Duplicate of
viewtopic.php?f=13&t=147535 ? I already gave you answer there and surprise-surprise - its almost same as what @enggheisar said here.
Anyway, as long as you apply "content" or "layer7" matchers on EVERY PACKET (your prerouting mangle rules are matching "content" and are applied to every packet), it will cause enormous CPU load on any router.
Sure, CCR1009 will perform much better because instead of 1*600MHz CPU, it has 9*1000MHz or 9*1200MHz (depending on model) To simplify it, CCR will have 15 to 18 times more raw processing power than your RB2011.
Trying to extrapolate results to your situation: if you are currently getting 20Mbit maximum with 100% CPU load, you should be able to get up to 300-360Mbit with 100% CPU load.
This, however, does not change a fact that you are really wasting resources and probably not even achieving what you intended. (because your rules are sniffing single packets instead of marking connections and then sniffing whole connection)
With correct configuration, I am certain you should be able to get your full speed from provider (100Mbit) without any issue.