Forum Discussion

darrenclegg_199's avatar
darrenclegg_199
Icon for Nimbostratus rankNimbostratus
Mar 06, 2018

LTM excessive connections on Virtual Server

My Virtual Server is showing 460 connections but the pool members aare only showing 50 connections. I have checked the source addresses of these connections and they are all different. I have deleted the connections but they build up again to the same amount. I have changed the DNS record of the Virtual Server to another LTM but the connections follow it across. How can I permanently delete these connections?

 

  • Connections can be deleted as follows from the command line

    tmsh delete sys connection cs-server-addr i.i.i.i cs-server-port pn
    . Replace
    i.i.i.i
    with IP address of the virtual server and
    pn
    with port number of virtual server. This will delete all client-side connections to a particular Virtual Server.

    If the connections are re-initiated, you need to do more investigation. It could be a DOS attack that aims to exhaust your connection tables. If so, consider reducing TCP idle timeout value in the profile that is applied to your Virtual Server. Alternatively, just block malicious source IP addresses at your perimeter firewall.

    Sometimes poor monitoring systems can cause connection over-flooding, and sometimes security scans can do the same. But if there are 400+ unique IP addresses that are not doing any meaningful activity, it's most likely an attack.

  • Do you have a OneConnect profile applied to your VS? If so this could be perfectly normal