I have problems with power of my RS1000s. On each RB 1000 i am routing, shaping and firewalling. I have around 350 customers on each RB1000. I am using mangle and Queue tree. There is around 1000 queues in queue tree , around 700-800 mangles and around 500 lines in firewall. Simple filter IP+MAC !
On PC there was around 45 Mbps with cpu load around 18 %
I am using only Queue Tree and in firewall I have only User rules IP with Mac adress action accept and the last rule is block everything from user subnet.
500 lines is a lot to process for each packet. If you can change your firewall rules to be aware of state and thus only go through that list on new connections you’ll have much better performance. You’ll have even better performance if you can find a way to authenticate your users that doesn’t require a 500 line firewall.
1000 rules in queue tree is also high. Look to see if there is any way to reduce the # of rules there by creatively combining rules. Depending on what you’re queuing, PCQ can sometimes be used to simplify your setup.
For anything more specific, we’d actually have to see the rules (or at least an example set to get an idea of what you’re doing).