Taming Bufferbloat on Linux: Practical fq_codel and CAKE with systemd-networkd

Bufferbloat—the hidden killer of responsive internet connections—happens when oversized buffers in routers, modems, or your Linux box itself fill up during heavy uploads or downloads. Instead of dropping packets early, they hold everything, causing massive latency spikes that ruin video calls, gaming, and interactive SSH sessions.

Modern Linux kernels ship with excellent tools to fight it. This post shows you how to enable and tune fq_codel (the sensible default on most distros) and the more advanced CAKE qdisc using declarative systemd-networkd configuration—no fragile tc scripts or post-up hooks required.

Why This Matters

Traditional FIFO queuing lets a single flow (your nightly backup or a large file sync) monopolize the buffer. fq_codel and CAKE implement fair queuing + controlled delay (CoDel) so every flow gets its fair share and latency stays low even under saturation.

• fq_codel: Simple, effective, zero-config on most systems.
• CAKE: Adds bandwidth shaping, better isolation modes (dual-dsthost, triple-isolate), DiffServ support, and host fairness—ideal when you want the bottleneck under your control.

Both have been upstream for years (CAKE since 4.19). If you're on Debian 12+, Ubuntu 22.04+, Fedora, or Arch, the kernel already supports them.

Check Your Current Setup

sysctl net.core.default_qdisc
tc qdisc show

Most systemd-based distributions already set net.core.default_qdisc = fq_codel via a sysctl drop-in. You should see fq_codel or cake on your interfaces.

If you see pfifo_fast or noqueue, it's time to fix it.

Declarative CAKE with systemd-networkd

This is the cleanest way on modern Linux. Create or edit a .network file:

# /etc/systemd/network/10-wan.network
[Match]
Name=enp3s0  # or eth0, your WAN interface

[Network]
DHCP=ipv4
# ... other config

[CAKE]
# Shape slightly below your provisioned upload speed (95% rule of thumb)
Bandwidth=950M
FlowIsolationMode=dual-dst-host
PriorityQueueingPreset=besteffort
# For very high speeds (>2 Gbps) you may also want:
# SplitGSO=false

Then reload:

sudo networkctl reload
# or
sudo systemctl restart systemd-networkd

Verify:

tc qdisc show dev enp3s0
# Should show: qdisc cake ... bandwidth 950Mbit ...

The [CAKE] section is parsed directly by systemd-networkd (supported since systemd 251+). It survives reboots and interface flaps without extra scripting.

Quick fq_codel Alternative

If you just want the lightweight default without bandwidth shaping:

sudo tc qdisc replace dev enp3s0 root fq_codel

Or make it persistent via sysctl:

# /etc/sysctl.d/99-qdisc.conf
net.core.default_qdisc = fq_codel

Most distros already do this for you.

Testing the Difference

Before/after testing is essential. Use any of these:

• https://www.waveform.com/tools/bufferbloat (browser-based)
• flent (the classic RRUL test)
• speedtest-cli + ping during the test

You should see download/upload latency stay within 10–30 ms of idle even when the link is fully saturated.

Extra Polish

Add TCP backpressure to help userspace applications react faster:

# /etc/sysctl.d/99-tcp.conf
net.ipv4.tcp_notsent_lowat = 131072

On high-speed links, consider enabling Byte Queue Limits (BQL) on the NIC if your driver supports it—ethtool -K $IFACE tx off is rarely needed with modern qdiscs.

Sources & Further Reading

• Bufferbloat project wiki
• GrapheneOS – Server Traffic Shaping (excellent CAKE + systemd-networkd reference)
• systemd.network(5) man page – [CAKE] section
• CAKE qdisc documentation

Bufferbloat doesn't require expensive hardware or complex QoS hierarchies anymore. With fq_codel as the baseline and CAKE when you need shaping + fairness, your Linux box can stay responsive even when you're pushing gigabits. Set it once, declaratively, and forget about it.