Brocade ADX – How to tune/configure the TCP stack

Introduction

There are 2 main methods for configuring the TCP stack on an ADX, globally or via a tcp profile. Within this article we will look at the main configuration settings available, such as how to configure Nagle, SACK and Window Scaling.

TCP Profiles

TCP profiles allow you to modify the TCP parameters on a specific port at a virtual server level.
Both client-side and server-side profiles are defined and assigned. There are 4 main methods of assignment, as shown below.

ADX(config)# server VIP_192.168.1.100 192.168.1.100
ADX(config-vs-192.168.1.100)# port ssl ssl-proxy <clientprofile> <serverprofile>

ADX(config)# server VIP_192.168.1.100 192.168.1.100
ADX(config-vs-192.168.1.100)# port ssl ssl-terminate <clientprofile> <serverprofile>

ADX(config)# ssl profile myprofile
ADX(config-ssl-profile-myprofile)# tcp-profile client-profile
ADX(config)# server VIP_192.168.1.100 192.168.1.100
ADX(config-vs-192.168.1.100)# port ssl ssl-terminate sslprofile myprofile

ADX(config)# server VIP_192.168.1.100 192.168.1.100
ADX(config-vs-192.168.1.100)# port http tcp-proxy <clientprofile> <serverprofile>

Note :

  • As you can see above, there are 2 methods for assigning a tcp profile to a SSL terminated port, within the ssl profile and directly to the virtual server.
  • At the point tcp profiles are assigned to http, traffic is proxied when passed through the virtual server. This is worth mentioning due to the fact that by default http traffic is not proxied when passing via a virtual server.

Selective ACK

Selective ACK is TCP feature that allows the receiver to ACK only certain packets within the TCP window. This then allows the sender to only resend the lost segments rather then the whole window.

By default, the ADX removes this option from the TCP header during the 3 way handshake, resulting in SACK being disabled. To enable SACK (i.e prevent the SACK option from being removed) syn-proxy must be enabled.

To enable syn-proxy globally the following syntax is used,

	ADX(config)# ip tcp syn-proxy

Note : Please be aware that enabling the SYN-Proxy feature can have an impact on memory consumption. 

Window Scaling

Window Scaling is an extension to the TCP Windowing feature. Window Scaling allows the window size to exceed the standard size of 65,535 bytes.

Pre version 12.4f the Window Scale option was not supported. This meant during the 3 way handshake, the WS (Window Scale) option was not propagated to the server. In turn disabling the us of Window Scaling by either side.

To enable the Window Scaling (in 12.4f and higher) a TCP profile can be configured specifying the WS value.

ADX(config)# tcp profile client-profile
ADX(config-client-profile)# tcp-wnd-scale 1

ADX(config)# tcp profile server-profile
ADX(config-server-profile)# tcp-wnd-scale 1

TX/RX Buffers

Both the TX (send)/RX(receive) buffers can be configured within the TCP profile(s). The maximum buffer size is 3145278, the default is 0.

ADX(config)# tcp profile client-profile
ADX(config-client-profile)# rxbuf-size <0 to 3145278>
ADX(config-client-profile)# txbuf-size <0 to 3145278>

Nagle

The Nagle algorithm is a method to alleviate network overhead by combining a number of smaller packets into one.
To disable nagle the following syntax is used,

ADX(config)# tcp profile client-profile
ADX(config-tcp-profile-client-profile)# nagle off

Delayed ACK

Delayed ACK is a technique to prevent the receiver having to acknowledge every data segment.
To disable delayed ACK the following syntax is used,

ADX(config)# tcp profile client-profile
ADX(config-tcp-profile-client-profile)# delayed-ack off

Push-Bit Off

By default all egress data packets are set with the PUSH flag. This can be disabled by the following syntax,

ADX(config)# tcp profile client-profile
ADX(config-tcp-profile-client-profile)# push-bit off
Rick Donato
Latest posts by Rick Donato (see all)

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial