The problem was always the same. Someone starts a 4K film, someone else's console decides now is the moment to pull a 90GB update, and the video call I'm on turns into a slideshow of my own apologising face. We have plenty of downstream bandwidth. That was never the issue. The issue was the upstream link, and the fact that the modem's buffer was happily swallowing a second of packets before getting round to mine.
That's bufferbloat, and once you've seen it on a latency graph you can't unsee it. Idle ping to a nearby host: 12ms. Ping during a single saturating upload: 300ms and climbing. The link wasn't full of useful work, it was full of queue.
The fix is not magic, it's cake. Modern Linux has had it for years and OpenWrt exposes it through the SQM package, which is what I'm running on the router. The trick that makes CAKE actually work is honesty about your link speed. You deliberately set the shaper a little below your real sync rate, maybe 90 to 95 percent, so the queue lives on your router where you control it, not in the ISP's kit where you don't.
config queue 'eth1'
option interface 'eth1'
option download '72000'
option upload '18000'
option qdisc 'cake'
option script 'piece_of_cake.qos'
option qdisc_advanced '1'
option ingress_ecn 'ECN'
option egress_ecn 'ECN'
option qdisc_really_really_advanced '1'
option iqdisc_opts 'nat dual-dsthost'
option eqdisc_opts 'nat dual-srchost'
The two bits that earn their keep there are nat and the dual-srchost/dual-dsthost host fairness. The nat option lets CAKE see past the router's NAT to the real internal addresses, so its fairness logic works per device rather than lumping the whole house into one flow. The host-fairness options then make sure one machine hammering twenty connections doesn't get twenty times the share of one machine with a single connection. That's the bit that stops the console update from steamrolling everything else.
I spent a while staring at tc -s qdisc output to convince myself it was doing anything, and the proof is mostly in the latency. Same saturating upload as before, ping under load now sits around 25ms instead of 300. Nobody in the house knows what CAKE is or that the router got reconfigured. They just know the call doesn't drop any more, which is exactly the kind of invisible win I'm happy to take.
I didn't bother with elaborate per-application priority rules or DSCP tagging. I tried that years ago on a different router and spent more time maintaining the classification than I ever saved. Flow fairness plus host fairness gets you most of the benefit for almost none of the fuss, and it doesn't quietly break the day Netflix changes a port. Set the shaper honestly, turn on CAKE, walk away.