TC - Traffic Control

The Linux kernel's network stack has network traffic control and shaping features. The iproute2 package installs the tc command to control these via the command line.
Queuing controls how data is sent; receiving data is much more reactive with fewer network-oriented controls. However, since TCP/IP packets are sent using a slow start the system starts sending the packets slow and keeps sending them faster and faster until packets start getting rejected - it is therefore possible to control how much traffic is received on a LAN by dropping packets that arrive at a router before they get forwarded. There are more relevant details, but they do not touch directly on queuing logic.

Direct TC / qdisc, tldr;

qdisc mq 0: root 
qdisc fq_codel 0: parent :4 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64 
qdisc fq_codel 0: parent :3 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64 
qdisc fq_codel 0: parent :2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64 
qdisc fq_codel 0: parent :1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64 

Bufferbloat is the reason your video calls stutter and your game ping spikes to 300ms whenever someone on your network starts a large download. When a router’s outgoing queue fills up, every packet - including latency-sensitive VoIP and gaming traffic - has to wait behind megabytes of bulk transfer data. A 10ms base latency turns into 200-500ms under load.

Test your connection at the Waveform Bufferbloat Test before doing anything. If you get a grade of C or worse, you have bufferbloat.

CAKE (Common Applications Kept Enhanced) is the modern Linux qdisc that fixes this. It combines Active Queue Management (AQM), Fair Queuing (FQ), and traffic shaping into a single qdisc. CAKE has been in the mainline kernel since 4.19, so no extra kernel modules are required on any modern distro. It replaced the older approach of combining fq_codel with htb shaping - CAKE does everything in one shot with less configuration.

Apply CAKE to your WAN interface with your upload bandwidth set to 90-95% of measured speed:

• tc qdisc replace dev wan0 root cake bandwidth 450mbit besteffort wash nat ack-filter-aggressive

Key options:

• bandwidth 450mbit - set to 90-95% of your actual upload speed (if your upload is 500 Mbps, use 450)
• nat - enables proper flow identification for traffic behind NAT (required for routers)
• wash - clears DSCP markings from upstream that might not match your local policy
• ack-filter-aggressive - reduces TCP ACK congestion on asymmetric links (important if your download is much faster than upload)

CAKE can only shape outgoing (egress) traffic. To shape incoming (ingress) traffic - which is where download bufferbloat lives - you redirect incoming packets through an Intermediate Functional Block (IFB) device and apply CAKE there:

bash script for ingress traffic

# Create and bring up IFB device
ip link add ifb-wan0 type ifb
ip link set ifb-wan0 up
 
# Redirect incoming WAN traffic to IFB
tc qdisc add dev wan0 handle ffff: ingress
tc filter add dev wan0 parent ffff: u32 match u32 0 0 \
    action mirred egress redirect dev ifb-wan0
 
# Apply CAKE on the IFB device
tc qdisc replace dev ifb-wan0 root cake bandwidth 900mbit besteffort wash 

These tc commands do not survive a reboot on their own. Create a systemd service:

sudo vim /etc/systemd/system/sqm.service

# /etc/systemd/system/sqm.service
[Unit]
Description=SQM (CAKE) Traffic Shaping
After=network-online.target
Wants=network-online.target
 
[Service]
Type=oneshot
RemainAfterExit=yes
 
# Upload shaping
ExecStart=/sbin/tc qdisc replace dev wan0 root cake bandwidth 450mbit besteffort wash nat ack-filter-aggressive
 
# Download shaping via IFB
ExecStart=/sbin/ip link add ifb-wan0 type ifb
ExecStart=/sbin/ip link set ifb-wan0 up
ExecStart=/sbin/tc qdisc add dev wan0 handle ffff: ingress
ExecStart=/sbin/tc filter add dev wan0 parent ffff: u32 match u32 0 0 action mirred egress redirect dev ifb-wan0
ExecStart=/sbin/tc qdisc replace dev ifb-wan0 root cake bandwidth 900mbit besteffort wash
 
# Cleanup on stop
ExecStop=/sbin/tc qdisc del dev wan0 root
ExecStop=/sbin/tc qdisc del dev wan0 ingress
ExecStop=/sbin/ip link del ifb-wan0
 
[Install]
WantedBy=multi-user.target

After applying CAKE, rerun the Waveform Bufferbloat Test. You should see latency under load drop from 200-500ms down to 5-15ms. Video calls stop freezing mid-sentence and game ping stays flat even during large transfers.

• tc -s qdisc show dev wan0
• tc -s qdisc show dev ifb-wan0

This shows drops, ECN marks, and per-tin flow counts. If you see high drop rates, your bandwidth setting may be too close to the actual line speed. Lower it by another 5%.

• CAKE SQM
  • Debian Router with nftables: CAKE SQM Reaches 15ms Latency
  • Cake - Common Applications Kept Enhanced
• tc-fq_codel
  • tc-fq_codel(8) — Linux manual page
  • linux.org - FQ_CoDel(8)
  • rfc8290
  • nftables - Classification to tc structure example
  • Linux Home Router Traffic Shaping With FQ_CoDel
  • Linux Home Router Download Bufferbloat Analysis|
  • Best Practices for Benchmarking CoDel and FQ CoDel
• wikipedia TC A bit dated, but base references….
• Traffic Control HOWTO
• Linux Advanced Routing & Traffic Control
  • Man Pages
  • HOWTO
• How to Use the Linux Traffic Control
• Archwiki Advanced traffic control
• Funtoo Traffic Control, good basic description.
• man7.org - tc(8) — Linux manual page
• Red Hat Documentation - Chapter 31. Linux traffic control