From 0b66790e5891be6d37687083bc2b689eafbf702e Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Fri, 1 Nov 2024 10:12:43 +0800
Subject: [PATCH] docs: aws ec2 security group - conntrack_allowance_available

---
 ...WS \346\265\201\351\207\217\346\210\220\346\234\254.md" | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git "a/cloud-provider/aws/AWS \346\265\201\351\207\217\346\210\220\346\234\254.md" "b/cloud-provider/aws/AWS \346\265\201\351\207\217\346\210\220\346\234\254.md"
index a54603c1..99f744ea 100644
--- "a/cloud-provider/aws/AWS \346\265\201\351\207\217\346\210\220\346\234\254.md"	
+++ "b/cloud-provider/aws/AWS \346\265\201\351\207\217\346\210\220\346\234\254.md"	
@@ -54,8 +54,11 @@ ALB 可以用 NLB + 自建 L7 网关替代，而 NAT 网关则可以用
 504 等超时错误的问题，需要调整 nf_conntrack 的内核参数扩容该表容量。
 
 以及 EC2 的 ENA driver 本身存在固定的 conntrack 上限，即使调整内核 nf_conntrack 参数也无法突破这个上
-限，可以通过 AWS 监控指标（如 `conntrack_allowance_available` `conntrack_allowance_exceeded`）来监控 ENA driver 的 conntrack 使用情
-况：[Metrics for the ENA driver - ENA Network Performance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-network-performance-ena.html#network-performance-metrics)
+限，可以通过 AWS 监控指标（如 `conntrack_allowance_available` `conntrack_allowance_exceeded`）来监控
+ENA driver 的 conntrack 使用情况：
+
+- [Metrics for the ENA driver - ENA Network Performance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-network-performance-ena.html#network-performance-metrics)
+- [Connection tracking performance considerations - AWS Security Group](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-throttling)
 
 ## FAQ