RB750 routerboard with high CPU load

I have an old RB750 routerboard with high CPU load to a point it’s become unusable

My purpose is to use it for my personal network routing traffic to internet through fiber optic router using WAN on interface 1 and bridge the other 4 interfaces in one interface with DHCP, DNS & NTP

while getting stuck with high CPU load 100%, I try to upgrade to latest mikrotik routerOS no changese then update to the beta but still I’m stuck with this issue.

Any Idea or help is much appreciated (Below export configuration)

# 2025-09-26 22:52:40 by RouterOS 7.20rc4
# software id = Y38A-32A7
#
# model = RB750
# serial number = ************
/interface bridge
add admin-mac=00:0C:42:D4:54:10 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.200.2-192.168.200.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
# No IP address on interface
add address-pool=dhcp interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes ipsec-secret=r3813956 use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.200.1/24 comment=defconf interface=bridge network=\
    192.168.200.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
# Interface not active
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.200.250 client-id=1:0:8:22:f8:89:fb mac-address=\
    00:08:22:F8:89:FB server=defconf
add address=192.168.200.249 mac-address=CC:07:E4:12:60:68 server=defconf
/ip dhcp-server network
add address=192.168.200.0/24 comment=defconf dns-server=8.8.4.4,8.8.8.8 \
    gateway=192.168.200.1 netmask=24 ntp-server=192.168.200.1
/ip dns
set servers=8.8.4.4,8.8.8.8
/ip dns static
add address=192.168.200.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
    protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
    192.168.89.0/24
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set www disabled=yes
/ip upnp
set enabled=yes show-dummy-rule=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" \
    dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
#error exporting "/mpls/ldp/accept-filter" (timeout)
#error exporting "/mpls/ldp/advertise-filter" (timeout)
#error exporting "/mpls/ldp/interface" (timeout)
/ppp secret
add name=vpn password=********
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Riyadh
/system identity
set name=*******
/system ntp client
set enabled=yes
/system ntp server
set broadcast=yes broadcast-addresses=192.168.200.255 enabled=yes \
    use-local-clock=yes
/system ntp client servers
add address=0.pool.ntp.org
add address=1.pool.ntp.org
add address=2.pool.ntp.org
/system package update
set channel=testing
/system scheduler
add interval=1w name=Reboot_schedule policy=reboot start-date=2025-01-31 \
    start-time=04:30:00
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

********************************************************************************************************************************************************************************
/system resource print
                   uptime: 40m7s              
                  version: 7.20rc4 (testing)  
               build-time: 2025-09-23 11:38:53
              free-memory: 7.4MiB             
             total-memory: 32.0MiB            
                      cpu: MIPS 24Kc V7.4     
                cpu-count: 1                  
            cpu-frequency: 400MHz             
                 cpu-load: 100%               
           free-hdd-space: 48.6MiB            
          total-hdd-space: 64.0MiB            
  write-sect-since-reboot: 75                 
         write-sect-total: 4611573            
               bad-blocks: 0%                 
        architecture-name: mipsbe             
               board-name: RB750              
                 platform: MikroTik 

if your config exporting with these errors your entire device has some issue or you doing stuff on mpls that is killing the poor little RB750. OTherwise factory reset and reconfigure to confirm unit isnt dead

Ancient devices such as the RB750 will struggle running RouterOS v7 as they have insufficient RAM and slow CPUs. If you revert to RouterOS v6 with netinstall and reconfigure it should be useable, but still slow compared with newer devices.

Thx for all the support, I downgrade the router to RouterOS V6.49.18 using netinstall and preform factory reset. The export command now work quicker (45s) and don’t generate errors, Will test the device in my network to see if the CPU load issue occur again.

• Is it ok to continue using the device with interface braiding on port 2-5 or need switching it to /switch configuration to lower the CPU load?
• regarding LAN interface DNS, what is the beast approach, provide client with routerboard IP as DNS or force public one like google?

How fast is your internet service?

It is hard to find information about the RB750, because it is so old. I think it has 10/100 Mb (not Gb) ports.

