hi, bro, thanks.

already get hAP AC from lelong.
it's great router, still have a lot of thing to figure out and play around.

CPU bottleneck,change to Hap ax2 or ax3 should be able to hit more than 600M.

Yes, this is Mikrotik and TM problem with IPv6, therefore disabling IPv6 is a perfectly valid option. You don't lose anything by doing that, and there is no need to chuck out a perfectly working Mikrotik RB750Gr3. And if Quanta is still hell-bent on having good IPv6 functionality with the RB750Gr3, nuking routerOS and installing OpenWRT is another viable option.

It is an option if the user decide that's the way forward, given the full context and list the actual problem.

I already gave him the option to disable IPv6 Firewall and never buy another Mikrotik again if his use case don't need it.

However I have a problem with people wording it as IPv6 is not mature, blah blah and disable until 2025.

It's time to move away from dual-stack network. It's double the work, double the trouble and it didn't solve IPv4 exhaustion problem.

People who insist to stay on IPv4 is clearly incompetent and lazy. Everyone who run dual-stack are appeasing to them.

RB5009 should be enough. (But with 1.X-2X price compare to AX2 or AX3)

If not urgent use,just wait for another 1-2 years for next gen of RB5009 which should be having more 2.5G port. (My guess only)
And disable ipv6 until 2025,now ipv6 still not suitable for wide usage.

If you enable Fast Forward, you need to reboot for it to take effect.

Can you double check if "Fast Forward" is enabled inside your bridge setting?

Just to confirm IPv6 > Firewall - NAT, Mangle, Raw and Address List are all disabled too right?

If you enable Fast Forward, you need to reboot for it to take effect.

HAP AX3

Did you enable or use anything in Queue?
If not, can you post your Tools > Profile when your CPU usage is 100%?

On your Address List, they are all non-routable because outside of 2000::/3.
Just drop them with route table, it's the highest performance method of doing it.
Except the documentation prefix which is a bogon anyway, you can just blackhole it with one extra route table entry.

Just curious what's the reason you added untracked to an accept rule?
Cannot see your full ruleset but seems like they are repeated twice?

Do you get higher speed if you disable all your Queue?

They have an official guide. Seems straightforward
https://help.mikrotik.com/docs/display/RKB/...rading+RouterOS

Did you still get low speed after disabling all the Simple Queue and Queue Tree?

So sorry to hear that.
Follow the netinstall process to unbrick it.

delete any connection setting on ether1 (vlan etc) and put ether1 on same bridge port as other LANs port