I'm asking for some advice on the optimal configuration for a Mikrotik E62iUGS-2axD5axT.
I essentially wanted to use it for applications involving FTTH (1000/300) + FWA (45/20) backup, both WANs with Ethernet ports since FTTH has an ONT. It needs to perform classic home router operations, PPPoE client, DHCP server, and bridge for the LAN and Wi-Fi ports. I've tried various configurations with various WAN port setups, but basically I always get a significant slowdown when approaching 1Gbps due to the router's CPU being saturated. At this point, I suspect I'm misconfiguring my preferred interfaces, such as WAN, and using only the CPU, or something similar. I've never had this problem in the past because I used other models with much lower speeds, so even with less than fully optimized configurations, I was able to do what I needed. This time, however, that's not the case, and given the price-to-performance ratio of this home router seems excellent, I'd like to know if anyone uses it with FTTH and how before looking at other solutions.
I would say that you hove too "small" device for these speeds. Only 2 cores. Routing, filtering, WiFi ... it needs resources. Did you have 1GB line previously or slower one?
This is my minimal configuration that is necessary for me, as FTTH speed I have a 1000/300Mbps I arrive with speedtests before saturating the CPU at around 500Mbps...
The official tests (512 byte packet, 25 firewall filter rules) for routing, which is the commonly used reference for "real world" speed, say 498.1 Mbps.
Your configuration has NO firewall (which is - generally speaking - NOT a very good idea for security[1]) but that include rules that allow using - when/where possible - fasttrack which might speed up the connection noticeably.
In any case the hAP ax S is underdimensioned for routing a 1 Gb line.
A (say) Ax2 has 912.9 Mbps, the Ax3 has 1145.2 Mbps in the corresponding test results and are more adequate.
Doing PPPoE does not improve things for MikroTik routers, which do all PPPoE in the CPU.
But having no firewall is not good. Even when you do not need forward firewall, you still should have an input firewall that accepts established, related and then blocks everything from internet (the PPPoE interface)!
Having more complicated setup and only 500Mb down I ended with 5009 (replaced 4011 as there was a good deal) as main router and RB450Gx4 (too good to rust in a drawer) just for PPPoE session to ISP + providing WAN small IP pool to other devices.
As @itimo01 wrote above, having no firewall filter rules means you have no Fasttrack rule, which in turn means that you won't get the 1Gbps routing performance.
Your router has enough processing power for PPPoE and routing at 1Gbps if you can use Fasttrack. The fix is to apply the firewall rules for MikroTik the default configuration (defconf) that actually came with your router. You can find the rules here (for 7.22.1):
Don't forget to first create the two interface lists WAN and LAN and put your LAN bridge in the LAN list, while eth1_WAN-FTTHPPPoE_WAN-FTTH goes into the WAN list.
I tested what you suggested and managed to achieve slightly higher performance, but never quite as complete as you've motivated me to achieve with FTTH.
I'll try purchasing another Mikrotik ARM64 model to give myself more CPU room.
Do you have a firewall now with connection tracking and fasttrack? because that should achieve much more than “slightly higher performance”, it should at least double your performance if not more.