Knowledge Search


×
 

[EX/QFX] How to check and change the default ICMP rate limit

  [KB34867] Show Article Properties


Summary:

This article describes the default ICMP rate limit on the system for Host Inbound traffic. This is essentially the default protection mechanism of the device to help prevent denial of service (DoS) attacks.

Solution:

By default, the ICMP rate is set to 1000. Check the value with the following Shell command:

root@:RE:0% sysctl -a | grep "icmp.tokenrate"
net.inet.icmp.tokenrate: 1000

The default value can be changed with the following system command:

[master:0][edit]
root# set system internet-options icmpv?                   
Possible completions:
> icmpv4-rate-limit    Rate-limiting parameters for ICMPv4 messages
> icmpv6-rate-limit    Rate-limiting parameters for ICMPv6 messages

{master:0}[edit]
root# show  
system {
    internet-options {
        icmpv4-rate-limit packet-rate 2000;
    }

root@:RE:0% sysctl -a | grep "icmp.tokenrate"
net.inet.icmp.tokenrate: 2000

For the detailed information, refer to the technical documentation on icmpv4-rate-limit.

---
packet-rate pps—Rate-limiting packets earned per second.
Range: 0 through 4294967295 pps
Default: 1000
---
Related Links: