Reading the various related threads it looks like that inherent penalties take users (repeatedly) by surprise, kind of unawareness to the correlation of the CPU (capabilities) vs. high bandwidth throughput (reaching/exceeding 1 GbE connectivity) vs. DPI (vs. any additional apps/services that require CPU cycles).
It is also not clear to which extent Suricata on its own is contributing to the performance degradation (probably the lion share) vs. what PAKON might contribute on its own.
Another unknown is the performance (potential improvements) of Suricata v5.0.x vs. the legacy v4.0.x that is provided by TOS.