tcpParam”:
unset | show | set |
unset ns tcpParam
Use this command to remove ns tcpParam settings.Refer to the set ns tcpParam command for meanings of the arguments.
Synopsis
unset ns tcpParam [-WS] [-WSVal] [-SACK] [-learnVsvrMSS] [-maxBurst] [-initialCwnd] [-delayedAck] [-downStateRST] [-nagle] [-limitedPersist] [-oooQSize] [-ackOnPush] [-maxPktPerMss] [-pktPerRetx] [-minRTO] [-slowStartIncr] [-maxDynServerProbes] [-synHoldFastGiveup] [-maxSynholdPerprobe] [-maxSynhold] [-mssLearnInterval] [-mssLearnDelay] [-maxTimeWaitConn] [-maxSynAckRetx] [-synAttackDetection] [-connFlushIfNoMem] [-connFlushThres] [-mptcpConCloseOnPassiveSF] [-mptcpChecksum] [-mptcpSFtimeout] [-mptcpSFReplaceTimeout] [-mptcpMaxSF] [-mptcpMaxPendingSF] [-mptcpPendingJoinThreshold] [-mptcpRTOsToSwitchSF] [-mptcpUseBackupOnDSS] [-TcpMaxRetries] [-mptcpImmediateSFCloseOnFIN] [-mptcpCloseMptcpSessionOnLastSFClose] [-mptcpSendSFResetOption] [-mptcpFastCloseOption] [-mptcpReliableAddAddr] [-tcpFastOpenCookieTimeout] [-autosyncookietimeout] [-tcpFinTimeout] [-compactTcpOptionNoop] [-delinkClientServerOnRST] [-rfc5961ChlgAckLimit] [-enhancedISNgeneration]
show ns tcpParam
Displays the TCP parameters configured on the Citrix ADC.
Synopsis
show ns tcpParam
Arguments
Output
WS Enable or disable window scaling.
WSVal Factor used to calculate the new window size. This argument is needed only when the window scaling is enabled.
SACK Enable or disable Selective ACKnowledgement (SACK).
learnVsvrMSS Enable or disable maximum segment size (MSS) learning for virtual servers.
maxBurst Maximum number of TCP segments allowed in a burst.
initialCwnd Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.
recvBuffSize TCP Receive buffer size
delayedAck Timeout for TCP delayed ACK, in milliseconds.
downStateRST Flag to switch on RST on down services.
nagle Enable or disable the Nagle algorithm on TCP connections.
limitedPersist Limit the number of persist (zero window) probes.
oooQSize Maximum size of out-of-order packets queue. A value of 0 means no limit.
ackOnPush Immediate ACK on PUSH packet
maxPktPerMss Maximum packets per MSS
pktPerRetx Maximum packets per retransmission
minRTO Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10).
slowStartIncr TCP slowstart increment factor
maxDynServerProbes Maximum number of probes that Citrix ADC can send out in 10 milliseconds, to dynamically learn a service. Citrix ADC probes for the existence of the origin in case of wildcard virtual server or services.
synHoldFastGiveup Maximum threshold. After crossing this threshold number of outstanding probes for origin, the Citrix ADC reduces the number of connection retries for probe connections.
maxSynholdPerprobe Limit the number of client connections (SYN) waiting for status of single probe. Any new SYN packets will be dropped.
maxSynhold Limit the number of client connections (SYN) waiting for status of probe system wide. Any new SYN packets will be dropped.
mssLearnInterval Duration, in seconds, to sample the Maximum Segment Size (MSS) of the services. The Citrix ADC determines the best MSS to set for the virtual server based on this sampling. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.
mssLearnDelay Frequency, in seconds, at which the virtual servers learn the Maximum segment size (MSS) from the services. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.
maxTimeWaitConn Maximum number of connections to hold in the TCP TIME_WAIT state on a packet engine. New connections entering TIME_WAIT state are proactively cleaned up.
KAprobeUpdateLastactivity Update last activity for KA probes
maxSynAckRetx When ‘syncookie’ is disabled in the TCP profile that is bound to the virtual server or service, and the number of TCP SYN+ACK retransmission by Citrix ADC for that virtual server or service crosses this threshold, the Citrix ADC responds by using the TCP SYN-Cookie mechanism.
synAttackDetection Detect TCP SYN packet flood and send an SNMP trap.
connFlushIfNoMem Flush an existing connection if no memory can be obtained for new connection.
HALF_CLOSED_AND_IDLE: Flush a connection that is closed by us but not by peer, or failing that, a connection that is past configured idle time. New connection fails if no such connection can be found.
FIFO: If no half-closed or idle connection can be found, flush the oldest non-management connection, even if it is active. New connection fails if the oldest few connections are management connections.
