ADC CLI Commands

ns-tcpProfile

The following operations can be performed on “ns-tcpProfile”:

add show unset rm set

add ns tcpProfile

Adds a TCP profile to the Citrix ADC.

Synopsis

add ns tcpProfile \[-WS \( ENABLED | DISABLED )] \[-SACK \( ENABLED | DISABLED )] \[-WSVal <positive\_integer>] \[-nagle \( ENABLED | DISABLED )] \[-ackOnPush \( ENABLED | DISABLED )] \[-mss <positive\_integer>] \[-maxBurst <positive\_integer>] \[-initialCwnd <positive\_integer>] \[-delayedAck <positive\_integer>] \[-oooQSize <positive\_integer>] \[-maxPktPerMss <positive\_integer>] \[-pktPerRetx <positive\_integer>] \[-minRTO <positive\_integer>] \[-slowStartIncr <positive\_integer>] \[-bufferSize <positive\_integer>] \[-synCookie \( ENABLED | DISABLED )] \[-KAprobeUpdateLastactivity \( ENABLED | DISABLED )] \[-flavor ] \[-dynamicReceiveBuffering \( ENABLED | DISABLED )] \[-KA \( ENABLED | DISABLED )] \[-KAconnIdleTime <positive\_integer>] \[-KAmaxProbes <positive\_integer>] \[-KAprobeInterval <positive\_integer>] \[-sendBuffsize <positive\_integer>] \[-mptcp \( ENABLED | DISABLED )] \[-EstablishClientConn ] \[-tcpSegOffload \( AUTOMATIC | DISABLED )] \[-rfc5961Compliance \( ENABLED | DISABLED )] \[-rstWindowAttenuate \( ENABLED | DISABLED )] \[-rstMaxAck \( ENABLED | DISABLED )] \[-spoofSynDrop \( ENABLED | DISABLED )] \[-ecn \( ENABLED | DISABLED )] \[-mptcpDropDataOnPreEstSF \( ENABLED | DISABLED )] \[-mptcpFastOpen \( ENABLED | DISABLED )] \[-mptcpSessionTimeout <positive\_integer>] \[-TimeStamp \( ENABLED | DISABLED )] \[-dsack \( ENABLED | DISABLED )] \[-ackAggregation \( ENABLED | DISABLED )] \[-frto \( ENABLED | DISABLED )] \[-maxcwnd <positive\_integer>] \[-fack \( ENABLED | DISABLED )] \[-tcpmode \( TRANSPARENT | ENDPOINT )] \[-tcpFastOpen \( ENABLED | DISABLED )] \[-Hystart \( ENABLED | DISABLED )] \[-dupackthresh <positive\_integer>] \[-burstRateControl ] \[-tcprate <positive\_integer>] \[-rateqmax <positive\_integer>] \[-DropHalfClosedConnOnTimeout \( ENABLED | DISABLED )] \[-DropEstConnOnTimeout \( ENABLED | DISABLED )] \[-applyAdaptiveTcp \( ENABLED | DISABLED )] \[-tcpFastOpenCookieSize <positive\_integer>] \[-taillossprobe \( ENABLED | DISABLED )] \[-clientIpTcpOption \( ENABLED | DISABLED ) -clientIpTcpOptionNumber <positive\_integer>] \[-mpCapableCbit \( ENABLED | DISABLED )] \[-sendClientPortInTcpOption \( ENABLED | DISABLED )] \[-slowStartThreshold <positive\_integer>]

Arguments

name Name for a TCP profile. Must begin with a letter, number, or the underscore (_) character. Other characters allowed, after the first character, are the hyphen (-), period (.), hash (#), space ( ), at (@), colon (:), and equal (=) characters. The name of a TCP profile cannot be changed after it is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my tcp profile” or ‘my tcp profile’).

WS Enable or disable window scaling.

Possible values: ENABLED, DISABLED Default value: DISABLED

SACK Enable or disable Selective ACKnowledgement (SACK).

Possible values: ENABLED, DISABLED Default value: DISABLED

WSVal Factor used to calculate the new window size. This argument is needed only when window scaling is enabled. Default value: 4 Minimum value: 0 Maximum value: 14

nagle Enable or disable the Nagle algorithm on TCP connections.

Possible values: ENABLED, DISABLED Default value: DISABLED

ackOnPush Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

Possible values: ENABLED, DISABLED Default value: ENABLED

mss Maximum number of octets to allow in a TCP data segment. Minimum value: 0 Maximum value: 9176

maxBurst Maximum number of TCP segments allowed in a burst. Default value: 6 Minimum value: 1 Maximum value: 255

initialCwnd Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server. Default value: 4 Minimum value: 1 Maximum value: 44

delayedAck Timeout for TCP delayed ACK, in milliseconds. Default value: 100 Minimum value: 10 Maximum value: 300

oooQSize Maximum size of out-of-order packets queue. A value of 0 means no limit. Default value: 64 Minimum value: 0 Maximum value: 65535

maxPktPerMss Maximum number of TCP packets allowed per maximum segment size (MSS). Minimum value: 0 Maximum value: 1460

pktPerRetx Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK. Default value: 1 Minimum value: 1 Maximum value: 512

minRTO Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10). Default value: 1000 Minimum value: 10 Maximum value: 64000

slowStartIncr Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission. Default value: 2 Minimum value: 1 Maximum value: 100

bufferSize TCP buffering size, in bytes. Default value: 8190 Minimum value: 8190 Maximum value: 20971520

synCookie Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the Citrix ADC.

Possible values: ENABLED, DISABLED Default value: ENABLED

KAprobeUpdateLastactivity Update last activity for the connection after receiving keep-alive (KA) probes.

Possible values: ENABLED, DISABLED Default value: ENABLED

flavor Set TCP congestion control algorithm.

Possible values: Default, Westwood, BIC, CUBIC, Nile, BBR Default value: Default

dynamicReceiveBuffering Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions. Note: The buffer size argument must be set for dynamic adjustments to take place.

Possible values: ENABLED, DISABLED Default value: DISABLED

KA Send periodic TCP keep-alive (KA) probes to check if peer is still up.

Possible values: ENABLED, DISABLED Default value: DISABLED

KAconnIdleTime Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe. Default value: NSTCP_KA_DEFAULT_CONN_IDLETIME Minimum value: 1 Maximum value: 4095

KAmaxProbes Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down. Default value: NSTCP_KA_DEFAULT_PROBE_COUNT Minimum value: 1 Maximum value: 254

KAprobeInterval Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond. Default value: NSTCP_KA_DEFAULT_INTERVAL Minimum value: 1 Maximum value: 4095

sendBuffsize TCP Send Buffer Size Default value: 8190 Minimum value: 8190 Maximum value: 20971520

mptcp Enable or disable Multipath TCP.

Possible values: ENABLED, DISABLED Default value: DISABLED

EstablishClientConn Establishing Client Client connection on First data/ Final-ACK / Automatic

Possible values: AUTOMATIC, CONN_ESTABLISHED, ON_FIRST_DATA Default value: AUTOMATIC

tcpSegOffload Offload TCP segmentation to the NIC. If set to AUTOMATIC, TCP segmentation will be offloaded to the NIC, if the NIC supports it.

Possible values: AUTOMATIC, DISABLED Default value: AUTOMATIC

rfc5961Compliance Enable or disable RFC 5961 compliance to protect against tcp spoofing(RST/SYN/Data). When enabled, will be compliant with RFC 5961.

Possible values: ENABLED, DISABLED Default value: DISABLED

rstWindowAttenuate Enable or disable RST window attenuation to protect against spoofing. When enabled, will reply with corrective ACK when a sequence number is invalid.

Possible values: ENABLED, DISABLED Default value: DISABLED

rstMaxAck Enable or disable acceptance of RST that is out of window yet echoes highest ACK sequence number. Useful only in proxy mode.

Possible values: ENABLED, DISABLED Default value: DISABLED

spoofSynDrop Enable or disable drop of invalid SYN packets to protect against spoofing. When disabled, established connections will be reset when a SYN packet is received.

Possible values: ENABLED, DISABLED Default value: ENABLED

ecn Enable or disable TCP Explicit Congestion Notification.

Possible values: ENABLED, DISABLED Default value: DISABLED

mptcpDropDataOnPreEstSF Enable or disable silently dropping the data on Pre-Established subflow. When enabled, DSS data packets are dropped silently instead of dropping the connection when data is received on pre established subflow.

Possible values: ENABLED, DISABLED Default value: DISABLED

mptcpFastOpen Enable or disable Multipath TCP fastopen. When enabled, DSS data packets are accepted before receiving the third ack of SYN handshake.

Possible values: ENABLED, DISABLED Default value: DISABLED

mptcpSessionTimeout MPTCP session timeout in seconds. If this value is not set, idle MPTCP sessions are flushed after vserver’s client idle timeout. Default value: 0 Minimum value: 0 Maximum value: 86400

TimeStamp Enable or Disable TCP Timestamp option (RFC 1323)

Possible values: ENABLED, DISABLED Default value: DISABLED

dsack Enable or disable DSACK.

Possible values: ENABLED, DISABLED Default value: ENABLED

ackAggregation Enable or disable ACK Aggregation.

Possible values: ENABLED, DISABLED Default value: DISABLED

frto Enable or disable FRTO (Forward RTO-Recovery).

Possible values: ENABLED, DISABLED Default value: DISABLED

maxcwnd TCP Maximum Congestion Window. Default value: 524288 Minimum value: 8190 Maximum value: 20971520

fack Enable or disable FACK (Forward ACK).

Possible values: ENABLED, DISABLED Default value: DISABLED

tcpmode TCP Optimization modes TRANSPARENT / ENDPOINT.

Possible values: TRANSPARENT, ENDPOINT Default value: TRANSPARENT

tcpFastOpen Enable or disable TCP Fastopen. When enabled, NS can receive or send Data in SYN or SYN-ACK packets.

Possible values: ENABLED, DISABLED Default value: DISABLED

Hystart Enable or disable CUBIC Hystart

Possible values: ENABLED, DISABLED Default value: DISABLED

dupackthresh TCP dupack threshold. Default value: 3 Minimum value: 1 Maximum value: 15

burstRateControl TCP Burst Rate Control DISABLED/FIXED/DYNAMIC. FIXED requires a TCP rate to be set.

Possible values: DISABLED, FIXED, DYNAMIC Default value: DISABLED

tcprate TCP connection payload send rate in Kb/s Default value: 0 Minimum value: 0 Maximum value: 10000000

rateqmax Maximum connection queue size in bytes, when BurstRateControl is used Default value: 0 Minimum value: 0 Maximum value: 1000000000

DropHalfClosedConnOnTimeout Silently drop tcp half closed connections on idle timeout

Possible values: ENABLED, DISABLED Default value: DISABLED

DropEstConnOnTimeout Silently drop tcp established connections on idle timeout

Possible values: ENABLED, DISABLED Default value: DISABLED

applyAdaptiveTcp Apply Adaptive TCP optimizations

Possible values: ENABLED, DISABLED Default value: DISABLED

tcpFastOpenCookieSize TCP FastOpen Cookie size. This accepts only even numbers. Odd number is trimmed down to nearest even number. Default value: 8 Minimum value: 4 Maximum value: 16

taillossprobe TCP tail loss probe optimizations

Possible values: ENABLED, DISABLED Default value: DISABLED

clientIpTcpOption Client IP in TCP options

Possible values: ENABLED, DISABLED Default value: DISABLED

clientIpTcpOptionNumber ClientIP TCP Option number Minimum value: 1 Maximum value: 254

mpCapableCbit Set C bit in MP-CAPABLE Syn-Ack sent by Citrix ADC

Possible values: ENABLED, DISABLED Default value: DISABLED

sendClientPortInTcpOption Send Client Port number along with Client IP in TCP-Options. ClientIpTcpOption must be ENABLED

Possible values: ENABLED, DISABLED Default value: DISABLED

slowStartThreshold TCP Slow Start Threhsold Value. Default value: 524288 Minimum value: 8190 Maximum value: 20971520

Example

add tcpprofile -WS ENABLED -WSVAL 4

show ns tcpProfile

Displays information about TCP profiles configured on the appliance.

Synopsis

show ns tcpProfile []

Arguments

name Name of the TCP profile to be displayed. If a name is not provided, information about all TCP profiles is shown.

Output

WS Enable or disable window scaling.

SACK Enable or disable Selective ACKnowledgement (SACK).

WSVal Factor used to calculate the new window size. This argument is needed only when window scaling is enabled.

nagle Enable or disable the Nagle algorithm on TCP connections.

ackOnPush Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

mss Maximum Segment Size(MSS) to use for TCP Connection(0 forces use of global setting)

maxBurst Maximum number of TCP segments allowed in a burst.

initialCwnd Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.

delayedAck Timeout for TCP delayed ACK, in milliseconds.

oooQSize Maximum size of out-of-order packets queue. A value of 0 means no limit.

maxPktPerMss Maximum packet per MSS value

pktPerRetx Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK.

minRTO TCP minimum RTO (in millisec)

slowStartIncr TCP slowstart increment factor

bufferSize TCP Buffer size

flavor TCP algorithm

refCnt Number of entities using this profile

synCookie Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the Citrix ADC.

