Hello,

My ISP provides a 700Mib connection via SFP tested with a directly conected PC.
I have bought a RB2011UiAS-2HnD-IN thinking that a 600Mhz CPU will handle this traffic, i'm in tests at the moment and for now i just want to obtain the best results for the following scenario, after that i will enable wireless, pptp, bridges, firewall filter rules etc witch i am aware will decrease my speeds.

The fiber is connected to sfp1 via sfp model GLC-BX-D, and a 192.168.1.0/24 network is connected to ether1, here's the config:

ip address add address=x.x.x.x/xx interface=sfp1 disabled=no network=x.x.x.0 comment="public ip provided by ISP"
ip address add address=192.168.1.1/24 interface=ether1 disabled=no network=192.168.1.0 comment="LAN port"
ip route add dst-address=0.0.0.0/0 gateway=x.x.x.1 distance=1 scope=30 target-scope=10 pref-src=x.x.x.x disabled=no comment="Default route"
ip firewall nat add chain=srcnat out-interface=sfp1 src-address=192.168.1.0/24 action=masquerade disabled=no comment="default NAT rule"

With this config i get on a PC connected to ether1 via gigabit NIC up to 320Mib and the CPU stays at 100% while the speedtests are taking place, in "tool profile" the firewall takes about 90% of CPU witch seems normal since NAT is a part of the firewall.

Questions:
Am I doing something wrong? any other config suggestions?

Will replacing the current NAT rule with the one bellow help?
ip firewall nat add chain=srcnat src-address=192.168.1.0/24 out-interface=sfp1 action=src-nat to-addresses=x.x.x.x disabled=no comment="Alternative NAT rule"

Thank you in advance.

I think you are just hitting the limit of what the 2011 can do given your test packet size and with the connection tracker running.