Note
The goal of this project is to provide another alternative that "just works" for not-so-technical users. Thus, users only need to set these values correctly: uplinkInterface, downlinkInterface, maxDL, and maxUL.
- About
- What to expect
- Congestion Control Consideration
- How it works
- How to compile the code
- See dnscrypt-cake in action
- Credits
CAKE (Common Applications Kept Enhanced) is a comprehensive smart queue management that is available as a queue discipline (qdisc) for the Linux kernel. It is one of the best qdiscs designed to solve bufferbloat problems at the network edge.
According to the CAKE's ROUND TRIP TIME PARAMETERS man7 page, if there is a way to adjust the RTT dynamically in real-time, it should theoretically make CAKE able to give the best possible AQM results between latency and throughput.
dnscrypt-cake is an attempt to adjust CAKE's rtt parameter in real-time based on real latency per DNS request using a slightly modified version of dnscrypt-proxy 2. In addition to that, it will also adjust bandwidth intelligently while constantly monitoring your real RTT.
This is an adaptation of the cake-autorate project implemented in Go, but it's adjusting CAKE's rtt and bandwidth based on your every DNS request and what website you are visiting, not by only ping-ing to 1.1.1.1, 8.8.8.8 and/or any other DNS servers.
This implementation is suitable for servers and networks where most of the users are actively sending DNS requests.
There are several things you can expect from using this implementation:
- You only need to worry about setting up
uplinkInterface,downlinkInterface,maxDL, andmaxULcorrectly. - It will manage
bandwidthintelligently (do a speedtest using Speedtest CLI or similar tools to see it in action). - It will manage
rttranging from 10ms - 1000ms. - It will manage
split-gsoautomatically. - It is able to scale CAKE's
bandwidthfrom 1 Mbit/s to 1 Gbit/s (or even more) in seconds.
Note
Just set maxDL and maxUL based on whatever speed advertised by your ISP. No need to limit them to 90% or something like that. The code logic will try to handle that automatically.
You may want to consider what TCP CC algorithm to use that works best for your workloads.
Different CC handles congestion differently, and that will affect how fast dnscrypt-cake is able to restore the configured bandwidth when a latency increase is detected.
Below are the CC algorithms that we have tested and worked well with dnscrypt-cake in a server environment:
reno— The Reno TCP CCcubic— The CUBIC TCP CCscalable— The Scalable TCP CCdctcp— The DCTCP TCP CChtcp— The H-TCP TCP CChighspeed— The High Speed TCP CCyeah— The YeAH TCP CCbbr— The BBR TCP CC (v1 and v3)
Important
dctcpmust not be deployed over the public Internet without additional measures.- Using
bbrmight cause issues such as frequent captchas on some websites or any other issues. This article by APNIC can give you some references on when you may want to use it.
- When a latency increase is detected,
dnscrypt-cakewill try to check if the DNS latency is in the range of 10ms - 1000ms or not. If yes, then use that as CAKE'srtt, if not then usertt 10msif it's less than 10ms, andrtt 1000msif it's more than 1000ms. dnscrypt-cakewill then adjust CAKE'sbandwidthusing all data in thedataTotalslice/array.- The
cake()function will try to handlebandwidth,rtt, andsplit-gsoin milliseconds.
Note
The cake() function will configure CAKE and re-calculate rtt and bandwidth, then save the latest data into several slices/arrays. The arrays can hold up to 100000 data, and the cake() function will loop infinitely with a sleep of 100 microseconds for each loop. All data will be used to calculate the final values for configuring CAKE's rtt and bandwidth.
This is an attempt to intelligently configure CAKE's rtt and bandwidth based on all the data, so it doesn't need to aggressively probe DNS servers like what the original cake-autorate implementation does.
-
Download and install The Go Programming Language.
-
Copy the files from
./dnscrypt-cake/cake-supportto./dnscrypt-cake/dnscrypt/dnscrypt-proxy. -
Edit the
plugin_query_log.gofile and adjust these values:uplinkInterfaceanddownlinkInterfaceto your network interface names.maxDLandmaxULto your maximum network bandwidth (in kilobit/s format) advertised by your ISP.CertFilePathandKeyFilePathto where your SSL certificate is located.
-
Then, simply compile the code with the following commands:
$ cd ./dnscrypt-cake/dnscrypt/dnscrypt-proxy
$ go mod tidy
$ go buildImportant
- You have to run the binary with
sudosince it needs to change the linux qdisc, so it needs enough permissions to do that. - It's not recommended to change
cakeUplinkandcakeDownlinkparameters in theplugin_query_log.gofile as they are intended to only handlebandwidthandrtt. If you need to change CAKE's parameters, change them directly from the terminal. - Use
httpserverGin.ListenAndServe()instead ofhttpserverGin.ListenAndServeTLS(CertFilePath, KeyFilePath)in theplugin_query_log.gofile if you don't want to use SSL certificate (i.e. you're usinglocalhostinstead of0.0.0.0).
We are testing dnscrypt-cake in our server here:
https://net.0ms.dev:7777/netstat
See dnscrypt-cake metrics here:
https://net.0ms.dev:22222/cake
Although we are writing this guide to let people know about our implementation, it was made possible by using other things provided by the developers and/or companies mentioned in this guide.
All credits and copyrights go to the respective owners.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent