AWS EC2 Network Exporter

• 1. Maximum Network Connections In EC2
• 2. How to Export Network Metrics?
• 3. Metrics

1. Maximum Network Connections In EC2#

In Linux, the sysctl command is used to increase the maximum number of connections, for example:

sysctl -w net.netfilter.nf_conntrack_max=2097152

However, this may not work on AWS EC2.

Every EC2 instance has a default limit on the net.netfilter.nf_conntrack_max parameter. This limit is set by the AWS EC2 service and cannot be modified by the user. We even cannot see this parameter in the EC2 instance.

Usually, we use node_exporter metrics node_nf_conntrack_entries, node_nf_conntrack_entries_limit to monitor the number of connections. On EC2, the node_nf_conntrack_entries_limit is always what we set in the sysctl command, so we cannot know we have exceeded the maximum number of connections.

2. How to Export Network Metrics?#

One way to export network metrics is to use CloudWatch agent, but it is not free.

Another way is to use a custom exporter. I wrote a custom exporter to export the network metrics to Prometheus. You can find the code in bluicezhen/aws-ec2-network-export.

Also you can build a custom Docker image and run a deamonset to export the network metrics to Prometheus.

3. Metrics#

• conntrack_allowance_exceeded: The number of connections that have exceeded the maximum number of connections.
• conntrack_allowance_available: The number of connections that are available.