I’m pretty sure you’re fully capable of making informed decisions yourself about what to use and when.
WireGuard is just a tunnel protocol where encryption is handled entirely in software. It’s like using a switch as a router and if the CPU is strong enough, it works up to a point, but once you hit that ceiling, throughput caps out. Any additional load on the router will obviously suffer when this happens.
IPsec, on the other hand, is a complete ecosystem that supports capabilities like various authentication and encryption methods. It can leverage AES-NI for hardware encryption, which significantly reduces the load on the main CPU. IPsec’s modular design and widespread support for hardware acceleration are the key reasons why it continues to be the de facto-standard for enterprise-grade scenarios with high tunnel density and tight performance constraints.
You do the math.