ADC NITRO APIs

nstcpparam

Configuration for tcp parameters resource.

Properties

(click to see Operations )

Name Data Type Permissions Description
ws <String> Read-write Enable or disable window scaling.

Default value: ENABLED

Possible values = ENABLED, DISABLED
wsval <Double> Read-write Factor used to calculate the new window size.

This argument is needed only when the window scaling is enabled.

Default value: 8

Minimum value = 0

Maximum value = 14
sack <String> Read-write Enable or disable Selective ACKnowledgement (SACK).

Default value: ENABLED

Possible values = ENABLED, DISABLED
learnvsvrmss <String> Read-write Enable or disable maximum segment size (MSS) learning for virtual servers.

Default value: DISABLED

Possible values = ENABLED, DISABLED
maxburst <Double> Read-write Maximum number of TCP segments allowed in a burst.

Default value: 6

Minimum value = 1

Maximum value = 255
initialcwnd <Double> Read-write Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.

Default value: 10

Minimum value = 1

Maximum value = 44
recvbuffsize <Double> Read-write TCP Receive buffer size.

Default value: 8190

Minimum value = 8190

Maximum value = 20971520
delayedack <Double> Read-write Timeout for TCP delayed ACK, in milliseconds.

Default value: 100

Minimum value = 10

Maximum value = 300
downstaterst <String> Read-write Flag to switch on RST on down services.

Default value: DISABLED

Possible values = ENABLED, DISABLED
nagle <String> Read-write Enable or disable the Nagle algorithm on TCP connections.

Default value: DISABLED

Possible values = ENABLED, DISABLED
limitedpersist <String> Read-write Limit the number of persist (zero window) probes.

Default value: ENABLED

Possible values = ENABLED, DISABLED
oooqsize <Double> Read-write Maximum size of out-of-order packets queue. A value of 0 means no limit.

Default value: 300

Minimum value = 0

Maximum value = 65535
ackonpush <String> Read-write Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

Default value: ENABLED

Possible values = ENABLED, DISABLED
maxpktpermss <Double> Read-write Maximum number of TCP packets allowed per maximum segment size (MSS).

Minimum value = 0

Maximum value = 1460
pktperretx <Integer> Read-write Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK.

Default value: 1

Minimum value = 1

Maximum value = 100
minrto <Integer> Read-write Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10).

Default value: 1000

Minimum value = 10

Maximum value = 64000
slowstartincr <Integer> Read-write Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission.

Default value: 2

Minimum value = 1

Maximum value = 100
maxdynserverprobes <Double> Read-write Maximum number of probes that Citrix ADC can send out in 10 milliseconds, to dynamically learn a service. Citrix ADC probes for the existence of the origin in case of wildcard virtual server or services.

Default value: 7

Minimum value = 1

Maximum value = 65535
synholdfastgiveup <Double> Read-write Maximum threshold. After crossing this threshold number of outstanding probes for origin, the Citrix ADC reduces the number of connection retries for probe connections.

Default value: 1024

Minimum value = 256

Maximum value = 65535
maxsynholdperprobe <Double> Read-write Limit the number of client connections (SYN) waiting for status of single probe. Any new SYN packets will be dropped.

Default value: 128

Minimum value = 1

Maximum value = 255
maxsynhold <Double> Read-write Limit the number of client connections (SYN) waiting for status of probe system wide. Any new SYN packets will be dropped.

Default value: 16384

Minimum value = 256

Maximum value = 65535
msslearninterval <Double> Read-write Duration, in seconds, to sample the Maximum Segment Size (MSS) of the services. The Citrix ADC determines the best MSS to set for the virtual server based on this sampling. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.

Default value: 180

Minimum value = 1

Maximum value = 1048576
msslearndelay <Double> Read-write Frequency, in seconds, at which the virtual servers learn the Maximum segment size (MSS) from the services. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.

Default value: 3600

Minimum value = 1

Maximum value = 1048576
maxtimewaitconn <Double> Read-write Maximum number of connections to hold in the TCP TIME_WAIT state on a packet engine. New connections entering TIME_WAIT state are proactively cleaned up.

Default value: 7000

Minimum value = 1
kaprobeupdatelastactivity <String> Read-write Update last activity for KA probes.

Default value: ENABLED

Possible values = ENABLED, DISABLED
maxsynackretx <Double> Read-write When 'syncookie' is disabled in the TCP profile that is bound to the virtual server or service, and the number of TCP SYN+ACK retransmission by Citrix ADC for that virtual server or service crosses this threshold, the Citrix ADC responds by using the TCP SYN-Cookie mechanism.

