It sounds to me like a software based machine can be plenty fast with good code under the hood.
In my experience a datacenter pumping out 1Gbps is usually doing 200-250kpps in that direction. Considering this a box capable of around 1Mpps is "plenty fast".
... until you get an inbound ddos over that shiny gige at 1.44 Mpps. in today's world, planning for normal circumstances is woefully insufficient, you have to spec based on worst case numbers because you're almost guaranteed they will hit your network upside the head in the future.
Not to belabor the perennial software vs hardware router discussion, these types of platforms can be useful in situations where you have powerful hardware routers upstream of them to protect them. For example if you have access customers terminating on a router like this... if you get a DDOS from them, you simply turn off the port and notify them. If its inbound, your border router takes care of you. just an idea. Deepak Jain AiNET