General Information

• Cilium version (run cilium version): 1.8.2
• Kernel version (run uname -a) 4.19

How to reproduce the issue

1. Create a network policy to allow Pod A to talk to Pod B.
2. Run a load test which generates a lot of new tcp connections from pod A to pod B.
3. Observe that policy verdict events failed to be generated because a new connection hits an old conntrack entry that was closed but was not removed promptly.