we seem to get hit by DDoS attacks to a large number of IPs at the same time.
Some are assigned IPs and many are not.
In any case, we want the ability to black hole several hundred IPs at once.
Our upstream allows upto 200 at the moment.
However, with 100 or so /32 prefixes on the Mikrotik (CCR1072 running 6.42.6), the MT gets really bogged down and starts doing things like not accepting API connections and the Terminal windows is running is super slow mode. So clearly its overloading the CCR.

Anyone have any idea why this drags the MT to its knees?

was able to determine its not the number of /32 prefixes, it was the script that looks at my address list and puts those addresses on the prefix list

viewtopic.php?f=9&t=115521&p=680382#p680382
I was running the script every 10sec but it takes over 2min for the script to run (perhaps another problem).
When I run the script once every 5 min everything works fine.