KAprobeUpdateLastactivity Update last activity for the connection after receiving keep-alive (KA) probes.

dynamicReceiveBuffering Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions. Note: The buffer size argument must be set for dynamic adjustments to take place.

KA Send periodic TCP keep-alive (KA) probes to check if peer is still up.

KAconnIdleTime Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe.

KAmaxProbes Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down.

KAprobeInterval Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond.

sendBuffsize TCP Send Buffer size

mptcp Enable/Disable Multi-Path TCP

EstablishClientConn Allocating Client Conn on

tcpSegOffload TCP Segmentation Offload

rfc5961Compliance RFC5961 Compliance

rstWindowAttenuate RST Window Attenuation

rstMaxAck accept RST with max ACK

TimeStamp TCP Timestamp Option

spoofSynDrop drop invalid SYN packets

ecn Explicit Congestion Notification

mptcpDropDataOnPreEstSF Enable or disable dropping data on pre established subflow.

mptcpFastOpen Enable or disable MPTCP fastopen.

mptcpSessionTimeout MPTCP session timeout.

dsack Enable or disable DSACK.

ackAggregation Enable or disable ACK Aggregation.

frto Enable or disable FRTO (Forward RTO-Recovery).

maxcwnd TCP Maximum Congestion Window.

fack Forward Acknowlegement

tcpmode TCP Optimization mode

tcpFastOpen Enable or disable TCP fastopen.

Hystart TCP CUBIC Hystart

dupackthresh TCP Dupack Threshold

nileD1Percent TCP Nile D1 percent

nileD2Percent TCP Nile D2 percent

nileD3Percent TCP Nile D3 percent

nileBetaMaxPercent TCP Nile Beta max

nileBetaMinPercent TCP Nile Beta min

nileAlphaMax TCP Nile Alpha max

nileAlphaMinPercent TCP Nile Alpha min

nileRttFilter TCP Nile RTT filter

nileRttFactor TCP Nile RTT factor

burstRateControl TCP Burst Rate Control DISABLED/FIXED/DYNAMIC. FIXED requires a TCP rate to be set.

tcprate TCP connection payload send rate in Kb/s

rateqmax Maximum connection queue size in bytes, when BurstRateControl is used

DropHalfClosedConnOnTimeout Silently drop tcp half closed connections on idle timeout

DropEstConnOnTimeout Silently drop tcp established connections on idle timeout

stateflag State flag

isAdaptiveTcp Explicit Adaptive TCP profile

applyAdaptiveTcp Use Adaptive TCP optimizations

builtin Flag to determine if tcp profile is built-in or not

feature The feature to be checked while applying this config

tcpFastOpenCookieSize TCP FastOpen Cookie size. This accepts only even numbers. Odd number is trimmed down to nearest even number.

taillossprobe TCP tail loss probe optimizations

clientIpTcpOption Client IP in TCP options

clientIpTcpOptionNumber ClientIP TCP Option number

mpCapableCbit Set C bit in MP-CAPABLE Syn-Ack sent by Citrix ADC

sendClientPortInTcpOption Send Client Port along with Client IP in TCP option

slowStartThreshold Slow Start Threshold Value

devno count

Example

show tcp profile [profile name]

unset ns tcpProfile

Removes the attributes of the TCP profile. Attributes for which a default value is available revert to their default values. Refer to the ‘set ns tcpProfile’ command for a description of the parameters..Refer to the set ns tcpProfile command for meanings of the arguments.

