When Zabbix queries an SNMP value, it appears to open up a new connection with a new UDP source port to the device. The next value polled from the same device then gets a different source port, and so on.
If there is a firewall in between the Zabbix poller and the device, this results in a large amount of session state in the firewall. This is also the case if e.g. Linux netfilter is enabled on the server running Zabbix (a quite common configuration I would imagine). If Zabbix could somehow detect that it had already talked to the device a few milliseconds earlier and reuse the connection (or pick the same source port for the new connection), the load on netfilter or the external firewall would decrease by a large factor. The decrease factor should be at least the number of values polled per device, and possibly more, depending on the session timeout used for the firewall.
This problem obviously only shows itself in rather large installations.
If there is a firewall in between the Zabbix poller and the device, this results in a large amount of session state in the firewall. This is also the case if e.g. Linux netfilter is enabled on the server running Zabbix (a quite common configuration I would imagine). If Zabbix could somehow detect that it had already talked to the device a few milliseconds earlier and reuse the connection (or pick the same source port for the new connection), the load on netfilter or the external firewall would decrease by a large factor. The decrease factor should be at least the number of values polled per device, and possibly more, depending on the session timeout used for the firewall.
This problem obviously only shows itself in rather large installations.