Introduction
There are 2 main methods for configuring the TCP stack on an ADX, globally or via a tcp profile. Within this article we will look at the main configuration settings available, such as how to configure Nagle, SACK and Window Scaling.
TCP Profiles
TCP profiles allow you to modify the TCP parameters on a specific port at a virtual server level.
Both client-side and server-side profiles are defined and assigned. There are 4 main methods of assignment, as shown below.
ADX(config)# server VIP_192.168.1.100 192.168.1.100 ADX(config-vs-192.168.1.100)# port ssl ssl-proxy <clientprofile> <serverprofile> ADX(config)# server VIP_192.168.1.100 192.168.1.100 ADX(config-vs-192.168.1.100)# port ssl ssl-terminate <clientprofile> <serverprofile> ADX(config)# ssl profile myprofile ADX(config-ssl-profile-myprofile)# tcp-profile client-profile ADX(config)# server VIP_192.168.1.100 192.168.1.100 ADX(config-vs-192.168.1.100)# port ssl ssl-terminate sslprofile myprofile ADX(config)# server VIP_192.168.1.100 192.168.1.100 ADX(config-vs-192.168.1.100)# port http tcp-proxy <clientprofile> <serverprofile>
Note :
- As you can see above, there are 2 methods for assigning a tcp profile to a SSL terminated port, within the ssl profile and directly to the virtual server.
- At the point tcp profiles are assigned to http, traffic is proxied when passed through the virtual server. This is worth mentioning due to the fact that by default http traffic is not proxied when passing via a virtual server.
Selective ACK
Selective ACK is TCP feature that allows the receiver to ACK only certain packets within the TCP window. This then allows the sender to only resend the lost segments rather then the whole window.
By default, the ADX removes this option from the TCP header during the 3 way handshake, resulting in SACK being disabled. To enable SACK (i.e prevent the SACK option from being removed) syn-proxy must be enabled.
To enable syn-proxy globally the following syntax is used,
ADX(config)# ip tcp syn-proxy
Note : Please be aware that enabling the SYN-Proxy feature can have an impact on memory consumption.
Window Scaling
Window Scaling is an extension to the TCP Windowing feature. Window Scaling allows the window size to exceed the standard size of 65,535 bytes.
Pre version 12.4f the Window Scale option was not supported. This meant during the 3 way handshake, the WS (Window Scale) option was not propagated to the server. In turn disabling the us of Window Scaling by either side.
To enable the Window Scaling (in 12.4f and higher) a TCP profile can be configured specifying the WS value.
ADX(config)# tcp profile client-profile ADX(config-client-profile)# tcp-wnd-scale 1 ADX(config)# tcp profile server-profile ADX(config-server-profile)# tcp-wnd-scale 1
TX/RX Buffers
Both the TX (send)/RX(receive) buffers can be configured within the TCP profile(s). The maximum buffer size is 3145278, the default is 0.
ADX(config)# tcp profile client-profile ADX(config-client-profile)# rxbuf-size <0 to 3145278> ADX(config-client-profile)# txbuf-size <0 to 3145278>
Nagle
The Nagle algorithm is a method to alleviate network overhead by combining a number of smaller packets into one.
To disable nagle the following syntax is used,
ADX(config)# tcp profile client-profile ADX(config-tcp-profile-client-profile)# nagle off
Delayed ACK
Delayed ACK is a technique to prevent the receiver having to acknowledge every data segment.
To disable delayed ACK the following syntax is used,
ADX(config)# tcp profile client-profile ADX(config-tcp-profile-client-profile)# delayed-ack off
Push-Bit Off
By default all egress data packets are set with the PUSH flag. This can be disabled by the following syntax,
ADX(config)# tcp profile client-profile ADX(config-tcp-profile-client-profile)# push-bit off
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a networking expert?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial