SQM for FTTH, overhead issue i guess?

Greetings everyone,

I have 30/30 Mbps FTTH (EPON ONU? i heard people say that to router).
i have been using the script from Ultimate SQM settings: Layer_cake + DSCP marks (New Script!)... i think i set it up right... even in firewall DHCP markings are shown....

i have been using the sqm config as shown in the above link for ultimate sqm... Using PPPOE wan to shape Upload and Using Br-lan to shape download with Diffserv4 also tried diffserv8(i used to only Use pppoe wan to shape up both before but found this way much better) ... i have tried overhead value from 34,35,39 and also from 40s till 54 as i saw somewhere for EPON the overhead can be higher than 44...

Problem:
no matter which overhead value i try, it feels consistent at first but in a day or so or maybe even less, the pk_delay value goes higher than 60ms on best effort sometimes, sometimes on video... when everything is right, i feel the internet working very good, no hit delay on games and streaming are very smooth... but when the pk_delay is very high i see hit registration problems, streaming also gets interuptted...

question is, is it caused by the improper overhead value for my line? or am i doing something still wrong in terms of settings to my SQM?

P.S i also installed TCP BBR and i m using BBR. ( i dont think this is the issue as cubic had much worse lag issue for me)

day then issues consistent timing = line / iptables -c / router model or non-sqm software related clogs...

the more consistent the timing the more likely the latter side... more commonly... it's local contention ( other users )...

i dont think its more users problem for me, as the only internet user are my sis and me, she barely uses internet, when she does she is only running youtube, the issue occurs at night too for me

what router model?

Tp-link archer c20 v4 using 19.07.6

1 Like

8/64 550MHz @ 30/30 you might want to just shape egress/upload for a while and see how that goes... use a high overhead 54+

sure i will give it a try...

btw, when i use DSLreports to check bufferbloat, the internet speed goes higher than my limited Upload on upload side, then eventually comes back to the limited upload rate, is there something wrong?

usually when i do a speed test without sqm, my download goes high upto 50 mbps then drops down to 30 mbps too...

probly not...

but from an sqm perspective you have to choke to the lowest common denominator...

so whatever burst may exist won't be usable in order to predictably shape traffic :frowning:

i m using the lowest value and 80% of it

1 Like

This pk_delay is a measure of the delay inside your router. Such high delays indicate your router isn't keeping up. This could be if some no responsive flow is happening, like a DDoS? Also it could be a sign of overheating or frequency scaling causing you to run out of cpu cycles.

Are you sure you aren't being DDoS ed?

I dont think i m being DDos ed, i dont understand frequency sclaing, i only have 900 kb ish left on memory. I had issue with this before when i had 3 mb left too

This config uses the veth system right? you can't shape download direct on the br-lan.

Yes it does use veth, so i link br-lan physical with veth1(the option in br-lan interface where physical link can be set)

Now i am completely confused, like few days back, keeping br-lan as interface, shaper was working, now i have to keep veth0 as interface to have shaper work on download side...

And also, i m having a problem with upload, if anybody can help me? Problem is i have limited the upload to 22000, what happens is when i test in any site, the upload goes way above 55 mbps and comes down to 20, 22 mbps when this happens, the ping goes very high... only the initial test has high upload, then it drops down at 20 ish mbos

tc -d qdisc; \
uci show sqm; \
br-ctl show; \
(iptables-save -c; ip6tables-save -c) | grep -v '0:0'

There pk_delay and av_delay is high...

qdisc noqueue 0: dev lo root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 10240p flows 1024 quantum 1514 ta                                                                                        rget 5.0ms interval 100.0ms memory_limit 4Mb ecn
 Sent 575597735 bytes 1138745 pkt (dropped 0, overlimits 0 requeues 95)
 backlog 0b 0p requeues 95
  maxpacket 1498 drop_overlimit 0 new_flow_count 140 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc noqueue 0: dev br-lan root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev eth0.1 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev eth0.2 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev wlan0 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 8047: dev pppoe-wan root refcnt 2 bandwidth 22Mbit diffserv4 dual-src                                                                                        host nat nowash no-ack-filter split-gso rtt 260.0ms noatm overhead 39 mpu 64
 Sent 220917196 bytes 558947 pkt (dropped 286, overlimits 251231 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 780566b of 4Mb
 capacity estimate: 22Mbit
 min/max network layer size:           40 /    1476
 min/max overhead-adjusted size:       79 /    1515
 average network hdr offset:            0

