DOC-1684 update config client connections

modules/manage/pages/cluster-maintenance/configure-availability.adoc

@@ -7,7 +7,7 @@ Optimize the availability of your clusters by configuring and tuning properties.
 
 == Limit client connections
 
-A malicious Kafka client application may create many network connections to execute its attacks. A poorly configured application may also create an excessive number of connections. To mitigate the risk of a client creating too many connections and using too many system resources, you can configure a Redpanda cluster to impose limits on the number of created client connections.
+To mitigate the risk of a client creating too many connections and using too many system resources, you can configure a Redpanda cluster to impose limits on the number of client connections that can be created.
 
 The following Redpanda cluster properties limit the number of connections:
 
@@ -31,10 +31,12 @@ endif::[]
 ifdef::env-cloud[]
 === Configure connection count limit by client IP
 
-Use the `kafka_connections_max_per_ip` property to limit the number of connections from each client IP address. 
+Configure the `kafka_connections_max_per_ip` property to limit the number of connections from each client IP address. 
 
 IMPORTANT: Per-IP connection controls require Redpanda to see individual client IPs. If clients connect through private link endpoints, NAT gateways, or other shared-IP egress, the per-IP limit applies to the shared IP, affecting all clients behind it and preventing isolation of a single offending client. Similarly, multiple clients running on the same host will share the same IP address, and the limit applies collectively to all those clients.
 
+See also: xref:manage:cluster-maintenance/config-cluster.adoc[]
+
 ==== Configure the limit
 
 To configure `kafka_connections_max_per_ip` safely without disrupting legitimate clients, follow these steps:
@@ -51,10 +53,12 @@ redpanda_rpc_active_connections{redpanda_id="CLOUD_CLUSTER_ID", redpanda_server=
 +
 image::shared:monitor_connections.png[Range of active connections over time]
 
-. Set the `kafka_connections_max_per_ip` value based on your analysis. Use the upper bound of normal connections from step 3, or use a lower value if you know how many connections per client IP are being opened.
+. Set the `kafka_connections_max_per_ip` value based on your analysis. Use the upper bound of normal connections observed, or use a lower value if you know how many connections per client IP are being opened. 
 
 . Continue monitoring the connection metrics after applying the limit to ensure that legitimate clients are not affected and that the problematic client is properly controlled.
 
+NOTE: If you find a high load of unexpected connections from multiple IP addresses, `kafka_connections_max_per_ip` alone may be insufficient. If offending IPs outnumber legitimate client IPs, you may need to set `kafka_connections_max_per_ip` so low that it affects legitimate clients. If this is the case, use `kafka_connections_max_overrides` to exempt known legitimate client IPs from the connection limit.
+
 ==== Limitations
 
 * Decreasing the limit does not terminate any currently open Kafka API connections.