Note: If you enable this setting, you should also consider lowering the zombie timeout and half-close timeout, while setting the Citrix ADC timeout.
See Also: connFlushThres argument below.
connFlushThres Flush an existing connection (as configured through -connFlushIfNoMem FIFO) if the system has more than specified number of connections, and a new connection is to be established. Note: This value may be rounded down to be a whole multiple of the number of packet engines running.
mptcpConCloseOnPassiveSF Accept DATA_FIN/FAST_CLOSE on passive subflow
mptcpChecksum Use MPTCP DSS checksum
mptcpSFtimeout The timeout value in seconds for idle mptcp subflows. If this timeout is not set, idle subflows are cleared after cltTimeout of vserver
mptcpSFReplaceTimeout The minimum idle time value in seconds for idle mptcp subflows after which the sublow is replaced by new incoming subflow if maximum subflow limit is reached. The priority for replacement is given to those subflow without any transaction
mptcpMaxSF Maximum number of subflow connections supported in established state per mptcp connection.
mptcpMaxPendingSF Maximum number of subflow connections supported in pending join state per mptcp connection.
mptcpPendingJoinThreshold Maximum system level pending join connections allowed.
mptcpRTOsToSwitchSF Number of RTO’s at subflow level, after which MPCTP should start using other subflow.
mptcpUseBackupOnDSS When enabled, if NS receives a DSS on a backup subflow, NS will start using that subflow to send data. And if disabled, NS will continue to transmit on current chosen subflow. In case there is some error on a subflow (like RTO’s/RST etc.) then NS can choose a backup subflow irrespective of this tunable.
TcpMaxRetries Number of RTO’s after which a connection should be freed.
mptcpImmediateSFCloseOnFIN Allow subflows to close immediately on FIN before the DATA_FIN exchange is completed at mptcp level.
mptcpCloseMptcpSessionOnLastSFClose Allow to send DATA FIN or FAST CLOSE on mptcp connection while sending FIN or RST on the last subflow.
mptcpSendSFResetOption Allow MPTCP subflows to send TCP RST Reason (MP_TCPRST) Option while sending TCP RST.
mptcpFastCloseOption Allow to select option ACK or RESET to force the closure of an MPTCP connection abruptly.
mptcpReliableAddAddr If enabled, Citrix ADC retransmits MPTCP ADD-ADDR option if echo response is not received within the timeout interval. The retransmission is attempted only once.
tcpFastOpenCookieTimeout Timeout in seconds after which a new TFO Key is computed for generating TFO Cookie. If zero, the same key is used always. If timeout is less than 120seconds, NS defaults to 120seconds timeout.
builtin Flag to determine if the tcp param is built-in or not
feature The feature to be checked while applying this config
autosyncookietimeout Timeout for the server to function in syncookie mode after the synattack. This is valid if TCP syncookie is disabled on the profile and server acts in non syncookie mode by default.
tcpFinTimeout The amount of time in seconds, after which a TCP connnection in the TCP TIME-WAIT state is flushed.
compactTcpOptionNoop If enabled, non-negotiated TCP options are removed from the received packet while proxying it. By default, non-negotiated TCP options would be replaced by NOPs in the proxied packets. This option is not applicable for Citrix ADC generated packets.
delinkClientServerOnRST If enabled, Delink client and server connection, when there is outstanding data to be sent to the other side.
rfc5961ChlgAckLimit Limits number of Challenge ACK sent per second, as recommended in RFC 5961(Improving TCP’s Robustness to Blind In-Window Attacks)
enhancedISNgeneration If enabled, increase the ISN variation in SYN-ACKs sent by the NetScaler
set ns tcpParam
Sets the TCP parameters for the Citrix ADC.
Synopsis
set ns tcpParam [-WS ( ENABLED | DISABLED )] [-WSVal |
DISABLED )] [-learnVsvrMSS ( ENABLED | DISABLED )] [-maxBurst |
DISABLED )] [-nagle ( ENABLED | DISABLED )] [-limitedPersist ( ENABLED | DISABLED )] [-oooQSize |
DISABLED )] [-maxPktPerMss |
DISABLED )] [-connFlushIfNoMem |
DISABLED )] [-mptcpChecksum ( ENABLED | DISABLED )] [-mptcpSFtimeout |
DISABLED )] [-TcpMaxRetries |
DISABLED )] [-mptcpCloseMptcpSessionOnLastSFClose ( ENABLED | DISABLED )] [-mptcpSendSFResetOption ( ENABLED | DISABLED )] [-mptcpFastCloseOption ( ACK | RESET )] [-mptcpReliableAddAddr ( ENABLED | DISABLED )] [-tcpFastOpenCookieTimeout |
DISABLED )] [-delinkClientServerOnRST ( ENABLED | DISABLED )] [-rfc5961ChlgAckLimit |
DISABLED )] |
Arguments
WS Enable or disable window scaling.