Default value: 100

Minimum value = 100

Maximum value = 1048576
synattackdetection <String> Read-write Detect TCP SYN packet flood and send an SNMP trap.

Default value: ENABLED

Possible values = ENABLED, DISABLED
connflushifnomem <String> Read-write Flush an existing connection if no memory can be obtained for new connection.



HALF_CLOSED_AND_IDLE: Flush a connection that is closed by us but not by peer, or failing that, a connection that is past configured idle time. New connection fails if no such connection can be found.



FIFO: If no half-closed or idle connection can be found, flush the oldest non-management connection, even if it is active. New connection fails if the oldest few connections are management connections.



Note: If you enable this setting, you should also consider lowering the zombie timeout and half-close timeout, while setting the Citrix ADC timeout.



See Also: connFlushThres argument below.



Default value: NSA_CONNFLUSH_NONE

Possible values = NONE , HALFCLOSED_AND_IDLE, FIFO
connflushthres <Double> Read-write Flush an existing connection (as configured through -connFlushIfNoMem FIFO) if the system has more than specified number of connections, and a new connection is to be established. Note: This value may be rounded down to be a whole multiple of the number of packet engines running.

Minimum value = 1
mptcpconcloseonpassivesf <String> Read-write Accept DATA_FIN/FAST_CLOSE on passive subflow.

Default value: ENABLED

Possible values = ENABLED, DISABLED
mptcpchecksum <String> Read-write Use MPTCP DSS checksum.

Default value: ENABLED

Possible values = ENABLED, DISABLED
mptcpsftimeout <Double> Read-write The timeout value in seconds for idle mptcp subflows. If this timeout is not set, idle subflows are cleared after cltTimeout of vserver.

Default value: 0

Minimum value = 0

Maximum value = 31536000
mptcpsfreplacetimeout <Double> Read-write The minimum idle time value in seconds for idle mptcp subflows after which the sublow is replaced by new incoming subflow if maximum subflow limit is reached. The priority for replacement is given to those subflow without any transaction.

Default value: 10

Minimum value = 0

Maximum value = 31536000
mptcpmaxsf <Double> Read-write Maximum number of subflow connections supported in established state per mptcp connection.

Default value: 4

Minimum value = 2

Maximum value = 6
mptcpmaxpendingsf <Double> Read-write Maximum number of subflow connections supported in pending join state per mptcp connection.

Default value: 4

Minimum value = 0

Maximum value = 4
mptcppendingjointhreshold <Double> Read-write Maximum system level pending join connections allowed.

Default value: 0

Minimum value = 0

Maximum value = 4294967294
mptcprtostoswitchsf <Double> Read-write Number of RTO's at subflow level, after which MPCTP should start using other subflow.

Default value: 2

Minimum value = 1

Maximum value = 6
mptcpusebackupondss <String> Read-write When enabled, if NS receives a DSS on a backup subflow, NS will start using that subflow to send data. And if disabled, NS will continue to transmit on current chosen subflow. In case there is some error on a subflow (like RTO's/RST etc.) then NS can choose a backup subflow irrespective of this tunable.

Default value: ENABLED

Possible values = ENABLED, DISABLED
tcpmaxretries <Double> Read-write Number of RTO's after which a connection should be freed.

Default value: 7

Minimum value = 1

Maximum value = 7
mptcpimmediatesfcloseonfin <String> Read-write Allow subflows to close immediately on FIN before the DATA_FIN exchange is completed at mptcp level.

Default value: DISABLED

Possible values = ENABLED, DISABLED
mptcpclosemptcpsessiononlastsfclose <String> Read-write Allow to send DATA FIN or FAST CLOSE on mptcp connection while sending FIN or RST on the last subflow.

Default value: DISABLED

Possible values = ENABLED, DISABLED
mptcpsendsfresetoption <String> Read-write Allow MPTCP subflows to send TCP RST Reason (MP_TCPRST) Option while sending TCP RST.

Default value: DISABLED

Possible values = ENABLED, DISABLED
mptcpfastcloseoption <String> Read-write Allow to select option ACK or RESET to force the closure of an MPTCP connection abruptly.

Default value: ACK

Possible values = ACK, RESET
mptcpreliableaddaddr <String> Read-write If enabled, Citrix ADC retransmits MPTCP ADD-ADDR option if echo response is not received within the timeout interval. The retransmission is attempted only once.

Default value: DISABLED

Possible values = ENABLED, DISABLED
tcpfastopencookietimeout <Double> Read-write Timeout in seconds after which a new TFO Key is computed for generating TFO Cookie. If zero, the same key is used always. If timeout is less than 120seconds, NS defaults to 120seconds timeout.

