Juniper Burst-Size-Limit Calculator
Estimate a practical burst-size-limit for Juniper policers using the standard token-bucket relationship between bandwidth, burst duration, and packet size. This interactive tool also visualizes how burst allowance changes across different burst times.
Results
Enter your CIR, burst duration, packet size, and safety factor, then click Calculate.
Expert Guide to Burst-Size-Limit Calculation in Juniper
When network engineers configure traffic policing on Juniper platforms, one of the most important values is the burst-size-limit. This number determines how many bytes can accumulate in the token bucket before traffic is considered over the configured rate. In practical terms, it directly influences whether short traffic spikes pass smoothly or get dropped too aggressively. A policer with a well-chosen burst allowance can absorb natural microbursts and TCP startup behavior; a policer with a poor burst value can create unnecessary loss, uneven application performance, and hard-to-diagnose complaints from users or upstream peers.
The reason burst sizing matters so much is simple: packets do not arrive in a perfectly flat stream. Real traffic arrives in clumps. A routing update, a web transaction, a storage acknowledgment pattern, or a backup process can all generate short-lived bursts that exceed the average rate for a few milliseconds. Juniper policers enforce a rate over time by using a token-bucket algorithm, which means you must configure not only the rate but also the amount of traffic the device is allowed to absorb while tokens are available.
What burst-size-limit means in Juniper policing
In a standard single-rate policer model, tokens are added to the bucket according to the configured rate, often called the committed information rate or CIR. Each byte of forwarded traffic consumes tokens. If enough tokens exist, the packet conforms. If not, the packet is either discarded or remarked depending on the policy design. The burst-size-limit is therefore the maximum bucket depth, expressed in bytes. A larger bucket permits short spikes above the long-term rate. A smaller bucket enforces the rate more sharply.
A reliable baseline formula is:
Burst size limit in bytes = Rate in bits per second × Burst duration in seconds ÷ 8
For example, if you have a policer at 100 Mbps and you want to tolerate a 5 ms burst:
- Convert 100 Mbps to bits per second: 100,000,000 bps
- Convert 5 ms to seconds: 0.005 s
- Multiply: 100,000,000 × 0.005 = 500,000 bits
- Convert bits to bytes: 500,000 ÷ 8 = 62,500 bytes
That yields a raw burst-size-limit of 62,500 bytes. In operations, many engineers round this value upward to a practical boundary such as 64 KB or apply a modest safety multiplier to reduce needless drops from packetization and traffic variability.
Why the rate alone is not enough
It is tempting to configure the bandwidth and assume the router will do the right thing, but the token-bucket depth changes the actual user experience significantly. Consider two customers both policed to 100 Mbps:
- Customer A receives a burst size of only 12 KB. Even a few full-size packets can drain the bucket instantly, leading to frequent drop events.
- Customer B receives 64 KB or 128 KB. Small bursts pass, TCP flows ramp more naturally, and throughput feels more stable.
Both customers are still held to 100 Mbps over time, but the policer behavior over milliseconds is very different. This is why burst tuning is often the difference between a stable service policy and a support-ticket generator.
How to choose the right burst duration
There is no universal burst duration that fits every network. The correct choice depends on traffic patterns, interface speed, packet mix, and the objective of the policer. In many real-world service provider and enterprise environments, engineers start with a burst window somewhere in the low millisecond range, then adjust based on observation. If the policer is too harsh, increase burst allowance. If excess traffic must be clipped tightly, reduce it carefully.
As a practical method, think in terms of policy intent:
- Strict rate enforcement: choose a smaller burst window, often around 1 to 3 ms.
- General internet or enterprise access: choose a moderate burst window, often around 5 to 10 ms.
- Traffic with natural microbursts or large TCP windows: choose a more generous burst allowance, sometimes beyond 10 ms depending on platform behavior and SLA goals.
It is also wise to ensure the bucket can hold multiple packets. A burst-size-limit smaller than a handful of average-sized packets usually behaves poorly. For large-packet traffic, 1500-byte MTU is a useful baseline. For tunneling or jumbo environments, use a larger average packet size when estimating how many packets the bucket can admit.
Reference table: burst-size-limit examples by rate and time
| Rate | 1 ms burst | 5 ms burst | 10 ms burst | 20 ms burst |
|---|---|---|---|---|
| 10 Mbps | 1,250 bytes | 6,250 bytes | 12,500 bytes | 25,000 bytes |
| 100 Mbps | 12,500 bytes | 62,500 bytes | 125,000 bytes | 250,000 bytes |
| 1 Gbps | 125,000 bytes | 625,000 bytes | 1,250,000 bytes | 2,500,000 bytes |
| 10 Gbps | 1,250,000 bytes | 6,250,000 bytes | 12,500,000 bytes | 25,000,000 bytes |
The table shows how quickly burst size grows with line rate. A value that seems large on a 100 Mbps service may be far too small on a 10 Gbps interface. That is one reason copy-paste policer templates often fail when they are moved between access, aggregation, and data center contexts.
