Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


For a single-rate three-color policer, configure the excess burst size (EBS) as a number of bytes. The EBS allows for moderate periods of bursting traffic that exceeds both the committed information rate (CIR) and the committed burst size (CBS).


When you include the excess-burst-size statement in the configuration, you must also include the committed-burst-size and committed-information-rate statements at the same hierarchy level.

Traffic that exceeds both the CIR and the CBS is considered nonconforming.

Single-rate three-color policing uses a dual token bucket algorithm to measure traffic against a single rate limit. Nonconforming traffic is categorized as yellow or red based on the excess-burst-size statement included in the policer configuration.

During periods of traffic that conforms to the CIR, any unused portion of the guaranteed bandwidth capacity accumulates in the first token bucket, up to the maximum number of bytes defined by the CBS. If any accumulated bandwidth capacity overflows the first bucket, the excess accumulates in a second token bucket, up to the maximum number of bytes defined by the EBS.

A nonconforming traffic flow is categorized yellow if its size conforms to bandwidth capacity accumulated in the first token bucket. Packets in a yellow flow are marked with medium-high packet loss priority (PLP) and then passed through the interface.

A nonconforming traffic flow is categorized red if its size exceeds the bandwidth capacity accumulated in the second token bucket. Packets in a red traffic flow are marked with high PLP and then either passed through the interface or optionally discarded.


bytes—Number of bytes. You can specify a value in bytes either as a complete decimal number or as a decimal number followed by the abbreviation k (1000), m (1,000,000), or g (1,000,000,000).

  • Range: 1500 through 100,000,000,000 bytes

  • Range: 125 through 266338370 (ACX on Junos EVO)

Required Privilege Level

firewall—To view this statement in the configuration.

firewall-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 7.4.

Support at the [edit dynamic-profiles ... single-rate] hierarchy level introduced in Junos Release OS 11.4.