Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex Virtual Private Cloud
  • Getting started
    • Resource relationships
    • Yandex Cloud network overview
    • Cloud networks and subnets
    • Cloud resource addresses
    • Routing
    • Security groups
    • Gateways
    • Service connections
    • Monitoring network connections
    • Public IP address ranges
    • MTU and MSS
    • DHCP settings
    • Software-accelerated network
    • Quotas and limits
  • DDoS Protection
  • Access management
  • Pricing policy
  • Terraform reference
  • Audit Trails events
  • Release notes
  • FAQ
  1. Concepts
  2. Monitoring network connections

Monitoring network connections

Written by
Yandex Cloud
Updated at August 13, 2024

To ensure the performance of the network load balancer and security groups, VPC monitors network connections.

A network connection refers to the traffic flow in any direction. Five parameters uniquely define a connection: source IP address, source port, target IP address, target port, and network protocol. The target and source order is disregarded.

When using security groups, a connection is created if the first packet is received in the direction that has a rule allowing traffic.

The network connection lifecycle ends in the following cases:

  • Three minutes after sending the last packet in any direction.
  • For a TCP connection, shortly after receiving the RST packet or a packet with the FIN flag.

Therefore, we recommend setting the keepalive parameter to less than three minutes for the VM operating system and your applications.

For example, set the sysctl system parameters for a Linux-based operating system as follows:

  • net.ipv4.tcp_keepalive_time = 120
  • net.ipv4.tcp_keepalive_intvl = 60
  • net.ipv4.tcp_keepalive_probes = 4

The connection number limit is 350,000 when using security groups. Please note that the limit applies only if a user-created security group is assigned to the VM. Upon reaching this limit, new connections are discarded. The limit applies to a specific network interface of the virtual machine.

You can learn more about viewing connection charts here.

Was the article helpful?

Previous
Service connections
Next
Public IP address ranges
© 2025 Direct Cursus Technology L.L.C.