Trying to understand sqm-scripts (or how to set up cake properly)


as I've been enjoying sqm-scripts on OpenWrt for quite some time, I wanted to deploy something similar on a non-OpenWrt machine. In particular, I'd like to use cake for its simplicity (and since it performs well, too) and I looked at the source code of sqm-scripts [1] as well as many manpages to see and understand how it's done.

While I could simply run sqm-scripts as is, I prefer to understand what's going on :wink: And here's where it get's tricky. There are a few steps I don't fully understand. So, maybe someone smarter than me or with more knowledge regarding SQM could help me understand the logic.

tc filter options
Most importantly, I'm not sure what some of the options do when the tc filter is set up to redirect ingress traffic to the ifb device (from [2]):

$TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
	match u32 0 0 flowid 1:1 action mirred egress redirect dev $DEV

Two parts here I don't understand:

  1. Why "prio 10"? Does the priority here even matter considering no additional filters are added? I saw a couple of examples showing how to set up an ifb device in order to be able to shape ingress traffic, but most of them don't specify any priority.
  2. What does flowid 1:1 do here? Or it other terms, would it matter if it were omitted here?

tc qdisc del+add vs replace
Aside from that, I have another question about the qdisc setup in general: In the script, every "tc qdisc add" action, is preceded by a respective "tc qdisc del" action. Is there any particular reason for not using a single "tc qdisc replace" instead? According to the manpage [3]:

Performs a nearly atomic remove/add on an existing node id. If the node does not exist yet it is created.

This would have the benefit of not needing to silence the "tc qdisc del" action, which fails and complains if a node doesn't exist yet. Maybe it's just a stylistic question, but maybe there is a functional difference as well?

"Permanent" ifb device
Lastly, I have a question that is not necessarily related to the sqm-scripts itself. The machine I try to use cake on has a non-permanent network connection. So, it can come up and down from time to time. Obviously, I have to set up cake from fresh when the conneciton comes up. But I was wondering if I could simplify that slightly. To my understanding, setting up cake involves three main steps:

  1. Set up the cake qdisc for egress on the network interface.
  2. Set up the cake qdisc for ingress on a virtual ifb device.
  3. Set up a filter on the network interface to redirect the ingress traffic to the ifb device.

In such a setup with a non-permanent network connection, would it be possible to perform step 2) only once at boot, and then perform only steps 1) and 3) every time the network connection comes up? Or are there any negative sideeffects to be expected?

I'd appreciate if someone with more experience in traffic control or SQM could help me understand these things.

Thanks and regards,



  1. in this context the priority is not relevant (but it might become)
  2. same (ime you can omit it, but who knows what might become)
  3. (replace vs. add/del): replace fails in different ways. so same as above (make sure it works)
  4. (permanent ifb): afaik the qdisc setup does not vanish with the interface going down. but to make sure it is usually torn down and reinstated.
1 Like

Thanks, fuller. That clarifies a lot.

Regarding 4 (permanent ifb): I should have been clearer about this before, but in my case the network adapter is actually removed completely. Once it's reattached, it get's the default qdisc again (fq_codel in my case). So, I do need to reconfigure the qdisc at least for the network interface again every time it's reattached. Hence the question whether the configuration of the ifb device can stay as it is after it has been set up at boot time.

Quick followup:

So, I set everything up now and tested it. Works like a charm :slight_smile: The way I went is having a permanent ifb device set up once at boot and whenever the network connection is attached and brought up, a hook script will configure egress shaping with cake and redirect ingress to the ifb device. I also went with the "tc qdisc del + add" approach instead of "replace" as suggested. In my case it didn't seem to make a difference (both approaches seem to work just fine), but just to be sure. Thanks again.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.