Hi,
I am recently helping a small wireless ISP optimize the configuration of their edge router.
The ISP is using a RB1200 with RouterOS v6.20. They have a little more than 200 customers, the traffic reaching 50 Mb/s at peak.
Mangle and Queue tree is used to limit customer traffic.
CPU usage reaches 60-70% at peak.
The network topology is really very simple. A schematic is attached below.
There is one WAN interface (actually a physical interface as a bridge port and the bridge acts as WAN), and there is also only one LAN interface.
The LAN interface is addressed in a /22 private subnet, but the customers have statically assigned addresses only from the first /24 part of that subnet.
The WAN interface is addressed in a /24 public address space. There are multiple public addresses on the WAN interface.
NAT is used to assign public addresses to private ones 1:1.
It used to be done with a pair of srcnat and dstnat rules for every customer, resulting in over 400 NAT rules.
I have replaced these 400+ rules with two rules - netmap on srcnat chain and netmap on dstnat chain (/24 public subnet mapped 1:1 to the first /24 of the /22 private subnet). Works correctly.
But that didn’t lower the CPU usage even a little. Why? /tool profile still shows that firewall is using about 20-25% of the CPU’s time, just as it was before the changes in NAT rules.
What should I look into? Mangle rules? Replace the bridge WAN interface with the physical one? Replace the RB1200 with RB1100? 
Regards,
Jacek
