TWSD-1620 LLB is accepting/listening the SNMP packets on the VIP configured in fwd tcp
Review Request #1412 — Created March 3, 2026 and submitted
| Information | |
|---|---|
| philpeng | |
| APV10 | |
| rel_apv_10_7_4, rel_apv_10_7_3, rel_apv_10_7 | |
| Reviewers | |
| kevin.poh, mingji, weikai, williamkuan | |
When the APV receives a massive influx of SNMP packets, leading to CPU spikes, increased memory consumption, and even swap usage
Based on lab testing, the APV's capacity for receiving SNMP packets is approximately 500 pps / 800 Kbps.
(SNMP flooding attacks below this threshold will not exhaust the APV's memory or trigger swap memory usage.)
Therefore, we propose the following two solutions:
- Utilize the APV's built-in QoS feature.
qos interface port1 IN 1Gb
qos queue root SNMP_QUEUE port1 IN 800Kb
qos filter SNMP_FILTER queue SNMP_QUEUE protocol udp des_port 161- Modify the APV source code to implement an SNMP rate-limiting mechanism (capped at 500 pps).
