SOL7559: Overview of the TCP profile
Reset on Timeout
Specifies, when checked (enabled), that the system sends a reset and deletes the TCP connection when the connection exceeds the idle timeout value. The default is checked (enabled).
Idle 타임아웃 값을 초과할 때 상대방에 리셋을 보내고 TCP 연결을 삭제한다
Time Wait Recycle
Specifies, when checked (enabled), that connections in a TIME-WAIT state are reused when the system receives a SYN packet, indicating a request for a new connection. When this setting is not enabled, connections in a TIME-WAIT state remain unused for a specified length of time (typically twice the maximum segment lifetime), to ensure that the original transmission is complete. Using this setting enabled, the system can recycle a wait-state connection immediately upon receipt of a new connection request instead of having to wait until the connection times out of the wait state. The default is checked (enabled).
TIME-WAIT 상태를 빠르게 recycling 하도록 도와준다.
TCP연결이 종료되기 위해서는 FIN패 킷 교환이 이루어진다. 이때 정당한 종료가 이루어지기 위해서는 총 4번의 패킷교환이 필요하게 된다. 정당한 종료라는 것은 연결된 호스트 양쪽이 모두 연결이 종료되었음을 알게 되는 상태다. 만약 FIN 패킷을 보냈는데, 상대 호스트에서 ACK 패킷을 보내지 않고 종료해버리는 경우 FIN을 보낸측은 정확한 종료를 위해서 일정시간 ACK를 기다리게 된다. 리눅스의 경우 대략 90초 정도를 기다린다.
TIME_WAIT상태일 경우 해당 포트를 계속 점유하는데, 연결이 빈번한 네트워크 서비스일 경우 연결거부와 관련된 문제가 발생할 수 있다.
리눅스 Kernel에서는 tcp_tw_recycle, tcp_tw_reuse 옵션이 있다.
Delayed Acks
Specifies, when checked (enabled), that the system can send fewer than one ACK (acknowledgment) segment per data segment received. The default is checked (enabled).
RFC 1122에 지정된 대로 TCP는 지연된 응답을 사용하여 미디어의 송신 패킷 수를 줄입니다.
0.2초가 경과하거나 n개의 패킷이 모두 수신 되었을 때
ACK동작을 제어하는 관련 옵션 - TCPNoDelay TcpAckFrequency
Proxy Maximum Segment
Specifies, when checked (enabled), that the system advertises the same maximum segment size (MSS) to the server as that of the client. The default is unchecked (disabled).
최대 세그먼트 크기를 클라이언트에 광고한다.
Proxy Options
Specifies, when checked (enabled), that the system advertises an option (such as time stamps) to the server only when the option is negotiated with the client. The default is unchecked (disabled).
Proxy Buffer Low
Specifies the proxy buffer level, in bytes, at which the receive window is opened. The default is 4096.
Proxy Buffer High
Specifies the proxy buffer level, in bytes, at which the receive window is closed. The default is 16384.
Idle Timeout
Specifies the length of time that a connection is idle (has no traffic) before the connection is eligible for deletion. The default is 300 seconds. 커넥션에 대해 특정기간동안 트래픽이 없을 경우 삭제
· Specify: Specifies a number of seconds that the TCP connection can remain idle before the system deletes it.
· Indefinite: : Specifies that the system does not delete TCP connections regardless of how long they remain idle.
Time Wait
Specifies the length of time that a TCP connection remains in the TIME-WAIT state before entering the CLOSED state. The default is 2000 milliseconds.
· Specify: Specifies the number of milliseconds that a TCP connection can remain in the TIME-WAIT state before the system closes it.
· Immediate: : Specifies that the system closes the connection immediately after the connection enters the TIME-WAIT state.
· Indefinite: : Specifies that the system does not close TCP connections regardless of how long they remain in the TIME-WAIT state.
Fin Wait
Specifies the length of time that a TCP connection is in the FIN-WAIT or CLOSING state before closing. The default is 5 seconds.
· Specify: Specifies the number of seconds of that a TCP connection is in a FIN-WAIT or CLOSING state before closing.
· Immediate: : Specifies that the TCP connection closes immediately after entering the FIN-WAIT or CLOSING state.