What does the CLI command /interface ethernet switch print output for the switch chip? If it is the Atheros7240, that's a really old chip.

Unless 100Mb and relatively slow internet is acceptable, if you can afford a newer device, it will be a lot easer to config and be able to use latest ROS. Something like the Hex 2025 would be a better choice, unless you are really budget restrained and want to spend time learning to configure an obsolete device so it will work acceptably as a 100 Mb switch and low performance router.

It is a bit like running windows 10 on a 1 Ghz single core processor with 2GB of RAM. It may be possible to boot, but it won't give you a very pleasant user experience.

My internet connection is 100Mb for download and 20Mb for upload, Yes your correct on both 5 10/100Mb port and Atheros7240 for switch chip. I’m planning to upgrade in future to either hEX refresh or hAP ax² to add wireless connectivity and getting rid of one access point device at router spot.

Now my main focused is how to use switch chip to reduce the CPU load instead of using the default configuration with bridging for the other 4 port if possible, Any links helps in achieving that while the internet traffic will pass through port 1 which I think is not part of the switch chip

Check block diagram for RB750.

When not fully switched, it's 1/3/5 on one lane of 1Gb/s towards CPU, 2/4 on the other lane of 1Gb/s to CPU.
When fully switched, all 5 are on switch chip and then 1 lane of 1Gb/s to CPU.

Can you post a link to it?
It seems like the 750 is so old that is not listed (or I cannot find it) on Mikrotik site among discontinued devices.

Oops, indeed ... I was mistaking with 750Gr3.
Isn't that Hex Lite then ?

EDIT: found datasheet somewhere but no block diagram
https://manualzz.com/doc/2965143/mikrotik-rb750-router-datasheet

IIRC the factory default configuration will enable hardware offloading on the switch ports. This only applies to traffic between ports 2-5, for example betweeen PCs on your LAN connected to different ports on the RB750.

All LAN <-> internet traffic is handled by the CPU regardless. I suspect it will not be able to achieve 100Mbps throughput.

Requirements for "good performance" have changed since the introduction of the RB750 - Dec 2010 if https://wikidevi.wi-cat.ru/MikroTik_RouterBOARD_750_(RB750) is accurate.

I smiled at the description "Insanely fast" for a router with 10/100 Mbs ports and a single core 400MHz processor. It was probably an accurate description in 2010, but internet speeds in 2010 averaged under 10Mbps https://www.ooma.com/blog/average-us-internet-speeds-over-time/, and the Web was very different and web browsing didn't use much bandwidth (no video ads, in fact very few ads compared to now).

I would try the default config as suggested by @tdw . It is hard to find any info about the Routerboard 750, since most results will be for either the RB750Gr3 or possibly RB750r2 (Hex lite), and both of these have higher specs than the original Routerboard 750.

Can you repost the config after you did a fresh netinstall of V6.49.18?

The comments in the most upvoted answer to https://superuser.com/questions/793789/how-to-configure-mikrotik-router-routerboard-750-to-behave-like-a-switch suggest that you no longer need to use the switch master slave config.

It looks like starting from RoutreOS version 6.40 there is no longer distinction between switch and bridge options you described. You have an option to check "hardware offload" when you configure a bridge, but that's it.

– Andrew Savinykh

CommentedSep 14, 2018 at 10:26

The empirical test would be to connect two PCs to two of the switch ports (2-5) and then generate traffic between the PCs (e.g. with iperf3 on the two PCs with long test). Then see if the RB750's CPU spikes when the transfers are in progress. If you see a CPU spike, then you will need to try to figure out how to get the switch offloading to work. If the switch (bridge HW offload) is active, you shouldn't see a significant change in the CPU usage on the RB750 regardless of the "on LAN" traffic.