Packet-rate context matters too
Bytes are only one side of the story. Packet rate strongly affects policer behavior because a bucket may drain after only a very small number of packets, especially when the bucket is undersized. Below is a useful reference at 1 Gbps for common Ethernet payload sizes. These figures are approximate packet-per-second values based on payload only, and they are helpful for understanding why small packets stress policers differently from large packets.
| Approximate packet size | Packets per second at 1 Gbps | Packets fitting in a 62,500-byte bucket | Packets fitting in a 125,000-byte bucket |
|---|---|---|---|
| 64 bytes | 1,953,125 pps | 976 packets | 1,953 packets |
| 512 bytes | 244,141 pps | 122 packets | 244 packets |
| 1500 bytes | 83,333 pps | 41 packets | 83 packets |
| 9000 bytes | 13,889 pps | 6 packets | 13 packets |
This perspective is valuable because a bucket that looks numerically adequate in bytes may still be too tight for an application that sends a high packet rate with control traffic, tunneling overhead, or mixed MTUs. If you expect small-packet flows, voice signaling, DNS bursts, routing updates, or telemetry streams, testing against packet behavior is important.
A practical step-by-step process for Juniper burst calculation
- Define the target policer rate. Determine the committed rate in Kbps, Mbps, or Gbps.
- Select an initial burst window. Start with 5 ms for many general use cases if no platform-specific standard is mandated.
- Apply the formula. Convert to bytes using rate × time ÷ 8.
- Check packet realism. Ensure the resulting bucket can pass multiple average packets and is not smaller than your practical forwarding expectations.
- Optionally apply a safety factor. A multiplier such as 1.1 to 1.5 can help prevent unnecessary clipping of natural microbursts.
- Round to an operationally clean value. Many teams prefer increments such as 1 KB, 4 KB, or 16 KB for readability and consistency.
- Validate with counters. Watch policer drops, throughput, retransmissions, and user experience after deployment.
Common mistakes engineers make
- Using a burst value that is too small for the MTU. If only a few packets fit, the policer behaves harshly.
- Copying one burst-size-limit across all rates. A fixed burst on 50 Mbps and 10 Gbps does not scale logically.
- Ignoring packet overhead and encapsulation. MPLS, VXLAN, GRE, IPsec, or PPPoE can alter the effective byte profile.
- Assuming higher burst always means better. Too much burst can weaken the control objective of the policer and permit traffic spikes that downstream queues cannot handle.
- Skipping field validation. Counters and application testing are essential because the ideal value depends on real traffic, not only math.
Balancing enforcement and user experience
The art of a good Juniper policer is balancing fairness, SLA compliance, and performance. A very tight policer may look precise on paper but can hurt TCP efficiency, increase retransmissions, and exaggerate latency-sensitive jitter. A generous policer may improve short-term performance but could permit bursts that contribute to downstream queue growth or unfairness during congestion. Your best setting is usually the one that enforces the contracted or intended rate over a meaningful interval while still allowing the normal burstiness of modern traffic.
In service edge deployments, many operators treat burst-size-limit as part of service design rather than a random tuning knob. They define standard burst windows by service class, access speed, and application profile. For example, a business internet profile may use a moderate burst allowance to improve TCP friendliness, while a strict DDoS mitigation policer may use a tighter bucket specifically to clip excess traffic quickly. The key is intentionality.
How this calculator should be used
The calculator above uses the standard engineering relationship between configured rate and burst duration. It also adds a safety multiplier and operational rounding because those are common in production networks. The output gives you:
- Raw burst size in bytes
- Rounded operational burst size
- Estimated number of average packets the bucket can hold
- Approximate time to fill the bucket at interface line rate
That last metric is especially useful. Even a large byte bucket can fill very quickly on a high-speed interface. On a 10 Gbps or 100 Gbps link, milliseconds matter a lot, and oversized or undersized burst values become visible very quickly in traffic behavior.
Operational guidance for Juniper deployments
When implementing on Juniper devices, verify the exact syntax and platform behavior for your OS release and hardware family. Different platforms can have implementation nuances, recommended minimums, or hardware-specific policer granularity. The math stays the same, but the practical values you deploy may need adjustment to fit supported increments or observed forwarding behavior. Always validate in a lab or maintenance window before standardizing a template broadly.
Monitoring should include policer counters, interface queue health, retransmission indicators from application teams, and user feedback from any affected services. If drops occur during short bursts but average usage is below the intended rate, the bucket may be too small. If downstream congestion worsens or traffic shaping assumptions are violated, the bucket may be too large. Refine iteratively.
Bottom line
Burst-size-limit calculation in Juniper is not guesswork. Start with the token-bucket formula, select a burst duration that matches policy intent, verify packet realism, and then validate in production using counters and traffic behavior. A good burst value should be mathematically defensible, operationally consistent, and aligned to the kind of traffic your network actually carries. Engineers who treat burst size as a first-class design parameter usually get cleaner policy behavior and fewer unpleasant surprises.