Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_router:tc [2026-05-13 Wed wk20 21:26] – [TC - Traffic Control] baumkplinux_router:tc [2026-05-18 Mon wk21 02:34] (current) – [Links] baumkp
Line 4: Line 4:
 Queuing controls how data is sent; receiving data is much more reactive with fewer network-oriented controls. However, since TCP/IP packets are sent using a slow start the system starts sending the packets slow and keeps sending them faster and faster until packets start getting rejected - it is therefore possible to control how much traffic is received on a LAN by dropping packets that arrive at a router before they get forwarded. There are more relevant details, but they do not touch directly on queuing logic. Queuing controls how data is sent; receiving data is much more reactive with fewer network-oriented controls. However, since TCP/IP packets are sent using a slow start the system starts sending the packets slow and keeps sending them faster and faster until packets start getting rejected - it is therefore possible to control how much traffic is received on a LAN by dropping packets that arrive at a router before they get forwarded. There are more relevant details, but they do not touch directly on queuing logic.
  
 +++++Direct TC / qdisc, tldr;|
   *''sudo sysctl -a | grep qdisc'' shows current default settings   *''sudo sysctl -a | grep qdisc'' shows current default settings
   *''sudo sysctl -a | grep net.'' shows all the net. parameters, additional deeper filters net.core, net.ipv4, net.ipv6, net.mptcp, and net.netfilter.  There are a few additionals not shown in deeper filters!   *''sudo sysctl -a | grep net.'' shows all the net. parameters, additional deeper filters net.core, net.ipv4, net.ipv6, net.mptcp, and net.netfilter.  There are a few additionals not shown in deeper filters!
Line 14: Line 15:
 qdisc fq_codel 0: parent :2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64  qdisc fq_codel 0: parent :2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64 
 qdisc fq_codel 0: parent :1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64 </code> qdisc fq_codel 0: parent :1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64 </code>
 +++++
  
 =====Traffic Shaping with CAKE SQM===== =====Traffic Shaping with CAKE SQM=====
Line 20: Line 21:
 Bufferbloat is the reason your video calls stutter and your game ping spikes to 300ms whenever someone on your network starts a large download. When a router’s outgoing queue fills up, every packet - including latency-sensitive VoIP and gaming traffic - has to wait behind megabytes of bulk transfer data. A 10ms base latency turns into 200-500ms under load. Bufferbloat is the reason your video calls stutter and your game ping spikes to 300ms whenever someone on your network starts a large download. When a router’s outgoing queue fills up, every packet - including latency-sensitive VoIP and gaming traffic - has to wait behind megabytes of bulk transfer data. A 10ms base latency turns into 200-500ms under load.
  
-Test your connection at the Waveform Bufferbloat Test before doing anything. If you get a grade of C or worse, you have bufferbloat.+Test your connection at the [[https://www.waveform.com/tools/bufferbloat|Waveform Bufferbloat Test]] before doing anything. If you get a grade of C or worse, you have bufferbloat.
  
-CAKE (Common Applications Kept Enhanced) is the modern Linux qdisc that fixes this. It combines Active Queue Management (AQM), Fair Queuing (FQ), and traffic shaping into a single qdisc. CAKE has been in the mainline kernel since 4.19, so no extra kernel modules are required on any modern distro. It replaced the older approach of combining fq_codel with htb shaping - CAKE does everything in one shot with less configuration. +[[https://www.man7.org/linux/man-pages/man8/tc-cake.8.html|CAKE]] (Common Applications Kept Enhanced) is the modern Linux qdisc that fixes this. It combines Active Queue Management (AQM), Fair Queuing (FQ), and traffic shaping into a single qdisc. CAKE has been in the mainline kernel since 4.19, so no extra kernel modules are required on any modern distro. It replaced the older approach of combining fq_codel with htb shaping - CAKE does everything in one shot with less configuration.
-Upload Shaping+
  
 +====Upload Shaping====
 Apply CAKE to your WAN interface with your upload bandwidth set to 90-95% of measured speed: Apply CAKE to your WAN interface with your upload bandwidth set to 90-95% of measured speed:
- +  *''%%tc qdisc replace dev wan0 root cake bandwidth 450mbit besteffort wash nat ack-filter-aggressive%%''
-tc qdisc replace dev wan0 root cake bandwidth 450mbit besteffort wash nat ack-filter-aggressive+
  
 Key options: Key options:
 +  *bandwidth 450mbit - set to 90-95% of your actual upload speed (if your upload is 500 Mbps, use 450)
 +  *nat - enables proper flow identification for traffic behind NAT (required for routers)
 +  *wash - clears DSCP markings from upstream that might not match your local policy
 +  *ack-filter-aggressive - reduces TCP ACK congestion on asymmetric links (important if your download is much faster than upload)
  