Possible values: ENABLED, DISABLED Default value: ENABLED
WSVal Factor used to calculate the new window size. This argument is needed only when the window scaling is enabled. Default value: 8 Minimum value: 0 Maximum value: 14
SACK Enable or disable Selective ACKnowledgement (SACK).
Possible values: ENABLED, DISABLED Default value: ENABLED
learnVsvrMSS Enable or disable maximum segment size (MSS) learning for virtual servers.
Possible values: ENABLED, DISABLED Default value: DISABLED
maxBurst Maximum number of TCP segments allowed in a burst. Default value: 6 Minimum value: 1 Maximum value: 255
initialCwnd Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server. Default value: 10 Minimum value: 1 Maximum value: 44
delayedAck Timeout for TCP delayed ACK, in milliseconds. Default value: 100 Minimum value: 10 Maximum value: 300
downStateRST Flag to switch on RST on down services.
Possible values: ENABLED, DISABLED Default value: DISABLED
nagle Enable or disable the Nagle algorithm on TCP connections.
Possible values: ENABLED, DISABLED Default value: DISABLED
limitedPersist Limit the number of persist (zero window) probes.
Possible values: ENABLED, DISABLED Default value: ENABLED
oooQSize Maximum size of out-of-order packets queue. A value of 0 means no limit. Default value: 300 Minimum value: 0 Maximum value: 65535
ackOnPush Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.
Possible values: ENABLED, DISABLED Default value: ENABLED
maxPktPerMss Maximum number of TCP packets allowed per maximum segment size (MSS). Minimum value: 0 Maximum value: 1460
pktPerRetx Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK. Default value: 1 Minimum value: 1 Maximum value: 100
minRTO Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10). Default value: 1000 Minimum value: 10 Maximum value: 64000
slowStartIncr Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission. Default value: 2 Minimum value: 1 Maximum value: 100
maxDynServerProbes Maximum number of probes that Citrix ADC can send out in 10 milliseconds, to dynamically learn a service. Citrix ADC probes for the existence of the origin in case of wildcard virtual server or services. Default value: 7 Minimum value: 1 Maximum value: 65535
synHoldFastGiveup Maximum threshold. After crossing this threshold number of outstanding probes for origin, the Citrix ADC reduces the number of connection retries for probe connections. Default value: 1024 Minimum value: 256 Maximum value: 65535
maxSynholdPerprobe Limit the number of client connections (SYN) waiting for status of single probe. Any new SYN packets will be dropped. Default value: 128 Minimum value: 1 Maximum value: 255
maxSynhold Limit the number of client connections (SYN) waiting for status of probe system wide. Any new SYN packets will be dropped. Default value: 16384 Minimum value: 256 Maximum value: 65535
mssLearnInterval Duration, in seconds, to sample the Maximum Segment Size (MSS) of the services. The Citrix ADC determines the best MSS to set for the virtual server based on this sampling. The argument to enable maximum segment size (MSS) for virtual servers must be enabled. Default value: 180 Minimum value: 1 Maximum value: 1048576
mssLearnDelay Frequency, in seconds, at which the virtual servers learn the Maximum segment size (MSS) from the services. The argument to enable maximum segment size (MSS) for virtual servers must be enabled. Default value: 3600 Minimum value: 1 Maximum value: 1048576
maxTimeWaitConn Maximum number of connections to hold in the TCP TIME_WAIT state on a packet engine. New connections entering TIME_WAIT state are proactively cleaned up. Default value: 7000 Minimum value: 1
maxSynAckRetx When ‘syncookie’ is disabled in the TCP profile that is bound to the virtual server or service, and the number of TCP SYN+ACK retransmission by Citrix ADC for that virtual server or service crosses this threshold, the Citrix ADC responds by using the TCP SYN-Cookie mechanism. Default value: 100 Minimum value: 100 Maximum value: 1048576
synAttackDetection Detect TCP SYN packet flood and send an SNMP trap.
Possible values: ENABLED, DISABLED Default value: ENABLED
connFlushIfNoMem Flush an existing connection if no memory can be obtained for new connection.
HALF_CLOSED_AND_IDLE: Flush a connection that is closed by us but not by peer, or failing that, a connection that is past configured idle time. New connection fails if no such connection can be found.
FIFO: If no half-closed or idle connection can be found, flush the oldest non-management connection, even if it is active. New connection fails if the oldest few connections are management connections.
Note: If you enable this setting, you should also consider lowering the zombie timeout and half-close timeout, while setting the Citrix ADC timeout.
