rgonyer - Thanks for posting your question on the forum!
IP FFE (fast forwarding engine) aka RapidRoute allows those AOS devices with routing capabilities to optimize the packet routing process that goes through repetitive sets of rules and procedures before being routed to their destination.
IP route-cache express is a feature that enables Layer 3 switching in those AOS devices that support the feature. This allows the route lookup for packets to occur within the switch fabric of the AOS device without having to use the software processor.
When to enable IP Route-Cache Express:
Essentially, if you have "ip route-cache express" enabled, to utilize layer 3 switching, then you do not want to have "ip ffe" enabled. FFE allows for the software on the AOS device to process a packet stream in a more efficient manner, while "ip route-cache express" is meant to keep packets from even having to use the software processor. However, it is important to keep in mind, there are certain features available on AOS which will automatically send packets to the CPU even if route-cache express is enabled. If an interface is expected to utilize any of the below features, then route-cache express should be disabled:
- AOS firewall
- Policy-based routing
- Other routing features
More information can be found at this link: Configuring Layer 3 Switching in AOS
When to enable IP FFE:
At the time of this post, IP FFE will only benefit performance if certain AOS features are in use on the device. Specifically, if the features listed below are in use, you will want to enable FFE:
- AOS firewall
- IP crypto (should use "ip crypto ffe")
- IP route-cache express is disabled
More information can be found in this document: RapidRoute/ FFE in AOS
In the example you gave, since you will have the firewall enabled due to the fact that the AOS device will be performing NAT, I would suggest that "ip route-cache express" be disabled and "ip ffe" be enabled.
I hope this clears things up but please do not hesitate to let us know if you have any further questions.
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.