We have an implementation of Openfire which seems to be having a problem leaving multiple connections open to client computers. I’m not familiar with the OpenFire setup, or the custom client that was written for the end users…so the problem could be at either end, I’m just the systems admin that has discovered the issue and am trying to hunt it down.
On the server side, we are running OpenFire version 3.7.1 on an Amazon Linux imag (64bit) e in EC2. The box is configured with 8GB of RAM, and it appears that it has been configured to use 4GB of memory for JAVA. In looking at the OpenFire interface, it’s using an old version of Java, 1.6.0_24 (64-bit). Our memory usage is around 30-45% according to the Openfire admin page.
I use the following command to see how many connections we have on port 5223,
netstat -antu |grep :5223 |grep -v LISTEN|wc -l
And the result at this moment is 12,212 sessions.
The problem is that we don’t have nearly 12,000 clients connected. So, I ran this command to see how many connections we have from each IP.
netstat -antu |grep :5223 |grep -v LISTEN|awk ‘{print $5}’| cut -d: -f4 |sort|uniq -c
At present time, we have about 30 clients that have between 100 and 1,200 connections. About 20 connections would be about the max number of legit connections I would expect to see from any particular client.
I’m trying to figure out what might be causing multiple client computers to make so many connections to our server. Is there anything that I should be checking in the server config, or is it most likely a badly coded client that we have distributed to these end users which is causing multiple connection attempts?
We have clients connecting on port 443, and when it hits the server, we use an IPTables PreRouting rule to get the traffic over to port 5223.
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 5223
COMMIT
The conversaion.idleTime is set to 10
The conversation.maxTime is set to 60
Under Server Settings
–do not disconnect clients that are idle is chosen and Send an XMPP Ping request to idle clients is chosen
Also noticed that under Sessions, client sessions it only shows about 600 connections…which is probably correct. But using netstat -antu |grep :5223 |grep -v LISTEN|wc -l, is returning 11,726 ESTABLISHED connections.
Thanks in advance.