One of the oldest and most common type of DDoS attack, a connection flood, is also known as a "TCP connection flood" since it attempts to occupy all possible TCP connections on a server. By flooding the server with requests for new connections, it prevents legitimate requests from being established and served.
F5 BIG-IP Local Traffic Manager (LTM) and BIG-IP Advanced Firewall Manager (AFM) neuter connection flood attacks by separating the TCP connection table from the rest of the server's operations. All connection requests are accepted, thereby making the attacker think the attack is successful. These requests are then aggressively and quickly processed by a dedicated server, which reaps the spurious connections and allows the valid connections to reach the protected server resources.
