Try SpotterConfiguration for tcp parameters resource.
| "added in version" 2.0.0 of netscaler.adc"
Authors: Sumanth Lingappa (@sumanth-lingappa)
preview | supported by community
Install with ansible-galaxy collection install netscaler.adc:==2.5.1
collections:
- name: netscaler.adc
version: 2.5.1Configuration for tcp parameters resource.
ws:
choices:
- ENABLED
- DISABLED
description:
- Enable or disable window scaling.
type: str
nsip:
description:
- The ip address of the NetScaler ADC appliance where the nitro API calls will be
made.
- The port can be specified with the colon (:). E.g. 192.168.1.1:555.
required: true
type: str
sack:
choices:
- ENABLED
- DISABLED
description:
- Enable or disable Selective ACKnowledgement (SACK).
type: str
nagle:
choices:
- ENABLED
- DISABLED
description:
- Enable or disable the Nagle algorithm on TCP connections.
type: str
state:
choices:
- present
- unset
default: present
description:
- The state of the resource being configured by the module on the NetScaler ADC node.
- When C(present), the resource will be added/updated configured according to the
module's parameters.
- When C(unset), the resource will be unset on the NetScaler ADC node.
type: str
wsval:
description:
- Factor used to calculate the new window size.
- This argument is needed only when the window scaling is enabled.
type: float
minrto:
description:
- Minimum retransmission timeout, in milliseconds, specified in 10-millisecond increments
(value must yield a whole number if divided by 10).
type: int
api_path:
default: nitro/v1/config
description:
- Base NITRO API path.
- Define only in case of an ADM service proxy call
type: str
maxburst:
description:
- Maximum number of TCP segments allowed in a burst.
type: float
oooqsize:
description:
- Maximum size of out-of-order packets queue. A value of 0 means no limit.
type: float
ackonpush:
choices:
- ENABLED
- DISABLED
description:
- Send immediate positive acknowledgement (ACK) on receipt of TCP packets with PUSH
flag.
type: str
delayedack:
description:
- Timeout for TCP delayed ACK, in milliseconds.
type: float
maxsynhold:
description:
- Limit the number of client connections (SYN) waiting for status of probe system
wide. Any new SYN packets will be dropped.
type: float
mptcpmaxsf:
description:
- Maximum number of subflow connections supported in established state per mptcp connection.
type: float
nitro_pass:
description:
- The password with which to authenticate to the NetScaler ADC node.
required: false
type: str
nitro_user:
description:
- The username with which to authenticate to the NetScaler ADC node.
required: false
type: str
pktperretx:
description:
- Maximum limit on the number of packets that should be retransmitted on receiving
a partial ACK.
type: int
initialcwnd:
description:
- Initial maximum upper limit on the number of TCP packets that can be outstanding
on the TCP link to the server.
type: float
save_config:
default: false
description:
- If C(true) the module will save the configuration on the NetScaler ADC node if it
makes any changes.
- The module will not save the configuration on the NetScaler ADC node if it made
no changes.
type: bool
downstaterst:
choices:
- ENABLED
- DISABLED
description:
- Flag to switch on RST on down services.
type: str
learnvsvrmss:
choices:
- ENABLED
- DISABLED
description:
- Enable or disable maximum segment size (MSS) learning for virtual servers.
type: str
maxpktpermss:
description:
- Maximum number of TCP packets allowed per maximum segment size (MSS).
type: float
recvbuffsize:
description:
- TCP Receive buffer size
type: float
maxsynackretx:
description:
- When 'syncookie' is disabled in the TCP profile that is bound to the virtual server
or service, and the number of TCP SYN+ACK retransmission by Citrix ADC for that
virtual server or service crosses this threshold, the Citrix ADC responds by using
the TCP SYN-Cookie mechanism.
type: float
mptcpchecksum:
choices:
- ENABLED
- DISABLED
description:
- Use MPTCP DSS checksum
type: str
msslearndelay:
description:
- Frequency, in seconds, at which the virtual servers learn the Maximum segment size
(MSS) from the services. The argument to enable maximum segment size (MSS) for virtual
servers must be enabled.
type: float
slowstartincr:
description:
- Multiplier that determines the rate at which slow start increases the size of the
TCP transmission window after each acknowledgement of successful transmission.
type: int
tcpfintimeout:
description:
- The amount of time in seconds, after which a TCP connnection in the TCP TIME-WAIT
state is flushed.
type: float
tcpmaxretries:
description:
- Number of RTO's after which a connection should be freed.
type: float
connflushthres:
description:
- 'Flush an existing connection (as configured through -connFlushIfNoMem FIFO) if
the system has more than specified number of connections, and a new connection is
to be established. Note: This value may be rounded down to be a whole multiple
of the number of packet engines running.'
type: float
limitedpersist:
choices:
- ENABLED
- DISABLED
description:
- Limit the number of persist (zero window) probes.
type: str
mptcpsftimeout:
description:
- The timeout value in seconds for idle mptcp subflows. If this timeout is not set,
idle subflows are cleared after cltTimeout of vserver
type: float
nitro_protocol:
choices:
- http
- https
default: https
description:
- Which protocol to use when accessing the nitro API objects.
type: str
validate_certs:
default: true
description:
- If C(false), SSL certificates will not be validated. This should only be used on
personally controlled sites using self-signed certificates.
required: false
type: bool
maxtimewaitconn:
description:
- Maximum number of connections to hold in the TCP TIME_WAIT state on a packet engine.
New connections entering TIME_WAIT state are proactively cleaned up.
type: float
connflushifnomem:
choices:
- 'NONE '
- HALFCLOSED_AND_IDLE
- FIFO
description:
- Flush an existing connection if no memory can be obtained for new connection.
