The node exporter includes metrics about the Linux connection tracking tables.
As metrics go, the conntrack ones don't seem very exciting. Many machines won't even have the
nf_conntrack module loaded into the kernel. There's just two metrics:
# HELP node_nf_conntrack_entries Number of currently allocated flow entries for connection tracking. # TYPE node_nf_conntrack_entries gauge node_nf_conntrack_entries 205 # HELP node_nf_conntrack_entries_limit Maximum size of connection tracking table. # TYPE node_nf_conntrack_entries_limit gauge node_nf_conntrack_entries_limit 262144
One is how big the conntrack table can be, and the other is the number of current entries. These numbers are from my home router,
max_over_time(node_nf_conntrack_entries[365d]) is only coming to 2.5k so there's little to worry about.
So what is conntrack and why might it matter? If you're doing source-NAT or any form of firewalling that depends on thinking in terms of connections rather than merely packets then you need a way to link packets to connections - which is what the conntrack tables do. You can view the current table by running
If you've more active connections to track than you have memory to track them, then that's bad. This sort of failure is what is often suspected when your home internet connection gets a bit dodgy after the router has been running for a few weeks/months. With these metrics though you can watch for this problem on your Linux routers.
Have questions on network monitoring? Contact us.