Seems this old RB750 routerboard become interest regarding it’s old H/W performance

I done simple test using iperf3 with two PCs connected the Mikrotik and preform two test, First from port 2 & 5 using the default config (Bridge on ports 2-5 and DHCP server)

Test1: port 2 & 5 CPU <=8%
C:\Users**********\Downloads\iperf3.19.1_64\iperf3.19.1_64>iperf3 -c 192.168.88.254
Connecting to host 192.168.88.254, port 5201
[ 5] local 192.168.88.253 port 59427 connected to 192.168.88.254 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 12.2 MBytes 103 Mbits/sec
[ 5] 1.00-2.01 sec 11.4 MBytes 94.6 Mbits/sec
[ 5] 2.01-3.00 sec 11.2 MBytes 95.2 Mbits/sec
[ 5] 3.00-4.01 sec 11.4 MBytes 94.7 Mbits/sec
[ 5] 4.01-5.02 sec 11.4 MBytes 94.7 Mbits/sec
[ 5] 5.02-6.01 sec 11.2 MBytes 95.2 Mbits/sec
[ 5] 6.01-7.02 sec 11.4 MBytes 94.7 Mbits/sec
[ 5] 7.02-8.00 sec 11.1 MBytes 94.3 Mbits/sec
[ 5] 8.00-9.01 sec 11.4 MBytes 94.8 Mbits/sec
[ 5] 9.01-10.01 sec 11.2 MBytes 94.8 Mbits/sec

---

[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 114 MBytes 95.6 Mbits/sec sender
[ 5] 0.00-10.09 sec 114 MBytes 94.8 Mbits/sec receiver

iperf Done.

Second test from port 1 & 5 (I deleted the client DHCP on port 1 then add it to the Bridge with the remaining ports)

Test2: port 1 & 2 CPU <=25%
C:\Users**********\Downloads\iperf3.19.1_64\iperf3.19.1_64>iperf3 -c 192.168.88.254
Connecting to host 192.168.88.254, port 5201
[ 5] local 192.168.88.253 port 52667 connected to 192.168.88.254 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.01 sec 13.2 MBytes 110 Mbits/sec
[ 5] 1.01-2.00 sec 11.2 MBytes 95.1 Mbits/sec
[ 5] 2.00-3.01 sec 11.4 MBytes 94.8 Mbits/sec
[ 5] 3.01-4.00 sec 11.1 MBytes 94.2 Mbits/sec
[ 5] 4.00-5.01 sec 11.4 MBytes 94.8 Mbits/sec
[ 5] 5.01-6.01 sec 11.4 MBytes 94.8 Mbits/sec
[ 5] 6.01-7.01 sec 11.2 MBytes 95.2 Mbits/sec
[ 5] 7.01-8.01 sec 11.4 MBytes 94.7 Mbits/sec
[ 5] 8.01-9.00 sec 11.2 MBytes 95.2 Mbits/sec
[ 5] 9.00-10.01 sec 11.4 MBytes 94.7 Mbits/sec

---

[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 115 MBytes 96.4 Mbits/sec sender
[ 5] 0.00-10.10 sec 114 MBytes 94.7 Mbits/sec receiver

iperf Done.

Conclusion:

• hardware offload is operational at bridging port 2-5 without the need for any additional configuration from V6.40
• Only performance different is the CPU load between ports with hardware offload (<=8%) and port 1 which is without (<=25%)
• RB750 router where able to deliver 100Mbps throughput specially when increase the number of connection at iperf3

Seems my issue where the corrupted update from older RouterOS version to V7, Next will move the bridge to port 1-4 and the WAN connection to port 5, Hope by this to reduce the CPU load with the WAN port and sacrifice the first port

you might see a bigger difference in CPU if you decreased the packet size in iperf3, because the CPU will have to handle a higher packet per second.

