what is the port 1723 dstnat rule for. Surely you dont need to dstnat to your router. I have much more in my firewall and nat than you have on a HAP lite never see CPU going above 10% total with simple queues. never see any issues. I would look out for an error here or a loop or some sort of attack
If I was under attack wouldn’t firewall be higer during idle? I only get higher firewall cpu usage during speedtest, and same happens on 10+ other routers.
What speed you have? Also 250mbit? Because it’s not fair comparison if you have much lower.
And 1723 port I need for VPN. But again, I disabled all those ports during the tests I showed on screenshot, makes no difference..
About loop, I got 2 ports, port 1 connected to provider router dialing pppoe connection, port 2 masquerade and gives Internet output to rest of network, don’t see where I could have loop.
Same problem here. RB951G
Mangle rules + Queue (limiting at 30mbits) = 20mbits/sec on a 45mbit/sec link
No rules and no queues = 45 mbits/sec
In no case I see more than 40% CPU usage.
The worst… I work at a ISP where we have CCR1072 as core routers and 5 queue tree rules absolutely destroy our traffic (3.5gbps) .. same behaviour as my 951G but maximized…