Synopsis

unset ns tcpProfile \[-WS] \[-SACK] \[-WSVal] \[-nagle] \[-ackOnPush] \[-mss] \[-maxBurst] \[-initialCwnd] \[-delayedAck] \[-oooQSize] \[-maxPktPerMss] \[-pktPerRetx] \[-minRTO] \[-slowStartIncr] \[-bufferSize] \[-synCookie] \[-KAprobeUpdateLastactivity] \[-flavor] \[-dynamicReceiveBuffering] \[-KA] \[-KAmaxProbes] \[-KAconnIdleTime] \[-KAprobeInterval] \[-sendBuffsize] \[-mptcp] \[-EstablishClientConn] \[-tcpSegOffload] \[-rfc5961Compliance] \[-rstWindowAttenuate] \[-rstMaxAck] \[-spoofSynDrop] \[-ecn] \[-mptcpDropDataOnPreEstSF] \[-mptcpFastOpen] \[-mptcpSessionTimeout] \[-TimeStamp] \[-dsack] \[-ackAggregation] \[-frto] \[-maxcwnd] \[-fack] \[-tcpmode] \[-tcpFastOpen] \[-Hystart] \[-dupackthresh] \[-burstRateControl] \[-tcprate] \[-rateqmax] \[-DropHalfClosedConnOnTimeout] \[-DropEstConnOnTimeout] \[-applyAdaptiveTcp \( ENABLED | DISABLED )] \[-clientIpTcpOption] \[-mpCapableCbit] \[-slowStartThreshold] \[-tcpFastOpenCookieSize] \[-taillossprobe] \[-clientIpTcpOptionNumber] \[-sendClientPortInTcpOption]

rm ns tcpProfile

Removes a TCP profile from the appliance.

Synopsis

rm ns tcpProfile

Arguments

name Name of the TCP profile to be removed.

Example

rm tcpprofile

set ns tcpProfile

Modifies the attributes of a TCP profile.

Synopsis

set ns tcpProfile \[-WS \( ENABLED | DISABLED )] \[-SACK \( ENABLED | DISABLED )] \[-WSVal <positive\_integer>] \[-nagle \( ENABLED | DISABLED )] \[-ackOnPush \( ENABLED | DISABLED )] \[-mss <positive\_integer>] \[-maxBurst <positive\_integer>] \[-initialCwnd <positive\_integer>] \[-delayedAck <positive\_integer>] \[-oooQSize <positive\_integer>] \[-maxPktPerMss <positive\_integer>] \[-pktPerRetx <positive\_integer>] \[-minRTO <positive\_integer>] \[-slowStartIncr <positive\_integer>] \[-bufferSize <positive\_integer>] \[-synCookie \( ENABLED | DISABLED )] \[-KAprobeUpdateLastactivity \( ENABLED | DISABLED )] \[-flavor ] \[-dynamicReceiveBuffering \( ENABLED | DISABLED )] \[-KA \( ENABLED | DISABLED )] \[-KAconnIdleTime <positive\_integer>] \[-KAmaxProbes <positive\_integer>] \[-KAprobeInterval <positive\_integer>] \[-sendBuffsize <positive\_integer>] \[-mptcp \( ENABLED | DISABLED )] \[-EstablishClientConn ] \[-tcpSegOffload \( AUTOMATIC | DISABLED )] \[-rfc5961Compliance \( ENABLED | DISABLED )] \[-rstWindowAttenuate \( ENABLED | DISABLED )] \[-rstMaxAck \( ENABLED | DISABLED )] \[-spoofSynDrop \( ENABLED | DISABLED )] \[-ecn \( ENABLED | DISABLED )] \[-mptcpDropDataOnPreEstSF \( ENABLED | DISABLED )] \[-mptcpFastOpen \( ENABLED | DISABLED )] \[-mptcpSessionTimeout <positive\_integer>] \[-TimeStamp \( ENABLED | DISABLED )] \[-dsack \( ENABLED | DISABLED )] \[-ackAggregation \( ENABLED | DISABLED )] \[-frto \( ENABLED | DISABLED )] \[-maxcwnd <positive\_integer>] \[-fack \( ENABLED | DISABLED )] \[-tcpmode \( TRANSPARENT | ENDPOINT )] \[-tcpFastOpen \( ENABLED | DISABLED )] \[-Hystart \( ENABLED | DISABLED )] \[-dupackthresh <positive\_integer>] \[-burstRateControl ] \[-tcprate <positive\_integer>] \[-rateqmax <positive\_integer>] \[-DropHalfClosedConnOnTimeout \( ENABLED | DISABLED )] \[-DropEstConnOnTimeout \( ENABLED | DISABLED )] \[-applyAdaptiveTcp \( ENABLED | DISABLED )] \[-tcpFastOpenCookieSize <positive\_integer>] \[-taillossprobe \( ENABLED | DISABLED )] \[-clientIpTcpOption \( ENABLED | DISABLED ) -clientIpTcpOptionNumber <positive\_integer>] \[-mpCapableCbit \( ENABLED | DISABLED )] \[-sendClientPortInTcpOption \( ENABLED | DISABLED )] \[-slowStartThreshold <positive\_integer>]

Arguments

name Name of the TCP profile to be modified.

