tcptr Command
Purpose
Configures or displays TCP Traffic Regulation (TR) policy information to control the maximum incoming socket connections for ports.
Syntax
tcptr -add < start port > < end port > < max connection > [ divisor ]
tcptr -delete < start port > < end port >
tcptr -show
Description
The tcptr command assigns a maximum limit of incoming TCP connections to a given network port or a range of ports. You can run this command to add new pools of connection resources to be shared collectively by incoming socket requests remotely accessing the AIX® TCP-layer.
The system automatically ensures that resources are shared across multiple remote IP addresses that are attempting to connect through TCP to a specific port. Root users can control system resources related to TCP Traffic Regulation (TR).
Notes:
- By default, the tcptr command is not enabled.
- The tcptr command does not limit the rate of connections from a particular IP address. The total pool of connections from any client for a specific port or port-range is controlled.
- When the limit is reached, the connection to the server is lost. Message is not logged and the connection is lost, because the server is regulating the traffic and the system is following the instructions from the server.
- The TCP TR policies that are added by using the tcptr command
are not activated until the tcptr_enable network attribute
is set to a value of 1 by using the no command. These policies
automatically persist after a system restart, but they are not activated
until the network flag is enabled by using the -p flag as specified
in the following command:
no -p -o tcptr_enable=1
Flags
| Item | Description |
|---|---|
| -add | Adds new TCP TR policies to the system. You should specify the maximum allowable connections for the current policy, the start port, and the end port with the -add flag. The start port and the end port can be the same port when a port range is not specified. Optionally, you can specify a divisor to allow a greater diversity of resource sharing on the pool of available TCP connections. |
| -delete | Deletes existing TCP TR policies that are defined for the system. This flag requires the user specify the maximum allowable connections for the current policy, the start port, and the end port (can be the same as start port if not specifying a port-range). |
| -show | Displays all existing TCP TR policies defined on the system. You might use the -show flag to see the active policies before you use the -delete flag. |
Parameters
| Item | Description |
|---|---|
| max connection | Specifies the maximum incoming TCP connections for the given TR policy. |
| start port | Specifies the beginning port for the current TR policy. |
| end port | Specifies the end port for the current TR policy. If the port is a range, the value specified must be larger than the start port. If the TR policy is for a single port, the value specified must be equal to the value specified for the start port. |
| divisor | Specifies a divisor to compare the number of available incoming TCP connections with the number of consumed incoming TCP connections for an IP, and corresponds to a division of the overall available connections by a power of two. The divisor is the power of two that is used in the division. This parameter is optional, and if it is not specified, the default value is one. In that case, half of the number of available connections are used. |
Algorithm for
tcptr traffic regulationWhen a new connection request is received, the tcptr command uses the following algorithm to allow or deny the new socket connections:
If a new connection request is received and (N-X) = 0, the request is rejected.
If a new connection request is received and (N-X) > 0 and
the request is from a source that already has connections
with this port(range), then:
if X+1 < [(N-X)/2^divisor] then
Allow the new connection
else
Deny the new connection- N
- Maximum allowed connections for a port (range).
- X
- Currently used connections for a particular IP address.
- divisor
- Optional, default value is 1 (one).
Examples
- To add a TCP Traffic Regulation Policy that covers only TCP port
23, and to set a maximum incoming connection pool of256with an available connections divisor of3, enter the following command:# tcptr -add 23 23 256 3 - To add a TCP Traffic Regulation Policy that covers a TCP port
that ranges from
5000to6000, and to set a maximum incoming connection pool of5000with an available connections divisor of2, enter the following command:# tcptr -add 5000 6000 5000 2 - To show TCP Traffic Regulation Policies set for the system, enter
the following command:
# tcptr -show - To delete the TCP Traffic Regulation Policy that covers a TCP
port that ranges from
5000to6000, enter the following command:# tcptr -delete 5000 6000 - To add a TCP Traffic Regulation Policy with the
IP address 10.20.30.1 that makes 256/2^3=32 connections to port 80,
enter the following command:
In this case, the next connection attempt from this IP address to port 80 is rejected and a TCP RST is received.tcptr -add 80 80 256 3