The key recycle time determines how often a new key is utilized for the encryption process. This is an administrator set configuration. Key recycle time can either be set to a timed interval or a specific packet frame size.
If a client requires an advanced level of security more unique keys will need to be utilized therefore as encryption is a CPU bound process this will require more compute resources. If there is not enough compute resources available to the gateway this can increase the latency of the actual throughput.