WS Enable or disable window scaling.

Possible values: ENABLED, DISABLED Default value: DISABLED

SACK Enable or disable Selective ACKnowledgement (SACK).

Possible values: ENABLED, DISABLED Default value: DISABLED

WSVal Factor used to calculate the new window size. This argument is needed only when window scaling is enabled. Default value: 4 Minimum value: 0 Maximum value: 14

nagle Enable or disable the Nagle algorithm on TCP connections.

Possible values: ENABLED, DISABLED Default value: DISABLED

ackOnPush Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

Possible values: ENABLED, DISABLED Default value: ENABLED

mss Set Maximum Segment Size(MSS) to use for TCP Connection(0 forces use of global setting) Minimum value: 0 Maximum value: 9176

maxBurst Maximum number of TCP segments allowed in a burst. Default value: 6 Minimum value: 1 Maximum value: 255

initialCwnd Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server. Default value: 4 Minimum value: 1 Maximum value: 44

delayedAck Timeout for TCP delayed ACK, in milliseconds. Default value: 100 Minimum value: 10 Maximum value: 300

oooQSize Maximum size of out-of-order packets queue. A value of 0 means no limit. Default value: 64 Minimum value: 0 Maximum value: 65535

maxPktPerMss Maximum number of TCP packets allowed per maximum segment size (MSS). Minimum value: 0 Maximum value: 1460

pktPerRetx Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK. Default value: 1 Minimum value: 1 Maximum value: 512

minRTO Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10). Default value: 1000 Minimum value: 10 Maximum value: 64000

slowStartIncr Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission. Default value: 2 Minimum value: 1 Maximum value: 100

bufferSize TCP buffering size, in bytes. Default value: 8190 Minimum value: 8190 Maximum value: 20971520

synCookie Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the Citrix ADC.

Possible values: ENABLED, DISABLED Default value: ENABLED

KAprobeUpdateLastactivity Update last activity for the connection after receiving keep-alive (KA) probes.

Possible values: ENABLED, DISABLED Default value: ENABLED

flavor Set TCP congestion control algorithm.

Possible values: Default, Westwood, BIC, CUBIC, Nile, BBR Default value: Default

dynamicReceiveBuffering Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions. Note: The buffer size argument must be set for dynamic adjustments to take place.

Possible values: ENABLED, DISABLED Default value: DISABLED

KA Send periodic TCP keep-alive (KA) probes to check if peer is still up.

Possible values: ENABLED, DISABLED Default value: DISABLED

KAconnIdleTime Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe. Default value: NSTCP_KA_DEFAULT_CONN_IDLETIME Minimum value: 1 Maximum value: 4095

KAmaxProbes Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down. Default value: NSTCP_KA_DEFAULT_PROBE_COUNT Minimum value: 1 Maximum value: 254

KAprobeInterval Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond. Default value: NSTCP_KA_DEFAULT_INTERVAL Minimum value: 1 Maximum value: 4095

sendBuffsize TCP Send Buffer Size Default value: 8190 Minimum value: 8190 Maximum value: 20971520

mptcp Enable or disable Multipath TCP.

Possible values: ENABLED, DISABLED Default value: DISABLED

EstablishClientConn Establishing Client Client connection on First data/ Final-ACK / Automatic

Possible values: AUTOMATIC, CONN_ESTABLISHED, ON_FIRST_DATA Default value: AUTOMATIC

tcpSegOffload Offload TCP segmentation to the NIC. If set to AUTOMATIC, TCP segmentation will be offloaded to the NIC, if the NIC supports it.

Possible values: AUTOMATIC, DISABLED Default value: AUTOMATIC

rfc5961Compliance Enable or disable RFC 5961 compliance to protect against tcp spoofing(RST/SYN/Data). When enabled, will be compliant with RFC 5961.

Possible values: ENABLED, DISABLED Default value: DISABLED

rstWindowAttenuate Enable or disable RST window attenuation to protect against spoofing. When enabled, will reply with corrective ACK when a sequence number is invalid.

Possible values: ENABLED, DISABLED Default value: DISABLED

rstMaxAck Enable or disable acceptance of RST that is out of window yet echoes highest ACK sequence number. Useful only in proxy mode.

