tc-cake (8) - Linux Man Pages
tc-cake: Common Applications Kept Enhanced (CAKE)
CAKE - Common Applications Kept Enhanced (CAKE)
SYNOPSIStc qdisc ... cake
[ bandwidth RATE | unlimited* | autorate-ingress ]
[ rtt TIME | datacentre | lan | metro | regional | internet* | oceanic | satellite | interplanetary ]
[ besteffort | diffserv8 | diffserv4 | diffserv3* ]
[ flowblind | srchost | dsthost | hosts | flows | dual-srchost | dual-dsthost | triple-isolate* ]
[ nat | nonat* ]
[ wash | nowash* ]
[ split-gso* | no-split-gso ]
[ ack-filter | ack-filter-aggressive | no-ack-filter* ]
[ memlimit LIMIT ]
[ fwmark MASK ]
[ ptm | atm | noatm* ]
[ overhead N | conservative | raw* ]
[ mpu N ]
[ ingress | egress* ]
(* marks defaults)
DESCRIPTIONCAKE (Common Applications Kept Enhanced) is a shaping-capable queue discipline which uses both AQM and FQ. It combines COBALT, which is an AQM algorithm combining Codel and BLUE, a shaper which operates in deficit mode, and a variant of DRR++ for flow isolation. 8-way set-associative hashing is used to virtually eliminate hash collisions. Priority queuing is available through a simplified diffserv implementation. Overhead compensation for various encapsulation schemes is tightly integrated.
All settings are optional; the default settings are chosen to be sensible in most common deployments. Most people will only need to set the bandwidth parameter to get useful results, but reading the Overhead Compensation and Round Trip Time sections is strongly encouraged.
SHAPER PARAMETERSCAKE uses a deficit-mode shaper, which does not exhibit the initial burst typical of token-bucket shapers. It will automatically burst precisely as much as required to maintain the configured throughput. As such, it is very straightforward to configure.
tc(8) or examples below for details of the RATE value.
This is most likely to be useful with cellular links, which tend to change quality randomly. A bandwidth parameter can be used in conjunction to specify an initial estimate. The shaper will periodically be set to a bandwidth slightly below the estimated rate. This estimator cannot estimate the bandwidth of links downstream of itself.
OVERHEAD COMPENSATION PARAMETERSThe size of each packet on the wire may differ from that seen by Linux. The following parameters allow CAKE to compensate for this difference by internally considering each packet to be bigger than Linux informs it. To assist users who are not expert network engineers, keywords have been provided to represent a number of common link technologies.
Manual Overhead Specificationoverhead BYTES
between -64 and 256 (inclusive) are accepted.
BYTES. BYTES may not be negative; values between 0 and 256 (inclusive) are accepted.
This is performed after the overhead parameter above. ATM uses fixed 53-byte cells, each of which can carry 48 bytes payload.
uses a 64b/65b encoding scheme. It is even more efficient to simply derate the specified shaper bandwidth by a factor of 64/65 or 0.984. See ITU G.992.3 Annex N and IEEE 802.3 Section 61.3 for details.
Failsafe Overhead KeywordsThese two keywords are provided for quick-and-dirty setup. Use them if you can't be bothered to read the rest of this section.
by Linux will be used directly.
to make the overhead compensation operate relative to the reported packet size, not the underlying IP packet size.
widely-deployed link technology.
overhead 48 atm.
ADSL Overhead KeywordsMost ADSL modems have a way to check which framing scheme is in use. Often this is also specified in the settings document provided by the ISP. The keywords in this section are intended to correspond with these sources of information. All of them implicitly set the atm flag.
overhead 10 atm
overhead 14 atm
overhead 32 atm
overhead 40 atm
overhead 24 atm
overhead 32 atm
overhead 8 atm
overhead 16 atm
See also the Ethernet Correction Factors section below.
VDSL2 Overhead KeywordsATM was dropped from VDSL2 in favour of PTM, which is a much more straightforward framing scheme. Some ISPs retained PPPoE for compatibility with their existing back-end systems.
overhead 30 ptm
overhead 22 ptm
See also the Ethernet Correction Factors section below.
DOCSIS Cable Overhead KeywordDOCSIS is the universal standard for providing Internet service over cable-TV infrastructure.
In this case, the actual on-wire overhead is less important than the packet size the head-end equipment uses for shaping and metering. This is specified to be an Ethernet frame including the CRC (aka FCS).
overhead 18 mpu 64 noatm
Ethernet Overhead Keywords
Sequence. Use this keyword when the bottleneck being shaped for is an actual Ethernet cable.
overhead 38 mpu 84 noatm
VLAN header appended to the Ethernet frame header. NB: Some ISPs use one or even two of these within PPPoE; this keyword may be repeated as necessary to express this.
ROUND TRIP TIME PARAMETERSActive Queue Management (AQM) consists of embedding congestion signals in the packet flow, which receivers use to instruct senders to slow down when the queue is persistently occupied. CAKE uses ECN signalling when available, and packet drops otherwise, according to a combination of the Codel and BLUE AQM algorithms called COBALT.
Very short latencies require a very rapid AQM response to adequately control latency. However, such a rapid response tends to impair throughput when the actual RTT is relatively long. CAKE allows specifying the RTT it assumes for tuning various parameters. Actual RTTs within an order of magnitude of this will generally work well for both throughput and latency management.