- ''
- 'HALF_CLOSED_AND_IDLE: Flush a connection that is closed by us but not by peer,
or failing that, a connection that is past configured idle time. New connection
fails if no such connection can be found.'
- ''
- 'C(FIFO): If no half-closed or idle connection can be found, flush the oldest non-management
connection, even if it is active. New connection fails if the oldest few connections
are management connections.'
- ''
- 'Note: If you enable this setting, you should also consider lowering the zombie
timeout and half-close timeout, while setting the Citrix ADC timeout.'
- ''
- 'See Also: connFlushThres argument below.'
type: str
msslearninterval:
description:
- Duration, in seconds, to sample the Maximum Segment Size (MSS) of the services.
The Citrix ADC determines the best MSS to set for the virtual server based on this
sampling. The argument to enable maximum segment size (MSS) for virtual servers
must be enabled.
type: float
nitro_auth_token:
description:
- The authentication token provided by a login operation.
type: str
version_added: 2.6.0
version_added_collection: netscaler.adc
mptcpmaxpendingsf:
description:
- Maximum number of subflow connections supported in pending join state per mptcp
connection.
type: float
synholdfastgiveup:
description:
- Maximum threshold. After crossing this threshold number of outstanding probes for
origin, the Citrix ADC reduces the number of connection retries for probe connections.
type: float
maxdynserverprobes:
description:
- Maximum number of probes that Citrix ADC can send out in 10 milliseconds, to dynamically
learn a service. Citrix ADC probes for the existence of the origin in case of wildcard
virtual server or services.
type: float
maxsynholdperprobe:
description:
- Limit the number of client connections (SYN) waiting for status of single probe.
Any new SYN packets will be dropped.
type: float
synattackdetection:
choices:
- ENABLED
- DISABLED
description:
- Detect TCP SYN packet flood and send an SNMP trap.
type: str
mptcprtostoswitchsf:
description:
- Number of RTO's at subflow level, after which MPCTP should start using other subflow.
type: float
mptcpusebackupondss:
choices:
- ENABLED
- DISABLED
description:
- When enabled, if NS receives a DSS on a backup subflow, NS will start using that
subflow to send data. And if disabled, NS will continue to transmit on current chosen
subflow. In case there is some error on a subflow (like RTO's/RST etc.) then NS
can choose a backup subflow irrespective of this tunable.
type: str
autosyncookietimeout:
description:
- Timeout for the server to function in syncookie mode after the synattack. This is
valid if TCP syncookie is disabled on the profile and server acts in non syncookie
mode by default.
type: float
compacttcpoptionnoop:
choices:
- ENABLED
- DISABLED
description:
- If enabled, non-negotiated TCP options are removed from the received packet while
proxying it. By default, non-negotiated TCP options would be replaced by NOPs in
the proxied packets. This option is not applicable for Citrix ADC generated packets.
type: str
mptcpfastcloseoption:
choices:
- ACK
- RESET
description:
- Allow to select option C(ACK) or C(RESET) to force the closure of an MPTCP connection
abruptly.
type: str
mptcpreliableaddaddr:
choices:
- ENABLED
- DISABLED
description:
- If enabled, Citrix ADC retransmits MPTCP ADD-ADDR option if echo response is not
received within the timeout interval. The retransmission is attempted only once.
type: str
mptcpsfreplacetimeout:
description:
- The minimum idle time value in seconds for idle mptcp subflows after which the sublow
is replaced by new incoming subflow if maximum subflow limit is reached. The priority
for replacement is given to those subflow without any transaction
type: float
mptcpsendsfresetoption:
choices:
- ENABLED
- DISABLED
description:
- Allow MPTCP subflows to send TCP RST Reason (MP_TCPRST) Option while sending TCP
RST.
type: str
delinkclientserveronrst:
choices:
- ENABLED
- DISABLED
description:
- If enabled, Delink client and server connection, when there is outstanding data
to be sent to the other side.
type: str
mptcpconcloseonpassivesf:
choices:
- ENABLED
- DISABLED
description:
- Accept DATA_FIN/FAST_CLOSE on passive subflow
type: str
tcpfastopencookietimeout:
description:
- Timeout in seconds after which a new TFO Key is computed for generating TFO Cookie.
If zero, the same key is used always. If timeout is less than 120seconds, NS defaults
to 120seconds timeout.
type: float
kaprobeupdatelastactivity:
choices:
- ENABLED
- DISABLED
description:
- Update last activity for KA probes
type: str
mptcppendingjointhreshold:
description:
- Maximum system level pending join connections allowed.
type: float
mptcpimmediatesfcloseonfin:
choices:
- ENABLED
- DISABLED
description:
- Allow subflows to close immediately on FIN before the DATA_FIN exchange is completed
at mptcp level.
type: str
mptcpclosemptcpsessiononlastsfclose:
choices:
- ENABLED
- DISABLED
description:
- Allow to send DATA FIN or FAST CLOSE on mptcp connection while sending FIN or RST
on the last subflow.
type: str
changed:
description: Indicates if any change is made by the module
returned: always
sample: true
type: bool
diff:
description: Dictionary of before and after changes
returned: always
sample:
after:
key2: pqr
before:
key1: xyz
prepared: changes done
type: dict
diff_list:
description: List of differences between the actual configured object and the configuration
specified in the module
returned: when changed
sample:
- 'Attribute `key1` differs. Desired: (<class ''str''>) XYZ. Existing: (<class ''str''>)
PQR'
type: list
failed:
description: Indicates if the module failed or not
returned: always
sample: false
type: bool
loglines:
description: list of logged messages by the module
returned: always
sample:
- message 1
- message 2
type: list