Syn-def-dont-send-ack, Show server debug, Syn-def-dont-send-ack show server debug – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

ServerIron ADX Security Guide

3

53-1002440-03

Syn-def

1

The last line contains information relevant to the incomplete connection threshold. The TCP
SYN-DEF RST field displays the number of times the incomplete connection threshold was reached.
The Server Resets field displays the number of times the ServerIron sent a TCP RESET packet to
the destination real server.

SYN-def-dont-send-ack

The SYN-def feature allows the ServerIron to complete the TCP three-way handshake on behalf of a
connecting client. When a connecting client sends a TCP SYN to a server, the ServerIron forwards
the SYN to the real server, then forwards the SYN ACK from the server to the client. Next, the
ServerIron sends an ACK to the real server, completing the three-way handshake on behalf of the
connecting client. This action allows the real server to move the connection from its pending
connection queue to its established (and much larger) connection queue.

Use the server syn-def-dont-send-ack command to prevent the ServerIron from sending the ACK to
the real server to complete the three-way handshake.

Example

ServerIronADX(config)#server syn-def-dont-send-ack

show server debug

Use the show server debug command to display information about the configuration, as shown in
the following example.

ServerIronADX# show server traffic

Client->Server = 0 Server->Client = 0

Drops = 0 Aged = 0

Fw_drops = 0 Rev_drops = 0

FIN_or_RST = 0 old-conn = 0

Disable_drop = 0 Exceed_drop = 0

Stale_drop = 0 Unsuccessful = 0

TCP SYN-DEF RST = 0 Server Resets = 0

Out of Memory = 0 Out of Memory = 0