linux

What can be improved in routing?

There is a server based on 2 processor xenon E5-2690v4
On the server 4 uplinks: 10Gbit + 1Gbit + 1Gbit + 1Gbit
As a virtual host, vmware esxi 6.5 is used with forwarded Pass-throught network cards in Ubuntu 1404 which is a router and "firewall". I quote because virtual machines don't use iptables to screen traffic. Instead, fail2ban is configured in such a way that all virtual machines collect bad ip addresses in several tables, and then the router itself hooks from the tables and adds ipset to the lists for blocking at the PREROUTING level. That is, all bans are distributed directly on the router.
There is a possibility to issue a direct ip-address for each virtual machine. But this option was chosen based on:
1. I don’t want to show a lot of addresses from the block
2. According to the results of the initial setup a year ago, the total load on the processor is less than 10% -12% with this scheme in prime time
Everything works, but I want to slowly expand the whole thing. In primetime, the load is 6-8Gbps per output. Well, it looks like it's choking. The number of cores does not particularly affect the situation. Looking forward to any improvements. Maybe there is some edition of linux more sharpened for filtering / routing. Or, for example, you can somehow improve the circuit itself.
PS: it's not in the data center if anything ...