diff --git a/CHANGELOG.md b/CHANGELOG.md
index 34ff7252..39940971 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+# Release 0.23.11
+
+## What's New
+
+* Add GetCircuitId to edge.Conn. Allows correlation with controller/router metrics. Requires support from controller.
+
 # Release 0.23.4
 
 ## What's New
diff --git a/ziti/edge/conn.go b/ziti/edge/conn.go
index 8bfc44ae..b10097ce 100644
--- a/ziti/edge/conn.go
+++ b/ziti/edge/conn.go
@@ -89,6 +89,7 @@ type ServiceConn interface {
 	GetAppData() []byte
 	SourceIdentifier() string
 	TraceRoute(hops uint32, timeout time.Duration) (*TraceRouteResult, error)
+	GetCircuitId() string
 }
 
 type Conn interface {
diff --git a/ziti/edge/messages.go b/ziti/edge/messages.go
index a9fb2199..45aef702 100644
--- a/ziti/edge/messages.go
+++ b/ziti/edge/messages.go
@@ -78,6 +78,7 @@ const (
 	SupportsInspectHeader          = 1023
 	SupportsBindSuccessHeader      = 1024
 	ConnectionMarkerHeader         = 1025
+	CircuitIdHeader                = 1026
 
 	ErrorCodeInternal                    = 1
 	ErrorCodeInvalidApiSession           = 2
diff --git a/ziti/edge/network/conn.go b/ziti/edge/network/conn.go
index 285f66c4..e975bfff 100644
--- a/ziti/edge/network/conn.go
+++ b/ziti/edge/network/conn.go
@@ -63,6 +63,7 @@ type edgeConn struct {
 	acceptCompleteHandler *newConnHandler
 	connType              ConnType
 	marker                string
+	circuitId             string
 
 	crypto   bool
 	keyPair  *kx.KeyPair
@@ -251,6 +252,10 @@ func (conn *edgeConn) HandleMuxClose() error {
 	return nil
 }
 
+func (conn *edgeConn) GetCircuitId() string {
+	return conn.circuitId
+}
+
 func (conn *edgeConn) HandleClose(channel.Channel) {
 	logger := pfxlog.Logger().WithField("connId", conn.Id()).WithField("marker", conn.marker)
 	defer logger.Debug("received HandleClose from underlying channel, marking conn closed")
@@ -306,6 +311,7 @@ func (conn *edgeConn) Connect(session *rest_model.SessionDetail, options *edge.D
 			logger.Warn("connection is not end-to-end-encrypted")
 		}
 	}
+	conn.circuitId, _ = replyMsg.GetStringHeader(edge.CircuitIdHeader)
 	logger.Debug("connected")
 
 	return conn, nil
@@ -583,6 +589,7 @@ func (conn *edgeConn) newChildConnection(message *channel.Message) {
 
 	sourceIdentity, _ := message.GetStringHeader(edge.CallerIdHeader)
 	marker, _ := message.GetStringHeader(edge.ConnectionMarkerHeader)
+	circuitId, _ := message.GetStringHeader(edge.CircuitIdHeader)
 
 	edgeCh := &edgeConn{
 		MsgChannel:     *edge.NewEdgeMsgChannel(conn.Channel, id),
@@ -593,13 +600,15 @@ func (conn *edgeConn) newChildConnection(message *channel.Message) {
 		appData:        message.Headers[edge.AppDataHeader],
 		connType:       ConnTypeDial,
 		marker:         marker,
+		circuitId:      circuitId,
 	}
 
 	newConnLogger := pfxlog.Logger().
 		WithField("marker", marker).
 		WithField("connId", id).
 		WithField("parentConnId", conn.Id()).
-		WithField("token", token)
+		WithField("token", token).
+		WithField("circuitId", token)
 
 	err := conn.msgMux.AddMsgSink(edgeCh) // duplicate errors only happen on the server side, since client controls ids
 	if err != nil {