TL;DR: kernel's default nf_conntrack_tcp_timeout_close_wait of 60s is too low:http://marc.info/?l=netfilter-devel&m=117568928824030&w=2 I caught this with tcpdump on our GKE cluster. Here it is, with additional lines (the ones with 5-second resolution) from conntrack(1) outputs for...