Testing was done with 2 OPNsense Firewalls, 10G X520, direct attached. Behind both systems linux hosts running iperf:
Fujitsu
CPU: Intel(R) Xeon(R) CPU E3-1270 v5 @ 3.60GHz (3600.18-MHz K8-class CPU), 8 Cores
16GB RAM
X520 10G
No IPSEC, no FW:
9400 down / 9400 up
37% CPU, Load 3.7
No IPSEC, FireHOL3 FW:
9400 down / 9400 up
48% CPU, Load 3.7
IPSEC AES128-GCM, no FW:
2500 down / 2500 up
25% CPU, Load 2.5
IPSEC AES128-GCM, FireHOL3 FW:
2500 down / 2500 up
32% CPU, Load 2.7
It’s important to use AES-GCM since it boosts the performance dramatically! Load can vary from time to time, but with 8 cores this is perfectly fine.