Almost same situation here except my CPU does go all the way UP to 100%, It keeps that way and the router starts to loose connectivity; not responding to pings, webmin can't connect or if it gets connected it only last for a few seconds, and suddenly the system reboots by itself (probably due to watchdog), when it cames back it can be either way: CPU go all the way up and the cycle repeats again and again till I switch OFF L7 mangle rules, or when it cames back it stays OK for something between a few minutes to a few hours.... I believe is a matter of traffic passing thru.
(I'm sending supout.rif file today)
My router is not as big as Rafa's, it is a Dell Poweredge 350 server w/PIII 1 Ghz and 512K Ram, only 20-30 PPPoE sessions.
Using only L3 Mangle rules it works flawless.