Rate
This scenario shows how to set or remove ICMP DDoS protection features for the ICMP Flood attack.
ICMP Disable Limit On Time Exceeded
Description
Effect of disabling an active ICMP DDoS protection for the ICMP Flood attack.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.2/24 set interfaces ethernet eth1 address 20.0.0.2/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 10.0.0.1/24 set protocols static route 20.0.0.0/24 next-hop 10.0.0.2 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 20.0.0.3/24 set protocols static route 10.0.0.0/24 next-hop 20.0.0.2 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.2/24 set interfaces ethernet eth1 address 20.0.0.2/24 set system ip icmp rate limit 0 set system ip icmp rate messages-burst 0 set system ip icmp rate messages-per-second 0 set system ip icmp rate type time_exceeded set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Run command traceroute 20.0.0.3 wait 0.5 at DUT1 and check if output matches the following regular expressions:
1\s+\*\s+\*\s+\*Show output
traceroute to 20.0.0.3 (20.0.0.3), 30 hops max, 60 byte packets 1 * * * 2 20.0.0.3 1.434 ms 1.417 ms 1.410 ms
Step 6: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.2/24 set interfaces ethernet eth1 address 20.0.0.2/24 set system ip icmp rate limit 0 set system ip icmp rate messages-burst 0 set system ip icmp rate messages-per-second 0 set system ip icmp rate type none set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 7: Run command traceroute 20.0.0.3 at DUT1 and check if output matches the following regular expressions:
(10.0.0.2) (20.0.0.3)Show output
traceroute to 20.0.0.3 (20.0.0.3), 30 hops max, 60 byte packets 1 10.0.0.2 0.231 ms 0.210 ms 0.203 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * 20.0.0.3 0.798 ms 0.749 ms