                   Bulk  Best Effort        Video        Voice
  thresh       1375Kbit       22Mbit       11Mbit     5500Kbit
  target         13.2ms       13.0ms       13.0ms       13.0ms
  interval      260.2ms      260.0ms      260.0ms      260.0ms
  pk_delay        189us        388us        483us         63us
  av_delay         24us         73us         42us         33us
  sp_delay         13us         25us         17us         24us
  backlog            0b           0b           0b           0b
  pkts           256721        12109       264192        26211
  bytes       177578001     13897622     28097016      1766369
  way_inds            0            0         2781          791
  way_miss           99          470         2299         2868
  way_cols            0            0            0            0
  drops             272            1           13            0
  marks               0            0            0            0
  ack_drop            0            0            0            0
  sp_flows            1            1            1            1
  bk_flows            0            0            1            0
  un_flows            0            0            0            0
  max_len         14400         1476        17008          454
  quantum           300          671          335          300

qdisc noqueue 0: dev wlan1 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 804a: dev veth0 root refcnt 2 bandwidth 22Mbit diffserv4 dual-dsthost                                                                                         nat nowash ingress no-ack-filter split-gso rtt 260.0ms noatm overhead 39 mpu 64                                                                                        
 Sent 1667173128 bytes 1368675 pkt (dropped 910, overlimits 2242872 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 1062432b of 4Mb
 capacity estimate: 22Mbit
 min/max network layer size:           28 /    1476
 min/max overhead-adjusted size:       67 /    1515
 average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh       1375Kbit       22Mbit       11Mbit     5500Kbit
  target         13.2ms       13.0ms       13.0ms       13.0ms
  interval      260.2ms      260.0ms      260.0ms      260.0ms
  pk_delay      149.5ms        4.0ms        2.8ms        581us
  av_delay      132.3ms        660us        2.1ms         52us
  sp_delay         29us         38us         40us         20us
  backlog            0b           0b           0b           0b
  pkts           192637         5220      1109612        62116
  bytes       268339329      6309589   1373677621     20113150
  way_inds            0            0        67280            0
  way_miss           69          184         2301          252
  way_cols            0            0            0            0
  drops             255            2          653            0
  marks               0            0            1            0
  ack_drop            0            0            0            0
  sp_flows            1            1            1            1
  bk_flows            0            0            1            0
  un_flows            0            0            0            0
  max_len          1490         1490         1490          873
  quantum           300          671          335          300

qdisc noqueue 0: dev veth1 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0

