The well known prometheus node exporter exports conntrack metrics off the /proc
pseudo file system. The conntrack module developers consider that surface as
deprecated and provide a CLI tool conntrack that shows some interesting
metrics.
Motivation for this exporter was to survey insert_failed statistics due to a
race condition in the Linux ipfilter conntrack kernel code. This is a subtle
bug that in some circumstances escalates in high workload scenarios in
Kubernetes clusters and causes drop of initial packets of NATted connections
(both UDP, TCP.) The insert_failed statistic correlates with dropped
connections due to this bug.