Nik,
On Aruba Mobility Access Switch (MAS):
* IPSec packet encryption/decryption is done in hardware.
* And further these IPSec/VPN packets are software processed for deep packet inspection & session handling.
* And to provide the control plane protection (to CPU), there is a rate limit of 40K PPS (packets per second). This will prevent any possibilty of CPU hogging by just one type of traffic (this way traffic is policed for control plane protection)
* Which means, coming to your question on throughput: Depending on the packet size(s), you can get varying throughput numbers:
With 64 byte packets : ~20 Mbps
With 1500 byte packets : ~480 Mbps
Rgds,
-Vinay