and uci show sqm

sqm.@queue[0]=queue
sqm.@queue[0].debug_logging='0'
sqm.@queue[0].verbosity='5'
sqm.@queue[0].ingress_ecn='ECN'
sqm.@queue[0].tcMTU='2047'
sqm.@queue[0].tcTSIZE='128'
sqm.@queue[0].enabled='1'
sqm.@queue[0].download='0'
sqm.@queue[0].upload='22000'
sqm.@queue[0].qdisc='cake'
sqm.@queue[0].script='piece_of_cake.qos'
sqm.@queue[0].qdisc_advanced='1'
sqm.@queue[0].egress_ecn='ECN'
sqm.@queue[0].qdisc_really_really_advanced='1'
sqm.@queue[0].ilimit='18'
sqm.@queue[0].elimit='18'
sqm.@queue[0].linklayer='ethernet'
sqm.@queue[0].linklayer_advanced='1'
sqm.@queue[0].tcMPU='64'
sqm.@queue[0].linklayer_adaptation_mechanism='cake'
sqm.@queue[0].interface='pppoe-wan'
sqm.@queue[0].eqdisc_opts='diffserv4 nat dual-srchost rtt 260ms'
sqm.@queue[0].squash_dscp='0'
sqm.@queue[0].squash_ingress='0'
sqm.@queue[0].overhead='39'
sqm.@queue[1]=queue
sqm.@queue[1].debug_logging='0'
sqm.@queue[1].verbosity='5'
sqm.@queue[1].ingress_ecn='ECN'
sqm.@queue[1].tcMTU='2047'
sqm.@queue[1].tcTSIZE='128'
sqm.@queue[1].enabled='1'
sqm.@queue[1].download='0'
sqm.@queue[1].upload='22000'
sqm.@queue[1].qdisc='cake'
sqm.@queue[1].script='piece_of_cake.qos'
sqm.@queue[1].qdisc_advanced='1'
sqm.@queue[1].egress_ecn='ECN'
sqm.@queue[1].qdisc_really_really_advanced='1'
sqm.@queue[1].ilimit='18'
sqm.@queue[1].elimit='18'
sqm.@queue[1].linklayer='ethernet'
sqm.@queue[1].linklayer_advanced='1'
sqm.@queue[1].tcMPU='64'
sqm.@queue[1].linklayer_adaptation_mechanism='cake'
sqm.@queue[1].interface='veth0'
sqm.@queue[1].squash_dscp='0'
sqm.@queue[1].squash_ingress='0'
sqm.@queue[1].eqdisc_opts='diffserv4 dual-dsthost ingress nat rtt 260ms'
sqm.@queue[1].overhead='39'

and for br-ctl

root@OpenWrt:~# br-ctl show
-ash: br-ctl: not found

and for (iptables-save -c; ip6tables-save -c) | grep -v '0:0'

