Check below tcp counter in nsconmsg, increment in the counter indicates that tcp small_window_protection is silent dropping the packets.

nsconmsg -K newnslog - d current -g tcp_err_SW_ | more

nsconmsg -K newnslog.119 -d current -g tcp_err_SW_init_pktdrop | more


Index   rtime totalcount-val      delta rate/sec symbol-name&device-no&time
    135       0        1258237          1        0 tcp_err_SW_init_pktdrop  Wed May 18 01:53:07 2016
    136    7000            136          1        0 tcp_cur_SW_pcbs  Wed May 18 01:53:14 2016
    137    7000        1258239          2        0 tcp_err_SW_init_pktdrop  Wed May 18 01:53:21 2016
    138       0            132         -4        0 tcp_cur_SW_pcbs  Wed May 18 01:53:21 2016
 140       0        1258241          2        0 tcp_err_SW_init_pktdrop  Wed May 18 01:53:49 2016
    141    7000            134          4        0 tcp_cur_SW_pcbs  Wed May 18 01:53:56 2016
    142       0        1258247          6        0 tcp_err_SW_init_pktdrop  Wed May 18 01:53:56 2016
    143    7000        1258248          1        0 tcp_err_SW_init_pktdrop  Wed May 18 01:54:03 2016
    144       0            133         -1        0 tcp_cur_SW_pcbs  Wed May 18 01:54:03 2016
    145   14000            134          1        0 tcp_cur_SW_pcbs  Wed May 18 01:54:17 2016
    146    7000            130         -4        0 tcp_cur_SW_pcbs  Wed May 18 01:54:24 2016

    147    7000            133          3        0 tcp_cur_SW_pcbs  Wed May 18 01:54:31 2016
    148    7000            132         -1        0 tcp_cur_SW_pcbs  Wed May 18 01:54:38 2016
    149    7000            131         -1        0 tcp_cur_SW_pcbs  Wed May 18 01:54:45 2016
    150    7000            129         -2        0 tcp_cur_SW_pcbs  Wed May 18 01:54:52 2016
    151   14000            130          1        0 tcp_cur_SW_pcbs  Wed May 18 01:55:06 2016
    152   14000            129         -1        0 tcp_cur_SW_pcbs  Wed May 18 01:55:20 2016
    153    7000            130          1        0 tcp_cur_SW_pcbs  Wed May 18 01:55:27 2016
    154    7000            129         -1        0 tcp_cur_SW_pcbs  Wed May 18 01:55:34 2016
    155    7000            130          1        0 tcp_cur_SW_pcbs  Wed May 18 01:55:41 2016
    156    7000            128         -2        0 tcp_cur_SW_pcbs  Wed May 18 01:55:48 2016
    157    7000            129          1        0 tcp_cur_SW_pcbs  Wed May 18 01:55:55 2016

Configure small_window_protection to 0 in rc.netscaler.
Hence when the netscaler reboots, it will fetch the config from rc.netscaler.

Thus avoiding, manual disablement and outages after reboot.

root@ns# shell
root@ns# cd /nsconfig
root@ns# touch /nsconfig/rc.netscaler
root@ns# chmod a+x rc.netscaler
root@ns# echo "nsapimgr_wr.sh -ys small_window_protection=0" >>/nsconfig/rc.netscaler
root@ns# cat rc.netscaler
nsapimgr_wr.sh -ys small_window_protection=0
root@ns#
 

---

Problem Cause

If Nagle's algorthim is not selected. Netscaler will use tcp small_window_protection feature to scale the packet size.
By default its value is set to '1' (enabled), and it can be configured only in shell mode. Which limits netscaler to save the config or setting in startup config. Resulting in saving the setting in RAM which stay up until the device is rebooted.

Thus rebooting the device, will revert the setting to default value, and resulting in packet drops with window size less than defined MSS value.

Causing disturbance to services with less window size.

Netscaler silently drops packets size lesser the default MSS value. Thus it cause connection drops or reset from client to Netscaler, or backend services appearing down on netscaler.