You probably noticed that rapid pings toward a JunOS device result in a loss of packet as the example shown below. In our case we are issuing the ping from a Cisco router :
Sending 100, 500-byte ICMP Echos to 10.204.100.1, timeout is 2 seconds:
Packet sent with a source address of 10.204.100.1
.!!!!!!!!!.!!!!!!!!!.!!!!!!!!!.!!!!!!!!!.!!!!!!!!!.!!!!!!!!!.!!!!!!!!!
.!!!!!!!!!.!!!!!!!!!.!!!!!!!!!
Success rate is 90 percent (90/100), round-trip min/avg/max = 1/1/4 ms
If you have reviewed the physical layer (cabling, CRC errors, etc.) and the MTU size on the interfaces and did not find anything, this probably mean that you are hitting the default rate-limit policy in place at the kernel level in the JunOS software.
The default value can be verified as followed :
% sysctl -a | grep "inet.icmp" net.inet.icmp.maskrepl: 0 net.inet.icmp.bucketsize: 5 net.inet.icmp.tokenrate: 1000 net.inet.icmp.drop_redirect: 0 net.inet.icmp.log_redirect: 0 net.inet.icmp.bmcastecho: 1
This is the default configuration for JunOS, which is some sort of protection against ICMP based DoS attacks.
If you have a good motive to change it, here is the command to proceed :
set system internet-options icmpv4-rate-limit packet-rate <packet_rate_per_second>