For example use udp with bandwidth of 100M and -l 36 (guess, I didn't try, 36+20 (ip header) + 8 (udp header) = 64.

iperf3 -c -u -b 100M --length 36

I ran the mean command you recommended and result came as below:

Test1: port 2 & 5 CPU <=8%
C:\Users**********\Downloads\iperf3.19.1_64\iperf3.19.1_64>iperf3 -c 192.168.88.253 -u -b 100M --length 36
Connecting to host 192.168.88.253, port 5201
[ 5] local 192.168.88.254 port 52361 connected to 192.168.88.253 port 5201
[ ID] Interval Transfer Bitrate Total Datagrams
[ 5] 0.00-1.01 sec 4.25 MBytes 35.4 Mbits/sec 123932
[ 5] 1.01-2.00 sec 4.14 MBytes 34.9 Mbits/sec 120609
[ 5] 2.00-3.00 sec 4.16 MBytes 34.9 Mbits/sec 121131
[ 5] 3.00-4.00 sec 4.15 MBytes 34.9 Mbits/sec 120985
[ 5] 4.00-5.00 sec 4.15 MBytes 34.9 Mbits/sec 120878
[ 5] 5.00-6.01 sec 4.20 MBytes 34.9 Mbits/sec 122212
[ 5] 6.01-7.00 sec 4.12 MBytes 34.9 Mbits/sec 119931
[ 5] 7.00-8.01 sec 4.20 MBytes 34.9 Mbits/sec 122296
[ 5] 8.01-9.01 sec 4.14 MBytes 34.9 Mbits/sec 120651
[ 5] 9.01-10.01 sec 4.15 MBytes 34.9 Mbits/sec 120805

---

[ ID] Interval Transfer Bitrate Jitter Lost/Total Datagrams
[ 5] 0.00-10.01 sec 41.7 MBytes 34.9 Mbits/sec 0.000 ms 0/1213430 (0%) sender
[ 5] 0.00-10.02 sec 41.5 MBytes 34.8 Mbits/sec 0.008 ms 3215/1212680 (0.27%) receiver

iperf Done.

Second test from port 1 & 5 (I deleted the client DHCP on port 1 then add it to the Bridge with the remaining ports)

Test2: port 1 & 2 CPU <=100%
C:\Users**********\Downloads\iperf3.19.1_64\iperf3.19.1_64>iperf3 -c 192.168.88.253 -u -b 100M --length 36
Connecting to host 192.168.88.253, port 5201
[ 5] local 192.168.88.254 port 58734 connected to 192.168.88.253 port 5201
[ ID] Interval Transfer Bitrate Total Datagrams
[ 5] 0.00-1.01 sec 4.25 MBytes 35.4 Mbits/sec 123713
[ 5] 1.01-2.01 sec 4.18 MBytes 34.9 Mbits/sec 121804
[ 5] 2.01-3.01 sec 4.14 MBytes 34.9 Mbits/sec 120568
[ 5] 3.01-4.00 sec 4.13 MBytes 34.9 Mbits/sec 120268
[ 5] 4.00-5.01 sec 4.18 MBytes 34.9 Mbits/sec 121712
[ 5] 5.01-6.01 sec 4.19 MBytes 34.9 Mbits/sec 121974
[ 5] 6.01-7.01 sec 4.15 MBytes 34.9 Mbits/sec 120842
[ 5] 7.01-8.01 sec 4.16 MBytes 34.9 Mbits/sec 121190
[ 5] 8.01-9.01 sec 4.14 MBytes 34.9 Mbits/sec 120569
[ 5] 9.01-10.00 sec 4.13 MBytes 34.9 Mbits/sec 120348

---

[ ID] Interval Transfer Bitrate Jitter Lost/Total Datagrams
[ 5] 0.00-10.00 sec 41.6 MBytes 34.9 Mbits/sec 0.000 ms 0/1212988 (0%) sender
[ 5] 0.00-10.02 sec 40.1 MBytes 33.6 Mbits/sec 0.006 ms 44313/1212988 (3.7%) receiver

iperf Done.

I ran the command couple of times with similar result

It seems clear that in the default config that the switch chip is handling the switching (HW offloading).

So if the RB750 isn't fast enough with that config for your purpose, then you will need to upgrade to a newer device.

With the small packet size (and therefore the higher packets per second) when using two ether switch-ports the CPU usage is essentially the same as it was with the larger packet sizes. So there isn't much more you can do to improve the speed using the RB750. If you are still hitting 100% CPU utilization then the CPU is being spent on other things than forwarding ethernet frames to another port, which appears (from your results) to being done by the switch chip.