I would like to propose a change to Proton's VPN servers to use the CAKE SQM to improve the overall connection quality.

CAKE is currently the latest traffic control algorithm I've known that's better than HTB + FQ_CODEL and should be deployed in any network big enough (i.e., 500+ users, that makes traditional QoS and bandwidth management hard and could probably introduce human errors).

So using TCP BBR is just not enough because this works only for TCP connections, while there are just so many different connections in a network other than TCP. So CAKE will help regulate these connections and make sure every user gets what they "really need", not what "they want". Because some programs can make a lot of connections and impact other users who're just trying to use the VPN to do normal activity. "Normal users" will feel that the VPN network becomes not-so-responsive from these "power users" that are trying open so many connections at once and want to get everything for themselves.

One thing to note is probably that implementing this suggestion is free and easy per-server.
It doesn't need any changes to the firewall and doesn't require any downtime to the network/server.
Proton doesn't need to spend extra budget just to implement this suggestion immediately as CAKE doesn't require any extra software and is already built-in to the latest linux kernel.

Here are some examples for the commands:

--- vps (eth0 as an example, 10gbit server)

--- setting ingress shaping ---

$ sudo ip link add name ifb4eth0 type ifb
$ sudo tc qdisc add dev eth0 handle ffff: ingress
$ sudo ip link set ifb4eth0 up
$ sudo tc filter add dev eth0 parent ffff: matchall action mirred egress redirect dev ifb4eth0

--- upload ---

$ sudo tc qdisc replace dev eth0 root cake bandwidth 9500mbit diffserv4 rtt 100ms nat nowash split-gso overhead 44 mpu 96 noatm dual-srchost memlimit 32mb

--- download ---

$ sudo tc qdisc replace dev ifb4eth0 root cake bandwidth 9500mbit diffserv4 rtt 100ms nat nowash split-gso overhead 44 mpu 96 noatm dual-dsthost ingress memlimit 32mb

For reference, please read blog posts, the MikroTik/OpenWrt forums, and research papers related to CAKE and other SQM/AQM. Here are some of them:
1. [About CAKE] https://www.bufferbloat.net/projects/codel/wiki/Cake/
2. [CAKE Docs] https://man7.org/linux/man-pages/man8/tc-cake.8.html
3. [Research About CAKE] https://arxiv.org/pdf/1804.07617