Often the problems occur when vendors seek to enable new features on their existing hardware platform. Riverbed had this very problem with encryption, for example, until it added hardware assistance a few years ago. BlueCoat continues to have the same problem in that enabling HTTPS dramatically drops performance. The number of new connections processed per second drops by about 60 percent when doing http vs. https.
Different traffic types will also impact your performance with WAN optimizers. BlueCoat, for example, can quintuple WAN performance, but then there are the details. Static Web pages will be accelerated significantly faster because of BlueCoat's caching. A long data stream, though, doesn't play with the BlueCoat byte cache, which needs interruptions in the connections to update the cache. I'm hearing that performance starts to degrade on long flows at around 200 Mbit/s.
LAN side throughput is another potential problem area. In some instances, LAN side throughput will vary within a vendor's own solution depending upon how it is configured. For example, Riverbed touts different LAN side throughput depending upon the deduplication mode for the appliances. What I've heard from the street is that the one designed for maximum replication throughput - SDR-M - delivers anywhere from 150 Mbps to 400 Mbps, well short of the 1 Gbits/s interface.
It's a point strongly contested by Riverbed. "The primary reason why we created the SDR-M feature was for customers that were looking for faster performance," responded Dan Sorenson, Riverbed's spokesperson in an e-mail. "Riverbed's 5050 tests show that the enablement of the SDR-M feature consistently INCREASES maximum LAN-side throughput, rather than decreasing it. The increase in speed results from the 5050 more quickly writing data directly to memory vs. the slower process of writing data to spinning disk." Sorenson also pointed to other modes, such as SDR-A and larger boxes, to address higher performance requirements.