The node exporter includes metrics about the Linux connection tracking tables.

As metrics go, the conntrack ones don't seem very exciting. Many machines won't even have the nf_conntrack module loaded into the kernel. There's just two metrics:

# HELP node_nf_conntrack_entries Number of currently allocated flow entries for connection tracking.
# TYPE node_nf_conntrack_entries gauge
node_nf_conntrack_entries 205
# HELP node_nf_conntrack_entries_limit Maximum size of connection tracking table.
# TYPE node_nf_conntrack_entries_limit gauge
node_nf_conntrack_entries_limit 262144

One is how big the conntrack table can be, and the other is the number of current entries. These numbers are from my home router, max_over_time(node_nf_conntrack_entries[365d]) is only coming to 2.5k so there's little to worry about.

So what is conntrack and why might it matter? If you're doing source-NAT or any form of firewalling that depends on thinking in terms of connections rather than merely packets then you need a way to link packets to connections - which is what the conntrack tables do. You can view the current table by running conntrack -L.

If you've more active connections to track than you have memory to track them, then that's bad. This sort of failure is what is often suspected when your home internet connection gets a bit dodgy after the router has been running for a few weeks/months. With these metrics though you can watch for this problem on your Linux routers.


Have questions on network monitoring? Contact us.