Default value: 0

Minimum value = 0

Maximum value = 31536000
autosyncookietimeout <Double> Read-write Timeout for the server to function in syncookie mode after the synattack. This is valid if TCP syncookie is disabled on the profile and server acts in non syncookie mode by default.

Default value: 30

Minimum value = 7

Maximum value = 65535
tcpfintimeout <Double> Read-write The amount of time in seconds, after which a TCP connnection in the TCP TIME-WAIT state is flushed.

Default value: 40

Minimum value = 10

Maximum value = 240
compacttcpoptionnoop <String> Read-write If enabled, non-negotiated TCP options are removed from the received packet while proxying it. By default, non-negotiated TCP options would be replaced by NOPs in the proxied packets. This option is not applicable for Citrix ADC generated packets.

Default value: DISABLED

Possible values = ENABLED, DISABLED
delinkclientserveronrst <String> Read-write If enabled, Delink client and server connection, when there is outstanding data to be sent to the other side.

Default value: DISABLED

Possible values = ENABLED, DISABLED
rfc5961chlgacklimit <Double> Read-write Limits number of Challenge ACK sent per second, as recommended in RFC 5961(Improving TCP's Robustness to Blind In-Window Attacks).

Default value: 0

Minimum value = 0

Maximum value = 2147483647
builtin <String[]> Read-only Flag to determine if the tcp param is built-in or not.

Possible values = MODIFIABLE, DELETABLE, IMMUTABLE, PARTITION_ALL
feature <String> Read-only The feature to be checked while applying this config.

Operations

(click to see Properties )

  • UPDATE
  • UNSET
  • GET (ALL)

Some options that you can use for each operations:

  • Getting warnings in response: NITRO allows you to get warnings in an operation by specifying the 'warning' query parameter as 'yes'. For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http:// <netscaler-ip-address> /nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code '209 X-NITRO-WARNING'.

  • Authenticated access for individual NITRO operations: NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER: <username>

    X-NITRO-PASS: <password>

    Note: In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

*Note: * Mandatory parameters are marked in red and placeholder content is marked in green

update

URL: http:// <netscaler-ip-address> /nitro/v1/config/nstcpparam HTTP Method: PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:

{"nstcpparam":{
"ws":<String_value>,
"wsval":<Double_value>,
"sack":<String_value>,
"learnvsvrmss":<String_value>,
"maxburst":<Double_value>,
"initialcwnd":<Double_value>,
"recvbuffsize":<Double_value>,
"delayedack":<Double_value>,
"downstaterst":<String_value>,
"nagle":<String_value>,
"limitedpersist":<String_value>,
"oooqsize":<Double_value>,
"ackonpush":<String_value>,
"maxpktpermss":<Double_value>,
"pktperretx":<Integer_value>,
"minrto":<Integer_value>,
"slowstartincr":<Integer_value>,
"maxdynserverprobes":<Double_value>,
"synholdfastgiveup":<Double_value>,
"maxsynholdperprobe":<Double_value>,
"maxsynhold":<Double_value>,
"msslearninterval":<Double_value>,
"msslearndelay":<Double_value>,
"maxtimewaitconn":<Double_value>,
"kaprobeupdatelastactivity":<String_value>,
"maxsynackretx":<Double_value>,
"synattackdetection":<String_value>,
"connflushifnomem":<String_value>,
"connflushthres":<Double_value>,
"mptcpconcloseonpassivesf":<String_value>,
"mptcpchecksum":<String_value>,
"mptcpsftimeout":<Double_value>,
"mptcpsfreplacetimeout":<Double_value>,
"mptcpmaxsf":<Double_value>,
"mptcpmaxpendingsf":<Double_value>,
"mptcppendingjointhreshold":<Double_value>,
"mptcprtostoswitchsf":<Double_value>,
"mptcpusebackupondss":<String_value>,
"tcpmaxretries":<Double_value>,
"mptcpimmediatesfcloseonfin":<String_value>,
"mptcpclosemptcpsessiononlastsfclose":<String_value>,
"mptcpsendsfresetoption":<String_value>,
"mptcpfastcloseoption":<String_value>,
"mptcpreliableaddaddr":<String_value>,
"tcpfastopencookietimeout":<Double_value>,
"autosyncookietimeout":<Double_value>,
"tcpfintimeout":<Double_value>,
"compacttcpoptionnoop":<String_value>,
"delinkclientserveronrst":<String_value>,
"rfc5961chlgacklimit":<Double_value>
}}

<!--NeedCopy-->

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

unset

URL: http:// <netscaler-ip-address> /nitro/v1/config/nstcpparam? action=unset HTTP Method: POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Content-Type:application/json

Request Payload:

{"nstcpparam":{
"ws":true,
"wsval":true,
"sack":true,
"learnvsvrmss":true,
"maxburst":true,
"initialcwnd":true,
"recvbuffsize":true,
"delayedack":true,
"downstaterst":true,
"nagle":true,
"limitedpersist":true,
"oooqsize":true,
"ackonpush":true,
"maxpktpermss":true,
"pktperretx":true,
"minrto":true,
"slowstartincr":true,
"maxdynserverprobes":true,
"synholdfastgiveup":true,
"maxsynholdperprobe":true,
"maxsynhold":true,
"msslearninterval":true,
"msslearndelay":true,
"maxtimewaitconn":true,
"kaprobeupdatelastactivity":true,
"maxsynackretx":true,
"synattackdetection":true,
"connflushifnomem":true,
"connflushthres":true,
"mptcpconcloseonpassivesf":true,
"mptcpchecksum":true,
"mptcpsftimeout":true,
"mptcpsfreplacetimeout":true,
"mptcpmaxsf":true,
"mptcpmaxpendingsf":true,
"mptcppendingjointhreshold":true,
"mptcprtostoswitchsf":true,
"mptcpusebackupondss":true,
"tcpmaxretries":true,
"mptcpimmediatesfcloseonfin":true,
"mptcpclosemptcpsessiononlastsfclose":true,
"mptcpsendsfresetoption":true,
"mptcpfastcloseoption":true,
"mptcpreliableaddaddr":true,
"tcpfastopencookietimeout":true,
"autosyncookietimeout":true,
"tcpfintimeout":true,
"compacttcpoptionnoop":true,
"delinkclientserveronrst":true,
"rfc5961chlgacklimit":true
}}

<!--NeedCopy-->

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL: http:// <netscaler-ip-address> /nitro/v1/config/nstcpparam HTTP Method: GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN= <tokenvalue>

Accept:application/json

Response: HTTP Status Code on Success: 200 OK

HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

Response Header:

Content-Type:application/json

Response Payload:

{ "nstcpparam": [ {
"ws":<String_value>,
"wsval":<Double_value>,
"sack":<String_value>,
"learnvsvrmss":<String_value>,
"maxburst":<Double_value>,
"initialcwnd":<Double_value>,
"recvbuffsize":<Double_value>,
"delayedack":<Double_value>,
"downstaterst":<String_value>,
"nagle":<String_value>,
"limitedpersist":<String_value>,
"oooqsize":<Double_value>,
"ackonpush":<String_value>,
"maxpktpermss":<Double_value>,
"pktperretx":<Integer_value>,
"minrto":<Integer_value>,
"slowstartincr":<Integer_value>,
"maxdynserverprobes":<Double_value>,
"synholdfastgiveup":<Double_value>,
"maxsynholdperprobe":<Double_value>,
"maxsynhold":<Double_value>,
"msslearninterval":<Double_value>,
"msslearndelay":<Double_value>,
"maxtimewaitconn":<Double_value>,
"kaprobeupdatelastactivity":<String_value>,
"maxsynackretx":<Double_value>,
"synattackdetection":<String_value>,
"connflushifnomem":<String_value>,
"connflushthres":<Double_value>,
"mptcpconcloseonpassivesf":<String_value>,
"mptcpchecksum":<String_value>,
"mptcpsftimeout":<Double_value>,
"mptcpsfreplacetimeout":<Double_value>,
"mptcpmaxsf":<Double_value>,
"mptcpmaxpendingsf":<Double_value>,
"mptcppendingjointhreshold":<Double_value>,
"mptcprtostoswitchsf":<Double_value>,
"mptcpusebackupondss":<String_value>,
"tcpmaxretries":<Double_value>,
"mptcpimmediatesfcloseonfin":<String_value>,
"mptcpclosemptcpsessiononlastsfclose":<String_value>,
"mptcpsendsfresetoption":<String_value>,
"mptcpfastcloseoption":<String_value>,
"mptcpreliableaddaddr":<String_value>,
"tcpfastopencookietimeout":<Double_value>,
"builtin":<String[]_value>,
"feature":<String_value>,
"autosyncookietimeout":<Double_value>,
"tcpfintimeout":<Double_value>,
"compacttcpoptionnoop":<String_value>,
"delinkclientserveronrst":<String_value>,
"rfc5961chlgacklimit":<Double_value>
}]}

<!--NeedCopy-->
nstcpparam