# Generated by iptables-save v1.8.3 on Thu Feb 25 11:52:04 2021
*nat
:PREROUTING ACCEPT [10022:1601427]
:INPUT ACCEPT [1950:137816]
:OUTPUT ACCEPT [2615:183663]
:POSTROUTING ACCEPT [5:1680]
[10022:1601427] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule                                                                                         chain" -j prerouting_rule
[4584:701219] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_pr                                                                                        erouting
[5095:973968] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule                                                                                         chain" -j postrouting_rule
[5:1680] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postro                                                                                        uting
[5090:972288] -A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wa                                                                                        n_postrouting
[5:1680] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrout                                                                                        ing rule chain" -j postrouting_lan_rule
[4584:701219] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prer                                                                                        outing rule chain" -j prerouting_lan_rule
[5090:972288] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan pos                                                                                        trouting rule chain" -j postrouting_wan_rule
[5090:972288] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
COMMIT
# Completed on Thu Feb 25 11:52:04 2021
# Generated by iptables-save v1.8.3 on Thu Feb 25 11:52:04 2021
*raw
:PREROUTING ACCEPT [2011251:1954137788]
:OUTPUT ACCEPT [6161:1261562]
[203997:27646927] -A PREROUTING -i br-lan -m comment --comment "!fw3: lan CT hel                                                                                        per assignment" -j zone_lan_helper
COMMIT
# Completed on Thu Feb 25 11:52:04 2021
# Generated by iptables-save v1.8.3 on Thu Feb 25 11:52:04 2021
*mangle
:PREROUTING ACCEPT [2011252:1954137828]
:INPUT ACCEPT [6376:704331]
:FORWARD ACCEPT [1999284:1952760191]
:OUTPUT ACCEPT [6162:1262418]
:POSTROUTING ACCEPT [2005446:1954022609]
[1999:123752] -A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m c                                                                                        omment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[1974:116100] -A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m c                                                                                        omment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
[3540260:3460229912] -A POSTROUTING -j dscp_mark
[3540259:3460229843] -A dscp_mark -j DSCP --set-dscp 0x00
[1323268:1617467441] -A dscp_mark -p udp -m hashlimit --hashlimit-above 115/sec                                                                                         --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-na                                                                                        me udp_high_prio -m comment --comment "connmark for udp" -j CONNMARK --set-xmark                                                                                         0x55/0xffffffff
[84189:20749154] -A dscp_mark -p udp -m connmark ! --mark 0x55 -m multiport ! --                                                                                        ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --c                                                                                        onnbytes 0:940 --connbytes-mode avgpkt --connbytes-dir both -m comment --comment                                                                                         "small udp connection gets CS6" -j DSCP --set-dscp 0x30
[619:98891] -A dscp_mark -p icmp -m comment --comment ICMP-pings -j DSCP --set-d                                                                                        scp 0x28
[6477:690644] -A dscp_mark -p udp -m multiport --ports 53,5353,8888 -m comment -                                                                                        -comment "DNS udp" -j DSCP --set-dscp 0x28
[3801:243457] -A dscp_mark -p tcp -m multiport --ports 53,5353,8888 -m comment -                                                                                        -comment "DNS tcp" -j DSCP --set-dscp 0x28
[471:35796] -A dscp_mark -p udp -m multiport --ports 123 -m comment --comment "N                                                                                        TP udp" -j DSCP --set-dscp 0x30
[1568720:1435708514] -A dscp_mark -p tcp -m multiport --ports 80,443,8080 -m com                                                                                        ment --comment "Browsing at CS3" -j DSCP --set-dscp 0x18
[606183:33537829] -A dscp_mark -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG                                                                                         ACK -m length --length 0:128 -j DSCP --set-dscp 0x18
[3507:218448] -A dscp_mark -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN                                                                                         -m length --length 0:666 -j DSCP --set-dscp 0x18
[386288:28169457] -A dscp_mark -m dscp ! --dscp 0x18 -m dscp ! --dscp 0x12 -m ds                                                                                        cp ! --dscp 0x22 -m dscp ! --dscp 0x28 -m dscp ! --dscp 0x30 -m length --length                                                                                         0:500 -j DSCP --set-dscp 0x18
[965:1017565] -A dscp_mark -m dscp ! --dscp 0x18 -m dscp ! --dscp 0x12 -m dscp !                                                                                         --dscp 0x22 -m dscp ! --dscp 0x28 -m dscp ! --dscp 0x30 -m connbytes --connbyte                                                                                        s 0:250 --connbytes-mode avgpkt --connbytes-dir both -j DSCP --set-dscp 0x18
[1832809:2297112091] -A dscp_mark -m set --match-set streaming src,dst -m commen                                                                                        t --comment "video audio stream ipset" -j DSCP --set-dscp 0x22
[21130:10987156] -A dscp_mark -m set --match-set usrcdn src,dst -m comment --com                                                                                        ment "usrcdn ipset" -j DSCP --set-dscp 0x12
[146:116319] -A dscp_mark -p tcp -m set --match-set bulk src,dst -m comment --co                                                                                        mment "bulk traffic ipset" -j DSCP --set-dscp 0x08
[826:1046137] -A dscp_mark -p tcp -m connbytes --connbytes 350000 --connbytes-mo                                                                                        de bytes --connbytes-dir both -m dscp --dscp 0x00 -m comment --comment "Downgrad                                                                                        e CS0 to CS1 for bulk tcp traffic" -j DSCP --set-dscp 0x08
[985508:953965199] -A dscp_mark -p tcp -m connbytes --connbytes 350000 --connbyt                                                                                        es-mode bytes --connbytes-dir both -m dscp --dscp 0x18 -m comment --comment "Dow                                                                                        ngrade CS3 to CS1 for bulk tcp traffic" -j DSCP --set-dscp 0x08
COMMIT
# Completed on Thu Feb 25 11:52:04 2021
# Generated by iptables-save v1.8.3 on Thu Feb 25 11:52:04 2021
*filter
:INPUT ACCEPT [1252:90199]
:FORWARD ACCEPT [1683:560325]
[6381:704531] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j i                                                                                        nput_rule
