Read this, from the netfilter/iptables FAQ:
To optimize performance, please also raise the number of hash buckets by using the hashsize module loadtime parameter of the ip_conntrack.o module. Please note that due to the nature of the current hashing algorithm, an even hash bucket count (and esp. values of the power of two) are a bad choice.
Now examine the kernel output from my RHEL AS 3 box:
ip_tables: (C) 2000-2002 Netfilter core team
ip_conntrack version 2.1 (8192 buckets, 65536 max) – 304 bytes per conntrack
8192 is both even and a power of two. Great hash size.
I don’t know if I should blame Red Hat or the Linux kernel (leaning towards Red Hat since their quality assurance sucks ass again with RHEL AS 3 Update 8), but OS defaults blow. Certainly not to the level that AIX OS defaults suck, but they’re getting there.