Possible values: ENABLED, DISABLED Default value: DISABLED

spoofSynDrop Enable or disable drop of invalid SYN packets to protect against spoofing. When disabled, established connections will be reset when a SYN packet is received.

Possible values: ENABLED, DISABLED Default value: ENABLED

ecn Enable or disable TCP Explicit Congestion Notification.

Possible values: ENABLED, DISABLED Default value: DISABLED

mptcpDropDataOnPreEstSF Enable or disable silently dropping the data on Pre-Established subflow. When enabled, DSS data packets are dropped silently instead of dropping the connection when data is received on pre established subflow.

Possible values: ENABLED, DISABLED Default value: DISABLED

mptcpFastOpen Enable or disable Multipath TCP fastopen. When enabled, DSS data packets are accepted before receiving the third ack of SYN handshake.

Possible values: ENABLED, DISABLED Default value: DISABLED

mptcpSessionTimeout MPTCP session timeout in seconds. If this value is not set, idle MPTCP sessions are flushed after vserver’s client idle timeout. Default value: 0 Minimum value: 0 Maximum value: 86400

TimeStamp Enable or Disable TCP Timestamp option (RFC 1323)

Possible values: ENABLED, DISABLED Default value: DISABLED

dsack Enable or disable DSACK.

Possible values: ENABLED, DISABLED Default value: ENABLED

ackAggregation Enable or disable ACK Aggregation.

Possible values: ENABLED, DISABLED Default value: DISABLED

frto Enable or disable FRTO (Forward RTO-Recovery).

Possible values: ENABLED, DISABLED Default value: DISABLED

maxcwnd TCP Maximum Congestion Window. Default value: 524288 Minimum value: 8190 Maximum value: 20971520

fack Enable or disable FACK (Forward ACK).

Possible values: ENABLED, DISABLED Default value: DISABLED

tcpmode TCP Optimization modes TRANSPARENT / ENDPOINT.

Possible values: TRANSPARENT, ENDPOINT Default value: TRANSPARENT

tcpFastOpen Enable or disable TCP Fastopen. When enabled, NS can receive or send Data in SYN or SYN-ACK packets.

Possible values: ENABLED, DISABLED Default value: DISABLED

Hystart Enable or disable CUBIC Hystart

Possible values: ENABLED, DISABLED Default value: DISABLED

dupackthresh TCP dupack threshold. Default value: 3 Minimum value: 1 Maximum value: 15

burstRateControl TCP Burst Rate Control DISABLED/FIXED/DYNAMIC. FIXED requires a TCP rate to be set.

Possible values: DISABLED, FIXED, DYNAMIC Default value: DISABLED

tcprate TCP connection payload send rate in Kb/s Default value: 0 Minimum value: 0 Maximum value: 10000000

rateqmax Maximum connection queue size in bytes, when BurstRateControl is used Default value: 0 Minimum value: 0 Maximum value: 1000000000

DropHalfClosedConnOnTimeout Silently drop tcp half closed connections on idle timeout

Possible values: ENABLED, DISABLED Default value: DISABLED

DropEstConnOnTimeout Silently drop tcp established connections on idle timeout

Possible values: ENABLED, DISABLED Default value: DISABLED

applyAdaptiveTcp Apply Adaptive TCP optimizations

Possible values: ENABLED, DISABLED Default value: DISABLED

tcpFastOpenCookieSize TCP FastOpen Cookie size. This accepts only even numbers. Odd number is trimmed down to nearest even number. Default value: 8 Minimum value: 4 Maximum value: 16

taillossprobe TCP tail loss probe optimizations

Possible values: ENABLED, DISABLED Default value: DISABLED

clientIpTcpOption Client IP in TCP options

Possible values: ENABLED, DISABLED Default value: DISABLED

clientIpTcpOptionNumber ClientIP TCP Option number Minimum value: 1 Maximum value: 254

mpCapableCbit Set C bit in MP-CAPABLE Syn-Ack sent by Citrix ADC

Possible values: ENABLED, DISABLED Default value: DISABLED

sendClientPortInTcpOption Send Client Port number along with Client IP in TCP-Options. ClientIpTcpOption must be ENABLED

Possible values: ENABLED, DISABLED Default value: DISABLED

slowStartThreshold TCP Slow Start Threhsold Value. Default value: 524288 Minimum value: 8190 Maximum value: 20971520

Example

set tcpprofile -WS ENABLED -WSVAL 4

ns-tcpProfile