Forum Discussion
darrenclegg_199
Nimbostratus
NimbostratusLTM excessive connections on Virtual Server
My Virtual Server is showing 460 connections but the pool members aare only showing 50 connections. I have checked the source addresses of these connections and they are all different. I have deleted the connections but they build up again to the same amount. I have changed the DNS record of the Virtual Server to another LTM but the connections follow it across. How can I permanently delete these connections?
Lee_SutcliffeNacreous
Do you have a OneConnect profile applied to your VS? If so this could be perfectly normal
Hannes_RappConnections can be deleted as follows from the command line
. Replacetmsh delete sys connection cs-server-addr i.i.i.i cs-server-port pn
with IP address of the virtual server andi.i.i.i
with port number of virtual server. This will delete all client-side connections to a particular Virtual Server.pnIf the connections are re-initiated, you need to do more investigation. It could be a DOS attack that aims to exhaust your connection tables. If so, consider reducing TCP idle timeout value in the profile that is applied to your Virtual Server. Alternatively, just block malicious source IP addresses at your perimeter firewall.
Sometimes poor monitoring systems can cause connection over-flooding, and sometimes security scans can do the same. But if there are 400+ unique IP addresses that are not doing any meaningful activity, it's most likely an attack.