-    bandwidth 450mbit - set to 90-95% of your actual upload speed (if your upload is 500 Mbps, use 450) +====Download Shaping with IFB====
-    nat - enables proper flow identification for traffic behind NAT (required for routers) +
-    wash - clears DSCP markings from upstream that might not match your local policy +
-    ack-filter-aggressive - reduces TCP ACK congestion on asymmetric links (important if your download is much faster than upload) +
- +
-Download Shaping with IFB+
  
 CAKE can only shape outgoing (egress) traffic. To shape incoming (ingress) traffic - which is where download bufferbloat lives - you redirect incoming packets through an Intermediate Functional Block (IFB) device and apply CAKE there: CAKE can only shape outgoing (egress) traffic. To shape incoming (ingress) traffic - which is where download bufferbloat lives - you redirect incoming packets through an Intermediate Functional Block (IFB) device and apply CAKE there:
- +++++bash script for ingress traffic| 
-# Create and bring up IFB device+<code bash># Create and bring up IFB device
 ip link add ifb-wan0 type ifb ip link add ifb-wan0 type ifb
 ip link set ifb-wan0 up ip link set ifb-wan0 up
Line 50: Line 49:
  
 # Apply CAKE on the IFB device # Apply CAKE on the IFB device
-tc qdisc replace dev ifb-wan0 root cake bandwidth 900mbit besteffort wash+tc qdisc replace dev ifb-wan0 root cake bandwidth 900mbit besteffort wash </code>
  
 Set the IFB bandwidth to 90-95% of your measured download speed. Set the IFB bandwidth to 90-95% of your measured download speed.
-Persist Across Reboots +++++ 
 +====Persist Across Reboots====
 These tc commands do not survive a reboot on their own. Create a systemd service: These tc commands do not survive a reboot on their own. Create a systemd service:
- +++++sudo vim /etc/systemd/system/sqm.service| 
-# /etc/systemd/system/sqm.service+<code bash># /etc/systemd/system/sqm.service
 [Unit] [Unit]
 Description=SQM (CAKE) Traffic Shaping Description=SQM (CAKE) Traffic Shaping
Line 83: Line 82:
  
 [Install] [Install]
-WantedBy=multi-user.target +WantedBy=multi-user.target</code>
- +
-Enable it: +
- +
-systemctl enable --now sqm.service+
  
-Verify It Works+Enable it: ''%%sudo systemctl enable --now sqm.service%%'' 
 +++++
  
-After applying CAKE, rerun the Waveform Bufferbloat Test . You should see latency under load drop from 200-500ms down to 5-15ms. Video calls stop freezing mid-sentence and game ping stays flat even during large transfers.+====Verify It Works====
  
-Monitor CAKE statistics:+After applying CAKE, rerun the [[https://www.waveform.com/tools/bufferbloat|Waveform Bufferbloat Test]]. You should see latency under load drop from 200-500ms down to 5-15ms. Video calls stop freezing mid-sentence and game ping stays flat even during large transfers.
  
-tc -s qdisc show dev wan0 +====Monitor CAKE statistics==== 
-tc -s qdisc show dev ifb-wan0+  *''tc -s qdisc show dev wan0'' 
 +  *''tc -s qdisc show dev ifb-wan0''
  
 This shows drops, ECN marks, and per-tin flow counts. If you see high drop rates, your bandwidth setting may be too close to the actual line speed. Lower it by another 5%. This shows drops, ECN marks, and per-tin flow counts. If you see high drop rates, your bandwidth setting may be too close to the actual line speed. Lower it by another 5%.
Line 103: Line 100:
     *[[https://botmonster.com/posts/build-linux-router-nftables-traffic-shaping/|Debian Router with nftables: CAKE SQM Reaches 15ms Latency]]     *[[https://botmonster.com/posts/build-linux-router-nftables-traffic-shaping/|Debian Router with nftables: CAKE SQM Reaches 15ms Latency]]
     *[[https://www.bufferbloat.net/projects/codel/wiki/Cake/|Cake - Common Applications Kept Enhanced]]     *[[https://www.bufferbloat.net/projects/codel/wiki/Cake/|Cake - Common Applications Kept Enhanced]]
 +    *[[https://www.man7.org/linux/man-pages/man8/tc-cake.8.html|tc-cake]]
   *tc-fq_codel   *tc-fq_codel
     *[[https://www.man7.org/linux/man-pages/man8/tc-fq_codel.8.html|tc-fq_codel(8) — Linux manual page]]     *[[https://www.man7.org/linux/man-pages/man8/tc-fq_codel.8.html|tc-fq_codel(8) — Linux manual page]]