At the 'lan' setting and below, the time constants are similar in magnitude to the jitter in the Linux kernel itself, so congestion might be signalled prematurely. The flows will then become sparse and total throughput reduced, leaving little or no back-pressure for the fairness logic to work against. Use the "metro" setting for local lans unless you have a custom kernel.
use this when shaping for an Internet access link. Equivalent to rtt 1ms.
suffered by Australasian residents. Equivalent to rtt 300ms.
(almost) completely disable AQM actions. Equivalent to rtt 3600s.
FLOW ISOLATION PARAMETERSWith flow isolation enabled, CAKE places packets from different flows into different queues, each of which carries its own AQM state. Packets from each queue are then delivered fairly, according to a DRR++ algorithm which minimises latency for "sparse" flows. CAKE uses a set-associative hashing algorithm to minimise flow collisions.
These keywords specify whether fairness based on source address, destination address, individual flows, or any combination of those is desired.
path of an ISP backhaul.
ingress path of an ISP backhaul.
isolation, rather than flow isolation.
address, transport protocol, source port and destination port. This is the type of flow isolation performed by SFQ and fq_codel.
source addresses, then over individual flows. Good for use on egress traffic from a LAN to the internet, where it'll prevent any one LAN host from monopolising the uplink, regardless of the number of flows they use.
destination addresses, then over individual flows. Good for use on ingress traffic to a LAN from the internet, where it'll prevent any one LAN host from monopolising the downlink, regardless of the number of flows they use.
*and* destination addresses intelligently (ie. not merely by host-pairs), and also over individual flows. Use this if you're not certain whether to use dual-srchost or dual-dsthost; it'll do both jobs at once, preventing any one host on *either* side of the link from monopolising it with a large number of flows.
rules, to determine the true addresses and port numbers of the packet, to improve fairness between hosts "inside" the NAT. This has no practical effect in "flowblind" or "flows" modes, or if NAT is performed on a different host.
using the addresses and port numbers directly visible to the interface Cake is attached to.
PRIORITY QUEUE PARAMETERSCAKE can divide traffic into "tins" based on the Diffserv field. Each tin has its own independent set of flow-isolation queues, and is serviced based on a WRR algorithm. To avoid perverse Diffserv marking incentives, tin weights have a "priority sharing" value when bandwidth used by that tin is below a threshold, and a lower "bandwidth sharing" value when above. Bandwidth is compared against the threshold using the same algorithm as the deficit-mode shaper.
Detailed customisation of tin parameters is not provided. The following presets perform all necessary tuning, relative to the current shaper bandwidth and RTT settings.
preset on the modern Internet is firmly discouraged.
If set, the option specifies a bitmask that will be applied to the fwmark associated with each packet. If the result of this masking is non-zero, the result will be right-shifted by the number of least-significant unset bits in the mask value, and the result will be used as a the tin number for that packet. This can be used to set policies in a firewall script that will override CAKE's built-in tin selection.
OTHER PARAMETERSmemlimit LIMIT
not translate directly to queue size (so do not size this based on bandwidth delay product considerations, but rather on worst case acceptable memory consumption), as there is some overhead in the data structures containing the packets, especially for small packets.
transit from the perspective of your network, and traffic exiting yours may be mis-marked from the perspective of the transiting provider.
Apply the wash option to clear all extra diffserv (but not ECN bits), after priority queuing has taken place.
If you are shaping inbound, and cannot trust the diffserv markings (as is the case for Comcast Cable, among others), it is best to use a single queue "besteffort" mode with wash.
Offload (GSO) super-packets into their on-the-wire components and dequeue them individually.
Super-packets are created by the networking stack to improve efficiency. However, because they are larger they take longer to dequeue, which translates to higher latency for competing flows, especially at lower bandwidths. CAKE defaults to splitting GSO packets to achieve the lowest possible latency. At link speeds higher than 10 Gbps, setting the no-split-gso parameter can increase the maximum achievable throughput by retaining the full GSO packets.
OVERRIDING CLASSIFICATION WITH TC FILTERS
CAKE supports overriding of its internal classification of packets through the tc filter mechanism. Packets can be assigned to different priority tins by setting the priority field on the skb, and the flow hashing can be overridden by setting the classid parameter.
Flow hash override
This example will assign all ICMP packets to the first queue:
If only one of the host and flow overrides is set, CAKE will compute the other hash from the packet as normal. Note, however, that the host isolation mode works by assigning a host ID to the flow queue; so if overriding both host and flow, the same flow cannot have more than one host assigned. In addition, it is not possible to assign different source and destination host IDs through the override mechanism; if a host ID is assigned, it will be used as both source and destination host.
# tc qdisc delete root dev eth0
# tc qdisc add root dev eth0 cake bandwidth 100Mbit ethernet
# tc -s qdisc show dev eth0
qdisc cake 1: root refcnt 2 bandwidth 100Mbit diffserv3 triple-isolate rtt 100.0ms noatm overhead 38 mpu 84
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
memory used: 0b of 5000000b
capacity estimate: 100Mbit
min/max network layer size:
min/max overhead-adjusted size:
average network hdr offset:
Flow hash override