· Indefinite: : Specifies that TCP connections in the FIN-WAIT or CLOSING state do not quit.
Close Wait
Specifies the length of time that a TCP connection remains in the LAST-ACK state before quitting. The default is 5 seconds.
· Specify: Specifies the number of seconds of that a TCP connection is in the LAST-ACK state before closing.
· Immediate: : Specifies that the TCP connection closes immediately immediately after entering the LAST-ACK state.
· Indefinite: : Specifies that TCP connections in the LAST-ACK state do not close until they meet the maximum retransmissions timeout.
Send Buffer
Specifies the SEND window size. The default is 32768 bytes.
Receive Window
Specifies the RECEIVE window size. The default is 32768 bytes.
Keep Alive Interval
Specifies, when enabled, how frequently the system sends data over an idle TCP connection, to determine whether the connection is still valid. The default is 1800 seconds.
· Specify: Specifies the interval at which the system sends data over an idle connection, to determine whether the connection is still valid.
· Indefinite: : Specifies that the system does not send keep-alive communications.
Maximum Syn Retransmissions
Specifies the maximum number of times that the system resends a SYN when it does not receive a corresponding SYN-ACK. The default is 3.
Maximum Segment Retransmissions
Specifies the maximum number of times that the system resends data segments. The default is 8.
IP ToS
Specifies the L3 Type of Service (ToS) level that the system inserts in TCP packets destined for clients. The default is 0.
· Specify: Specifies the IP ToS setting that the system inserts in the IP packet header. You can specify a number between 0 and 255.
· Pass Through: Specifies that the IP ToS setting remains unchanged.
· Mimic: Specifies that the system sets the ToS level of outgoing packets to the same ToS level of the most-recently received incoming packet. For example if the most-recently received packet had a ToS level of 3, the system sets the ToS level of the next outgoing packet to 3.
Link QoS
Specifies the L2 Quality of Service (QoS) level that the system inserts in TCP packets destined for clients. The default is 0.
Selective ACKs
Specifies, when checked (enabled), that the system processes data using selective ACKs (SACKs) whenever possible, to improve system performance. Enabling this setting improves packet flow in a lossy network because the system can acknowledge successfully received packets out of order. This is a negotiated option and is automatically disabled if not supported by a peer. The default is checked (enabled). Note that F5 recommends that you use the default setting.
TCP 헤더의 옵션필드를 사용하여 수신측에 잘도착한 패킷시퀀스에대해 알려주기 때문에 송신 측은 SACK을 통해 알려진 손실 패킷들에 대해 재전송
Extended Congestion Notification
Specifies, when checked (enabled), that the system uses the TCP flags CWR (congestion window reduction) and ECE (ECN-Echo) to notify its peer of congestion and congestion counter-measures. The default is unchecked (disabled). Note that F5 recommends that you use the default setting. When enabled, this setting can interfere with overall congestion calculations. The setting also allows for potential security issues, whereby an intermediate device can stimulate poor performance by spoofing CWR packets.
Extensions for High Performance (RFC 1323)
Specifies, when checked (enabled), that the system uses the timestamp and window scaling extensions for TCP (as specified in RFC 1323) to enhance high-speed network performance. The default is checked (enabled). These options are used to help calculate the round trip time, as well as the available resources on a peer. They are fundamentally linked with congestion control. Also, these options are normally negotiated, and you should not need to disable them unless a network device or peer does not implement them correctly.
Limited Transmit Recovery
Specifies, when checked (enabled), that the system uses limited transmit recovery revisions for fast retransmits (as specified in RFC 3042) to reduce the recovery time for connections on a lossy network. The default is checked (enabled). Enabling this setting allows TCP to temporarily stretch the congestion window when first receiving a duplicate ACK packet. This in turn allows for faster retransmissions and a quicker recovery from the small congestion window. With this setting enabled, the aggressive transmit behavior is limited to the recovery period.
