TWSD-1620 LLB is accepting/listening the SNMP packets on the VIP configured in fwd tcp
Review Request #1482 — Created April 9, 2026 and submitted
| Information | |
|---|---|
| philpeng | |
| APV10 | |
| rel_apv_10_7_3, rel_apv_10_7_4, rel_apv_10_7 | |
| Reviewers | |
| kevin.poh, mingji, weikai | |
Enhance countermeasures against SNMP flooding attacks
Based on lab testing, the APV's capacity for receiving SNMP packets is approximately 500 pps / 800 Kbps.
(SNMP flooding attacks below this threshold will not exhaust the APV's memory or trigger swap memory usage.)
Therefore, we propose the following solutions:
Implement an SNMP rate-limiting mechanism: Capped at 500 pps.
Intercept unauthorized SNMP pull: Block SNMP requests sent to an SLB VIP that do not match any configured UDP Virtual Service (VS).
Update Statistics: Increment the drop counter clickudpstat.udps_noport.
