ns-tcpProfile
The following operations can be performed on “ns-tcpProfile”:
add | show | unset | rm | set |
add ns tcpProfile
Adds a TCP profile to the Citrix ADC.
Synopsis
add ns tcpProfile
Arguments
name Name for a TCP profile. Must begin with a letter, number, or the underscore (_) character. Other characters allowed, after the first character, are the hyphen (-), period (.), hash (#), space ( ), at (@), colon (:), and equal (=) characters. The name of a TCP profile cannot be changed after it is created.
CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my tcp profile” or ‘my tcp profile’).
WS Enable or disable window scaling.
Possible values: ENABLED, DISABLED Default value: DISABLED
SACK Enable or disable Selective ACKnowledgement (SACK).
Possible values: ENABLED, DISABLED Default value: DISABLED
WSVal Factor used to calculate the new window size. This argument is needed only when window scaling is enabled. Default value: 4 Minimum value: 0 Maximum value: 14
nagle Enable or disable the Nagle algorithm on TCP connections.
Possible values: ENABLED, DISABLED Default value: DISABLED
ackOnPush Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.
Possible values: ENABLED, DISABLED Default value: ENABLED
mss Maximum number of octets to allow in a TCP data segment. Minimum value: 0 Maximum value: 9176
maxBurst Maximum number of TCP segments allowed in a burst. Default value: 6 Minimum value: 1 Maximum value: 255
initialCwnd Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server. Default value: 4 Minimum value: 1 Maximum value: 44
delayedAck Timeout for TCP delayed ACK, in milliseconds. Default value: 100 Minimum value: 10 Maximum value: 300
oooQSize Maximum size of out-of-order packets queue. A value of 0 means no limit. Default value: 64 Minimum value: 0 Maximum value: 65535
maxPktPerMss Maximum number of TCP packets allowed per maximum segment size (MSS). Minimum value: 0 Maximum value: 1460
pktPerRetx Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK. Default value: 1 Minimum value: 1 Maximum value: 512
minRTO Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10). Default value: 1000 Minimum value: 10 Maximum value: 64000
slowStartIncr Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission. Default value: 2 Minimum value: 1 Maximum value: 100
bufferSize TCP buffering size, in bytes. Default value: 8190 Minimum value: 8190 Maximum value: 20971520
synCookie Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the Citrix ADC.
Possible values: ENABLED, DISABLED Default value: ENABLED
KAprobeUpdateLastactivity Update last activity for the connection after receiving keep-alive (KA) probes.
Possible values: ENABLED, DISABLED Default value: ENABLED
flavor Set TCP congestion control algorithm.
Possible values: Default, Westwood, BIC, CUBIC, Nile, BBR Default value: Default
dynamicReceiveBuffering Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions. Note: The buffer size argument must be set for dynamic adjustments to take place.
Possible values: ENABLED, DISABLED Default value: DISABLED
KA Send periodic TCP keep-alive (KA) probes to check if peer is still up.
Possible values: ENABLED, DISABLED Default value: DISABLED
KAconnIdleTime Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe. Default value: NSTCP_KA_DEFAULT_CONN_IDLETIME Minimum value: 1 Maximum value: 4095
KAmaxProbes Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down. Default value: NSTCP_KA_DEFAULT_PROBE_COUNT Minimum value: 1 Maximum value: 254
KAprobeInterval Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond. Default value: NSTCP_KA_DEFAULT_INTERVAL Minimum value: 1 Maximum value: 4095
sendBuffsize TCP Send Buffer Size Default value: 8190 Minimum value: 8190 Maximum value: 20971520
mptcp Enable or disable Multipath TCP.
Possible values: ENABLED, DISABLED Default value: DISABLED
EstablishClientConn Establishing Client Client connection on First data/ Final-ACK / Automatic
Possible values: AUTOMATIC, CONN_ESTABLISHED, ON_FIRST_DATA Default value: AUTOMATIC
tcpSegOffload Offload TCP segmentation to the NIC. If set to AUTOMATIC, TCP segmentation will be offloaded to the NIC, if the NIC supports it.
Possible values: AUTOMATIC, DISABLED Default value: AUTOMATIC
rfc5961Compliance Enable or disable RFC 5961 compliance to protect against tcp spoofing(RST/SYN/Data). When enabled, will be compliant with RFC 5961.
Possible values: ENABLED, DISABLED Default value: DISABLED
rstWindowAttenuate Enable or disable RST window attenuation to protect against spoofing. When enabled, will reply with corrective ACK when a sequence number is invalid.