Slow Start
Specifies, when checked (enabled), that the system uses Slow-Start Congestion Avoidance as described in RFC3390 in order to ramp up traffic without causing excessive congestion on the link. Slow start as specified in RFC3390 is more aggressive than traditional slow start, but has been found to provide better real-world response on Ethernet links, while not overwhelming networks and causing congestion. When disabled, the system sends traffic as if the link is initially uncongested, and attempts to opportunistically transmit as much as possible until congestion is experienced. The default is checked (enabled). If you disable this setting, the system initializes the congestion window to the maximum window scale and attempts to transmit as much data as possible until congestion occurs. Consequently, in networks with unlimited bandwidth (such as directly-connected local peers), more data can initially be transmitted.
Deferred Accept
Specifies, when checked (enabled), that the system defers allocation of the connection chain context until the system has received the payload from the client. Enabling this setting is useful in dealing with 3-way handshake denial-of-service attacks. The default is unchecked (disabled).
Bandwidth Delay
Specifies, when checked (enabled), that the system attempts to calculate the optimal bandwidth to use to the client, based on throughput and round-trip time, without exceeding the available bandwidth. The default is checked (enabled).
Nagle's Algorithm
Specifies, when checked (enabled), that the system applies Nagle's algorithm to reduce the number of short segments on the network. The default is checked (enabled). When the system receives packets that are less than the maximum segment size (MSS), the packets are coalesced until the peer has sent the ACK packet for the previous segment. This helps to reduce congestion by creating fewer packets on the network. Note that enabling this setting for interactive protocols such as telnet might cause degradation on high-latency networks.
Acknowledge on Push
Specifies, when checked (enabled), significantly improved performance to Microsoft Windows and MacOS peers who are writing out on a very small send buffer. The default is unchecked (disabled).
MD5 Signature
Specifies, when checked (enabled), to use RFC2385 TCP-MD5 signatures to protect TCP traffic against intermediate tampering. The default is unchecked (disabled).
MD5 Signature Passphrase
Type the plain-text passphrase from 1 to 80 characters in length, that is used in a shared-secret scheme to implement the spoof-prevention parts of RFC2385. The default is blank.
Congestion Control
Specifies the algorithm to use to share network resources among competing users to reduce congestion. The default is New Reno.
· None: Specifies that the system does not use a network-congestion-control mechanism, even when congestion occurs.
· High Speed: Specifies that the system uses a more agressive, loss-based algorithm.
· New Reno: Specifies that the system uses a modification to the Reno algorithm that responds to partial acknowledgements when SACKs are unavailable
· Reno: Specifies that the system uses an implementation of the TCP Fast Recovery algorithm, which is based on the implementation in the BSD Reno release.
· Scalable: Specifies that the system uses a TCP algorithm modification that adds a scalable, delay-based and loss-based component into the Reno algorithm.
Congestion Metrics Cache
Specifies, when checked (enabled), that the system uses a cache for storing congestion metrics. Subsequently, because these metrics are already known and cached, the initial slow-start ramp for previously-encountered peers improves. The default is checked (enabled).
Appropriate Byte Counting (RFC 3465)
When checked (enabled), increases the congestion window by basing the increase amount on the number of previously unacknowledged bytes that each ACK covers. The default is checked (enabled). Note that F5 recommends that you use the default setting. When this setting is disabled, in situations with lost ACK packets, the congestion window remains small for a longer period of time.
D-SACK (RFC 2883)
Specifies, when checked (enabled), the use of the selective ACK (SACK) option to acknowledge duplicate segments. If a peer does not send duplicate segments, the system disables SACK processing altogether. Note that when enabled, this setting requires more processing, to always populate the SACK with all duplicate segments. The default is unchecked (disabled).
Packet Lost Ignore Rate
Specifies the threshold of packets lost per million at which the system performs congestion control. Valid values range from 0 to 1,000,000. The default is 0, meaning the system performs congestion control if any packet loss occurs. If you set the ignore rate to 10 and packet loss for a TCP connection is greater than 10 per million, congestion control occurs.
Packet Lost Ignore Burst
Specifies the probability of performing congestion control when multiple packets are lost, even if the Packet Lost Ignore Rate was not exceeded. Valid values range from 0 to 4,294,967,295. The default is 0, meaning that the system performs congestion control if any packets are lost. Higher values decrease the chance of performing congestion control.
댓글 없음:
댓글 쓰기