diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf
index f5d84be4b..ad43390bb 100644
--- a/src/etc/sysctl.d/30-vyos-router.conf
+++ b/src/etc/sysctl.d/30-vyos-router.conf
@@ -1,112 +1,116 @@
 #
 # VyOS specific sysctl settings, see sysctl.conf (5) for information.
 #
 
 # Panic on OOPS
 kernel.panic_on_oops=1
 
 # Timeout before rebooting on panic
 kernel.panic=60
 
 # Send all core files to /var/core/core.program.pid.time
 kernel.core_pattern=/var/core/core-%e-%p-%t
 
 # ARP configuration
 #  arp_filter - allow multiple network interfaces on same subnet
 #  arp_announce - avoid local addresses no on target's subnet
 #  arp_ignore - reply only if target IP is local_address on the interface
 
 #  arp_filter defaults to 1 so set all to 0 so vrrp interfaces can override it.
 net.ipv4.conf.all.arp_filter=0
 
 # https://vyos.dev/T300
 net.ipv4.conf.all.arp_ignore=0
 
 net.ipv4.conf.all.arp_announce=2
 
 # Enable packet forwarding for IPv4
 net.ipv4.ip_forward=1
 
 # Enable directed broadcast forwarding feature described in rfc1812#section-5.3.5.2 and rfc2644.
 # Note that setting the 'all' entry to 1 doesn't enable directed broadcast forwarding on all interfaces.
 # To enable directed broadcast forwarding on an interface, both the 'all' entry and the input interface entry should be set to 1.
 net.ipv4.conf.all.bc_forwarding=1
 net.ipv4.conf.default.bc_forwarding=0
 
 # if a primary address is removed from an interface promote the
 # secondary address if available
 net.ipv4.conf.all.promote_secondaries=1
 
 # Ignore ICMP broadcasts sent to broadcast/multicast
 net.ipv4.icmp_echo_ignore_broadcasts=1
 
 # Ignore bogus ICMP errors
 net.ipv4.icmp_ignore_bogus_error_responses=1
 
 # Send ICMP responses with primary address of exiting interface
 net.ipv4.icmp_errors_use_inbound_ifaddr=1
 
 # Log packets with impossible addresses to kernel log
 net.ipv4.conf.all.log_martians=1
 
 # Do not ignore all ICMP ECHO requests by default
 net.ipv4.icmp_echo_ignore_all=0
 
 # Disable source validation by default
 net.ipv4.conf.all.rp_filter=0
 net.ipv4.conf.default.rp_filter=0
 
 # Enable tcp syn-cookies by default
 net.ipv4.tcp_syncookies=1
 
 # Disable accept_redirects by default for any interface
 net.ipv4.conf.all.accept_redirects=0
 net.ipv4.conf.default.accept_redirects=0
 net.ipv6.conf.all.accept_redirects=0
 net.ipv6.conf.default.accept_redirects=0
 
 # Disable accept_source_route by default
 net.ipv4.conf.all.accept_source_route=0
 net.ipv4.conf.default.accept_source_route=0
 net.ipv6.conf.all.accept_source_route=0
 net.ipv6.conf.default.accept_source_route=0
 
 # Enable send_redirects by default
 net.ipv4.conf.all.send_redirects=1
 net.ipv4.conf.default.send_redirects=1
 
 # Increase size of buffer for netlink
 net.core.rmem_max=2097152
 
 # Remove IPv4 and IPv6 routes from forward information base when link goes down
 net.ipv4.conf.all.ignore_routes_with_linkdown=1
 net.ipv4.conf.default.ignore_routes_with_linkdown=1
 net.ipv6.conf.all.ignore_routes_with_linkdown=1
 net.ipv6.conf.default.ignore_routes_with_linkdown=1
 
 # Enable packet forwarding for IPv6
 net.ipv6.conf.all.forwarding=1
 
 # Increase route table limit
 net.ipv6.route.max_size = 262144
 
 # Do not forget IPv6 addresses when a link goes down
 net.ipv6.conf.default.keep_addr_on_down=1
 net.ipv6.conf.all.keep_addr_on_down=1
 net.ipv6.route.skip_notify_on_dev_down=1
 
 # Default value of 20 seems to interfere with larger OSPF and VRRP setups
 net.ipv4.igmp_max_memberships = 512
 
 # Increase default garbage collection thresholds
 net.ipv4.neigh.default.gc_thresh1 = 1024
 net.ipv4.neigh.default.gc_thresh2 = 4096
 net.ipv4.neigh.default.gc_thresh3 = 8192
 #
 net.ipv6.neigh.default.gc_thresh1 = 1024
 net.ipv6.neigh.default.gc_thresh2 = 4096
 net.ipv6.neigh.default.gc_thresh3 = 8192
 
 # Enable global RFS (Receive Flow Steering) configuration. RFS is inactive
 # until explicitly configured at the interface level
 net.core.rps_sock_flow_entries = 32768
+
+# Congestion control
+net.core.default_qdisc=fq
+net.ipv4.tcp_congestion_control=bbr