Hi all,
I'm having some trouble with my RB750G (600 MHz CPU). We recently upgraded our connection, and now I'm experiencing 90-100%+ CPU loads when doing simple HTTP downloads. I make use of the firewall mangle table and queue trees extensively to provide a solid QoS based on ports and app priorities. Currently my setup runs like this:

Firewall mangle table:
16 rules that match specific types of connections and set a connection mark. Matching is mostly done on protocol and port.
14 rules that take a connection mark and set a packet mark.

Queue tree:
2 queue, one for sending, one for receiving, each with 10 child queues taking various packet marks and assigning limits and priorities.

Despite only having to hit a single mangle rule to set a packet mark, a HTTP download is still consuming the entire CPU at 80mbps. Are there any ways I could optimize this setup? I really don't want to have to go the x86 route and build my own box, but sadly it seems most of the desktop MT boards cap out at 600 MHz .

NAT translation is loading the CPU, this boards hardly reach 100Mbit. The chipset does not support hardware NAT acceleration.
Also firewall rules containing "content=" using a huge amount of CPU.

I thought all NAT is done in software using netfilter?