Hi,

I've recently commissioned a CCR1072 and am looking for ways to avoid core/CPU bottlenecks. Currently, one CPU tends to max out, and when profiled, its a roughly 50/50 split for Network/Firewall.
I've stripped back my config to try to work out where the bottlenecking is occurring.

Current setup:
- RouterOS v6.45.9
- No NAT, no limits on filters/mangles, no bridges, No queuing (anymore. I've removed them while troubleshooting)
- Most traffic coming in VLAN'd on two 10GBe SFP+ ports. ether1 also being used, although this will be migrated over to use an SFP+ port as soon as able.
- ~100 mangle rules to match traffic and mark connections, and ~60 fw rules to allow traffic based on connection marks.
- CPU still clocked at 1000MHz
- No VPN terminations or any other interfaces more complex than a VLAN

Questions:

1) is using the ether1 port (being off the CPU) contributing much to CPU utilisation? (given its place on the CCR1072 block diagram, I'm assuming it does, I just can't prove/test it right now)

2) What options have I got to more distribute the processing load (eg by distributing traffic through more ports, stripping .1Q tags before the CCR, etc)

3) Connection Tracking seems resolve the issue for others, but I'm Connection Marking..

4) Is my "tag with mangle, allow with filter" approach reasonable here? I'm burying my "allow established..." filter rule down towards the bottom (and not using FastTrack), so I can keep track of how much of each traffic type is being allowed through (and because I'd like to re-implement queuing at some point) (Putting the "Allow Established" at the top definitely improves performance).

TIA!