Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX/QFX] How to check and change the default ICMP rate limit

0

0

Article ID: KB34867 KB Last Updated: 09 Aug 2019Version: 1.0
Summary:

This article describes the default ICMP rate limit on the system for Host Inbound traffic. This is essentially the default protection mechanism of the device to help prevent denial of service (DoS) attacks.

Solution:

By default, the ICMP rate is set to 1000. Check the value with the following Shell command:

root@:RE:0% sysctl -a | grep "icmp.tokenrate"
net.inet.icmp.tokenrate: 1000

The default value can be changed with the following system command:

[master:0][edit]
root# set system internet-options icmpv?                   
Possible completions:
> icmpv4-rate-limit    Rate-limiting parameters for ICMPv4 messages
> icmpv6-rate-limit    Rate-limiting parameters for ICMPv6 messages

{master:0}[edit]
root# show  
system {
    internet-options {
        icmpv4-rate-limit packet-rate 2000;
    }

root@:RE:0% sysctl -a | grep "icmp.tokenrate"
net.inet.icmp.tokenrate: 2000

For the detailed information, refer to the technical documentation on icmpv4-rate-limit.

---
packet-rate pps—Rate-limiting packets earned per second.
Range: 0 through 4294967295 pps
Default: 1000
---
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search