Possible values: ENABLED, DISABLED Default value: DISABLED
rstMaxAck Enable or disable acceptance of RST that is out of window yet echoes highest ACK sequence number. Useful only in proxy mode.
Possible values: ENABLED, DISABLED Default value: DISABLED
spoofSynDrop Enable or disable drop of invalid SYN packets to protect against spoofing. When disabled, established connections will be reset when a SYN packet is received.
Possible values: ENABLED, DISABLED Default value: ENABLED
ecn Enable or disable TCP Explicit Congestion Notification.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpDropDataOnPreEstSF Enable or disable silently dropping the data on Pre-Established subflow. When enabled, DSS data packets are dropped silently instead of dropping the connection when data is received on pre established subflow.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpFastOpen Enable or disable Multipath TCP fastopen. When enabled, DSS data packets are accepted before receiving the third ack of SYN handshake.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpSessionTimeout MPTCP session timeout in seconds. If this value is not set, idle MPTCP sessions are flushed after vserver’s client idle timeout. Default value: 0 Minimum value: 0 Maximum value: 86400
TimeStamp Enable or Disable TCP Timestamp option (RFC 1323)
Possible values: ENABLED, DISABLED Default value: DISABLED
dsack Enable or disable DSACK.
Possible values: ENABLED, DISABLED Default value: ENABLED
ackAggregation Enable or disable ACK Aggregation.
Possible values: ENABLED, DISABLED Default value: DISABLED
frto Enable or disable FRTO (Forward RTO-Recovery).
Possible values: ENABLED, DISABLED Default value: DISABLED
maxcwnd TCP Maximum Congestion Window. Default value: 524288 Minimum value: 8190 Maximum value: 20971520
fack Enable or disable FACK (Forward ACK).
Possible values: ENABLED, DISABLED Default value: DISABLED
tcpmode TCP Optimization modes TRANSPARENT / ENDPOINT.
Possible values: TRANSPARENT, ENDPOINT Default value: TRANSPARENT
tcpFastOpen Enable or disable TCP Fastopen. When enabled, NS can receive or send Data in SYN or SYN-ACK packets.
Possible values: ENABLED, DISABLED Default value: DISABLED
Hystart Enable or disable CUBIC Hystart
Possible values: ENABLED, DISABLED Default value: DISABLED
dupackthresh TCP dupack threshold. Default value: 3 Minimum value: 1 Maximum value: 15
burstRateControl TCP Burst Rate Control DISABLED/FIXED/DYNAMIC. FIXED requires a TCP rate to be set.
Possible values: DISABLED, FIXED, DYNAMIC Default value: DISABLED
tcprate TCP connection payload send rate in Kb/s Default value: 0 Minimum value: 0 Maximum value: 10000000
rateqmax Maximum connection queue size in bytes, when BurstRateControl is used Default value: 0 Minimum value: 0 Maximum value: 1000000000
DropHalfClosedConnOnTimeout Silently drop tcp half closed connections on idle timeout
Possible values: ENABLED, DISABLED Default value: DISABLED
DropEstConnOnTimeout Silently drop tcp established connections on idle timeout
Possible values: ENABLED, DISABLED Default value: DISABLED
applyAdaptiveTcp Apply Adaptive TCP optimizations
Possible values: ENABLED, DISABLED Default value: DISABLED
tcpFastOpenCookieSize TCP FastOpen Cookie size. This accepts only even numbers. Odd number is trimmed down to nearest even number. Default value: 8 Minimum value: 4 Maximum value: 16
taillossprobe TCP tail loss probe optimizations
Possible values: ENABLED, DISABLED Default value: DISABLED
clientIpTcpOption Client IP in TCP options
Possible values: ENABLED, DISABLED Default value: DISABLED
clientIpTcpOptionNumber ClientIP TCP Option number Minimum value: 1 Maximum value: 254
mpCapableCbit Set C bit in MP-CAPABLE Syn-Ack sent by Citrix ADC
Possible values: ENABLED, DISABLED Default value: DISABLED
sendClientPortInTcpOption Send Client Port number along with Client IP in TCP-Options. ClientIpTcpOption must be ENABLED
Possible values: ENABLED, DISABLED Default value: DISABLED
slowStartThreshold TCP Slow Start Threhsold Value. Default value: 524288 Minimum value: 8190 Maximum value: 20971520
Example
add tcpprofile
show ns tcpProfile
Displays information about TCP profiles configured on the appliance.
Synopsis
show ns tcpProfile [
Arguments
name Name of the TCP profile to be displayed. If a name is not provided, information about all TCP profiles is shown.
