Speed falls over proxy

Hello

RB2011UAS-RM, RouterOS 6.27 (also tested with 6.24 and 6.13 with same results)

I use proxy for manage access from network to external resources and found this issue.
Speed and ping fall through proxy about five times.
I can understand if ping growth cause it needs time to store and open connection on proxy but why speed fall so dramatically?
Here is speedtest results when using proxy:
http://www.speedtest.net/my-result/4279254355
and only NAT
http://www.speedtest.net/my-result/4279257081

My proxy config is:

/ip proxy
set cache-administrator=proxyadmin@domain.ru cache-path=webproxy enabled=\
    yes max-cache-size=10240KiB max-client-connections=1500 max-fresh-time=1d \
    max-server-connections=1500 parent-proxy=0.0.0.0 port=3128
/ip proxy access
add src-address=192.168.1.238
add dst-host=*odnoklassniki.ru src-address=192.168.1.58
add dst-host=*vkontakte.ru src-address=192.168.1.58
add dst-host=*my.mail.ru src-address=192.168.1.58
add dst-host=*ozon.ru src-address=192.168.1.58
add dst-host=*bonprix.ru src-address=192.168.1.58
add dst-host=*vk.com src-address=192.168.1.58
add dst-host="\r\
    \n*kupivip.ru" src-address=192.168.1.58
add dst-host=*yves-rocher.ru src-address=192.168.1.58
add dst-host=*wildberries.ru src-address=192.168.1.58
add dst-host=*lamoda.ru src-address=192.168.1.58
add action=deny dst-host=*odnoklassniki.ru
add action=deny dst-host=*vkontakte.ru
add action=deny dst-host=*my.mail.ru
add action=deny dst-host=*ozon.ru
add action=deny dst-host=*bonprix.ru
add action=deny dst-host=*vk.com
add action=deny dst-host="\r\
    \n*kupivip.ru"
add action=deny dst-host=*yves-rocher.ru
add action=deny dst-host=*wildberries.ru
add action=deny dst-host=*lamoda.ru
add action=deny dst-host=*mamba.ru
add action=deny dst-host=*24open.ru
add action=deny dst-host=*intim-znakomstva.ru
add action=deny dst-host=*dating.ru
add action=deny dst-host=*znakomctba.ru
add action=deny dst-host=*liveinternet.ru
add action=deny dst-host=*maybe.ru
add action=deny dst-host=*javagala.ru
add action=deny dst-host=*znakomstva-sitelove.ru
add action=deny dst-host=*2-polovinka.ru
add action=deny dst-host=*loveplanet.ru
add action=deny dst-host=*youtube.ru
add action=deny dst-host=*mirtesen.ru
add action=deny dst-host=*vkrugudruzei.ru
add action=deny dst-host=*odnoklassniki.km.ru
add action=deny dst-host=*counter.yadro.ru
add action=deny dst-host=*googlesyndication.com
add action=deny dst-host=*radar.imgsmail.ru
add action=deny dst-host=*autocontext.begun.ru
add action=deny dst-host=*tns-counter.ru
add action=deny dst-host=*worka.ru
add action=deny dst-host=*googleadservices.com
add action=deny dst-host=*laredoute.ru
add action=deny dst-host=*otto.ru
add action=deny dst-host=*wenz.ru
add action=deny dst-host=*ads.ookla.com
add action=deny dst-host=*doubleclick.net
add action=deny dst-host=*radio.zaycev.fm
add dst-port=21,443,210,5222,5190,2082,3333,8443,9443,15443 method=CONNECT \
    src-address=192.168.1.0/24
add dst-port=36622,28058,4051,4451,10048,1935 method=CONNECT src-address=\
    192.168.1.0/24
add dst-port=80,21,443,70,210,280,488,591,777,1025-65535 method=!CONNECT \
    src-address=192.168.1.0/24
add action=deny

Ping doesn’t go through a proxy.

Perhaps your CPU is getting maxed out - check that during the slowdown.

Sorry, I was slightly incorrect.
I mean “ping” shown by speedtest.net tests. It isn’t traditional ICMP ping and it goes through proxy (tested with disabled access through NAT).

Did you check the 2011’s cpu during the testing with and without proxy?

If you’re cacheing to disk - perhaps the reads/writes to flash are slowing down the process…

I’m not an expert with the proxy, so I’m just thinking in general terms about what could possibly cause slowdown.

Yes, I’ve checked.
Proxy consumes about 40% CPU when all users active and less than 5% when I tested with only one user.
Cache to disk is disabled.

If this means the proxy process alone consumes 40% cpu - then that would be your answer. If proxy is consuming 40%, you can be sure firewall / networking is consuming a good bit more, so the cpu is probably near 100% in total…

No, they aren’t. Idle proccess shows 50-60% CPU load.
And when I tested with only one user (everything else blocked by firewall and proxy rules) it was about 95% idle and same results with internet speed.

If it’s not cpu then I’m going to have to defer to someone who has better experience with proxy.
Sorry I couldn’t be of more assistance.

Many thanks for your attention.