See Also: connFlushThres argument below.
Possible values: NONE , HALFCLOSED_AND_IDLE, FIFO Default value: NSA_CONNFLUSH_NONE
connFlushThres Flush an existing connection (as configured through -connFlushIfNoMem FIFO) if the system has more than specified number of connections, and a new connection is to be established. Note: This value may be rounded down to be a whole multiple of the number of packet engines running. Minimum value: 1
mptcpConCloseOnPassiveSF Accept DATA_FIN/FAST_CLOSE on passive subflow
Possible values: ENABLED, DISABLED Default value: ENABLED
mptcpChecksum Use MPTCP DSS checksum
Possible values: ENABLED, DISABLED Default value: ENABLED
mptcpSFtimeout The timeout value in seconds for idle mptcp subflows. If this timeout is not set, idle subflows are cleared after cltTimeout of vserver Default value: 0 Maximum value: 31536000
mptcpSFReplaceTimeout The minimum idle time value in seconds for idle mptcp subflows after which the sublow is replaced by new incoming subflow if maximum subflow limit is reached. The priority for replacement is given to those subflow without any transaction Default value: 10 Maximum value: 31536000
mptcpMaxSF Maximum number of subflow connections supported in established state per mptcp connection. Default value: 4 Minimum value: 2 Maximum value: 6
mptcpMaxPendingSF Maximum number of subflow connections supported in pending join state per mptcp connection. Default value: 4 Minimum value: 0 Maximum value: 4
mptcpPendingJoinThreshold Maximum system level pending join connections allowed. Default value: 0 Minimum value: 0 Maximum value: 4294967294
mptcpRTOsToSwitchSF Number of RTO’s at subflow level, after which MPCTP should start using other subflow. Default value: 2 Minimum value: 1 Maximum value: 6
mptcpUseBackupOnDSS When enabled, if NS receives a DSS on a backup subflow, NS will start using that subflow to send data. And if disabled, NS will continue to transmit on current chosen subflow. In case there is some error on a subflow (like RTO’s/RST etc.) then NS can choose a backup subflow irrespective of this tunable.
Possible values: ENABLED, DISABLED Default value: ENABLED
TcpMaxRetries Number of RTO’s after which a connection should be freed. Default value: 7 Minimum value: 1 Maximum value: 7
mptcpImmediateSFCloseOnFIN Allow subflows to close immediately on FIN before the DATA_FIN exchange is completed at mptcp level.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpCloseMptcpSessionOnLastSFClose Allow to send DATA FIN or FAST CLOSE on mptcp connection while sending FIN or RST on the last subflow.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpSendSFResetOption Allow MPTCP subflows to send TCP RST Reason (MP_TCPRST) Option while sending TCP RST.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpFastCloseOption Allow to select option ACK or RESET to force the closure of an MPTCP connection abruptly.
Possible values: ACK, RESET Default value: ACK
mptcpReliableAddAddr If enabled, Citrix ADC retransmits MPTCP ADD-ADDR option if echo response is not received within the timeout interval. The retransmission is attempted only once.
Possible values: ENABLED, DISABLED Default value: DISABLED
tcpFastOpenCookieTimeout Timeout in seconds after which a new TFO Key is computed for generating TFO Cookie. If zero, the same key is used always. If timeout is less than 120seconds, NS defaults to 120seconds timeout. Default value: 0 Minimum value: 0 Maximum value: 31536000
autosyncookietimeout Timeout for the server to function in syncookie mode after the synattack. This is valid if TCP syncookie is disabled on the profile and server acts in non syncookie mode by default. Default value: 30 Minimum value: 7 Maximum value: 65535
tcpFinTimeout The amount of time in seconds, after which a TCP connnection in the TCP TIME-WAIT state is flushed. Default value: 40 Minimum value: 10 Maximum value: 240
compactTcpOptionNoop If enabled, non-negotiated TCP options are removed from the received packet while proxying it. By default, non-negotiated TCP options would be replaced by NOPs in the proxied packets. This option is not applicable for Citrix ADC generated packets.
Possible values: ENABLED, DISABLED Default value: DISABLED
delinkClientServerOnRST If enabled, Delink client and server connection, when there is outstanding data to be sent to the other side.
Possible values: ENABLED, DISABLED Default value: DISABLED
rfc5961ChlgAckLimit Limits number of Challenge ACK sent per second, as recommended in RFC 5961(Improving TCP’s Robustness to Blind In-Window Attacks) Default value: 0 Minimum value: 0 Maximum value: 2147483647
enhancedISNgeneration If enabled, increase the ISN variation in SYN-ACKs sent by the NetScaler
Possible values: ENABLED, DISABLED Default value: DISABLED
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.