netscaler.adc.nstcpparam module – Configuration for tcp parameters resource.

Note

This module is part of the netscaler.adc collection (version 2.6.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netscaler.adc.

To use it in a playbook, specify: netscaler.adc.nstcpparam.

New in netscaler.adc 2.0.0

Synopsis

  • Configuration for tcp parameters resource.

Parameters

Parameter

Comments

ackonpush

any

Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH flag.

Choices:

  • "ENABLED"

  • "DISABLED"

api_path

string

Base NITRO API path.

Define only in case of an ADM service proxy call

Default: "nitro/v1/config"

autosyncookietimeout

any

Timeout for the server to function in syncookie mode after the synattack. This is valid if TCP syncookie is disabled on the profile and server acts in non syncookie mode by default.

compacttcpoptionnoop

any

If enabled, non-negotiated TCP options are removed from the received packet while proxying it. By default, non-negotiated TCP options would be replaced by NOPs in the proxied packets. This option is not applicable for Citrix ADC generated packets.

Choices:

  • "ENABLED"

  • "DISABLED"

connflushifnomem

any

Flush an existing connection if no memory can be obtained for new connection.

HALF_CLOSED_AND_IDLE: Flush a connection that is closed by us but not by peer, or failing that, a connection that is past configured idle time. New connection fails if no such connection can be found.

FIFO: If no half-closed or idle connection can be found, flush the oldest non-management connection, even if it is active. New connection fails if the oldest few connections are management connections.

Note: If you enable this setting, you should also consider lowering the zombie timeout and half-close timeout, while setting the Citrix ADC timeout.

See Also: connFlushThres argument below.

Choices:

  • "NONE "

  • "HALFCLOSED_AND_IDLE"

  • "FIFO"

connflushthres

any

Flush an existing connection (as configured through -connFlushIfNoMem FIFO) if the system has more than specified number of connections, and a new connection is to be established. Note: This value may be rounded down to be a whole multiple of the number of packet engines running.

delayedack

any

Timeout for TCP delayed ACK, in milliseconds.

delinkclientserveronrst

any

If enabled, Delink client and server connection, when there is outstanding data to be sent to the other side.

Choices:

  • "ENABLED"

  • "DISABLED"

downstaterst

any

Flag to switch on RST on down services.

Choices:

  • "ENABLED"

  • "DISABLED"

initialcwnd

any

Initial maximum upper limit on the number of TCP packets that can be outstanding on the TCP link to the server.

kaprobeupdatelastactivity

string

Update last activity for KA probes

Choices:

  • "ENABLED"

  • "DISABLED"

learnvsvrmss

any

Enable or disable maximum segment size (MSS) learning for virtual servers.

Choices:

  • "ENABLED"

  • "DISABLED"

limitedpersist

any

Limit the number of persist (zero window) probes.

Choices:

  • "ENABLED"

  • "DISABLED"

managed_netscaler_instance_id

string

added in netscaler.adc 2.6.0

The ID of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_ip

string

added in netscaler.adc 2.6.0

The IP of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_name

string

added in netscaler.adc 2.6.0

The name of the managed NetScaler instance to which NetScaler Console

has to configure as a proxy server.

Define only in case of an ADM service proxy call

managed_netscaler_instance_password

string

added in netscaler.adc 2.6.0

The password of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

managed_netscaler_instance_username

string

added in netscaler.adc 2.6.0

The username of the managed NetScaler instance.

Define only in case of an ADM service proxy call

In Settings > Administration > System Configurations > Basic Settings,

if you select Prompt Credentials for Instance Login,

ensure to configure username and password of a managed instance.

maxburst

any

Maximum number of TCP segments allowed in a burst.

maxdynserverprobes

any

Maximum number of probes that Citrix ADC can send out in 10 milliseconds, to dynamically learn a service. Citrix ADC probes for the existence of the origin in case of wildcard virtual server or services.

maxpktpermss

any

Maximum number of TCP packets allowed per maximum segment size (MSS).

maxsynackretx

any

When ‘syncookie’ is disabled in the TCP profile that is bound to the virtual server or service, and the number of TCP SYN+ACK retransmission by Citrix ADC for that virtual server or service crosses this threshold, the Citrix ADC responds by using the TCP SYN-Cookie mechanism.

maxsynhold

any

Limit the number of client connections (SYN) waiting for status of probe system wide. Any new SYN packets will be dropped.

maxsynholdperprobe

any

Limit the number of client connections (SYN) waiting for status of single probe. Any new SYN packets will be dropped.

maxtimewaitconn

any

Maximum number of connections to hold in the TCP TIME_WAIT state on a packet engine. New connections entering TIME_WAIT state are proactively cleaned up.

minrto

any

Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments (value must yield a whole number if divided by 10).

mptcpchecksum

any

Use MPTCP DSS checksum

Choices:

  • "ENABLED"

  • "DISABLED"

mptcpclosemptcpsessiononlastsfclose

any

Allow to send DATA FIN or FAST CLOSE on mptcp connection while sending FIN or RST on the last subflow.

Choices:

  • "ENABLED"

  • "DISABLED"

mptcpconcloseonpassivesf

any

Accept DATA_FIN/FAST_CLOSE on passive subflow

Choices:

  • "ENABLED"

  • "DISABLED"

mptcpfastcloseoption

any

Allow to select option ACK or RESET to force the closure of an MPTCP connection abruptly.

Choices:

  • "ACK"

  • "RESET"

mptcpimmediatesfcloseonfin

any

Allow subflows to close immediately on FIN before the DATA_FIN exchange is completed at mptcp level.