Output
WS Enable or disable window scaling.
SACK Enable or disable Selective ACKnowledgement (SACK).
WSVal Factor used to calculate the new window size. This argument is needed only when window scaling is enabled.
nagle Enable or disable the Nagle algorithm on TCP connections.
ackOnPush Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.
mss Maximum Segment Size(MSS) to use for TCP Connection(0 forces use of global setting)
maxBurst Maximum number of TCP segments allowed in a burst.
initialCwnd Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.
delayedAck Timeout for TCP delayed ACK, in milliseconds.
oooQSize Maximum size of out-of-order packets queue. A value of 0 means no limit.
maxPktPerMss Maximum packet per MSS value
pktPerRetx Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK.
minRTO TCP minimum RTO (in millisec)
slowStartIncr TCP slowstart increment factor
bufferSize TCP Buffer size
flavor TCP algorithm
refCnt Number of entities using this profile
synCookie Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the Citrix ADC.
KAprobeUpdateLastactivity Update last activity for the connection after receiving keep-alive (KA) probes.
dynamicReceiveBuffering Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions. Note: The buffer size argument must be set for dynamic adjustments to take place.
KA Send periodic TCP keep-alive (KA) probes to check if peer is still up.
KAconnIdleTime Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe.
KAmaxProbes Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down.
KAprobeInterval Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond.
sendBuffsize TCP Send Buffer size
mptcp Enable/Disable Multi-Path TCP
EstablishClientConn Allocating Client Conn on
tcpSegOffload TCP Segmentation Offload
rfc5961Compliance RFC5961 Compliance
rstWindowAttenuate RST Window Attenuation
rstMaxAck accept RST with max ACK
TimeStamp TCP Timestamp Option
spoofSynDrop drop invalid SYN packets
ecn Explicit Congestion Notification
mptcpDropDataOnPreEstSF Enable or disable dropping data on pre established subflow.
mptcpFastOpen Enable or disable MPTCP fastopen.
mptcpSessionTimeout MPTCP session timeout.
dsack Enable or disable DSACK.
ackAggregation Enable or disable ACK Aggregation.
frto Enable or disable FRTO (Forward RTO-Recovery).
maxcwnd TCP Maximum Congestion Window.
fack Forward Acknowlegement
tcpmode TCP Optimization mode
tcpFastOpen Enable or disable TCP fastopen.
Hystart TCP CUBIC Hystart
dupackthresh TCP Dupack Threshold
nileD1Percent TCP Nile D1 percent
nileD2Percent TCP Nile D2 percent
nileD3Percent TCP Nile D3 percent
nileBetaMaxPercent TCP Nile Beta max
nileBetaMinPercent TCP Nile Beta min
nileAlphaMax TCP Nile Alpha max
nileAlphaMinPercent TCP Nile Alpha min
nileRttFilter TCP Nile RTT filter
nileRttFactor TCP Nile RTT factor
burstRateControl TCP Burst Rate Control DISABLED/FIXED/DYNAMIC. FIXED requires a TCP rate to be set.
tcprate TCP connection payload send rate in Kb/s
rateqmax Maximum connection queue size in bytes, when BurstRateControl is used
DropHalfClosedConnOnTimeout Silently drop tcp half closed connections on idle timeout
DropEstConnOnTimeout Silently drop tcp established connections on idle timeout
stateflag State flag
isAdaptiveTcp Explicit Adaptive TCP profile
applyAdaptiveTcp Use Adaptive TCP optimizations
builtin Flag to determine if tcp profile is built-in or not
feature The feature to be checked while applying this config
tcpFastOpenCookieSize TCP FastOpen Cookie size. This accepts only even numbers. Odd number is trimmed down to nearest even number.
taillossprobe TCP tail loss probe optimizations
clientIpTcpOption Client IP in TCP options
clientIpTcpOptionNumber ClientIP TCP Option number
mpCapableCbit Set C bit in MP-CAPABLE Syn-Ack sent by Citrix ADC
sendClientPortInTcpOption Send Client Port along with Client IP in TCP option
slowStartThreshold Slow Start Threshold Value
devno count
Example
show tcp profile [profile name]
unset ns tcpProfile
Removes the attributes of the TCP profile. Attributes for which a default value is available revert to their default values. Refer to the ‘set ns tcpProfile’ command for a description of the parameters..Refer to the set ns tcpProfile command for meanings of the arguments.
Synopsis
unset ns tcpProfile
rm ns tcpProfile
Removes a TCP profile from the appliance.
Synopsis
rm ns tcpProfile
Arguments
name Name of the TCP profile to be removed.
