<\/span><\/h2>\nTCP profiles allow you to modify the TCP parameters on a specific port at a virtual server level.
\nBoth client-side and server-side profiles are defined and assigned. There are 4 main methods of assignment, as shown below.<\/p>\n
ADX(config)# server VIP_192.168.1.100 192.168.1.100\r\nADX(config-vs-192.168.1.100)# port ssl ssl-proxy <clientprofile> <serverprofile>\r\n\r\nADX(config)# server VIP_192.168.1.100 192.168.1.100\r\nADX(config-vs-192.168.1.100)# port ssl ssl-terminate <clientprofile> <serverprofile>\r\n\r\nADX(config)# ssl profile myprofile\r\nADX(config-ssl-profile-myprofile)# tcp-profile client-profile\r\nADX(config)# server VIP_192.168.1.100 192.168.1.100\r\nADX(config-vs-192.168.1.100)# port ssl ssl-terminate sslprofile myprofile\r\n\r\nADX(config)# server VIP_192.168.1.100 192.168.1.100\r\nADX(config-vs-192.168.1.100)# port http tcp-proxy <clientprofile> <serverprofile><\/pre>\nNote :<\/strong><\/em><\/p>\n\n- As you can see above, there are 2 methods for assigning a tcp profile to a SSL terminated port, within the ssl profile and directly to the virtual server.<\/li>\n
- At the point tcp profiles are assigned to http, traffic is proxied when passed through the virtual server. This is worth mentioning due to the fact that by default http traffic is not proxied when passing via a virtual server.<\/li>\n<\/ul>\n
<\/span>Selective ACK<\/strong><\/span><\/h2>\nSelective ACK is TCP feature that allows the receiver to ACK only certain packets within the TCP window. This then allows the sender to only resend the lost segments rather then the whole window.<\/p>\n
By default, the ADX removes this option from the TCP header during the 3 way handshake, resulting in SACK being disabled. To enable SACK (i.e prevent the SACK option from being removed) syn-proxy must be enabled.<\/p>\n
To enable syn-proxy globally the following syntax is used,<\/p>\n
\tADX(config)# ip tcp syn-proxy<\/pre>\nNote<\/strong> : Please be aware that enabling the SYN-Proxy feature can have an impact on memory consumption.\u00a0<\/em><\/p>\n<\/span>Window Scaling<\/strong><\/span><\/h2>\nWindow Scaling is an extension to the TCP Windowing feature. Window Scaling allows the window size to exceed the standard size of\u00a065,535 bytes<\/span>.<\/p>\nPre version 12.4f the Window Scale option was not supported. This meant during the 3 way handshake, the WS (Window Scale) option was not propagated to the server. In turn disabling the us of Window Scaling by either side.<\/p>\n
To enable the Window Scaling (in 12.4f and higher) a TCP profile can be configured specifying the WS value.<\/p>\n
ADX(config)# tcp profile client-profile\r\nADX(config-client-profile)# tcp-wnd-scale 1\r\n\r\nADX(config)# tcp profile server-profile\r\nADX(config-server-profile)# tcp-wnd-scale 1<\/pre>\n<\/span>TX\/RX Buffers<\/strong><\/span><\/h2>\nBoth the TX (send)\/RX(receive) buffers can be configured within the TCP profile(s). The maximum buffer size is 3145278, the default is 0.<\/p>\n
ADX(config)# tcp profile client-profile\r\nADX(config-client-profile)# rxbuf-size <0 to 3145278>\r\nADX(config-client-profile)# txbuf-size <0 to 3145278><\/pre>\n<\/span>Nagle<\/strong><\/span><\/h2>\nThe Nagle algorithm is a method to alleviate network overhead by combining a number of smaller packets into one.
\nTo disable nagle the following syntax is used,<\/p>\n
ADX(config)# tcp profile client-profile\r\nADX(config-tcp-profile-client-profile)# nagle off<\/pre>\n<\/span>Delayed ACK<\/strong><\/span><\/h2>\nDelayed ACK is a technique to prevent the receiver having to acknowledge every data segment.
\nTo disable delayed ACK the following syntax is used,<\/p>\n
ADX(config)# tcp profile client-profile\r\nADX(config-tcp-profile-client-profile)# delayed-ack off<\/pre>\n