Choices:

  • "ENABLED"

  • "DISABLED"

mptcpmaxpendingsf

any

Maximum number of subflow connections supported in pending join state per mptcp connection.

mptcpmaxsf

any

Maximum number of subflow connections supported in established state per mptcp connection.

mptcppendingjointhreshold

any

Maximum system level pending join connections allowed.

mptcpreliableaddaddr

any

If enabled, Citrix ADC retransmits MPTCP ADD-ADDR option if echo response is not received within the timeout interval. The retransmission is attempted only once.

Choices:

  • "ENABLED"

  • "DISABLED"

mptcprtostoswitchsf

any

Number of RTO’s at subflow level, after which MPCTP should start using other subflow.

mptcpsendsfresetoption

any

Allow MPTCP subflows to send TCP RST Reason (MP_TCPRST) Option while sending TCP RST.

Choices:

  • "ENABLED"

  • "DISABLED"

mptcpsfreplacetimeout

any

The minimum idle time value in seconds for idle mptcp subflows after which the sublow is replaced by new incoming subflow if maximum subflow limit is reached. The priority for replacement is given to those subflow without any transaction

mptcpsftimeout

any

The timeout value in seconds for idle mptcp subflows. If this timeout is not set, idle subflows are cleared after cltTimeout of vserver

mptcpusebackupondss

any

When enabled, if NS receives a DSS on a backup subflow, NS will start using that subflow to send data. And if disabled, NS will continue to transmit on current chosen subflow. In case there is some error on a subflow (like RTO’s/RST etc.) then NS can choose a backup subflow irrespective of this tunable.

Choices:

  • "ENABLED"

  • "DISABLED"

msslearndelay

any

Frequency, in seconds, at which the virtual servers learn the Maximum segment size (MSS) from the services. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.

msslearninterval

any

Duration, in seconds, to sample the Maximum Segment Size (MSS) of the services. The Citrix ADC determines the best MSS to set for the virtual server based on this sampling. The argument to enable maximum segment size (MSS) for virtual servers must be enabled.

nagle

any

Enable or disable the Nagle algorithm on TCP connections.

Choices:

  • "ENABLED"

  • "DISABLED"

netscaler_console_as_proxy_server

boolean

added in netscaler.adc 2.6.0

The IP address of the NetScaler ADC appliance acting as a proxy server.

Define only in case of an ADM service proxy call

Choices:

  • false ← (default)

  • true

nitro_auth_token

string

The authentication token provided by a login operation.

nitro_pass

string

The password with which to authenticate to the NetScaler ADC node.

nitro_protocol

string

Which protocol to use when accessing the nitro API objects.

Choices:

  • "http"

  • "https" ← (default)

nitro_user

string

The username with which to authenticate to the NetScaler ADC node.

nsip

string / required

The ip address of the NetScaler ADC appliance where the nitro API calls will be made.

The port can be specified with the colon (:). E.g. 192.168.1.1:555.

oooqsize

any

Maximum size of out-of-order packets queue. A value of 0 means no limit.

pktperretx

any

Maximum limit on the number of packets that should be retransmitted on receiving a partial ACK.

recvbuffsize

float

TCP Receive buffer size

sack

any

Enable or disable Selective ACKnowledgement (SACK).

Choices:

  • "ENABLED"

  • "DISABLED"

save_config

boolean

If true the module will save the configuration on the NetScaler ADC node if it makes any changes.

The module will not save the configuration on the NetScaler ADC node if it made no changes.

Choices:

  • false ← (default)

  • true

slowstartincr

any

Multiplier that determines the rate at which slow start increases the size of the TCP transmission window after each acknowledgement of successful transmission.

state

string

The state of the resource being configured by the module on the NetScaler ADC node.

When present, the resource will be added/updated configured according to the module’s parameters.

When unset, the resource will be unset on the NetScaler ADC node.

Choices:

  • "present" ← (default)

  • "unset"

synattackdetection

any

Detect TCP SYN packet flood and send an SNMP trap.

Choices:

  • "ENABLED"

  • "DISABLED"

synholdfastgiveup

any

Maximum threshold. After crossing this threshold number of outstanding probes for origin, the Citrix ADC reduces the number of connection retries for probe connections.

tcpfastopencookietimeout

any

Timeout in seconds after which a new TFO Key is computed for generating TFO Cookie. If zero, the same key is used always. If timeout is less than 120seconds, NS defaults to 120seconds timeout.

tcpfintimeout

any

The amount of time in seconds, after which a TCP connnection in the TCP TIME-WAIT state is flushed.

tcpmaxretries

any

Number of RTO’s after which a connection should be freed.

validate_certs

boolean

If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

ws

any

Enable or disable window scaling.

Choices:

  • "ENABLED"

  • "DISABLED"

wsval

any

Factor used to calculate the new window size.

This argument is needed only when the window scaling is enabled.

Notes

Note

Examples

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any change is made by the module

Returned: always

Sample: true

diff

dictionary

Dictionary of before and after changes

Returned: always

Sample: {"after": {"key2": "pqr"}, "before": {"key1": "xyz"}, "prepared": "changes done"}

diff_list

list / elements=string

List of differences between the actual configured object and the configuration specified in the module

Returned: when changed

Sample: ["Attribute `key1` differs. Desired: (<class 'str'>) XYZ. Existing: (<class 'str'>) PQR"]

failed

boolean

Indicates if the module failed or not

Returned: always

Sample: false

loglines

list / elements=string

list of logged messages by the module

Returned: always

Sample: ["message 1", "message 2"]

Authors

  • Sumanth Lingappa (@sumanth-lingappa)