Cisco are probably right...for now at least.
Like any true commentard I haven't read the Cisco whitepaper, but having seen VMware's CTO present on NSX a couple of times recently, I do have reservations.
VMware would say that you simply move all your network workloads like firewalls onto NSX (so called NFV) and use cheaper 'white box' switches to tie it all together. Now some NSX supported virtualisation targets, Palo Alto Networks FWs for example, use expensive custom silicon like FPGAs (as well as x86 chips) in their appliances to deliver multi-gig FW/IPS throughput. The best that seems to be available in ESX/NSX for Palo Alto FWs is 1 gig FW with only 600Mbps of IPS, and that's using 4 cores.
In short, if Palo Alto, or for that matter, any vendor using non-x86 silicon, could do multi-gig or 10G firewalling, IPS etc on commodity x86, rather than presumably more expensive custom ASICs/FPGAs, then wouldn't they be doing it already*? How many x86 cores (and corresponding ESX and NSX licences) will need to be thrown at network services that non-x86 silicon can do better, and maybe more cheaply?
I don't care enough to do the maths...but there's presumably someone out there that has (thanks in advance!)
*Check Point are tied to x86 and that (plus a large dose of incumbent complacency) is why the FPGA-based PAN FWs have been kicking their arse over the last few years.