[4111:540248] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --c                                                                                        omment "!fw3" -j ACCEPT
[28:1492] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --co                                                                                        mment "!fw3" -j syn_flood
[1018:74084] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[1999286:1952761351] -A FORWARD -m comment --comment "!fw3: Custom forwarding ru                                                                                        le chain" -j forwarding_rule
[1996409:1951818146] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m co                                                                                        mment --comment "!fw3" -j ACCEPT
[1194:382880] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forwa                                                                                        rd
[6167:1266090] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -                                                                                        j output_rule
[3545:1081957] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment -                                                                                        -comment "!fw3" -j ACCEPT
[5:1680] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[2617:182453] -A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_out                                                                                        put
[28:1492] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --                                                                                        limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[5:1680] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[1194:382880] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forward                                                                                        ing rule chain" -j forwarding_lan_rule
[1194:382880] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan fo                                                                                        rwarding policy" -j zone_wan_dest_ACCEPT
[1018:74084] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule                                                                                         chain" -j input_lan_rule
[1018:74084] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEP                                                                                        T
[5:1680] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule c                                                                                        hain" -j output_lan_rule
[5:1680] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[1018:74084] -A zone_lan_src_ACCEPT -i br-lan -m comment --comment "!fw3" -j ACC                                                                                        EPT
[3811:565333] -A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -                                                                                        j ACCEPT
[2617:182453] -A zone_wan_output -m comment --comment "!fw3: Custom wan output r                                                                                        ule chain" -j output_wan_rule
[2617:182453] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_AC                                                                                        CEPT
COMMIT
# Completed on Thu Feb 25 11:52:04 2021
# Generated by ip6tables-save v1.8.3 on Thu Feb 25 11:52:04 2021
*mangle
:PREROUTING ACCEPT [4005:442355]
:INPUT ACCEPT [1423:112761]
:OUTPUT ACCEPT [1391:161297]
:POSTROUTING ACCEPT [1391:161297]
[1622:190625] -A POSTROUTING -j dscp_mark
[1620:190481] -A dscp_mark -j DSCP --set-dscp 0x00
[6:898] -A dscp_mark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,                                                                                        25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes                                                                                         0:940 --connbytes-mode avgpkt --connbytes-dir both -m comment --comment "small u                                                                                        dp6 connection gets CS6" -j DSCP --set-dscp 0x30
[916:135808] -A dscp_mark -p udp -m multiport --ports 53,5353,8888 -m comment --                                                                                        comment "DNS udp6" -j DSCP --set-dscp 0x28
[8:2292] -A dscp_mark -p tcp -m multiport --ports 53,5353,8888 -m comment --comm                                                                                        ent "DNS tcp6" -j DSCP --set-dscp 0x28
[2:120] -A dscp_mark -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG ACK -m le                                                                                        ngth --length 0:128 -j DSCP --set-dscp 0x18
[684:50836] -A dscp_mark -m dscp ! --dscp 0x18 -m dscp ! --dscp 0x12 -m dscp ! -                                                                                        -dscp 0x22 -m dscp ! --dscp 0x28 -m dscp ! --dscp 0x30 -m length --length 0:500                                                                                         -j DSCP --set-dscp 0x18
COMMIT
# Completed on Thu Feb 25 11:52:05 2021
# Generated by ip6tables-save v1.8.3 on Thu Feb 25 11:52:05 2021
*filter
:INPUT ACCEPT [37:4048]
[1423:112761] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j i                                                                                        nput_rule
[17:1313] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comme                                                                                        nt "!fw3" -j ACCEPT
[2:144] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comm                                                                                        ent "!fw3" -j syn_flood
[1369:107400] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[1391:161297] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j                                                                                         output_rule
[785:117179] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --c                                                                                        omment "!fw3" -j ACCEPT
[606:44118] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[2:144] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --li                                                                                        mit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[606:44118] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACC                                                                                        EPT
[1369:107400] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rul                                                                                        e chain" -j input_lan_rule
[1369:107400] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCE                                                                                        PT
[606:44118] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rul                                                                                        e chain" -j output_lan_rule
[606:44118] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCE                                                                                        PT
[1369:107400] -A zone_lan_src_ACCEPT -i br-lan -m comment --comment "!fw3" -j AC                                                                                        CEPT
COMMIT

Can you wrap all that stuff in preformatted text block?

This is how it's supposed to be. The purpose of the veth is to be the bottleneck for traffic.

idk how to.. i will see what i can do

Put three backticks at start of text and at end of text

"```"
Without the quotes around it