What is a "zombie" connection in the connection table?

Frequently Asked Questions
Post Reply
Posts: 696
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

What is a "zombie" connection in the connection table?

Post by Peter » 22 Aug 2017, 07:37

This FAQ applies to:
  • Clavister cOS Core all versions.
In my connection table i see from time to time a "Zombie" connection, what is that?


A zombie connection is a connection that cOS Core has tagged for removal. A connection may be closed due to many reasons such as timeout, a FIN or RST has been received from the client or server, a manual connection close in the CLI and more. Once a connection is due for closure (after the TCP FIN wait state, if a TCP connection, has expired) it will be tagged as a "zombie" connection and then closed by cOS Core. The reason cOS Core does this is in case there are tens of thousands or even millions of connections that is due for closure at the same time and to avoid that cOS Core allocates all available CPU resources for this operation, the close operation is added to a close queue which is the zombie state. cOS Core then very quickly works through the zombie close queue in order to remove them from the connection table without affecting the system as a whole.

Example of zombie connections:

Code: Select all

State    Proto   Source                      Destination                 Tmout
-------- ------- --------------------------- --------------------------- ------
ZOMBIE   TCP     ge1:      dmz:
ZOMBIE   UDP     ge1:      wan:
Note that the connection timeout value is blank as a zombie connection does not have a timeout value due to it being in the queue for being removed from the connection state table.

Post Reply