Example
rm tcpprofile
set ns tcpProfile
Modifies the attributes of a TCP profile.
Synopsis
set ns tcpProfile
Arguments
name Name of the TCP profile to be modified.
WS Enable or disable window scaling.
Possible values: ENABLED, DISABLED Default value: DISABLED
SACK Enable or disable Selective ACKnowledgement (SACK).
Possible values: ENABLED, DISABLED Default value: DISABLED
WSVal Factor used to calculate the new window size. This argument is needed only when window scaling is enabled. Default value: 4 Minimum value: 0 Maximum value: 14
nagle Enable or disable the Nagle algorithm on TCP connections.
Possible values: ENABLED, DISABLED Default value: DISABLED
ackOnPush Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.
Possible values: ENABLED, DISABLED Default value: ENABLED
mss Set Maximum Segment Size(MSS) to use for TCP Connection(0 forces use of global setting) Minimum value: 0 Maximum value: 9176
maxBurst Maximum number of TCP segments allowed in a burst. Default value: 6 Minimum value: 1 Maximum value: 255
initialCwnd Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server. Default value: 4 Minimum value: 1 Maximum value: 44
delayedAck Timeout for TCP delayed ACK, in milliseconds. Default value: 100 Minimum value: 10 Maximum value: 300
oooQSize Maximum size of out-of-order packets queue. A value of 0 means no limit. Default value: 64 Minimum value: 0 Maximum value: 65535
maxPktPerMss Maximum number of TCP packets allowed per maximum segment size (MSS). Minimum value: 0 Maximum value: 1460
pktPerRetx Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK. Default value: 1 Minimum value: 1 Maximum value: 512
minRTO Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10). Default value: 1000 Minimum value: 10 Maximum value: 64000
slowStartIncr Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission. Default value: 2 Minimum value: 1 Maximum value: 100
bufferSize TCP buffering size, in bytes. Default value: 8190 Minimum value: 8190 Maximum value: 20971520
synCookie Enable or disable the SYNCOOKIE mechanism for TCP handshake with clients. Disabling SYNCOOKIE prevents SYN attack protection on the Citrix ADC.
Possible values: ENABLED, DISABLED Default value: ENABLED
KAprobeUpdateLastactivity Update last activity for the connection after receiving keep-alive (KA) probes.
Possible values: ENABLED, DISABLED Default value: ENABLED
flavor Set TCP congestion control algorithm.
Possible values: Default, Westwood, BIC, CUBIC, Nile, BBR Default value: Default
dynamicReceiveBuffering Enable or disable dynamic receive buffering. When enabled, allows the receive buffer to be adjusted dynamically based on memory and network conditions. Note: The buffer size argument must be set for dynamic adjustments to take place.
Possible values: ENABLED, DISABLED Default value: DISABLED
KA Send periodic TCP keep-alive (KA) probes to check if peer is still up.
Possible values: ENABLED, DISABLED Default value: DISABLED
KAconnIdleTime Duration, in seconds, for the connection to be idle, before sending a keep-alive (KA) probe. Default value: NSTCP_KA_DEFAULT_CONN_IDLETIME Minimum value: 1 Maximum value: 4095
KAmaxProbes Number of keep-alive (KA) probes to be sent when not acknowledged, before assuming the peer to be down. Default value: NSTCP_KA_DEFAULT_PROBE_COUNT Minimum value: 1 Maximum value: 254
KAprobeInterval Time interval, in seconds, before the next keep-alive (KA) probe, if the peer does not respond. Default value: NSTCP_KA_DEFAULT_INTERVAL Minimum value: 1 Maximum value: 4095
sendBuffsize TCP Send Buffer Size Default value: 8190 Minimum value: 8190 Maximum value: 20971520
mptcp Enable or disable Multipath TCP.
Possible values: ENABLED, DISABLED Default value: DISABLED
EstablishClientConn Establishing Client Client connection on First data/ Final-ACK / Automatic
Possible values: AUTOMATIC, CONN_ESTABLISHED, ON_FIRST_DATA Default value: AUTOMATIC
tcpSegOffload Offload TCP segmentation to the NIC. If set to AUTOMATIC, TCP segmentation will be offloaded to the NIC, if the NIC supports it.
Possible values: AUTOMATIC, DISABLED Default value: AUTOMATIC
rfc5961Compliance Enable or disable RFC 5961 compliance to protect against tcp spoofing(RST/SYN/Data). When enabled, will be compliant with RFC 5961.
Possible values: ENABLED, DISABLED Default value: DISABLED
rstWindowAttenuate Enable or disable RST window attenuation to protect against spoofing. When enabled, will reply with corrective ACK when a sequence number is invalid.
Possible values: ENABLED, DISABLED Default value: DISABLED
rstMaxAck Enable or disable acceptance of RST that is out of window yet echoes highest ACK sequence number. Useful only in proxy mode.
Possible values: ENABLED, DISABLED Default value: DISABLED
spoofSynDrop Enable or disable drop of invalid SYN packets to protect against spoofing. When disabled, established connections will be reset when a SYN packet is received.
Possible values: ENABLED, DISABLED Default value: ENABLED
ecn Enable or disable TCP Explicit Congestion Notification.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpDropDataOnPreEstSF Enable or disable silently dropping the data on Pre-Established subflow. When enabled, DSS data packets are dropped silently instead of dropping the connection when data is received on pre established subflow.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpFastOpen Enable or disable Multipath TCP fastopen. When enabled, DSS data packets are accepted before receiving the third ack of SYN handshake.
Possible values: ENABLED, DISABLED Default value: DISABLED
mptcpSessionTimeout MPTCP session timeout in seconds. If this value is not set, idle MPTCP sessions are flushed after vserver’s client idle timeout. Default value: 0 Minimum value: 0 Maximum value: 86400
TimeStamp Enable or Disable TCP Timestamp option (RFC 1323)
Possible values: ENABLED, DISABLED Default value: DISABLED
dsack Enable or disable DSACK.
Possible values: ENABLED, DISABLED Default value: ENABLED
ackAggregation Enable or disable ACK Aggregation.
Possible values: ENABLED, DISABLED Default value: DISABLED
frto Enable or disable FRTO (Forward RTO-Recovery).
Possible values: ENABLED, DISABLED Default value: DISABLED
maxcwnd TCP Maximum Congestion Window. Default value: 524288 Minimum value: 8190 Maximum value: 20971520
fack Enable or disable FACK (Forward ACK).
Possible values: ENABLED, DISABLED Default value: DISABLED
tcpmode TCP Optimization modes TRANSPARENT / ENDPOINT.
Possible values: TRANSPARENT, ENDPOINT Default value: TRANSPARENT
tcpFastOpen Enable or disable TCP Fastopen. When enabled, NS can receive or send Data in SYN or SYN-ACK packets.
Possible values: ENABLED, DISABLED Default value: DISABLED
Hystart Enable or disable CUBIC Hystart
Possible values: ENABLED, DISABLED Default value: DISABLED
dupackthresh TCP dupack threshold. Default value: 3 Minimum value: 1 Maximum value: 15
burstRateControl TCP Burst Rate Control DISABLED/FIXED/DYNAMIC. FIXED requires a TCP rate to be set.
Possible values: DISABLED, FIXED, DYNAMIC Default value: DISABLED
tcprate TCP connection payload send rate in Kb/s Default value: 0 Minimum value: 0 Maximum value: 10000000
rateqmax Maximum connection queue size in bytes, when BurstRateControl is used Default value: 0 Minimum value: 0 Maximum value: 1000000000
DropHalfClosedConnOnTimeout Silently drop tcp half closed connections on idle timeout
Possible values: ENABLED, DISABLED Default value: DISABLED
DropEstConnOnTimeout Silently drop tcp established connections on idle timeout
Possible values: ENABLED, DISABLED Default value: DISABLED
applyAdaptiveTcp Apply Adaptive TCP optimizations
Possible values: ENABLED, DISABLED Default value: DISABLED
tcpFastOpenCookieSize TCP FastOpen Cookie size. This accepts only even numbers. Odd number is trimmed down to nearest even number. Default value: 8 Minimum value: 4 Maximum value: 16
taillossprobe TCP tail loss probe optimizations
Possible values: ENABLED, DISABLED Default value: DISABLED
clientIpTcpOption Client IP in TCP options
Possible values: ENABLED, DISABLED Default value: DISABLED
clientIpTcpOptionNumber ClientIP TCP Option number Minimum value: 1 Maximum value: 254
mpCapableCbit Set C bit in MP-CAPABLE Syn-Ack sent by Citrix ADC
Possible values: ENABLED, DISABLED Default value: DISABLED
sendClientPortInTcpOption Send Client Port number along with Client IP in TCP-Options. ClientIpTcpOption must be ENABLED
Possible values: ENABLED, DISABLED Default value: DISABLED
slowStartThreshold TCP Slow Start Threhsold Value. Default value: 524288 Minimum value: 8190 Maximum value: 20971520
Example
set tcpprofile