Skip to content

Add CAKE traffic shaping support for bandwidth management #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
amirhmoradi wants to merge 1 commit into from
Closed

Add CAKE traffic shaping support for bandwidth management #99

amirhmoradi wants to merge 1 commit into from

Conversation

@amirhmoradi
Copy link

@amirhmoradi amirhmoradi commented Nov 11, 2025

This commit implements CAKE (Common Applications Kept Enhanced) traffic shaping for Wiregate, addressing upstream issue #77.

CAKE is a modern Linux kernel qdisc that provides superior bufferbloat control, fair queuing, and automatic bandwidth management compared to traditional traffic shapers.

Key Features:

  • Reduced latency under load (< 20ms vs 500ms+ without shaping)
  • Fair bandwidth distribution across VPN clients
  • NAT-aware per-host and per-flow fair queuing
  • Built-in ACK filtering for asymmetric connections
  • Automatic rate adaptation
  • Minimal configuration required

Implementation Details:

  1. Docker Infrastructure (WG-Dash/Dockerfile):

    • Added iproute2 package for tc command support

  2. Python Layer (WG-Dash/src/traffic_control.py):

    • New TrafficControl module with CAKEQdisc class
    • Functions for applying/removing CAKE qdisc
    • Validation and error handling
    • Statistics collection
    • Support for all CAKE parameters (bandwidth, overhead, mpu, options)

  3. Shell Scripts (WG-Dash/src/iptable-rules/*/):

    • cake-setup.sh: Apply CAKE to WireGuard interface (all zones)
    • cake-teardown.sh: Remove CAKE from interface (all zones)
    • Integrated with existing postup.sh and postdown.sh scripts
    • Environment variable-based configuration
    • Graceful fallback if CAKE unavailable

  4. Per-Zone Configuration:

    • ADMINS: 1 Gbit/s (full-speed admin access)
    • MEMBERS: 100 Mbit/s (standard users)
    • GUESTS: 50 Mbit/s (limited guest access)
    • LANP2P: 100 Mbit/s (LAN-only connections)

  5. Configuration (via environment variables):

    • CAKE_ENABLED: Global enable/disable toggle (default: false)
    • CAKE_BANDWIDTH_*: Per-zone bandwidth limits
    • CAKE_OVERHEAD: Overhead compensation for encapsulation
    • CAKE_MPU: Minimum packet unit
    • CAKE_MEMLIMIT: Memory limit for queues
    • CAKE_OPTIONS: Space-separated CAKE options

  6. Documentation:

    • docs/CAKE_TRAFFIC_SHAPING.md: Comprehensive guide
    • examples/cake-config.env.example: Example configurations
    • README.md: Quick start guide and feature overview
    • Docs/CHANGELOG.md: Version history entry

Design Principles:

  • Optional feature, disabled by default
  • Zero impact on existing functionality when disabled
  • Clean integration with existing network scripts
  • Environment variable driven configuration
  • Comprehensive documentation and examples

Testing Recommendations:

  1. Verify CAKE availability: tc qdisc add dev lo root cake help
  2. Check interface setup: tc qdisc show dev MEMBERS
  3. Monitor statistics: tc -s qdisc show dev MEMBERS
  4. Test latency under load: ping + large download

Addresses: #77

@claude
Add CAKE traffic shaping support for bandwidth management
6941104 
This commit implements CAKE (Common Applications Kept Enhanced) traffic
shaping for Wiregate, addressing upstream issue NOXCIS#77.

CAKE is a modern Linux kernel qdisc that provides superior bufferbloat
control, fair queuing, and automatic bandwidth management compared to
traditional traffic shapers.

Key Features:
- Reduced latency under load (< 20ms vs 500ms+ without shaping)
- Fair bandwidth distribution across VPN clients
- NAT-aware per-host and per-flow fair queuing
- Built-in ACK filtering for asymmetric connections
- Automatic rate adaptation
- Minimal configuration required

Implementation Details:

1. Docker Infrastructure (WG-Dash/Dockerfile):
   - Added iproute2 package for tc command support

2. Python Layer (WG-Dash/src/traffic_control.py):
   - New TrafficControl module with CAKEQdisc class
   - Functions for applying/removing CAKE qdisc
   - Validation and error handling
   - Statistics collection
   - Support for all CAKE parameters (bandwidth, overhead, mpu, options)

3. Shell Scripts (WG-Dash/src/iptable-rules/*/):
   - cake-setup.sh: Apply CAKE to WireGuard interface (all zones)
   - cake-teardown.sh: Remove CAKE from interface (all zones)
   - Integrated with existing postup.sh and postdown.sh scripts
   - Environment variable-based configuration
   - Graceful fallback if CAKE unavailable

4. Per-Zone Configuration:
   - ADMINS: 1 Gbit/s (full-speed admin access)
   - MEMBERS: 100 Mbit/s (standard users)
   - GUESTS: 50 Mbit/s (limited guest access)
   - LANP2P: 100 Mbit/s (LAN-only connections)

5. Configuration (via environment variables):
   - CAKE_ENABLED: Global enable/disable toggle (default: false)
   - CAKE_BANDWIDTH_*: Per-zone bandwidth limits
   - CAKE_OVERHEAD: Overhead compensation for encapsulation
   - CAKE_MPU: Minimum packet unit
   - CAKE_MEMLIMIT: Memory limit for queues
   - CAKE_OPTIONS: Space-separated CAKE options

6. Documentation:
   - docs/CAKE_TRAFFIC_SHAPING.md: Comprehensive guide
   - examples/cake-config.env.example: Example configurations
   - README.md: Quick start guide and feature overview
   - Docs/CHANGELOG.md: Version history entry

Design Principles:
- Optional feature, disabled by default
- Zero impact on existing functionality when disabled
- Clean integration with existing network scripts
- Environment variable driven configuration
- Comprehensive documentation and examples

Testing Recommendations:
1. Verify CAKE availability: tc qdisc add dev lo root cake help
2. Check interface setup: tc qdisc show dev MEMBERS
3. Monitor statistics: tc -s qdisc show dev MEMBERS
4. Test latency under load: ping + large download

Addresses: NOXCIS#77
@amirhmoradi amirhmoradi mentioned this pull request Nov 11, 2025
Closed
@NOXCIS
Copy link
Owner

NOXCIS commented Nov 12, 2025

@amirhmoradi The traffic weir go module is meant to handle all traffic shaping.

@amirhmoradi
Copy link
Author

amirhmoradi commented Nov 15, 2025

@NOXCIS well noted, thanks. Closing this in favor of #103

@amirhmoradi amirhmoradi deleted the claude/issue-77-cake-traffic-shaping-bug-hunting-011CUojiMSEFd7Dk6nbaCrhn branch November 15, 2025 20:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amirhmoradi @NOXCIS @claude