Time Warner recently upgraded my service from 30/5 to 200/20. I'm able to reach about 135/20 when going through my RB2011UiAS-RM, but speeds are consistently 220/25 when my PC is connected directly to my modem. I'm using speediest.net for these tests.

The RB2011 has a pretty basic config - NAT with about 15 firewall rules. L3 routing and DHCP happens on the L3 Cisco switch, and the RB2011 just has a default route out to Time Warner. The cable modem is connected to ether1, and my L3 switch is on ether2.

I tried connecting a PC directly to ether5 on the RB2011 - static IP on both the router and PC. Cable modem stays connected to ether1. Speeds are still around 135/20 in this config. This effectively eliminates the L3 switch as the cause of the issue.

CPU on the RB2011 doesn't appear to be maxing out during these speed tests. Seeing about 60% CPU utilization.

I did an iperf3 test in the following scenario:

iperf3 server <---> ether5 - RB2011 - ether2 <---> Gig0/1 - L3 switch - Gig 0/15 <--->iperf3 client

Was able to get about 250-300Mb/s with the FW rules enabled, and 500-600 with no FW rules. The only difference between this test and the scenario where traffic is going out to the WAN is that there was no NAT.

I feel like there must be something I'm missing. It doesn't seem like this is a HW limitation on the RB2011 since I'm only seeing 60% CPU utilization during these tests. Any ideas on why I can't reach the full 200Mb/s+ while connected through the router?

Are the interfaces configured as bridge or in switch modus.
If you used the interfaces as bridge interface this is cpu intensif.
Look at "tool" "profile" which service has the most CPU usage

I suspect PPPoE again. 200/20 is reachable without it.

Interfaces are in switched mode. No PPPoE in use. I was able to configure Fast Track and improved the speeds a bit, but still doesn't appear to be taking full advantage of the bandwidth available.

Fast Track decreased CPU utilization during the speed tests from the 60-70% I was seeing before, to 20-30%. Problem is I'm still not really seeing more than 170Mbps down.

Expecting you are not doing pppoe in the router and any queues. Then you should try fasttrack that would probably help you very significantly.

I guess you already checked if Queue Type on interfaces ether2 and ether5 are set to ethernet-default.